Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
The BSD License Copyright (c) 2010-2012 RIPE NCC All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - Neither the name of the RIPE NCC nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 package net.ripe.rpki.commons.provisioning.cms;
 
 
 import java.util.List;
 
 import static net.ripe.rpki.commons.validation.ValidationString.*;
 
 public class ProvisioningCmsObjectParser {
 
 
     private static final ASN1ObjectIdentifier PROVISIONING_OBJECT_OID_STRING = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.1.28");
     private static final int CMS_OBJECT_SIGNER_VERSION = 3;
     private static final int CMS_OBJECT_VERSION = 3;
 
     private byte[] encoded;
 
     private X509Certificate cmsCertificate;
 
 
     private X509CRL crl;
 
     private CMSSignedDataParser sp;
    private String location;
    public ProvisioningCmsObjectParser() {
        this(ValidationResult.withLocation("n/a"));
    }
    public ProvisioningCmsObjectParser(ValidationResult validationResult) {
        this. = validationResult;
    }
        return ;
    }
    public void parseCms(String locationbyte[] encoded) { //NOPMD - ArrayIsStoredDirectly
        this. = location;
        this. = encoded;
        .setLocation(new ValidationLocation(location));
        try {
             = new CMSSignedDataParser(encoded);
        } catch (CMSException e) {
            .rejectIfFalse(false);
            return;
        }
        verifyVersionNumber();
        verifyDigestAlgorithm(encoded);
        verifyContentType();
        parseContent();
        parseCertificates();
        parseCmsCrl();
        verifySignerInfos();
    }
        if (.hasFailures()) {
            throw new ProvisioningCmsObjectParserException("provisioning cms object validation failed: " + .getFailuresForCurrentLocation());
        }
    }

    
http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.1
    private void verifyVersionNumber() {
    }

    
http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.2
    private void verifyDigestAlgorithm(byte[] data) {
    }
        ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(data));
        ContentInfo info;
        try {
            info = ContentInfo.getInstance(in.readObject());
        } catch (IOException e) {
            throw new ProvisioningCmsObjectParserException("error while reading cms object content info"e);
        }
        SignedData signedData = SignedData.getInstance(info.getContent());
        ASN1Set digestAlgorithms = signedData.getDigestAlgorithms();
        ASN1Encodable object = digestAlgorithms.getObjectAt(0);
        return AlgorithmIdentifier.getInstance(object.toASN1Primitive());
    }

    
http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.3.1
    private void verifyContentType() {
    }

    
http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.3.2
    private void parseContent() {
        try {
            CMSTypedStream signedContent = .getSignedContent();
            InputStream signedContentStream = signedContent.getContentStream();
            String payloadXml = IOUtils.toString(signedContentStream"UTF-8");
             = PayloadParser.parse(payloadXml);
            .rejectIfFalse(true);
        } catch (IOException e) {
            .rejectIfFalse(false);
        }
    }

    
http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.4
    private void parseCertificates() {
        Collection<? extends Certificatecertificates = extractCertificates();
        if (!.rejectIfNull(certificates)) {
            return;
        }
        for (Certificate cert : certificates) {
            if (!.rejectIfFalse(cert instanceof X509Certificate)) {
                continue;
            }
            processX509Certificate((X509Certificatecert);
        }
    }
    private void processX509Certificate(X509Certificate certificate) {
        if (isEndEntityCertificate(certificate)) {
            if ( == null) {
                 = parseCmsCertificate(certificate);
                .rejectIfFalse(true);
                .rejectIfNull(X509CertificateUtil.getSubjectKeyIdentifier() != null);
            } else {
                .rejectIfFalse(false);
            }
        } else {
            .add(certificate);
        }
    }
    private X509Certificate parseCmsCertificate(X509Certificate certificate) {
        try {
            parser.parse(ValidationResult.withLocation(), certificate.getEncoded());
        } catch (CertificateEncodingException e) {
            throw new AbstractX509CertificateWrapperException(e);
        }
        return parser.getCertificate().getCertificate();
    }
    private boolean isEndEntityCertificate(X509Certificate certificate) {
        try {
            byte[] basicConstraintsExtension = certificate.getExtensionValue(..getId());
            if (basicConstraintsExtension == null) {
                
If the basic constraints extension is not present [...] then the certified public key MUST NOT be used to verify certificate signatures. http://tools.ietf.org/html/rfc5280#section-4.2.1.9
                return true;
            }
            BasicConstraints constraints = BasicConstraints.getInstance(X509ExtensionUtil.fromExtensionValue(basicConstraintsExtension));
            return !constraints.isCA();
        } catch (IOException e) {
            throw new ProvisioningCmsObjectParserException("error while reading cms object certificate"e);
        }
    }
    private Collection<? extends CertificateextractCertificates(CMSSignedDataParser sp) {
        try {
            return BouncyCastleUtil.extractCertificates(sp);
        } catch (CMSException e) {
            return null;
        } catch (StoreException e) {
            return null;
        } catch (CertificateException e) {
            return null;
        }
    }

    
http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.5
    private void parseCmsCrl() {
        List<? extends X509CRLcrls = extractCrl();
        if (!.rejectIfNull(crls)) {
            return;
        }
        if (!.rejectIfFalse(crls.size() == 1, )) {
            return;
        }
        CRL x509Crl = crls.get(0);
        if (.rejectIfFalse(x509Crl instanceof X509CRL)) {
             = (X509CRLx509Crl;
        }
    }
    private List<? extends X509CRLextractCrl(CMSSignedDataParser sp) {
        try {
            return BouncyCastleUtil.extractCrls(sp);
        } catch (CMSException e) {
            return null;
        } catch (StoreException e) {
            return null;
        } catch (CRLException e) {
            return null;
        }
    }

    
http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.6
    private void verifySignerInfos() {
        SignerInformationStore signerStore = getSignerStore();
        if (!.rejectIfNull(signerStore)) {
            return;
        }
        Collection<?> signers = signerStore.getSigners();
        .rejectIfFalse(signers.size() == 1, );
        SignerInformation signer = (SignerInformationsigners.iterator().next();
        verifySignerVersion(signer);
        verifySubjectKeyIdentifier(signer);
        verifyDigestAlgorithm(signer);
        verifySignedAttributes(signer);
        verifyEncryptionAlgorithm(signer);
        verifySignature(signer);
        verifyUnsignedAttributes(signer);
    }
        SignerInformationStore signerStore;
        try {
            signerStore = .getSignerInfos();
        } catch (CMSException e) {
            signerStore = null;
        }
        return signerStore;
    }

    
http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.6.1
    private void verifySignerVersion(SignerInformation signer) {
    }

    
http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.6.2
    private void verifySubjectKeyIdentifier(SignerInformation signer) {
        SignerId sid = signer.getSID();
        .rejectIfFalse(sid.getIssuer() == null && sid.getSerialNumber() == null);
    }

    
http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.6.3
    private void verifyDigestAlgorithm(SignerInformation signer) {
    }

    
http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.6.4
    private void verifySignedAttributes(SignerInformation signer) {
        AttributeTable attributeTable = signer.getSignedAttributes();
        if (!.rejectIfNull(attributeTable)) {
            return;
        }
        verifyContentType(attributeTable);
        verifyMessageDigest(attributeTable);
        verifySigningTime(attributeTable);
    }

    
http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.6.4.1
    private void verifyContentType(AttributeTable attributeTable) {
        Attribute contentType = attributeTable.get(.);
        if (!.rejectIfNull(contentType)) {
            return;
        }
        if (!.rejectIfFalse(contentType.getAttrValues().size() == 1, )) {
            return;
        }
    }

    
http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.6.4.2
    private void verifyMessageDigest(AttributeTable attributeTable) {
        Attribute messageDigest = attributeTable.get(.);
        if (!.rejectIfNull(messageDigest)) {
            return;
        }
        if (!.rejectIfFalse(messageDigest.getAttrValues().size() == 1, )) {
            return;
        }
    }

    
http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.6.4.3
    private void verifySigningTime(AttributeTable attributeTable) {
        Attribute signingTime = attributeTable.get(.);
        if (!.rejectIfNull(signingTime)) {
            return;
        }
        if (!.rejectIfFalse(signingTime.getAttrValues().size() == 1, )) {
            return;
        }
    }

    
http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.6.5 http://tools.ietf.org/html/draft-huston-sidr-rpki-algs-00#section-2
    private void verifyEncryptionAlgorithm(SignerInformation signer) {
    }

    
http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.6.6
    private void verifySignature(SignerInformation signer) {
        String errorMessage = null;
        try {
        } catch (CMSException e) {
            errorMessage = String.valueOf(e.getMessage());
        } catch (OperatorCreationException e) {
            errorMessage = String.valueOf(e.getMessage());
        }
        if (errorMessage != null) {
            .rejectIfFalse(falseerrorMessage);
        }
    }

    
http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.6.7
    private void verifyUnsignedAttributes(SignerInformation signer) {
    }
New to GrepCode? Check out our FAQ X