private InformationObject removeSignCommandsRecursively(InformationObject informationObject)
throws NetInfCheckedException {
List<Attribute> attributes = informationObject.getAttributes();
boolean writer = false;
boolean signature = false;
for (Attribute attribute : attributes) {
if (attribute.getIdentification().equals(DefinedAttributeIdentification.WRITER.getURI())) {
writer = true;
} else if (attribute
.getIdentification()
.equals(DefinedAttributeIdentification.SIGNATURE.getURI())) {
signature = true;
} else {
Attribute newSubattribute = removeSignCommandRecursiveley(attribute);
// if a new Attribute was created the old one gets replaced.
if (newSubattribute != attribute) {
informationObject.removeAttribute(attribute);
if (newSubattribute != null) {
informationObject.addAttribute(newSubattribute);
}
}
}
}
if (writer && !signature) {
informationObject.removeAttribute(DefinedAttributeIdentification.WRITER.getURI());
}
return informationObject;
}
private InformationObject handleReaderListsRecursively(
InformationObject informationObject, boolean encrypt) throws NetInfCheckedSecurityException {
List<Attribute> attributes = informationObject.getAttributes();
boolean readerList = false;
for (Attribute attribute : attributes) {
if (attribute
.getIdentification()
.equals(DefinedAttributeIdentification.AUTHORIZED_READERS.getURI())) {
readerList = true;
} else {
Attribute newSubattribute = handleReaderListsRecursively(attribute, encrypt);
// if a new Attribute was created the old one gets replaced.
if (newSubattribute != attribute) {
informationObject.removeAttribute(attribute);
if (newSubattribute != null) {
informationObject.addAttribute(newSubattribute);
}
}
}
}
// A ReaderList-Attribute without a corresponding signature attribute is an instruction to
// encrypt if possible. This will
// only be done if the user who pushes the InformationObject is trusted.
if (encrypt && readerList) {
return this.cryptography.encrypt(informationObject);
} else {
// If the user is not trusted the instruction to encrypt is removed.
if (readerList) {
informationObject.removeAttribute(
DefinedAttributeIdentification.AUTHORIZED_READERS.getURI());
}
return informationObject;
}
}
@Override
public List<Attribute> getSubattributesForPurpose(String attributePurpose) {
ArrayList<Attribute> result = new ArrayList<Attribute>();
for (Attribute attribute : subattributes) {
if (attribute.getAttributePurpose().equals(attributePurpose)) {
result.add(attribute);
}
}
return result;
}
@Override
public List<Attribute> getSubattribute(String attributeIdentification) {
ArrayList<Attribute> result = new ArrayList<Attribute>();
if (attributeIdentification != null) {
for (Attribute attribute : subattributes) {
if (attributeIdentification.equals(attribute.getIdentification())) {
result.add(attribute);
}
}
}
return result;
}
@Override
public Attribute getSingleSubattribute(String attributeIdentification) {
Attribute result = null;
if (attributeIdentification != null) {
for (Attribute attribute : subattributes) {
if (attributeIdentification.equals(attribute.getIdentification())) {
result = attribute;
break;
}
}
}
return result;
}
@Override
public void removeSubattribute(String attributeIdentification) {
Attribute toDelete = null;
if (attributeIdentification != null) {
for (Attribute attribute : subattributes) {
if (attributeIdentification.equals(attribute.getIdentification())) {
toDelete = attribute;
break;
}
}
}
if (toDelete != null) {
removeSubattribute(toDelete);
}
}
private Attribute removeSignCommandRecursiveley(Attribute attribute)
throws NetInfCheckedException {
List<Attribute> subattributes = attribute.getSubattributes();
boolean writer = false;
boolean signature = false;
for (Attribute subattribute : subattributes) {
if (subattribute.getIdentification().equals(DefinedAttributeIdentification.WRITER.getURI())) {
writer = true;
} else if (subattribute
.getIdentification()
.equals(DefinedAttributeIdentification.SIGNATURE.getURI())) {
signature = true;
} else {
Attribute newSubattribute = removeSignCommandRecursiveley(subattribute);
// if a new Attribute was created the old one gets replaced.
if (newSubattribute != subattribute) {
attribute.removeSubattribute(subattribute);
if (newSubattribute != null) {
attribute.addSubattribute(newSubattribute);
}
}
}
}
if (writer && !signature) {
attribute.removeSubattribute(DefinedAttributeIdentification.WRITER.getURI());
}
return attribute;
}
@Override
public InformationObject getInformationObject() {
if (informationObject == null) {
if (parentAttribute == null) {
return null;
} else {
return parentAttribute.getInformationObject();
}
} else {
return informationObject;
}
}
private InformationObject handleSignCommandsRecursively(
InformationObject informationObject, String userName, String privKey)
throws NetInfCheckedException {
List<Attribute> attributes = informationObject.getAttributes();
boolean writer = false;
boolean signature = false;
for (Attribute attribute : attributes) {
if (attribute.getIdentification().equals(DefinedAttributeIdentification.WRITER.getURI())) {
writer = true;
} else if (attribute
.getIdentification()
.equals(DefinedAttributeIdentification.SIGNATURE.getURI())) {
signature = true;
} else {
Attribute newSubattribute = handleSignCommandRecursiveley(attribute, userName, privKey);
// if a new Attribute was created the old one gets replaced.
if (newSubattribute != attribute) {
informationObject.removeAttribute(attribute);
if (newSubattribute != null) {
informationObject.addAttribute(newSubattribute);
}
}
}
}
// A Writer-Attribute without a corresponding signature attribute is an instruction to sign if
// possible.
if (writer && !signature) {
switch (this.integrity.sign(informationObject)) {
case SIGNING_FAILED:
throw new NetInfCheckedSecurityException("Sign failed.");
case SIGNING_SUCCEEDED:
break;
default:
throw new NetInfCheckedSecurityException("Sign result unknown.");
}
}
return informationObject;
}
private Attribute decryptAttributesRecursively(
Attribute attribute, boolean superAttributeWasEncrypted, String userName, String privateKey) {
Attribute newAttribute = attribute;
boolean wasEncrypted = false;
if (attribute
.getIdentification()
.equalsIgnoreCase(DefinedAttributeIdentification.ENCRYPTED_CONTENT.getURI())) {
try {
newAttribute = this.cryptography.decrypt(attribute, userName, privateKey);
wasEncrypted = true;
} catch (NetInfCheckedSecurityException securityException) {
LOG.warn("Unable to decrypt attribute: " + securityException.getMessage());
return attribute;
}
} else if (!superAttributeWasEncrypted
&& attribute
.getIdentification()
.equalsIgnoreCase(DefinedAttributeIdentification.ENCRYPTED_CONTENT.getURI())) {
return null;
}
List<Attribute> subattributes = newAttribute.getSubattributes();
for (Attribute subattribute : subattributes) {
Attribute newSubattribute =
decryptAttributesRecursively(subattribute, wasEncrypted, userName, privateKey);
// if a new Attribute was created the old one gets replaced.
if (newSubattribute != subattribute) {
newAttribute.removeSubattribute(subattribute);
if (newSubattribute != null) {
newAttribute.addSubattribute(newSubattribute);
}
}
}
return newAttribute;
}
private Attribute verifyAttributesRecursively(Attribute attribute) throws NetInfCheckedException {
// Result of Verification should not be present before Attribute has been verified. Delete such
// information
if (attribute.getSingleSubattribute(
DefinedAttributeIdentification.SIGNATURE_VERIFICATION_FAILED.getURI())
!= null) {
attribute.removeSubattribute(
DefinedAttributeIdentification.SIGNATURE_VERIFICATION_FAILED.getURI());
}
if (attribute.getSingleSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI())
!= null) {
// A Signature-Attribute without a corresponding SignatureIdentification-Subattribute is
// invalid. Remove
// Signature.
if (attribute
.getSingleSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI())
.getSingleSubattribute(
DefinedAttributeIdentification.SIGNATURE_IDENTIFICATION.getURI())
== null) {
attribute.removeSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI());
// A Writer-Attribute without a corresponding signature attribute is an instruction to sign
// if possible. An incoming
// object should have no instructions since the sender is not trusted. The instruction is
// deleted.
if (attribute.getSingleSubattribute(DefinedAttributeIdentification.WRITER.getURI())
== null) {
attribute.removeSubattribute(DefinedAttributeIdentification.WRITER.getURI());
}
}
IntegrityResult integrityResult = this.integrity.isSignatureValid(attribute);
if (this.suppressCorruptedIOs) {
switch (integrityResult) {
case INTEGRITY_CHECK_FAIL:
throw new NetInfCheckedSecurityException("Integrity check failed.");
case INTEGRITY_NOT_TESTABLE:
throw new NetInfCheckedSecurityException("Integrity not testable.");
case INTEGRITY_CHECK_SUCCEEDED:
break;
default:
throw new NetInfCheckedSecurityException("Integrity check result unknown.");
}
} else {
// A Writer-Attribute without a corresponding signature attribute is an instruction to sign
// if possible. An incoming
// object should have no instructions since the sender is not trusted. The instruction is
// deleted.
if (attribute.getSingleSubattribute(DefinedAttributeIdentification.WRITER.getURI())
== null) {
attribute.removeSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI());
}
}
// TODO wait for convenient methods to create IOs
IdentityVerificationResult identityResult =
this.identityVerification.isWriterVerified(attribute);
if (this.suppressCorruptedIOs) {
switch (identityResult) {
case IDENTITY_NOT_VERIFIABLE:
throw new NetInfCheckedSecurityException("Identity not verifiable.");
case IDENTITY_VERIFICATION_FAILED:
throw new NetInfCheckedSecurityException("Identity verification failed.");
case IDENTITY_VERIFICATION_SUCCEEDED:
break;
default:
throw new NetInfCheckedSecurityException("Identity verification result unknown.");
}
}
}
List<Attribute> subattributes = attribute.getSubattributes();
for (Attribute subattribute : subattributes) {
Attribute newSubattribute = verifyAttributesRecursively(subattribute);
// if a new Attribute was created the old one gets replaced.
if (newSubattribute != subattribute) {
attribute.removeSubattribute(subattribute);
if (newSubattribute != null) {
attribute.addSubattribute(newSubattribute);
}
}
}
return attribute;
}
