private InformationObject removeSignCommandsRecursively(InformationObject informationObject) throws NetInfCheckedException { List<Attribute> attributes = informationObject.getAttributes(); boolean writer = false; boolean signature = false; for (Attribute attribute : attributes) { if (attribute.getIdentification().equals(DefinedAttributeIdentification.WRITER.getURI())) { writer = true; } else if (attribute .getIdentification() .equals(DefinedAttributeIdentification.SIGNATURE.getURI())) { signature = true; } else { Attribute newSubattribute = removeSignCommandRecursiveley(attribute); // if a new Attribute was created the old one gets replaced. if (newSubattribute != attribute) { informationObject.removeAttribute(attribute); if (newSubattribute != null) { informationObject.addAttribute(newSubattribute); } } } } if (writer && !signature) { informationObject.removeAttribute(DefinedAttributeIdentification.WRITER.getURI()); } return informationObject; }
private InformationObject handleReaderListsRecursively( InformationObject informationObject, boolean encrypt) throws NetInfCheckedSecurityException { List<Attribute> attributes = informationObject.getAttributes(); boolean readerList = false; for (Attribute attribute : attributes) { if (attribute .getIdentification() .equals(DefinedAttributeIdentification.AUTHORIZED_READERS.getURI())) { readerList = true; } else { Attribute newSubattribute = handleReaderListsRecursively(attribute, encrypt); // if a new Attribute was created the old one gets replaced. if (newSubattribute != attribute) { informationObject.removeAttribute(attribute); if (newSubattribute != null) { informationObject.addAttribute(newSubattribute); } } } } // A ReaderList-Attribute without a corresponding signature attribute is an instruction to // encrypt if possible. This will // only be done if the user who pushes the InformationObject is trusted. if (encrypt && readerList) { return this.cryptography.encrypt(informationObject); } else { // If the user is not trusted the instruction to encrypt is removed. if (readerList) { informationObject.removeAttribute( DefinedAttributeIdentification.AUTHORIZED_READERS.getURI()); } return informationObject; } }
@Override public List<Attribute> getSubattributesForPurpose(String attributePurpose) { ArrayList<Attribute> result = new ArrayList<Attribute>(); for (Attribute attribute : subattributes) { if (attribute.getAttributePurpose().equals(attributePurpose)) { result.add(attribute); } } return result; }
@Override public List<Attribute> getSubattribute(String attributeIdentification) { ArrayList<Attribute> result = new ArrayList<Attribute>(); if (attributeIdentification != null) { for (Attribute attribute : subattributes) { if (attributeIdentification.equals(attribute.getIdentification())) { result.add(attribute); } } } return result; }
@Override public Attribute getSingleSubattribute(String attributeIdentification) { Attribute result = null; if (attributeIdentification != null) { for (Attribute attribute : subattributes) { if (attributeIdentification.equals(attribute.getIdentification())) { result = attribute; break; } } } return result; }
@Override public void removeSubattribute(String attributeIdentification) { Attribute toDelete = null; if (attributeIdentification != null) { for (Attribute attribute : subattributes) { if (attributeIdentification.equals(attribute.getIdentification())) { toDelete = attribute; break; } } } if (toDelete != null) { removeSubattribute(toDelete); } }
private Attribute removeSignCommandRecursiveley(Attribute attribute) throws NetInfCheckedException { List<Attribute> subattributes = attribute.getSubattributes(); boolean writer = false; boolean signature = false; for (Attribute subattribute : subattributes) { if (subattribute.getIdentification().equals(DefinedAttributeIdentification.WRITER.getURI())) { writer = true; } else if (subattribute .getIdentification() .equals(DefinedAttributeIdentification.SIGNATURE.getURI())) { signature = true; } else { Attribute newSubattribute = removeSignCommandRecursiveley(subattribute); // if a new Attribute was created the old one gets replaced. if (newSubattribute != subattribute) { attribute.removeSubattribute(subattribute); if (newSubattribute != null) { attribute.addSubattribute(newSubattribute); } } } } if (writer && !signature) { attribute.removeSubattribute(DefinedAttributeIdentification.WRITER.getURI()); } return attribute; }
@Override public InformationObject getInformationObject() { if (informationObject == null) { if (parentAttribute == null) { return null; } else { return parentAttribute.getInformationObject(); } } else { return informationObject; } }
private InformationObject handleSignCommandsRecursively( InformationObject informationObject, String userName, String privKey) throws NetInfCheckedException { List<Attribute> attributes = informationObject.getAttributes(); boolean writer = false; boolean signature = false; for (Attribute attribute : attributes) { if (attribute.getIdentification().equals(DefinedAttributeIdentification.WRITER.getURI())) { writer = true; } else if (attribute .getIdentification() .equals(DefinedAttributeIdentification.SIGNATURE.getURI())) { signature = true; } else { Attribute newSubattribute = handleSignCommandRecursiveley(attribute, userName, privKey); // if a new Attribute was created the old one gets replaced. if (newSubattribute != attribute) { informationObject.removeAttribute(attribute); if (newSubattribute != null) { informationObject.addAttribute(newSubattribute); } } } } // A Writer-Attribute without a corresponding signature attribute is an instruction to sign if // possible. if (writer && !signature) { switch (this.integrity.sign(informationObject)) { case SIGNING_FAILED: throw new NetInfCheckedSecurityException("Sign failed."); case SIGNING_SUCCEEDED: break; default: throw new NetInfCheckedSecurityException("Sign result unknown."); } } return informationObject; }
private Attribute decryptAttributesRecursively( Attribute attribute, boolean superAttributeWasEncrypted, String userName, String privateKey) { Attribute newAttribute = attribute; boolean wasEncrypted = false; if (attribute .getIdentification() .equalsIgnoreCase(DefinedAttributeIdentification.ENCRYPTED_CONTENT.getURI())) { try { newAttribute = this.cryptography.decrypt(attribute, userName, privateKey); wasEncrypted = true; } catch (NetInfCheckedSecurityException securityException) { LOG.warn("Unable to decrypt attribute: " + securityException.getMessage()); return attribute; } } else if (!superAttributeWasEncrypted && attribute .getIdentification() .equalsIgnoreCase(DefinedAttributeIdentification.ENCRYPTED_CONTENT.getURI())) { return null; } List<Attribute> subattributes = newAttribute.getSubattributes(); for (Attribute subattribute : subattributes) { Attribute newSubattribute = decryptAttributesRecursively(subattribute, wasEncrypted, userName, privateKey); // if a new Attribute was created the old one gets replaced. if (newSubattribute != subattribute) { newAttribute.removeSubattribute(subattribute); if (newSubattribute != null) { newAttribute.addSubattribute(newSubattribute); } } } return newAttribute; }
private Attribute verifyAttributesRecursively(Attribute attribute) throws NetInfCheckedException { // Result of Verification should not be present before Attribute has been verified. Delete such // information if (attribute.getSingleSubattribute( DefinedAttributeIdentification.SIGNATURE_VERIFICATION_FAILED.getURI()) != null) { attribute.removeSubattribute( DefinedAttributeIdentification.SIGNATURE_VERIFICATION_FAILED.getURI()); } if (attribute.getSingleSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI()) != null) { // A Signature-Attribute without a corresponding SignatureIdentification-Subattribute is // invalid. Remove // Signature. if (attribute .getSingleSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI()) .getSingleSubattribute( DefinedAttributeIdentification.SIGNATURE_IDENTIFICATION.getURI()) == null) { attribute.removeSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI()); // A Writer-Attribute without a corresponding signature attribute is an instruction to sign // if possible. An incoming // object should have no instructions since the sender is not trusted. The instruction is // deleted. if (attribute.getSingleSubattribute(DefinedAttributeIdentification.WRITER.getURI()) == null) { attribute.removeSubattribute(DefinedAttributeIdentification.WRITER.getURI()); } } IntegrityResult integrityResult = this.integrity.isSignatureValid(attribute); if (this.suppressCorruptedIOs) { switch (integrityResult) { case INTEGRITY_CHECK_FAIL: throw new NetInfCheckedSecurityException("Integrity check failed."); case INTEGRITY_NOT_TESTABLE: throw new NetInfCheckedSecurityException("Integrity not testable."); case INTEGRITY_CHECK_SUCCEEDED: break; default: throw new NetInfCheckedSecurityException("Integrity check result unknown."); } } else { // A Writer-Attribute without a corresponding signature attribute is an instruction to sign // if possible. An incoming // object should have no instructions since the sender is not trusted. The instruction is // deleted. if (attribute.getSingleSubattribute(DefinedAttributeIdentification.WRITER.getURI()) == null) { attribute.removeSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI()); } } // TODO wait for convenient methods to create IOs IdentityVerificationResult identityResult = this.identityVerification.isWriterVerified(attribute); if (this.suppressCorruptedIOs) { switch (identityResult) { case IDENTITY_NOT_VERIFIABLE: throw new NetInfCheckedSecurityException("Identity not verifiable."); case IDENTITY_VERIFICATION_FAILED: throw new NetInfCheckedSecurityException("Identity verification failed."); case IDENTITY_VERIFICATION_SUCCEEDED: break; default: throw new NetInfCheckedSecurityException("Identity verification result unknown."); } } } List<Attribute> subattributes = attribute.getSubattributes(); for (Attribute subattribute : subattributes) { Attribute newSubattribute = verifyAttributesRecursively(subattribute); // if a new Attribute was created the old one gets replaced. if (newSubattribute != subattribute) { attribute.removeSubattribute(subattribute); if (newSubattribute != null) { attribute.addSubattribute(newSubattribute); } } } return attribute; }