Exemple #1
0
 private InformationObject removeSignCommandsRecursively(InformationObject informationObject)
     throws NetInfCheckedException {
   List<Attribute> attributes = informationObject.getAttributes();
   boolean writer = false;
   boolean signature = false;
   for (Attribute attribute : attributes) {
     if (attribute.getIdentification().equals(DefinedAttributeIdentification.WRITER.getURI())) {
       writer = true;
     } else if (attribute
         .getIdentification()
         .equals(DefinedAttributeIdentification.SIGNATURE.getURI())) {
       signature = true;
     } else {
       Attribute newSubattribute = removeSignCommandRecursiveley(attribute);
       // if a new Attribute was created the old one gets replaced.
       if (newSubattribute != attribute) {
         informationObject.removeAttribute(attribute);
         if (newSubattribute != null) {
           informationObject.addAttribute(newSubattribute);
         }
       }
     }
   }
   if (writer && !signature) {
     informationObject.removeAttribute(DefinedAttributeIdentification.WRITER.getURI());
   }
   return informationObject;
 }
Exemple #2
0
 private InformationObject handleReaderListsRecursively(
     InformationObject informationObject, boolean encrypt) throws NetInfCheckedSecurityException {
   List<Attribute> attributes = informationObject.getAttributes();
   boolean readerList = false;
   for (Attribute attribute : attributes) {
     if (attribute
         .getIdentification()
         .equals(DefinedAttributeIdentification.AUTHORIZED_READERS.getURI())) {
       readerList = true;
     } else {
       Attribute newSubattribute = handleReaderListsRecursively(attribute, encrypt);
       // if a new Attribute was created the old one gets replaced.
       if (newSubattribute != attribute) {
         informationObject.removeAttribute(attribute);
         if (newSubattribute != null) {
           informationObject.addAttribute(newSubattribute);
         }
       }
     }
   }
   // A ReaderList-Attribute without a corresponding signature attribute is an instruction to
   // encrypt if possible. This will
   // only be done if the user who pushes the InformationObject is trusted.
   if (encrypt && readerList) {
     return this.cryptography.encrypt(informationObject);
   } else {
     // If the user is not trusted the instruction to encrypt is removed.
     if (readerList) {
       informationObject.removeAttribute(
           DefinedAttributeIdentification.AUTHORIZED_READERS.getURI());
     }
     return informationObject;
   }
 }
Exemple #3
0
  @Override
  public List<Attribute> getSubattributesForPurpose(String attributePurpose) {
    ArrayList<Attribute> result = new ArrayList<Attribute>();

    for (Attribute attribute : subattributes) {
      if (attribute.getAttributePurpose().equals(attributePurpose)) {
        result.add(attribute);
      }
    }

    return result;
  }
Exemple #4
0
  @Override
  public List<Attribute> getSubattribute(String attributeIdentification) {
    ArrayList<Attribute> result = new ArrayList<Attribute>();

    if (attributeIdentification != null) {

      for (Attribute attribute : subattributes) {
        if (attributeIdentification.equals(attribute.getIdentification())) {
          result.add(attribute);
        }
      }
    }

    return result;
  }
Exemple #5
0
  @Override
  public Attribute getSingleSubattribute(String attributeIdentification) {
    Attribute result = null;

    if (attributeIdentification != null) {
      for (Attribute attribute : subattributes) {
        if (attributeIdentification.equals(attribute.getIdentification())) {
          result = attribute;
          break;
        }
      }
    }

    return result;
  }
Exemple #6
0
  @Override
  public void removeSubattribute(String attributeIdentification) {
    Attribute toDelete = null;

    if (attributeIdentification != null) {
      for (Attribute attribute : subattributes) {
        if (attributeIdentification.equals(attribute.getIdentification())) {
          toDelete = attribute;
          break;
        }
      }
    }

    if (toDelete != null) {
      removeSubattribute(toDelete);
    }
  }
Exemple #7
0
  private Attribute removeSignCommandRecursiveley(Attribute attribute)
      throws NetInfCheckedException {
    List<Attribute> subattributes = attribute.getSubattributes();
    boolean writer = false;
    boolean signature = false;
    for (Attribute subattribute : subattributes) {
      if (subattribute.getIdentification().equals(DefinedAttributeIdentification.WRITER.getURI())) {
        writer = true;
      } else if (subattribute
          .getIdentification()
          .equals(DefinedAttributeIdentification.SIGNATURE.getURI())) {
        signature = true;
      } else {
        Attribute newSubattribute = removeSignCommandRecursiveley(subattribute);
        // if a new Attribute was created the old one gets replaced.
        if (newSubattribute != subattribute) {
          attribute.removeSubattribute(subattribute);
          if (newSubattribute != null) {
            attribute.addSubattribute(newSubattribute);
          }
        }
      }
    }

    if (writer && !signature) {
      attribute.removeSubattribute(DefinedAttributeIdentification.WRITER.getURI());
    }
    return attribute;
  }
Exemple #8
0
  @Override
  public InformationObject getInformationObject() {
    if (informationObject == null) {
      if (parentAttribute == null) {
        return null;
      } else {
        return parentAttribute.getInformationObject();
      }

    } else {
      return informationObject;
    }
  }
Exemple #9
0
 private InformationObject handleSignCommandsRecursively(
     InformationObject informationObject, String userName, String privKey)
     throws NetInfCheckedException {
   List<Attribute> attributes = informationObject.getAttributes();
   boolean writer = false;
   boolean signature = false;
   for (Attribute attribute : attributes) {
     if (attribute.getIdentification().equals(DefinedAttributeIdentification.WRITER.getURI())) {
       writer = true;
     } else if (attribute
         .getIdentification()
         .equals(DefinedAttributeIdentification.SIGNATURE.getURI())) {
       signature = true;
     } else {
       Attribute newSubattribute = handleSignCommandRecursiveley(attribute, userName, privKey);
       // if a new Attribute was created the old one gets replaced.
       if (newSubattribute != attribute) {
         informationObject.removeAttribute(attribute);
         if (newSubattribute != null) {
           informationObject.addAttribute(newSubattribute);
         }
       }
     }
   }
   // A Writer-Attribute without a corresponding signature attribute is an instruction to sign if
   // possible.
   if (writer && !signature) {
     switch (this.integrity.sign(informationObject)) {
       case SIGNING_FAILED:
         throw new NetInfCheckedSecurityException("Sign failed.");
       case SIGNING_SUCCEEDED:
         break;
       default:
         throw new NetInfCheckedSecurityException("Sign result unknown.");
     }
   }
   return informationObject;
 }
Exemple #10
0
  private Attribute decryptAttributesRecursively(
      Attribute attribute, boolean superAttributeWasEncrypted, String userName, String privateKey) {
    Attribute newAttribute = attribute;
    boolean wasEncrypted = false;

    if (attribute
        .getIdentification()
        .equalsIgnoreCase(DefinedAttributeIdentification.ENCRYPTED_CONTENT.getURI())) {
      try {
        newAttribute = this.cryptography.decrypt(attribute, userName, privateKey);
        wasEncrypted = true;
      } catch (NetInfCheckedSecurityException securityException) {
        LOG.warn("Unable to decrypt attribute: " + securityException.getMessage());
        return attribute;
      }
    } else if (!superAttributeWasEncrypted
        && attribute
            .getIdentification()
            .equalsIgnoreCase(DefinedAttributeIdentification.ENCRYPTED_CONTENT.getURI())) {
      return null;
    }

    List<Attribute> subattributes = newAttribute.getSubattributes();
    for (Attribute subattribute : subattributes) {
      Attribute newSubattribute =
          decryptAttributesRecursively(subattribute, wasEncrypted, userName, privateKey);
      // if a new Attribute was created the old one gets replaced.
      if (newSubattribute != subattribute) {
        newAttribute.removeSubattribute(subattribute);
        if (newSubattribute != null) {
          newAttribute.addSubattribute(newSubattribute);
        }
      }
    }
    return newAttribute;
  }
Exemple #11
0
  private Attribute verifyAttributesRecursively(Attribute attribute) throws NetInfCheckedException {
    // Result of Verification should not be present before Attribute has been verified. Delete such
    // information
    if (attribute.getSingleSubattribute(
            DefinedAttributeIdentification.SIGNATURE_VERIFICATION_FAILED.getURI())
        != null) {
      attribute.removeSubattribute(
          DefinedAttributeIdentification.SIGNATURE_VERIFICATION_FAILED.getURI());
    }

    if (attribute.getSingleSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI())
        != null) {
      // A Signature-Attribute without a corresponding SignatureIdentification-Subattribute is
      // invalid. Remove
      // Signature.
      if (attribute
              .getSingleSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI())
              .getSingleSubattribute(
                  DefinedAttributeIdentification.SIGNATURE_IDENTIFICATION.getURI())
          == null) {
        attribute.removeSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI());

        // A Writer-Attribute without a corresponding signature attribute is an instruction to sign
        // if possible. An incoming
        // object should have no instructions since the sender is not trusted. The instruction is
        // deleted.
        if (attribute.getSingleSubattribute(DefinedAttributeIdentification.WRITER.getURI())
            == null) {
          attribute.removeSubattribute(DefinedAttributeIdentification.WRITER.getURI());
        }
      }
      IntegrityResult integrityResult = this.integrity.isSignatureValid(attribute);
      if (this.suppressCorruptedIOs) {
        switch (integrityResult) {
          case INTEGRITY_CHECK_FAIL:
            throw new NetInfCheckedSecurityException("Integrity check failed.");
          case INTEGRITY_NOT_TESTABLE:
            throw new NetInfCheckedSecurityException("Integrity not testable.");
          case INTEGRITY_CHECK_SUCCEEDED:
            break;
          default:
            throw new NetInfCheckedSecurityException("Integrity check result unknown.");
        }
      } else {
        // A Writer-Attribute without a corresponding signature attribute is an instruction to sign
        // if possible. An incoming
        // object should have no instructions since the sender is not trusted. The instruction is
        // deleted.
        if (attribute.getSingleSubattribute(DefinedAttributeIdentification.WRITER.getURI())
            == null) {
          attribute.removeSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI());
        }
      }

      // TODO wait for convenient methods to create IOs
      IdentityVerificationResult identityResult =
          this.identityVerification.isWriterVerified(attribute);
      if (this.suppressCorruptedIOs) {
        switch (identityResult) {
          case IDENTITY_NOT_VERIFIABLE:
            throw new NetInfCheckedSecurityException("Identity not verifiable.");
          case IDENTITY_VERIFICATION_FAILED:
            throw new NetInfCheckedSecurityException("Identity verification failed.");
          case IDENTITY_VERIFICATION_SUCCEEDED:
            break;
          default:
            throw new NetInfCheckedSecurityException("Identity verification result unknown.");
        }
      }
    }

    List<Attribute> subattributes = attribute.getSubattributes();
    for (Attribute subattribute : subattributes) {
      Attribute newSubattribute = verifyAttributesRecursively(subattribute);
      // if a new Attribute was created the old one gets replaced.
      if (newSubattribute != subattribute) {
        attribute.removeSubattribute(subattribute);
        if (newSubattribute != null) {
          attribute.addSubattribute(newSubattribute);
        }
      }
    }
    return attribute;
  }