Exemple #1
0
 private Attribute handleReaderListsRecursively(Attribute attribute, boolean encrypt)
     throws NetInfCheckedSecurityException {
   List<Attribute> subattributes = attribute.getSubattributes();
   boolean readerList = false;
   for (Attribute subattribute : subattributes) {
     if (subattribute
         .getIdentification()
         .equals(DefinedAttributeIdentification.AUTHORIZED_READERS.getURI())) {
       readerList = true;
     } else {
       Attribute newSubattribute = handleReaderListsRecursively(subattribute, encrypt);
       // if a new Attribute was created the old one gets replaced.
       if (newSubattribute != subattribute) {
         attribute.removeSubattribute(subattribute);
         if (newSubattribute != null) {
           attribute.addSubattribute(newSubattribute);
         }
       }
     }
   }
   // A ReaderList-Attribute without a corresponding signature attribute is an instruction to
   // encrypt if possible. This will
   // only be done if the user who pushes the InformationObject is trusted.
   if (encrypt && readerList) {
     return this.cryptography.encrypt(attribute);
   } else {
     // If the user is not trusted the instruction to encrypt is removed.
     if (readerList) {
       attribute.removeSubattribute(DefinedAttributeIdentification.AUTHORIZED_READERS.getURI());
     }
     return attribute;
   }
 }
Exemple #2
0
  private Attribute removeSignCommandRecursiveley(Attribute attribute)
      throws NetInfCheckedException {
    List<Attribute> subattributes = attribute.getSubattributes();
    boolean writer = false;
    boolean signature = false;
    for (Attribute subattribute : subattributes) {
      if (subattribute.getIdentification().equals(DefinedAttributeIdentification.WRITER.getURI())) {
        writer = true;
      } else if (subattribute
          .getIdentification()
          .equals(DefinedAttributeIdentification.SIGNATURE.getURI())) {
        signature = true;
      } else {
        Attribute newSubattribute = removeSignCommandRecursiveley(subattribute);
        // if a new Attribute was created the old one gets replaced.
        if (newSubattribute != subattribute) {
          attribute.removeSubattribute(subattribute);
          if (newSubattribute != null) {
            attribute.addSubattribute(newSubattribute);
          }
        }
      }
    }

    if (writer && !signature) {
      attribute.removeSubattribute(DefinedAttributeIdentification.WRITER.getURI());
    }
    return attribute;
  }
Exemple #3
0
  private Attribute handleSignCommandRecursiveley(
      Attribute attribute, String userName, String privateKey) throws NetInfCheckedException {
    List<Attribute> subattributes = attribute.getSubattributes();
    boolean writer = false;
    boolean signature = false;
    for (Attribute subattribute : subattributes) {
      if (subattribute.getIdentification().equals(DefinedAttributeIdentification.WRITER.getURI())) {
        writer = true;
      } else if (subattribute
          .getIdentification()
          .equals(DefinedAttributeIdentification.SIGNATURE.getURI())) {
        signature = true;
      } else {
        Attribute newSubattribute =
            handleSignCommandRecursiveley(subattribute, userName, privateKey);
        // if a new Attribute was created the old one gets replaced.
        if (newSubattribute != subattribute) {
          attribute.removeSubattribute(subattribute);
          if (newSubattribute != null) {
            attribute.addSubattribute(newSubattribute);
          }
        }
      }
    }
    // A Writer-Attribute without a corresponding signature attribute is an instruction to sign if
    // possible.
    if (writer && !signature) {
      switch (this.integrity.sign(attribute, userName, privateKey)) {
        case SIGNING_FAILED:
          throw new NetInfCheckedSecurityException("Sign failed.");
        case SIGNING_SUCCEEDED:
          break;
        default:
          throw new NetInfCheckedSecurityException("Sign result unknown.");
      }
    }

    return attribute;
  }
Exemple #4
0
  private Attribute decryptAttributesRecursively(
      Attribute attribute, boolean superAttributeWasEncrypted, String userName, String privateKey) {
    Attribute newAttribute = attribute;
    boolean wasEncrypted = false;

    if (attribute
        .getIdentification()
        .equalsIgnoreCase(DefinedAttributeIdentification.ENCRYPTED_CONTENT.getURI())) {
      try {
        newAttribute = this.cryptography.decrypt(attribute, userName, privateKey);
        wasEncrypted = true;
      } catch (NetInfCheckedSecurityException securityException) {
        LOG.warn("Unable to decrypt attribute: " + securityException.getMessage());
        return attribute;
      }
    } else if (!superAttributeWasEncrypted
        && attribute
            .getIdentification()
            .equalsIgnoreCase(DefinedAttributeIdentification.ENCRYPTED_CONTENT.getURI())) {
      return null;
    }

    List<Attribute> subattributes = newAttribute.getSubattributes();
    for (Attribute subattribute : subattributes) {
      Attribute newSubattribute =
          decryptAttributesRecursively(subattribute, wasEncrypted, userName, privateKey);
      // if a new Attribute was created the old one gets replaced.
      if (newSubattribute != subattribute) {
        newAttribute.removeSubattribute(subattribute);
        if (newSubattribute != null) {
          newAttribute.addSubattribute(newSubattribute);
        }
      }
    }
    return newAttribute;
  }
Exemple #5
0
  private Attribute verifyAttributesRecursively(Attribute attribute) throws NetInfCheckedException {
    // Result of Verification should not be present before Attribute has been verified. Delete such
    // information
    if (attribute.getSingleSubattribute(
            DefinedAttributeIdentification.SIGNATURE_VERIFICATION_FAILED.getURI())
        != null) {
      attribute.removeSubattribute(
          DefinedAttributeIdentification.SIGNATURE_VERIFICATION_FAILED.getURI());
    }

    if (attribute.getSingleSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI())
        != null) {
      // A Signature-Attribute without a corresponding SignatureIdentification-Subattribute is
      // invalid. Remove
      // Signature.
      if (attribute
              .getSingleSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI())
              .getSingleSubattribute(
                  DefinedAttributeIdentification.SIGNATURE_IDENTIFICATION.getURI())
          == null) {
        attribute.removeSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI());

        // A Writer-Attribute without a corresponding signature attribute is an instruction to sign
        // if possible. An incoming
        // object should have no instructions since the sender is not trusted. The instruction is
        // deleted.
        if (attribute.getSingleSubattribute(DefinedAttributeIdentification.WRITER.getURI())
            == null) {
          attribute.removeSubattribute(DefinedAttributeIdentification.WRITER.getURI());
        }
      }
      IntegrityResult integrityResult = this.integrity.isSignatureValid(attribute);
      if (this.suppressCorruptedIOs) {
        switch (integrityResult) {
          case INTEGRITY_CHECK_FAIL:
            throw new NetInfCheckedSecurityException("Integrity check failed.");
          case INTEGRITY_NOT_TESTABLE:
            throw new NetInfCheckedSecurityException("Integrity not testable.");
          case INTEGRITY_CHECK_SUCCEEDED:
            break;
          default:
            throw new NetInfCheckedSecurityException("Integrity check result unknown.");
        }
      } else {
        // A Writer-Attribute without a corresponding signature attribute is an instruction to sign
        // if possible. An incoming
        // object should have no instructions since the sender is not trusted. The instruction is
        // deleted.
        if (attribute.getSingleSubattribute(DefinedAttributeIdentification.WRITER.getURI())
            == null) {
          attribute.removeSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI());
        }
      }

      // TODO wait for convenient methods to create IOs
      IdentityVerificationResult identityResult =
          this.identityVerification.isWriterVerified(attribute);
      if (this.suppressCorruptedIOs) {
        switch (identityResult) {
          case IDENTITY_NOT_VERIFIABLE:
            throw new NetInfCheckedSecurityException("Identity not verifiable.");
          case IDENTITY_VERIFICATION_FAILED:
            throw new NetInfCheckedSecurityException("Identity verification failed.");
          case IDENTITY_VERIFICATION_SUCCEEDED:
            break;
          default:
            throw new NetInfCheckedSecurityException("Identity verification result unknown.");
        }
      }
    }

    List<Attribute> subattributes = attribute.getSubattributes();
    for (Attribute subattribute : subattributes) {
      Attribute newSubattribute = verifyAttributesRecursively(subattribute);
      // if a new Attribute was created the old one gets replaced.
      if (newSubattribute != subattribute) {
        attribute.removeSubattribute(subattribute);
        if (newSubattribute != null) {
          attribute.addSubattribute(newSubattribute);
        }
      }
    }
    return attribute;
  }