Exemplo n.º 1
0
  private Attribute removeSignCommandRecursiveley(Attribute attribute)
      throws NetInfCheckedException {
    List<Attribute> subattributes = attribute.getSubattributes();
    boolean writer = false;
    boolean signature = false;
    for (Attribute subattribute : subattributes) {
      if (subattribute.getIdentification().equals(DefinedAttributeIdentification.WRITER.getURI())) {
        writer = true;
      } else if (subattribute
          .getIdentification()
          .equals(DefinedAttributeIdentification.SIGNATURE.getURI())) {
        signature = true;
      } else {
        Attribute newSubattribute = removeSignCommandRecursiveley(subattribute);
        // if a new Attribute was created the old one gets replaced.
        if (newSubattribute != subattribute) {
          attribute.removeSubattribute(subattribute);
          if (newSubattribute != null) {
            attribute.addSubattribute(newSubattribute);
          }
        }
      }
    }

    if (writer && !signature) {
      attribute.removeSubattribute(DefinedAttributeIdentification.WRITER.getURI());
    }
    return attribute;
  }
Exemplo n.º 2
0
 private InformationObject removeSignCommandsRecursively(InformationObject informationObject)
     throws NetInfCheckedException {
   List<Attribute> attributes = informationObject.getAttributes();
   boolean writer = false;
   boolean signature = false;
   for (Attribute attribute : attributes) {
     if (attribute.getIdentification().equals(DefinedAttributeIdentification.WRITER.getURI())) {
       writer = true;
     } else if (attribute
         .getIdentification()
         .equals(DefinedAttributeIdentification.SIGNATURE.getURI())) {
       signature = true;
     } else {
       Attribute newSubattribute = removeSignCommandRecursiveley(attribute);
       // if a new Attribute was created the old one gets replaced.
       if (newSubattribute != attribute) {
         informationObject.removeAttribute(attribute);
         if (newSubattribute != null) {
           informationObject.addAttribute(newSubattribute);
         }
       }
     }
   }
   if (writer && !signature) {
     informationObject.removeAttribute(DefinedAttributeIdentification.WRITER.getURI());
   }
   return informationObject;
 }
Exemplo n.º 3
0
  private Attribute handleSignCommandRecursiveley(
      Attribute attribute, String userName, String privateKey) throws NetInfCheckedException {
    List<Attribute> subattributes = attribute.getSubattributes();
    boolean writer = false;
    boolean signature = false;
    for (Attribute subattribute : subattributes) {
      if (subattribute.getIdentification().equals(DefinedAttributeIdentification.WRITER.getURI())) {
        writer = true;
      } else if (subattribute
          .getIdentification()
          .equals(DefinedAttributeIdentification.SIGNATURE.getURI())) {
        signature = true;
      } else {
        Attribute newSubattribute =
            handleSignCommandRecursiveley(subattribute, userName, privateKey);
        // if a new Attribute was created the old one gets replaced.
        if (newSubattribute != subattribute) {
          attribute.removeSubattribute(subattribute);
          if (newSubattribute != null) {
            attribute.addSubattribute(newSubattribute);
          }
        }
      }
    }
    // A Writer-Attribute without a corresponding signature attribute is an instruction to sign if
    // possible.
    if (writer && !signature) {
      switch (this.integrity.sign(attribute, userName, privateKey)) {
        case SIGNING_FAILED:
          throw new NetInfCheckedSecurityException("Sign failed.");
        case SIGNING_SUCCEEDED:
          break;
        default:
          throw new NetInfCheckedSecurityException("Sign result unknown.");
      }
    }

    return attribute;
  }
Exemplo n.º 4
0
  private Attribute verifyAttributesRecursively(Attribute attribute) throws NetInfCheckedException {
    // Result of Verification should not be present before Attribute has been verified. Delete such
    // information
    if (attribute.getSingleSubattribute(
            DefinedAttributeIdentification.SIGNATURE_VERIFICATION_FAILED.getURI())
        != null) {
      attribute.removeSubattribute(
          DefinedAttributeIdentification.SIGNATURE_VERIFICATION_FAILED.getURI());
    }

    if (attribute.getSingleSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI())
        != null) {
      // A Signature-Attribute without a corresponding SignatureIdentification-Subattribute is
      // invalid. Remove
      // Signature.
      if (attribute
              .getSingleSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI())
              .getSingleSubattribute(
                  DefinedAttributeIdentification.SIGNATURE_IDENTIFICATION.getURI())
          == null) {
        attribute.removeSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI());

        // A Writer-Attribute without a corresponding signature attribute is an instruction to sign
        // if possible. An incoming
        // object should have no instructions since the sender is not trusted. The instruction is
        // deleted.
        if (attribute.getSingleSubattribute(DefinedAttributeIdentification.WRITER.getURI())
            == null) {
          attribute.removeSubattribute(DefinedAttributeIdentification.WRITER.getURI());
        }
      }
      IntegrityResult integrityResult = this.integrity.isSignatureValid(attribute);
      if (this.suppressCorruptedIOs) {
        switch (integrityResult) {
          case INTEGRITY_CHECK_FAIL:
            throw new NetInfCheckedSecurityException("Integrity check failed.");
          case INTEGRITY_NOT_TESTABLE:
            throw new NetInfCheckedSecurityException("Integrity not testable.");
          case INTEGRITY_CHECK_SUCCEEDED:
            break;
          default:
            throw new NetInfCheckedSecurityException("Integrity check result unknown.");
        }
      } else {
        // A Writer-Attribute without a corresponding signature attribute is an instruction to sign
        // if possible. An incoming
        // object should have no instructions since the sender is not trusted. The instruction is
        // deleted.
        if (attribute.getSingleSubattribute(DefinedAttributeIdentification.WRITER.getURI())
            == null) {
          attribute.removeSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI());
        }
      }

      // TODO wait for convenient methods to create IOs
      IdentityVerificationResult identityResult =
          this.identityVerification.isWriterVerified(attribute);
      if (this.suppressCorruptedIOs) {
        switch (identityResult) {
          case IDENTITY_NOT_VERIFIABLE:
            throw new NetInfCheckedSecurityException("Identity not verifiable.");
          case IDENTITY_VERIFICATION_FAILED:
            throw new NetInfCheckedSecurityException("Identity verification failed.");
          case IDENTITY_VERIFICATION_SUCCEEDED:
            break;
          default:
            throw new NetInfCheckedSecurityException("Identity verification result unknown.");
        }
      }
    }

    List<Attribute> subattributes = attribute.getSubattributes();
    for (Attribute subattribute : subattributes) {
      Attribute newSubattribute = verifyAttributesRecursively(subattribute);
      // if a new Attribute was created the old one gets replaced.
      if (newSubattribute != subattribute) {
        attribute.removeSubattribute(subattribute);
        if (newSubattribute != null) {
          attribute.addSubattribute(newSubattribute);
        }
      }
    }
    return attribute;
  }
Exemplo n.º 5
0
  private InformationObject verifyInformationObjectRecursively(InformationObject informationObject)
      throws NetInfCheckedException, NoSuchAlgorithmException {
    // Result of Verification should not be present before IO has been verified. Delete such
    // information
    if (informationObject.getSingleAttribute(
            DefinedAttributeIdentification.SIGNATURE_VERIFICATION_FAILED.getURI())
        != null) {
      informationObject.removeAttribute(
          DefinedAttributeIdentification.SIGNATURE_VERIFICATION_FAILED.getURI());
    }

    if (informationObject.getSingleAttribute(DefinedAttributeIdentification.SIGNATURE.getURI())
        != null) {
      // A Signature-Attribute without a corresponding SignatureIdentigication attribute is invalid.
      // It is deleted.
      if (informationObject
              .getSingleAttribute(DefinedAttributeIdentification.SIGNATURE.getURI())
              .getSingleSubattribute(
                  DefinedAttributeIdentification.SIGNATURE_IDENTIFICATION.getURI())
          != null) {
        informationObject.removeAttribute(DefinedAttributeIdentification.SIGNATURE.getURI());
        // A Writer-Attribute without a corresponding signature attribute is an instruction to sign
        // if possible. An incoming
        // object should have no instructions since the sender is not trusted. The instruction is
        // deleted.
        if (informationObject.getSingleAttribute(DefinedAttributeIdentification.WRITER.getURI())
            != null) {
          informationObject.removeAttribute(DefinedAttributeIdentification.WRITER.getURI());
        }
      } else {

        IntegrityResult result = this.integrity.isSignatureValid(informationObject);
        if (this.suppressCorruptedIOs) {
          switch (result) {
            case INTEGRITY_CHECK_FAIL:
              throw new NetInfCheckedSecurityException("Integrity check failed.");
            case INTEGRITY_NOT_TESTABLE:
              throw new NetInfCheckedSecurityException("Integrity not testable.");
            case INTEGRITY_CHECK_SUCCEEDED:
              break;
            default:
              throw new NetInfCheckedSecurityException("Integrity check result unknown.");
          }
        }
        // TODO wait for convenient methods to create IOs
        verifyIdenties(informationObject);
      }
    } else {
      // A Writer-Attribute without a corresponding signature attribute is an instruction to sign if
      // possible. An incoming
      // object should have no instructions since the sender is not trusted. The instruction is
      // deleted.
      if (informationObject.getSingleAttribute(DefinedAttributeIdentification.WRITER.getURI())
          != null) {
        informationObject.removeAttribute(DefinedAttributeIdentification.WRITER.getURI());
      }
    }

    List<Attribute> attributes = informationObject.getAttributes();
    for (Attribute attribute : attributes) {
      Attribute newAttribute = verifyAttributesRecursively(attribute);
      // if a new Attribute was created the old one gets replaced.
      if (newAttribute != attribute) {
        informationObject.removeAttribute(attribute);
        if (newAttribute != null) {
          informationObject.addAttribute(newAttribute);
        }
      }
    }
    return informationObject;
  }