private Attribute verifyAttributesRecursively(Attribute attribute) throws NetInfCheckedException {
// Result of Verification should not be present before Attribute has been verified. Delete such
// information
if (attribute.getSingleSubattribute(
DefinedAttributeIdentification.SIGNATURE_VERIFICATION_FAILED.getURI())
!= null) {
attribute.removeSubattribute(
DefinedAttributeIdentification.SIGNATURE_VERIFICATION_FAILED.getURI());
}
if (attribute.getSingleSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI())
!= null) {
// A Signature-Attribute without a corresponding SignatureIdentification-Subattribute is
// invalid. Remove
// Signature.
if (attribute
.getSingleSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI())
.getSingleSubattribute(
DefinedAttributeIdentification.SIGNATURE_IDENTIFICATION.getURI())
== null) {
attribute.removeSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI());
// A Writer-Attribute without a corresponding signature attribute is an instruction to sign
// if possible. An incoming
// object should have no instructions since the sender is not trusted. The instruction is
// deleted.
if (attribute.getSingleSubattribute(DefinedAttributeIdentification.WRITER.getURI())
== null) {
attribute.removeSubattribute(DefinedAttributeIdentification.WRITER.getURI());
}
}
IntegrityResult integrityResult = this.integrity.isSignatureValid(attribute);
if (this.suppressCorruptedIOs) {
switch (integrityResult) {
case INTEGRITY_CHECK_FAIL:
throw new NetInfCheckedSecurityException("Integrity check failed.");
case INTEGRITY_NOT_TESTABLE:
throw new NetInfCheckedSecurityException("Integrity not testable.");
case INTEGRITY_CHECK_SUCCEEDED:
break;
default:
throw new NetInfCheckedSecurityException("Integrity check result unknown.");
}
} else {
// A Writer-Attribute without a corresponding signature attribute is an instruction to sign
// if possible. An incoming
// object should have no instructions since the sender is not trusted. The instruction is
// deleted.
if (attribute.getSingleSubattribute(DefinedAttributeIdentification.WRITER.getURI())
== null) {
attribute.removeSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI());
}
}
// TODO wait for convenient methods to create IOs
IdentityVerificationResult identityResult =
this.identityVerification.isWriterVerified(attribute);
if (this.suppressCorruptedIOs) {
switch (identityResult) {
case IDENTITY_NOT_VERIFIABLE:
throw new NetInfCheckedSecurityException("Identity not verifiable.");
case IDENTITY_VERIFICATION_FAILED:
throw new NetInfCheckedSecurityException("Identity verification failed.");
case IDENTITY_VERIFICATION_SUCCEEDED:
break;
default:
throw new NetInfCheckedSecurityException("Identity verification result unknown.");
}
}
}
List<Attribute> subattributes = attribute.getSubattributes();
for (Attribute subattribute : subattributes) {
Attribute newSubattribute = verifyAttributesRecursively(subattribute);
// if a new Attribute was created the old one gets replaced.
if (newSubattribute != subattribute) {
attribute.removeSubattribute(subattribute);
if (newSubattribute != null) {
attribute.addSubattribute(newSubattribute);
}
}
}
return attribute;
}
