private Attribute handleReaderListsRecursively(Attribute attribute, boolean encrypt) throws NetInfCheckedSecurityException { List<Attribute> subattributes = attribute.getSubattributes(); boolean readerList = false; for (Attribute subattribute : subattributes) { if (subattribute .getIdentification() .equals(DefinedAttributeIdentification.AUTHORIZED_READERS.getURI())) { readerList = true; } else { Attribute newSubattribute = handleReaderListsRecursively(subattribute, encrypt); // if a new Attribute was created the old one gets replaced. if (newSubattribute != subattribute) { attribute.removeSubattribute(subattribute); if (newSubattribute != null) { attribute.addSubattribute(newSubattribute); } } } } // A ReaderList-Attribute without a corresponding signature attribute is an instruction to // encrypt if possible. This will // only be done if the user who pushes the InformationObject is trusted. if (encrypt && readerList) { return this.cryptography.encrypt(attribute); } else { // If the user is not trusted the instruction to encrypt is removed. if (readerList) { attribute.removeSubattribute(DefinedAttributeIdentification.AUTHORIZED_READERS.getURI()); } return attribute; } }
private Attribute removeSignCommandRecursiveley(Attribute attribute) throws NetInfCheckedException { List<Attribute> subattributes = attribute.getSubattributes(); boolean writer = false; boolean signature = false; for (Attribute subattribute : subattributes) { if (subattribute.getIdentification().equals(DefinedAttributeIdentification.WRITER.getURI())) { writer = true; } else if (subattribute .getIdentification() .equals(DefinedAttributeIdentification.SIGNATURE.getURI())) { signature = true; } else { Attribute newSubattribute = removeSignCommandRecursiveley(subattribute); // if a new Attribute was created the old one gets replaced. if (newSubattribute != subattribute) { attribute.removeSubattribute(subattribute); if (newSubattribute != null) { attribute.addSubattribute(newSubattribute); } } } } if (writer && !signature) { attribute.removeSubattribute(DefinedAttributeIdentification.WRITER.getURI()); } return attribute; }
private Attribute handleSignCommandRecursiveley( Attribute attribute, String userName, String privateKey) throws NetInfCheckedException { List<Attribute> subattributes = attribute.getSubattributes(); boolean writer = false; boolean signature = false; for (Attribute subattribute : subattributes) { if (subattribute.getIdentification().equals(DefinedAttributeIdentification.WRITER.getURI())) { writer = true; } else if (subattribute .getIdentification() .equals(DefinedAttributeIdentification.SIGNATURE.getURI())) { signature = true; } else { Attribute newSubattribute = handleSignCommandRecursiveley(subattribute, userName, privateKey); // if a new Attribute was created the old one gets replaced. if (newSubattribute != subattribute) { attribute.removeSubattribute(subattribute); if (newSubattribute != null) { attribute.addSubattribute(newSubattribute); } } } } // A Writer-Attribute without a corresponding signature attribute is an instruction to sign if // possible. if (writer && !signature) { switch (this.integrity.sign(attribute, userName, privateKey)) { case SIGNING_FAILED: throw new NetInfCheckedSecurityException("Sign failed."); case SIGNING_SUCCEEDED: break; default: throw new NetInfCheckedSecurityException("Sign result unknown."); } } return attribute; }
private Attribute decryptAttributesRecursively( Attribute attribute, boolean superAttributeWasEncrypted, String userName, String privateKey) { Attribute newAttribute = attribute; boolean wasEncrypted = false; if (attribute .getIdentification() .equalsIgnoreCase(DefinedAttributeIdentification.ENCRYPTED_CONTENT.getURI())) { try { newAttribute = this.cryptography.decrypt(attribute, userName, privateKey); wasEncrypted = true; } catch (NetInfCheckedSecurityException securityException) { LOG.warn("Unable to decrypt attribute: " + securityException.getMessage()); return attribute; } } else if (!superAttributeWasEncrypted && attribute .getIdentification() .equalsIgnoreCase(DefinedAttributeIdentification.ENCRYPTED_CONTENT.getURI())) { return null; } List<Attribute> subattributes = newAttribute.getSubattributes(); for (Attribute subattribute : subattributes) { Attribute newSubattribute = decryptAttributesRecursively(subattribute, wasEncrypted, userName, privateKey); // if a new Attribute was created the old one gets replaced. if (newSubattribute != subattribute) { newAttribute.removeSubattribute(subattribute); if (newSubattribute != null) { newAttribute.addSubattribute(newSubattribute); } } } return newAttribute; }
private Attribute verifyAttributesRecursively(Attribute attribute) throws NetInfCheckedException { // Result of Verification should not be present before Attribute has been verified. Delete such // information if (attribute.getSingleSubattribute( DefinedAttributeIdentification.SIGNATURE_VERIFICATION_FAILED.getURI()) != null) { attribute.removeSubattribute( DefinedAttributeIdentification.SIGNATURE_VERIFICATION_FAILED.getURI()); } if (attribute.getSingleSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI()) != null) { // A Signature-Attribute without a corresponding SignatureIdentification-Subattribute is // invalid. Remove // Signature. if (attribute .getSingleSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI()) .getSingleSubattribute( DefinedAttributeIdentification.SIGNATURE_IDENTIFICATION.getURI()) == null) { attribute.removeSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI()); // A Writer-Attribute without a corresponding signature attribute is an instruction to sign // if possible. An incoming // object should have no instructions since the sender is not trusted. The instruction is // deleted. if (attribute.getSingleSubattribute(DefinedAttributeIdentification.WRITER.getURI()) == null) { attribute.removeSubattribute(DefinedAttributeIdentification.WRITER.getURI()); } } IntegrityResult integrityResult = this.integrity.isSignatureValid(attribute); if (this.suppressCorruptedIOs) { switch (integrityResult) { case INTEGRITY_CHECK_FAIL: throw new NetInfCheckedSecurityException("Integrity check failed."); case INTEGRITY_NOT_TESTABLE: throw new NetInfCheckedSecurityException("Integrity not testable."); case INTEGRITY_CHECK_SUCCEEDED: break; default: throw new NetInfCheckedSecurityException("Integrity check result unknown."); } } else { // A Writer-Attribute without a corresponding signature attribute is an instruction to sign // if possible. An incoming // object should have no instructions since the sender is not trusted. The instruction is // deleted. if (attribute.getSingleSubattribute(DefinedAttributeIdentification.WRITER.getURI()) == null) { attribute.removeSubattribute(DefinedAttributeIdentification.SIGNATURE.getURI()); } } // TODO wait for convenient methods to create IOs IdentityVerificationResult identityResult = this.identityVerification.isWriterVerified(attribute); if (this.suppressCorruptedIOs) { switch (identityResult) { case IDENTITY_NOT_VERIFIABLE: throw new NetInfCheckedSecurityException("Identity not verifiable."); case IDENTITY_VERIFICATION_FAILED: throw new NetInfCheckedSecurityException("Identity verification failed."); case IDENTITY_VERIFICATION_SUCCEEDED: break; default: throw new NetInfCheckedSecurityException("Identity verification result unknown."); } } } List<Attribute> subattributes = attribute.getSubattributes(); for (Attribute subattribute : subattributes) { Attribute newSubattribute = verifyAttributesRecursively(subattribute); // if a new Attribute was created the old one gets replaced. if (newSubattribute != subattribute) { attribute.removeSubattribute(subattribute); if (newSubattribute != null) { attribute.addSubattribute(newSubattribute); } } } return attribute; }