1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
|
18 |
|
|
19 |
|
|
20 |
|
|
21 |
|
package org.xwiki.crypto.pkix.internal; |
22 |
|
|
23 |
|
import java.security.GeneralSecurityException; |
24 |
|
import java.util.ArrayDeque; |
25 |
|
import java.util.Arrays; |
26 |
|
import java.util.Collection; |
27 |
|
import java.util.Deque; |
28 |
|
import java.util.EnumSet; |
29 |
|
|
30 |
|
import javax.inject.Named; |
31 |
|
import javax.inject.Singleton; |
32 |
|
|
33 |
|
import org.xwiki.component.annotation.Component; |
34 |
|
import org.xwiki.crypto.pkix.CertificateChainBuilder; |
35 |
|
import org.xwiki.crypto.pkix.CertificateProvider; |
36 |
|
import org.xwiki.crypto.pkix.params.CertifiedPublicKey; |
37 |
|
import org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey; |
38 |
|
import org.xwiki.crypto.pkix.params.x509certificate.extension.KeyUsage; |
39 |
|
import org.xwiki.crypto.pkix.params.x509certificate.extension.X509Extensions; |
40 |
|
|
41 |
|
|
42 |
|
@link |
43 |
|
|
44 |
|
@version |
45 |
|
@since |
46 |
|
|
47 |
|
@Component |
48 |
|
@Singleton |
49 |
|
@Named("X509") |
|
|
| 80.3% |
Uncovered Elements: 14 (71) |
Complexity: 22 |
Complexity Density: 0.56 |
|
50 |
|
public class BcX509CertificateChainBuilder implements CertificateChainBuilder |
51 |
|
{ |
|
|
| 71.4% |
Uncovered Elements: 2 (7) |
Complexity: 2 |
Complexity Density: 0.4 |
|
52 |
14 |
@Override... |
53 |
|
public Collection<CertifiedPublicKey> build(CertifiedPublicKey certificate, CertificateProvider provider) |
54 |
|
{ |
55 |
14 |
if (certificate == null) { |
56 |
0 |
return null; |
57 |
|
} |
58 |
|
|
59 |
14 |
Deque<CertifiedPublicKey> result = new ArrayDeque<CertifiedPublicKey>(); |
60 |
14 |
build(result, certificate, provider); |
61 |
14 |
return result; |
62 |
|
} |
63 |
|
|
|
|
| 69.2% |
Uncovered Elements: 4 (13) |
Complexity: 5 |
Complexity Density: 0.71 |
|
64 |
36 |
private Collection<CertifiedPublicKey> build(Deque<CertifiedPublicKey> result, CertifiedPublicKey certificate,... |
65 |
|
CertificateProvider provider) |
66 |
|
{ |
67 |
36 |
if (result.contains(certificate)) { |
68 |
|
|
69 |
0 |
return result; |
70 |
|
} |
71 |
|
|
72 |
36 |
if (!(certificate instanceof X509CertifiedPublicKey)) { |
73 |
0 |
throw new IllegalArgumentException("Certificate of incompatible type [" |
74 |
|
+ certificate.getClass().getName() + "] for subject [" + certificate.getSubject().getName() + "]"); |
75 |
|
} |
76 |
|
|
77 |
36 |
result.push(certificate); |
78 |
|
|
79 |
36 |
CertifiedPublicKey issuer = getIssuer((X509CertifiedPublicKey) certificate, provider); |
80 |
|
|
81 |
36 |
return (issuer != null && !issuer.equals(certificate)) ? build(result, issuer, provider) : result; |
82 |
|
} |
83 |
|
|
|
|
| 91.7% |
Uncovered Elements: 2 (24) |
Complexity: 6 |
Complexity Density: 0.43 |
|
84 |
36 |
private CertifiedPublicKey getIssuer(X509CertifiedPublicKey cert, CertificateProvider provider)... |
85 |
|
{ |
86 |
36 |
X509Extensions extensions = cert.getExtensions(); |
87 |
|
|
88 |
36 |
if (extensions != null) { |
89 |
33 |
byte[] authKey = extensions.getAuthorityKeyIdentifier(); |
90 |
33 |
if (authKey != null) { |
91 |
33 |
if (Arrays.equals(extensions.getSubjectKeyIdentifier(), authKey)) { |
92 |
|
|
93 |
10 |
return cert; |
94 |
|
} |
95 |
|
|
96 |
23 |
return validatedIssuer(cert, provider.getCertificate(authKey)); |
97 |
|
} |
98 |
|
} |
99 |
|
|
100 |
3 |
Collection<CertifiedPublicKey> certs = provider.getCertificate(cert.getIssuer()); |
101 |
3 |
if (certs != null) { |
102 |
2 |
for (CertifiedPublicKey issuerCert : certs) { |
103 |
2 |
CertifiedPublicKey issuer = validatedIssuer(cert, issuerCert); |
104 |
2 |
if (issuer != null) { |
105 |
2 |
return issuer; |
106 |
|
} |
107 |
|
} |
108 |
|
} |
109 |
|
|
110 |
1 |
return null; |
111 |
|
} |
112 |
|
|
|
|
| 73.9% |
Uncovered Elements: 6 (23) |
Complexity: 9 |
Complexity Density: 0.69 |
|
113 |
25 |
private CertifiedPublicKey validatedIssuer(X509CertifiedPublicKey cert, CertifiedPublicKey issuerCert)... |
114 |
|
{ |
115 |
25 |
if (issuerCert == null || !(issuerCert instanceof X509CertifiedPublicKey)) { |
116 |
2 |
return null; |
117 |
|
} |
118 |
|
|
119 |
23 |
X509CertifiedPublicKey issuer = (X509CertifiedPublicKey) issuerCert; |
120 |
|
|
121 |
23 |
if (issuer.getVersionNumber() == 3) { |
122 |
21 |
X509Extensions extensions = issuer.getExtensions(); |
123 |
21 |
if (extensions == null || !extensions.hasCertificateAuthorityBasicConstraints()) { |
124 |
0 |
return null; |
125 |
|
} |
126 |
|
|
127 |
21 |
EnumSet<KeyUsage> usage = extensions.getKeyUsage(); |
128 |
21 |
if (!usage.contains(KeyUsage.keyCertSign)) { |
129 |
0 |
return null; |
130 |
|
} |
131 |
|
} |
132 |
|
|
133 |
23 |
try { |
134 |
23 |
return cert.isSignedBy(issuer.getPublicKeyParameters()) ? issuer : null; |
135 |
|
} catch (GeneralSecurityException e) { |
136 |
0 |
return null; |
137 |
|
} |
138 |
|
} |
139 |
|
} |