1. Project Clover database Tue Dec 20 2016 21:24:09 CET
  2. Package org.xwiki.crypto.pkix.internal

File BcX509CertificateChainBuilder.java

 

Coverage histogram

../../../../../img/srcFileCovDistChart8.png
54% of files have more coverage

Code metrics

28
39
4
1
139
91
22
0.56
9.75
4
5.5

Classes

Class Line # Actions
BcX509CertificateChainBuilder 50 39 0% 22 14
0.802816980.3%
 

Contributing tests

This file is covered by 12 tests. .

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20   
21    package org.xwiki.crypto.pkix.internal;
22   
23    import java.security.GeneralSecurityException;
24    import java.util.ArrayDeque;
25    import java.util.Arrays;
26    import java.util.Collection;
27    import java.util.Deque;
28    import java.util.EnumSet;
29   
30    import javax.inject.Named;
31    import javax.inject.Singleton;
32   
33    import org.xwiki.component.annotation.Component;
34    import org.xwiki.crypto.pkix.CertificateChainBuilder;
35    import org.xwiki.crypto.pkix.CertificateProvider;
36    import org.xwiki.crypto.pkix.params.CertifiedPublicKey;
37    import org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey;
38    import org.xwiki.crypto.pkix.params.x509certificate.extension.KeyUsage;
39    import org.xwiki.crypto.pkix.params.x509certificate.extension.X509Extensions;
40   
41    /**
42    * X.509 implementation of {@link org.xwiki.crypto.pkix.CertificateChainBuilder} based on Bouncy Castle.
43    *
44    * @version $Id: 9f547d9d538121b7923da76d1308a5b2e0bde384 $
45    * @since 6.0M1
46    */
47    @Component
48    @Singleton
49    @Named("X509")
 
50    public class BcX509CertificateChainBuilder implements CertificateChainBuilder
51    {
 
52  14 toggle @Override
53    public Collection<CertifiedPublicKey> build(CertifiedPublicKey certificate, CertificateProvider provider)
54    {
55  14 if (certificate == null) {
56  0 return null;
57    }
58   
59  14 Deque<CertifiedPublicKey> result = new ArrayDeque<CertifiedPublicKey>();
60  14 build(result, certificate, provider);
61  14 return result;
62    }
63   
 
64  36 toggle private Collection<CertifiedPublicKey> build(Deque<CertifiedPublicKey> result, CertifiedPublicKey certificate,
65    CertificateProvider provider)
66    {
67  36 if (result.contains(certificate)) {
68    // Avoid circular references
69  0 return result;
70    }
71   
72  36 if (!(certificate instanceof X509CertifiedPublicKey)) {
73  0 throw new IllegalArgumentException("Certificate of incompatible type ["
74    + certificate.getClass().getName() + "] for subject [" + certificate.getSubject().getName() + "]");
75    }
76   
77  36 result.push(certificate);
78   
79  36 CertifiedPublicKey issuer = getIssuer((X509CertifiedPublicKey) certificate, provider);
80   
81  36 return (issuer != null && !issuer.equals(certificate)) ? build(result, issuer, provider) : result;
82    }
83   
 
84  36 toggle private CertifiedPublicKey getIssuer(X509CertifiedPublicKey cert, CertificateProvider provider)
85    {
86  36 X509Extensions extensions = cert.getExtensions();
87   
88  36 if (extensions != null) {
89  33 byte[] authKey = extensions.getAuthorityKeyIdentifier();
90  33 if (authKey != null) {
91  33 if (Arrays.equals(extensions.getSubjectKeyIdentifier(), authKey)) {
92    // Self-signed
93  10 return cert;
94    }
95   
96  23 return validatedIssuer(cert, provider.getCertificate(authKey));
97    }
98    }
99   
100  3 Collection<CertifiedPublicKey> certs = provider.getCertificate(cert.getIssuer());
101  3 if (certs != null) {
102  2 for (CertifiedPublicKey issuerCert : certs) {
103  2 CertifiedPublicKey issuer = validatedIssuer(cert, issuerCert);
104  2 if (issuer != null) {
105  2 return issuer;
106    }
107    }
108    }
109   
110  1 return null;
111    }
112   
 
113  25 toggle private CertifiedPublicKey validatedIssuer(X509CertifiedPublicKey cert, CertifiedPublicKey issuerCert)
114    {
115  25 if (issuerCert == null || !(issuerCert instanceof X509CertifiedPublicKey)) {
116  2 return null;
117    }
118   
119  23 X509CertifiedPublicKey issuer = (X509CertifiedPublicKey) issuerCert;
120   
121  23 if (issuer.getVersionNumber() == 3) {
122  21 X509Extensions extensions = issuer.getExtensions();
123  21 if (extensions == null || !extensions.hasCertificateAuthorityBasicConstraints()) {
124  0 return null;
125    }
126   
127  21 EnumSet<KeyUsage> usage = extensions.getKeyUsage();
128  21 if (!usage.contains(KeyUsage.keyCertSign)) {
129  0 return null;
130    }
131    }
132   
133  23 try {
134  23 return cert.isSignedBy(issuer.getPublicKeyParameters()) ? issuer : null;
135    } catch (GeneralSecurityException e) {
136  0 return null;
137    }
138    }
139    }