1. Project Clover database Tue Dec 20 2016 21:24:09 CET
  2. Package org.xwiki.crypto.signer.internal.cms

File BcStoreUtils.java

 

Coverage histogram

../../../../../../img/srcFileCovDistChart8.png
54% of files have more coverage

Code metrics

14
33
7
1
181
94
16
0.48
4.71
7
2.29

Classes

Class Line # Actions
BcStoreUtils 51 33 0% 16 13
0.759259375.9%
 

Contributing tests

This file is covered by 7 tests. .

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20   
21    package org.xwiki.crypto.signer.internal.cms;
22   
23    import java.math.BigInteger;
24    import java.security.GeneralSecurityException;
25    import java.util.ArrayList;
26    import java.util.Collection;
27   
28    import org.bouncycastle.asn1.x500.X500Name;
29    import org.bouncycastle.cert.X509CertificateHolder;
30    import org.bouncycastle.cms.SignerId;
31    import org.bouncycastle.cms.SignerInformation;
32    import org.bouncycastle.util.CollectionStore;
33    import org.bouncycastle.util.Store;
34    import org.xwiki.component.manager.ComponentLookupException;
35    import org.xwiki.component.manager.ComponentManager;
36    import org.xwiki.crypto.pkix.CertificateFactory;
37    import org.xwiki.crypto.pkix.CertificateProvider;
38    import org.xwiki.crypto.pkix.ChainingCertificateProvider;
39    import org.xwiki.crypto.pkix.internal.BcStoreX509CertificateProvider;
40    import org.xwiki.crypto.pkix.internal.BcUtils;
41    import org.xwiki.crypto.pkix.params.CertifiedPublicKey;
42    import org.xwiki.crypto.pkix.params.PrincipalIndentifier;
43    import org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName;
44   
45    /**
46    * Utility class to interface Bouncy Castle store.
47    *
48    * @version $Id: ccc0eb528771dc2ecd156af4c7b504e85c0862be $
49    * @since 6.0M1
50    */
 
51    public final class BcStoreUtils
52    {
 
53  0 toggle private BcStoreUtils()
54    {
55    // Utility class
56    }
57   
58    /**
59    * Get a certificate provider for a given store and an additional certificate provider.
60    *
61    * @param manager the component manager.
62    * @param store the store to wrap.
63    * @param certificateProvider provider of additional certificate to proceed to the verification.
64    * @return a certificate provider wrapping the store.
65    * @throws GeneralSecurityException if unable to initialize the provider.
66    */
 
67  9 toggle public static CertificateProvider getCertificateProvider(ComponentManager manager, Store store,
68    CertificateProvider certificateProvider) throws GeneralSecurityException
69    {
70  9 CertificateProvider provider = newCertificateProvider(manager, store);
71   
72  9 if (certificateProvider == null) {
73  3 return provider;
74    }
75   
76  6 return new ChainingCertificateProvider(provider, certificateProvider);
77    }
78   
79    /**
80    * Add certificate from signed data to the verified signed data.
81    *
82    * @param store the store containing the certificate to add.
83    * @param verifiedData the verified signed data to be filled.
84    * @param certFactory the certificate factory to use for certificate conversion.
85    */
 
86  9 toggle public static void addCertificatesToVerifiedData(Store store, BcCMSSignedDataVerified verifiedData,
87    CertificateFactory certFactory)
88    {
89  9 for (X509CertificateHolder cert : getCertificates(store)) {
90  10 verifiedData.addCertificate(BcUtils.convertCertificate(certFactory, cert));
91    }
92    }
93   
94    /**
95    * Create a new store containing the given certificates and return it as a certificate provider.
96    *
97    * @param manager the component manager.
98    * @param certificates the certificates.
99    * @return a certificate provider wrapping the collection of certificate.
100    * @throws GeneralSecurityException if unable to initialize the provider.
101    */
 
102  6 toggle public static CertificateProvider getCertificateProvider(ComponentManager manager,
103    Collection<CertifiedPublicKey> certificates) throws GeneralSecurityException
104    {
105  6 if (certificates == null || certificates.isEmpty()) {
106  0 return null;
107    }
108   
109  6 Collection<X509CertificateHolder> certs = new ArrayList<X509CertificateHolder>(certificates.size());
110   
111  6 for (CertifiedPublicKey cert : certificates) {
112  17 certs.add(BcUtils.getX509CertificateHolder(cert));
113    }
114   
115  6 return newCertificateProvider(manager, new CollectionStore(certs));
116    }
117   
118    /**
119    * Wrap a bouncy castle store into an adapter for the CertificateProvider interface.
120    *
121    * @param manager the component manager.
122    * @param store the store.
123    * @return a certificate provider wrapping the store.
124    * @throws GeneralSecurityException if unable to initialize the provider.
125    */
 
126  15 toggle private static CertificateProvider newCertificateProvider(ComponentManager manager, Store store)
127    throws GeneralSecurityException
128    {
129  15 try {
130  15 CertificateProvider provider = manager.getInstance(CertificateProvider.class, "BCStoreX509");
131  15 ((BcStoreX509CertificateProvider) provider).setStore(store);
132   
133  15 return provider;
134    } catch (ComponentLookupException e) {
135  0 throw new GeneralSecurityException("Unable to initialize the certificates store", e);
136    }
137    }
138   
 
139  9 toggle @SuppressWarnings("unchecked")
140    private static Collection<X509CertificateHolder> getCertificates(Store store)
141    {
142  9 return store.getMatches(null);
143    }
144   
145    /**
146    * Retrieve the certificate matching the given signer from the certificate provider.
147    *
148    * @param provider a certificate provider.
149    * @param signer the signer for which you want to retrieve the certificate.
150    * @param factory a certificate factory to convert the certificate.
151    * @return a certified public key.
152    */
 
153  9 toggle public static CertifiedPublicKey getCertificate(CertificateProvider provider, SignerInformation signer,
154    CertificateFactory factory)
155    {
156  9 SignerId id = signer.getSID();
157   
158  9 if (provider instanceof BcStoreX509CertificateProvider) {
159  3 X509CertificateHolder cert = ((BcStoreX509CertificateProvider) provider).getCertificate(id);
160  3 return (cert != null) ? BcUtils.convertCertificate(factory, cert) : null;
161    }
162   
163  6 X500Name bcIssuer = id.getIssuer();
164  6 BigInteger serial = id.getSerialNumber();
165  6 byte[] keyId = id.getSubjectKeyIdentifier();
166   
167  6 if (bcIssuer != null) {
168  6 PrincipalIndentifier issuer = new DistinguishedName(bcIssuer);
169  6 if (keyId != null) {
170  0 return provider.getCertificate(issuer, serial, keyId);
171    }
172  6 return provider.getCertificate(issuer, serial);
173    }
174   
175  0 if (keyId != null) {
176  0 return provider.getCertificate(keyId);
177    }
178   
179  0 return null;
180    }
181    }