Skip to content

Commit

Permalink
refactored to deal with class loader issues in ErrorBundles for modules
Browse files Browse the repository at this point in the history
@dghgit
dghgit committed Mar 5, 2024
1 parent ab00336 commit c3624a5
Showing 1 changed file with 37 additions and 22 deletions.
59 changes: 37 additions & 22 deletions mail/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidator.java
View file
Original file line number Diff line number Diff line change
@@ -169,7 +169,7 @@ else if (message.isMimeType("application/pkcs7-mime")
}
else
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.noSignedMessage");
throw new SignedMailValidatorException(msg);
}
@@ -215,7 +215,7 @@ else if (message.isMimeType("application/pkcs7-mime")
throw (SignedMailValidatorException)e;
}
// exception reading message
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.exceptionReadingMessage",
new Object[]{e.getMessage(), e, e.getClass().getName()});
throw new SignedMailValidatorException(msg, e);
@@ -258,7 +258,7 @@ protected void validateSignatures(PKIXParameters pkixParam)
}
catch (CertStoreException cse)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.exceptionRetrievingSignerCert",
new Object[]{cse.getMessage(), cse, cse.getClass().getName()});
errors.add(msg);
@@ -273,14 +273,14 @@ protected void validateSignatures(PKIXParameters pkixParam)
validSignature = signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert.getPublicKey()));
if (!validSignature)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.signatureNotVerified");
errors.add(msg);
}
}
catch (Exception e)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.exceptionVerifyingSignature",
new Object[]{e.getMessage(), e, e.getClass().getName()});
errors.add(msg);
@@ -296,7 +296,7 @@ protected void validateSignatures(PKIXParameters pkixParam)
Attribute attr = atab.get(PKCSObjectIdentifiers.id_aa_receiptRequest);
if (attr != null)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.signedReceiptRequest");
notifications.add(msg);
}
@@ -309,7 +309,7 @@ protected void validateSignatures(PKIXParameters pkixParam)
Date signTime = getSignatureTime(signer);
if (signTime == null) // no signing time was found
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.noSigningTime");
notifications.add(msg);
signTime = pkixParam.getDate();
@@ -327,14 +327,14 @@ protected void validateSignatures(PKIXParameters pkixParam)
}
catch (CertificateExpiredException e)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.certExpired",
new Object[]{new TrustedInput(signTime), new TrustedInput(cert.getNotAfter())});
errors.add(msg);
}
catch (CertificateNotYetValidException e)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.certNotYetValid",
new Object[]{new TrustedInput(signTime), new TrustedInput(cert.getNotBefore())});
errors.add(msg);
@@ -373,7 +373,7 @@ protected void validateSignatures(PKIXParameters pkixParam)
review.init(certPath, usedParameters);
if (!review.isValidCertPath())
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.certPathInvalid");
errors.add(msg);
}
@@ -383,7 +383,7 @@ protected void validateSignatures(PKIXParameters pkixParam)
catch (GeneralSecurityException gse)
{
// cannot create cert path
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.exceptionCreateCertPath",
new Object[]{gse.getMessage(), gse, gse.getClass().getName()});
errors.add(msg);
@@ -401,7 +401,7 @@ protected void validateSignatures(PKIXParameters pkixParam)
else
// no signer certificate found
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.noSignerCert");
errors.add(msg);
results.put(signer, new ValidationResult(null, false, errors,
@@ -478,7 +478,7 @@ else if (key instanceof DSAPublicKey)
}
if (keyLength != -1 && keyLength <= shortKeyLength)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.shortSigningKey",
new Object[]{Integers.valueOf(keyLength)});
notifications.add(msg);
@@ -488,7 +488,7 @@ else if (key instanceof DSAPublicKey)
long validityPeriod = cert.getNotAfter().getTime() - cert.getNotBefore().getTime();
if (validityPeriod > THIRTY_YEARS_IN_MILLI_SEC)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.longValidity",
new Object[]{new TrustedInput(cert.getNotBefore()), new TrustedInput(cert.getNotAfter())});
notifications.add(msg);
@@ -498,7 +498,7 @@ else if (key instanceof DSAPublicKey)
boolean[] keyUsage = cert.getKeyUsage();
if (keyUsage != null && !keyUsage[0] && !keyUsage[1])
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.signingNotPermitted");
errors.add(msg);
}
@@ -516,15 +516,15 @@ else if (key instanceof DSAPublicKey)
&& !extKeyUsage
.hasKeyPurposeId(KeyPurposeId.id_kp_emailProtection))
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.extKeyUsageNotPermitted");
errors.add(msg);
}
}
}
catch (Exception e)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.extKeyUsageError", new Object[]{
e.getMessage(), e, e.getClass().getName()}
);
@@ -538,7 +538,7 @@ else if (key instanceof DSAPublicKey)
if (certEmails.isEmpty())
{
// error no email address in signing certificate
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.noEmailInCert");
errors.add(msg);
}
@@ -557,7 +557,7 @@ else if (key instanceof DSAPublicKey)
}
if (!equalsFrom)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.emailFromCertMismatch",
new Object[]{
new UntrustedInput(
@@ -570,7 +570,7 @@ else if (key instanceof DSAPublicKey)
}
catch (Exception e)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.certGetEmailError", new Object[]{
e.getMessage(), e, e.getClass().getName()}
);
@@ -854,7 +854,7 @@ public ValidationResult getValidationResult(SignerInformation signer)
{
// the signer is not part of the SignerInformationStore
// he has not signed the message
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.wrongSigner");
throw new SignedMailValidatorException(msg);
}
@@ -961,10 +961,25 @@ public boolean isValidSignature()
}
}


private static TBSCertificate getTBSCert(X509Certificate cert)
throws CertificateEncodingException
{
return TBSCertificate.getInstance(cert.getTBSCertificate());
}

private static ErrorBundle createErrorBundle(String id)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, id);
msg.setClassLoader(SignedMailValidator.class.getClassLoader());

return msg;
}

private static ErrorBundle createErrorBundle(String id, Object[] arguments)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, id, arguments);
msg.setClassLoader(SignedMailValidator.class.getClassLoader());

return msg;
}
}

0 comments on commit c3624a5

Please sign in to comment.