Skip to content

Commit

Permalink
refactored to deal with class loader issues in ErrorBundles for modules
Browse files Browse the repository at this point in the history
dghgit committed Mar 5, 2024
1 parent ab00336 commit c3624a5
Showing 1 changed file with 37 additions and 22 deletions.
Original file line number Diff line number Diff line change
@@ -169,7 +169,7 @@ else if (message.isMimeType("application/pkcs7-mime")
}
else
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.noSignedMessage");
throw new SignedMailValidatorException(msg);
}
@@ -215,7 +215,7 @@ else if (message.isMimeType("application/pkcs7-mime")
throw (SignedMailValidatorException)e;
}
// exception reading message
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.exceptionReadingMessage",
new Object[]{e.getMessage(), e, e.getClass().getName()});
throw new SignedMailValidatorException(msg, e);
@@ -258,7 +258,7 @@ protected void validateSignatures(PKIXParameters pkixParam)
}
catch (CertStoreException cse)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.exceptionRetrievingSignerCert",
new Object[]{cse.getMessage(), cse, cse.getClass().getName()});
errors.add(msg);
@@ -273,14 +273,14 @@ protected void validateSignatures(PKIXParameters pkixParam)
validSignature = signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert.getPublicKey()));
if (!validSignature)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.signatureNotVerified");
errors.add(msg);
}
}
catch (Exception e)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.exceptionVerifyingSignature",
new Object[]{e.getMessage(), e, e.getClass().getName()});
errors.add(msg);
@@ -296,7 +296,7 @@ protected void validateSignatures(PKIXParameters pkixParam)
Attribute attr = atab.get(PKCSObjectIdentifiers.id_aa_receiptRequest);
if (attr != null)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.signedReceiptRequest");
notifications.add(msg);
}
@@ -309,7 +309,7 @@ protected void validateSignatures(PKIXParameters pkixParam)
Date signTime = getSignatureTime(signer);
if (signTime == null) // no signing time was found
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.noSigningTime");
notifications.add(msg);
signTime = pkixParam.getDate();
@@ -327,14 +327,14 @@ protected void validateSignatures(PKIXParameters pkixParam)
}
catch (CertificateExpiredException e)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.certExpired",
new Object[]{new TrustedInput(signTime), new TrustedInput(cert.getNotAfter())});
errors.add(msg);
}
catch (CertificateNotYetValidException e)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.certNotYetValid",
new Object[]{new TrustedInput(signTime), new TrustedInput(cert.getNotBefore())});
errors.add(msg);
@@ -373,7 +373,7 @@ protected void validateSignatures(PKIXParameters pkixParam)
review.init(certPath, usedParameters);
if (!review.isValidCertPath())
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.certPathInvalid");
errors.add(msg);
}
@@ -383,7 +383,7 @@ protected void validateSignatures(PKIXParameters pkixParam)
catch (GeneralSecurityException gse)
{
// cannot create cert path
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.exceptionCreateCertPath",
new Object[]{gse.getMessage(), gse, gse.getClass().getName()});
errors.add(msg);
@@ -401,7 +401,7 @@ protected void validateSignatures(PKIXParameters pkixParam)
else
// no signer certificate found
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.noSignerCert");
errors.add(msg);
results.put(signer, new ValidationResult(null, false, errors,
@@ -478,7 +478,7 @@ else if (key instanceof DSAPublicKey)
}
if (keyLength != -1 && keyLength <= shortKeyLength)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.shortSigningKey",
new Object[]{Integers.valueOf(keyLength)});
notifications.add(msg);
@@ -488,7 +488,7 @@ else if (key instanceof DSAPublicKey)
long validityPeriod = cert.getNotAfter().getTime() - cert.getNotBefore().getTime();
if (validityPeriod > THIRTY_YEARS_IN_MILLI_SEC)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.longValidity",
new Object[]{new TrustedInput(cert.getNotBefore()), new TrustedInput(cert.getNotAfter())});
notifications.add(msg);
@@ -498,7 +498,7 @@ else if (key instanceof DSAPublicKey)
boolean[] keyUsage = cert.getKeyUsage();
if (keyUsage != null && !keyUsage[0] && !keyUsage[1])
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.signingNotPermitted");
errors.add(msg);
}
@@ -516,15 +516,15 @@ else if (key instanceof DSAPublicKey)
&& !extKeyUsage
.hasKeyPurposeId(KeyPurposeId.id_kp_emailProtection))
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.extKeyUsageNotPermitted");
errors.add(msg);
}
}
}
catch (Exception e)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.extKeyUsageError", new Object[]{
e.getMessage(), e, e.getClass().getName()}
);
@@ -538,7 +538,7 @@ else if (key instanceof DSAPublicKey)
if (certEmails.isEmpty())
{
// error no email address in signing certificate
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.noEmailInCert");
errors.add(msg);
}
@@ -557,7 +557,7 @@ else if (key instanceof DSAPublicKey)
}
if (!equalsFrom)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.emailFromCertMismatch",
new Object[]{
new UntrustedInput(
@@ -570,7 +570,7 @@ else if (key instanceof DSAPublicKey)
}
catch (Exception e)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.certGetEmailError", new Object[]{
e.getMessage(), e, e.getClass().getName()}
);
@@ -854,7 +854,7 @@ public ValidationResult getValidationResult(SignerInformation signer)
{
// the signer is not part of the SignerInformationStore
// he has not signed the message
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
ErrorBundle msg = createErrorBundle(
"SignedMailValidator.wrongSigner");
throw new SignedMailValidatorException(msg);
}
@@ -961,10 +961,25 @@ public boolean isValidSignature()
}
}


private static TBSCertificate getTBSCert(X509Certificate cert)
throws CertificateEncodingException
{
return TBSCertificate.getInstance(cert.getTBSCertificate());
}

private static ErrorBundle createErrorBundle(String id)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, id);
msg.setClassLoader(SignedMailValidator.class.getClassLoader());

return msg;
}

private static ErrorBundle createErrorBundle(String id, Object[] arguments)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, id, arguments);
msg.setClassLoader(SignedMailValidator.class.getClassLoader());

return msg;
}
}

0 comments on commit c3624a5

Please sign in to comment.