89 lines
3.3 KiB
Java
89 lines
3.3 KiB
Java
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
//
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package pgp.wkd.discovery;
|
|
|
|
import pgp.certificate_store.certificate.Certificate;
|
|
import pgp.wkd.CertificateAndUserIds;
|
|
import pgp.wkd.exception.MissingPolicyFileException;
|
|
import pgp.wkd.exception.RejectedCertificateException;
|
|
import pgp.wkd.RejectedCertificate;
|
|
import pgp.wkd.WKDAddress;
|
|
|
|
import java.io.IOException;
|
|
import java.io.InputStream;
|
|
import java.util.ArrayList;
|
|
import java.util.List;
|
|
|
|
/**
|
|
* Default implementation of the {@link CertificateDiscoverer}.
|
|
* This implementation validates the received certificates.
|
|
*/
|
|
public class ValidatingCertificateDiscoverer implements CertificateDiscoverer {
|
|
|
|
protected final CertificateParser reader;
|
|
protected final CertificateFetcher fetcher;
|
|
|
|
public ValidatingCertificateDiscoverer(CertificateParser reader, CertificateFetcher fetcher) {
|
|
this.reader = reader;
|
|
this.fetcher = fetcher;
|
|
}
|
|
|
|
@Override
|
|
public DiscoveryResponse discover(DiscoveryMethod method, WKDAddress address) {
|
|
DiscoveryResponse.Builder builder = DiscoveryResponse.builder(method, address);
|
|
|
|
fetchPolicy(method, address, builder);
|
|
fetchCertificates(method, address, builder);
|
|
|
|
return builder.build();
|
|
}
|
|
|
|
private void fetchCertificates(DiscoveryMethod method, WKDAddress address, DiscoveryResponse.Builder builder) {
|
|
try {
|
|
InputStream certificateIn = fetcher.fetchCertificate(address, method);
|
|
List<CertificateAndUserIds> fetchedCertificates = reader.read(certificateIn);
|
|
|
|
List<RejectedCertificate> rejectedCertificates = new ArrayList<>();
|
|
List<Certificate> acceptableCertificates = new ArrayList<>();
|
|
|
|
String email = address.getEmail();
|
|
|
|
for (CertificateAndUserIds certAndUserIds : fetchedCertificates) {
|
|
Certificate certificate = certAndUserIds.getCertificate();
|
|
boolean containsEmail = false;
|
|
for (String userId : certAndUserIds.getUserIds()) {
|
|
if (userId.contains("<" + email + ">") || userId.equals(email)) {
|
|
containsEmail = true;
|
|
break;
|
|
}
|
|
}
|
|
if (!containsEmail) {
|
|
rejectedCertificates.add(new RejectedCertificate(certificate,
|
|
new RejectedCertificateException.MissingUserId("Certificate " + certificate.getFingerprint() +
|
|
" does not contain user-id with email '" + email + "'")));
|
|
} else {
|
|
acceptableCertificates.add(certificate);
|
|
}
|
|
}
|
|
|
|
builder.setAcceptableCertificates(acceptableCertificates);
|
|
builder.setRejectedCertificates(rejectedCertificates);
|
|
|
|
} catch (IOException e) {
|
|
builder.setFetchingFailure(e);
|
|
}
|
|
}
|
|
|
|
private void fetchPolicy(DiscoveryMethod method, WKDAddress address, DiscoveryResponse.Builder builder) {
|
|
try {
|
|
InputStream policyIn = fetcher.fetchPolicy(address, method);
|
|
WKDPolicy policy = WKDPolicy.fromInputStream(policyIn);
|
|
builder.setPolicy(policy);
|
|
} catch (IOException e) {
|
|
builder.setMissingPolicyFileException(new MissingPolicyFileException(e));
|
|
}
|
|
}
|
|
}
|