public Position toPosition(@Tainted final int index) { if (index < 0) throw new IllegalStateException(); final Range<Integer> range; // Edge case: unfortunately, we can get an illegal index if (index >= len) { range = lines.get(nrLines - 1); return new Position(nrLines, len - range.lowerEndpoint() + 1); } final int lineNr = binarySearch(index); range = lines.get(lineNr); return new Position(lineNr + 1, index - range.lowerEndpoint() + 1); }
/** * Extracts a {@link PGPSignature} object from a blob of {@code .sig} data. * * @throws SignatureException if a signature object couldn't be extracted for any reason. */ private static PGPSignature pgpExtractSignature(@Tainted byte[] signature) throws SignatureException { try { ByteArrayInputStream input = new ByteArrayInputStream(signature); PGPObjectFactory decoder = new BcPGPObjectFactory(PGPUtil.getDecoderStream(input)); Object object = decoder.nextObject(); if (object == null) { throw new SignatureException(String.format( "No OpenPGP packets found in signature.\n%s", dumpHex(signature))); } if (!(object instanceof PGPSignatureList)) { throw new SignatureException(String.format( "Expected PGPSignatureList packet but got %s\n%s", object.getClass().getSimpleName(), dumpHex(signature))); } PGPSignatureList sigs = (PGPSignatureList) object; if (sigs.isEmpty()) { throw new SignatureException(String.format( "PGPSignatureList doesn't have a PGPSignature.\n%s", dumpHex(signature))); } return sigs.get(0); } catch (IOException e) { throw new SignatureException(String.format( "Failed to extract PGPSignature object from .sig blob.\n%s", dumpHex(signature)), e); } }
/** * Convert and validate a raw user-supplied value. * * @throws FormFieldException if value does not meet expected contracts. */ @Detainted public Optional<O> convert(@Tainted @Nullable I value) { try { return Optional.ofNullable(converter.apply(value)); } catch (FormFieldException e) { throw e.propagate(name); } }
/** * Convert and validate a raw user-supplied value from an untyped JSON map. * * @throws FormFieldException if value is wrong type or does not meet expected contracts. */ @Detainted public Optional<O> extractUntyped(@Tainted Map<String, ?> jsonMap) { Object value = jsonMap.get(name); I castedValue; try { castedValue = typeIn.cast(value); } catch (ClassCastException e) { throw new FormFieldException(String.format("Type error: got: %s, expected: %s", value.getClass().getSimpleName(), typeIn.getSimpleName())).propagate(name); } return convert(castedValue); }
/** * Check that {@code cert} is signed by the {@code ca} and not revoked. * * <p>Support for certificate chains has not been implemented. * * @throws GeneralSecurityException for unsupported protocols, certs not signed by the TMCH, * parsing errors, encoding errors, if the CRL is expired, or if the CRL is older than the * one currently in memory. */ public static void verifyCertificate( X509Certificate rootCert, X509CRL crl, @Tainted X509Certificate cert, Date now) throws GeneralSecurityException { cert.checkValidity(checkNotNull(now, "now")); cert.verify(rootCert.getPublicKey()); if (crl.isRevoked(cert)) { X509CRLEntry entry = crl.getRevokedCertificate(cert); throw new CertificateRevokedException( checkNotNull(entry.getRevocationDate(), "revocationDate"), checkNotNull(entry.getRevocationReason(), "revocationReason"), firstNonNull(entry.getCertificateIssuer(), crl.getIssuerX500Principal()), ImmutableMap.of()); } }
/** * Checks if an X.509 CRL you downloaded can safely replace your current CRL. * * <p>This routine makes sure {@code newCrl} is signed by {@code rootCert} and that its timestamps * are correct with respect to {@code now}. * * @throws GeneralSecurityException for unsupported protocols, certs not signed by the TMCH, * incorrect keys, and for invalid, old, not-yet-valid or revoked certificates. */ public static void verifyCrl( X509Certificate rootCert, X509CRL oldCrl, @Tainted X509CRL newCrl, Date now) throws GeneralSecurityException { if (newCrl.getThisUpdate().before(oldCrl.getThisUpdate())) { throw new CRLException(String.format( "New CRL is more out of date than our current CRL. %s < %s\n%s", newCrl.getThisUpdate(), oldCrl.getThisUpdate(), newCrl)); } if (newCrl.getNextUpdate().before(now)) { throw new CRLException("CRL has expired.\n" + newCrl); } newCrl.verify(rootCert.getPublicKey()); }
public Range<Integer> getLineRange(@Tainted final int lineNr) { // Edge case: unfortunately, we can get an illegal line number return lines.get(Math.min(lineNr, nrLines) - 1); }
/** * Convert and validate a raw user-supplied value from a map. * * <p>This is the same as saying: {@code field.convert(valueMap.get(field.name())} * * @throws FormFieldException if value does not meet expected contracts. */ @Detainted public Optional<O> extract(@Tainted Map<String, I> valueMap) { return convert(valueMap.get(name)); }