Search in sources :

Example 1 with KeyStoreUnzipedFilesBytesSizeExceeded

use of com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreUnzipedFilesBytesSizeExceeded in project vcert-java by Venafi.

the class CloudConnectorUtils method getPEMCollectionFromKeyStoreAsStream.

public static PEMCollection getPEMCollectionFromKeyStoreAsStream(InputStream keyStoreAsInputStream, String certId, ChainOption chainOption, String keyPassword, DataFormat dataFormat) throws VCertException {
    String certificateAsPem = null;
    String pemFileSuffix = null;
    if (chainOption == ChainOption.ChainOptionRootFirst)
        pemFileSuffix = "_root-first.pem";
    else
        pemFileSuffix = "_root-last.pem";
    PrivateKey privateKey = null;
    try (ZipInputStream zis = new ZipInputStream(keyStoreAsInputStream)) {
        // The next constants are in order to be on safe about of the zip bomb attacks
        // The expected number of files in the zip returned by the call to
        final int MAX_ENTRIES = 10;
        // the API "POST /outagedetection/v1/certificates/{id}/keystore"
        // 1 MB
        final int MAX_UNZIPED_FILES_SIZE = 1000000;
        int entriesCount = 0;
        int unzipedAcumulatedSize = 0;
        ZipEntry zipEntry;
        while ((zipEntry = zis.getNextEntry()) != null) {
            entriesCount++;
            // If the number of entries is major that the expected max number of entries
            if (entriesCount > MAX_ENTRIES)
                throw new KeyStoreZipEntriesExceeded(certId, MAX_ENTRIES);
            String zipEntryContent = readZipEntry(zipEntry, zis, certId);
            String fileName = zipEntry.getName();
            if (fileName.endsWith(".key")) {
                // Getting the PrivateKey in PKCS8 and decrypting it
                PEMParser pemParser = new PEMParser(new StringReader(zipEntryContent));
                privateKey = PEMCollection.decryptPKCS8PrivateKey(pemParser, keyPassword);
            } else {
                if (fileName.endsWith(pemFileSuffix)) {
                    certificateAsPem = zipEntryContent;
                }
            }
            unzipedAcumulatedSize += zipEntryContent.getBytes().length;
            // maximum number of bytes.
            if (unzipedAcumulatedSize > MAX_UNZIPED_FILES_SIZE)
                throw new KeyStoreUnzipedFilesBytesSizeExceeded(certId, MAX_UNZIPED_FILES_SIZE);
        }
    } catch (Exception e) {
        throw new VCertException(e);
    }
    return PEMCollection.fromStringPEMCollection(certificateAsPem, chainOption, privateKey, keyPassword, dataFormat);
}
Also used : ZipInputStream(java.util.zip.ZipInputStream) PrivateKey(java.security.PrivateKey) PEMParser(org.bouncycastle.openssl.PEMParser) KeyStoreUnzipedFilesBytesSizeExceeded(com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreUnzipedFilesBytesSizeExceeded) KeyStoreZipEntriesExceeded(com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreZipEntriesExceeded) VCertException(com.venafi.vcert.sdk.VCertException) ZipEntry(java.util.zip.ZipEntry) StringReader(java.io.StringReader) com.venafi.vcert.sdk.connectors.cloud.endpoint(com.venafi.vcert.sdk.connectors.cloud.endpoint) PolicyMatchException(com.venafi.vcert.sdk.connectors.ConnectorException.PolicyMatchException) FeignException(feign.FeignException) IOException(java.io.IOException) VCertException(com.venafi.vcert.sdk.VCertException)

Aggregations

VCertException (com.venafi.vcert.sdk.VCertException)1 KeyStoreUnzipedFilesBytesSizeExceeded (com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreUnzipedFilesBytesSizeExceeded)1 KeyStoreZipEntriesExceeded (com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreZipEntriesExceeded)1 PolicyMatchException (com.venafi.vcert.sdk.connectors.ConnectorException.PolicyMatchException)1 com.venafi.vcert.sdk.connectors.cloud.endpoint (com.venafi.vcert.sdk.connectors.cloud.endpoint)1 FeignException (feign.FeignException)1 IOException (java.io.IOException)1 StringReader (java.io.StringReader)1 PrivateKey (java.security.PrivateKey)1 ZipEntry (java.util.zip.ZipEntry)1 ZipInputStream (java.util.zip.ZipInputStream)1 PEMParser (org.bouncycastle.openssl.PEMParser)1