Example 1 with KeyStoreZipEntriesExceeded
use of com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreZipEntriesExceeded in project vcert-java by Venafi.
the class CloudConnectorUtils method getPEMCollectionFromKeyStoreAsStream.
public static PEMCollection getPEMCollectionFromKeyStoreAsStream(InputStream keyStoreAsInputStream, String certId, ChainOption chainOption, String keyPassword, DataFormat dataFormat) throws VCertException {
String certificateAsPem = null;
String pemFileSuffix = null;
if (chainOption == ChainOption.ChainOptionRootFirst)
pemFileSuffix = "_root-first.pem";
else
pemFileSuffix = "_root-last.pem";
PrivateKey privateKey = null;
try (ZipInputStream zis = new ZipInputStream(keyStoreAsInputStream)) {
// The next constants are in order to be on safe about of the zip bomb attacks
// The expected number of files in the zip returned by the call to
final int MAX_ENTRIES = 10;
// the API "POST /outagedetection/v1/certificates/{id}/keystore"
// 1 MB
final int MAX_UNZIPED_FILES_SIZE = 1000000;
int entriesCount = 0;
int unzipedAcumulatedSize = 0;
ZipEntry zipEntry;
while ((zipEntry = zis.getNextEntry()) != null) {
entriesCount++;
// If the number of entries is major that the expected max number of entries
if (entriesCount > MAX_ENTRIES)
throw new KeyStoreZipEntriesExceeded(certId, MAX_ENTRIES);
String zipEntryContent = readZipEntry(zipEntry, zis, certId);
String fileName = zipEntry.getName();
if (fileName.endsWith(".key")) {
// Getting the PrivateKey in PKCS8 and decrypting it
PEMParser pemParser = new PEMParser(new StringReader(zipEntryContent));
privateKey = PEMCollection.decryptPKCS8PrivateKey(pemParser, keyPassword);
} else {
if (fileName.endsWith(pemFileSuffix)) {
certificateAsPem = zipEntryContent;
}
}
unzipedAcumulatedSize += zipEntryContent.getBytes().length;
// maximum number of bytes.
if (unzipedAcumulatedSize > MAX_UNZIPED_FILES_SIZE)
throw new KeyStoreUnzipedFilesBytesSizeExceeded(certId, MAX_UNZIPED_FILES_SIZE);
}
} catch (Exception e) {
throw new VCertException(e);
}
return PEMCollection.fromStringPEMCollection(certificateAsPem, chainOption, privateKey, keyPassword, dataFormat);
}
Also used :
ZipInputStream(java.util.zip.ZipInputStream)
PrivateKey(java.security.PrivateKey)
PEMParser(org.bouncycastle.openssl.PEMParser)
KeyStoreUnzipedFilesBytesSizeExceeded(com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreUnzipedFilesBytesSizeExceeded)
KeyStoreZipEntriesExceeded(com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreZipEntriesExceeded)
VCertException(com.venafi.vcert.sdk.VCertException)
ZipEntry(java.util.zip.ZipEntry)
StringReader(java.io.StringReader)
com.venafi.vcert.sdk.connectors.cloud.endpoint(com.venafi.vcert.sdk.connectors.cloud.endpoint)
PolicyMatchException(com.venafi.vcert.sdk.connectors.ConnectorException.PolicyMatchException)
FeignException(feign.FeignException)
IOException(java.io.IOException)
VCertException(com.venafi.vcert.sdk.VCertException)
Aggregations
VCertException (com.venafi.vcert.sdk.VCertException)1
KeyStoreUnzipedFilesBytesSizeExceeded (com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreUnzipedFilesBytesSizeExceeded)1
KeyStoreZipEntriesExceeded (com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreZipEntriesExceeded)1
PolicyMatchException (com.venafi.vcert.sdk.connectors.ConnectorException.PolicyMatchException)1
com.venafi.vcert.sdk.connectors.cloud.endpoint (com.venafi.vcert.sdk.connectors.cloud.endpoint)1
FeignException (feign.FeignException)1
IOException (java.io.IOException)1
StringReader (java.io.StringReader)1
PrivateKey (java.security.PrivateKey)1
ZipEntry (java.util.zip.ZipEntry)1
ZipInputStream (java.util.zip.ZipInputStream)1
PEMParser (org.bouncycastle.openssl.PEMParser)1
