public class org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator extends java.lang.Object
{
private static final org.slf4j.Logger logger;
private static final java.lang.String HTTPS;
private static final java.lang.String OCSP_REQUEST_CONTENT_TYPE;
private static final int CONNECT_TIMEOUT;
private static final int READ_TIMEOUT;
private java.net.URI validationAuthorityURI;
private javax.ws.rs.client.Client client;
private java.util.Map trustedCAs;
private com.github.benmanes.caffeine.cache.LoadingCache ocspCache;
public void <init>(org.apache.nifi.util.NiFiProperties)
{
java.security.cert.X509Certificate v;
javax.net.ssl.SSLContext v;
javax.security.auth.x.X500Principal v;
com.github.benmanes.caffeine.cache.CacheLoader v;
org.glassfish.jersey.client.ClientConfig v;
javax.ws.rs.client.Client v, v;
long v;
java.lang.Integer v, v;
java.util.Map v, v;
java.lang.String v, v, v, v, v;
java.net.URI v, v;
boolean v, v;
com.github.benmanes.caffeine.cache.Caffeine v, v;
org.slf4j.Logger v;
com.github.benmanes.caffeine.cache.LoadingCache v;
org.apache.nifi.security.util.TlsConfiguration v;
org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator v;
java.lang.Exception v;
java.util.concurrent.TimeUnit v, v;
org.apache.nifi.util.NiFiProperties v;
v := @this: org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator;
v := @parameter: org.apache.nifi.util.NiFiProperties;
specialinvoke v.<java.lang.Object: void <init>()>();
v = virtualinvoke v.<org.apache.nifi.util.NiFiProperties: java.lang.String getProperty(java.lang.String)>("nifi.security.ocsp.responder.url");
v = staticinvoke <org.apache.commons.lang.StringUtils: boolean isNotBlank(java.lang.CharSequence)>(v);
if v == 0 goto label;
label:
v = staticinvoke <java.net.URI: java.net.URI create(java.lang.String)>(v);
v.<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: java.net.URI validationAuthorityURI> = v;
v = new org.glassfish.jersey.client.ClientConfig;
specialinvoke v.<org.glassfish.jersey.client.ClientConfig: void <init>()>();
v = staticinvoke <java.lang.Integer: java.lang.Integer valueOf(int)>(10000);
virtualinvoke v.<org.glassfish.jersey.client.ClientConfig: org.glassfish.jersey.client.ClientConfig property(java.lang.String,java.lang.Object)>("jersey.config.client.readTimeout", v);
v = staticinvoke <java.lang.Integer: java.lang.Integer valueOf(int)>(10000);
virtualinvoke v.<org.glassfish.jersey.client.ClientConfig: org.glassfish.jersey.client.ClientConfig property(java.lang.String,java.lang.Object)>("jersey.config.client.connectTimeout", v);
v = "https";
v = v.<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: java.net.URI validationAuthorityURI>;
v = virtualinvoke v.<java.net.URI: java.lang.String getScheme()>();
v = virtualinvoke v.<java.lang.String: boolean equalsIgnoreCase(java.lang.String)>(v);
if v == 0 goto label;
v = staticinvoke <org.apache.nifi.security.util.StandardTlsConfiguration: org.apache.nifi.security.util.TlsConfiguration fromNiFiProperties(org.apache.nifi.util.NiFiProperties)>(v);
v = staticinvoke <org.apache.nifi.security.util.SslContextFactory: javax.net.ssl.SSLContext createSslContext(org.apache.nifi.security.util.TlsConfiguration)>(v);
v = staticinvoke <org.apache.nifi.web.util.WebUtils: javax.ws.rs.client.Client createClient(org.glassfish.jersey.client.ClientConfig,javax.net.ssl.SSLContext)>(v, v);
v.<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: javax.ws.rs.client.Client client> = v;
goto label;
label:
v = staticinvoke <org.apache.nifi.web.util.WebUtils: javax.ws.rs.client.Client createClient(org.glassfish.jersey.client.ClientConfig)>(v);
v.<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: javax.ws.rs.client.Client client> = v;
label:
v = specialinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: java.util.Map getTrustedCAs(org.apache.nifi.util.NiFiProperties)>(v);
v.<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: java.util.Map trustedCAs> = v;
v = specialinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: java.security.cert.X509Certificate getOcspCertificate(org.apache.nifi.util.NiFiProperties)>(v);
if v == null goto label;
v = v.<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: java.util.Map trustedCAs>;
v = virtualinvoke v.<java.security.cert.X509Certificate: javax.security.auth.x.X500Principal getSubjectX500Principal()>();
v = virtualinvoke v.<javax.security.auth.x.X500Principal: java.lang.String getName()>();
interfaceinvoke v.<java.util.Map: java.lang.Object put(java.lang.Object,java.lang.Object)>(v, v);
label:
v = <java.util.concurrent.TimeUnit: java.util.concurrent.TimeUnit MILLISECONDS>;
v = staticinvoke <org.apache.nifi.util.FormatUtils: long getTimeDuration(java.lang.String,java.util.concurrent.TimeUnit)>("12 hours", v);
v = staticinvoke <com.github.benmanes.caffeine.cache.Caffeine: com.github.benmanes.caffeine.cache.Caffeine newBuilder()>();
v = <java.util.concurrent.TimeUnit: java.util.concurrent.TimeUnit MILLISECONDS>;
v = virtualinvoke v.<com.github.benmanes.caffeine.cache.Caffeine: com.github.benmanes.caffeine.cache.Caffeine expireAfterWrite(long,java.util.concurrent.TimeUnit)>(v, v);
v = staticinvoke <org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator$lambda_new_0__55: com.github.benmanes.caffeine.cache.CacheLoader bootstrap$(org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator)>(v);
v = virtualinvoke v.<com.github.benmanes.caffeine.cache.Caffeine: com.github.benmanes.caffeine.cache.LoadingCache build(com.github.benmanes.caffeine.cache.CacheLoader)>(v);
v.<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: com.github.benmanes.caffeine.cache.LoadingCache ocspCache> = v;
label:
goto label;
label:
v := @caughtexception;
v = <org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: org.slf4j.Logger logger>;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.Exception)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Disabling OCSP certificate validation. Unable to load OCSP configuration: \u0001");
interfaceinvoke v.<org.slf4j.Logger: void error(java.lang.String,java.lang.Throwable)>(v, v);
v.<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: javax.ws.rs.client.Client client> = null;
label:
return;
catch java.lang.Exception from label to label with label;
}
private java.security.cert.X509Certificate getOcspCertificate(org.apache.nifi.util.NiFiProperties)
{
java.lang.Throwable v;
java.lang.IllegalStateException v;
java.security.cert.CertificateFactory v;
java.io.FileInputStream v;
org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator v;
java.lang.Exception v;
java.security.cert.Certificate v;
org.apache.nifi.util.NiFiProperties v;
java.lang.String v, v;
boolean v;
v := @this: org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator;
v := @parameter: org.apache.nifi.util.NiFiProperties;
v = virtualinvoke v.<org.apache.nifi.util.NiFiProperties: java.lang.String getProperty(java.lang.String)>("nifi.security.ocsp.responder.certificate");
v = staticinvoke <org.apache.commons.lang.StringUtils: boolean isNotBlank(java.lang.CharSequence)>(v);
if v == 0 goto label;
label:
v = new java.io.FileInputStream;
specialinvoke v.<java.io.FileInputStream: void <init>(java.lang.String)>(v);
label:
v = staticinvoke <java.security.cert.CertificateFactory: java.security.cert.CertificateFactory getInstance(java.lang.String)>("X.509");
v = virtualinvoke v.<java.security.cert.CertificateFactory: java.security.cert.Certificate generateCertificate(java.io.InputStream)>(v);
label:
virtualinvoke v.<java.io.FileInputStream: void close()>();
goto label;
label:
v := @caughtexception;
throw v;
label:
v := @caughtexception;
v = new java.lang.IllegalStateException;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.Exception)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Unable to load the validation authority certificate: \u0001");
specialinvoke v.<java.lang.IllegalStateException: void <init>(java.lang.String)>(v);
throw v;
label:
return v;
catch java.lang.Throwable from label to label with label;
catch java.lang.Exception from label to label with label;
}
private java.util.Map getTrustedCAs(org.apache.nifi.util.NiFiProperties)
{
java.lang.Throwable v;
java.security.cert.X509Certificate v;
java.lang.IllegalStateException v;
javax.security.auth.x.X500Principal v;
javax.net.ssl.TrustManager v;
java.util.HashMap v;
int v, v, v, v;
java.lang.String v, v, v, v, v, v;
boolean v;
javax.net.ssl.TrustManagerFactory v;
java.security.KeyStore v;
java.io.FileInputStream v;
java.lang.IllegalArgumentException v;
org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator v;
java.lang.Exception v;
org.apache.nifi.util.NiFiProperties v;
javax.net.ssl.TrustManager[] v;
char[] v;
java.security.cert.X509Certificate[] v;
v := @this: org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator;
v := @parameter: org.apache.nifi.util.NiFiProperties;
v = new java.util.HashMap;
specialinvoke v.<java.util.HashMap: void <init>()>();
v = virtualinvoke v.<org.apache.nifi.util.NiFiProperties: java.lang.String getProperty(java.lang.String)>("nifi.security.truststore");
if v != null goto label;
v = new java.lang.IllegalArgumentException;
specialinvoke v.<java.lang.IllegalArgumentException: void <init>(java.lang.String)>("The truststore path is required.");
throw v;
label:
v = virtualinvoke v.<org.apache.nifi.util.NiFiProperties: java.lang.String getProperty(java.lang.String)>("nifi.security.truststorePasswd");
if v != null goto label;
v = newarray (char)[0];
goto label;
label:
v = virtualinvoke v.<java.lang.String: char[] toCharArray()>();
label:
v = new java.io.FileInputStream;
specialinvoke v.<java.io.FileInputStream: void <init>(java.lang.String)>(v);
label:
v = staticinvoke <java.security.KeyStore: java.lang.String getDefaultType()>();
v = staticinvoke <org.apache.nifi.security.util.KeyStoreUtils: java.security.KeyStore getKeyStore(java.lang.String)>(v);
virtualinvoke v.<java.security.KeyStore: void load(java.io.InputStream,char[])>(v, v);
v = staticinvoke <javax.net.ssl.TrustManagerFactory: java.lang.String getDefaultAlgorithm()>();
v = staticinvoke <javax.net.ssl.TrustManagerFactory: javax.net.ssl.TrustManagerFactory getInstance(java.lang.String)>(v);
virtualinvoke v.<javax.net.ssl.TrustManagerFactory: void init(java.security.KeyStore)>(v);
v = virtualinvoke v.<javax.net.ssl.TrustManagerFactory: javax.net.ssl.TrustManager[] getTrustManagers()>();
v = lengthof v;
v = 0;
label:
if v >= v goto label;
v = v[v];
v = v instanceof javax.net.ssl.X509TrustManager;
if v == 0 goto label;
v = interfaceinvoke v.<javax.net.ssl.X509TrustManager: java.security.cert.X509Certificate[] getAcceptedIssuers()>();
v = lengthof v;
v = 0;
label:
if v >= v goto label;
v = v[v];
v = virtualinvoke v.<java.security.cert.X509Certificate: javax.security.auth.x.X500Principal getSubjectX500Principal()>();
v = virtualinvoke v.<javax.security.auth.x.X500Principal: java.lang.String getName()>();
interfaceinvoke v.<java.util.Map: java.lang.Object put(java.lang.Object,java.lang.Object)>(v, v);
v = v + 1;
goto label;
label:
v = v + 1;
goto label;
label:
virtualinvoke v.<java.io.FileInputStream: void close()>();
goto label;
label:
v := @caughtexception;
throw v;
label:
v := @caughtexception;
v = new java.lang.IllegalStateException;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.Exception)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Unable to load the configured truststore: \u0001");
specialinvoke v.<java.lang.IllegalStateException: void <init>(java.lang.String)>(v);
throw v;
label:
return v;
catch java.lang.Throwable from label to label with label;
catch java.lang.Exception from label to label with label;
}
public void validate(java.security.cert.X509Certificate[]) throws org.apache.nifi.web.security.x.ocsp.CertificateStatusException
{
java.security.cert.X509Certificate v, v;
java.lang.Object[] v, v;
javax.security.auth.x.X500Principal v, v, v;
javax.ws.rs.client.Client v;
int v;
java.lang.String v, v, v, v, v;
org.apache.nifi.web.security.x.ocsp.CertificateStatusException v;
boolean v, v;
com.github.benmanes.caffeine.cache.LoadingCache v;
org.apache.nifi.web.security.x.ocsp.OcspStatus$ValidationStatus v, v;
java.lang.IllegalArgumentException v;
org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator v;
org.apache.nifi.web.security.x.ocsp.OcspRequest v;
java.lang.Object v;
java.security.cert.X509Certificate[] v;
org.apache.nifi.web.security.x.ocsp.OcspStatus$VerificationStatus v, v;
v := @this: org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator;
v := @parameter: java.security.cert.X509Certificate[];
v = v.<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: javax.ws.rs.client.Client client>;
if v == null goto label;
if v == null goto label;
v = lengthof v;
if v <= 0 goto label;
v = specialinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: java.security.cert.X509Certificate getSubjectCertificate(java.security.cert.X509Certificate[])>(v);
v = specialinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: java.security.cert.X509Certificate getIssuerCertificate(java.security.cert.X509Certificate[])>(v);
if v != null goto label;
v = new java.lang.IllegalArgumentException;
v = newarray (java.lang.Object)[2];
v = virtualinvoke v.<java.security.cert.X509Certificate: javax.security.auth.x.X500Principal getIssuerX500Principal()>();
v = virtualinvoke v.<javax.security.auth.x.X500Principal: java.lang.String getName()>();
v[0] = v;
v = virtualinvoke v.<java.security.cert.X509Certificate: javax.security.auth.x.X500Principal getSubjectX500Principal()>();
v = virtualinvoke v.<javax.security.auth.x.X500Principal: java.lang.String getName()>();
v[1] = v;
v = staticinvoke <java.lang.String: java.lang.String format(java.lang.String,java.lang.Object[])>("Unable to obtain certificate of issuer <%s> for the specified subject certificate <%s>.", v);
specialinvoke v.<java.lang.IllegalArgumentException: void <init>(java.lang.String)>(v);
throw v;
label:
v = new org.apache.nifi.web.security.x.ocsp.OcspRequest;
specialinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspRequest: void <init>(java.security.cert.X509Certificate,java.security.cert.X509Certificate)>(v, v);
v = v.<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: com.github.benmanes.caffeine.cache.LoadingCache ocspCache>;
v = interfaceinvoke v.<com.github.benmanes.caffeine.cache.LoadingCache: java.lang.Object get(java.lang.Object)>(v);
v = <org.apache.nifi.web.security.x.ocsp.OcspStatus$VerificationStatus: org.apache.nifi.web.security.x.ocsp.OcspStatus$VerificationStatus Verified>;
v = virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspStatus: org.apache.nifi.web.security.x.ocsp.OcspStatus$VerificationStatus getVerificationStatus()>();
v = virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspStatus$VerificationStatus: boolean equals(java.lang.Object)>(v);
if v == 0 goto label;
v = <org.apache.nifi.web.security.x.ocsp.OcspStatus$ValidationStatus: org.apache.nifi.web.security.x.ocsp.OcspStatus$ValidationStatus Revoked>;
v = virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspStatus: org.apache.nifi.web.security.x.ocsp.OcspStatus$ValidationStatus getValidationStatus()>();
v = virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspStatus$ValidationStatus: boolean equals(java.lang.Object)>(v);
if v == 0 goto label;
v = new org.apache.nifi.web.security.x.ocsp.CertificateStatusException;
v = newarray (java.lang.Object)[1];
v = virtualinvoke v.<java.security.cert.X509Certificate: javax.security.auth.x.X500Principal getSubjectX500Principal()>();
v = virtualinvoke v.<javax.security.auth.x.X500Principal: java.lang.String getName()>();
v[0] = v;
v = staticinvoke <java.lang.String: java.lang.String format(java.lang.String,java.lang.Object[])>("Client certificate for <%s> is revoked according to the certificate authority.", v);
specialinvoke v.<org.apache.nifi.web.security.x.ocsp.CertificateStatusException: void <init>(java.lang.String)>(v);
throw v;
label:
return;
}
private java.security.cert.X509Certificate getSubjectCertificate(java.security.cert.X509Certificate[])
{
java.security.cert.X509Certificate v;
java.security.cert.X509Certificate[] v;
org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator v;
v := @this: org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator;
v := @parameter: java.security.cert.X509Certificate[];
v = v[0];
return v;
}
private java.security.cert.X509Certificate getIssuerCertificate(java.security.cert.X509Certificate[])
{
java.security.cert.X509Certificate v, v;
javax.security.auth.x.X500Principal v;
org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator v;
java.util.Map v;
int v, v;
java.lang.Object v;
java.lang.String v;
java.security.cert.X509Certificate[] v;
v := @this: org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator;
v := @parameter: java.security.cert.X509Certificate[];
v = lengthof v;
if v <= 1 goto label;
v = v[1];
return v;
label:
v = lengthof v;
if v != 1 goto label;
v = specialinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: java.security.cert.X509Certificate getSubjectCertificate(java.security.cert.X509Certificate[])>(v);
v = virtualinvoke v.<java.security.cert.X509Certificate: javax.security.auth.x.X500Principal getIssuerX500Principal()>();
v = v.<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: java.util.Map trustedCAs>;
v = virtualinvoke v.<javax.security.auth.x.X500Principal: java.lang.String getName()>();
v = interfaceinvoke v.<java.util.Map: java.lang.Object get(java.lang.Object)>(v);
return v;
label:
return null;
}
private org.apache.nifi.web.security.x.ocsp.OcspStatus getOcspStatus(org.apache.nifi.web.security.x.ocsp.OcspRequest)
{
byte[] v, v;
java.lang.Integer v, v;
javax.ws.rs.core.Response$Status v;
java.math.BigInteger v, v, v;
org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus v, v, v, v, v, v, v, v;
org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator v;
org.apache.nifi.web.security.x.ocsp.OcspStatus$VerificationStatus v, v, v, v;
java.lang.Throwable v;
org.bouncycastle.cert.X509CertificateHolder v, v;
java.lang.Object[] v, v, v, v;
long v;
org.bouncycastle.cert.ocsp.SingleResp v;
org.bouncycastle.operator.ContentVerifierProvider v;
org.bouncycastle.cert.ocsp.CertificateID v, v;
java.lang.String v, v, v, v, v, v;
org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder v, v;
org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder v, v;
org.bouncycastle.cert.ocsp.OCSPResp v;
org.apache.nifi.web.security.x.ocsp.OcspStatus$ValidationStatus v, v, v, v;
org.bouncycastle.asn.x.Extensions v;
org.bouncycastle.asn.x.AlgorithmIdentifier v;
java.security.cert.X509Certificate v, v, v;
org.bouncycastle.asn.x.Extension v;
org.bouncycastle.cert.ocsp.OCSPReq v;
org.bouncycastle.asn.ASN1ObjectIdentifier v;
boolean v, v, v, v;
org.bouncycastle.cert.ocsp.OCSPReqBuilder v;
javax.ws.rs.core.Response$StatusType v;
javax.ws.rs.core.Response v;
org.apache.nifi.web.security.x.ocsp.OcspStatus v;
org.bouncycastle.asn.DEROctetString v;
int v, v, v, v, v, v, v, v, v;
org.bouncycastle.cert.ocsp.SingleResp[] v;
org.slf4j.Logger v, v, v, v, v;
org.bouncycastle.cert.ocsp.CertificateStatus v, v;
org.bouncycastle.operator.DigestCalculator v;
java.security.PublicKey v;
java.security.cert.CertificateException v;
org.bouncycastle.cert.X509CertificateHolder[] v;
org.apache.nifi.web.security.x.ocsp.OcspRequest v;
org.bouncycastle.asn.x.Extension[] v;
org.bouncycastle.operator.DigestCalculatorProvider v;
java.lang.Object v, v, v;
v := @this: org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator;
v := @parameter: org.apache.nifi.web.security.x.ocsp.OcspRequest;
v = virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspRequest: java.security.cert.X509Certificate getSubjectCertificate()>();
v = virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspRequest: java.security.cert.X509Certificate getIssuerCertificate()>();
v = new org.apache.nifi.web.security.x.ocsp.OcspStatus;
specialinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspStatus: void <init>()>();
v = <org.apache.nifi.web.security.x.ocsp.OcspStatus$VerificationStatus: org.apache.nifi.web.security.x.ocsp.OcspStatus$VerificationStatus Unknown>;
virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspStatus: void setVerificationStatus(org.apache.nifi.web.security.x.ocsp.OcspStatus$VerificationStatus)>(v);
v = <org.apache.nifi.web.security.x.ocsp.OcspStatus$ValidationStatus: org.apache.nifi.web.security.x.ocsp.OcspStatus$ValidationStatus Unknown>;
virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspStatus: void setValidationStatus(org.apache.nifi.web.security.x.ocsp.OcspStatus$ValidationStatus)>(v);
label:
v = virtualinvoke v.<java.security.cert.X509Certificate: java.math.BigInteger getSerialNumber()>();
v = new org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
specialinvoke v.<org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder: void <init>()>();
v = virtualinvoke v.<org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder: org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder setProvider(java.lang.String)>("BC");
v = virtualinvoke v.<org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder: org.bouncycastle.operator.DigestCalculatorProvider build()>();
v = new org.bouncycastle.cert.ocsp.CertificateID;
v = <org.bouncycastle.cert.ocsp.CertificateID: org.bouncycastle.asn.x.AlgorithmIdentifier HASH_SHA1>;
v = interfaceinvoke v.<org.bouncycastle.operator.DigestCalculatorProvider: org.bouncycastle.operator.DigestCalculator get(org.bouncycastle.asn.x.AlgorithmIdentifier)>(v);
v = new org.bouncycastle.cert.X509CertificateHolder;
v = virtualinvoke v.<java.security.cert.X509Certificate: byte[] getEncoded()>();
specialinvoke v.<org.bouncycastle.cert.X509CertificateHolder: void <init>(byte[])>(v);
specialinvoke v.<org.bouncycastle.cert.ocsp.CertificateID: void <init>(org.bouncycastle.operator.DigestCalculator,org.bouncycastle.cert.X509CertificateHolder,java.math.BigInteger)>(v, v, v);
v = new org.bouncycastle.cert.ocsp.OCSPReqBuilder;
specialinvoke v.<org.bouncycastle.cert.ocsp.OCSPReqBuilder: void <init>()>();
virtualinvoke v.<org.bouncycastle.cert.ocsp.OCSPReqBuilder: org.bouncycastle.cert.ocsp.OCSPReqBuilder addRequest(org.bouncycastle.cert.ocsp.CertificateID)>(v);
v = staticinvoke <java.lang.System: long currentTimeMillis()>();
v = staticinvoke <java.math.BigInteger: java.math.BigInteger valueOf(long)>(v);
v = new org.bouncycastle.asn.x.Extension;
v = <org.bouncycastle.asn.ocsp.OCSPObjectIdentifiers: org.bouncycastle.asn.ASN1ObjectIdentifier id_pkix_ocsp_nonce>;
v = new org.bouncycastle.asn.DEROctetString;
v = virtualinvoke v.<java.math.BigInteger: byte[] toByteArray()>();
specialinvoke v.<org.bouncycastle.asn.DEROctetString: void <init>(byte[])>(v);
specialinvoke v.<org.bouncycastle.asn.x.Extension: void <init>(org.bouncycastle.asn.ASN1ObjectIdentifier,boolean,org.bouncycastle.asn.ASN1OctetString)>(v, 1, v);
v = new org.bouncycastle.asn.x.Extensions;
v = newarray (org.bouncycastle.asn.x.Extension)[1];
v[0] = v;
specialinvoke v.<org.bouncycastle.asn.x.Extensions: void <init>(org.bouncycastle.asn.x.Extension[])>(v);
virtualinvoke v.<org.bouncycastle.cert.ocsp.OCSPReqBuilder: org.bouncycastle.cert.ocsp.OCSPReqBuilder setRequestExtensions(org.bouncycastle.asn.x.Extensions)>(v);
v = virtualinvoke v.<org.bouncycastle.cert.ocsp.OCSPReqBuilder: org.bouncycastle.cert.ocsp.OCSPReq build()>();
v = specialinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: javax.ws.rs.core.Response getClientResponse(org.bouncycastle.cert.ocsp.OCSPReq)>(v);
v = <javax.ws.rs.core.Response$Status: javax.ws.rs.core.Response$Status OK>;
v = virtualinvoke v.<javax.ws.rs.core.Response$Status: int getStatusCode()>();
v = virtualinvoke v.<javax.ws.rs.core.Response: javax.ws.rs.core.Response$StatusType getStatusInfo()>();
v = interfaceinvoke v.<javax.ws.rs.core.Response$StatusType: int getStatusCode()>();
if v == v goto label;
v = <org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: org.slf4j.Logger logger>;
v = newarray (java.lang.Object)[1];
v = virtualinvoke v.<javax.ws.rs.core.Response: int getStatus()>();
v = staticinvoke <java.lang.Integer: java.lang.Integer valueOf(int)>(v);
v[0] = v;
v = staticinvoke <java.lang.String: java.lang.String format(java.lang.String,java.lang.Object[])>("OCSP request was unsuccessful (%s).", v);
interfaceinvoke v.<org.slf4j.Logger: void warn(java.lang.String)>(v);
label:
return v;
label:
v = new org.bouncycastle.cert.ocsp.OCSPResp;
v = virtualinvoke v.<javax.ws.rs.core.Response: java.lang.Object readEntity(java.lang.Class)>(class "Ljava/io/InputStream;");
specialinvoke v.<org.bouncycastle.cert.ocsp.OCSPResp: void <init>(java.io.InputStream)>(v);
v = virtualinvoke v.<org.bouncycastle.cert.ocsp.OCSPResp: int getStatus()>();
tableswitch(v)
{
case 0: goto label;
case 1: goto label;
case 2: goto label;
case 3: goto label;
case 4: goto label;
case 5: goto label;
case 6: goto label;
default: goto label;
};
label:
v = <org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus: org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus Successful>;
virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspStatus: void setResponseStatus(org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus)>(v);
goto label;
label:
v = <org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus: org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus InternalError>;
virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspStatus: void setResponseStatus(org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus)>(v);
goto label;
label:
v = <org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus: org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus MalformedRequest>;
virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspStatus: void setResponseStatus(org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus)>(v);
goto label;
label:
v = <org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus: org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus SignatureRequired>;
virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspStatus: void setResponseStatus(org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus)>(v);
goto label;
label:
v = <org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus: org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus TryLater>;
virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspStatus: void setResponseStatus(org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus)>(v);
goto label;
label:
v = <org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus: org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus Unauthorized>;
virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspStatus: void setResponseStatus(org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus)>(v);
goto label;
label:
v = <org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus: org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus Unknown>;
virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspStatus: void setResponseStatus(org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus)>(v);
label:
v = virtualinvoke v.<org.bouncycastle.cert.ocsp.OCSPResp: int getStatus()>();
if v == 0 goto label;
v = <org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: org.slf4j.Logger logger>;
v = newarray (java.lang.Object)[1];
v = virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspStatus: org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus getResponseStatus()>();
v = virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspStatus$ResponseStatus: java.lang.String toString()>();
v[0] = v;
v = staticinvoke <java.lang.String: java.lang.String format(java.lang.String,java.lang.Object[])>("OCSP request was unsuccessful (%s).", v);
interfaceinvoke v.<org.slf4j.Logger: void warn(java.lang.String)>(v);
label:
return v;
label:
v = virtualinvoke v.<org.bouncycastle.cert.ocsp.OCSPResp: java.lang.Object getResponseObject()>();
v = v instanceof org.bouncycastle.cert.ocsp.BasicOCSPResp;
if v != 0 goto label;
v = <org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: org.slf4j.Logger logger>;
v = newarray (java.lang.Object)[1];
v[0] = v;
v = staticinvoke <java.lang.String: java.lang.String format(java.lang.String,java.lang.Object[])>("Unexpected OCSP response object: %s", v);
interfaceinvoke v.<org.slf4j.Logger: void warn(java.lang.String)>(v);
label:
return v;
label:
v = virtualinvoke v.<org.bouncycastle.cert.ocsp.OCSPResp: java.lang.Object getResponseObject()>();
v = virtualinvoke v.<org.bouncycastle.cert.ocsp.BasicOCSPResp: org.bouncycastle.cert.X509CertificateHolder[] getCerts()>();
v = lengthof v;
if v == 1 goto label;
v = <org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: org.slf4j.Logger logger>;
v = newarray (java.lang.Object)[1];
v = lengthof v;
v = staticinvoke <java.lang.Integer: java.lang.Integer valueOf(int)>(v);
v[0] = v;
v = staticinvoke <java.lang.String: java.lang.String format(java.lang.String,java.lang.Object[])>("Unexpected number of OCSP responder certificates: %s", v);
interfaceinvoke v.<org.slf4j.Logger: void warn(java.lang.String)>(v);
label:
return v;
label:
v = v[0];
v = specialinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: java.security.cert.X509Certificate getTrustedResponderCertificate(org.bouncycastle.cert.X509CertificateHolder,java.security.cert.X509Certificate)>(v, v);
if v == null goto label;
v = new org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
specialinvoke v.<org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder: void <init>()>();
v = virtualinvoke v.<org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder: org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder setProvider(java.lang.String)>("BC");
v = virtualinvoke v.<java.security.cert.X509Certificate: java.security.PublicKey getPublicKey()>();
v = virtualinvoke v.<org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder: org.bouncycastle.operator.ContentVerifierProvider build(java.security.PublicKey)>(v);
v = virtualinvoke v.<org.bouncycastle.cert.ocsp.BasicOCSPResp: boolean isSignatureValid(org.bouncycastle.operator.ContentVerifierProvider)>(v);
if v == 0 goto label;
v = <org.apache.nifi.web.security.x.ocsp.OcspStatus$VerificationStatus: org.apache.nifi.web.security.x.ocsp.OcspStatus$VerificationStatus Verified>;
virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspStatus: void setVerificationStatus(org.apache.nifi.web.security.x.ocsp.OcspStatus$VerificationStatus)>(v);
goto label;
label:
v = <org.apache.nifi.web.security.x.ocsp.OcspStatus$VerificationStatus: org.apache.nifi.web.security.x.ocsp.OcspStatus$VerificationStatus Unverified>;
virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspStatus: void setVerificationStatus(org.apache.nifi.web.security.x.ocsp.OcspStatus$VerificationStatus)>(v);
goto label;
label:
v = <org.apache.nifi.web.security.x.ocsp.OcspStatus$VerificationStatus: org.apache.nifi.web.security.x.ocsp.OcspStatus$VerificationStatus Unverified>;
virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspStatus: void setVerificationStatus(org.apache.nifi.web.security.x.ocsp.OcspStatus$VerificationStatus)>(v);
label:
v = virtualinvoke v.<org.bouncycastle.cert.ocsp.BasicOCSPResp: org.bouncycastle.cert.ocsp.SingleResp[] getResponses()>();
v = lengthof v;
v = 0;
label:
if v >= v goto label;
v = v[v];
v = virtualinvoke v.<org.bouncycastle.cert.ocsp.SingleResp: org.bouncycastle.cert.ocsp.CertificateID getCertID()>();
v = virtualinvoke v.<org.bouncycastle.cert.ocsp.CertificateID: java.math.BigInteger getSerialNumber()>();
v = virtualinvoke v.<java.math.BigInteger: boolean equals(java.lang.Object)>(v);
if v == 0 goto label;
v = virtualinvoke v.<org.bouncycastle.cert.ocsp.SingleResp: org.bouncycastle.cert.ocsp.CertificateStatus getCertStatus()>();
v = <org.bouncycastle.cert.ocsp.CertificateStatus: org.bouncycastle.cert.ocsp.CertificateStatus GOOD>;
if v != v goto label;
v = <org.apache.nifi.web.security.x.ocsp.OcspStatus$ValidationStatus: org.apache.nifi.web.security.x.ocsp.OcspStatus$ValidationStatus Good>;
virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspStatus: void setValidationStatus(org.apache.nifi.web.security.x.ocsp.OcspStatus$ValidationStatus)>(v);
goto label;
label:
v = v instanceof org.bouncycastle.cert.ocsp.RevokedStatus;
if v == 0 goto label;
v = <org.apache.nifi.web.security.x.ocsp.OcspStatus$ValidationStatus: org.apache.nifi.web.security.x.ocsp.OcspStatus$ValidationStatus Revoked>;
virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspStatus: void setValidationStatus(org.apache.nifi.web.security.x.ocsp.OcspStatus$ValidationStatus)>(v);
goto label;
label:
v = <org.apache.nifi.web.security.x.ocsp.OcspStatus$ValidationStatus: org.apache.nifi.web.security.x.ocsp.OcspStatus$ValidationStatus Unknown>;
virtualinvoke v.<org.apache.nifi.web.security.x.ocsp.OcspStatus: void setValidationStatus(org.apache.nifi.web.security.x.ocsp.OcspStatus$ValidationStatus)>(v);
label:
v = v + 1;
goto label;
label:
v := @caughtexception;
v = <org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: org.slf4j.Logger logger>;
v = virtualinvoke v.<java.lang.Exception: java.lang.String getMessage()>();
interfaceinvoke v.<org.slf4j.Logger: void error(java.lang.String,java.lang.Throwable)>(v, v);
goto label;
label:
v := @caughtexception;
virtualinvoke v.<java.security.cert.CertificateException: void printStackTrace()>();
label:
return v;
catch org.bouncycastle.cert.ocsp.OCSPException from label to label with label;
catch java.io.IOException from label to label with label;
catch javax.ws.rs.ProcessingException from label to label with label;
catch org.bouncycastle.operator.OperatorCreationException from label to label with label;
catch org.bouncycastle.cert.ocsp.OCSPException from label to label with label;
catch java.io.IOException from label to label with label;
catch javax.ws.rs.ProcessingException from label to label with label;
catch org.bouncycastle.operator.OperatorCreationException from label to label with label;
catch org.bouncycastle.cert.ocsp.OCSPException from label to label with label;
catch java.io.IOException from label to label with label;
catch javax.ws.rs.ProcessingException from label to label with label;
catch org.bouncycastle.operator.OperatorCreationException from label to label with label;
catch org.bouncycastle.cert.ocsp.OCSPException from label to label with label;
catch java.io.IOException from label to label with label;
catch javax.ws.rs.ProcessingException from label to label with label;
catch org.bouncycastle.operator.OperatorCreationException from label to label with label;
catch org.bouncycastle.cert.ocsp.OCSPException from label to label with label;
catch java.io.IOException from label to label with label;
catch javax.ws.rs.ProcessingException from label to label with label;
catch org.bouncycastle.operator.OperatorCreationException from label to label with label;
catch java.security.cert.CertificateException from label to label with label;
catch java.security.cert.CertificateException from label to label with label;
catch java.security.cert.CertificateException from label to label with label;
catch java.security.cert.CertificateException from label to label with label;
catch java.security.cert.CertificateException from label to label with label;
}
private javax.ws.rs.core.Response getClientResponse(org.bouncycastle.cert.ocsp.OCSPReq) throws java.io.IOException
{
byte[] v;
javax.ws.rs.client.Client v;
javax.ws.rs.client.Entity v;
org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator v;
javax.ws.rs.core.Response v;
org.bouncycastle.cert.ocsp.OCSPReq v;
javax.ws.rs.client.Invocation$Builder v;
java.net.URI v;
javax.ws.rs.client.WebTarget v;
v := @this: org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator;
v := @parameter: org.bouncycastle.cert.ocsp.OCSPReq;
v = v.<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: javax.ws.rs.client.Client client>;
v = v.<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: java.net.URI validationAuthorityURI>;
v = interfaceinvoke v.<javax.ws.rs.client.Client: javax.ws.rs.client.WebTarget target(java.net.URI)>(v);
v = interfaceinvoke v.<javax.ws.rs.client.WebTarget: javax.ws.rs.client.Invocation$Builder request()>();
v = virtualinvoke v.<org.bouncycastle.cert.ocsp.OCSPReq: byte[] getEncoded()>();
v = staticinvoke <javax.ws.rs.client.Entity: javax.ws.rs.client.Entity entity(java.lang.Object,java.lang.String)>(v, "application/ocsp-request");
v = interfaceinvoke v.<javax.ws.rs.client.Invocation$Builder: javax.ws.rs.core.Response post(javax.ws.rs.client.Entity)>(v);
return v;
}
private java.security.cert.X509Certificate getTrustedResponderCertificate(org.bouncycastle.cert.X509CertificateHolder, java.security.cert.X509Certificate) throws java.security.cert.CertificateException
{
java.security.cert.X509Certificate v, v;
org.bouncycastle.cert.X509CertificateHolder v;
javax.security.auth.x.X500Principal v, v, v;
org.bouncycastle.cert.jcajce.JcaX509CertificateConverter v, v;
org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator v;
java.util.Map v, v;
java.lang.Object v;
java.lang.String v;
boolean v, v;
v := @this: org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator;
v := @parameter: org.bouncycastle.cert.X509CertificateHolder;
v := @parameter: java.security.cert.X509Certificate;
v = new org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
specialinvoke v.<org.bouncycastle.cert.jcajce.JcaX509CertificateConverter: void <init>()>();
v = virtualinvoke v.<org.bouncycastle.cert.jcajce.JcaX509CertificateConverter: org.bouncycastle.cert.jcajce.JcaX509CertificateConverter setProvider(java.lang.String)>("BC");
v = virtualinvoke v.<org.bouncycastle.cert.jcajce.JcaX509CertificateConverter: java.security.cert.X509Certificate getCertificate(org.bouncycastle.cert.X509CertificateHolder)>(v);
v = virtualinvoke v.<java.security.cert.X509Certificate: javax.security.auth.x.X500Principal getSubjectX500Principal()>();
v = virtualinvoke v.<javax.security.auth.x.X500Principal: java.lang.String getName()>();
v = v.<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: java.util.Map trustedCAs>;
v = interfaceinvoke v.<java.util.Map: boolean containsKey(java.lang.Object)>(v);
if v == 0 goto label;
v = v.<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: java.util.Map trustedCAs>;
v = interfaceinvoke v.<java.util.Map: java.lang.Object get(java.lang.Object)>(v);
return v;
label:
v = virtualinvoke v.<java.security.cert.X509Certificate: javax.security.auth.x.X500Principal getSubjectX500Principal()>();
v = virtualinvoke v.<java.security.cert.X509Certificate: javax.security.auth.x.X500Principal getIssuerX500Principal()>();
v = virtualinvoke v.<javax.security.auth.x.X500Principal: boolean equals(java.lang.Object)>(v);
if v == 0 goto label;
return null;
label:
return null;
}
static void <clinit>()
{
org.slf4j.Logger v;
v = staticinvoke <org.slf4j.LoggerFactory: org.slf4j.Logger getLogger(java.lang.Class)>(class "Lorg/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator;");
<org.apache.nifi.web.security.x.ocsp.OcspCertificateValidator: org.slf4j.Logger logger> = v;
return;
}
}