下面列出了怎么用javax.annotation.Tainted的API类实例代码及写法,或者点击链接到github查看源代码。
public Position toPosition(@Tainted final int index)
{
if (index < 0)
throw new IllegalStateException();
final Range<Integer> range;
// Edge case: unfortunately, we can get an illegal index
if (index >= len) {
range = lines.get(nrLines - 1);
return new Position(nrLines, len - range.lowerEndpoint() + 1);
}
final int lineNr = binarySearch(index);
range = lines.get(lineNr);
return new Position(lineNr + 1, index - range.lowerEndpoint() + 1);
}
/**
* Check that {@code cert} is signed by the {@code ca} and not revoked.
*
* <p>Support for certificate chains has not been implemented.
*
* @throws GeneralSecurityException for unsupported protocols, certs not signed by the TMCH,
* parsing errors, encoding errors, if the CRL is expired, or if the CRL is older than the
* one currently in memory.
*/
public static void verifyCertificate(
X509Certificate rootCert, X509CRL crl, @Tainted X509Certificate cert, Date now)
throws GeneralSecurityException {
cert.checkValidity(checkNotNull(now, "now"));
cert.verify(rootCert.getPublicKey());
if (crl.isRevoked(cert)) {
X509CRLEntry entry = crl.getRevokedCertificate(cert);
throw new CertificateRevokedException(
checkNotNull(entry.getRevocationDate(), "revocationDate"),
Optional.ofNullable(entry.getRevocationReason()).orElse(CRLReason.UNSPECIFIED),
firstNonNull(entry.getCertificateIssuer(), crl.getIssuerX500Principal()),
ImmutableMap.of());
}
}
/**
* Checks if an X.509 CRL you downloaded can safely replace your current CRL.
*
* <p>This routine makes sure {@code newCrl} is signed by {@code rootCert} and that its timestamps
* are correct with respect to {@code now}.
*
* @throws GeneralSecurityException for unsupported protocols, certs not signed by the TMCH,
* incorrect keys, and for invalid, old, not-yet-valid or revoked certificates.
*/
public static void verifyCrl(
X509Certificate rootCert, X509CRL oldCrl, @Tainted X509CRL newCrl, Date now)
throws GeneralSecurityException {
if (newCrl.getThisUpdate().before(oldCrl.getThisUpdate())) {
throw new CRLException(String.format(
"New CRL is more out of date than our current CRL. %s < %s\n%s",
newCrl.getThisUpdate(), oldCrl.getThisUpdate(), newCrl));
}
if (newCrl.getNextUpdate().before(now)) {
throw new CRLException("CRL has expired.\n" + newCrl);
}
newCrl.verify(rootCert.getPublicKey());
}
/**
* Extracts a {@link PGPSignature} object from a blob of {@code .sig} data.
*
* @throws SignatureException if a signature object couldn't be extracted for any reason.
*/
private static PGPSignature pgpExtractSignature(@Tainted byte[] signature)
throws SignatureException {
try {
ByteArrayInputStream input = new ByteArrayInputStream(signature);
PGPObjectFactory decoder = new BcPGPObjectFactory(PGPUtil.getDecoderStream(input));
Object object = decoder.nextObject();
if (object == null) {
throw new SignatureException(String.format(
"No OpenPGP packets found in signature.\n%s",
dumpHex(signature)));
}
if (!(object instanceof PGPSignatureList)) {
throw new SignatureException(String.format(
"Expected PGPSignatureList packet but got %s\n%s",
object.getClass().getSimpleName(),
dumpHex(signature)));
}
PGPSignatureList sigs = (PGPSignatureList) object;
if (sigs.isEmpty()) {
throw new SignatureException(String.format(
"PGPSignatureList doesn't have a PGPSignature.\n%s",
dumpHex(signature)));
}
return sigs.get(0);
} catch (IOException e) {
throw new SignatureException(String.format(
"Failed to extract PGPSignature object from .sig blob.\n%s",
dumpHex(signature)), e);
}
}
/**
* Convert and validate a raw user-supplied value.
*
* @throws FormFieldException if value does not meet expected contracts.
*/
@Detainted
public Optional<O> convert(@Tainted @Nullable I value) {
try {
return Optional.ofNullable(converter.apply(value));
} catch (FormFieldException e) {
throw e.propagate(name);
}
}
/**
* Convert and validate a raw user-supplied value from an untyped JSON map.
*
* @throws FormFieldException if value is wrong type or does not meet expected contracts.
*/
@Detainted
public Optional<O> extractUntyped(@Tainted Map<String, ?> jsonMap) {
Object value = jsonMap.get(name);
I castedValue;
try {
castedValue = typeIn.cast(value);
} catch (ClassCastException e) {
throw new FormFieldException(String.format("Type error: got: %s, expected: %s",
value.getClass().getSimpleName(),
typeIn.getSimpleName())).propagate(name);
}
return convert(castedValue);
}
@ExpectWarning("TQ")
public void needsUntaintedParam(@Tainted Object tainted, InterfaceWithDefaultUntaintedParams obj) {
// Should see a warning here
obj.requiresUntaintedParam(tainted);
}
public @Tainted
Object f() {
return new Object();
}
@NoWarning("TQ")
void correctDoNotReport(@Tainted Object b) {
Object x = sanitize(b);
requiresUntainted(x);
}
@ExpectWarning("TQ")
void violationReport(@Tainted Object a) {
Object y = a;
requiresUntainted(y);
}
public Range<Integer> getLineRange(@Tainted final int lineNr)
{
// Edge case: unfortunately, we can get an illegal line number
return lines.get(Math.min(lineNr, nrLines) - 1);
}
/**
* Convert and validate a raw user-supplied value from a map.
*
* <p>This is the same as saying: {@code field.convert(valueMap.get(field.name())}
*
* @throws FormFieldException if value does not meet expected contracts.
*/
@Detainted
public Optional<O> extract(@Tainted Map<String, I> valueMap) {
return convert(valueMap.get(name));
}