refactored to deal with class loader issues in ErrorBundles for modules

dghgit · dghgit · commit c3624a56eb06 · 2024-03-05T17:38:39.000+11:00
diff --git a/mail/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidator.java b/mail/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidator.java
@@ -169,7 +169,7 @@ else if (message.isMimeType("application/pkcs7-mime")
             }
             else
             {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
+                ErrorBundle msg = createErrorBundle(
                     "SignedMailValidator.noSignedMessage");
                 throw new SignedMailValidatorException(msg);
             }
@@ -215,7 +215,7 @@ else if (message.isMimeType("application/pkcs7-mime")
                 throw (SignedMailValidatorException)e;
             }
             // exception reading message
-            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
+            ErrorBundle msg = createErrorBundle(
                 "SignedMailValidator.exceptionReadingMessage",
                 new Object[]{e.getMessage(), e, e.getClass().getName()});
             throw new SignedMailValidatorException(msg, e);
@@ -258,7 +258,7 @@ protected void validateSignatures(PKIXParameters pkixParam)
             }
             catch (CertStoreException cse)
             {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
+                ErrorBundle msg = createErrorBundle(
                     "SignedMailValidator.exceptionRetrievingSignerCert",
                     new Object[]{cse.getMessage(), cse, cse.getClass().getName()});
                 errors.add(msg);
@@ -273,14 +273,14 @@ protected void validateSignatures(PKIXParameters pkixParam)
                     validSignature = signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert.getPublicKey()));
                     if (!validSignature)
                     {
-                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
+                        ErrorBundle msg = createErrorBundle(
                             "SignedMailValidator.signatureNotVerified");
                         errors.add(msg);
                     }
                 }
                 catch (Exception e)
                 {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
+                    ErrorBundle msg = createErrorBundle(
                         "SignedMailValidator.exceptionVerifyingSignature",
                         new Object[]{e.getMessage(), e, e.getClass().getName()});
                     errors.add(msg);
@@ -296,7 +296,7 @@ protected void validateSignatures(PKIXParameters pkixParam)
                     Attribute attr = atab.get(PKCSObjectIdentifiers.id_aa_receiptRequest);
                     if (attr != null)
                     {
-                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
+                        ErrorBundle msg = createErrorBundle(
                             "SignedMailValidator.signedReceiptRequest");
                         notifications.add(msg);
                     }
@@ -309,7 +309,7 @@ protected void validateSignatures(PKIXParameters pkixParam)
                 Date signTime = getSignatureTime(signer);
                 if (signTime == null) // no signing time was found
                 {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
+                    ErrorBundle msg = createErrorBundle(
                         "SignedMailValidator.noSigningTime");
                     notifications.add(msg);
                     signTime = pkixParam.getDate();
@@ -327,14 +327,14 @@ protected void validateSignatures(PKIXParameters pkixParam)
                     }
                     catch (CertificateExpiredException e)
                     {
-                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
+                        ErrorBundle msg = createErrorBundle(
                             "SignedMailValidator.certExpired",
                             new Object[]{new TrustedInput(signTime), new TrustedInput(cert.getNotAfter())});
                         errors.add(msg);
                     }
                     catch (CertificateNotYetValidException e)
                     {
-                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
+                        ErrorBundle msg = createErrorBundle(
                             "SignedMailValidator.certNotYetValid",
                             new Object[]{new TrustedInput(signTime), new TrustedInput(cert.getNotBefore())});
                         errors.add(msg);
@@ -373,7 +373,7 @@ protected void validateSignatures(PKIXParameters pkixParam)
                     review.init(certPath, usedParameters);
                     if (!review.isValidCertPath())
                     {
-                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
+                        ErrorBundle msg = createErrorBundle(
                             "SignedMailValidator.certPathInvalid");
                         errors.add(msg);
                     }
@@ -383,7 +383,7 @@ protected void validateSignatures(PKIXParameters pkixParam)
                 catch (GeneralSecurityException gse)
                 {
                     // cannot create cert path
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
+                    ErrorBundle msg = createErrorBundle(
                         "SignedMailValidator.exceptionCreateCertPath",
                         new Object[]{gse.getMessage(), gse, gse.getClass().getName()});
                     errors.add(msg);
@@ -401,7 +401,7 @@ protected void validateSignatures(PKIXParameters pkixParam)
             else
             // no signer certificate found
             {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
+                ErrorBundle msg = createErrorBundle(
                     "SignedMailValidator.noSignerCert");
                 errors.add(msg);
                 results.put(signer, new ValidationResult(null, false, errors,
@@ -478,7 +478,7 @@ else if (key instanceof DSAPublicKey)
         }
         if (keyLength != -1 && keyLength <= shortKeyLength)
         {
-            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
+            ErrorBundle msg = createErrorBundle(
                 "SignedMailValidator.shortSigningKey",
                 new Object[]{Integers.valueOf(keyLength)});
             notifications.add(msg);
@@ -488,7 +488,7 @@ else if (key instanceof DSAPublicKey)
         long validityPeriod = cert.getNotAfter().getTime() - cert.getNotBefore().getTime();
         if (validityPeriod > THIRTY_YEARS_IN_MILLI_SEC)
         {
-            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
+            ErrorBundle msg = createErrorBundle(
                 "SignedMailValidator.longValidity",
                 new Object[]{new TrustedInput(cert.getNotBefore()), new TrustedInput(cert.getNotAfter())});
             notifications.add(msg);
@@ -498,7 +498,7 @@ else if (key instanceof DSAPublicKey)
         boolean[] keyUsage = cert.getKeyUsage();
         if (keyUsage != null && !keyUsage[0] && !keyUsage[1])
         {
-            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
+            ErrorBundle msg = createErrorBundle(
                 "SignedMailValidator.signingNotPermitted");
             errors.add(msg);
         }
@@ -516,15 +516,15 @@ else if (key instanceof DSAPublicKey)
                     && !extKeyUsage
                     .hasKeyPurposeId(KeyPurposeId.id_kp_emailProtection))
                 {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
+                    ErrorBundle msg = createErrorBundle(
                         "SignedMailValidator.extKeyUsageNotPermitted");
                     errors.add(msg);
                 }
             }
         }
         catch (Exception e)
         {
-            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
+            ErrorBundle msg = createErrorBundle(
                 "SignedMailValidator.extKeyUsageError", new Object[]{
                 e.getMessage(), e, e.getClass().getName()}
             );
@@ -538,7 +538,7 @@ else if (key instanceof DSAPublicKey)
             if (certEmails.isEmpty())
             {
                 // error no email address in signing certificate
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
+                ErrorBundle msg = createErrorBundle(
                     "SignedMailValidator.noEmailInCert");
                 errors.add(msg);
             }
@@ -557,7 +557,7 @@ else if (key instanceof DSAPublicKey)
                 }
                 if (!equalsFrom)
                 {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
+                    ErrorBundle msg = createErrorBundle(
                         "SignedMailValidator.emailFromCertMismatch",
                         new Object[]{
                             new UntrustedInput(
@@ -570,7 +570,7 @@ else if (key instanceof DSAPublicKey)
         }
         catch (Exception e)
         {
-            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
+            ErrorBundle msg = createErrorBundle(
                 "SignedMailValidator.certGetEmailError", new Object[]{
                 e.getMessage(), e, e.getClass().getName()}
             );
@@ -854,7 +854,7 @@ public ValidationResult getValidationResult(SignerInformation signer)
         {
             // the signer is not part of the SignerInformationStore
             // he has not signed the message
-            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
+            ErrorBundle msg = createErrorBundle(
                 "SignedMailValidator.wrongSigner");
             throw new SignedMailValidatorException(msg);
         }
@@ -961,10 +961,25 @@ public boolean isValidSignature()
         }
     }
 
-
     private static TBSCertificate getTBSCert(X509Certificate cert)
         throws CertificateEncodingException
     {
         return TBSCertificate.getInstance(cert.getTBSCertificate());
     }
+    
+    private static ErrorBundle createErrorBundle(String id)
+    {
+        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, id);
+        msg.setClassLoader(SignedMailValidator.class.getClassLoader());
+        
+        return msg;
+    }
+    
+    private static ErrorBundle createErrorBundle(String id, Object[] arguments)
+    {
+        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, id, arguments);
+        msg.setClassLoader(SignedMailValidator.class.getClassLoader());
+        
+        return msg;
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -169,7 +169,7 @@ else if (message.isMimeType("application/pkcs7-mime")`
`169`	`169`	`}`
`170`	`170`	`else`
`171`	`171`	`{`
`172`		`- ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,`
	`172`	`+ ErrorBundle msg = createErrorBundle(`
`173`	`173`	`"SignedMailValidator.noSignedMessage");`
`174`	`174`	`throw new SignedMailValidatorException(msg);`
`175`	`175`	`}`
`@@ -215,7 +215,7 @@ else if (message.isMimeType("application/pkcs7-mime")`
`215`	`215`	`throw (SignedMailValidatorException)e;`
`216`	`216`	`}`
`217`	`217`	`// exception reading message`
`218`		`- ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,`
	`218`	`+ ErrorBundle msg = createErrorBundle(`
`219`	`219`	`"SignedMailValidator.exceptionReadingMessage",`
`220`	`220`	`new Object[]{e.getMessage(), e, e.getClass().getName()});`
`221`	`221`	`throw new SignedMailValidatorException(msg, e);`
`@@ -258,7 +258,7 @@ protected void validateSignatures(PKIXParameters pkixParam)`
`258`	`258`	`}`
`259`	`259`	`catch (CertStoreException cse)`
`260`	`260`	`{`
`261`		`- ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,`
	`261`	`+ ErrorBundle msg = createErrorBundle(`
`262`	`262`	`"SignedMailValidator.exceptionRetrievingSignerCert",`
`263`	`263`	`new Object[]{cse.getMessage(), cse, cse.getClass().getName()});`
`264`	`264`	`errors.add(msg);`
`@@ -273,14 +273,14 @@ protected void validateSignatures(PKIXParameters pkixParam)`
`273`	`273`	`validSignature = signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert.getPublicKey()));`
`274`	`274`	`if (!validSignature)`
`275`	`275`	`{`
`276`		`- ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,`
	`276`	`+ ErrorBundle msg = createErrorBundle(`
`277`	`277`	`"SignedMailValidator.signatureNotVerified");`
`278`	`278`	`errors.add(msg);`
`279`	`279`	`}`
`280`	`280`	`}`
`281`	`281`	`catch (Exception e)`
`282`	`282`	`{`
`283`		`- ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,`
	`283`	`+ ErrorBundle msg = createErrorBundle(`
`284`	`284`	`"SignedMailValidator.exceptionVerifyingSignature",`
`285`	`285`	`new Object[]{e.getMessage(), e, e.getClass().getName()});`
`286`	`286`	`errors.add(msg);`
`@@ -296,7 +296,7 @@ protected void validateSignatures(PKIXParameters pkixParam)`
`296`	`296`	`Attribute attr = atab.get(PKCSObjectIdentifiers.id_aa_receiptRequest);`
`297`	`297`	`if (attr != null)`
`298`	`298`	`{`
`299`		`- ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,`
	`299`	`+ ErrorBundle msg = createErrorBundle(`
`300`	`300`	`"SignedMailValidator.signedReceiptRequest");`
`301`	`301`	`notifications.add(msg);`
`302`	`302`	`}`
`@@ -309,7 +309,7 @@ protected void validateSignatures(PKIXParameters pkixParam)`
`309`	`309`	`Date signTime = getSignatureTime(signer);`
`310`	`310`	`if (signTime == null) // no signing time was found`
`311`	`311`	`{`
`312`		`- ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,`
	`312`	`+ ErrorBundle msg = createErrorBundle(`
`313`	`313`	`"SignedMailValidator.noSigningTime");`
`314`	`314`	`notifications.add(msg);`
`315`	`315`	`signTime = pkixParam.getDate();`
`@@ -327,14 +327,14 @@ protected void validateSignatures(PKIXParameters pkixParam)`
`327`	`327`	`}`
`328`	`328`	`catch (CertificateExpiredException e)`
`329`	`329`	`{`
`330`		`- ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,`
	`330`	`+ ErrorBundle msg = createErrorBundle(`
`331`	`331`	`"SignedMailValidator.certExpired",`
`332`	`332`	`new Object[]{new TrustedInput(signTime), new TrustedInput(cert.getNotAfter())});`
`333`	`333`	`errors.add(msg);`
`334`	`334`	`}`
`335`	`335`	`catch (CertificateNotYetValidException e)`
`336`	`336`	`{`
`337`		`- ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,`
	`337`	`+ ErrorBundle msg = createErrorBundle(`
`338`	`338`	`"SignedMailValidator.certNotYetValid",`
`339`	`339`	`new Object[]{new TrustedInput(signTime), new TrustedInput(cert.getNotBefore())});`
`340`	`340`	`errors.add(msg);`
`@@ -373,7 +373,7 @@ protected void validateSignatures(PKIXParameters pkixParam)`
`373`	`373`	`review.init(certPath, usedParameters);`
`374`	`374`	`if (!review.isValidCertPath())`
`375`	`375`	`{`
`376`		`- ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,`
	`376`	`+ ErrorBundle msg = createErrorBundle(`
`377`	`377`	`"SignedMailValidator.certPathInvalid");`
`378`	`378`	`errors.add(msg);`
`379`	`379`	`}`
`@@ -383,7 +383,7 @@ protected void validateSignatures(PKIXParameters pkixParam)`
`383`	`383`	`catch (GeneralSecurityException gse)`
`384`	`384`	`{`
`385`	`385`	`// cannot create cert path`
`386`		`- ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,`
	`386`	`+ ErrorBundle msg = createErrorBundle(`
`387`	`387`	`"SignedMailValidator.exceptionCreateCertPath",`
`388`	`388`	`new Object[]{gse.getMessage(), gse, gse.getClass().getName()});`
`389`	`389`	`errors.add(msg);`
`@@ -401,7 +401,7 @@ protected void validateSignatures(PKIXParameters pkixParam)`
`401`	`401`	`else`
`402`	`402`	`// no signer certificate found`
`403`	`403`	`{`
`404`		`- ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,`
	`404`	`+ ErrorBundle msg = createErrorBundle(`
`405`	`405`	`"SignedMailValidator.noSignerCert");`
`406`	`406`	`errors.add(msg);`
`407`	`407`	`results.put(signer, new ValidationResult(null, false, errors,`
`@@ -478,7 +478,7 @@ else if (key instanceof DSAPublicKey)`
`478`	`478`	`}`
`479`	`479`	`if (keyLength != -1 && keyLength <= shortKeyLength)`
`480`	`480`	`{`
`481`		`- ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,`
	`481`	`+ ErrorBundle msg = createErrorBundle(`
`482`	`482`	`"SignedMailValidator.shortSigningKey",`
`483`	`483`	`new Object[]{Integers.valueOf(keyLength)});`
`484`	`484`	`notifications.add(msg);`
`@@ -488,7 +488,7 @@ else if (key instanceof DSAPublicKey)`
`488`	`488`	`long validityPeriod = cert.getNotAfter().getTime() - cert.getNotBefore().getTime();`
`489`	`489`	`if (validityPeriod > THIRTY_YEARS_IN_MILLI_SEC)`
`490`	`490`	`{`
`491`		`- ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,`
	`491`	`+ ErrorBundle msg = createErrorBundle(`
`492`	`492`	`"SignedMailValidator.longValidity",`
`493`	`493`	`new Object[]{new TrustedInput(cert.getNotBefore()), new TrustedInput(cert.getNotAfter())});`
`494`	`494`	`notifications.add(msg);`
`@@ -498,7 +498,7 @@ else if (key instanceof DSAPublicKey)`
`498`	`498`	`boolean[] keyUsage = cert.getKeyUsage();`
`499`	`499`	`if (keyUsage != null && !keyUsage[0] && !keyUsage[1])`
`500`	`500`	`{`
`501`		`- ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,`
	`501`	`+ ErrorBundle msg = createErrorBundle(`
`502`	`502`	`"SignedMailValidator.signingNotPermitted");`
`503`	`503`	`errors.add(msg);`
`504`	`504`	`}`
`@@ -516,15 +516,15 @@ else if (key instanceof DSAPublicKey)`
`516`	`516`	`&& !extKeyUsage`
`517`	`517`	`.hasKeyPurposeId(KeyPurposeId.id_kp_emailProtection))`
`518`	`518`	`{`
`519`		`- ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,`
	`519`	`+ ErrorBundle msg = createErrorBundle(`
`520`	`520`	`"SignedMailValidator.extKeyUsageNotPermitted");`
`521`	`521`	`errors.add(msg);`
`522`	`522`	`}`
`523`	`523`	`}`
`524`	`524`	`}`
`525`	`525`	`catch (Exception e)`
`526`	`526`	`{`
`527`		`- ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,`
	`527`	`+ ErrorBundle msg = createErrorBundle(`
`528`	`528`	`"SignedMailValidator.extKeyUsageError", new Object[]{`
`529`	`529`	`e.getMessage(), e, e.getClass().getName()}`
`530`	`530`	`);`
`@@ -538,7 +538,7 @@ else if (key instanceof DSAPublicKey)`
`538`	`538`	`if (certEmails.isEmpty())`
`539`	`539`	`{`
`540`	`540`	`// error no email address in signing certificate`
`541`		`- ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,`
	`541`	`+ ErrorBundle msg = createErrorBundle(`
`542`	`542`	`"SignedMailValidator.noEmailInCert");`
`543`	`543`	`errors.add(msg);`
`544`	`544`	`}`
`@@ -557,7 +557,7 @@ else if (key instanceof DSAPublicKey)`
`557`	`557`	`}`
`558`	`558`	`if (!equalsFrom)`
`559`	`559`	`{`
`560`		`- ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,`
	`560`	`+ ErrorBundle msg = createErrorBundle(`
`561`	`561`	`"SignedMailValidator.emailFromCertMismatch",`
`562`	`562`	`new Object[]{`
`563`	`563`	`new UntrustedInput(`
`@@ -570,7 +570,7 @@ else if (key instanceof DSAPublicKey)`
`570`	`570`	`}`
`571`	`571`	`catch (Exception e)`
`572`	`572`	`{`
`573`		`- ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,`
	`573`	`+ ErrorBundle msg = createErrorBundle(`
`574`	`574`	`"SignedMailValidator.certGetEmailError", new Object[]{`
`575`	`575`	`e.getMessage(), e, e.getClass().getName()}`
`576`	`576`	`);`
`@@ -854,7 +854,7 @@ public ValidationResult getValidationResult(SignerInformation signer)`
`854`	`854`	`{`
`855`	`855`	`// the signer is not part of the SignerInformationStore`
`856`	`856`	`// he has not signed the message`
`857`		`- ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,`
	`857`	`+ ErrorBundle msg = createErrorBundle(`
`858`	`858`	`"SignedMailValidator.wrongSigner");`
`859`	`859`	`throw new SignedMailValidatorException(msg);`
`860`	`860`	`}`
`@@ -961,10 +961,25 @@ public boolean isValidSignature()`
`961`	`961`	`}`
`962`	`962`	`}`
`963`	`963`
`964`		`-`
`965`	`964`	`private static TBSCertificate getTBSCert(X509Certificate cert)`
`966`	`965`	`throws CertificateEncodingException`
`967`	`966`	`{`
`968`	`967`	`return TBSCertificate.getInstance(cert.getTBSCertificate());`
`969`	`968`	`}`
	`969`	`+`
	`970`	`+ private static ErrorBundle createErrorBundle(String id)`
	`971`	`+ {`
	`972`	`+ ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, id);`
	`973`	`+ msg.setClassLoader(SignedMailValidator.class.getClassLoader());`
	`974`	`+`
	`975`	`+ return msg;`
	`976`	`+ }`
	`977`	`+`
	`978`	`+ private static ErrorBundle createErrorBundle(String id, Object[] arguments)`
	`979`	`+ {`
	`980`	`+ ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, id, arguments);`
	`981`	`+ msg.setClassLoader(SignedMailValidator.class.getClassLoader());`
	`982`	`+`
	`983`	`+ return msg;`
	`984`	`+ }`
`970`	`985`	`}`