Package eu.europa.esig.dss.asic.common

Class SecureContainerHandler

java.lang.Object
eu.europa.esig.dss.asic.common.SecureContainerHandler
All Implemented Interfaces:
ZipContainerHandler
public class SecureContainerHandler extends Object implements ZipContainerHandler
The default implementation of ZipContainerHandler, providing utilities to prevent a denial of service attacks, such as zip-bombing

  • Constructor Details

    • SecureContainerHandler

      public SecureContainerHandler()
      Default constructor instantiating handler with default configuration

  • Method Details

    • setThreshold

      public void setThreshold(long threshold)
      Sets the maximum allowed threshold after exceeding each the security checks are enforced Default : 1000000 (1 MB)
      Parameters:
      threshold - in bytes

    • setMaxCompressionRatio

      public void setMaxCompressionRatio(long maxCompressionRatio)
      Sets the maximum allowed compression ratio If the container compression ratio exceeds the value, an exception is being thrown Default : 100
      Parameters:
      maxCompressionRatio - the maximum compression ratio

    • setMaxAllowedFilesAmount

      public void setMaxAllowedFilesAmount(int maxAllowedFilesAmount)
      Sets the maximum allowed amount of files inside a container Default : 1000
      Parameters:
      maxAllowedFilesAmount - the maximum number of allowed files

    • setMaxMalformedFiles

      public void setMaxMalformedFiles(int maxMalformedFiles)
      Sets the maximum allowed amount of malformed files Default : 100
      Parameters:
      maxMalformedFiles - the maximum number of malformed files

    • setExtractComments

      public void setExtractComments(boolean extractComments)
      Sets whether comments of ZIP entries shall be extracted. Enabling of the feature can be useful when editing an existing archive, in order to preserve the existing data (i.e. comments). When enabled, slightly decreases the performance (about 10% for extractContainerContent(zipArchive) method). Reason : All ZIP entries from a ZIP archive are extracted using java.util.zip.ZipInputStream, that is not able to extract comments for entries. In order to extract comments, the archive shall be read again using java.util.zip.ZipFile. For more information about limitations please see <a href="https://stackoverflow.com/a/70848140">the link</a>. Default : false (not extracted)
      Parameters:
      extractComments - whether comments shall be extracted

    • extractContainerContent

      public List<DSSDocument> extractContainerContent(DSSDocument zipArchive)
      Description copied from interface: ZipContainerHandler
      Extracts a list of DSSDocument from the given ZIP-archive
      Specified by:
      extractContainerContent in interface ZipContainerHandler
      Parameters:
      zipArchive - DSSDocument
      Returns:
      a list of DSSDocuments

    • extractEntryNames

      public List<String> extractEntryNames(DSSDocument zipArchive)
      Description copied from interface: ZipContainerHandler
      Returns a list of ZIP archive entry names
      Specified by:
      extractEntryNames in interface ZipContainerHandler
      Parameters:
      zipArchive - DSSDocument
      Returns:
      a list of String entry names

    • createZipArchive

      public DSSDocument createZipArchive(List<DSSDocument> containerEntries, Date creationTime, String zipComment)
      Description copied from interface: ZipContainerHandler
      Creates a ZIP-Archive with the given containerEntries
      Specified by:
      createZipArchive in interface ZipContainerHandler
      Parameters:
      containerEntries - a list of DSSDocuments to embed into the new container instance
      creationTime - (Optional) Date defined time of an archive creation, will be set for all embedded files. If null, the local current time will be used
      zipComment - (Optional) String defined a zipComment
      Returns:
      DSSDocument ZIP-Archive