Review

Detector:	Comparing_180312
Target:	project 'itext' version 5091

Potential Misuse

Anomaly identified by the detector. Please review whether this anomaly corresponds to a misuse.

Finding:	3
In File:	/mubench/mubench.pipeline/../checkouts/itext/5091/original-src/com/itextpdf/text/pdf/TSAClientBouncyCastle.java
In Method:	getTimeStampToken(byte[])
Code with Finding:	class TSAClientBouncyCastle { /** * Get RFC 3161 timeStampToken. * Method may return null indicating that timestamp should be skipped. * @param imprint byte[] - data imprint to be time-stamped * @return byte[] - encoded, TSA signed data of the timeStampToken * @throws Exception - TSA request failed */ public byte[] getTimeStampToken(byte[] imprint) throws Exception { byte[] respBytes = null; try { // Setup the time stamp request TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator(); tsqGenerator.setCertReq(true); // tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1"); BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis()); TimeStampRequest request = tsqGenerator.generate(PdfPKCS7.getAllowedDigests(getDigestAlgorithm()), imprint, nonce); byte[] requestBytes = request.getEncoded(); // Call the communications layer respBytes = getTSAResponse(requestBytes); // Handle the TSA response TimeStampResponse response = new TimeStampResponse(respBytes); // validate communication level attributes (RFC 3161 PKIStatus) response.validate(request); PKIFailureInfo failure = response.getFailInfo(); int value = (failure == null) ? 0 : failure.intValue(); if (value != 0) { // @todo: Translate value of 15 error codes defined by PKIFailureInfo to string throw new Exception(MessageLocalization.getComposedMessage("invalid.tsa.1.response.code.2", tsaURL, String.valueOf(value))); } // @todo: validate the time stap certificate chain (if we want // assure we do not sign using an invalid timestamp). // extract just the time stamp token (removes communication status info) TimeStampToken tsToken = response.getTimeStampToken(); if (tsToken == null) { throw new Exception(MessageLocalization.getComposedMessage("tsa.1.failed.to.return.time.stamp.token.2", tsaURL, response.getStatusString())); } TimeStampTokenInfo info = tsToken.getTimeStampInfo(); // to view details byte[] encoded = tsToken.getEncoded(); long stop = System.currentTimeMillis(); // Update our token size estimate for the next call (padded to be safe) this.tokSzEstimate = encoded.length + 32; return encoded; } catch (Exception e) { throw e; } catch (Throwable t) { throw new Exception(MessageLocalization.getComposedMessage("failed.to.get.tsa.response.from.1", tsaURL), t); } } }

Metadata

Hit	Rank	Source Code Graph	Tac Graph	Violation Types
?	3

missing/call
misplaced/call
superfluous/call
missing/condition/null_check
missing/condition/value_or_state
missing/condition/synchronization
missing/condition/context
misplaced/condition/null_check
misplaced/condition/value_or_state
misplaced/condition/synchronization
misplaced/condition/context
superfluous/condition/null_check
superfluous/condition/value_or_state
superfluous/condition/synchronization
superfluous/condition/context
missing/exception_handling
misplaced/exception_handling
superfluous/exception_handling
missing/iteration
misplaced/iteration
superfluous/iteration