Overview Package Class Use Source Tree Index Deprecated About
Frames | No Frames

Source for gnu.javax.crypto.keyring.AuthenticatedEntry

   1: /* AuthenticatedEntry.java --
   2:    Copyright (C) 2003, 2006 Free Software Foundation, Inc.
   3: 
   4: This file is a part of GNU Classpath.
   5: 
   6: GNU Classpath is free software; you can redistribute it and/or modify
   7: it under the terms of the GNU General Public License as published by
   8: the Free Software Foundation; either version 2 of the License, or (at
   9: your option) any later version.
  10: 
  11: GNU Classpath is distributed in the hope that it will be useful, but
  12: WITHOUT ANY WARRANTY; without even the implied warranty of
  13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14: General Public License for more details.
  15: 
  16: You should have received a copy of the GNU General Public License
  17: along with GNU Classpath; if not, write to the Free Software
  18: Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
  19: USA
  20: 
  21: Linking this library statically or dynamically with other modules is
  22: making a combined work based on this library.  Thus, the terms and
  23: conditions of the GNU General Public License cover the whole
  24: combination.
  25: 
  26: As a special exception, the copyright holders of this library give you
  27: permission to link this library with independent modules to produce an
  28: executable, regardless of the license terms of these independent
  29: modules, and to copy and distribute the resulting executable under
  30: terms of your choice, provided that you also meet, for each linked
  31: independent module, the terms and conditions of the license of that
  32: module.  An independent module is a module which is not derived from
  33: or based on this library.  If you modify this library, you may extend
  34: this exception to your version of the library, but you are not
  35: obligated to do so.  If you do not wish to do so, delete this
  36: exception statement from your version.  */
  37: 
  38: 
  39: package gnu.javax.crypto.keyring;
  40: 
  41: import gnu.java.security.Registry;
  42: import gnu.javax.crypto.mac.IMac;
  43: import gnu.javax.crypto.mac.MacFactory;
  44: import gnu.javax.crypto.mac.MacOutputStream;
  45: 
  46: import java.io.ByteArrayInputStream;
  47: import java.io.ByteArrayOutputStream;
  48: import java.io.DataInputStream;
  49: import java.io.DataOutputStream;
  50: import java.io.IOException;
  51: import java.security.InvalidKeyException;
  52: import java.util.Arrays;
  53: import java.util.HashMap;
  54: import java.util.Iterator;
  55: 
  56: public final class AuthenticatedEntry
  57:     extends MaskableEnvelopeEntry
  58:     implements Registry
  59: {
  60:   public static final int TYPE = 2;
  61: 
  62:   public AuthenticatedEntry(String mac, int macLen, Properties properties)
  63:   {
  64:     super(TYPE, properties);
  65:     if (macLen <= 0)
  66:       throw new IllegalArgumentException("invalid mac length");
  67:     this.properties.put("mac", mac);
  68:     this.properties.put("maclen", String.valueOf(macLen));
  69:     setMasked(false);
  70:   }
  71: 
  72:   private AuthenticatedEntry()
  73:   {
  74:     super(TYPE);
  75:     setMasked(true);
  76:   }
  77: 
  78:   public static AuthenticatedEntry decode(DataInputStream in)
  79:       throws IOException
  80:   {
  81:     AuthenticatedEntry entry = new AuthenticatedEntry();
  82:     entry.properties.decode(in);
  83:     if (! entry.properties.containsKey("mac"))
  84:       throw new MalformedKeyringException("no mac specified");
  85:     if (! entry.properties.containsKey("maclen"))
  86:       throw new MalformedKeyringException("no mac length specified");
  87:     return entry;
  88:   }
  89: 
  90:   /**
  91:    * Computes the mac over this envelope's data. This method <b>must</b> be
  92:    * called before this entry in encoded.
  93:    *
  94:    * @param key The key to authenticate with.
  95:    * @throws IOException If encoding fails.
  96:    * @throws InvalidKeyException If the supplied key is bad.
  97:    */
  98:   public void authenticate(byte[] key) throws IOException, InvalidKeyException
  99:   {
 100:     if (isMasked())
 101:       throw new IllegalStateException("entry is masked");
 102:     IMac m = getMac(key);
 103:     ByteArrayOutputStream bout = new ByteArrayOutputStream(1024);
 104:     MacOutputStream macout = new MacOutputStream(bout, m);
 105:     DataOutputStream out2 = new DataOutputStream(macout);
 106:     for (Iterator it = entries.iterator(); it.hasNext();)
 107:       {
 108:         Entry entry = (Entry) it.next();
 109:         entry.encode(out2);
 110:       }
 111:     bout.write(m.digest());
 112:     payload = bout.toByteArray();
 113:   }
 114: 
 115:   /**
 116:    * Verifies this entry's payload. This method will unmask this entry, thus it
 117:    * must be called before accessing its contents.
 118:    *
 119:    * @param key The key to use to authenticate.
 120:    * @throws InvalidKeyException If the given key is improper.
 121:    */
 122:   public void verify(byte[] key) throws InvalidKeyException
 123:   {
 124:     if (! isMasked() || payload == null)
 125:       return;
 126:     IMac m = getMac(key);
 127:     m.update(payload, 0, payload.length - m.macSize());
 128:     byte[] macValue = new byte[m.macSize()];
 129:     System.arraycopy(payload, payload.length - macValue.length, macValue, 0,
 130:                      macValue.length);
 131:     if (! Arrays.equals(macValue, m.digest()))
 132:       throw new IllegalArgumentException("MAC verification failed");
 133:     try
 134:       {
 135:         int len = payload.length - m.macSize();
 136:         ByteArrayInputStream bais = new ByteArrayInputStream(payload, 0, len);
 137:         DataInputStream in = new DataInputStream(bais);
 138:         decodeEnvelope(in);
 139:       }
 140:     catch (IOException ioe)
 141:       {
 142:         throw new IllegalArgumentException("malformed keyring fragment");
 143:       }
 144:     setMasked(false);
 145:     payload = null;
 146:   }
 147: 
 148:   protected void encodePayload() throws IOException
 149:   {
 150:     if (payload == null)
 151:       throw new IllegalStateException("not authenticated");
 152:   }
 153: 
 154:   private IMac getMac(byte[] key) throws InvalidKeyException
 155:   {
 156:     IMac mac = MacFactory.getInstance(properties.get("mac"));
 157:     if (mac == null)
 158:       throw new IllegalArgumentException("no such mac: " + properties.get("mac"));
 159:     int maclen = 0;
 160:     if (! properties.containsKey("maclen"))
 161:       throw new IllegalArgumentException("no MAC length");
 162:     try
 163:       {
 164:         maclen = Integer.parseInt(properties.get("maclen"));
 165:       }
 166:     catch (NumberFormatException nfe)
 167:       {
 168:         throw new IllegalArgumentException("bad MAC length");
 169:       }
 170:     HashMap macAttr = new HashMap();
 171:     macAttr.put(IMac.MAC_KEY_MATERIAL, key);
 172:     macAttr.put(IMac.TRUNCATED_SIZE, Integer.valueOf(maclen));
 173:     mac.init(macAttr);
 174:     return mac;
 175:   }
 176: }

Overview Package Class Use Source Tree Index Deprecated About