Use correct sig algorithm for each digest version.

Fixes #91.
This commit is contained in:
Michael Bayne
2018-04-23 19:14:12 -07:00
parent 16d8f08518
commit 5cc23397cd
4 changed files with 22 additions and 10 deletions
@@ -1472,7 +1472,7 @@ public class Application
protected void downloadConfigFile ()
throws IOException
{
downloadControlFile(CONFIG_FILE, false);
downloadControlFile(CONFIG_FILE, 0);
}
/**
@@ -1533,7 +1533,7 @@ public class Application
throws IOException
{
for (int version = 1; version <= Digest.VERSION; version++) {
downloadControlFile(Digest.digestFile(version), true);
downloadControlFile(Digest.digestFile(version), version);
}
}
@@ -1548,13 +1548,17 @@ public class Application
* validation implementation, at-will (ie, via an Applet).
*
* <p> TODO: Switch to PKCS #7 or CMS.
*
* @param sigVersion if {@code 0} no validation will be performed, if {@code > 0} then this
* should indicate the version of the digest file being validated which indicates which
* algorithm to use to verify the signature. See {@link Digest#VESRION}.
*/
protected void downloadControlFile (String path, boolean validateSignature)
protected void downloadControlFile (String path, int sigVersion)
throws IOException
{
File target = downloadFile(path);
if (validateSignature) {
if (sigVersion > 0) {
if (_signers.isEmpty()) {
log.info("No signers, not verifying file", "path", path);
@@ -1576,7 +1580,7 @@ public class Application
FileInputStream dataInput = null;
try {
dataInput = new FileInputStream(target);
Signature sig = Signature.getInstance(Digest.SIG_ALGO);
Signature sig = Signature.getInstance(Digest.sigAlgorithm(sigVersion));
sig.initVerify(cert);
while ((length = dataInput.read(buffer)) != -1) {
sig.update(buffer, 0, length);
@@ -29,9 +29,6 @@ public class Digest
/** The current version of the digest protocol. */
public static final int VERSION = 2;
/** The current algorithm used to sign digest files. */
public static final String SIG_ALGO = "SHA256withRSA";
/**
* Returns the name of the digest file for the specified protocol version.
*/
@@ -40,6 +37,17 @@ public class Digest
return FILE_NAME + infix + FILE_SUFFIX;
}
/**
* Returns the crypto algorithm used to sign digest files of the specified version.
*/
public static String sigAlgorithm (int version) {
switch (version) {
case 1: return "SHA1withRSA";
case 2: return "SHA256withRSA";
default: throw new IllegalArgumentException("Invalid digest version " + version);
}
}
/**
* Creates a digest file at the specified location using the supplied list of resources.
* @param version the version of the digest protocol to use.
@@ -43,7 +43,7 @@ public class AppletParamSigner
store.load(new BufferedInputStream(new FileInputStream(keystore)),
storepass.toCharArray());
PrivateKey key = (PrivateKey)store.getKey(alias, keypass.toCharArray());
Signature sig = Signature.getInstance(Digest.SIG_ALGO);
Signature sig = Signature.getInstance(Digest.sigAlgorithm(Digest.VERSION));
sig.initSign(key);
sig.update(params.getBytes());
String signed = new String(Base64.encodeBase64(sig.sign()));
@@ -110,7 +110,7 @@ public class Digester
PrivateKey key = (PrivateKey)store.getKey(storeAlias, storePass.toCharArray());
// sign the digest file
String algo = version > 1 ? Digest.SIG_ALGO : "SHA1withRSA";
String algo = Digest.sigAlgorithm(version);
Signature sig = Signature.getInstance(algo);
dataInput = new FileInputStream(inputFile);
byte[] buffer = new byte[8192];