@@ -1472,7 +1472,7 @@ public class Application
|
||||
protected void downloadConfigFile ()
|
||||
throws IOException
|
||||
{
|
||||
downloadControlFile(CONFIG_FILE, false);
|
||||
downloadControlFile(CONFIG_FILE, 0);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1533,7 +1533,7 @@ public class Application
|
||||
throws IOException
|
||||
{
|
||||
for (int version = 1; version <= Digest.VERSION; version++) {
|
||||
downloadControlFile(Digest.digestFile(version), true);
|
||||
downloadControlFile(Digest.digestFile(version), version);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1548,13 +1548,17 @@ public class Application
|
||||
* validation implementation, at-will (ie, via an Applet).
|
||||
*
|
||||
* <p> TODO: Switch to PKCS #7 or CMS.
|
||||
*
|
||||
* @param sigVersion if {@code 0} no validation will be performed, if {@code > 0} then this
|
||||
* should indicate the version of the digest file being validated which indicates which
|
||||
* algorithm to use to verify the signature. See {@link Digest#VESRION}.
|
||||
*/
|
||||
protected void downloadControlFile (String path, boolean validateSignature)
|
||||
protected void downloadControlFile (String path, int sigVersion)
|
||||
throws IOException
|
||||
{
|
||||
File target = downloadFile(path);
|
||||
|
||||
if (validateSignature) {
|
||||
if (sigVersion > 0) {
|
||||
if (_signers.isEmpty()) {
|
||||
log.info("No signers, not verifying file", "path", path);
|
||||
|
||||
@@ -1576,7 +1580,7 @@ public class Application
|
||||
FileInputStream dataInput = null;
|
||||
try {
|
||||
dataInput = new FileInputStream(target);
|
||||
Signature sig = Signature.getInstance(Digest.SIG_ALGO);
|
||||
Signature sig = Signature.getInstance(Digest.sigAlgorithm(sigVersion));
|
||||
sig.initVerify(cert);
|
||||
while ((length = dataInput.read(buffer)) != -1) {
|
||||
sig.update(buffer, 0, length);
|
||||
|
||||
@@ -29,9 +29,6 @@ public class Digest
|
||||
/** The current version of the digest protocol. */
|
||||
public static final int VERSION = 2;
|
||||
|
||||
/** The current algorithm used to sign digest files. */
|
||||
public static final String SIG_ALGO = "SHA256withRSA";
|
||||
|
||||
/**
|
||||
* Returns the name of the digest file for the specified protocol version.
|
||||
*/
|
||||
@@ -40,6 +37,17 @@ public class Digest
|
||||
return FILE_NAME + infix + FILE_SUFFIX;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the crypto algorithm used to sign digest files of the specified version.
|
||||
*/
|
||||
public static String sigAlgorithm (int version) {
|
||||
switch (version) {
|
||||
case 1: return "SHA1withRSA";
|
||||
case 2: return "SHA256withRSA";
|
||||
default: throw new IllegalArgumentException("Invalid digest version " + version);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a digest file at the specified location using the supplied list of resources.
|
||||
* @param version the version of the digest protocol to use.
|
||||
|
||||
@@ -43,7 +43,7 @@ public class AppletParamSigner
|
||||
store.load(new BufferedInputStream(new FileInputStream(keystore)),
|
||||
storepass.toCharArray());
|
||||
PrivateKey key = (PrivateKey)store.getKey(alias, keypass.toCharArray());
|
||||
Signature sig = Signature.getInstance(Digest.SIG_ALGO);
|
||||
Signature sig = Signature.getInstance(Digest.sigAlgorithm(Digest.VERSION));
|
||||
sig.initSign(key);
|
||||
sig.update(params.getBytes());
|
||||
String signed = new String(Base64.encodeBase64(sig.sign()));
|
||||
|
||||
@@ -110,7 +110,7 @@ public class Digester
|
||||
PrivateKey key = (PrivateKey)store.getKey(storeAlias, storePass.toCharArray());
|
||||
|
||||
// sign the digest file
|
||||
String algo = version > 1 ? Digest.SIG_ALGO : "SHA1withRSA";
|
||||
String algo = Digest.sigAlgorithm(version);
|
||||
Signature sig = Signature.getInstance(algo);
|
||||
dataInput = new FileInputStream(inputFile);
|
||||
byte[] buffer = new byte[8192];
|
||||
|
||||
Reference in New Issue
Block a user