diff --git a/src/main/java/com/threerings/getdown/data/Application.java b/src/main/java/com/threerings/getdown/data/Application.java index 886551f..f759ef0 100644 --- a/src/main/java/com/threerings/getdown/data/Application.java +++ b/src/main/java/com/threerings/getdown/data/Application.java @@ -1472,7 +1472,7 @@ public class Application protected void downloadConfigFile () throws IOException { - downloadControlFile(CONFIG_FILE, false); + downloadControlFile(CONFIG_FILE, 0); } /** @@ -1533,7 +1533,7 @@ public class Application throws IOException { for (int version = 1; version <= Digest.VERSION; version++) { - downloadControlFile(Digest.digestFile(version), true); + downloadControlFile(Digest.digestFile(version), version); } } @@ -1548,13 +1548,17 @@ public class Application * validation implementation, at-will (ie, via an Applet). * *

TODO: Switch to PKCS #7 or CMS. + * + * @param sigVersion if {@code 0} no validation will be performed, if {@code > 0} then this + * should indicate the version of the digest file being validated which indicates which + * algorithm to use to verify the signature. See {@link Digest#VESRION}. */ - protected void downloadControlFile (String path, boolean validateSignature) + protected void downloadControlFile (String path, int sigVersion) throws IOException { File target = downloadFile(path); - if (validateSignature) { + if (sigVersion > 0) { if (_signers.isEmpty()) { log.info("No signers, not verifying file", "path", path); @@ -1576,7 +1580,7 @@ public class Application FileInputStream dataInput = null; try { dataInput = new FileInputStream(target); - Signature sig = Signature.getInstance(Digest.SIG_ALGO); + Signature sig = Signature.getInstance(Digest.sigAlgorithm(sigVersion)); sig.initVerify(cert); while ((length = dataInput.read(buffer)) != -1) { sig.update(buffer, 0, length); diff --git a/src/main/java/com/threerings/getdown/data/Digest.java b/src/main/java/com/threerings/getdown/data/Digest.java index 0cd7a40..6239140 100644 --- a/src/main/java/com/threerings/getdown/data/Digest.java +++ b/src/main/java/com/threerings/getdown/data/Digest.java @@ -29,9 +29,6 @@ public class Digest /** The current version of the digest protocol. */ public static final int VERSION = 2; - /** The current algorithm used to sign digest files. */ - public static final String SIG_ALGO = "SHA256withRSA"; - /** * Returns the name of the digest file for the specified protocol version. */ @@ -40,6 +37,17 @@ public class Digest return FILE_NAME + infix + FILE_SUFFIX; } + /** + * Returns the crypto algorithm used to sign digest files of the specified version. + */ + public static String sigAlgorithm (int version) { + switch (version) { + case 1: return "SHA1withRSA"; + case 2: return "SHA256withRSA"; + default: throw new IllegalArgumentException("Invalid digest version " + version); + } + } + /** * Creates a digest file at the specified location using the supplied list of resources. * @param version the version of the digest protocol to use. diff --git a/src/main/java/com/threerings/getdown/tools/AppletParamSigner.java b/src/main/java/com/threerings/getdown/tools/AppletParamSigner.java index 78cac26..dfec157 100644 --- a/src/main/java/com/threerings/getdown/tools/AppletParamSigner.java +++ b/src/main/java/com/threerings/getdown/tools/AppletParamSigner.java @@ -43,7 +43,7 @@ public class AppletParamSigner store.load(new BufferedInputStream(new FileInputStream(keystore)), storepass.toCharArray()); PrivateKey key = (PrivateKey)store.getKey(alias, keypass.toCharArray()); - Signature sig = Signature.getInstance(Digest.SIG_ALGO); + Signature sig = Signature.getInstance(Digest.sigAlgorithm(Digest.VERSION)); sig.initSign(key); sig.update(params.getBytes()); String signed = new String(Base64.encodeBase64(sig.sign())); diff --git a/src/main/java/com/threerings/getdown/tools/Digester.java b/src/main/java/com/threerings/getdown/tools/Digester.java index 86a0331..f765163 100644 --- a/src/main/java/com/threerings/getdown/tools/Digester.java +++ b/src/main/java/com/threerings/getdown/tools/Digester.java @@ -110,7 +110,7 @@ public class Digester PrivateKey key = (PrivateKey)store.getKey(storeAlias, storePass.toCharArray()); // sign the digest file - String algo = version > 1 ? Digest.SIG_ALGO : "SHA1withRSA"; + String algo = Digest.sigAlgorithm(version); Signature sig = Signature.getInstance(algo); dataInput = new FileInputStream(inputFile); byte[] buffer = new byte[8192];