Use correct sig algorithm for each digest version.

Fixes #91.
This commit is contained in:
Michael Bayne
2018-04-23 19:14:12 -07:00
parent 16d8f08518
commit 5cc23397cd
4 changed files with 22 additions and 10 deletions
@@ -1472,7 +1472,7 @@ public class Application
protected void downloadConfigFile () protected void downloadConfigFile ()
throws IOException throws IOException
{ {
downloadControlFile(CONFIG_FILE, false); downloadControlFile(CONFIG_FILE, 0);
} }
/** /**
@@ -1533,7 +1533,7 @@ public class Application
throws IOException throws IOException
{ {
for (int version = 1; version <= Digest.VERSION; version++) { for (int version = 1; version <= Digest.VERSION; version++) {
downloadControlFile(Digest.digestFile(version), true); downloadControlFile(Digest.digestFile(version), version);
} }
} }
@@ -1548,13 +1548,17 @@ public class Application
* validation implementation, at-will (ie, via an Applet). * validation implementation, at-will (ie, via an Applet).
* *
* <p> TODO: Switch to PKCS #7 or CMS. * <p> TODO: Switch to PKCS #7 or CMS.
*
* @param sigVersion if {@code 0} no validation will be performed, if {@code > 0} then this
* should indicate the version of the digest file being validated which indicates which
* algorithm to use to verify the signature. See {@link Digest#VESRION}.
*/ */
protected void downloadControlFile (String path, boolean validateSignature) protected void downloadControlFile (String path, int sigVersion)
throws IOException throws IOException
{ {
File target = downloadFile(path); File target = downloadFile(path);
if (validateSignature) { if (sigVersion > 0) {
if (_signers.isEmpty()) { if (_signers.isEmpty()) {
log.info("No signers, not verifying file", "path", path); log.info("No signers, not verifying file", "path", path);
@@ -1576,7 +1580,7 @@ public class Application
FileInputStream dataInput = null; FileInputStream dataInput = null;
try { try {
dataInput = new FileInputStream(target); dataInput = new FileInputStream(target);
Signature sig = Signature.getInstance(Digest.SIG_ALGO); Signature sig = Signature.getInstance(Digest.sigAlgorithm(sigVersion));
sig.initVerify(cert); sig.initVerify(cert);
while ((length = dataInput.read(buffer)) != -1) { while ((length = dataInput.read(buffer)) != -1) {
sig.update(buffer, 0, length); sig.update(buffer, 0, length);
@@ -29,9 +29,6 @@ public class Digest
/** The current version of the digest protocol. */ /** The current version of the digest protocol. */
public static final int VERSION = 2; public static final int VERSION = 2;
/** The current algorithm used to sign digest files. */
public static final String SIG_ALGO = "SHA256withRSA";
/** /**
* Returns the name of the digest file for the specified protocol version. * Returns the name of the digest file for the specified protocol version.
*/ */
@@ -40,6 +37,17 @@ public class Digest
return FILE_NAME + infix + FILE_SUFFIX; return FILE_NAME + infix + FILE_SUFFIX;
} }
/**
* Returns the crypto algorithm used to sign digest files of the specified version.
*/
public static String sigAlgorithm (int version) {
switch (version) {
case 1: return "SHA1withRSA";
case 2: return "SHA256withRSA";
default: throw new IllegalArgumentException("Invalid digest version " + version);
}
}
/** /**
* Creates a digest file at the specified location using the supplied list of resources. * Creates a digest file at the specified location using the supplied list of resources.
* @param version the version of the digest protocol to use. * @param version the version of the digest protocol to use.
@@ -43,7 +43,7 @@ public class AppletParamSigner
store.load(new BufferedInputStream(new FileInputStream(keystore)), store.load(new BufferedInputStream(new FileInputStream(keystore)),
storepass.toCharArray()); storepass.toCharArray());
PrivateKey key = (PrivateKey)store.getKey(alias, keypass.toCharArray()); PrivateKey key = (PrivateKey)store.getKey(alias, keypass.toCharArray());
Signature sig = Signature.getInstance(Digest.SIG_ALGO); Signature sig = Signature.getInstance(Digest.sigAlgorithm(Digest.VERSION));
sig.initSign(key); sig.initSign(key);
sig.update(params.getBytes()); sig.update(params.getBytes());
String signed = new String(Base64.encodeBase64(sig.sign())); String signed = new String(Base64.encodeBase64(sig.sign()));
@@ -110,7 +110,7 @@ public class Digester
PrivateKey key = (PrivateKey)store.getKey(storeAlias, storePass.toCharArray()); PrivateKey key = (PrivateKey)store.getKey(storeAlias, storePass.toCharArray());
// sign the digest file // sign the digest file
String algo = version > 1 ? Digest.SIG_ALGO : "SHA1withRSA"; String algo = Digest.sigAlgorithm(version);
Signature sig = Signature.getInstance(algo); Signature sig = Signature.getInstance(algo);
dataInput = new FileInputStream(inputFile); dataInput = new FileInputStream(inputFile);
byte[] buffer = new byte[8192]; byte[] buffer = new byte[8192];