@@ -1472,7 +1472,7 @@ public class Application
|
|||||||
protected void downloadConfigFile ()
|
protected void downloadConfigFile ()
|
||||||
throws IOException
|
throws IOException
|
||||||
{
|
{
|
||||||
downloadControlFile(CONFIG_FILE, false);
|
downloadControlFile(CONFIG_FILE, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -1533,7 +1533,7 @@ public class Application
|
|||||||
throws IOException
|
throws IOException
|
||||||
{
|
{
|
||||||
for (int version = 1; version <= Digest.VERSION; version++) {
|
for (int version = 1; version <= Digest.VERSION; version++) {
|
||||||
downloadControlFile(Digest.digestFile(version), true);
|
downloadControlFile(Digest.digestFile(version), version);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1548,13 +1548,17 @@ public class Application
|
|||||||
* validation implementation, at-will (ie, via an Applet).
|
* validation implementation, at-will (ie, via an Applet).
|
||||||
*
|
*
|
||||||
* <p> TODO: Switch to PKCS #7 or CMS.
|
* <p> TODO: Switch to PKCS #7 or CMS.
|
||||||
|
*
|
||||||
|
* @param sigVersion if {@code 0} no validation will be performed, if {@code > 0} then this
|
||||||
|
* should indicate the version of the digest file being validated which indicates which
|
||||||
|
* algorithm to use to verify the signature. See {@link Digest#VESRION}.
|
||||||
*/
|
*/
|
||||||
protected void downloadControlFile (String path, boolean validateSignature)
|
protected void downloadControlFile (String path, int sigVersion)
|
||||||
throws IOException
|
throws IOException
|
||||||
{
|
{
|
||||||
File target = downloadFile(path);
|
File target = downloadFile(path);
|
||||||
|
|
||||||
if (validateSignature) {
|
if (sigVersion > 0) {
|
||||||
if (_signers.isEmpty()) {
|
if (_signers.isEmpty()) {
|
||||||
log.info("No signers, not verifying file", "path", path);
|
log.info("No signers, not verifying file", "path", path);
|
||||||
|
|
||||||
@@ -1576,7 +1580,7 @@ public class Application
|
|||||||
FileInputStream dataInput = null;
|
FileInputStream dataInput = null;
|
||||||
try {
|
try {
|
||||||
dataInput = new FileInputStream(target);
|
dataInput = new FileInputStream(target);
|
||||||
Signature sig = Signature.getInstance(Digest.SIG_ALGO);
|
Signature sig = Signature.getInstance(Digest.sigAlgorithm(sigVersion));
|
||||||
sig.initVerify(cert);
|
sig.initVerify(cert);
|
||||||
while ((length = dataInput.read(buffer)) != -1) {
|
while ((length = dataInput.read(buffer)) != -1) {
|
||||||
sig.update(buffer, 0, length);
|
sig.update(buffer, 0, length);
|
||||||
|
|||||||
@@ -29,9 +29,6 @@ public class Digest
|
|||||||
/** The current version of the digest protocol. */
|
/** The current version of the digest protocol. */
|
||||||
public static final int VERSION = 2;
|
public static final int VERSION = 2;
|
||||||
|
|
||||||
/** The current algorithm used to sign digest files. */
|
|
||||||
public static final String SIG_ALGO = "SHA256withRSA";
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the name of the digest file for the specified protocol version.
|
* Returns the name of the digest file for the specified protocol version.
|
||||||
*/
|
*/
|
||||||
@@ -40,6 +37,17 @@ public class Digest
|
|||||||
return FILE_NAME + infix + FILE_SUFFIX;
|
return FILE_NAME + infix + FILE_SUFFIX;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the crypto algorithm used to sign digest files of the specified version.
|
||||||
|
*/
|
||||||
|
public static String sigAlgorithm (int version) {
|
||||||
|
switch (version) {
|
||||||
|
case 1: return "SHA1withRSA";
|
||||||
|
case 2: return "SHA256withRSA";
|
||||||
|
default: throw new IllegalArgumentException("Invalid digest version " + version);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates a digest file at the specified location using the supplied list of resources.
|
* Creates a digest file at the specified location using the supplied list of resources.
|
||||||
* @param version the version of the digest protocol to use.
|
* @param version the version of the digest protocol to use.
|
||||||
|
|||||||
@@ -43,7 +43,7 @@ public class AppletParamSigner
|
|||||||
store.load(new BufferedInputStream(new FileInputStream(keystore)),
|
store.load(new BufferedInputStream(new FileInputStream(keystore)),
|
||||||
storepass.toCharArray());
|
storepass.toCharArray());
|
||||||
PrivateKey key = (PrivateKey)store.getKey(alias, keypass.toCharArray());
|
PrivateKey key = (PrivateKey)store.getKey(alias, keypass.toCharArray());
|
||||||
Signature sig = Signature.getInstance(Digest.SIG_ALGO);
|
Signature sig = Signature.getInstance(Digest.sigAlgorithm(Digest.VERSION));
|
||||||
sig.initSign(key);
|
sig.initSign(key);
|
||||||
sig.update(params.getBytes());
|
sig.update(params.getBytes());
|
||||||
String signed = new String(Base64.encodeBase64(sig.sign()));
|
String signed = new String(Base64.encodeBase64(sig.sign()));
|
||||||
|
|||||||
@@ -110,7 +110,7 @@ public class Digester
|
|||||||
PrivateKey key = (PrivateKey)store.getKey(storeAlias, storePass.toCharArray());
|
PrivateKey key = (PrivateKey)store.getKey(storeAlias, storePass.toCharArray());
|
||||||
|
|
||||||
// sign the digest file
|
// sign the digest file
|
||||||
String algo = version > 1 ? Digest.SIG_ALGO : "SHA1withRSA";
|
String algo = Digest.sigAlgorithm(version);
|
||||||
Signature sig = Signature.getInstance(algo);
|
Signature sig = Signature.getInstance(algo);
|
||||||
dataInput = new FileInputStream(inputFile);
|
dataInput = new FileInputStream(inputFile);
|
||||||
byte[] buffer = new byte[8192];
|
byte[] buffer = new byte[8192];
|
||||||
|
|||||||
Reference in New Issue
Block a user