KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > core > protocol > cmp > CmpPbeVerifyer


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/

13 package org.ejbca.core.protocol.cmp;
14
15 import java.security.InvalidKeyException JavaDoc;
16 import java.security.MessageDigest JavaDoc;
17 import java.security.NoSuchAlgorithmException JavaDoc;
18 import java.security.NoSuchProviderException JavaDoc;
19 import java.util.Arrays JavaDoc;
20
21 import javax.crypto.Mac;
22 import javax.crypto.SecretKey;
23 import javax.crypto.spec.SecretKeySpec;
24
25 import org.apache.log4j.Logger;
26 import org.bouncycastle.asn1.DERBitString;
27 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
28 import org.ejbca.core.model.InternalResources;
29
30 import com.novosec.pkix.asn1.cmp.CMPObjectIdentifiers;
31 import com.novosec.pkix.asn1.cmp.PKIHeader;
32 import com.novosec.pkix.asn1.cmp.PKIMessage;
33 import com.novosec.pkix.asn1.crmf.PBMParameter;
34
35 /**
36  * Helper class to verify PBE of CMP messages, also extracts owf, mac Oids and iteration count.
37  * @author tomas
38  * @version $Id: CmpPbeVerifyer.java,v 1.4 2006/12/13 11:23:51 anatom Exp $
39  */

40 public class CmpPbeVerifyer {
41     private static Logger log = Logger.getLogger(CmpPbeVerifyer.class);
42     /** Internal localization of logs and errors */
43     private static final InternalResources intres = InternalResources.getInstance();
44
45     private PKIMessage msg = null;
46     private String JavaDoc raAuthenticationSecret = null;
47     private String JavaDoc errMsg = null;
48     private String JavaDoc owfOid = null;
49     private String JavaDoc macOid = null;
50     private int iterationCount = 1024;
51     
52     public CmpPbeVerifyer(String JavaDoc key, PKIMessage msg) {
53         this.raAuthenticationSecret = key;
54         this.msg = msg;
55     }
56     
57     public boolean verify() throws NoSuchAlgorithmException JavaDoc, NoSuchProviderException JavaDoc, InvalidKeyException JavaDoc {
58         boolean ret = false;
59         // Verify the PasswordBased protection of the message
60
PKIHeader head = msg.getHeader();
61         byte[] protectedBytes = msg.getProtectedBytes();
62         DERBitString protection = msg.getProtection();
63         AlgorithmIdentifier pAlg = head.getProtectionAlg();
64         log.debug("Protection type is: "+pAlg.getObjectId().getId());
65         if (!pAlg.getObjectId().equals(CMPObjectIdentifiers.passwordBasedMac)) {
66             errMsg = intres.getLocalizedMessage("cmp.errorunknownprotalg", pAlg.getObjectId().getId());
67             log.error(errMsg);
68             return ret;
69         } else {
70             PBMParameter pp = PBMParameter.getInstance(pAlg.getParameters());
71             iterationCount = pp.getIterationCount().getPositiveValue().intValue();
72             log.debug("Iteration count is: "+iterationCount);
73             AlgorithmIdentifier owfAlg = pp.getOwf();
74             // Normal OWF alg is 1.3.14.3.2.26 - SHA1
75
owfOid = owfAlg.getObjectId().getId();
76             log.debug("Owf type is: "+owfOid);
77             AlgorithmIdentifier macAlg = pp.getMac();
78             // Normal mac alg is 1.3.6.1.5.5.8.1.2 - HMAC/SHA1
79
macOid = macAlg.getObjectId().getId();
80             log.debug("Mac type is: "+macOid);
81             byte[] salt = pp.getSalt().getOctets();
82             //log.info("Salt: "+new String(salt));
83
byte[] raSecret = raAuthenticationSecret.getBytes();
84             byte[] basekey = new byte[raSecret.length + salt.length];
85             for (int i = 0; i < raSecret.length; i++) {
86                 basekey[i] = raSecret[i];
87             }
88             for (int i = 0; i < salt.length; i++) {
89                 basekey[raSecret.length+i] = salt[i];
90             }
91             // Construct the base key according to rfc4210, section 5.1.3.1
92
MessageDigest JavaDoc dig = MessageDigest.getInstance(owfOid, "BC");
93             for (int i = 0; i < iterationCount; i++) {
94                 basekey = dig.digest(basekey);
95                 dig.reset();
96             }
97             // HMAC/SHA1 is normal 1.3.6.1.5.5.8.1.2 or 1.2.840.113549.2.7
98
Mac mac = Mac.getInstance(macOid, "BC");
99             SecretKey key = new SecretKeySpec(basekey, macOid);
100             mac.init(key);
101             mac.reset();
102             mac.update(protectedBytes, 0, protectedBytes.length);
103             byte[] out = mac.doFinal();
104             // My out should now be the same as the protection bits
105
byte[] pb = protection.getBytes();
106             ret = Arrays.equals(out, pb);
107         }
108         return ret;
109         
110     }
111
112     public String JavaDoc getErrMsg() {
113         return errMsg;
114     }
115
116     public String JavaDoc getMacOid() {
117         return macOid;
118     }
119
120     public String JavaDoc getOwfOid() {
121         return owfOid;
122     }
123
124     public int getIterationCount() {
125         return iterationCount;
126     }
127     
128 }
129
Popular Tags