1 13 package org.ejbca.core.protocol.cmp; 14 15 import java.security.InvalidKeyException ; 16 import java.security.MessageDigest ; 17 import java.security.NoSuchAlgorithmException ; 18 import java.security.NoSuchProviderException ; 19 import java.util.Arrays ; 20 21 import javax.crypto.Mac; 22 import javax.crypto.SecretKey; 23 import javax.crypto.spec.SecretKeySpec; 24 25 import org.apache.log4j.Logger; 26 import org.bouncycastle.asn1.DERBitString; 27 import org.bouncycastle.asn1.x509.AlgorithmIdentifier; 28 import org.ejbca.core.model.InternalResources; 29 30 import com.novosec.pkix.asn1.cmp.CMPObjectIdentifiers; 31 import com.novosec.pkix.asn1.cmp.PKIHeader; 32 import com.novosec.pkix.asn1.cmp.PKIMessage; 33 import com.novosec.pkix.asn1.crmf.PBMParameter; 34 35 40 public class CmpPbeVerifyer { 41 private static Logger log = Logger.getLogger(CmpPbeVerifyer.class); 42 43 private static final InternalResources intres = InternalResources.getInstance(); 44 45 private PKIMessage msg = null; 46 private String raAuthenticationSecret = null; 47 private String errMsg = null; 48 private String owfOid = null; 49 private String macOid = null; 50 private int iterationCount = 1024; 51 52 public CmpPbeVerifyer(String key, PKIMessage msg) { 53 this.raAuthenticationSecret = key; 54 this.msg = msg; 55 } 56 57 public boolean verify() throws NoSuchAlgorithmException , NoSuchProviderException , InvalidKeyException { 58 boolean ret = false; 59 PKIHeader head = msg.getHeader(); 61 byte[] protectedBytes = msg.getProtectedBytes(); 62 DERBitString protection = msg.getProtection(); 63 AlgorithmIdentifier pAlg = head.getProtectionAlg(); 64 log.debug("Protection type is: "+pAlg.getObjectId().getId()); 65 if (!pAlg.getObjectId().equals(CMPObjectIdentifiers.passwordBasedMac)) { 66 errMsg = intres.getLocalizedMessage("cmp.errorunknownprotalg", pAlg.getObjectId().getId()); 67 log.error(errMsg); 68 return ret; 69 } else { 70 PBMParameter pp = PBMParameter.getInstance(pAlg.getParameters()); 71 iterationCount = pp.getIterationCount().getPositiveValue().intValue(); 72 log.debug("Iteration count is: "+iterationCount); 73 AlgorithmIdentifier owfAlg = pp.getOwf(); 74 owfOid = owfAlg.getObjectId().getId(); 76 log.debug("Owf type is: "+owfOid); 77 AlgorithmIdentifier macAlg = pp.getMac(); 78 macOid = macAlg.getObjectId().getId(); 80 log.debug("Mac type is: "+macOid); 81 byte[] salt = pp.getSalt().getOctets(); 82 byte[] raSecret = raAuthenticationSecret.getBytes(); 84 byte[] basekey = new byte[raSecret.length + salt.length]; 85 for (int i = 0; i < raSecret.length; i++) { 86 basekey[i] = raSecret[i]; 87 } 88 for (int i = 0; i < salt.length; i++) { 89 basekey[raSecret.length+i] = salt[i]; 90 } 91 MessageDigest dig = MessageDigest.getInstance(owfOid, "BC"); 93 for (int i = 0; i < iterationCount; i++) { 94 basekey = dig.digest(basekey); 95 dig.reset(); 96 } 97 Mac mac = Mac.getInstance(macOid, "BC"); 99 SecretKey key = new SecretKeySpec(basekey, macOid); 100 mac.init(key); 101 mac.reset(); 102 mac.update(protectedBytes, 0, protectedBytes.length); 103 byte[] out = mac.doFinal(); 104 byte[] pb = protection.getBytes(); 106 ret = Arrays.equals(out, pb); 107 } 108 return ret; 109 110 } 111 112 public String getErrMsg() { 113 return errMsg; 114 } 115 116 public String getMacOid() { 117 return macOid; 118 } 119 120 public String getOwfOid() { 121 return owfOid; 122 } 123 124 public int getIterationCount() { 125 return iterationCount; 126 } 127 128 } 129 | Popular Tags |