/**
* Create a STPR STPR = T|Comm(L_1, r^1_W)|...|Comm(L_n, r^n_W)
*
* @param aStampContext
* @param location location L_1
* @param time Preq time T
* @return STPR
*/
private static byte[] createSTPR(WitnessContext aStampContext, byte location[], byte time[]) {
BigInteger rw = aStampContext.getEPRandomW();
String locString = new String(location);
Location loc = new Location(locString);
short levelCount = (short) loc.getLevelCount();
LinkedList<BigInteger> rws = new LinkedList<BigInteger>();
try {
rws = CryptoUtil.getHashChain(rw, levelCount);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
ArrayList<byte[]> locComms = new ArrayList<byte[]>();
for (int i = 0; i < levelCount; i++) {
byte[] locComm = {};
try {
locComm = CryptoUtil.getCommitment(loc.getLevel(i).getBytes(), rws.get(i)).toByteArray();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
locComms.add(locComm);
}
return MessageUtil.createMessageFromArray(locComms);
}
private void testEncryptDecrypt(final CryptoUtil cryptoUtil, final String textToEncrypt)
throws Exception {
String encryptedText = cryptoUtil.encrypt(textToEncrypt);
assertNotSame(
"Encrypted text should not be the same as the plain text", textToEncrypt, encryptedText);
String decryptedText = cryptoUtil.decrypt(encryptedText);
assertEquals(
"Decrypted text should be the same as the original text", textToEncrypt, decryptedText);
}
/**
* Endorse the proof
*
* @param aStampContext current context
* @param aProof proof
* @return endorsed proof
* @throws NoSuchAlgorithmException
* @throws BadPaddingException
* @throws IllegalBlockSizeException
* @throws NoSuchPaddingException
* @throws InvalidKeyException
*/
private static byte[] endorseP(WitnessContext aStampContext, byte aProof[]) {
// Sign on the proof first
byte[] sig = {};
try {
sig = CryptoUtil.signDSA(aStampContext.getPriDSASelf(), aProof);
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (SignatureException e) {
e.printStackTrace();
}
// Include own ID in EP
byte[] wID = aStampContext.getPubDSASelf().getEncoded();
ArrayList<byte[]> array = new ArrayList<byte[]>();
array.add(wID);
array.add(aProof);
array.add(sig);
byte[] epContent = MessageUtil.compileMessages(array);
// Encrypt epContent with an AES key first
SecretKey aesKey = null;
byte[] epEncrypted = {};
byte[] keyEncrypted = {};
try {
aesKey = CryptoUtil.generateAESKey(128);
epEncrypted = CryptoUtil.encryptAES(aesKey, epContent);
keyEncrypted = CryptoUtil.encryptRSA(aStampContext.getPubRSACA(), aesKey.getEncoded());
} catch (NoSuchAlgorithmException e1) {
e1.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
}
ArrayList<byte[]> arrayOut = new ArrayList<byte[]>();
arrayOut.add(epEncrypted);
arrayOut.add(keyEncrypted);
return MessageUtil.compileMessages(arrayOut);
}
private void decryptPassword(Properties properties) {
String pwd = properties.getProperty(PROP_PASSWORD);
if (pwd != null) {
String newPwd = CryptoUtil.decrypt(pwd);
properties.setProperty(PROP_PASSWORD, newPwd);
}
}
/**
* Process DB Success message
*
* @param aStampContext current context
* @param payload DB Success message
*/
public static void processCeCk(WitnessContext aStampContext, byte[] payload) {
// parse Ce and Ck
ArrayList<byte[]> ceck = MessageUtil.parseMessage(payload, 2);
ArrayList<byte[]> ces = MessageUtil.parseMessages(ceck.get(0));
ArrayList<byte[]> cks = MessageUtil.parseMessages(ceck.get(1));
// obtain z
BigInteger z = CryptoUtil.getZ(ces, cks, aStampContext.getPubDSASelf().getParams().getP());
aStampContext.setRemoteZ(z);
}
/**
* Create DB ready message body
*
* @return DB ready message
*/
public static byte[] createCeCk(ProverContext aStampContext) {
BigInteger e = aStampContext.getE();
BigInteger k = aStampContext.getK();
BigInteger p = aStampContext.getPubDSASelf().getParams().getP();
BigInteger g = aStampContext.getPubDSASelf().getParams().getG();
BigInteger h = aStampContext.getH();
BigInteger v = aStampContext.getV();
ArrayList<byte[]> ces = CryptoUtil.getBitCommitments(g, p, h, v, e);
ArrayList<byte[]> cks = CryptoUtil.getBitCommitments(g, p, h, v, k);
byte[] cesBytes = MessageUtil.createMessageFromArray(ces);
byte[] cksBytes = MessageUtil.createMessageFromArray(cks);
ArrayList<byte[]> array = new ArrayList<byte[]>();
array.add(cesBytes);
array.add(cksBytes);
return MessageUtil.compileMessages(array);
}
/**
* Create user identity token based on username and password
*
* @param ep
* @param username
* @param password
* @return user identity token
* @throws ServiceResultException if endpoint or the stack doesn't support UserName token policy
*/
public static UserIdentityToken createUserNameIdentityToken(
EndpointDescription ep, byte[] senderNonce, String username, String password)
throws ServiceResultException {
UserTokenPolicy policy = ep.findUserTokenPolicy(UserTokenType.UserName);
if (policy == null)
throw new ServiceResultException(
StatusCodes.Bad_IdentityTokenRejected, "UserName not supported");
String securityPolicyUri = policy.getSecurityPolicyUri();
if (securityPolicyUri == null) securityPolicyUri = ep.getSecurityPolicyUri();
SecurityPolicy securityPolicy = SecurityPolicy.getSecurityPolicy(securityPolicyUri);
if (securityPolicy == null) securityPolicy = SecurityPolicy.NONE;
UserNameIdentityToken token = new UserNameIdentityToken();
token.setUserName(username);
token.setPolicyId(policy.getPolicyId());
// Encrypt the password, unless no security is defined
SecurityAlgorithm algorithm = securityPolicy.getAsymmetricEncryptionAlgorithm();
byte[] pw = password.getBytes(BinaryEncoder.UTF8);
if (algorithm == null) token.setPassword(pw);
else
try {
Cert serverCert = new Cert(ep.getServerCertificate());
if (senderNonce != null)
pw =
ByteBufferUtils.concatenate(toArray(pw.length + senderNonce.length), pw, senderNonce);
else pw = ByteBufferUtils.concatenate(toArray(pw.length), pw);
pw = CryptoUtil.asymmEncrypt(pw, serverCert.getCertificate().getPublicKey(), algorithm);
token.setPassword(pw);
} catch (InvalidKeyException e) {
// Server certificate does not have encrypt usage
throw new ServiceResultException(
StatusCodes.Bad_CertificateInvalid,
"Server certificate in endpoint is invalid: " + e.getMessage());
} catch (IllegalBlockSizeException e) {
throw new ServiceResultException(
StatusCodes.Bad_SecurityPolicyRejected, e.getClass().getName() + ":" + e.getMessage());
} catch (BadPaddingException e) {
throw new ServiceResultException(
StatusCodes.Bad_CertificateInvalid,
"Server certificate in endpoint is invalid: " + e.getMessage());
} catch (NoSuchAlgorithmException e) {
throw new ServiceResultException(StatusCodes.Bad_InternalError, e);
} catch (NoSuchPaddingException e) {
throw new ServiceResultException(StatusCodes.Bad_InternalError, e);
}
token.setEncryptionAlgorithm(algorithm.getUri());
return token;
}
public void setCipherAlgorithmNameModePadding(String cipherAlgorithmNameModePadding) {
String cipherAlgorithmExpected, cipherAlgorithmReceived;
cipherAlgorithmExpected = this.getCipherAlgorithm();
cipherAlgorithmReceived = CryptoUtil.getCipherNameAsString(cipherAlgorithmNameModePadding);
if (!cipherAlgorithmExpected.equals(cipherAlgorithmReceived)) {
throw new IllegalArgumentException("algorithm must be " + cipherAlgorithmExpected);
}
this.cipherAlgorithmNameModePadding = cipherAlgorithmNameModePadding;
try {
this.cipher =
Cipher.getInstance(this.cipherAlgorithmNameModePadding, Crypto.getCryptoProvider());
} catch (GeneralSecurityException e) {
logException(getClass(), e);
throw new IllegalArgumentException(e);
}
}
public String getCipherName() {
return CryptoUtil.getCipherNameAsString(this.cipherAlgorithmNameModePadding);
}
