@Override
public void inviteUser(
String ownerAlias,
PrivateKey ownerPrivSigKey,
PublicKey ownerPubEncKey,
PrivateKey ownerPrivEncKey,
String alias,
PublicKey userPubEncKey,
PublicKey userPubSigKey)
throws ShareMetaDataException {
// Check if called by owner
if (!Utils.keysMatch(shareMetaData.ownerPubSigKey, ownerPrivSigKey)) {
throw new ShareMetaDataException("This method can only be called by the share owner!");
}
SharePartList spl = shareMetaData.getSharePartList();
// Check if user alias already exists
if (spl.getPublicKey(alias) == null) {
spl.add(userPubSigKey, alias);
}
// Create deviceList and sign for user
HashMap<String, PublicKey> dkList = new HashMap<String, PublicKey>();
dkList.put(IVolume.MASTER_KEY, userPubEncKey);
DeviceList devices = shareMetaData.createDeviceList(userPubSigKey, dkList);
try {
shareMetaData.addObfuscationKey(ownerPubEncKey, ownerPrivEncKey, userPubEncKey);
} catch (SymmetricKeyEncryptionException | SymmetricKeyDecryptionException e) {
throw new ShareMetaDataException("Could not add encrypted obfuscation key for new user", e);
}
// add encrypted sharekey for device
try {
this.shareMetaData.shareKeys.addDevice(ownerPubEncKey, ownerPrivEncKey, userPubEncKey);
} catch (Exception e) {
throw new ShareMetaDataException("Could not add encrypted share keys for new user", e);
}
// Sign everything
try {
spl.sign(ownerPrivSigKey);
} catch (SignatureException e) {
throw new ShareMetaDataException("Could not add new user to ShareParticipantList.", e);
}
try {
devices.sign(ownerPrivSigKey, shareMetaData.shareKeys, shareMetaData.obfuscationKeys);
} catch (SignatureException e) {
throw new ShareMetaDataException("Could not sign devicelist", e);
}
this.shareMetaData.persist();
this.shareMetaData.persist(devices);
}
@Test
public void test() throws SymmetricKeyDecryptionException, SymmetricKeyEncryptionException {
// Precondition:
// Owner has pw-protected MasterKeystore containig MKey_sig and MKey_enc
// Owner hat lesser protected DeviceKeystore containing at least one
// DeviceKey DevKey_1_enc
// Create Empty SharePartList
assertNotNull(volume);
// ShareMetaData shareMetaData = volume.createShareMetaData(alias,
// mKey_sig_pub, mKey_sig, deviceAlias, devKey1_enc);
ShareMetaData shareMetaData = null;
try {
shareMetaData =
new ShareMetaData(
new JDBCHelperNonRevokeable("jdbc:sqlite:" + dbName + File.separator), mKey_sig_pub);
} catch (Exception e) {
e.printStackTrace();
fail(e.getMessage());
}
try {
Field smdField = Volume.class.getDeclaredField("shareMetaData");
smdField.setAccessible(true);
smdField.set(volume, shareMetaData);
} catch (Exception e) {
fail(e.getMessage());
}
assertNotNull(shareMetaData);
SharePartList spl = shareMetaData.initSharePartList();
assertEquals("SharePartList is not empty, although it should be", 0, spl.size());
// Sign SharePartList
try {
spl.sign(mKey_sig);
assertTrue(CryptCore.verifySignature(spl, spl.getSignature(), mKey_sig_pub));
} catch (SignatureException e2) {
fail(e2.getMessage());
}
spl.add(mKey_sig_pub, alias);
assertEquals("SharePartList is not empty, although it should be", 1, spl.size());
try {
spl.sign(mKey_sig);
assertTrue(CryptCore.verifySignature(spl, spl.getSignature(), mKey_sig_pub));
} catch (SignatureException e2) {
fail(e2.getMessage());
}
// get DevKeys for the Devices that the owner wants to enable for this
// Volume
// Put keys in dkList
dkList.put(deviceAlias, devKey1_enc);
assertEquals("DeviceKeyList should have 1 element", 1, dkList.size());
// Create and sign devicelist
DeviceList dl = shareMetaData.createDeviceList(mKey_sig_pub, dkList);
assertEquals(
"ShareMetaData should have 1 DeviceList",
1,
shareMetaData.getDeviceLists().values().size());
// Create symmetric ShareKey
SecretKey sk = CryptCore.generateSymmetricKey();
assertNotNull(sk);
// Encrypt sk for all deviceLists
Collection<DeviceList> deviceLists = shareMetaData.getDeviceLists().values();
Collection<PublicKey> pubKeys = new LinkedList<PublicKey>();
for (DeviceList devList : deviceLists) {
pubKeys.addAll(devList.getPublicKeys());
}
assertEquals(1, pubKeys.size());
// fetch ShareKeyDB
ShareKeyDB db = shareMetaData.getShareKeys();
assertNotNull(db);
// add Encrypted Keys to db
try {
db.add(sk, pubKeys);
} catch (SymmetricKeyEncryptionException e1) {
fail(e1.getMessage());
}
assertEquals(1, db.size());
try {
db.sign(mKey_sig, alias);
} catch (SignatureException e1) {
fail(e1.getMessage());
}
// Encrypt skOb for all deviceLists
shareMetaData.addObfuscationKey(devKey1_enc, null, null);
System.out.println("Making ShareMetaData persistent...");
try {
dl.sign(mKey_sig, shareMetaData.shareKeys, shareMetaData.obfuscationKeys);
assertTrue(
SignatureHelper.verify(
dl.getSignature(),
mKey_sig_pub,
dl,
shareMetaData.shareKeys.get(dl.getPublicKeys()),
shareMetaData.obfuscationKeys.get(dl.getPublicKeys())));
} catch (SignatureException
| InvalidKeyException
| NoSuchAlgorithmException
| SerializationException e2) {
fail(e2.getMessage());
}
// make sharemetadata persistent
try {
shareMetaData.persist();
shareMetaData.persist(dl);
} catch (Exception e) {
fail(e.getMessage());
}
System.out.println("Loading Volume...");
// load volume with sharemetadata
try {
Volume loadedVol = new Volume(dbName);
ShareMetaData loadedSMD = loadedVol.loadShareMetaData(mKey_sig_pub);
assertArrayEquals(shareMetaData.getSignature(), loadedSMD.getSignature());
System.out.println("DONE");
} catch (Exception e) {
e.printStackTrace(System.err);
fail(e.getMessage());
}
}
@Override
public void addDevice(
String alias,
PublicKey masterPubSigKey,
PrivateKey masterPrivSigKey,
String newDeviceAlias,
PublicKey newDevicePubKey,
PublicKey masterPubEncKey,
PrivateKey masterPrivEncKey)
throws ShareMetaDataException {
if (IVolume.MASTER_KEY.equals(newDeviceAlias)) {
throw new IllegalArgumentException("Illegal alias for device. Choose another alias");
}
// verify matching public/private keys
if (!Utils.keysMatch(masterPubSigKey, masterPrivSigKey)) {
throw new IllegalArgumentException(
"User's master private and public signature keys do not match!");
}
if (!Utils.keysMatch(masterPubEncKey, masterPrivEncKey)) {
throw new IllegalArgumentException(
"User's master private and public encryption keys do not match!");
}
// verify integrity of ShareParticipantList
SharePartList sharePartList = shareMetaData.getSharePartList();
try {
SignatureHelper.verify(
sharePartList, sharePartList.getSignature(), shareMetaData.ownerPubSigKey);
} catch (InvalidKeyException
| NoSuchAlgorithmException
| SignatureException
| SerializationException e) {
throw new ShareMetaDataException("Could not verify ShareParticipantsList signature", e);
}
// check if masterPubSigKey is in ShareParticipants
if (!sharePartList.getPublicKey(alias).equals(masterPubSigKey)) {
throw new ShareMetaDataException(
"Given user singature publickey is not " + "in sharepartiticapnts list");
}
// Get DeviceList for user
DeviceList deviceList = shareMetaData.getDeviceLists().get(masterPubSigKey);
if (deviceList == null) {
throw new ShareMetaDataException(
"DeviceList for user " + alias + " was empty, which should never be the case.");
}
// add device
deviceList.addDevice(newDeviceAlias, newDevicePubKey);
// add encrypted Obfuscation key for new device
try {
shareMetaData.addObfuscationKey(masterPubEncKey, masterPrivEncKey, newDevicePubKey);
} catch (SymmetricKeyEncryptionException | SymmetricKeyDecryptionException e) {
throw new ShareMetaDataException("Could not add encrypted obfuscation key for new device", e);
}
// add encrypted sharekey for device
try {
this.shareMetaData.shareKeys.addDevice(masterPubEncKey, masterPrivEncKey, newDevicePubKey);
} catch (Exception e) {
throw new ShareMetaDataException("Could not add encrypted share keys for new device", e);
}
// Sign everything
try {
deviceList.sign(masterPrivSigKey, shareMetaData.shareKeys, shareMetaData.obfuscationKeys);
} catch (SignatureException e) {
throw new ShareMetaDataException("Could not sign devicelist", e);
}
this.shareMetaData.persist(deviceList);
}
@Override
public ShareMetaData createShareMetaData(
String ownerAlias,
PublicKey ownerPubSigKey,
PrivateKey ownerPrivSigKey,
PublicKey ownerPubEncKey,
PrivateKey ownerPrivEncKey,
String deviceAlias,
PublicKey devicePubKey)
throws IllegalArgumentException, ShareMetaDataException {
if (IVolume.MASTER_KEY.equals(deviceAlias)) {
throw new IllegalArgumentException("Illegal alias for device. Choose another alias");
}
if (db.exists()) {
throw new IllegalArgumentException(
"Can't initialize new share metadata, because database already exists.");
}
// verify matching public/private keys
if (!Utils.keysMatch(ownerPubSigKey, ownerPrivSigKey)) {
throw new IllegalArgumentException("Owners master private and public key do not match!");
}
shareMetaData = new ShareMetaData(db, ownerPubSigKey);
try {
this.shareMetaData.load();
} catch (InitializaionException e) {
throw new ShareMetaDataException("Could not initialize ShareMetaData", e);
} catch (SignatureException e) {
throw new ShareMetaDataException("Could not verify signature", e);
} catch (DeviceListException e) {
throw new ShareMetaDataException("Could not verify signature", e);
}
// Init Participants list
SharePartList spl = shareMetaData.initSharePartList();
spl.add(ownerPubSigKey, ownerAlias);
// Init DeviceList
HashMap<String, PublicKey> dkList = new HashMap<String, PublicKey>();
dkList.put(IVolume.MASTER_KEY, ownerPubEncKey);
dkList.put(deviceAlias, devicePubKey);
DeviceList devices = shareMetaData.createDeviceList(ownerPubSigKey, dkList);
// Create ObfuscationKey
try {
shareMetaData.addObfuscationKey(ownerPubEncKey, null, null);
shareMetaData.addObfuscationKey(ownerPubEncKey, ownerPrivEncKey, devicePubKey);
} catch (SymmetricKeyEncryptionException | SymmetricKeyDecryptionException e) {
throw new ShareMetaDataException("Could not initialize obfuscation key", e);
}
// Create initial ShareKey
ShareKeyDB shareKeys = shareMetaData.getShareKeys();
SecretKey shareKey = CryptCore.generateSymmetricKey();
try {
shareKeys.add(shareKey, dkList.values());
} catch (SymmetricKeyEncryptionException e1) {
throw new ShareMetaDataException("Could not encrypt sharekey for device", e1);
}
try {
spl.sign(ownerPrivSigKey);
} catch (SignatureException e2) {
throw new ShareMetaDataException("Could not sign SharePartList", e2);
}
try {
devices.sign(ownerPrivSigKey, shareKeys, shareMetaData.obfuscationKeys);
} catch (SignatureException e2) {
throw new ShareMetaDataException("Could not sign DeviceList", e2);
}
shareMetaData.persist();
shareMetaData.persist(devices);
return shareMetaData;
}
