@Test public void test() throws SymmetricKeyDecryptionException, SymmetricKeyEncryptionException { // Precondition: // Owner has pw-protected MasterKeystore containig MKey_sig and MKey_enc // Owner hat lesser protected DeviceKeystore containing at least one // DeviceKey DevKey_1_enc // Create Empty SharePartList assertNotNull(volume); // ShareMetaData shareMetaData = volume.createShareMetaData(alias, // mKey_sig_pub, mKey_sig, deviceAlias, devKey1_enc); ShareMetaData shareMetaData = null; try { shareMetaData = new ShareMetaData( new JDBCHelperNonRevokeable("jdbc:sqlite:" + dbName + File.separator), mKey_sig_pub); } catch (Exception e) { e.printStackTrace(); fail(e.getMessage()); } try { Field smdField = Volume.class.getDeclaredField("shareMetaData"); smdField.setAccessible(true); smdField.set(volume, shareMetaData); } catch (Exception e) { fail(e.getMessage()); } assertNotNull(shareMetaData); SharePartList spl = shareMetaData.initSharePartList(); assertEquals("SharePartList is not empty, although it should be", 0, spl.size()); // Sign SharePartList try { spl.sign(mKey_sig); assertTrue(CryptCore.verifySignature(spl, spl.getSignature(), mKey_sig_pub)); } catch (SignatureException e2) { fail(e2.getMessage()); } spl.add(mKey_sig_pub, alias); assertEquals("SharePartList is not empty, although it should be", 1, spl.size()); try { spl.sign(mKey_sig); assertTrue(CryptCore.verifySignature(spl, spl.getSignature(), mKey_sig_pub)); } catch (SignatureException e2) { fail(e2.getMessage()); } // get DevKeys for the Devices that the owner wants to enable for this // Volume // Put keys in dkList dkList.put(deviceAlias, devKey1_enc); assertEquals("DeviceKeyList should have 1 element", 1, dkList.size()); // Create and sign devicelist DeviceList dl = shareMetaData.createDeviceList(mKey_sig_pub, dkList); assertEquals( "ShareMetaData should have 1 DeviceList", 1, shareMetaData.getDeviceLists().values().size()); // Create symmetric ShareKey SecretKey sk = CryptCore.generateSymmetricKey(); assertNotNull(sk); // Encrypt sk for all deviceLists Collection<DeviceList> deviceLists = shareMetaData.getDeviceLists().values(); Collection<PublicKey> pubKeys = new LinkedList<PublicKey>(); for (DeviceList devList : deviceLists) { pubKeys.addAll(devList.getPublicKeys()); } assertEquals(1, pubKeys.size()); // fetch ShareKeyDB ShareKeyDB db = shareMetaData.getShareKeys(); assertNotNull(db); // add Encrypted Keys to db try { db.add(sk, pubKeys); } catch (SymmetricKeyEncryptionException e1) { fail(e1.getMessage()); } assertEquals(1, db.size()); try { db.sign(mKey_sig, alias); } catch (SignatureException e1) { fail(e1.getMessage()); } // Encrypt skOb for all deviceLists shareMetaData.addObfuscationKey(devKey1_enc, null, null); System.out.println("Making ShareMetaData persistent..."); try { dl.sign(mKey_sig, shareMetaData.shareKeys, shareMetaData.obfuscationKeys); assertTrue( SignatureHelper.verify( dl.getSignature(), mKey_sig_pub, dl, shareMetaData.shareKeys.get(dl.getPublicKeys()), shareMetaData.obfuscationKeys.get(dl.getPublicKeys()))); } catch (SignatureException | InvalidKeyException | NoSuchAlgorithmException | SerializationException e2) { fail(e2.getMessage()); } // make sharemetadata persistent try { shareMetaData.persist(); shareMetaData.persist(dl); } catch (Exception e) { fail(e.getMessage()); } System.out.println("Loading Volume..."); // load volume with sharemetadata try { Volume loadedVol = new Volume(dbName); ShareMetaData loadedSMD = loadedVol.loadShareMetaData(mKey_sig_pub); assertArrayEquals(shareMetaData.getSignature(), loadedSMD.getSignature()); System.out.println("DONE"); } catch (Exception e) { e.printStackTrace(System.err); fail(e.getMessage()); } }
@Override public ShareMetaData createShareMetaData( String ownerAlias, PublicKey ownerPubSigKey, PrivateKey ownerPrivSigKey, PublicKey ownerPubEncKey, PrivateKey ownerPrivEncKey, String deviceAlias, PublicKey devicePubKey) throws IllegalArgumentException, ShareMetaDataException { if (IVolume.MASTER_KEY.equals(deviceAlias)) { throw new IllegalArgumentException("Illegal alias for device. Choose another alias"); } if (db.exists()) { throw new IllegalArgumentException( "Can't initialize new share metadata, because database already exists."); } // verify matching public/private keys if (!Utils.keysMatch(ownerPubSigKey, ownerPrivSigKey)) { throw new IllegalArgumentException("Owners master private and public key do not match!"); } shareMetaData = new ShareMetaData(db, ownerPubSigKey); try { this.shareMetaData.load(); } catch (InitializaionException e) { throw new ShareMetaDataException("Could not initialize ShareMetaData", e); } catch (SignatureException e) { throw new ShareMetaDataException("Could not verify signature", e); } catch (DeviceListException e) { throw new ShareMetaDataException("Could not verify signature", e); } // Init Participants list SharePartList spl = shareMetaData.initSharePartList(); spl.add(ownerPubSigKey, ownerAlias); // Init DeviceList HashMap<String, PublicKey> dkList = new HashMap<String, PublicKey>(); dkList.put(IVolume.MASTER_KEY, ownerPubEncKey); dkList.put(deviceAlias, devicePubKey); DeviceList devices = shareMetaData.createDeviceList(ownerPubSigKey, dkList); // Create ObfuscationKey try { shareMetaData.addObfuscationKey(ownerPubEncKey, null, null); shareMetaData.addObfuscationKey(ownerPubEncKey, ownerPrivEncKey, devicePubKey); } catch (SymmetricKeyEncryptionException | SymmetricKeyDecryptionException e) { throw new ShareMetaDataException("Could not initialize obfuscation key", e); } // Create initial ShareKey ShareKeyDB shareKeys = shareMetaData.getShareKeys(); SecretKey shareKey = CryptCore.generateSymmetricKey(); try { shareKeys.add(shareKey, dkList.values()); } catch (SymmetricKeyEncryptionException e1) { throw new ShareMetaDataException("Could not encrypt sharekey for device", e1); } try { spl.sign(ownerPrivSigKey); } catch (SignatureException e2) { throw new ShareMetaDataException("Could not sign SharePartList", e2); } try { devices.sign(ownerPrivSigKey, shareKeys, shareMetaData.obfuscationKeys); } catch (SignatureException e2) { throw new ShareMetaDataException("Could not sign DeviceList", e2); } shareMetaData.persist(); shareMetaData.persist(devices); return shareMetaData; }