1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
package pl.edu.mimuw.cloudatlas.querysigner;
import pl.edu.mimuw.cloudatlas.ByteSerializer;
import pl.edu.mimuw.cloudatlas.model.ValueQuery;
import pl.edu.mimuw.cloudatlas.querysignerapi.QuerySignerApi;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import java.rmi.RemoteException;
import java.security.*;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
public class QuerySignerApiImplementation implements QuerySignerApi {
private final static String ENCRYPTION_ALGORITHM = "RSA";
private final static String DIGEST_ALGORITHM = "SHA-256";
private PublicKey publicKey;
private PrivateKey privateKey;
private Map<String, ValueQuery> queries;
private Set<String> attribsSetByQueries;
public QuerySignerApiImplementation(PublicKey publicKey, PrivateKey privateKey) {
this.publicKey = publicKey;
this.privateKey = privateKey;
this.queries = new HashMap<>();
this.attribsSetByQueries = new HashSet<>();
}
private static String byteArrayToString(byte[] arr, int offset, int len) {
StringBuffer sb = new StringBuffer();
for (int i = offset, n = Math.min(arr.length, offset + len); i < n; ++i) {
String hex = Integer.toHexString(0xFF & arr[i]);
if (hex.length() < 2) {
sb.append('0');
}
sb.append(hex);
}
return sb.toString();
}
private byte[] encryptQuery(byte[] query) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
Cipher signCipher = Cipher.getInstance(ENCRYPTION_ALGORITHM);
signCipher.init(Cipher.ENCRYPT_MODE, privateKey);
byte[] encryptedBytes = signCipher.doFinal(query);
System.out.println(
"Bytes encrypted with " + ENCRYPTION_ALGORITHM +
": " + byteArrayToString(
encryptedBytes, 0, encryptedBytes.length));
return encryptedBytes;
}
private static byte[] decryptQuery(byte[] encryptedQuery, PublicKey publicKey) throws NoSuchPaddingException, NoSuchAlgorithmException, BadPaddingException, IllegalBlockSizeException, InvalidKeyException {
Cipher verifyCipher = Cipher.getInstance(ENCRYPTION_ALGORITHM);
verifyCipher.init(Cipher.DECRYPT_MODE, publicKey);
byte[] decryptedBytes = verifyCipher.doFinal(encryptedQuery);
System.out.println(
"Bytes decrypted with " + ENCRYPTION_ALGORITHM +
": " + byteArrayToString(
decryptedBytes, 0, decryptedBytes.length));
return decryptedBytes;
}
private static byte[] cryptographicHash(byte[] serializedQuery) throws NoSuchAlgorithmException {
MessageDigest digestGenerator =
MessageDigest.getInstance(DIGEST_ALGORITHM);
byte[] digest = digestGenerator.digest(serializedQuery);
System.out.println(
DIGEST_ALGORITHM + " digest: " +
byteArrayToString(
digest, 0, digest.length));
return digest;
}
private static byte[] serializeQuery(String queryName, String queryCode, Boolean install) {
ByteSerializer byteSerializer = new ByteSerializer();
if (install) {
return byteSerializer.serialize(queryName + queryCode + install.toString());
} else {
return byteSerializer.serialize(queryName + install.toString());
}
}
private QueryData signQuery(String queryName, String queryCode, Boolean install) throws RemoteException {
QueryUtils.validateQueryName(queryName);
try {
byte[] serializedQuery = serializeQuery(queryName, queryCode, install);
byte[] hashedQuery = cryptographicHash(serializedQuery);
byte[] querySignature = encryptQuery(hashedQuery);
return new QueryData(queryCode, querySignature);
} catch (Exception e) {
e.printStackTrace();
throw new RemoteException(e.getLocalizedMessage());
}
}
@Override
public QueryData signInstallQuery(String queryName, String queryCode) throws RemoteException {
return signQuery(queryName, queryCode, true);
}
public static void validateInstallQuery(String queryName, QueryData query, PublicKey publicKey) throws RemoteException,IllegalBlockSizeException, InvalidKeyException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException, QuerySigner.InvalidQueryException {
validateQuery(queryName, query, publicKey, true);
}
public static void validateQuery(String queryName, QueryData query, PublicKey publicKey, boolean install) throws RemoteException,IllegalBlockSizeException, InvalidKeyException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException, QuerySigner.InvalidQueryException {
QueryUtils.validateQueryName(queryName);
byte[] decryptedQuery = decryptQuery(query.getSignature(), publicKey);
byte[] serializedQuery = serializeQuery(queryName, query.getCode(), install);
byte[] hashedSerializedQuery = cryptographicHash(serializedQuery);
String decryptedQueryString = byteArrayToString(decryptedQuery, 0, decryptedQuery.length);
String hashedSerializedQueryString = byteArrayToString(hashedSerializedQuery, 0, hashedSerializedQuery.length);
if (!decryptedQueryString.equals(hashedSerializedQueryString)) {
throw new QuerySigner.InvalidQueryException();
}
}
@Override
public QueryData signUninstallQuery(String queryName) throws RemoteException {
return signQuery(queryName, "", false);
}
public static void validateUninstallQuery(String queryName, QueryData query, PublicKey publicKey) throws RemoteException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, QuerySigner.InvalidQueryException, NoSuchPaddingException, InvalidKeyException {
validateQuery(queryName, query, publicKey, false);
}
}
|