Clover

Clover Coverage Report

Coverage timestamp: Sun Mar 23 2008 08:24:39 GMT

FRAMES NO FRAMES SHOW HELP

Statistics for file PKCS12Security.java:
Stmts:	38	LOC:	169	Total cmp:	9	Stmts/Method:	9.5
Branches:	8	NCLOC:	66	Cmp density:	0.32	Methods/Class:	4
Methods:	4			Avg method cmp:	3
Classes:	1
Filtered

Expand All

PKCS12Security

Line # 60

Total Statements 38

Complexity 9

TOTAL Coverage 84%

0.84

No Tests

Collapse All

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright notice, this

* list of conditions and the following disclaimer.

* Redistributions in binary form must reproduce the above copyright notice,

* this list of conditions and the following disclaimer in the documentation

* and/or other materials provided with the distribution.

* 1. Neither the name of the University of Kent nor the names of its

* contributors may be used to endorse or promote products derived from this

* software without specific prior written permission.

* 2. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS

* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,

* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

* PURPOSE ARE DISCLAIMED.

* 3. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE

* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

* POSSIBILITY OF SUCH DAMAGE.

* 4. YOU AGREE THAT THE EXCLUSIONS IN PARAGRAPHS 2 AND 3 ABOVE ARE REASONABLE

* IN THE CIRCUMSTANCES. IN PARTICULAR, YOU ACKNOWLEDGE (1) THAT THIS

* SOFTWARE HAS BEEN MADE AVAILABLE TO YOU FREE OF CHARGE, (2) THAT THIS

* SOFTWARE IS NOT "PRODUCT" QUALITY, BUT HAS BEEN PRODUCED BY A RESEARCH

* GROUP WHO DESIRE TO MAKE THIS SOFTWARE FREELY AVAILABLE TO PEOPLE WHO WISH

* TO USE IT, AND (3) THAT BECAUSE THIS SOFTWARE IS NOT OF "PRODUCT" QUALITY

* IT IS INEVITABLE THAT THERE WILL BE BUGS AND ERRORS, AND POSSIBLY MORE

* SERIOUS FAULTS, IN THIS SOFTWARE.

* 5. This license is governed, except to the extent that local laws

* necessarily apply, by the laws of England and Wales.

package issrg.security;

import java.security.cert.X509Certificate;

import java.security.PrivateKey;

import java.io.File;

import java.io.FileNotFoundException;

/**

* This class implements a security that uses a PKCS#12 file to authenticate

* the user and obtain the signing and signature verification keys. The user

* interaction is inherited from DefaultSecurity. Only the key methods are

* overridden to log the user in using a known PKCS#12 file name, and

* a method to construct a FilenameCallback.

public class PKCS12Security extends DefaultSecurity {

private static final byte [] checkbytes=new byte[256];

static{

514

for (int i=0; i<checkbytes.length; i++) checkbytes[i]=(byte)i;

iaik.security.provider.IAIK.addAsJDK14Provider();

}

public PKCS12Security() throws SecurityException {

super();

}

/**

* The method for logging the user in without GUI. The method attempts to

* decrypt the private key, then signs and verifies a signature on an

* arbitrary

* byte array to ensure that the private key and the PKC match. Note that for

* signing purposes it is necessary to know the DN of the signer, which is

* not included

* in the private key.

* <p>After logging the user in the Root CAs are set to the collection of PKCs

* in the PKCS#12 file, including the user's signature verification PKC. The

* first PKC to match the signing key is used as the user's signature

* verification key.

* @param pkcFile is the filename of the PKCS#12 construct

* @param password is the password for decrypting the PKCS#12 file

public void login(String pkcFile, char[] password) throws SecurityException {

X509Certificate [] x509=getRootCAs();

X509Certificate [] rootCA;

PrivateKey pk=getPrivateKey();

java.security.Signature signature=getSignature();

try{

java.io.FileInputStream fin=new java.io.FileInputStream(pkcFile);

iaik.pkcs.pkcs12.PKCS12 epki = new iaik.pkcs.pkcs12.PKCS12(fin);

epki.decrypt(password);

100

101

// here the PKCS12 file should have been decrypted ok

102

103

secretKey=epki.getKeyBag().getPrivateKey();

104

rootCA=iaik.pkcs.pkcs12.CertificateBag.getCertificates(epki.getCertificateBags());

105

106

// here both x509 and pk are fine

107

// lets check if they match each other

108

109

String sigAlg = getDigestAlgorithm()+"with"+secretKey.getAlgorithm();

110

setSignature(java.security.Signature.getInstance(sigAlg));

111

112

byte [] sig=sign(checkbytes);

113

// the use of rootCA.getSigAlgOID() is not always correct. This value shows what algorithm was used to sign rootCA certificate

114

// we can reuse this algorithm only if rootCA is really a self-signed PKC, which usually it is, but in a simplistic "PKI"

115

// non-selfsigned PKCs may be allowed

116

boolean verified=false;

117

for (int i=0; i<rootCA.length; i++){

118

try{

119

if (verify(checkbytes, sig, sigAlg, new X509Certificate[]{rootCA[i]})){

120

X509Certificate c=rootCA[0]; // reorder them so that the entity PKC is the first in the array

121

rootCA[0]=rootCA[i];

122

rootCA[i]=c;

123

verified=true;

124

break;

125

}

126

}catch(Exception ex){

127

// ignore - this is not the key of the holder; try another

128

}

129

}

130

if (verified){ // the signature verifies

131

x509=rootCA; // note that the finally statement requires such substitution, so the keys will be properly remembered

132

pk=secretKey;

133

signature=getSignature();

134

}else{

135

throw new SecurityException ("The PKC does not match the Private Key. Use another key-pair.");

136

}

137

138

}catch (SecurityException se){

139

throw se;

140

}catch (FileNotFoundException fnfe) {

141

throw new SecurityException("Could not find the P12 file", fnfe);

142

}catch(Exception e){

143

throw new SecurityException("Failed to log into the specified PKCS#12", e);

144

}finally{ // restore the private key and PKC as they were before executing the method

145

// unless the values of the x509 and pk have been updated due to successful signature verification

146

setRootCAs(x509);

147

setPrivateKey(pk);

148

setSignature(signature);

149

}

150

}

151

152

final public static String PKC_EXTENSION=".p12";

153

final public static String PFX_EXTENSION=".pfx";

154

final public static String exts[] = new String[]{PKC_EXTENSION, PFX_EXTENSION};

155

156

/**

157

* This method constructs a FilenameCallback that will filter out all but

158

* PKCS#12 files with the extensions PKC_EXTENSION (".p12") and PFX_EXTENSION

159

* (".pfx").

160

161

* @param defaultFile - the default file to use if the user doesn't make any

162

* selection

163

164

* @return FilenameCallback configured to display PKCS#12 files only

165

166

public FilenameCallback getFilenameCallback(String defaultFile){

167

return new FilenameCallback("PKCS#12 file", defaultFile, "PKCS#12 Files", exts);

168

}

169

}