Clover

Clover Coverage Report

Coverage timestamp: Sun Mar 23 2008 08:24:39 GMT

FRAMES NO FRAMES SHOW HELP

Statistics for file PTBSignatureVerifier.java:
Stmts:	38		LOC:	185		Total cmp:	8		Stmts/Method:	7.6
Branches:	6		NCLOC:	72		Cmp density:	0.32		Methods/Class:	5
Methods:	5					Avg method cmp:	2.4
Classes:	1
Filtered

Expand All

PTBSignatureVerifier

Line # 79

Total Statements 38

Complexity 8

TOTAL Coverage 36.7%

0.36734694

No Tests

Collapse All

1

/*

2

* Copyright (c) 2006, University of Kent

3

* All rights reserved.

4

*

5

* Redistribution and use in source and binary forms, with or without

6

* modification, are permitted provided that the following conditions are met:

7

*

8

* Redistributions of source code must retain the above copyright notice, this

9

* list of conditions and the following disclaimer.

10

*

11

* Redistributions in binary form must reproduce the above copyright notice,

12

* this list of conditions and the following disclaimer in the documentation

13

* and/or other materials provided with the distribution.

14

*

15

* 1. Neither the name of the University of Kent nor the names of its

16

* contributors may be used to endorse or promote products derived from this

17

* software without specific prior written permission.

18

*

19

* 2. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS

20

* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,

21

* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

22

* PURPOSE ARE DISCLAIMED.

23

*

24

* 3. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE

25

* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

26

* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

27

* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

28

* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

29

* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

30

* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

31

* POSSIBILITY OF SUCH DAMAGE.

32

*

33

* 4. YOU AGREE THAT THE EXCLUSIONS IN PARAGRAPHS 2 AND 3 ABOVE ARE REASONABLE

34

* IN THE CIRCUMSTANCES. IN PARTICULAR, YOU ACKNOWLEDGE (1) THAT THIS

35

* SOFTWARE HAS BEEN MADE AVAILABLE TO YOU FREE OF CHARGE, (2) THAT THIS

36

* SOFTWARE IS NOT "PRODUCT" QUALITY, BUT HAS BEEN PRODUCED BY A RESEARCH

37

* GROUP WHO DESIRE TO MAKE THIS SOFTWARE FREELY AVAILABLE TO PEOPLE WHO WISH

38

* TO USE IT, AND (3) THAT BECAUSE THIS SOFTWARE IS NOT OF "PRODUCT" QUALITY

39

* IT IS INEVITABLE THAT THERE WILL BE BUGS AND ERRORS, AND POSSIBLY MORE

40

* SERIOUS FAULTS, IN THIS SOFTWARE.

41

*

42

* 5. This license is governed, except to the extent that local laws

43

* necessarily apply, by the laws of England and Wales.

44

*/

45

package issrg.test.ptb;

46

47

48

import iaik.x509.X509Certificate;

49

import iaik.asn1.ObjectID;

50

import iaik.security.rsa.Md5RSASignature;

51

import iaik.security.rsa.ShaRSASignature;

52

53

import java.util.Hashtable;

54

import java.io.FileInputStream;

55

56

/**

57

* This class implements the SignatureVerifier interface and provides the following mechanisms:

58

* <p>

59

* <ul>

60

* <li> Verification of the self-signed CA certificate

61

* <li> Veritication of the X.509 identity certificates related to the different SOAs involved in

62

* the application scenario

63

* <li> Verification of the digital signature of the different attribute certificates related to

64

* end users. Those certificates are checked using the public key contained in the X.509 identity certificate

65

* related to the corresponding SOA.

66

* </ul>

67

* <p>

68

* This class assumes that:

69

* <p>

70

* <ul>

71

* <li> Identity certificates of the different SOAs are issued by the self-signed CA (no subordinate CAs are used)

72

* <li> SOAs are the only issuers of the ACs (no subordinate AAs are used)

73

* </ul>

74

*

75

* @author O Canovas

76

* @author O Otenko

77

* @version 0.1

78

*/

79

public class PTBSignatureVerifier implements issrg.pba.rbac.SignatureVerifier {

80

81

protected X509Certificate caCertificate = null;

82

protected Hashtable soaCerts = null; //Hash table containing the identity certificates of the SOAs

83

84

/**

85

* Constructs a PTBSignatureVerifier. It has no parameters, and

86

* its main function is to initialise the hash table.

87

*/

88

2

public PTBSignatureVerifier() {

89

2

soaCerts = new Hashtable();

90

}

91

92

/**

93

* Gets the CA certificate and validates the signature.

94

* @param file is the file containing the certificate

95

* @return true if the certificate was successfully read and validated

96

*/

97

2

public boolean setCACertificate(String file) {

98

2

99

2

FileInputStream fis = new FileInputStream(file);

100

1

caCertificate = new iaik.x509.X509Certificate(fis);

101

1

caCertificate.verify();

102

1

103

}

104

catch (Exception e) {

105

1

e.printStackTrace();

106

1

107

}

108

}

109

110

/**

111

* Gets a new SOA certificate and inserts it in the hash table.

112

* @param file is the file containing the certificate

113

* @return true if the certificate was successfully read and validated

114

*/

115

3

public boolean addSOACertificate(String file) {

116

3

X509Certificate soaCert;

117

3

118

3

soaCert = new X509Certificate(new FileInputStream(file));

119

3

120

3

soaCert.verify(caCertificate.getPublicKey());

121

}

122

catch (Exception e) {

123

0

e.printStackTrace();

124

0

System.out.println("The certificate contained in " + file + " cannot be validated");

125

0

126

}

127

//Indexed by subject DN

128

3

soaCerts.put(soaCert.getSubjectDN().getName(),soaCert);

129

3

130

}

131

catch (Exception e) {

132

0

e.printStackTrace();

133

0

134

}

135

}

136

137

138

/**

139

* Checks if the <code>signature</code> for the given <code>value</code> has been signed by

140

* the <code>signer</code>. This method does not perform any kind of verification related to revocations

141

* (CRLs, OCSP queries). This method fetches the public key certificate of the signer, and follows

142

* the certification path back to its root of trust, that is, Signer -> SOA -> CA.

143

*

144

* @param value is the byte array that had been signed

145

* @param signature is the byte array of the resulting signature

146

* @param algorithmID is the String representation (dotted form) of the

147

* object identifier of the algorithm used for signing

148

* @param signer is the Principal of the signer

149

*

150

* @return true, if there is a valid PKI token, which proves the

151

* signature is valid; false otherwise

152

*/

153

0

public boolean checkSignature(byte[] value, byte[] signature,

154

String algorithmID, issrg.utils.repository.TokenLocator signer) {

155

0

boolean signatureVerified = false;

156

0

java.security.Signature verificator = null;

157

//First, we get the name related to the Algorithm identifier

158

0

String name = ObjectID.getRegisteredName(algorithmID).intern();

159

//Then, we check the name in order to instantiate the right class

160

0

if (name == "md5WithRSAEncryption")

161

0

verificator = new Md5RSASignature();

162

0

else if (name == "sha1WithRSAEncryption")

163

0

verificator = new ShaRSASignature();

164

//Next, we obtain the SOA's certificate

165

0

X509Certificate soa = (X509Certificate) soaCerts.get(signer.getEntry().getEntryName().getName());

166

0

if (soa == null) return false;

167

0

168

//Finally, we verify the digital signature...

169

0

verificator.initVerify(soa);

170

0

verificator.update(value);

171

0

signatureVerified = verificator.verify(signature);

172

}

173

catch (Exception e)

174

{

175

0

e.printStackTrace();

176

0

signatureVerified = false;

177

}

178

//...and the result is returned.

179

0

return signatureVerified;

180

}

181

182

0

public boolean referenceValidation(byte[] value, byte[] digest, String method) {

183

0

184

}

185

}