View Javadoc
1   /*
2    * Copyright 2024 Michael Osipov
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package net.sf.michaelo.tomcat.pac;
17  
18  import java.security.Key;
19  import java.security.SignatureException;
20  import java.util.Arrays;
21  import java.util.HashMap;
22  import java.util.Map;
23  import java.util.Objects;
24  
25  import net.sf.michaelo.tomcat.pac.PacSignatureData.SignatureType;
26  
27  /**
28   * A base implementation of the {@link PacSignatureVerifier}. Implementors are expected to implement
29   * {@link #verifyInternal(PacSignatureData, byte[], Key[])} only.
30   */
31  public abstract class PacSignatureVerifierBase implements PacSignatureVerifier {
32  
33  	private static final Map<String, Integer> ETYPE_MAPPER = new HashMap<>();
34  
35  	static {
36  		ETYPE_MAPPER.put("ArcFourHmac", SignatureType.HMAC_MD5.getEType());
37  		ETYPE_MAPPER.put("rc4-hmac", SignatureType.HMAC_MD5.getEType());
38  		ETYPE_MAPPER.put("23", SignatureType.HMAC_MD5.getEType());
39  		ETYPE_MAPPER.put("AES128", SignatureType.HMAC_SHA1_96_AES128.getEType());
40  		ETYPE_MAPPER.put("aes128-cts-hmac-sha1-96", SignatureType.HMAC_SHA1_96_AES128.getEType());
41  		ETYPE_MAPPER.put("17", SignatureType.HMAC_SHA1_96_AES128.getEType());
42  		ETYPE_MAPPER.put("AES256", SignatureType.HMAC_SHA1_96_AES256.getEType());
43  		ETYPE_MAPPER.put("aes256-cts-hmac-sha1-96", SignatureType.HMAC_SHA1_96_AES256.getEType());
44  		ETYPE_MAPPER.put("18", SignatureType.HMAC_SHA1_96_AES256.getEType());
45  	}
46  
47  	@Override
48  	public void verify(PacSignatureData signatureData, byte[] data, Key[] keys)
49  			throws SignatureException {
50  		Objects.requireNonNull(signatureData, "signatureData cannot be null");
51  		Objects.requireNonNull(data, "data cannot be null");
52  		if (data.length == 0)
53  			throw new IllegalArgumentException("data cannot be empty");
54  		Objects.requireNonNull(keys, "data cannot be null");
55  		if (keys.length == 0)
56  			throw new IllegalArgumentException("keys cannot be empty");
57  
58  		Key[] filteredKeys = Arrays.stream(keys)
59  				.filter(key -> ETYPE_MAPPER.get(key.getAlgorithm()) != null && ETYPE_MAPPER
60  						.get(key.getAlgorithm()) == signatureData.getType().getEType())
61  				.toArray(Key[]::new);
62  		if (filteredKeys.length == 0)
63  			throw new IllegalArgumentException(
64  					"No suitable keys provided for etype " + signatureData.getType().getEType());
65  
66  		verifyInternal(signatureData, data, filteredKeys);
67  	}
68  
69  	/**
70  	 * In contrast to {@link #verify(PacSignatureData, byte[], Key[])} all input parameters are
71  	 * validated before passed down.
72  	 *
73  	 * @see #verify(PacSignatureData, byte[], Key[])
74  	 */
75  	abstract protected void verifyInternal(PacSignatureData signatureData, byte[] data, Key[] keys)
76  			throws SignatureException;
77  
78  }