mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opends/src/server/org/opends/server/extensions/GetSymmetricKeyExtendedOperation.java
@@ -150,8 +150,8 @@ { // Initialize the variables associated with components that may be included // in the request. byte[] requestSymmetricKey = null; byte[] instanceKeyID = null; String requestSymmetricKey = null; String instanceKeyID = null; @@ -175,11 +175,12 @@ { case TYPE_SYMMETRIC_KEY_ELEMENT: requestSymmetricKey = ASN1OctetString.decodeAsOctetString(e).value(); ASN1OctetString.decodeAsOctetString(e).stringValue(); break; case TYPE_INSTANCE_KEY_ID_ELEMENT: instanceKeyID = ASN1OctetString.decodeAsOctetString(e).value(); instanceKeyID = ASN1OctetString.decodeAsOctetString(e).stringValue(); break; default: @@ -220,7 +221,7 @@ CryptoManager cm = DirectoryServer.getCryptoManager(); try { byte[] responseSymmetricKey = cm.rewrapSymmetricKeyAttribute( String responseSymmetricKey = cm.rewrapSymmetricKeyAttribute( requestSymmetricKey, instanceKeyID); operation.setResponseOID( @@ -233,6 +234,11 @@ operation.setResultCode(DirectoryServer.getServerErrorResultCode()); operation.appendErrorMessage(e.getMessageObject()); } catch (Exception e) { operation.setResultCode(DirectoryServer.getServerErrorResultCode()); operation.appendErrorMessage(StaticUtils.getExceptionMessage(e)); } } /** @@ -246,8 +252,8 @@ * @return An ASN.1 octet string containing the encoded request value. */ public static ASN1OctetString encodeRequestValue( byte[] symmetricKey, byte[] instanceKeyID) String symmetricKey, String instanceKeyID) { ArrayList<ASN1Element> elements = new ArrayList<ASN1Element>(2);
@@ -267,8 +267,7 @@ "oNL+HHKW0vi5/7W5KwOZsPqKI2SdYV7nDqTZklm5ZP0gmIuNO6mTqBRtC2D" + "lplX1Iq+BrQJAmteiPtwhdZD+EIghe51CaseImjlLlY2ZK8w=="; final byte[] certificate = Base64.decode(certificateBase64); final String keyID = StaticUtils.bytesToHexNoSpace( getInstanceKeyID(certificate)); final String keyID = getInstanceKeyID(certificate); final SecretKey macKey = MacKeyEntry.generateKeyEntry(null, preferredMACAlgorithm, preferredMACAlgorithmKeyLengthBits).getSecretKey(); @@ -387,15 +386,15 @@ /** * Return the identifier of this instance's instance-key. An * instance-key identifier is the MD5 hash of an instance's * instance-key public-key certificate. * instance-key identifier is a hex string of the MD5 hash of an * instance's instance-key public-key certificate. * @see #getInstanceKeyID(byte[]) * @return This instance's instance-key identifier. * @throws CryptoManagerException If there is a problem retrieving * the instance-key public-key certificate or computing its MD5 * hash. */ public byte[] getInstanceKeyID() public String getInstanceKeyID() throws CryptoManagerException { return getInstanceKeyID(getInstanceKeyCertificate()); } @@ -403,8 +402,8 @@ /** * Return the identifier of an instance's instance key. An * instance-key identifier is the MD5 hash of an instance's * instance-key public-key certificate. * instance-key identifier is a hex string of the MD5 hash of an * instance's instance-key public-key certificate. * @see #getInstanceKeyID() * @param instanceKeyCertificate The instance key for which to * return an identifier. @@ -412,7 +411,7 @@ * @throws CryptoManagerException If there is a problem computing * the identifier from the instance key. */ public byte[] getInstanceKeyID(byte[] instanceKeyCertificate) public String getInstanceKeyID(byte[] instanceKeyCertificate) throws CryptoManagerException { MessageDigest md; final String mdAlgorithmName = "MD5"; @@ -425,7 +424,8 @@ Message.raw("Failed to get MessageDigest instance for %s", mdAlgorithmName), ex); } return md.digest(instanceKeyCertificate); return StaticUtils.bytesToHexNoSpace( md.digest(instanceKeyCertificate)); } @@ -522,7 +522,7 @@ final String symmetricKeyAttribute) throws CryptoManagerException { // Initial decomposition. byte[] wrappingKeyIDElement; String wrappingKeyIDElement; String wrappingTransformationElement; String wrappedKeyAlgorithmElement; int wrappedKeyTypeElement; @@ -537,8 +537,7 @@ 0); } fieldName = "instance key identifier"; wrappingKeyIDElement = StaticUtils.hexStringToByteArray(elements[0]); wrappingKeyIDElement = elements[0]; fieldName = "key wrapping transformation"; wrappingTransformationElement = elements[1]; fieldName = "wrapped key algorithm"; @@ -577,8 +576,8 @@ } // Confirm key can be unwrapped at this instance. final byte[] instanceKeyID = getInstanceKeyID(); if (! Arrays.equals(wrappingKeyIDElement, instanceKeyID)) { final String instanceKeyID = getInstanceKeyID(); if (! wrappingKeyIDElement.equals(instanceKeyID)) { return null; } @@ -637,19 +636,10 @@ * the supplied symmetric key attribute value or retrieving the * requested public key. */ public byte[] rewrapSymmetricKeyAttribute( final byte[] symmetricKeyAttribute, final byte[] requestedInstanceKeyID) public String rewrapSymmetricKeyAttribute( final String symmetricKeyAttribute, final String requestedInstanceKeyID) throws CryptoManagerException { // throw new CryptoManagerException( // // TODO: i18n // Message.raw("The instance-key identifier tag %s of" + // " the supplied symmetric key attribute value" + // " does not match this instance's instance-key" + // " identifier %s, and hence the symmetric key" + // " cannot be decrypted for processing.", // keyIDElement, // StaticUtils.bytesToHex(instanceKeyID))); return symmetricKeyAttribute; // TODO: really unwrap and rewrap }
@@ -40,8 +40,6 @@ import static org.testng.Assert.*; import static org.testng.Assert.assertEquals; import java.util.Arrays; /** * A set of test cases for the symmetric key extended operation. */ @@ -68,8 +66,8 @@ CryptoManager cm = DirectoryServer.getCryptoManager(); // TODO use a proper symmetric key value byte[] symmetricKey = cm.getInstanceKeyID(); byte[] instanceKeyID = cm.getInstanceKeyID(); String symmetricKey = cm.getInstanceKeyID(); String instanceKeyID = cm.getInstanceKeyID(); ASN1OctetString requestValue = GetSymmetricKeyExtendedOperation.encodeRequestValue( @@ -82,8 +80,8 @@ ServerConstants.OID_GET_SYMMETRIC_KEY_EXTENDED_OP, requestValue); assertEquals(extendedOperation.getResultCode(), ResultCode.SUCCESS); assertTrue(Arrays.equals( extendedOperation.getResponseValue().value(), symmetricKey)); assertEquals(extendedOperation.getResponseValue().stringValue(), symmetricKey); } @@ -92,9 +90,8 @@ { CryptoManager cm = DirectoryServer.getCryptoManager(); // byte[] symmetricKey = new byte[1]; // FIXME causes ArrayOutOfBounds! byte[] symmetricKey = new byte[16]; byte[] instanceKeyID = cm.getInstanceKeyID(); String symmetricKey = "1"; String instanceKeyID = cm.getInstanceKeyID(); ASN1OctetString requestValue = GetSymmetricKeyExtendedOperation.encodeRequestValue( opends/tests/unit-tests-testng/src/server/org/opends/server/types/CryptoManagerTestCase.java
@@ -27,14 +27,13 @@ package org.opends.server.types; import static org.testng.Assert.assertEquals; import static org.testng.Assert.assertFalse; import static org.testng.Assert.assertNotNull; import static org.testng.Assert.assertTrue; import org.opends.server.TestCaseUtils; import org.opends.server.util.StaticUtils; import org.opends.server.core.DirectoryServer; import org.opends.admin.ads.ServerDescriptor; import org.opends.admin.ads.util.ConnectionUtils; import java.io.File; @@ -116,7 +115,8 @@ // Compare the MD5 hash of the LDAP attribute with the one // retrieved from the CryptoManager. MessageDigest md = MessageDigest.getInstance("MD5"); assertTrue(Arrays.equals(md.digest(ldapCert), cm.getInstanceKeyID())); assertTrue(StaticUtils.bytesToHexNoSpace( md.digest(ldapCert)).equals(cm.getInstanceKeyID())); } @Test @@ -132,7 +132,7 @@ final Mac validatingMac = cm.getMacEngine(macKeyID); final byte[] calculatedSignature = validatingMac.doFinal(text.getBytes()); assertTrue(Arrays.equals(calculatedSignature, signedHash)); }
