From a7a83f2fdcc1647611bf9cf09e75ea434b546b5d Mon Sep 17 00:00:00 2001
From: david_page <david_page@localhost>
Date: Mon, 17 Sep 2007 17:31:38 +0000
Subject: [PATCH] Add support for MAC key entry type. Similar to Cipher key entry; however, caller must maintain key identifier (string), e.g., in backup directory, in order to verify signature. TODO: investigate prefixing MAC signed data with key identifier, and suffixing with signature, for both byte[] and stream. This enhancement will require wrapping the Mac API.

---
 opends/src/server/org/opends/server/extensions/ConfigFileHandler.java |   22 +++++++++++-----------
 1 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/opends/src/server/org/opends/server/extensions/ConfigFileHandler.java b/opends/src/server/org/opends/server/extensions/ConfigFileHandler.java
index 53f47d4..9cd1262 100644
--- a/opends/src/server/org/opends/server/extensions/ConfigFileHandler.java
+++ b/opends/src/server/org/opends/server/extensions/ConfigFileHandler.java
@@ -2693,18 +2693,18 @@
     Mac           mac             = null;
     MessageDigest digest          = null;
     String        digestAlgorithm = null;
-    String        macAlgorithm    = null;
+    String        macKeyID    = null;
 
     if (hash)
     {
       if (signHash)
       {
-        macAlgorithm = cryptoManager.getPreferredMACAlgorithm();
-        backupProperties.put(BACKUP_PROPERTY_MAC_ALGORITHM, macAlgorithm);
-
         try
         {
-          mac = cryptoManager.getPreferredMACProvider();
+          macKeyID = cryptoManager.getMacEngineKeyEntryID();
+          backupProperties.put(BACKUP_PROPERTY_MAC_KEY_ID, macKeyID);
+
+          mac = cryptoManager.getMacEngine(macKeyID);
         }
         catch (Exception e)
         {
@@ -2714,7 +2714,7 @@
           }
 
           Message message = ERR_CONFIG_BACKUP_CANNOT_GET_MAC.get(
-              macAlgorithm, stackTraceToSingleLineString(e));
+              macKeyID, stackTraceToSingleLineString(e));
           throw new DirectoryException(
                          DirectoryServer.getServerErrorResultCode(), message,
                          e);
@@ -3183,9 +3183,9 @@
     Mac mac = null;
     if (signedHash != null)
     {
-      String macAlgorithm =
-           backupInfo.getBackupProperty(BACKUP_PROPERTY_MAC_ALGORITHM);
-      if (macAlgorithm == null)
+      String macKeyID =
+           backupInfo.getBackupProperty(BACKUP_PROPERTY_MAC_KEY_ID);
+      if (macKeyID == null)
       {
         Message message = ERR_CONFIG_RESTORE_UNKNOWN_MAC.get(backupID);
         throw new DirectoryException(DirectoryServer.getServerErrorResultCode(),
@@ -3194,12 +3194,12 @@
 
       try
       {
-        mac = DirectoryServer.getCryptoManager().getMACProvider(macAlgorithm);
+        mac = DirectoryServer.getCryptoManager().getMacEngine(macKeyID);
       }
       catch (Exception e)
       {
         Message message = ERR_CONFIG_RESTORE_CANNOT_GET_MAC.get(
-            backupID, macAlgorithm);
+            backupID, macKeyID);
         throw new DirectoryException(DirectoryServer.getServerErrorResultCode(),
                                      message, e);
       }

--
Gitblit v1.10.0