From db242078285de4c1039e05b85b8a6eb6714cd21f Mon Sep 17 00:00:00 2001
From: coulbeck <coulbeck@localhost>
Date: Tue, 02 Oct 2007 17:28:42 +0000
Subject: [PATCH] More changes for issue 466. Symmetric key values and instance key identifier values are now represented as Strings instead of byte arrays.
---
opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/GetSymmetricKeyExtendedOperationTestCase.java | 15 +++----
opends/tests/unit-tests-testng/src/server/org/opends/server/types/CryptoManagerTestCase.java | 8 ++--
opends/src/server/org/opends/server/extensions/GetSymmetricKeyExtendedOperation.java | 20 ++++++---
opends/src/server/org/opends/server/types/CryptoManager.java | 42 ++++++++-------------
4 files changed, 39 insertions(+), 46 deletions(-)
diff --git a/opends/src/server/org/opends/server/extensions/GetSymmetricKeyExtendedOperation.java b/opends/src/server/org/opends/server/extensions/GetSymmetricKeyExtendedOperation.java
index 6ab1544..86426d0 100644
--- a/opends/src/server/org/opends/server/extensions/GetSymmetricKeyExtendedOperation.java
+++ b/opends/src/server/org/opends/server/extensions/GetSymmetricKeyExtendedOperation.java
@@ -150,8 +150,8 @@
{
// Initialize the variables associated with components that may be included
// in the request.
- byte[] requestSymmetricKey = null;
- byte[] instanceKeyID = null;
+ String requestSymmetricKey = null;
+ String instanceKeyID = null;
@@ -175,11 +175,12 @@
{
case TYPE_SYMMETRIC_KEY_ELEMENT:
requestSymmetricKey =
- ASN1OctetString.decodeAsOctetString(e).value();
+ ASN1OctetString.decodeAsOctetString(e).stringValue();
break;
case TYPE_INSTANCE_KEY_ID_ELEMENT:
- instanceKeyID = ASN1OctetString.decodeAsOctetString(e).value();
+ instanceKeyID =
+ ASN1OctetString.decodeAsOctetString(e).stringValue();
break;
default:
@@ -220,7 +221,7 @@
CryptoManager cm = DirectoryServer.getCryptoManager();
try
{
- byte[] responseSymmetricKey = cm.rewrapSymmetricKeyAttribute(
+ String responseSymmetricKey = cm.rewrapSymmetricKeyAttribute(
requestSymmetricKey, instanceKeyID);
operation.setResponseOID(
@@ -233,6 +234,11 @@
operation.setResultCode(DirectoryServer.getServerErrorResultCode());
operation.appendErrorMessage(e.getMessageObject());
}
+ catch (Exception e)
+ {
+ operation.setResultCode(DirectoryServer.getServerErrorResultCode());
+ operation.appendErrorMessage(StaticUtils.getExceptionMessage(e));
+ }
}
/**
@@ -246,8 +252,8 @@
* @return An ASN.1 octet string containing the encoded request value.
*/
public static ASN1OctetString encodeRequestValue(
- byte[] symmetricKey,
- byte[] instanceKeyID)
+ String symmetricKey,
+ String instanceKeyID)
{
ArrayList<ASN1Element> elements = new ArrayList<ASN1Element>(2);
diff --git a/opends/src/server/org/opends/server/types/CryptoManager.java b/opends/src/server/org/opends/server/types/CryptoManager.java
index ab90472..1ec9dd3 100644
--- a/opends/src/server/org/opends/server/types/CryptoManager.java
+++ b/opends/src/server/org/opends/server/types/CryptoManager.java
@@ -267,8 +267,7 @@
"oNL+HHKW0vi5/7W5KwOZsPqKI2SdYV7nDqTZklm5ZP0gmIuNO6mTqBRtC2D" +
"lplX1Iq+BrQJAmteiPtwhdZD+EIghe51CaseImjlLlY2ZK8w==";
final byte[] certificate = Base64.decode(certificateBase64);
- final String keyID = StaticUtils.bytesToHexNoSpace(
- getInstanceKeyID(certificate));
+ final String keyID = getInstanceKeyID(certificate);
final SecretKey macKey = MacKeyEntry.generateKeyEntry(null,
preferredMACAlgorithm,
preferredMACAlgorithmKeyLengthBits).getSecretKey();
@@ -387,15 +386,15 @@
/**
* Return the identifier of this instance's instance-key. An
- * instance-key identifier is the MD5 hash of an instance's
- * instance-key public-key certificate.
+ * instance-key identifier is a hex string of the MD5 hash of an
+ * instance's instance-key public-key certificate.
* @see #getInstanceKeyID(byte[])
* @return This instance's instance-key identifier.
* @throws CryptoManagerException If there is a problem retrieving
* the instance-key public-key certificate or computing its MD5
* hash.
*/
- public byte[] getInstanceKeyID()
+ public String getInstanceKeyID()
throws CryptoManagerException {
return getInstanceKeyID(getInstanceKeyCertificate());
}
@@ -403,8 +402,8 @@
/**
* Return the identifier of an instance's instance key. An
- * instance-key identifier is the MD5 hash of an instance's
- * instance-key public-key certificate.
+ * instance-key identifier is a hex string of the MD5 hash of an
+ * instance's instance-key public-key certificate.
* @see #getInstanceKeyID()
* @param instanceKeyCertificate The instance key for which to
* return an identifier.
@@ -412,7 +411,7 @@
* @throws CryptoManagerException If there is a problem computing
* the identifier from the instance key.
*/
- public byte[] getInstanceKeyID(byte[] instanceKeyCertificate)
+ public String getInstanceKeyID(byte[] instanceKeyCertificate)
throws CryptoManagerException {
MessageDigest md;
final String mdAlgorithmName = "MD5";
@@ -425,7 +424,8 @@
Message.raw("Failed to get MessageDigest instance for %s",
mdAlgorithmName), ex);
}
- return md.digest(instanceKeyCertificate);
+ return StaticUtils.bytesToHexNoSpace(
+ md.digest(instanceKeyCertificate));
}
@@ -522,7 +522,7 @@
final String symmetricKeyAttribute)
throws CryptoManagerException {
// Initial decomposition.
- byte[] wrappingKeyIDElement;
+ String wrappingKeyIDElement;
String wrappingTransformationElement;
String wrappedKeyAlgorithmElement;
int wrappedKeyTypeElement;
@@ -537,8 +537,7 @@
0);
}
fieldName = "instance key identifier";
- wrappingKeyIDElement
- = StaticUtils.hexStringToByteArray(elements[0]);
+ wrappingKeyIDElement = elements[0];
fieldName = "key wrapping transformation";
wrappingTransformationElement = elements[1];
fieldName = "wrapped key algorithm";
@@ -577,8 +576,8 @@
}
// Confirm key can be unwrapped at this instance.
- final byte[] instanceKeyID = getInstanceKeyID();
- if (! Arrays.equals(wrappingKeyIDElement, instanceKeyID)) {
+ final String instanceKeyID = getInstanceKeyID();
+ if (! wrappingKeyIDElement.equals(instanceKeyID)) {
return null;
}
@@ -637,19 +636,10 @@
* the supplied symmetric key attribute value or retrieving the
* requested public key.
*/
- public byte[] rewrapSymmetricKeyAttribute(
- final byte[] symmetricKeyAttribute,
- final byte[] requestedInstanceKeyID)
+ public String rewrapSymmetricKeyAttribute(
+ final String symmetricKeyAttribute,
+ final String requestedInstanceKeyID)
throws CryptoManagerException {
-// throw new CryptoManagerException(
-// // TODO: i18n
-// Message.raw("The instance-key identifier tag %s of" +
-// " the supplied symmetric key attribute value" +
-// " does not match this instance's instance-key" +
-// " identifier %s, and hence the symmetric key" +
-// " cannot be decrypted for processing.",
-// keyIDElement,
-// StaticUtils.bytesToHex(instanceKeyID)));
return symmetricKeyAttribute; // TODO: really unwrap and rewrap
}
diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/GetSymmetricKeyExtendedOperationTestCase.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/GetSymmetricKeyExtendedOperationTestCase.java
index 10a8b28..f667784 100644
--- a/opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/GetSymmetricKeyExtendedOperationTestCase.java
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/GetSymmetricKeyExtendedOperationTestCase.java
@@ -40,8 +40,6 @@
import static org.testng.Assert.*;
import static org.testng.Assert.assertEquals;
-import java.util.Arrays;
-
/**
* A set of test cases for the symmetric key extended operation.
*/
@@ -68,8 +66,8 @@
CryptoManager cm = DirectoryServer.getCryptoManager();
// TODO use a proper symmetric key value
- byte[] symmetricKey = cm.getInstanceKeyID();
- byte[] instanceKeyID = cm.getInstanceKeyID();
+ String symmetricKey = cm.getInstanceKeyID();
+ String instanceKeyID = cm.getInstanceKeyID();
ASN1OctetString requestValue =
GetSymmetricKeyExtendedOperation.encodeRequestValue(
@@ -82,8 +80,8 @@
ServerConstants.OID_GET_SYMMETRIC_KEY_EXTENDED_OP, requestValue);
assertEquals(extendedOperation.getResultCode(), ResultCode.SUCCESS);
- assertTrue(Arrays.equals(
- extendedOperation.getResponseValue().value(), symmetricKey));
+ assertEquals(extendedOperation.getResponseValue().stringValue(),
+ symmetricKey);
}
@@ -92,9 +90,8 @@
{
CryptoManager cm = DirectoryServer.getCryptoManager();
-// byte[] symmetricKey = new byte[1]; // FIXME causes ArrayOutOfBounds!
- byte[] symmetricKey = new byte[16];
- byte[] instanceKeyID = cm.getInstanceKeyID();
+ String symmetricKey = "1";
+ String instanceKeyID = cm.getInstanceKeyID();
ASN1OctetString requestValue =
GetSymmetricKeyExtendedOperation.encodeRequestValue(
diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/types/CryptoManagerTestCase.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/types/CryptoManagerTestCase.java
index b95a609..3ef7a28 100644
--- a/opends/tests/unit-tests-testng/src/server/org/opends/server/types/CryptoManagerTestCase.java
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/types/CryptoManagerTestCase.java
@@ -27,14 +27,13 @@
package org.opends.server.types;
import static org.testng.Assert.assertEquals;
-import static org.testng.Assert.assertFalse;
import static org.testng.Assert.assertNotNull;
import static org.testng.Assert.assertTrue;
import org.opends.server.TestCaseUtils;
+import org.opends.server.util.StaticUtils;
import org.opends.server.core.DirectoryServer;
-import org.opends.admin.ads.ServerDescriptor;
import org.opends.admin.ads.util.ConnectionUtils;
import java.io.File;
@@ -116,7 +115,8 @@
// Compare the MD5 hash of the LDAP attribute with the one
// retrieved from the CryptoManager.
MessageDigest md = MessageDigest.getInstance("MD5");
- assertTrue(Arrays.equals(md.digest(ldapCert), cm.getInstanceKeyID()));
+ assertTrue(StaticUtils.bytesToHexNoSpace(
+ md.digest(ldapCert)).equals(cm.getInstanceKeyID()));
}
@Test
@@ -132,7 +132,7 @@
final Mac validatingMac = cm.getMacEngine(macKeyID);
final byte[] calculatedSignature = validatingMac.doFinal(text.getBytes());
-
+
assertTrue(Arrays.equals(calculatedSignature, signedHash));
}
--
Gitblit v1.10.0