protected byte[] verifyResponse(byte[] body, byte[] signature) throws GeneralSecurityException { if (!verificationEnabled || messageEncDec.verify(body, signature)) { return body; } else { throw new SecurityException("message can't be verified"); } }
private ClientSync decodeEncryptedRequest(SessionInitMessage message) throws GeneralSecurityException, PlatformEncDecException { byte[] requestRaw = crypt.decodeData( message.getEncodedMessageData(), message.getEncodedSessionKey()); LOG.trace("Request data decrypted"); ClientSync request = decodePlatformLevelData(message.getPlatformId(), requestRaw); LOG.trace("Request data deserialized"); PublicKey endpointKey = getPublicKey(request); if (endpointKey == null) { LOG.warn("Endpoint Key is null"); throw new GeneralSecurityException("Endpoint Key is null"); } else { LOG.trace("Public key extracted"); } crypt.setRemotePublicKey(endpointKey); if (crypt.verify(message.getEncodedSessionKey(), message.getSessionKeySignature())) { LOG.trace("Request data verified"); } else { LOG.warn("Request data verification failed"); throw new GeneralSecurityException("Request data verification failed"); } return request; }
@Test public void testSignature() throws NoSuchAlgorithmException, GeneralSecurityException { KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA"); gen.initialize(512); KeyPair clientKeyPair = gen.generateKeyPair(); KeyPair remoteKeyPair = gen.generateKeyPair(); TestHttpClient client = new TestHttpClient("test_url", clientKeyPair.getPrivate() , clientKeyPair.getPublic(), remoteKeyPair.getPublic()); MessageEncoderDecoder serverEncoder = new MessageEncoderDecoder( remoteKeyPair.getPrivate(), remoteKeyPair.getPublic()); byte[] message = {1, 2, 3}; byte[] signature = serverEncoder.sign(message); Assert.assertArrayEquals(message, client.verifyResponse(message, signature)); Assert.assertTrue(client.getEncoderDecoder().verify(message, signature)); }
@Test public void basicTest() throws Exception { String message = "secret" + new Random().nextInt(); MessageEncoderDecoder client = new MessageEncoderDecoder(clientPrivate, clientPublic, serverPublic); MessageEncoderDecoder server = new MessageEncoderDecoder(serverPrivate, serverPublic, clientPublic); MessageEncoderDecoder thief = new MessageEncoderDecoder(theifPrivate, theifPublic, clientPublic); byte[] secretData = client.encodeData(message.getBytes()); byte[] signature = client.sign(secretData); byte[] encodedSessionKey = client.getEncodedSessionKey(); Assert.assertTrue(server.verify(secretData, signature)); String decodedSecret = new String(server.decodeData(secretData, encodedSessionKey)); Assert.assertEquals(message, decodedSecret); byte[] theifData = thief.encodeData(message.getBytes()); byte[] theifSignature = thief.sign(theifData); Assert.assertFalse(server.verify(theifData, theifSignature)); }
@Test public void basicSubsequentTest() throws Exception { String message = "secret" + new Random().nextInt(); PrivateKey client2Private = theifPrivate; PublicKey client2Public = theifPublic; MessageEncoderDecoder client = new MessageEncoderDecoder(clientPrivate, clientPublic, serverPublic); MessageEncoderDecoder client2 = new MessageEncoderDecoder(client2Private, client2Public, serverPublic); MessageEncoderDecoder server = new MessageEncoderDecoder(serverPrivate, serverPublic); byte[] secretData = client.encodeData(message.getBytes()); byte[] signature = client.sign(secretData); byte[] encodedSessionKey = client.getEncodedSessionKey(); server.setRemotePublicKey(clientPublic); Assert.assertTrue(server.verify(secretData, signature)); String decodedSecret = new String(server.decodeData(secretData, encodedSessionKey)); Assert.assertEquals(message, decodedSecret); byte[] secretData2 = client2.encodeData(message.getBytes()); byte[] signature2 = client2.sign(secretData2); byte[] encodedSessionKey2 = client2.getEncodedSessionKey(); server.setRemotePublicKey(client2Public); Assert.assertTrue(server.verify(secretData2, signature2)); String decodedSecret2 = new String(server.decodeData(secretData2, encodedSessionKey2)); Assert.assertEquals(message, decodedSecret2); }