forked from eclipse-biscuit/biscuit-java
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathToken.java
More file actions
92 lines (80 loc) · 3.04 KB
/
Token.java
File metadata and controls
92 lines (80 loc) · 3.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
/*
* Copyright (c) 2019 Geoffroy Couprie <contact@geoffroycouprie.com> and Contributors to the Eclipse Foundation.
* SPDX-License-Identifier: Apache-2.0
*/
package org.eclipse.biscuit.crypto;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.Optional;
import org.eclipse.biscuit.error.Error;
import org.eclipse.biscuit.error.Result;
class Token {
private final ArrayList<byte[]> blocks;
private final ArrayList<PublicKey> keys;
private final ArrayList<byte[]> signatures;
private final KeyPair next;
Token(final Signer rootSigner, byte[] message, KeyPair next)
throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
this.blocks = new ArrayList<>();
this.blocks.add(message);
this.keys = new ArrayList<>();
this.keys.add(next.getPublicKey());
this.signatures = new ArrayList<>();
byte[] payload =
BlockSignatureBuffer.generateBlockSignaturePayloadV0(
message, next.getPublicKey(), Optional.empty());
byte[] signature = rootSigner.sign(payload);
this.signatures.add(signature);
this.next = next;
}
Token(
final ArrayList<byte[]> blocks,
final ArrayList<PublicKey> keys,
final ArrayList<byte[]> signatures,
final KeyPair next) {
this.signatures = signatures;
this.blocks = blocks;
this.keys = keys;
this.next = next;
}
Token append(KeyPair keyPair, byte[] message)
throws NoSuchAlgorithmException, SignatureException, InvalidKeyException {
byte[] payload =
BlockSignatureBuffer.generateBlockSignaturePayloadV0(
message, keyPair.getPublicKey(), Optional.empty());
byte[] signature = this.next.sign(payload);
Token token = new Token(this.blocks, this.keys, this.signatures, keyPair);
token.blocks.add(message);
token.signatures.add(signature);
token.keys.add(keyPair.getPublicKey());
return token;
}
// FIXME: rust version returns a Result<(), error::Signature>
public Result<Void, Error> verify(PublicKey root)
throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
PublicKey currentKey = root;
for (int i = 0; i < this.blocks.size(); i++) {
byte[] block = this.blocks.get(i);
PublicKey nextKey = this.keys.get(i);
byte[] signature = this.signatures.get(i);
byte[] payload =
BlockSignatureBuffer.generateBlockSignaturePayloadV0(block, nextKey, Optional.empty());
if (currentKey.verify(payload, signature)) {
currentKey = nextKey;
} else {
return Result.err(
new Error.FormatError.Signature.InvalidSignature(
"signature error: Verification equation was not satisfied"));
}
}
if (this.next.getPublicKey().equals(currentKey)) {
return Result.ok(null);
} else {
return Result.err(
new Error.FormatError.Signature.InvalidSignature(
"signature error: Verification equation was not satisfied"));
}
}
}