diff options
| author | Raif S. Naffah <raif@swiftdsl.com.au> | 2006-05-20 02:38:19 +0000 |
|---|---|---|
| committer | Raif S. Naffah <raif@swiftdsl.com.au> | 2006-05-20 02:38:19 +0000 |
| commit | 9164ceb22438d6089be5dc326bcee30296adde8f (patch) | |
| tree | f8fb61932e2e55f6d3eb7383308d20a4f06c443b | |
| parent | f7b273e777b5dd4c8ee613b3c87e523cebeed545 (diff) | |
| download | classpath-9164ceb22438d6089be5dc326bcee30296adde8f.tar.gz | |
2006-05-20 Raif S. Naffah <raif@swiftdsl.com.au>
* gnu/javax/crypto/keyring/PrivateKeyEntry.java: Formatting.
(toString): New method.
* gnu/javax/crypto/keyring/PasswordEncryptedEntry.java (decrypt):
Do not trace/log passwords.
Set masked to false before decoding envelope.
Do not set payload to null.
(encrypt): Set masked to true.
* gnu/javax/crypto/keyring/PasswordAuthenticatedEntry.java (verify):
Do not trace/log passwords.
Set masked to false before decoding envelope.
Do not set payload to null.
Added trace/debug statements.
(authenticate): Do not trace/log passwords.
Set masked to true.
Added trace/debug statements.
(getMac): Added trace/debug statements.
* gnu/javax/crypto/keyring/MaskableEnvelopeEntry.java
(remove(String)): Changed the signature to return a boolean.
(toString): New method.
* gnu/javax/crypto/keyring/GnuPublicKeyring.java (containsCertificate):
Formatting
(getCertificate): Likewise.
(putCertificate): Likewise.
(load): Likewise.
Do not trace/log passwords.
(store): Likewise.
* gnu/javax/crypto/keyring/GnuPrivateKeyring.java (getPrivateKey):
Do not trace/log passwords.
Added more trace/logging statements.
(putPrivateKey): Do not trace/log passwords.
Trace only key's class name.
Formatting.
(containsPublicKey): Formatting.
(getPublicKey): Likewise.
Trace only key's class name.
(putPublicKey): Trace only key's class name.
(containsCertPath): Formatting.
(getCertPath): Likewise.
(putCertPath): Likewise.
(load): Do not trace/log passwords.
Formatting.
(store): Likewise.
* gnu/javax/crypto/keyring/EnvelopeEntry.java (log): New field.
(add): Do not set payload to null.
Added trace/debug statements.
(containsAlias): Added trace/debug statements.
(get): Likewise.
(remove(Entry)): Likewise.
(remove(String)): Likewise.
Changed the signature to return a boolean.
Do not set payload to null unless really removed.
(toString): New method.
(decodeEnvelope): Clear entries before proceeding.
(makeAliasList): Added trace/debug statements.
Ensure only non-null aliases and alias-lists are added.
* gnu/javax/crypto/keyring/Entry.java (log): New field.
(TYPES): New constant.
(toString): New method.
(defaultDecode): Add trace/debug statement.
| -rw-r--r-- | ChangeLog | 62 | ||||
| -rw-r--r-- | gnu/javax/crypto/keyring/Entry.java | 21 | ||||
| -rw-r--r-- | gnu/javax/crypto/keyring/EnvelopeEntry.java | 160 | ||||
| -rw-r--r-- | gnu/javax/crypto/keyring/GnuPrivateKeyring.java | 62 | ||||
| -rw-r--r-- | gnu/javax/crypto/keyring/GnuPublicKeyring.java | 15 | ||||
| -rw-r--r-- | gnu/javax/crypto/keyring/MaskableEnvelopeEntry.java | 18 | ||||
| -rw-r--r-- | gnu/javax/crypto/keyring/PasswordAuthenticatedEntry.java | 60 | ||||
| -rw-r--r-- | gnu/javax/crypto/keyring/PasswordEncryptedEntry.java | 64 | ||||
| -rw-r--r-- | gnu/javax/crypto/keyring/PrivateKeyEntry.java | 67 |
9 files changed, 322 insertions, 207 deletions
@@ -1,5 +1,67 @@ 2006-05-20 Raif S. Naffah <raif@swiftdsl.com.au> + * gnu/javax/crypto/keyring/PrivateKeyEntry.java: Formatting. + (toString): New method. + * gnu/javax/crypto/keyring/PasswordEncryptedEntry.java (decrypt): + Do not trace/log passwords. + Set masked to false before decoding envelope. + Do not set payload to null. + (encrypt): Set masked to true. + * gnu/javax/crypto/keyring/PasswordAuthenticatedEntry.java (verify): + Do not trace/log passwords. + Set masked to false before decoding envelope. + Do not set payload to null. + Added trace/debug statements. + (authenticate): Do not trace/log passwords. + Set masked to true. + Added trace/debug statements. + (getMac): Added trace/debug statements. + * gnu/javax/crypto/keyring/MaskableEnvelopeEntry.java + (remove(String)): Changed the signature to return a boolean. + (toString): New method. + * gnu/javax/crypto/keyring/GnuPublicKeyring.java (containsCertificate): + Formatting + (getCertificate): Likewise. + (putCertificate): Likewise. + (load): Likewise. + Do not trace/log passwords. + (store): Likewise. + * gnu/javax/crypto/keyring/GnuPrivateKeyring.java (getPrivateKey): + Do not trace/log passwords. + Added more trace/logging statements. + (putPrivateKey): Do not trace/log passwords. + Trace only key's class name. + Formatting. + (containsPublicKey): Formatting. + (getPublicKey): Likewise. + Trace only key's class name. + (putPublicKey): Trace only key's class name. + (containsCertPath): Formatting. + (getCertPath): Likewise. + (putCertPath): Likewise. + (load): Do not trace/log passwords. + Formatting. + (store): Likewise. + * gnu/javax/crypto/keyring/EnvelopeEntry.java (log): New field. + (add): Do not set payload to null. + Added trace/debug statements. + (containsAlias): Added trace/debug statements. + (get): Likewise. + (remove(Entry)): Likewise. + (remove(String)): Likewise. + Changed the signature to return a boolean. + Do not set payload to null unless really removed. + (toString): New method. + (decodeEnvelope): Clear entries before proceeding. + (makeAliasList): Added trace/debug statements. + Ensure only non-null aliases and alias-lists are added. + * gnu/javax/crypto/keyring/Entry.java (log): New field. + (TYPES): New constant. + (toString): New method. + (defaultDecode): Add trace/debug statement. + +2006-05-20 Raif S. Naffah <raif@swiftdsl.com.au> + * tools/gnu/classpath/tools/keytool/ListCmd.java (rfc): Increased visibility. (setup): Do not trace/log passwords. diff --git a/gnu/javax/crypto/keyring/Entry.java b/gnu/javax/crypto/keyring/Entry.java index fa7f49679..2f311271a 100644 --- a/gnu/javax/crypto/keyring/Entry.java +++ b/gnu/javax/crypto/keyring/Entry.java @@ -41,16 +41,23 @@ package gnu.javax.crypto.keyring; import java.io.DataInputStream; import java.io.DataOutputStream; import java.io.IOException; +import java.util.logging.Logger; /** * An immutable class representing a single entry in a keyring. */ public abstract class Entry { - // Fields. // ------------------------------------------------------------------------ + private static final Logger log = Logger.getLogger(Entry.class.getName()); + private static final String[] TYPES = new String[] + { + "Encrypted", "PasswordEncrypted", "Authenticated", "PasswordAuthenticated", + "Compressed", "Certificate", "PublicKey", "PrivateKey", "CertPath", + "BinaryData" + }; /** This entry's type identifier. */ protected int type; @@ -145,6 +152,17 @@ public abstract class Entry out.write(payload); } + public String toString() + { + + return new StringBuilder("Entry{") + .append("type=").append(TYPES[type]) + .append(", properties=").append(properties) + .append(", payload=") + .append(payload == null? "-" : "byte[" + payload.length + "]") + .append("}").toString(); + } + /** * Generic decoding method, which simply decodes the properties field * and reads the payload field. @@ -161,6 +179,7 @@ public abstract class Entry { throw new IOException("corrupt length"); } + log.finest("About to instantiate new payload byte array for " + this); payload = new byte[len]; in.readFully(payload); } diff --git a/gnu/javax/crypto/keyring/EnvelopeEntry.java b/gnu/javax/crypto/keyring/EnvelopeEntry.java index 25b1dc2a0..2a57a23da 100644 --- a/gnu/javax/crypto/keyring/EnvelopeEntry.java +++ b/gnu/javax/crypto/keyring/EnvelopeEntry.java @@ -42,13 +42,12 @@ import java.io.ByteArrayOutputStream; import java.io.DataInputStream; import java.io.DataOutputStream; import java.io.IOException; - import java.util.ArrayList; -import java.util.Date; import java.util.Iterator; import java.util.LinkedList; import java.util.List; import java.util.StringTokenizer; +import java.util.logging.Logger; /** * An envelope entry is a generic container for some number of primitive @@ -56,10 +55,10 @@ import java.util.StringTokenizer; */ public abstract class EnvelopeEntry extends Entry { - // Fields. // ------------------------------------------------------------------------ + private static final Logger log = Logger.getLogger(EnvelopeEntry.class.getName()); /** The envelope that contains this one (if any). */ protected EnvelopeEntry containingEnvelope; @@ -95,16 +94,17 @@ public abstract class EnvelopeEntry extends Entry */ public void add(Entry entry) { - if (!containsEntry(entry)) + log.entering(this.getClass().getName(), "add", entry); + if (! containsEntry(entry)) { if (entry instanceof EnvelopeEntry) - { - ((EnvelopeEntry) entry).setContainingEnvelope(this); - } + ((EnvelopeEntry) entry).setContainingEnvelope(this); + entries.add(entry); - payload = null; + log.finest("Payload is " + (payload == null ? "" : "not ") + "null"); makeAliasList(); } + log.exiting(this.getClass().getName(), "add"); } /** @@ -117,20 +117,22 @@ public abstract class EnvelopeEntry extends Entry */ public boolean containsAlias(String alias) { + log.entering(this.getClass().getName(), "containsAlias", alias); String aliases = getAliasList(); - if (aliases == null) - { - return false; - } - StringTokenizer tok = new StringTokenizer(aliases, ";"); - while (tok.hasMoreTokens()) + log.finest("aliases = [" + aliases + "]"); + boolean result = false; + if (aliases != null) { - if (tok.nextToken().equals(alias)) - { - return true; - } + StringTokenizer tok = new StringTokenizer(aliases, ";"); + while (tok.hasMoreTokens()) + if (tok.nextToken().equals(alias)) + { + result = true; + break; + } } - return false; + log.exiting(this.getClass().getName(), "containsAlias", Boolean.valueOf(result)); + return result; } /** @@ -180,34 +182,41 @@ public abstract class EnvelopeEntry extends Entry */ public List get(String alias) { + log.entering(this.getClass().getName(), "get", alias); + List result = new LinkedList(); for (Iterator it = entries.iterator(); it.hasNext();) { Entry e = (Entry) it.next(); if (e instanceof EnvelopeEntry) { - if (!((EnvelopeEntry) e).containsAlias(alias)) - { - continue; - } - if (e instanceof MaskableEnvelopeEntry) + EnvelopeEntry ee = (EnvelopeEntry) e; + if (! ee.containsAlias(alias)) + continue; + + if (ee instanceof MaskableEnvelopeEntry) { - if (((MaskableEnvelopeEntry) e).isMasked()) + MaskableEnvelopeEntry mee = (MaskableEnvelopeEntry) ee; + if (mee.isMasked()) { - result.add(e); + log.finer("Processing masked entry: " + mee); + result.add(mee); continue; } } - result.addAll(((EnvelopeEntry) e).get(alias)); + + log.finer("Processing unmasked entry: " + ee); + result.addAll(ee.get(alias)); } else if (e instanceof PrimitiveEntry) { - if (((PrimitiveEntry) e).getAlias().equals(alias)) - { - result.add(e); - } + PrimitiveEntry pe = (PrimitiveEntry) e; + if (pe.getAlias().equals(alias)) + result.add(e); } } + + log.exiting(this.getClass().getName(), "get", result); return result; } @@ -238,6 +247,7 @@ public abstract class EnvelopeEntry extends Entry */ public boolean remove(Entry entry) { + log.entering(this.getClass().getName(), "remove", entry); boolean ret = false; for (Iterator it = entries.iterator(); it.hasNext();) { @@ -268,36 +278,63 @@ public abstract class EnvelopeEntry extends Entry } if (ret) { + log.finest("State before: " + this); payload = null; makeAliasList(); + log.finest("State after: " + this); } + log.exiting(this.getClass().getName(), "remove", Boolean.valueOf(ret)); return ret; } /** * Removes all primitive entries that have the specified alias. - * + * * @param alias The alias of the entries to remove. + * @return <code>true</code> if <code>alias</code> was present and was + * successfully trmoved. Returns <code>false</code> if + * <code>alias</code> was not present in the list of aliases in this + * envelope. */ - public void remove(String alias) + public boolean remove(String alias) { + log.entering(this.getClass().getName(), "remove", alias); + boolean result = false; for (Iterator it = entries.iterator(); it.hasNext();) { Entry e = (Entry) it.next(); if (e instanceof EnvelopeEntry) { - ((EnvelopeEntry) e).remove(alias); + EnvelopeEntry ee = (EnvelopeEntry) e; + result = ee.remove(alias) || result; } else if (e instanceof PrimitiveEntry) { - if (((PrimitiveEntry) e).getAlias().equals(alias)) + PrimitiveEntry pe = (PrimitiveEntry) e; + if (pe.getAlias().equals(alias)) { it.remove(); + result = true; } } } - payload = null; - makeAliasList(); + if (result) + { + log.finest("State before: " + this); + payload = null; + makeAliasList(); + log.finest("State after: " + this); + } + log.exiting(this.getClass().getName(), "remove", Boolean.valueOf(result)); + return result; + } + + public String toString() + { + return new StringBuilder("Envelope{") + .append(super.toString()) + .append(", entries=").append(entries) + .append("}").toString(); } // Protected methods. @@ -324,6 +361,7 @@ public abstract class EnvelopeEntry extends Entry protected void decodeEnvelope(DataInputStream in) throws IOException { + this.entries.clear(); while (true) { int type = in.read(); @@ -372,27 +410,39 @@ public abstract class EnvelopeEntry extends Entry private void makeAliasList() { - if (entries.isEmpty()) - return; - StringBuffer buf = new StringBuffer(); - for (Iterator it = entries.iterator(); it.hasNext();) + log.entering(this.getClass().getName(), "makeAliasList"); + if (! entries.isEmpty()) { - Entry entry = (Entry) it.next(); - if (entry instanceof EnvelopeEntry) - { - buf.append(((EnvelopeEntry) entry).getAliasList()); - } - else if (entry instanceof PrimitiveEntry) + StringBuilder buf = new StringBuilder(); + String aliasOrList; + for (Iterator it = entries.iterator(); it.hasNext();) { - buf.append(((PrimitiveEntry) entry).getAlias()); + Entry entry = (Entry) it.next(); + aliasOrList = null; + if (entry instanceof EnvelopeEntry) + aliasOrList = ((EnvelopeEntry) entry).getAliasList(); + else if (entry instanceof PrimitiveEntry) + aliasOrList = ((PrimitiveEntry) entry).getAlias(); + else + log.fine("Entry with no Alias. Ignored: " + entry); + + if (aliasOrList != null) + { + aliasOrList = aliasOrList.trim(); + if (aliasOrList.trim().length() > 0) + { + buf.append(aliasOrList); + if (it.hasNext()) + buf.append(';'); + } + } } - if (it.hasNext()) - buf.append(';'); - } - properties.put("alias-list", buf.toString()); - if (containingEnvelope != null) - { - containingEnvelope.makeAliasList(); + String aliasList = buf.toString(); + properties.put("alias-list", aliasList); + log.finer("alias-list=[" + aliasList + "]"); + if (containingEnvelope != null) + containingEnvelope.makeAliasList(); } + log.exiting(this.getClass().getName(), "makeAliasList"); } } diff --git a/gnu/javax/crypto/keyring/GnuPrivateKeyring.java b/gnu/javax/crypto/keyring/GnuPrivateKeyring.java index c1fe30e67..bd5a96227 100644 --- a/gnu/javax/crypto/keyring/GnuPrivateKeyring.java +++ b/gnu/javax/crypto/keyring/GnuPrivateKeyring.java @@ -106,7 +106,6 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring public boolean containsPrivateKey(String alias) { log.entering(this.getClass().getName(), "containsPrivateKey", alias); - boolean result = false; if (containsAlias(alias)) for (Iterator it = get(alias).iterator(); it.hasNext();) @@ -115,7 +114,6 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring result = true; break; } - log.exiting(this.getClass().getName(), "containsPrivateKey", Boolean.valueOf(result)); return result; @@ -124,17 +122,15 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring public Key getPrivateKey(String alias, char[] password) throws UnrecoverableKeyException { - log.entering(this.getClass().getName(), "getPrivateKey", - new Object[] { alias, String.valueOf(password) }); - + log.entering(this.getClass().getName(), "getPrivateKey", alias); Key result = null; if (containsAlias(alias)) { PasswordAuthenticatedEntry e1 = null; - PasswordEncryptedEntry e2 = null; for (Iterator it = get(alias).iterator(); it.hasNext();) { Entry e = (Entry) it.next(); + log.finest("Entry: " + e); if (e instanceof PasswordAuthenticatedEntry) { e1 = (PasswordAuthenticatedEntry) e; @@ -142,6 +138,7 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring } } + log.finest("e1 = " + e1); if (e1 != null) { try @@ -150,9 +147,11 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring } catch (Exception e) { + log.throwing(this.getClass().getName(), "getPrivateKey", e); throw new UnrecoverableKeyException("authentication failed"); } + PasswordEncryptedEntry e2 = null; for (Iterator it = e1.getEntries().iterator(); it.hasNext();) { Entry e = (Entry) it.next(); @@ -171,6 +170,7 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring } catch (Exception e) { + log.throwing(this.getClass().getName(), "getPrivateKey", e); throw new UnrecoverableKeyException("decryption failed"); } @@ -186,31 +186,26 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring } } } - - log.exiting(this.getClass().getName(), "getPrivateKey", result); + log.exiting(this.getClass().getName(), "getPrivateKey", + result == null ? "null" : result.getClass().getName()); return result; } public void putPrivateKey(String alias, Key key, char[] password) { log.entering(this.getClass().getName(), "putPrivateKey", - new Object[] { alias, key, String.valueOf(password) }); - + new Object[] { alias, key.getClass().getName() }); if (! containsPrivateKey(alias)) { alias = fixAlias(alias); Properties p = new Properties(); p.put("alias", alias); PrivateKeyEntry pke = new PrivateKeyEntry(key, new Date(), p); + + log.finest("About to encrypt the key..."); PasswordEncryptedEntry enc; enc = new PasswordEncryptedEntry(cipher, mode, keylen, new Properties()); enc.add(pke); - - PasswordAuthenticatedEntry auth; - auth = new PasswordAuthenticatedEntry(mac, maclen, new Properties()); - auth.add(enc); - - log.finest("About to encrypt the key..."); try { enc.encode(null, password); @@ -218,11 +213,14 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring catch (IOException x) { log.log(Level.FINER, "Exception while encrypting the key. " - + "Rethrow as IllegalArgumentException", x); + + "Rethrow as IllegalArgumentException", x); throw new IllegalArgumentException(x.toString()); } log.finest("About to authenticate the encrypted key..."); + PasswordAuthenticatedEntry auth; + auth = new PasswordAuthenticatedEntry(mac, maclen, new Properties()); + auth.add(enc); try { auth.encode(null, password); @@ -230,7 +228,7 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring catch (IOException x) { log.log(Level.FINER, "Exception while authenticating the encrypted " - + "key. Rethrow as IllegalArgumentException", x); + + "key. Rethrow as IllegalArgumentException", x); throw new IllegalArgumentException(x.toString()); } @@ -245,7 +243,6 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring public boolean containsPublicKey(String alias) { log.entering(this.getClass().getName(), "containsPublicKey", alias); - boolean result = false; if (containsAlias(alias)) for (Iterator it = get(alias).iterator(); it.hasNext();) @@ -254,7 +251,6 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring result = true; break; } - log.exiting(this.getClass().getName(), "containsPublicKey", Boolean.valueOf(result)); return result; @@ -263,7 +259,6 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring public PublicKey getPublicKey(String alias) { log.entering(this.getClass().getName(), "getPublicKey", alias); - PublicKey result = null; if (containsAlias(alias)) for (Iterator it = get(alias).iterator(); it.hasNext();) @@ -275,16 +270,15 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring break; } } - - log.exiting(this.getClass().getName(), "getPublicKey", result); + log.exiting(this.getClass().getName(), "getPublicKey", + result == null ? "null" : result.getClass().getName()); return result; } public void putPublicKey(String alias, PublicKey key) { log.entering(this.getClass().getName(), "putPublicKey", - new Object[] { alias, key }); - + new Object[] { alias, key.getClass().getName() }); if (! containsPublicKey(alias)) { Properties p = new Properties(); @@ -300,7 +294,6 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring public boolean containsCertPath(String alias) { log.entering(this.getClass().getName(), "containsCertPath", alias); - boolean result = false; if (containsAlias(alias)) for (Iterator it = get(alias).iterator(); it.hasNext();) @@ -309,7 +302,6 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring result = true; break; } - log.exiting(this.getClass().getName(), "containsCertPath", Boolean.valueOf(result)); return result; @@ -318,7 +310,6 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring public Certificate[] getCertPath(String alias) { log.entering(this.getClass().getName(), "getCertPath", alias); - Certificate[] result = null; if (containsAlias(alias)) for (Iterator it = get(alias).iterator(); it.hasNext();) @@ -330,7 +321,6 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring break; } } - log.exiting(this.getClass().getName(), "getCertPath", result); return result; } @@ -339,7 +329,6 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring { log.entering(this.getClass().getName(), "putCertPath", new Object[] { alias, path }); - if (! containsCertPath(alias)) { Properties p = new Properties(); @@ -354,28 +343,23 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring protected void load(InputStream in, char[] password) throws IOException { - log.entering(this.getClass().getName(), "load", - new Object[] { in, String.valueOf(password) }); - + log.entering(this.getClass().getName(), "load"); if (in.read() != USAGE) throw new MalformedKeyringException("incompatible keyring usage"); if (in.read() != PasswordAuthenticatedEntry.TYPE) throw new MalformedKeyringException("expecting password-authenticated entry tag"); - keyring = PasswordAuthenticatedEntry.decode(new DataInputStream(in), password); - + keyring = PasswordAuthenticatedEntry.decode(new DataInputStream(in), + password); log.exiting(this.getClass().getName(), "load"); } protected void store(OutputStream out, char[] password) throws IOException { - log.entering(this.getClass().getName(), "store", - new Object[] { out, String.valueOf(password) }); - + log.entering(this.getClass().getName(), "store"); out.write(USAGE); keyring.encode(new DataOutputStream(out), password); - log.exiting(this.getClass().getName(), "store"); } } diff --git a/gnu/javax/crypto/keyring/GnuPublicKeyring.java b/gnu/javax/crypto/keyring/GnuPublicKeyring.java index 490eb4458..7e1182bc1 100644 --- a/gnu/javax/crypto/keyring/GnuPublicKeyring.java +++ b/gnu/javax/crypto/keyring/GnuPublicKeyring.java @@ -78,7 +78,6 @@ public class GnuPublicKeyring extends BaseKeyring implements IPublicKeyring public boolean containsCertificate(String alias) { log.entering(this.getClass().getName(), "containsCertificate", alias); - boolean result = false; if (containsAlias(alias)) for (Iterator it = get(alias).iterator(); it.hasNext();) @@ -87,7 +86,6 @@ public class GnuPublicKeyring extends BaseKeyring implements IPublicKeyring result = true; break; } - log.exiting(this.getClass().getName(), "containsCertificate", Boolean.valueOf(result)); return result; @@ -96,7 +94,6 @@ public class GnuPublicKeyring extends BaseKeyring implements IPublicKeyring public Certificate getCertificate(String alias) { log.entering(this.getClass().getName(), "getCertificate", alias); - Certificate result = null; if (containsAlias(alias)) for (Iterator it = get(alias).iterator(); it.hasNext();) @@ -108,7 +105,6 @@ public class GnuPublicKeyring extends BaseKeyring implements IPublicKeyring break; } } - log.exiting(this.getClass().getName(), "getCertificate", result); return result; } @@ -117,7 +113,6 @@ public class GnuPublicKeyring extends BaseKeyring implements IPublicKeyring { log.entering(this.getClass().getName(), "putCertificate", new Object[] { alias, cert }); - if (! containsCertificate(alias)) { Properties p = new Properties(); @@ -132,9 +127,7 @@ public class GnuPublicKeyring extends BaseKeyring implements IPublicKeyring protected void load(InputStream in, char[] password) throws IOException { - log.entering(this.getClass().getName(), "load", - new Object[] { in, String.valueOf(password) }); - + log.entering(this.getClass().getName(), "load"); if (in.read() != USAGE) throw new MalformedKeyringException("incompatible keyring usage"); @@ -143,18 +136,14 @@ public class GnuPublicKeyring extends BaseKeyring implements IPublicKeyring DataInputStream dis = new DataInputStream(in); keyring = PasswordAuthenticatedEntry.decode(dis, password); - log.exiting(this.getClass().getName(), "load"); } protected void store(OutputStream out, char[] password) throws IOException { - log.entering(this.getClass().getName(), "store", - new Object[] { out, String.valueOf(password) }); - + log.entering(this.getClass().getName(), "store"); out.write(USAGE); keyring.encode(new DataOutputStream(out), password); - log.exiting(this.getClass().getName(), "store"); } } diff --git a/gnu/javax/crypto/keyring/MaskableEnvelopeEntry.java b/gnu/javax/crypto/keyring/MaskableEnvelopeEntry.java index 7fed7c40c..653d62ced 100644 --- a/gnu/javax/crypto/keyring/MaskableEnvelopeEntry.java +++ b/gnu/javax/crypto/keyring/MaskableEnvelopeEntry.java @@ -48,7 +48,6 @@ import java.util.List; */ public abstract class MaskableEnvelopeEntry extends EnvelopeEntry { - // Fields. // ------------------------------------------------------------------------ @@ -137,12 +136,19 @@ public abstract class MaskableEnvelopeEntry extends EnvelopeEntry return super.remove(entry); } - public void remove(String alias) + public boolean remove(String alias) { if (isMasked()) - { - throw new IllegalStateException("masked envelope"); - } - super.remove(alias); + throw new IllegalStateException("masked envelope"); + + return super.remove(alias); + } + + public String toString() + { + return new StringBuilder("MaskableEnvelope{") + .append(super.toString()) + .append(", masked=").append(masked) + .append("}").toString(); } } diff --git a/gnu/javax/crypto/keyring/PasswordAuthenticatedEntry.java b/gnu/javax/crypto/keyring/PasswordAuthenticatedEntry.java index 4e7e49a0b..96d4fc4db 100644 --- a/gnu/javax/crypto/keyring/PasswordAuthenticatedEntry.java +++ b/gnu/javax/crypto/keyring/PasswordAuthenticatedEntry.java @@ -146,11 +146,11 @@ public final class PasswordAuthenticatedEntry extends MaskableEnvelopeEntry public void verify(char[] password) { - log.entering(this.getClass().getName(), "verify", String.valueOf(password)); - long tt = - System.currentTimeMillis(); - + log.entering(this.getClass().getName(), "verify"); if (isMasked() && payload != null) { + log.finest("payload to verify: " + Util.dumpString(payload)); + long tt = - System.currentTimeMillis(); IMac m = null; try { @@ -169,6 +169,8 @@ public final class PasswordAuthenticatedEntry extends MaskableEnvelopeEntry if (! Arrays.equals(macValue, m.digest())) throw new IllegalArgumentException("MAC verification failed"); + setMasked(false); + ByteArrayInputStream bais; try { @@ -180,19 +182,18 @@ public final class PasswordAuthenticatedEntry extends MaskableEnvelopeEntry { throw new IllegalArgumentException("malformed keyring fragment"); } - setMasked(false); - payload = null; - } - tt += System.currentTimeMillis(); - log.finer("Verified in " + tt + "ms."); + tt += System.currentTimeMillis(); + log.finer("Verified in " + tt + "ms."); + } + else + log.finer("Skip verification; " + (isMasked() ? "null payload" : "unmasked")); log.exiting(this.getClass().getName(), "verify"); } public void authenticate(char[] password) throws IOException { - log.entering(this.getClass().getName(), "authenticate", - String.valueOf(password)); + log.entering(this.getClass().getName(), "authenticate"); long tt = - System.currentTimeMillis(); long t1 = - System.currentTimeMillis(); @@ -218,7 +219,10 @@ public final class PasswordAuthenticatedEntry extends MaskableEnvelopeEntry log.finer("-- Authenticated an Entry in " + t1 + "ms."); } bout.write(m.digest()); + payload = bout.toByteArray(); + log.finest("authenticated payload: " + Util.dumpString(payload)); + setMasked(true); tt += System.currentTimeMillis(); log.finer("Authenticated in " + tt + "ms."); @@ -235,6 +239,7 @@ public final class PasswordAuthenticatedEntry extends MaskableEnvelopeEntry { if (payload == null) { + log.fine("Null payload: " + this); throw new IllegalStateException("mac not computed"); } } @@ -244,26 +249,25 @@ public final class PasswordAuthenticatedEntry extends MaskableEnvelopeEntry private IMac getMac(char[] password) throws MalformedKeyringException { - if (!properties.containsKey("salt")) - { - throw new MalformedKeyringException("no salt"); - } - byte[] salt = Util.toBytesFromString(properties.get("salt")); - IMac mac = MacFactory.getInstance(properties.get("mac")); + log.entering(this.getClass().getName(), "getMac"); + String saltString = properties.get("salt"); + if (saltString == null) + throw new MalformedKeyringException("no salt"); + + byte[] salt = Util.toBytesFromString(saltString); + String macAlgorithm = properties.get("mac"); + IMac mac = MacFactory.getInstance(macAlgorithm); if (mac == null) - { - throw new MalformedKeyringException("no such mac: " - + properties.get("mac")); - } - int keylen = mac.macSize(); - int maclen = 0; - if (!properties.containsKey("maclen")) - { - throw new MalformedKeyringException("no MAC length"); - } + throw new MalformedKeyringException("no such mac: " + macAlgorithm); + + String macLenString = properties.get("maclen"); + if (macLenString == null) + throw new MalformedKeyringException("no MAC length"); + + int maclen; try { - maclen = Integer.parseInt(properties.get("maclen")); + maclen = Integer.parseInt(macLenString); } catch (NumberFormatException nfe) { @@ -277,6 +281,7 @@ public final class PasswordAuthenticatedEntry extends MaskableEnvelopeEntry IRandom kdf = PRNGFactory.getInstance("PBKDF2-HMAC-SHA"); kdf.init(pbAttr); + int keylen = mac.macSize(); byte[] dk = new byte[keylen]; try { @@ -298,6 +303,7 @@ public final class PasswordAuthenticatedEntry extends MaskableEnvelopeEntry { throw new Error(shouldNotHappen.toString()); } + log.exiting(this.getClass().getName(), "getMac"); return mac; } } diff --git a/gnu/javax/crypto/keyring/PasswordEncryptedEntry.java b/gnu/javax/crypto/keyring/PasswordEncryptedEntry.java index d67ef0e0a..24ab98266 100644 --- a/gnu/javax/crypto/keyring/PasswordEncryptedEntry.java +++ b/gnu/javax/crypto/keyring/PasswordEncryptedEntry.java @@ -132,39 +132,40 @@ public class PasswordEncryptedEntry extends MaskableEnvelopeEntry implements public void decrypt(char[] password) throws IllegalArgumentException, WrongPaddingException { - log.entering(this.getClass().getName(), "decrypt", String.valueOf(password)); - long tt = - System.currentTimeMillis(); + log.entering(this.getClass().getName(), "decrypt"); + if (isMasked() && payload != null) + { + long tt = - System.currentTimeMillis(); + IMode mode = getMode(password, IMode.DECRYPTION); + IPad padding = PadFactory.getInstance("PKCS7"); + padding.init(mode.currentBlockSize()); + byte[] buf = new byte[payload.length]; + int count = 0; + while (count + mode.currentBlockSize() <= payload.length) + { + mode.update(payload, count, buf, count); + count += mode.currentBlockSize(); + } + int padlen = padding.unpad(buf, 0, buf.length); - if (!isMasked() || payload == null) - return; + setMasked(false); - IMode mode = getMode(password, IMode.DECRYPTION); - IPad padding = PadFactory.getInstance("PKCS7"); - padding.init(mode.currentBlockSize()); - byte[] buf = new byte[payload.length]; - int count = 0; - for (int i = 0; i < payload.length; i++) - { - mode.update(payload, count, buf, count); - count += mode.currentBlockSize(); - } - int padlen = padding.unpad(buf, 0, buf.length); - ByteArrayInputStream baos = new ByteArrayInputStream(buf, 0, - buf.length - padlen); - DataInputStream in = new DataInputStream(baos); - try - { - decodeEnvelope(in); - } - catch (IOException ioe) - { - throw new IllegalArgumentException("decryption failed"); + ByteArrayInputStream baos = new ByteArrayInputStream(buf, 0, + buf.length - padlen); + DataInputStream in = new DataInputStream(baos); + try + { + decodeEnvelope(in); + } + catch (IOException ioe) + { + throw new IllegalArgumentException("decryption failed"); + } + tt += System.currentTimeMillis(); + log.finer("Decrypted in " + tt + "ms."); } - setMasked(false); - payload = null; - - tt += System.currentTimeMillis(); - log.finer("Decrypted in " + tt + "ms."); + else + log.finer("Skip decryption; " + (isMasked() ? "null payload" : "unmasked")); log.exiting(this.getClass().getName(), "decrypt"); } @@ -208,6 +209,8 @@ public class PasswordEncryptedEntry extends MaskableEnvelopeEntry implements } mode.update(lastBlock, 0, payload, count); + setMasked(true); + tt += System.currentTimeMillis(); log.finer("Encrypted in " + tt + "ms."); log.exiting(this.getClass().getName(), "encrypt"); @@ -223,6 +226,7 @@ public class PasswordEncryptedEntry extends MaskableEnvelopeEntry implements { if (payload == null) { + log.fine("Null payload: " + this); throw new IllegalStateException("not encrypted"); } } diff --git a/gnu/javax/crypto/keyring/PrivateKeyEntry.java b/gnu/javax/crypto/keyring/PrivateKeyEntry.java index 882495633..cf5b41287 100644 --- a/gnu/javax/crypto/keyring/PrivateKeyEntry.java +++ b/gnu/javax/crypto/keyring/PrivateKeyEntry.java @@ -42,12 +42,10 @@ import gnu.java.security.key.IKeyPairCodec; import gnu.java.security.key.KeyPairCodecFactory; import gnu.java.security.key.dss.DSSPrivateKey; import gnu.java.security.key.rsa.GnuRSAPrivateKey; - import gnu.javax.crypto.key.GnuSecretKey; import gnu.javax.crypto.key.dh.GnuDHPrivateKey; import java.io.DataInputStream; -import java.io.DataOutputStream; import java.io.IOException; import java.security.Key; import java.security.KeyFactory; @@ -56,11 +54,11 @@ import java.security.spec.PKCS8EncodedKeySpec; import java.util.Date; /** - * <p>An immutable class representing a private or secret key entry.</p> + * An immutable class representing a private or secret key entry. */ -public final class PrivateKeyEntry extends PrimitiveEntry +public final class PrivateKeyEntry + extends PrimitiveEntry { - // Constants and variables // ------------------------------------------------------------------------- @@ -73,7 +71,7 @@ public final class PrivateKeyEntry extends PrimitiveEntry // ------------------------------------------------------------------------- /** - * <p>Creates a new key entry.</p> + * Creates a new key entry. * * @param key The key. * @param creationDate The entry creation date. @@ -85,13 +83,11 @@ public final class PrivateKeyEntry extends PrimitiveEntry super(TYPE, creationDate, properties); if (key == null) - { - throw new IllegalArgumentException("no private key"); - } - if (!(key instanceof PrivateKey) && !(key instanceof GnuSecretKey)) - { - throw new IllegalArgumentException("not a private or secret key"); - } + throw new IllegalArgumentException("no private key"); + + if (! (key instanceof PrivateKey) && ! (key instanceof GnuSecretKey)) + throw new IllegalArgumentException("not a private or secret key"); + this.key = key; } @@ -109,9 +105,8 @@ public final class PrivateKeyEntry extends PrimitiveEntry entry.defaultDecode(in); String type = entry.properties.get("type"); if (type == null) - { - throw new MalformedKeyringException("no key type"); - } + throw new MalformedKeyringException("no key type"); + if (type.equalsIgnoreCase("RAW-DSS")) { IKeyPairCodec coder = KeyPairCodecFactory.getInstance("dss"); @@ -128,42 +123,38 @@ public final class PrivateKeyEntry extends PrimitiveEntry entry.key = coder.decodePrivateKey(entry.payload); } else if (type.equalsIgnoreCase("RAW")) - { - entry.key = new GnuSecretKey(entry.payload, null); - } + entry.key = new GnuSecretKey(entry.payload, null); else if (type.equalsIgnoreCase("PKCS8")) { try { KeyFactory kf = KeyFactory.getInstance("RSA"); - entry.key = kf.generatePrivate(new PKCS8EncodedKeySpec( - entry.payload)); + PKCS8EncodedKeySpec ks = new PKCS8EncodedKeySpec(entry.payload); + entry.key = kf.generatePrivate(ks); } - catch (Exception x) + catch (Exception ignored) { } + if (entry.key == null) { try { KeyFactory kf = KeyFactory.getInstance("DSA"); - entry.key = kf.generatePrivate(new PKCS8EncodedKeySpec( - entry.payload)); + PKCS8EncodedKeySpec ks = new PKCS8EncodedKeySpec(entry.payload); + entry.key = kf.generatePrivate(ks); } - catch (Exception x) + catch (Exception ignored) { } + if (entry.key == null) - { - throw new MalformedKeyringException( - "could not decode PKCS#8 key"); - } + throw new MalformedKeyringException("could not decode PKCS#8 key"); } } else - { - throw new MalformedKeyringException("unsupported key type " + type); - } + throw new MalformedKeyringException("unsupported key type " + type); + return entry; } @@ -171,7 +162,7 @@ public final class PrivateKeyEntry extends PrimitiveEntry // ------------------------------------------------------------------------- /** - * <p>Returns this entry's key.</p> + * Returns this entry's key. * * @return The key. */ @@ -212,8 +203,12 @@ public final class PrivateKeyEntry extends PrimitiveEntry payload = key.getEncoded(); } else - { - throw new IllegalArgumentException("unsupported private key"); - } + throw new IllegalArgumentException("unsupported private key"); + } + + public String toString() + { + return "PrivateKeyEntry{key=" + + (key == null ? "-" : key.getClass().getName()) + "}"; } } |