started implementing signing and encryption

Author: thsc42

src/net/sharksystem/asap/protocol/ASAPSignAndEncryptionKeyStorage.java

@@ -0,0 +1,22 @@
+package net.sharksystem.asap.protocol;
+
+import net.sharksystem.asap.ASAPSecurityException;
+
+import java.security.PrivateKey;
+import java.security.PublicKey;
+
+public interface ASAPSignAndEncryptionKeyStorage {
+    /**
+     *
+     * @return private key of local device - for signing
+     * @throws ASAPSecurityException
+     */
+    PrivateKey getPrivateKey() throws ASAPSecurityException;
+
+    /**
+     *
+     * @param subjectID
+     * @return public key of recipient - to encrypt
+     */
+    PublicKey getPublicKey(CharSequence subjectID) throws ASAPSecurityException;
+}

src/net/sharksystem/asap/protocol/ASAP_1_0.java

@@ -1,6 +1,7 @@
 package net.sharksystem.asap.protocol;
 
 import net.sharksystem.asap.ASAPException;
+import net.sharksystem.asap.ASAPSecurityException;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -69,6 +70,26 @@ void interest(CharSequence peer, CharSequence sourcePeer, CharSequence format,
                   CharSequence channel, int eraFrom, int eraTo,
                   OutputStream os, boolean signed) throws IOException, ASAPException;
 
+    /**
+     * @param peer identifies a peer - can be null
+     * @param sourcePeer wished source (authority) of information (optional, can be null)
+     * @param eraFrom lower limit of era range (-1 means undefined)
+     * @param eraTo upper limit of era range (-1 means undefined)
+     * @param channel whished / required channel (can be null)
+     * @param format describes format - used to describe an application that can deal with transmitted data format.
+     * @param os stream that PDU is to be sent
+     * @param sign sign message when sending
+     * @param encrypted encrypt method - of possible
+     * @param mustBeEncrypted encrypt can be set true. There could not bot a public key of receipient. If hit flag ist
+     *           set true - an exception is thrown. Otherwise. message is sent unencrypted.
+     * @throws IOException
+     * @throws ASAPException
+     */
+    void interest(CharSequence peer, CharSequence sourcePeer, CharSequence format,
+                  CharSequence channel, int eraFrom, int eraTo,
+                  OutputStream os, boolean sign, boolean encrypted, boolean mustBeEncrypted)
+            throws IOException, ASAPException, ASAPSecurityException;
+
     /**
      * @param peer wished source (authority) of information
      * @param channel whished / required channel (can be null)

src/net/sharksystem/asap/protocol/ASAP_Modem_Impl.java

@@ -1,6 +1,7 @@
 package net.sharksystem.asap.protocol;
 
 import net.sharksystem.asap.ASAPException;
+import net.sharksystem.asap.ASAPSecurityException;
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
@@ -9,8 +10,18 @@
 import java.util.List;
 
 public class ASAP_Modem_Impl implements ASAP_1_0 {
+    private final ASAPSignAndEncryptionKeyStorage signAndEncryptionKeyStorage;
+
+    public ASAP_Modem_Impl() {
+        this.signAndEncryptionKeyStorage = null; // no key storage
+    }
+
+    public ASAP_Modem_Impl(ASAPSignAndEncryptionKeyStorage signAndEncryptionKeyStorage) {
+        this.signAndEncryptionKeyStorage = signAndEncryptionKeyStorage;
+    }
     // Character are transmitted as bytes: number of bytes (first byte), content following, 0 mean no content
 
+
     /*
     general structure:
     CMD | FLAGS | ... specifics
@@ -32,17 +43,28 @@ public void offer(CharSequence peer, CharSequence format, CharSequence channel,
 
     @Override
     public void interest(CharSequence peer, CharSequence sourcePeer, CharSequence format,
-            CharSequence channel, int eraFrom, int eraTo, OutputStream os, boolean signed)
+                         CharSequence channel, OutputStream os, boolean signed) throws IOException, ASAPException {
+
+        this.interest(peer, sourcePeer, format, channel, ERA_NOT_DEFINED, ERA_NOT_DEFINED, os, signed);
+    }
+
+    @Override
+    public void interest(CharSequence peer, CharSequence sourcePeer, CharSequence format,
+             CharSequence channel, int eraFrom, int eraTo, OutputStream os, boolean signed)
             throws IOException, ASAPException {
 
-        InterestPDU_Impl.sendPDU(peer, sourcePeer, format, channel, eraFrom, eraTo, os, signed);
+        this.interest(peer, sourcePeer, format, channel, eraFrom, eraTo, os,
+                signed, false, false);
     }
 
     @Override
     public void interest(CharSequence peer, CharSequence sourcePeer, CharSequence format,
-                         CharSequence channel, OutputStream os, boolean signed) throws IOException, ASAPException {
+            CharSequence channel, int eraFrom, int eraTo, OutputStream os, boolean signed,
+                         boolean encryted, boolean mustBeEncrypted)
+            throws IOException, ASAPException, ASAPSecurityException {
 
-        this.interest(peer, sourcePeer, format, channel, ERA_NOT_DEFINED, ERA_NOT_DEFINED, os, signed);
+        InterestPDU_Impl.sendPDU(peer, sourcePeer, format, channel, eraFrom, eraTo, os,
+                signed, encryted, mustBeEncrypted, this.signAndEncryptionKeyStorage);
     }
 
     @Override

src/net/sharksystem/asap/protocol/InterestPDU_Impl.java

@@ -1,10 +1,17 @@
 package net.sharksystem.asap.protocol;
 
 import net.sharksystem.asap.ASAPException;
+import net.sharksystem.asap.ASAPSecurityException;
+import net.sharksystem.asap.util.Log;
 
+import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Signature;
+import java.security.SignatureException;
 
 public class InterestPDU_Impl extends PDU_Impl implements ASAP_Interest_PDU_1_0 {
     private String sourcePeer;
@@ -37,7 +44,10 @@ private void readSourcePeer(InputStream is) throws IOException, ASAPException {
     }
 
     static void sendPDU(CharSequence peer, CharSequence sourcePeer, CharSequence format,
-                        CharSequence channel, int eraFrom, int eraTo, OutputStream os, boolean signed)
+                        CharSequence channel, int eraFrom, int eraTo, OutputStream os,
+                        boolean sign, boolean encrypted, boolean mustBeEncrypted,
+                        ASAPSignAndEncryptionKeyStorage keyStorage)
+
             throws IOException, ASAPException {
 
         if(format == null || format.length() < 1) format = ASAP_1_0.ANY_FORMAT;
@@ -46,9 +56,12 @@ static void sendPDU(CharSequence peer, CharSequence sourcePeer, CharSequence for
         PDU_Impl.checkValidEra(eraFrom);
         PDU_Impl.checkValidEra(eraTo);
         PDU_Impl.checkValidFormat(format);
-        PDU_Impl.checkValidSign(peer, signed);
+        PDU_Impl.checkValidSign(peer, sign);
         PDU_Impl.checkValidStream(os);
 
+        // Basis test
+        PDU_Impl.checkBasicSecurityRequirements(sign, encrypted, keyStorage);
+
         // create parameter bytes
         int flags = 0;
         flags = PDU_Impl.setFlag(peer, flags, PEER_BIT_POSITION);
@@ -57,6 +70,15 @@ static void sendPDU(CharSequence peer, CharSequence sourcePeer, CharSequence for
         flags = PDU_Impl.setFlag(eraFrom, flags, ERA_FROM_BIT_POSITION);
         flags = PDU_Impl.setFlag(eraTo, flags, ERA_TO_BIT_POSITION);
 
+        OutputStream usedOS = os; // assume we d not sign.
+        ByteArrayOutputStream bufferOS = null;
+
+        if(sign) {
+            // we have to collect all bytes which are to be signed
+            bufferOS = new ByteArrayOutputStream();
+            usedOS = bufferOS;
+        }
+
         PDU_Impl.sendHeader(ASAP_1_0.INTEREST_CMD, flags, os);
 
         PDU_Impl.sendCharSequenceParameter(peer, os); // opt
@@ -66,7 +88,27 @@ static void sendPDU(CharSequence peer, CharSequence sourcePeer, CharSequence for
         PDU_Impl.sendNonNegativeIntegerParameter(eraFrom, os); // opt
         PDU_Impl.sendNonNegativeIntegerParameter(eraTo, os); // opt
 
-        // TODO: signature
+        if(sign) {
+            // anything was written into a bytearray
+
+            // produce signature
+            Signature signature = null;
+            try {
+                signature = Signature.getInstance("TODO_signing_algorithm");
+                signature.initSign(keyStorage.getPrivateKey()); // desperate try
+                byte[] bytes2Sign = bufferOS.toByteArray();
+                signature.update(bytes2Sign);
+                byte[] signatureBytes = signature.sign();
+
+                // send out anything, including signature
+
+                // TODO need number of bytes payload to find signature later.
+                os.write(bytes2Sign);
+                os.write(signatureBytes);
+            } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) {
+                throw new ASAPSecurityException(e.getLocalizedMessage());
+            }
+        }
     }
 
     @Override

src/net/sharksystem/asap/protocol/PDU_Impl.java

@@ -1,6 +1,7 @@
 package net.sharksystem.asap.protocol;
 
 import net.sharksystem.asap.ASAPException;
+import net.sharksystem.asap.ASAPSecurityException;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -304,4 +305,38 @@ static void checkValidEra(int era) throws ASAPException {
         if(era > maxEra) throw new ASAPException("era exceeded max limit of " + Integer.MAX_VALUE);
     }
 
+    /**
+     * basis tests. if sign or encrypted true - at least a key store must be there. If sign. Public key must be there.
+     * @param sign
+     * @param encrypted
+     * @param keyStorage
+     * @throws ASAPSecurityException
+     */
+    static void checkBasicSecurityRequirements(boolean sign, boolean encrypted,
+                                               ASAPSignAndEncryptionKeyStorage keyStorage) throws ASAPSecurityException {
+        if(sign) {
+            // there must be a keyStorage
+            if(keyStorage == null) {
+                throw new ASAPSecurityException("asap message is to be signed but there is not key store - fatal, give up");
+            }
+
+            // signing needs a private key - check of available
+            if(keyStorage.getPrivateKey() == null) {
+                // assume, an exception already documented lack of a private key. if not
+                throw new ASAPSecurityException("asap message is to be signed but no private key - fatal, give up");
+            }
+
+            // ok, we can sign
+        }
+
+        if(encrypted) {
+            // there must be a keyStorage
+            if(keyStorage == null) {
+                throw new ASAPSecurityException("asap message is to be encrypted if possible " +
+                        "but there is not key store at all - fatal, give up");
+            }
+
+            // we have at least the chance
+        }
+    }
 }