45 lines
2.0 KiB
Java
45 lines
2.0 KiB
Java
package org.jivesoftware.smackx.ikey;
|
|
|
|
import org.apache.xml.security.c14n.CanonicalizationException;
|
|
import org.apache.xml.security.parser.XMLParserException;
|
|
import org.bouncycastle.util.encoders.Base64;
|
|
import org.jivesoftware.smackx.ikey.element.IkeyElement;
|
|
import org.jxmpp.jid.EntityBareJid;
|
|
|
|
import java.io.IOException;
|
|
|
|
public class IkeySignatureVerifier {
|
|
|
|
private final IkeySignatureVerificationMechanism signatureVerificationMechanism;
|
|
private final XmlSecElementCanonicalizer elementCanonicalizer;
|
|
|
|
public IkeySignatureVerifier(IkeySignatureVerificationMechanism signatureVerificationMechanism, XmlSecElementCanonicalizer elementCanonicalizer) {
|
|
this.signatureVerificationMechanism = signatureVerificationMechanism;
|
|
this.elementCanonicalizer = elementCanonicalizer;
|
|
}
|
|
|
|
public boolean verify(IkeyElement element, EntityBareJid owner)
|
|
throws XMLParserException, IOException, CanonicalizationException {
|
|
throwIfMismatchingMechanism(element);
|
|
throwIfMismatchingOwnerJid(element, owner);
|
|
|
|
byte[] canonicalizedXml = elementCanonicalizer.canonicalize(element.getSubordinates());
|
|
byte[] signature = Base64.decode(element.getProof().getBase64Signature());
|
|
|
|
return signatureVerificationMechanism.isSignatureValid(canonicalizedXml, signature);
|
|
}
|
|
|
|
private void throwIfMismatchingOwnerJid(IkeyElement element, EntityBareJid owner) {
|
|
if (!element.getSubordinates().getJid().equals(owner)) {
|
|
throw new IllegalArgumentException("Provided ikey element does not contain jid of " + owner);
|
|
}
|
|
}
|
|
|
|
private void throwIfMismatchingMechanism(IkeyElement element) {
|
|
if (element.getType() != signatureVerificationMechanism.getType()) {
|
|
throw new IllegalArgumentException("Element was created using mechanism " + element.getType() +
|
|
" but this is a verifier for " + signatureVerificationMechanism.getType() + " ikey elements.");
|
|
}
|
|
}
|
|
}
|