com.springcryptoutils.core.signature.VerifierWithChoosersByAliasImpl Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of spring-crypto-utils Show documentation
A framework for easier configuration of cryptographic utilities using Spring.
The newest version!
/*
 * Copyright 2012 Mirko Caserta
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this software except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.springcryptoutils.core.signature;

import java.security.PublicKey;
import java.util.HashMap;
import java.util.Map;

import com.springcryptoutils.core.key.PublicKeyChooserByAlias;
import com.springcryptoutils.core.key.PublicKeyRegistryByAlias;
import com.springcryptoutils.core.keystore.KeyStoreChooser;

/**
 * The default implementation for verifying the authenticity of messages using
 * digital signatures when the public key alias can be configured on the side of
 * the user of this class.
 *
 * @author Mirko Caserta ([email protected])
 */
public class VerifierWithChoosersByAliasImpl implements VerifierWithChoosersByAlias {

	private Map cache = new HashMap();

	private PublicKeyRegistryByAlias publicKeyRegistryByAlias;

	private String algorithm = "SHA1withRSA";

	private String provider;

	/**
	 * Sets the public key registry.
	 *
	 * @param publicKeyRegistryByAlias the public key registry
	 */
	public void setPublicKeyRegistryByAlias(PublicKeyRegistryByAlias publicKeyRegistryByAlias) {
		this.publicKeyRegistryByAlias = publicKeyRegistryByAlias;
	}

	/**
	 * The signature algorithm. The default is SHA1withRSA.
	 *
	 * @param algorithm the signature algorithm
	 */
	public void setAlgorithm(String algorithm) {
		this.algorithm = algorithm;
	}

	/**
	 * Sets the provider name of the specific implementation requested (e.g.,
	 * "BC" for BouncyCastle, "SunJCE" for the default Sun JCE provider).
	 *
	 * @param provider the provider to set
	 */
	public void setProvider(String provider) {
		this.provider = provider;
	}

	/**
	 * Verifies the authenticity of a message using a digital signature.
	 *
	 * @param keyStoreChooser the keystore chooser
	 * @param publicKeyChooserByAlias the public key chooser
	 * @param message the message to sign
	 * @param signature the digital signature
	 * @return true if the authenticity of the message is verified by the
	 *         digital signature
	 */
	public boolean verify(KeyStoreChooser keyStoreChooser, PublicKeyChooserByAlias publicKeyChooserByAlias, byte[] message,
			byte[] signature) {
		Verifier verifier = cache.get(cacheKey(keyStoreChooser, publicKeyChooserByAlias));

		if (verifier != null) {
			return verifier.verify(message, signature);
		}

		VerifierImpl verifierImpl = new VerifierImpl();
		verifierImpl.setAlgorithm(algorithm);
		verifierImpl.setProvider(provider);
		PublicKey publicKey = publicKeyRegistryByAlias.get(keyStoreChooser, publicKeyChooserByAlias);

		if (publicKey == null) {
			throw new SignatureException("public key not found in registry: keyStoreName="
					+ keyStoreChooser.getKeyStoreName() + ", alias=" + publicKeyChooserByAlias.getAlias());
		}

		verifierImpl.setPublicKey(publicKey);
		cache.put(cacheKey(keyStoreChooser, publicKeyChooserByAlias), verifierImpl);
		return verifierImpl.verify(message, signature);
	}

	private static String cacheKey(KeyStoreChooser keyStoreChooser, PublicKeyChooserByAlias publicKeyChooserByAlias) {
		return new StringBuffer().append(keyStoreChooser.getKeyStoreName()).append('-').append(
				publicKeyChooserByAlias.getAlias()).toString();
	}

}