[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libeufin] branch master updated: actually verify VEU
From: |
gnunet |
Subject: |
[libeufin] branch master updated: actually verify VEU |
Date: |
Wed, 13 Nov 2019 13:04:12 +0100 |
This is an automated email from the git hooks/post-receive script.
dold pushed a commit to branch master
in repository libeufin.
The following commit(s) were added to refs/heads/master by this push:
new 971c113 actually verify VEU
971c113 is described below
commit 971c113484a178482973438f2de39f544341d1ab
Author: Florian Dold <address@hidden>
AuthorDate: Wed Nov 13 13:04:08 2019 +0100
actually verify VEU
---
.../kotlin/tech/libeufin/sandbox/CryptoUtil.kt | 5 ++++
.../src/main/kotlin/tech/libeufin/sandbox/DB.kt | 3 ++-
.../tech/libeufin/sandbox/EbicsProtocolBackend.kt | 28 ++++++++++++++++++++++
.../schema/ebics_s001/UserSignatureData.kt | 2 +-
4 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/sandbox/src/main/kotlin/tech/libeufin/sandbox/CryptoUtil.kt
b/sandbox/src/main/kotlin/tech/libeufin/sandbox/CryptoUtil.kt
index 3d09983..f19d302 100644
--- a/sandbox/src/main/kotlin/tech/libeufin/sandbox/CryptoUtil.kt
+++ b/sandbox/src/main/kotlin/tech/libeufin/sandbox/CryptoUtil.kt
@@ -180,4 +180,9 @@ object CryptoUtil {
signature.update(data)
return signature.verify(sig)
}
+
+ fun digestEbicsA006(data: ByteArray): ByteArray {
+ val digest = MessageDigest.getInstance("SHA-256")
+ return digest.digest(data)
+ }
}
diff --git a/sandbox/src/main/kotlin/tech/libeufin/sandbox/DB.kt
b/sandbox/src/main/kotlin/tech/libeufin/sandbox/DB.kt
index 7f1e97b..99cd1d8 100644
--- a/sandbox/src/main/kotlin/tech/libeufin/sandbox/DB.kt
+++ b/sandbox/src/main/kotlin/tech/libeufin/sandbox/DB.kt
@@ -285,7 +285,8 @@ fun dbCreateTables() {
EbicsHostsTable,
EbicsDownloadTransactionsTable,
EbicsUploadTransactionsTable,
- EbicsUploadTransactionChunksTable
+ EbicsUploadTransactionChunksTable,
+ EbicsOrderSignaturesTable
)
}
}
diff --git
a/sandbox/src/main/kotlin/tech/libeufin/sandbox/EbicsProtocolBackend.kt
b/sandbox/src/main/kotlin/tech/libeufin/sandbox/EbicsProtocolBackend.kt
index 7f3cf99..69fbfb7 100644
--- a/sandbox/src/main/kotlin/tech/libeufin/sandbox/EbicsProtocolBackend.kt
+++ b/sandbox/src/main/kotlin/tech/libeufin/sandbox/EbicsProtocolBackend.kt
@@ -27,6 +27,7 @@ import io.ktor.request.receiveText
import io.ktor.response.respond
import io.ktor.response.respondText
import org.apache.xml.security.binding.xmldsig.RSAKeyValueType
+import org.jetbrains.exposed.sql.and
import org.jetbrains.exposed.sql.transactions.transaction
import org.jetbrains.exposed.sql.upperCase
import org.w3c.dom.Document
@@ -528,6 +529,8 @@ suspend fun ApplicationCall.ebicsweb() {
CryptoUtil.loadRsaPublicKey(subscriber.authenticationKey!!.rsaPublicKey.toByteArray())
val clientEncPub =
CryptoUtil.loadRsaPublicKey(subscriber.encryptionKey!!.rsaPublicKey.toByteArray())
+ val clientSigPub =
+
CryptoUtil.loadRsaPublicKey(subscriber.signatureKey!!.rsaPublicKey.toByteArray())
// Step 2 of 3: Validate the signature
val verifyResult =
XMLUtil.verifyEbicsDocument(requestDocument, clientAuthPub)
@@ -616,7 +619,9 @@ suspend fun ApplicationCall.ebicsweb() {
this.transactionKeyEnc =
SerialBlob(transactionKeyEnc)
}
val sigObj =
XMLUtil.convertStringToJaxb<UserSignatureData>(plainSigData.toString(Charsets.UTF_8))
+ println("got UserSignatureData:
${plainSigData.toString(Charsets.UTF_8)}")
for (sig in sigObj.value.orderSignatureList ?:
listOf()) {
+ println("inserting order signature for orderID
$orderID and orderType $orderType")
EbicsOrderSignatureEntity.new {
this.orderID = orderID
this.orderType = orderType
@@ -646,6 +651,29 @@ suspend fun ApplicationCall.ebicsweb() {
val unzippedData =
InflaterInputStream(zippedData.inputStream()).use { it.readAllBytes() }
println("got upload data:
${unzippedData.toString(Charsets.UTF_8)}")
+
+ val sigs = EbicsOrderSignatureEntity.find {
+ (EbicsOrderSignaturesTable.orderID eq
uploadTransaction.orderID) and
+
(EbicsOrderSignaturesTable.orderType eq uploadTransaction.orderType)
+ }
+
+ if (sigs.count() == 0) {
+ throw EbicsInvalidRequestError()
+ }
+
+ for (sig in sigs) {
+ if (sig.signatureAlgorithm == "A006") {
+ val signedData =
CryptoUtil.digestEbicsA006(unzippedData)
+ val res =
CryptoUtil.verifyEbicsA006(sig.signatureValue.toByteArray(), signedData,
clientSigPub)
+ println("VEU verification result:
$res")
+ if (!res) {
+ throw EbicsInvalidRequestError()
+ }
+ } else {
+ throw NotImplementedError()
+ }
+ }
+
EbicsResponse.createForUploadTransferPhase(
requestTransactionID,
requestSegmentNumber,
diff --git
a/sandbox/src/main/kotlin/tech/libeufin/schema/ebics_s001/UserSignatureData.kt
b/sandbox/src/main/kotlin/tech/libeufin/schema/ebics_s001/UserSignatureData.kt
index c014f14..193979e 100644
---
a/sandbox/src/main/kotlin/tech/libeufin/schema/ebics_s001/UserSignatureData.kt
+++
b/sandbox/src/main/kotlin/tech/libeufin/schema/ebics_s001/UserSignatureData.kt
@@ -6,7 +6,7 @@ import javax.xml.bind.annotation.*
@XmlRootElement(name = "UserSignatureData")
@XmlType(name = "", propOrder = ["orderSignatureList"])
class UserSignatureData {
- @XmlElement(name = "OrderSignature", type = OrderSignatureData::class)
+ @XmlElement(name = "OrderSignatureData", type = OrderSignatureData::class)
var orderSignatureList: List<OrderSignatureData>? = null
@XmlAccessorType(XmlAccessType.NONE)
--
To stop receiving notification emails like this one, please contact
address@hidden.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [libeufin] branch master updated: actually verify VEU,
gnunet <=