summaryrefslogtreecommitdiff
path: root/wrappers/java/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'wrappers/java/src/main')
-rw-r--r--wrappers/java/src/main/java/nl/eduvpn/common/Discovery.java47
-rw-r--r--wrappers/java/src/main/java/nl/eduvpn/common/InvalidSignatureException.java8
-rw-r--r--wrappers/java/src/main/java/nl/eduvpn/common/InvalidSignatureUnknownKeyException.java8
-rw-r--r--wrappers/java/src/main/java/nl/eduvpn/common/SignatureTooOldException.java8
-rw-r--r--wrappers/java/src/main/java/nl/eduvpn/common/UnknownVerifyException.java9
-rw-r--r--wrappers/java/src/main/java/nl/eduvpn/common/VerifyException.java11
6 files changed, 69 insertions, 22 deletions
diff --git a/wrappers/java/src/main/java/nl/eduvpn/common/Discovery.java b/wrappers/java/src/main/java/nl/eduvpn/common/Discovery.java
index 40d5300..69308c8 100644
--- a/wrappers/java/src/main/java/nl/eduvpn/common/Discovery.java
+++ b/wrappers/java/src/main/java/nl/eduvpn/common/Discovery.java
@@ -6,38 +6,48 @@ import java.nio.charset.StandardCharsets;
import java.time.Instant;
public final class Discovery {
- private static final NativeApi discovery = Native.load("eduvpn_verify", NativeApi.class);
+ private static final String LIB_NAME = "eduvpn_common";
+ private static final NativeApi discovery = Native.load(LIB_NAME, NativeApi.class);
/**
* Verifies the signature on the JSON server_list.json/organization_list.json file.
- * If the function returns the signature is valid for the given file type.
+ * If the function returns, the signature is valid for the given file type.
*
* @param signature .minisig signature file contents.
* @param signedJson Signed .json file contents.
* @param expectedFileName The file type to be verified, one of {@code "server_list.json"} or {@code "organization_list.json"}.
- * @param minSignTime Minimum time for signature. Should be set to at least the time in a previously retrieved file.
+ * @param minSignTime Minimum time for signature. Should be set to at least the time of the previous signature.
* @throws IllegalArgumentException If {@code expectedFileName} is not one of the allowed values or one of the parameters is empty.
* @throws VerifyException If signature verification fails.
*/
public static void verify(byte[] signature, byte[] signedJson, String expectedFileName, Instant minSignTime) throws VerifyException {
- long err = discovery.Verify(NativeApi.GoSlice.make(signature), NativeApi.GoSlice.make(signedJson),
- NativeApi.GoSlice.make(expectedFileName.getBytes(StandardCharsets.UTF_8)),
- minSignTime.getEpochSecond());
- if (err != 0) {
- if (err == 1) throw new IllegalArgumentException("Unknown excpectedFileName");
- throw new VerifyException(err);
+ byte err = discovery.Verify(NativeApi.GoSlice.fromArray(signature), NativeApi.GoSlice.fromArray(signedJson),
+ NativeApi.GoSlice.fromString(expectedFileName), minSignTime.getEpochSecond());
+
+ switch (err) {
+ case 0:
+ return;
+ case 1:
+ throw new IllegalArgumentException("unknown expected file name");
+ case 2:
+ throw new InvalidSignatureException();
+ case 3:
+ throw new InvalidSignatureUnknownKeyException();
+ case 4:
+ throw new SignatureTooOldException();
+ default:
+ throw new UnknownVerifyException(err);
}
}
- /**
- * Use for testing only, see Go documentation.
- */
- // package-private
+ /** Use for testing only, see Go documentation. */
+ /*package-private*/
static void insecureTestingSetExtraKey(String keyString) {
- discovery.InsecureTestingSetExtraKey(NativeApi.GoSlice.make(keyString.getBytes(StandardCharsets.UTF_8)));
+ discovery.InsecureTestingSetExtraKey(NativeApi.GoSlice.fromArray(keyString.getBytes(StandardCharsets.UTF_8)));
}
private interface NativeApi extends Library {
+ // C-compatible structure
@Structure.FieldOrder({"data", "len", "cap"})
class GoSlice extends Structure implements Structure.ByValue {
public Pointer data;
@@ -49,14 +59,19 @@ public final class Discovery {
this.cap = cap;
}
- public static GoSlice make(byte[] bytes) {
+ public static GoSlice fromArray(byte[] bytes) {
Memory memory = new Memory(bytes.length);
memory.write(0, bytes, 0, bytes.length);
return new GoSlice(memory, bytes.length, bytes.length);
}
+
+ /** From string as UTF-8. */
+ public static GoSlice fromString(String str) {
+ return fromArray(str.getBytes(StandardCharsets.UTF_8));
+ }
}
- long Verify(GoSlice signatureFileContent, GoSlice signedJson, GoSlice expectedFileName, long minSignTime);
+ byte Verify(GoSlice signatureFileContent, GoSlice signedJson, GoSlice expectedFileName, long minSignTime);
void InsecureTestingSetExtraKey(GoSlice keyString);
}
diff --git a/wrappers/java/src/main/java/nl/eduvpn/common/InvalidSignatureException.java b/wrappers/java/src/main/java/nl/eduvpn/common/InvalidSignatureException.java
new file mode 100644
index 0000000..e531206
--- /dev/null
+++ b/wrappers/java/src/main/java/nl/eduvpn/common/InvalidSignatureException.java
@@ -0,0 +1,8 @@
+package nl.eduvpn.common;
+
+/** Signature is invalid (for the expected file type). */
+public final class InvalidSignatureException extends VerifyException {
+ public InvalidSignatureException() {
+ super("invalid signature");
+ }
+}
diff --git a/wrappers/java/src/main/java/nl/eduvpn/common/InvalidSignatureUnknownKeyException.java b/wrappers/java/src/main/java/nl/eduvpn/common/InvalidSignatureUnknownKeyException.java
new file mode 100644
index 0000000..8eaf661
--- /dev/null
+++ b/wrappers/java/src/main/java/nl/eduvpn/common/InvalidSignatureUnknownKeyException.java
@@ -0,0 +1,8 @@
+package nl.eduvpn.common;
+
+/** Signature was created with an unknown key and has not been verified. */
+public final class InvalidSignatureUnknownKeyException extends VerifyException {
+ public InvalidSignatureUnknownKeyException() {
+ super("invalid signature (unknown key)");
+ }
+}
diff --git a/wrappers/java/src/main/java/nl/eduvpn/common/SignatureTooOldException.java b/wrappers/java/src/main/java/nl/eduvpn/common/SignatureTooOldException.java
new file mode 100644
index 0000000..c40c718
--- /dev/null
+++ b/wrappers/java/src/main/java/nl/eduvpn/common/SignatureTooOldException.java
@@ -0,0 +1,8 @@
+package nl.eduvpn.common;
+
+/** Signature timestamp smaller than specified minimum signing time (rollback). */
+public final class SignatureTooOldException extends VerifyException {
+ public SignatureTooOldException() {
+ super("replay of previous signature (rollback)");
+ }
+}
diff --git a/wrappers/java/src/main/java/nl/eduvpn/common/UnknownVerifyException.java b/wrappers/java/src/main/java/nl/eduvpn/common/UnknownVerifyException.java
new file mode 100644
index 0000000..fa76a44
--- /dev/null
+++ b/wrappers/java/src/main/java/nl/eduvpn/common/UnknownVerifyException.java
@@ -0,0 +1,9 @@
+package nl.eduvpn.common;
+
+/** Other unknown error. */
+public final class UnknownVerifyException extends VerifyException {
+ public UnknownVerifyException(byte code) {
+ super(String.format("unknown verify error (%d)", code));
+ assert code != 0;
+ }
+}
diff --git a/wrappers/java/src/main/java/nl/eduvpn/common/VerifyException.java b/wrappers/java/src/main/java/nl/eduvpn/common/VerifyException.java
index 83dffb1..71ea290 100644
--- a/wrappers/java/src/main/java/nl/eduvpn/common/VerifyException.java
+++ b/wrappers/java/src/main/java/nl/eduvpn/common/VerifyException.java
@@ -1,9 +1,8 @@
package nl.eduvpn.common;
-public class VerifyException extends Exception {
- public final long code; //TODO not use plain long
-
- public VerifyException(long code) {
- this.code = code;
+/** Verification failed, do not trust the file. */
+public abstract class VerifyException extends Exception {
+ protected VerifyException(String message) {
+ super(message);
}
-} \ No newline at end of file
+}