Menu
▾
▴
[Neuclear-develop] neuclear-id/src/java/org/neuclear/id/verifier VerifyingReader.java,1.10,1.11
|
From: <pe...@us...> - 2003-11-20 16:01:30
|
Update of /cvsroot/neuclear/neuclear-id/src/java/org/neuclear/id/verifier
In directory sc8-pr-cvs1:/tmp/cvs-serv5401/src/java/org/neuclear/id/verifier
Modified Files:
VerifyingReader.java
Log Message:
Did a security review of the basic Verification process and needed to make changes.
I've introduced the SignedNamedCore which all subclasses of SignedNamedObject need to include in their constructor.
What does this mean?
It means that all subclasses of SignedNamedObject have a guaranteed "signed final ticket" that can only be created in one place.
This also simplifies the constructors as well as the NamedObjectReaders.
I've gone through making everything in these contracts that is possible final. Thus further ensuring the security.
Index: VerifyingReader.java
===================================================================
RCS file: /cvsroot/neuclear/neuclear-id/src/java/org/neuclear/id/verifier/VerifyingReader.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -C2 -d -r1.10 -r1.11
*** VerifyingReader.java 19 Nov 2003 23:33:59 -0000 1.10
--- VerifyingReader.java 20 Nov 2003 16:01:25 -0000 1.11
***************
*** 38,41 ****
--- 38,49 ----
$Id$
$Log$
+ Revision 1.11 2003/11/20 16:01:25 pelle
+ Did a security review of the basic Verification process and needed to make changes.
+ I've introduced the SignedNamedCore which all subclasses of SignedNamedObject need to include in their constructor.
+ What does this mean?
+ It means that all subclasses of SignedNamedObject have a guaranteed "signed final ticket" that can only be created in one place.
+ This also simplifies the constructors as well as the NamedObjectReaders.
+ I've gone through making everything in these contracts that is possible final. Thus further ensuring the security.
+
Revision 1.10 2003/11/19 23:33:59 pelle
Signers now can generatekeys via the generateKey() method.
***************
*** 121,137 ****
* @throws NeuClearException
*/
! public SignedNamedObject read(InputStream is) throws XMLException, NeuClearException {
Element elem = XMLTools.loadDocument(is).getRootElement();
! String name = NSTools.normalizeNameURI(elem.attributeValue(getNameAttrQName()));
! String signatoryName = NSTools.getParentNSURI(name);
!
! Identity signatory = NSResolver.resolveIdentity(signatoryName);
! if (XMLSecTools.verifySignature(elem, signatory.getPublicKey())) {
! Timestamp timestamp = TimeTools.parseTimeStamp(elem.attributeValue("timestamp"));
! return resolveReader(elem).read(elem, name, signatory, new String(XMLSecTools.canonicalize(elem)), timestamp);
! } else
! throw new InvalidNamedObject(name + " isnt valid");
}
private NamedObjectReader resolveReader(Element elem) {
NamedObjectReader reader = (NamedObjectReader) readers.get(elem.getName());
--- 129,138 ----
* @throws NeuClearException
*/
! public final SignedNamedObject read(InputStream is) throws XMLException, NeuClearException {
Element elem = XMLTools.loadDocument(is).getRootElement();
! return resolveReader(elem).read(SignedNamedCore.read(elem),elem);
}
+
private NamedObjectReader resolveReader(Element elem) {
NamedObjectReader reader = (NamedObjectReader) readers.get(elem.getName());
***************
*** 141,148 ****
}
- private static QName getNameAttrQName() {
- return DocumentHelper.createQName("name", NSTools.NS_NEUID);
-
- }
public void registerReader(String name, NamedObjectReader reader) {
--- 142,145 ----
|
