Skip to content

Commit

Permalink
Simplified exception handling
Browse files Browse the repository at this point in the history
  • Loading branch information
@cyberphone
cyberphone committed Apr 10, 2019
1 parent 66a239a commit 7a76b96
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 65 deletions.
25 changes: 0 additions & 25 deletions library/test/org/webpki/sks/SKSError.java
View file

This file was deleted.

76 changes: 36 additions & 40 deletions library/test/org/webpki/sks/SKSReferenceImplementation.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@
*
* Author: Anders Rundgren
*/
public class SKSReferenceImplementation implements SKSError, SecureKeyStore, Serializable {
public class SKSReferenceImplementation implements SecureKeyStore, Serializable {
private static final long serialVersionUID = 1L;

/////////////////////////////////////////////////////////////////////////////////////////////
Expand Down Expand Up @@ -154,15 +154,15 @@ abstract class NameSpace implements Serializable {
if (owner.names.get(id) != null) {
owner.abort("Duplicate \"" + VAR_ID + "\" : " + id);
}
checkIdSyntax(id, VAR_ID, owner);
checkIdSyntax(id, VAR_ID);
owner.names.put(id, false);
this.owner = owner;
this.id = id;
}
}


static void checkIdSyntax(String identifier, String symbolicName, SKSError sksError) {
static void checkIdSyntax(String identifier, String symbolicName) {
boolean flag = false;
if (identifier.length() == 0 || identifier.length() > MAX_LENGTH_ID_TYPE) {
flag = true;
Expand All @@ -176,7 +176,7 @@ static void checkIdSyntax(String identifier, String symbolicName, SKSError sksEr
}
}
if (flag) {
sksError.abort("Malformed \"" + symbolicName + "\" : " + identifier);
abort("Malformed \"" + symbolicName + "\" : " + identifier);
}
}

Expand Down Expand Up @@ -481,7 +481,7 @@ class PUKPolicy extends NameSpace implements Serializable {
}


class Provisioning implements SKSError, Serializable {
class Provisioning implements Serializable {
private static final long serialVersionUID = 1L;

int provisioningHandle;
Expand Down Expand Up @@ -523,7 +523,6 @@ void abort(Throwable e) {
abort(e.getMessage(), SKSException.ERROR_INTERNAL);
}

@Override
public void abort(String message) {
abort(message, SKSException.ERROR_OPTION);
}
Expand Down Expand Up @@ -1221,12 +1220,11 @@ EnumeratedProvisioningSession getProvisioning(Iterator<Provisioning> iter, boole
return null;
}

@Override
public void abort(String message) {
public static void abort(String message) {
abort(message, SKSException.ERROR_OPTION);
}

void abort(String message, int option) {
static void abort(String message, int option) {
throw new SKSException(message, option);
}

Expand Down Expand Up @@ -1257,12 +1255,12 @@ Algorithm getEcType(ECKey ecKey) {
return null;
}

String checkEcKeyCompatibility(ECKey ecKey, SKSError sksError, String keyId) {
String checkEcKeyCompatibility(ECKey ecKey, String keyId) {
Algorithm ecType = getEcType(ecKey);
if (ecType != null) {
return ecType.jceName;
}
sksError.abort("Unsupported EC key algorithm for: " + keyId);
abort("Unsupported EC key algorithm for: " + keyId);
return null;
}

Expand All @@ -1276,10 +1274,9 @@ int getEcPointLength(ECKey ecKey) throws GeneralSecurityException {

void checkRsaKeyCompatibility(int rsaKeySize,
BigInteger exponent,
SKSError sksError,
String keyId) {
if (!SKS_RSA_EXPONENT_SUPPORT && !exponent.equals(RSAKeyGenParameterSpec.F4)) {
sksError.abort("Unsupported RSA exponent value for: " + keyId);
abort("Unsupported RSA exponent value for: " + keyId);
}
boolean found = false;
for (short keySize : SKS_DEFAULT_RSA_SUPPORT) {
Expand All @@ -1289,7 +1286,7 @@ void checkRsaKeyCompatibility(int rsaKeySize,
}
}
if (!found) {
sksError.abort("Unsupported RSA key size " + rsaKeySize + " for: " + keyId);
abort("Unsupported RSA key size " + rsaKeySize + " for: " + keyId);
}
}

Expand All @@ -1302,13 +1299,12 @@ int getRSAKeySize(RSAKey rsaKey) {
void verifyPinPolicyCompliance(boolean forcedSetter,
byte[] pinValue,
PINPolicy pinPolicy,
byte appUsage,
SKSError sksError) {
byte appUsage) {
///////////////////////////////////////////////////////////////////////////////////
// Check PIN length
///////////////////////////////////////////////////////////////////////////////////
if (pinValue.length > pinPolicy.maxLength || pinValue.length < pinPolicy.minLength) {
sksError.abort("PIN length error");
abort("PIN length error");
}

///////////////////////////////////////////////////////////////////////////////////
Expand All @@ -1332,7 +1328,7 @@ void verifyPinPolicyCompliance(boolean forcedSetter,
}
if ((pinPolicy.format == PASSPHRASE_FORMAT_NUMERIC && (loweralpha || nonalphanum || upperalpha)) ||
(pinPolicy.format == PASSPHRASE_FORMAT_ALPHANUMERIC && (loweralpha || nonalphanum))) {
sksError.abort("PIN syntax error");
abort("PIN syntax error");
}

///////////////////////////////////////////////////////////////////////////////////
Expand All @@ -1341,7 +1337,7 @@ void verifyPinPolicyCompliance(boolean forcedSetter,
if ((pinPolicy.patternRestrictions & PIN_PATTERN_MISSING_GROUP) != 0) {
if (!upperalpha || !number ||
(pinPolicy.format == PASSPHRASE_FORMAT_STRING && (!loweralpha || !nonalphanum))) {
sksError.abort("Missing character group in PIN");
abort("Missing character group in PIN");
}
}
if ((pinPolicy.patternRestrictions & PIN_PATTERN_SEQUENCE) != 0) {
Expand All @@ -1356,15 +1352,15 @@ void verifyPinPolicyCompliance(boolean forcedSetter,
c = pinValue[i];
}
if (seq) {
sksError.abort("PIN must not be a sequence");
abort("PIN must not be a sequence");
}
}
if ((pinPolicy.patternRestrictions & PIN_PATTERN_REPEATED) != 0) {
for (int i = 0; i < pinValue.length; i++) {
byte b = pinValue[i];
for (int j = 0; j < pinValue.length; j++) {
if (j != i && b == pinValue[j]) {
sksError.abort("Repeated PIN character");
abort("Repeated PIN character");
}
}
}
Expand All @@ -1376,7 +1372,7 @@ void verifyPinPolicyCompliance(boolean forcedSetter,
for (int i = 1; i < pinValue.length; i++) {
if (c == pinValue[i]) {
if (++sameCount == max) {
sksError.abort("PIN with " + max + " or more of same the character in a row");
abort("PIN with " + max + " or more of same the character in a row");
}
} else {
sameCount = 1;
Expand All @@ -1397,19 +1393,19 @@ void verifyPinPolicyCompliance(boolean forcedSetter,
switch (pinPolicy.grouping) {
case PIN_GROUPING_SHARED:
if (!equal) {
sksError.abort("Grouping = \"shared\" requires identical PINs");
abort("Grouping = \"shared\" requires identical PINs");
}
continue;

case PIN_GROUPING_UNIQUE:
if (equal ^ (appUsage == keyEntry.appUsage)) {
sksError.abort("Grouping = \"unique\" PIN error");
abort("Grouping = \"unique\" PIN error");
}
continue;

case PIN_GROUPING_SIGN_PLUS_STD:
if (((appUsage == APP_USAGE_SIGNATURE) ^ (keyEntry.appUsage == APP_USAGE_SIGNATURE)) ^ !equal) {
sksError.abort("Grouping = \"signature+standard\" PIN error");
abort("Grouping = \"signature+standard\" PIN error");
}
}
}
Expand All @@ -1420,7 +1416,7 @@ void testUpdatablePin(KeyEntry keyEntry, byte[] newPin) {
if (!keyEntry.pinPolicy.userModifiable) {
abort("PIN for key #" + keyEntry.keyHandle + " is not user modifiable", SKSException.ERROR_NOT_ALLOWED);
}
verifyPinPolicyCompliance(true, newPin, keyEntry.pinPolicy, keyEntry.appUsage, this);
verifyPinPolicyCompliance(true, newPin, keyEntry.pinPolicy, keyEntry.appUsage);
}

void deleteEmptySession(Provisioning provisioning) {
Expand Down Expand Up @@ -1463,7 +1459,7 @@ Algorithm checkKeyAndAlgorithm(KeyEntry keyEntry, String inputAlgorithm, int exp
abort((keyEntry.isSymmetric() ? "S" : "As") + "ymmetric key #" + keyEntry.keyHandle + " is incompatible with: " + inputAlgorithm, SKSException.ERROR_ALGORITHM);
}
if (keyEntry.isSymmetric()) {
testAESKey(inputAlgorithm, keyEntry.symmetricKey, "#" + keyEntry.keyHandle, this);
testAESKey(inputAlgorithm, keyEntry.symmetricKey, "#" + keyEntry.keyHandle);
} else if (keyEntry.isRsa() ^ (alg.mask & ALG_RSA_KEY) != 0) {
abort((keyEntry.isRsa() ? "RSA" : "EC") + " key #" + keyEntry.keyHandle + " is incompatible with: " + inputAlgorithm, SKSException.ERROR_ALGORITHM);
}
Expand All @@ -1481,7 +1477,7 @@ byte[] addArrays(byte[] a, byte[] b) {
return r;
}

void testAESKey(String algorithm, byte[] symmetricKey, String keyId, SKSError sksError) {
void testAESKey(String algorithm, byte[] symmetricKey, String keyId) {
Algorithm alg = getAlgorithm(algorithm);
if ((alg.mask & ALG_SYM_ENC) != 0) {
int l = symmetricKey.length;
Expand All @@ -1490,7 +1486,7 @@ void testAESKey(String algorithm, byte[] symmetricKey, String keyId, SKSError sk
else if (l == 32) l = ALG_SYML_256;
else l = 0;
if ((l & alg.mask) == 0) {
sksError.abort("Key " + keyId + " has wrong size (" + symmetricKey.length + ") for algorithm: " + algorithm);
abort("Key " + keyId + " has wrong size (" + symmetricKey.length + ") for algorithm: " + algorithm);
}
}
}
Expand Down Expand Up @@ -1954,7 +1950,7 @@ public synchronized byte[] keyAgreement(int keyHandle,
///////////////////////////////////////////////////////////////////////////////////
// Check that the key type matches the algorithm
///////////////////////////////////////////////////////////////////////////////////
checkEcKeyCompatibility(publicKey, this, "\"" + VAR_PUBLIC_KEY + "\"");
checkEcKeyCompatibility(publicKey, "\"" + VAR_PUBLIC_KEY + "\"");

///////////////////////////////////////////////////////////////////////////////////
// Finally, perform operation
Expand Down Expand Up @@ -2515,7 +2511,7 @@ public synchronized byte[] closeProvisioningSession(int provisioningHandle,
///////////////////////////////////////////////////////////////////////////////////
// Symmetric. AES algorithms only operates on 128, 192, and 256 bit keys
///////////////////////////////////////////////////////////////////////////////////
testAESKey(algorithm, keyEntry.symmetricKey, keyEntry.id, provisioning);
testAESKey(algorithm, keyEntry.symmetricKey, keyEntry.id);
continue;
} else {
///////////////////////////////////////////////////////////////////////////////////
Expand Down Expand Up @@ -2666,24 +2662,24 @@ public synchronized ProvisioningSession createProvisioningSession(String session
///////////////////////////////////////////////////////////////////////////////////
// Check server ECDH key compatibility
///////////////////////////////////////////////////////////////////////////////////
String jceName = checkEcKeyCompatibility(serverEphemeralKey, this, "\"" + VAR_SERVER_EPHEMERAL_KEY + "\"");
String jceName = checkEcKeyCompatibility(serverEphemeralKey, "\"" + VAR_SERVER_EPHEMERAL_KEY + "\"");

///////////////////////////////////////////////////////////////////////////////////
// Check optional key management key compatibility
///////////////////////////////////////////////////////////////////////////////////
if (keyManagementKey != null) {
if (keyManagementKey instanceof RSAPublicKey) {
checkRsaKeyCompatibility(getRSAKeySize((RSAPublicKey) keyManagementKey),
((RSAPublicKey) keyManagementKey).getPublicExponent(), this, "\"" + VAR_KEY_MANAGEMENT_KEY + "\"");
((RSAPublicKey) keyManagementKey).getPublicExponent(), "\"" + VAR_KEY_MANAGEMENT_KEY + "\"");
} else {
checkEcKeyCompatibility((ECPublicKey) keyManagementKey, this, "\"" + VAR_KEY_MANAGEMENT_KEY + "\"");
checkEcKeyCompatibility((ECPublicKey) keyManagementKey, "\"" + VAR_KEY_MANAGEMENT_KEY + "\"");
}
}

///////////////////////////////////////////////////////////////////////////////////
// Check ServerSessionID
///////////////////////////////////////////////////////////////////////////////////
checkIdSyntax(serverSessionId, VAR_SERVER_SESSION_ID, this);
checkIdSyntax(serverSessionId, VAR_SERVER_SESSION_ID);

///////////////////////////////////////////////////////////////////////////////////
// Create ClientSessionID
Expand Down Expand Up @@ -2933,9 +2929,9 @@ public synchronized void importPrivateKey(int keyHandle,
if (rsaFlag) {
checkRsaKeyCompatibility(getRSAKeySize((RSAPrivateKey) keyEntry.privateKey),
keyEntry.getPublicRSAExponentFromPrivateKey(),
keyEntry.owner, keyEntry.id);
keyEntry.id);
} else {
checkEcKeyCompatibility((ECPrivateKey) keyEntry.privateKey, keyEntry.owner, keyEntry.id);
checkEcKeyCompatibility((ECPrivateKey) keyEntry.privateKey, keyEntry.id);
}
} catch (Exception e) {
tearDownSession(keyEntry, e);
Expand Down Expand Up @@ -3031,9 +3027,9 @@ public synchronized void setCertificatePath(int keyHandle,
if (keyEntry.publicKey instanceof RSAPublicKey) {
checkRsaKeyCompatibility(getRSAKeySize((RSAPublicKey) keyEntry.publicKey),
((RSAPublicKey) keyEntry.publicKey).getPublicExponent(),
keyEntry.owner, keyEntry.id);
keyEntry.id);
} else {
checkEcKeyCompatibility((ECPublicKey) keyEntry.publicKey, keyEntry.owner, keyEntry.id);
checkEcKeyCompatibility((ECPublicKey) keyEntry.publicKey, keyEntry.id);
}

///////////////////////////////////////////////////////////////////////////////////
Expand Down Expand Up @@ -3202,7 +3198,7 @@ public synchronized KeyData createKeyEntry(int provisioningHandle,
///////////////////////////////////////////////////////////////////////////////////
// Testing the actual PIN value
///////////////////////////////////////////////////////////////////////////////////
verifyPinPolicyCompliance(false, pinValue, pinPolicy, appUsage, provisioning);
verifyPinPolicyCompliance(false, pinValue, pinPolicy, appUsage);
}

///////////////////////////////////////////////////////////////////////////////////
Expand Down

0 comments on commit 7a76b96

Please sign in to comment.