moses.security
Class Secu

java.lang.Object
  |
  +--moses.security.Secu

public class Secu

extends java.lang.Object

This class is a generic class providing a set of tools dealing with creation and verification of digital signatures, certificates, and hashes.

Constructor Summary

Secu()

Method Summary

static java.lang.String	getHashOfKey(java.security.PublicKey pub) This method is used to compute the secure MD5 hash of a public key.
static byte[]	sign(java.lang.String message, java.security.PrivateKey Priv) This method signs a message using a provided private key.
static byte[]	signCertificate(java.security.PublicKey issuer, java.security.PublicKey subject, java.lang.String attributes, java.security.PrivateKey issuerPriv) This method signs the components of a certificate.
static byte[]	signSelfCertificate(moses.security.LGICert c, java.security.PrivateKey myKey) This method signs a self certificate.
static boolean	verifyCertificate(moses.security.LGICert c) This method is used to verify the integrity of a certificate.
static int	verifyControllerCert(moses.security.LGICert c, byte[] sign) This method verifies a controller's self-certificate.
static int	verifyControllerCert(moses.security.LGICert c, byte[] sign, java.security.PublicKey controllerAuPk) This method verifies a controller's self-certificate.
static boolean	verifySelfCertificate(moses.security.LGICert c, byte[] signature)
static boolean	verifySignature(java.lang.String message, java.security.PublicKey Pub, byte[] signature) This method is used to verify the authenticity of a digital signature.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Secu

public Secu()

Method Detail

sign

public static byte[] sign(java.lang.String message,
                          java.security.PrivateKey Priv)

This method signs a message using a provided private key.

Parameters:

message - represents the string to be signed.

Priv - represents the private key used in signing the message.

Returns:

the byte array representing the digital signature of the message argument.

verifySignature

public static boolean verifySignature(java.lang.String message,
                                      java.security.PublicKey Pub,
                                      byte[] signature)

This method is used to verify the authenticity of a digital signature.

Parameters:

message - represents the string whose signature is to be verified.

Pub - represents the public key whose corresponding private key has been used originally in signing the message.

signature - represents the signature to be verified.

Returns:

true if the signature has been produced by the corresponding private key and with the original message.

signCertificate

public static byte[] signCertificate(java.security.PublicKey issuer,
                                     java.security.PublicKey subject,
                                     java.lang.String attributes,
                                     java.security.PrivateKey issuerPriv)

This method signs the components of a certificate.

Parameters:

issuer - represents the public key of the issuer of the certificate.

subject - represents the public key of the subject.

attributes - represents the attributes of the certificate.

issuerPriv - represents the private key used for signing the certificate.

Returns:

the byte array representing the digital signature of the certificate.

signSelfCertificate

public static byte[] signSelfCertificate(moses.security.LGICert c,
                                         java.security.PrivateKey myKey)

This method signs a self certificate. This method is used to prove that the holder of a certificate is its subject. This method is a palliative to a challenge response system, since it is not secure against copiability.

Parameters:

c - represents the LGI certificate object.

myKey - represents the private key of the holder of the certificate.

Returns:

the byte array representing the digital signature of the certificate.

verifyCertificate

public static boolean verifyCertificate(moses.security.LGICert c)

This method is used to verify the integrity of a certificate. The verification checks the matching between the certificate signature and its issuer public key.

Parameters:

c - represents the certificate object to be verified.

Returns:

true if the certificate verifies, and false otherwise.

verifySelfCertificate

public static boolean verifySelfCertificate(moses.security.LGICert c,
                                            byte[] signature)

getHashOfKey

public static java.lang.String getHashOfKey(java.security.PublicKey pub)

This method is used to compute the secure MD5 hash of a public key.

Parameters:

pub - represents the public key to compute its hash.

Returns:

the hash value as a hexadecimal string. The string has a fixed size, and it consists of a number of 32 hexadecimal characters (zero padded). All the alphabetical symbols are represented in capitals.

verifyControllerCert

public static int verifyControllerCert(moses.security.LGICert c,
                                       byte[] sign,
                                       java.security.PublicKey controllerAuPk)

This method verifies a controller's self-certificate. The following are verified:

1. the desired CA and the certificate issuer are the same;
2. the certificate attributes are certifiedController;
3. the CA signature is valid;
4. the self signature is valid;

Parameters:

c - represents the certificate to verify.

sign - represents the self-signature over the certificate.

controllerAuPk - public key of the desired certifying authority

Returns:

Const.VERSUCC if the verification is successful; Const.SIGMM if there is a self-signature mismatch; Const.CASIGMM if there is a certificate signature mismatch ; Const.ATTMM if there is an attribute mismatch ; Const.CACPKMM if there is a mismatch between the public key of the issuer and that of the desired certifying authority;

verifyControllerCert

public static int verifyControllerCert(moses.security.LGICert c,
                                       byte[] sign)

This method verifies a controller's self-certificate. The following are verified:

1. the certificate attributes are certifiedController;
2. the CA signature is valid;
3. the self signature is valid;

Parameters:

c - represents the certificate to verify.

sign - represents the self-signature over the certificate.

Returns:

Const.VERSUCC if the verification is successful; Const.SIGMM if there is a self-signature mismatch; Const.CASIGMM if there is a certificate signature mismatch ; Const.ATTMM if there is an attribute mismatch ;