org.openid4java.association
Class DiffieHellmanSession

java.lang.Object
  extended by org.openid4java.association.DiffieHellmanSession

public class DiffieHellmanSession
extends java.lang.Object

Author:
Marius Scurtescu, Johnny Bufu

Field Summary
private  javax.crypto.spec.DHParameterSpec _dhParameterSpec
           
private  java.security.MessageDigest _hDigest
           
private  java.security.KeyPair _keyPair
           
private static org.apache.commons.logging.Log _log
           
private  AssociationSessionType _type
           
static java.lang.String ALGORITHM
           
private static boolean DEBUG
           
static long DEFAULT_GENERATOR
           
static java.lang.String DEFAULT_GENERATOR_BASE64
           
static java.lang.String DEFAULT_MODULUS_BASE64
           
static java.lang.String DEFAULT_MODULUS_HEX
           
static java.lang.String H_ALGORITHM_SHA1
           
static java.lang.String H_ALGORITHM_SHA256
           
 
Constructor Summary
private DiffieHellmanSession(AssociationSessionType type, javax.crypto.spec.DHParameterSpec dhParameterSpec)
           
 
Method Summary
static DiffieHellmanSession create(AssociationSessionType type, javax.crypto.spec.DHParameterSpec dhParameterSpec)
           
static DiffieHellmanSession create(AssociationSessionType type, java.lang.String modulusBase64, java.lang.String generatorBase64)
           
 byte[] decryptMacKey(java.lang.String encMacKeyBase64, java.lang.String serverPublicKeyBase64)
          Decrypts the association AMC key.
 java.lang.String encryptMacKey(byte[] macKey, java.lang.String consumerPublicKeyBase64)
          Encrypts the association MAC key.
protected static java.security.KeyPair generateKeyPair(javax.crypto.spec.DHParameterSpec dhSpec)
           
static javax.crypto.spec.DHParameterSpec generateRandomParameter(int primeSize, int keySize)
           
static javax.crypto.spec.DHParameterSpec getDefaultParameter()
           
protected  byte[] getDigestedZZ(java.lang.String otherPublicKeyBase64)
           
 java.lang.String getGenerator()
          Gets the generator for the Diffie-Hellman key echange.
 java.lang.String getModulus()
          Gets the modulus for the Diffie-Hellman key echange.
protected  javax.crypto.interfaces.DHPrivateKey getPrivateKey()
           
 java.lang.String getPublicKey()
          Get the Diffie-Hellman public key.
 AssociationSessionType getType()
           
static boolean isDhSha1Supported()
           
static boolean isDhSha256Supported()
           
static boolean isDhShaSupported(java.lang.String shaAlgorithm)
           
private static boolean isDhSupported()
           
static boolean isDhSupported(AssociationSessionType type)
           
protected static java.lang.String publicKeyToString(javax.crypto.interfaces.DHPublicKey publicKey)
           
protected  javax.crypto.interfaces.DHPublicKey stringToPublicKey(java.lang.String publicKeyBase64)
           
 java.lang.String toString()
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

_log

private static org.apache.commons.logging.Log _log

DEBUG

private static final boolean DEBUG

DEFAULT_MODULUS_HEX

public static final java.lang.String DEFAULT_MODULUS_HEX
See Also:
Constant Field Values

DEFAULT_MODULUS_BASE64

public static final java.lang.String DEFAULT_MODULUS_BASE64
See Also:
Constant Field Values

DEFAULT_GENERATOR

public static final long DEFAULT_GENERATOR
See Also:
Constant Field Values

DEFAULT_GENERATOR_BASE64

public static final java.lang.String DEFAULT_GENERATOR_BASE64
See Also:
Constant Field Values

ALGORITHM

public static final java.lang.String ALGORITHM
See Also:
Constant Field Values

H_ALGORITHM_SHA1

public static final java.lang.String H_ALGORITHM_SHA1
See Also:
Constant Field Values

H_ALGORITHM_SHA256

public static final java.lang.String H_ALGORITHM_SHA256
See Also:
Constant Field Values

_type

private AssociationSessionType _type

_dhParameterSpec

private javax.crypto.spec.DHParameterSpec _dhParameterSpec

_keyPair

private java.security.KeyPair _keyPair

_hDigest

private java.security.MessageDigest _hDigest
Constructor Detail

DiffieHellmanSession

private DiffieHellmanSession(AssociationSessionType type,
                             javax.crypto.spec.DHParameterSpec dhParameterSpec)
                      throws AssociationException
Throws:
AssociationException
Method Detail

toString

public java.lang.String toString()
Overrides:
toString in class java.lang.Object

create

public static DiffieHellmanSession create(AssociationSessionType type,
                                          java.lang.String modulusBase64,
                                          java.lang.String generatorBase64)
                                   throws AssociationException
Throws:
AssociationException

create

public static DiffieHellmanSession create(AssociationSessionType type,
                                          javax.crypto.spec.DHParameterSpec dhParameterSpec)
                                   throws AssociationException
Throws:
AssociationException

getDefaultParameter

public static javax.crypto.spec.DHParameterSpec getDefaultParameter()

generateRandomParameter

public static javax.crypto.spec.DHParameterSpec generateRandomParameter(int primeSize,
                                                                        int keySize)

generateKeyPair

protected static java.security.KeyPair generateKeyPair(javax.crypto.spec.DHParameterSpec dhSpec)

getType

public AssociationSessionType getType()

getModulus

public java.lang.String getModulus()
Gets the modulus for the Diffie-Hellman key echange. This is the value passed in the openid.dh_modulus association request parameter.

Returns:
The base 64 encoded two's-complement representation of the modulus: base64(btwoc(p))

getGenerator

public java.lang.String getGenerator()
Gets the generator for the Diffie-Hellman key echange. This is the value passed in the openid.dh_gen association request parameter.

Returns:
The base 64 encoded two's-complement representation of the generator: base64(btwoc(g))

getPublicKey

public java.lang.String getPublicKey()
Get the Diffie-Hellman public key. This is the value passed in the openid.dh_consumer_public association request parameter and the value passed in the openid.dh_server_public association response parameter.

Returns:
The base 64 encoded two's-complement representation of the public key: base64(btwoc(g ^ x mod p))

getPrivateKey

protected javax.crypto.interfaces.DHPrivateKey getPrivateKey()

encryptMacKey

public java.lang.String encryptMacKey(byte[] macKey,
                                      java.lang.String consumerPublicKeyBase64)
                               throws AssociationException
Encrypts the association MAC key. The encryption takes palce on the server side (aka OP). This is the value passed in the openid.enc_mac_key association response parameter.

Parameters:
macKey - The MAC key in binary format.
consumerPublicKeyBase64 - The base 64 encoding of the consumer Diffie-Hellman public key. This is the value passed in the openid.dh_consumer_public association request parameter.
Returns:
The base 64 encoded two's-complement representation of the encrypted mac key: base64(H(btwoc(g ^ (xa * xb) mod p)) XOR MAC)
Throws:
AssociationException - if the lengths of the mac key and digest of Diffie-Hellman shared secred do not match.

decryptMacKey

public byte[] decryptMacKey(java.lang.String encMacKeyBase64,
                            java.lang.String serverPublicKeyBase64)
                     throws AssociationException
Decrypts the association AMC key. The decryption takes palce on the consumer side (aka RP).

Parameters:
encMacKeyBase64 - The base 64 encoded two's-complement representation of the encrypted mac key: base64(H(btwoc(g ^ (xa * xb) mod p)) XOR MAC). This is the value passed in the openid.enc_mac_key association response parameter.
serverPublicKeyBase64 - The base 64 encoding of the server Diffie-Hellman public key. This is the value passed in the openid.dh_server_public association response parameter.
Returns:
The MAC key in binary format.
Throws:
AssociationException - if the lengths of the encrypted mac key and digest of Diffie-Hellman shared secret do not match.

publicKeyToString

protected static java.lang.String publicKeyToString(javax.crypto.interfaces.DHPublicKey publicKey)

stringToPublicKey

protected javax.crypto.interfaces.DHPublicKey stringToPublicKey(java.lang.String publicKeyBase64)

getDigestedZZ

protected byte[] getDigestedZZ(java.lang.String otherPublicKeyBase64)

isDhSupported

private static boolean isDhSupported()

isDhSupported

public static boolean isDhSupported(AssociationSessionType type)

isDhShaSupported

public static boolean isDhShaSupported(java.lang.String shaAlgorithm)

isDhSha1Supported

public static boolean isDhSha1Supported()

isDhSha256Supported

public static boolean isDhSha256Supported()


Copyright 2006-2008 Sxip Identity Corporation