Skip to content

Commit

Permalink
Apply auto-formatting, re #7
Browse files Browse the repository at this point in the history
  • Loading branch information
@safris
safris committed Feb 27, 2024
1 parent d6b23d5 commit 44eeb2c
Show file tree
Hide file tree
Showing 8 changed files with 92 additions and 114 deletions.
46 changes: 23 additions & 23 deletions cert/src/main/java/org/openjax/security/cert/X509Certificates.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -287,12 +287,12 @@ public static X509Certificate decodeCertificate(final InputStream in) throws Cer
}

/**
* Returns a collection of {@link X509Certificate}s from the specified {@link InputStream} that provides a DER-formatted
* certificate chain.
* Returns a collection of {@link X509Certificate}s from the specified {@link InputStream} that provides a DER-formatted certificate
* chain.
*
* @param in An {@link InputStream} providing a DER-formatted certificate.
* @return A collection of {@link X509Certificate}s from the specified {@link InputStream} that provides a DER-formatted
* certificate chain.
* @return A collection of {@link X509Certificate}s from the specified {@link InputStream} that provides a DER-formatted certificate
* chain.
* @throws CertificateException If an exception occurs parsing the DER-formatted certificate chain from the provided
* {@link InputStream}.
* @throws NullPointerException If {@code in} is null.
Expand All @@ -316,8 +316,7 @@ public static Collection<X509Certificate> decodeCertificateChain(final InputStre
*
* @param der A {@code byte[]} DER-formatted certificate.
* @return A {@link X509Certificate} from the specified {@code byte[]} DER-formatted certificate.
* @throws CertificateException If an exception occurs parsing the DER-formatted certificate from the provided
* {@link InputStream}.
* @throws CertificateException If an exception occurs parsing the DER-formatted certificate from the provided {@link InputStream}.
* @throws NullPointerException If {@code der} is null.
*/
public static X509Certificate decodeCertificate(final byte[] der) throws CertificateException {
Expand All @@ -329,24 +328,23 @@ public static X509Certificate decodeCertificate(final byte[] der) throws Certifi
*
* @param der A {@code byte[]} DER-formatted certificate.
* @return A collection of {@link X509Certificate}s from the specified {@code byte[]} DER-formatted certificate chain.
* @throws CertificateException If an exception occurs parsing the DER-formatted certificate from the provided
* {@link InputStream}.
* @throws CertificateException If an exception occurs parsing the DER-formatted certificate from the provided {@link InputStream}.
* @throws NullPointerException If {@code der} is null.
*/
public static Collection<X509Certificate> decodeCertificateChain(final byte[] der) throws CertificateException {
return decodeCertificateChain(new ByteArrayInputStream(assertNotNull(der)));
}

/**
* Returns a new {@link KeyStore} instance that is loaded and initialized from the provided {@link InputStream}, and unlocked if
* the provided {@code storePassword} is not null. The type of the new {@link KeyStore} is the default keystore type as specified
* by the {@code keystore.type} {@linkplain java.security.Security#getProperty security property}, or the string "jks" (acronym
* for "Java keystore") if no such property exists.
* Returns a new {@link KeyStore} instance that is loaded and initialized from the provided {@link InputStream}, and unlocked if the
* provided {@code storePassword} is not null. The type of the new {@link KeyStore} is the default keystore type as specified by the
* {@code keystore.type} {@linkplain java.security.Security#getProperty security property}, or the string "jks" (acronym for "Java
* keystore") if no such property exists.
*
* @param url
* @param storePassword
* @return A new {@link KeyStore} instance that is loaded and initialized from the provided {@link InputStream}, and unlocked if
* the provided {@code storePassword} is not null.
* @return A new {@link KeyStore} instance that is loaded and initialized from the provided {@link InputStream}, and unlocked if the
* provided {@code storePassword} is not null.
* @throws CertificateException If any of the certificates in the keystore could not be loaded.
* @throws IOException If an I/O error has occurred.
* @throws KeyStoreException If no {@link java.security.Provider} supports a {@link java.security.KeyStoreSpi} implementation for
Expand Down Expand Up @@ -395,8 +393,8 @@ private static X509Certificate[] convertCertPathToX509CertArray(final List<? ext
* @param trustedRootCerts The root certificates of the {@linkplain KeyStore Trust Store} specifying the certificate chain.
* @return A <b>valid</b> certificate path rebuilt from the provided {@code clientCert} and the given {@code trustedRootCerts}, or
* {@code null} if no valid path exists.
* @throws NullPointerException If {@code clientCert}, or {@code trustedRootCerts} or any member of {@code trustedRootCerts}
* is null.
* @throws NullPointerException If {@code clientCert}, or {@code trustedRootCerts} or any member of {@code trustedRootCerts} is
* null.
*/
public static X509Certificate[] getCertificatePath(final X509Certificate clientCert, final Set<X509Certificate> trustedRootCerts) {
return getCertificatePath(clientCert, trustedRootCerts, null);
Expand All @@ -408,12 +406,11 @@ public static X509Certificate[] getCertificatePath(final X509Certificate clientC
*
* @param clientCert The client {@link X509Certificate}.
* @param trustedRootCerts The root certificates of the {@linkplain KeyStore Trust Store} specifying the certificate chain.
* @param intermediateCerts The intermediate certificates of the {@linkplain KeyStore Trust Store} specifying the certificate
* chain.
* @param intermediateCerts The intermediate certificates of the {@linkplain KeyStore Trust Store} specifying the certificate chain.
* @return A <b>valid</b> certificate path from the provided {@code clientCert} and the given {@code trustedRootCerts} and
* {@code intermediateCerts}, or {@code null} if no valid path exists.
* @throws NullPointerException If {@code clientCert}, or {@code trustedRootCerts} or any member of {@code trustedRootCerts}
* is null.
* @throws NullPointerException If {@code clientCert}, or {@code trustedRootCerts} or any member of {@code trustedRootCerts} is
* null.
*/
public static X509Certificate[] getCertificatePath(final X509Certificate clientCert, final Set<X509Certificate> trustedRootCerts, Set<X509Certificate> intermediateCerts) {
intermediateCerts = intermediateCerts != null ? new HashSet<>(intermediateCerts) : new HashSet<>();
Expand Down Expand Up @@ -453,15 +450,18 @@ public static X509Certificate[] getCertificatePath(final X509Certificate clientC

final List<? extends Certificate> certificates = certPath.getCertificates();
final int noCertificates = certificates.size();
if (logger.isDebugEnabled()) logger.debug("Certification path built with " + noCertificates + " X.509 Certificates");
if (logger.isDebugEnabled())
logger.debug("Certification path built with " + noCertificates + " X.509 Certificates");
final X509Certificate[] certificateChain = convertCertPathToX509CertArray(certificates, noCertificates, 0, 0);

if (logger.isDebugEnabled()) logger.debug("Client certificate (valid): SubjectDN=[" + clientCert.getSubjectDN() + "] SerialNumber=[" + clientCert.getSerialNumber() + "]");
if (logger.isDebugEnabled())
logger.debug("Client certificate (valid): SubjectDN=[" + clientCert.getSubjectDN() + "] SerialNumber=[" + clientCert.getSerialNumber() + "]");
return certificateChain;
}
catch (final CertPathBuilderException e) {
if ("unable to find valid certification path to requested target".equals(e.getMessage())) {
if (logger.isDebugEnabled()) logger.debug("Client certificate (invalid): SubjectDN=[" + clientCert.getSubjectDN() + "] SerialNumber=[" + clientCert.getSerialNumber() + "]");
if (logger.isDebugEnabled())
logger.debug("Client certificate (invalid): SubjectDN=[" + clientCert.getSubjectDN() + "] SerialNumber=[" + clientCert.getSerialNumber() + "]");
return null;
}

Expand Down
47 changes: 20 additions & 27 deletions nacl/src/main/java/org/openjax/security/nacl/Nacl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,8 +65,7 @@ public abstract class Nacl {
public static final Nacl TweetFast = new NaclTweetFast();

/*
* Port of Andrew Moon's Poly1305-donna-16. Public domain.
* https://github.com/floodyberry/poly1305-donna
* Port of Andrew Moon's Poly1305-donna-16. Public domain. https://github.com/floodyberry/poly1305-donna
*/
static void cryptoOneTimeAuth(final byte[] out, final int outpos, final byte[] m, final int mpos, final int n, final byte[] k) {
final Poly1305 s = new Poly1305(k);
Expand Down Expand Up @@ -162,13 +161,11 @@ static void cswap(final long[][] p, final long[][] q, final byte b) {
}

/*
* public static byte[] randombytes(byte [] x, int len) { int ret = len % 8;
* long rnd; for (int i = 0; i < len-ret; i += 8) { rnd = jrandom.nextLong(); // [A]
* x[i+0] = (byte) (rnd >>> 0); x[i+1] = (byte) (rnd >>> 8); x[i+2] = (byte)
* (rnd >>> 16); x[i+3] = (byte) (rnd >>> 24); x[i+4] = (byte) (rnd >>> 32);
* x[i+5] = (byte) (rnd >>> 40); x[i+6] = (byte) (rnd >>> 48); x[i+7] = (byte)
* (rnd >>> 56); } if (ret > 0) { rnd = jrandom.nextLong(); for (int i = // [A]
* len-ret; i < len; i ++) x[i] = (byte) (rnd >>> 8*i); } return x; }
* public static byte[] randombytes(byte [] x, int len) { int ret = len % 8; long rnd; for (int i = 0; i < len-ret; i += 8) { rnd =
* jrandom.nextLong(); // [A] x[i+0] = (byte) (rnd >>> 0); x[i+1] = (byte) (rnd >>> 8); x[i+2] = (byte) (rnd >>> 16); x[i+3] =
* (byte) (rnd >>> 24); x[i+4] = (byte) (rnd >>> 32); x[i+5] = (byte) (rnd >>> 40); x[i+6] = (byte) (rnd >>> 48); x[i+7] = (byte)
* (rnd >>> 56); } if (ret > 0) { rnd = jrandom.nextLong(); for (int i = // [A] len-ret; i < len; i ++) x[i] = (byte) (rnd >>> 8*i);
* } return x; }
*/

private static byte[] randombytes(final byte[] x) {
Expand Down Expand Up @@ -235,11 +232,11 @@ public final void setNonce(final long nonce) {
}

public final long getNonce() {
return this.nonce.get();
return nonce.get();
}

public final long incrNonce() {
return this.nonce.incrementAndGet();
return nonce.incrementAndGet();
}

final byte[] generateNonce() {
Expand Down Expand Up @@ -302,12 +299,12 @@ final byte[] generateNonce() {
* @return A precomputed shared key which can be used in nacl.box.after and nacl.box.open.after.
*/
public final byte[] before() {
if (this.sharedKey == null) {
this.sharedKey = new byte[sharedKeyLength];
nacl.cryptoBoxBeforeNm(this.sharedKey, this.theirPublicKey, this.mySecretKey);
if (sharedKey == null) {
sharedKey = new byte[sharedKeyLength];
nacl.cryptoBoxBeforeNm(sharedKey, theirPublicKey, mySecretKey);
}

return this.sharedKey;
return sharedKey;
}
}

Expand All @@ -324,7 +321,6 @@ public abstract class SecretBox {

SecretBox(final byte[] key, final long nonce) {
this.key = key;

this.nonce = new AtomicLong(nonce);
}

Expand All @@ -333,11 +329,11 @@ public final void setNonce(final long nonce) {
}

public final long getNonce() {
return this.nonce.get();
return nonce.get();
}

public final long incNonce() {
return this.nonce.incrementAndGet();
return nonce.incrementAndGet();
}

final byte[] generateNonce() {
Expand All @@ -359,8 +355,8 @@ final byte[] generateNonce() {
}

/**
* Encrypt and authenticates message using the key and the nonce. The nonce must be unique for each distinct message for this
* key. // [A]
* Encrypt and authenticates message using the key and the nonce. The nonce must be unique for each distinct message for this key.
* // [A]
*
* @param message The message.
* @return An encrypted and authenticated message, which is nacl.secretbox.overheadLength longer than the original message.
Expand Down Expand Up @@ -431,7 +427,7 @@ public abstract class Signature {
* @return The signature.
*/
public final byte[] detached(final byte[] message) {
final byte[] signedMsg = this.sign(message);
final byte[] signedMsg = sign(message);
final byte[] sig = new byte[signatureLength];
System.arraycopy(signedMsg, 0, sig, 0, sig.length);

Expand Down Expand Up @@ -588,12 +584,9 @@ public final void cryptoBoxBeforeNm(final byte[] k, final byte[] y, final byte[]
cryptoScalarMult(s, x, y);

/*
* String dbgt = ""; for (int dbg = 0; dbg < s.length; dbg ++) dbgt +=
* " "+s[dbg]; Log.d(TAG, "crypto_box_beforenm -> "+dbgt); dbgt = ""; for
* (int dbg = 0; dbg < x.length; dbg ++) dbgt += " "+x[dbg]; Log.d(TAG,
* "crypto_box_beforenm, x -> "+dbgt); dbgt = ""; for (int dbg = 0; dbg <
* y.length; dbg ++) dbgt += " "+y[dbg]; Log.d(TAG,
* "crypto_box_beforenm, y -> "+dbgt);
* String dbgt = ""; for (int dbg = 0; dbg < s.length; dbg ++) dbgt += " "+s[dbg]; Log.d(TAG, "crypto_box_beforenm -> "+dbgt); dbgt
* = ""; for (int dbg = 0; dbg < x.length; dbg ++) dbgt += " "+x[dbg]; Log.d(TAG, "crypto_box_beforenm, x -> "+dbgt); dbgt = ""; for
* (int dbg = 0; dbg < y.length; dbg ++) dbgt += " "+y[dbg]; Log.d(TAG, "crypto_box_beforenm, y -> "+dbgt);
*/

cryptoCoreHsalsa20(k, _0, s, sigma);
Expand Down
42 changes: 16 additions & 26 deletions nacl/src/main/java/org/openjax/security/nacl/NaclTweet.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -458,30 +458,20 @@ private void cryptoStreamXor(final byte[] c, final byte[] m, final long d, final
}

/*
* !!! Use TweetNaclFast.java onetimeauth function private static void
* add1305(int [] h,int [] c) { int j; int u = 0; for (j = 0; j < 17; j ++) {
* u = (u + ((h[j] + c[j]) | 0)) | 0; h[j] = u & 255; u >>>= 8; } } private
* static final int minusp[] = { 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
* 0, 252 }; private static int crypto_onetimeauth( byte[] out,final int
* outoff,final int outlen, byte[] m,final int moff,final int mlen, long n,
* byte [] k) { int i,j; int s,u; int [] x = new int[17], r = new int [17], h
* = new int[17], c = new int [17], g = new int[17]; for (j = 0; j < 17; j ++)
* r[j] = h[j] = 0; for (j = 0; j < 16; j ++) r[j] = k[j] & 0xff; r[3]&=15;
* r[4]&=252; r[7]&=15; r[8]&=252; r[11]&=15; r[12]&=252; r[15]&=15; int
* moffset = moff; while (n > 0) { for (j = 0; j < 17; j ++) c[j] = 0; for (j
* = 0;(j < 16) && (j < n);++j) c[j] = m[j+moffset] & 0xff; c[j] = 1; moffset
* += j; n -= j; add1305(h,c); for (i = 0; i < 17; i ++) { x[i] = 0; for (j =
* 0; j < 17; j ++) x[i] += h[j] * ((j <= i) ? r[i - j] : 320 * r[i + 17 -
* j]); for (j = 0; j < 17; j++) x[i] = (x[i] + (h[j] * ((j <= i) ? r[i - j] :
* ((320 * r[i + 17 - j])|0))) | 0) | 0; } for (i = 0; i < 17; i ++) h[i] =
* x[i]; u = 0; for (j = 0; j < 16; j ++) { u = (u + h[j]) | 0; h[j] = u &
* 255; u >>>= 8; } u = (u + h[16]) | 0; h[16] = u & 3; u = (5 * (u >>> 2)) |
* 0; for (j = 0; j < 16; j ++) { u = (u + h[j]) | 0; h[j] = u & 255; u >>>=
* 8; } u = (u + h[16]) | 0; h[16] = u; } for (j = 0; j < 17; j ++) g[j] =
* h[j]; add1305(h,minusp); s = (-(h[16] >>> 7) | 0); for (j = 0; j < 17; j
* ++) h[j] ^= s & (g[j] ^ h[j]); for (j = 0; j < 16; j ++) c[j] = k[j + 16] &
* 0xff; c[16] = 0; add1305(h,c); for (j = 0; j < 16; j ++) out[j+outoff] =
* (byte) (h[j]&0xff); return 0; }
* !!! Use TweetNaclFast.java onetimeauth function private static void add1305(int [] h,int [] c) { int j; int u = 0; for (j = 0; j
* < 17; j ++) { u = (u + ((h[j] + c[j]) | 0)) | 0; h[j] = u & 255; u >>>= 8; } } private static final int minusp[] = { 5, 0, 0, 0,
* 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 252 }; private static int crypto_onetimeauth( byte[] out,final int outoff,final int outlen,
* byte[] m,final int moff,final int mlen, long n, byte [] k) { int i,j; int s,u; int [] x = new int[17], r = new int [17], h = new
* int[17], c = new int [17], g = new int[17]; for (j = 0; j < 17; j ++) r[j] = h[j] = 0; for (j = 0; j < 16; j ++) r[j] = k[j] &
* 0xff; r[3]&=15; r[4]&=252; r[7]&=15; r[8]&=252; r[11]&=15; r[12]&=252; r[15]&=15; int moffset = moff; while (n > 0) { for (j = 0;
* j < 17; j ++) c[j] = 0; for (j = 0;(j < 16) && (j < n);++j) c[j] = m[j+moffset] & 0xff; c[j] = 1; moffset += j; n -= j;
* add1305(h,c); for (i = 0; i < 17; i ++) { x[i] = 0; for (j = 0; j < 17; j ++) x[i] += h[j] * ((j <= i) ? r[i - j] : 320 * r[i +
* 17 - j]); for (j = 0; j < 17; j++) x[i] = (x[i] + (h[j] * ((j <= i) ? r[i - j] : ((320 * r[i + 17 - j])|0))) | 0) | 0; } for (i =
* 0; i < 17; i ++) h[i] = x[i]; u = 0; for (j = 0; j < 16; j ++) { u = (u + h[j]) | 0; h[j] = u & 255; u >>>= 8; } u = (u + h[16])
* | 0; h[16] = u & 3; u = (5 * (u >>> 2)) | 0; for (j = 0; j < 16; j ++) { u = (u + h[j]) | 0; h[j] = u & 255; u >>>= 8; } u = (u +
* h[16]) | 0; h[16] = u; } for (j = 0; j < 17; j ++) g[j] = h[j]; add1305(h,minusp); s = (-(h[16] >>> 7) | 0); for (j = 0; j < 17;
* j ++) h[j] ^= s & (g[j] ^ h[j]); for (j = 0; j < 16; j ++) c[j] = k[j + 16] & 0xff; c[16] = 0; add1305(h,c); for (j = 0; j < 16;
* j ++) out[j+outoff] = (byte) (h[j]&0xff); return 0; }
*/

private static int cryptoOneTimeAuthVerify(final byte[] h, final int hoff, final int hlen, final byte[] m, final int moff, final int mlen, final int n, final byte[] k) {
Expand Down Expand Up @@ -813,7 +803,7 @@ public void cryptoSignKeyPair(final byte[] pk, final byte[] sk, final boolean se
}

// TBD... 64bits of n
private void cryptoSign(final byte[] sm, final long dummy /*smlen not used*/, final byte[] m, final int/* long*/ n, final byte[] sk) {
private void cryptoSign(final byte[] sm, final long dummy /* smlen not used */, final byte[] m, final int/* long */ n, final byte[] sk) {
final byte[] d = new byte[64];
final byte[] h = new byte[64];
final byte[] r = new byte[64];
Expand Down Expand Up @@ -910,7 +900,7 @@ int unpackneg(final long[][] r, final byte[] p) {

// TBD 64bits of mlen
@Override
int cryptoSignOpen(final byte[] m, final long dummy /*mlen not used*/, final byte[] sm, final int smoff, int/*long*/ n, final byte[] pk) {
int cryptoSignOpen(final byte[] m, final long dummy /* mlen not used */, final byte[] sm, final int smoff, int/* long */ n, final byte[] pk) {
final byte[] t = new byte[32];
final byte[] h = new byte[64];

Expand Down
Loading

0 comments on commit 44eeb2c

Please sign in to comment.