Binder getToken(Binder data) {
byte[] signedAnswer = data.getBinaryOrThrow("data");
try {
if (publicKey.verify(signedAnswer, data.getBinaryOrThrow("signature"), HashType.SHA512)) {
Binder params = Boss.unpack(signedAnswer);
if (!Arrays.equals(params.getBinaryOrThrow("server_nonce"), serverNonce))
addError(Errors.BAD_VALUE, "server_nonce", "does not match");
else {
createSessionKey();
Binder result = Binder.fromKeysValues(
"client_nonce", params.getBinaryOrThrow("client_nonce"),
"encrypted_token", encryptedAnswer
);
byte[] packed = Boss.pack(result);
return Binder.fromKeysValues(
"data", packed,
"signature", myKey.sign(packed, HashType.SHA512)
);
}
}
} catch (Exception e) {
addError(Errors.BAD_VALUE, "signed_data", "wrong or tampered data block:" + e.getMessage());
}
return null;
}