public boolean verifySignature(String text, String signature) throws AssociationException { if (DEBUG) _log.debug("Verifying signature: " + signature); // The Java String.equals() method returns on the first difference in // its inputs, which allows a timing attack to recover signature values. // This verification method will take the same amount of time for any // two inputs of equal length. String textSig = sign(text); if (textSig.length() == 0 || textSig.length() != signature.length()) { return false; } int result = 0; for (int i = 0; i < textSig.length(); i++) { result |= textSig.charAt(i) ^ signature.charAt(i); } return result == 0; } }
public boolean verifySignature(String text, String signature) throws AssociationException { if (DEBUG) _log.debug("Verifying signature: " + signature); // The Java String.equals() method returns on the first difference in // its inputs, which allows a timing attack to recover signature values. // This verification method will take the same amount of time for any // two inputs of equal length. String textSig = sign(text); if (textSig.length() == 0 || textSig.length() != signature.length()) { return false; } int result = 0; for (int i = 0; i < textSig.length(); i++) { result |= textSig.charAt(i) ^ signature.charAt(i); } return result == 0; } }
public boolean verifySignature(String text, String signature) throws AssociationException { if (DEBUG) _log.debug("Verifying signature: " + signature); // The Java String.equals() method returns on the first difference in // its inputs, which allows a timing attack to recover signature values. // This verification method will take the same amount of time for any // two inputs of equal length. String textSig = sign(text); if (textSig.length() == 0 || textSig.length() != signature.length()) { return false; } int result = 0; for (int i = 0; i < textSig.length(); i++) { result |= textSig.charAt(i) ^ signature.charAt(i); } return result == 0; } }
public String sign(String text) throws AssociationException { if (DEBUG) _log.debug("Computing signature for input data:\n" + text); try { String signature = new String(Base64.encodeBase64(sign(text.getBytes("utf-8"))), "utf-8"); if (DEBUG) _log.debug("Calculated signature: " + signature); return signature; } catch (UnsupportedEncodingException e) { throw new AssociationException("Unsupported encoding for signed text.", e); } }
public String sign(String text) throws AssociationException { if (DEBUG) { _log.debug("Computing signature for input data:\n" + text); } try { String signature = new String(Base64.encodeBase64(sign(text.getBytes("utf-8"))), "utf-8"); if (DEBUG) { _log.debug("Calculated signature: " + signature); } return signature; } catch (UnsupportedEncodingException e) { throw new AssociationException("Unsupported encoding for signed text.", e); } }
public boolean verifySignature(String text, String signature) throws AssociationException { if (DEBUG) { _log.debug("Verifying signature: " + signature); } // The Java String.equals() method returns on the first difference in // its inputs, which allows a timing attack to recover signature values. // This verification method will take the same amount of time for any // two inputs of equal length. String textSig = sign(text); if (textSig.length() == 0 || textSig.length() != signature.length()) { return false; } int result = 0; for (int i = 0; i < textSig.length(); i++) { result |= textSig.charAt(i) ^ signature.charAt(i); } return result == 0; } }
public String sign(String text) throws AssociationException { if (DEBUG) _log.debug("Computing signature for input data:\n" + text); try { String signature = new String(Base64.encodeBase64(sign(text.getBytes("utf-8"))), "utf-8"); if (DEBUG) _log.debug("Calculated signature: " + signature); return signature; } catch (UnsupportedEncodingException e) { throw new AssociationException("Unsupported encoding for signed text.", e); } }
public boolean verifySignature(String text, String signature) throws AssociationException { if (DEBUG) _log.debug("Verifying signature: " + signature); // The Java String.equals() method returns on the first difference in // its inputs, which allows a timing attack to recover signature values. // This verification method will take the same amount of time for any // two inputs of equal length. String textSig = sign(text); if (textSig.length() == 0 || textSig.length() != signature.length()) { return false; } int result = 0; for (int i = 0; i < textSig.length(); i++) { result |= textSig.charAt(i) ^ signature.charAt(i); } return result == 0; } }
public String sign(String text) throws AssociationException { if (DEBUG) _log.debug("Computing signature for input data:\n" + text); try { String signature = new String(Base64.encodeBase64(sign(text.getBytes("utf-8"))), "utf-8"); if (DEBUG) _log.debug("Calculated signature: " + signature); return signature; } catch (UnsupportedEncodingException e) { throw new AssociationException("Unsupported encoding for signed text.", e); } }
public String sign(String text) throws AssociationException { if (DEBUG) _log.debug("Computing signature for input data:\n" + text); try { String signature = new String(Base64.encodeBase64(sign(text.getBytes("utf-8"))), "utf-8"); if (DEBUG) _log.debug("Calculated signature: " + signature); return signature; } catch (UnsupportedEncodingException e) { throw new AssociationException("Unsupported encoding for signed text.", e); } }
/** * Signs an AuthSuccess message, using the association identified by the * handle specified within the message. * * @param authSuccess The Authentication Success message to be signed. * * @throws ServerException If the Association corresponding to the handle * in the @authSuccess cannot be retrieved from * the store. * @throws AssociationException If the signature cannot be computed. * */ public void sign(AuthSuccess authSuccess) throws ServerException, AssociationException { String handle = authSuccess.getHandle(); // try shared associations first, then private Association assoc = _sharedAssociations.load(handle); if (assoc == null) assoc = _privateAssociations.load(handle); if (assoc == null) throw new ServerException( "No association found for handle: " + handle); authSuccess.setSignature(assoc.sign(authSuccess.getSignedText())); }
/** * Signs an AuthSuccess message, using the association identified by the * handle specified within the message. * * @param authSuccess The Authentication Success message to be signed. * * @throws ServerException If the Association corresponding to the handle * in the @authSuccess cannot be retrieved from * the store. * @throws AssociationException If the signature cannot be computed. * */ public void sign(AuthSuccess authSuccess) throws ServerException, AssociationException { String handle = authSuccess.getHandle(); // try shared associations first, then private Association assoc = _sharedAssociations.load(handle); if (assoc == null) assoc = _privateAssociations.load(handle); if (assoc == null) throw new ServerException( "No association found for handle: " + handle); authSuccess.setSignature(assoc.sign(authSuccess.getSignedText())); }
/** * Signs an AuthSuccess message, using the association identified by the * handle specified within the message. * * @param authSuccess The Authentication Success message to be signed. * * @throws ServerException If the Association corresponding to the handle * in the @authSuccess cannot be retrieved from * the store. * @throws AssociationException If the signature cannot be computed. * */ public void sign(AuthSuccess authSuccess) throws ServerException, AssociationException { String handle = authSuccess.getHandle(); // try shared associations first, then private Association assoc = _sharedAssociations.load(handle); if (assoc == null) assoc = _privateAssociations.load(handle); if (assoc == null) throw new ServerException( "No association found for handle: " + handle); authSuccess.setSignature(assoc.sign(authSuccess.getSignedText())); }
public void sign(AuthSuccess authSuccess) throws ServerException, AssociationException { String handle = authSuccess.getHandle(); Association assoc = null; try { // First try in thread local assoc = getThreadLocalAssociation(); } finally { // Clear thread local clearThreadLocalAssociation(); } // try shared associations, then private if (assoc == null) { assoc = getSharedAssociations().load(handle); } if (assoc == null) { assoc = getPrivateAssociations().load(handle); } if (assoc == null) { throw new ServerException("No association found for handle: " + handle); } authSuccess.setSignature(assoc.sign(authSuccess.getSignedText())); }
public void sign(AuthSuccess authSuccess) throws ServerException, AssociationException { String handle = authSuccess.getHandle(); Association assoc = null; try { // First try in thread local assoc = getThreadLocalAssociation(); } finally { // Clear thread local clearThreadLocalAssociation(); } // try shared associations, then private if (assoc == null) { assoc = getSharedAssociations().load(handle); } if (assoc == null) { assoc = getPrivateAssociations().load(handle); } if (assoc == null) { throw new ServerException("No association found for handle: " + handle); } authSuccess.setSignature(assoc.sign(authSuccess.getSignedText())); }
protected AuthSuccess(String opEndpoint, String claimedId, String delegate, boolean compatibility, String returnTo, String nonce, String invalidateHandle, Association assoc, boolean signNow) throws AssociationException { if (! compatibility) { set("openid.ns", OPENID2_NS); setOpEndpoint(opEndpoint); setClaimed(claimedId); setNonce(nonce); } set("openid.mode", MODE_IDRES); setIdentity(delegate); setReturnTo(returnTo); if (invalidateHandle != null) setInvalidateHandle(invalidateHandle); setHandle(assoc.getHandle()); buildSignedList(); setSignature(signNow ? assoc.sign(getSignedText()) : ""); }
protected AuthSuccess(String opEndpoint, String claimedId, String delegate, boolean compatibility, String returnTo, String nonce, String invalidateHandle, Association assoc, boolean signNow) throws AssociationException { if (!compatibility) { set("openid.ns", OPENID2_NS); setOpEndpoint(opEndpoint); setClaimed(claimedId); setNonce(nonce); } set("openid.mode", MODE_IDRES); setIdentity(delegate); setReturnTo(returnTo); if (invalidateHandle != null) { setInvalidateHandle(invalidateHandle); } setHandle(assoc.getHandle()); buildSignedList(); setSignature(signNow ? assoc.sign(getSignedText()) : ""); }
protected AuthSuccess(String opEndpoint, String claimedId, String delegate, boolean compatibility, String returnTo, String nonce, String invalidateHandle, Association assoc, boolean signNow) throws AssociationException { if (! compatibility) { set("openid.ns", OPENID2_NS); setOpEndpoint(opEndpoint); setClaimed(claimedId); setNonce(nonce); } set("openid.mode", MODE_IDRES); setIdentity(delegate); setReturnTo(returnTo); if (invalidateHandle != null) setInvalidateHandle(invalidateHandle); setHandle(assoc.getHandle()); buildSignedList(); setSignature(signNow ? assoc.sign(getSignedText()) : ""); }
protected AuthSuccess(String opEndpoint, String claimedId, String delegate, boolean compatibility, String returnTo, String nonce, String invalidateHandle, Association assoc, boolean signNow) throws AssociationException { if (! compatibility) { set("openid.ns", OPENID2_NS); setOpEndpoint(opEndpoint); setClaimed(claimedId); setNonce(nonce); } set("openid.mode", MODE_IDRES); setIdentity(delegate); setReturnTo(returnTo); if (invalidateHandle != null) setInvalidateHandle(invalidateHandle); setHandle(assoc.getHandle()); buildSignedList(); setSignature(signNow ? assoc.sign(getSignedText()) : ""); }
protected AuthSuccess(String opEndpoint, String claimedId, String delegate, boolean compatibility, String returnTo, String nonce, String invalidateHandle, Association assoc, boolean signNow) throws AssociationException { if (! compatibility) { set("openid.ns", OPENID2_NS); setOpEndpoint(opEndpoint); setClaimed(claimedId); setNonce(nonce); } set("openid.mode", MODE_IDRES); setIdentity(delegate); setReturnTo(returnTo); if (invalidateHandle != null) setInvalidateHandle(invalidateHandle); setHandle(assoc.getHandle()); buildSignedList(); setSignature(signNow ? assoc.sign(getSignedText()) : ""); }