Source code

001/**
002 * Copyright 2005-2017 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.kuali.rice.ksb.security;
017
018import java.io.IOException;
019import java.io.InputStream;
020import java.security.GeneralSecurityException;
021import java.security.Signature;
022
023import javax.servlet.ServletInputStream;
024
025/**
026 * An InputStream which decorates another InputStream with a wrapper that verifies the digital signature
027 * of the data after the last piece of data is read.  The digital signature to verify against is
028 * passed into the constructor of this stream.
029 * 
030 * @author Kuali Rice Team (rice.collab@kuali.org)
031 */
032public class SignatureVerifyingInputStream extends ServletInputStream {
033
034        private byte[] digitalSignature;
035        private Signature signature;
036        private InputStream wrappedInputStream;
037        
038        public SignatureVerifyingInputStream(byte[] digitalSignature, Signature signature, InputStream wrappedInputStream) {
039                this.digitalSignature = digitalSignature;
040                this.signature = signature;
041                this.wrappedInputStream = wrappedInputStream;
042        }
043
044        @Override
045        public synchronized int read() throws IOException {
046                int data = this.wrappedInputStream.read();
047                try {
048                        if (data == -1) {
049                                verifySignature();
050                        } else {
051                            this.signature.update((byte)data);
052                        }
053                } catch (GeneralSecurityException e) {
054                        IOException exception = new IOException("Error processing digital signature.");
055                        exception.initCause(e);
056                        throw exception;
057                }
058                return data;
059        }
060        
061        protected void verifySignature() throws IOException, GeneralSecurityException {
062                boolean verifies = this.signature.verify(this.digitalSignature);
063                if (!verifies) {
064                        throw new IOException("The digital signature could not be successfully verified!");
065                }
066        }
067
068}