Refactor GeneXusCryptography Module (#80)

* Refactor GeneXusCryptography Module
issue#96965

* Hexadecimal output to upper case

* Hash results to uppercase

Author: sgrampone

GeneXusCryptography/src/main/java/com/genexus/cryptography/asymmetric/AsymmetricSigner.java

@@ -32,25 +32,15 @@ public AsymmetricSigner() {
 
 	@Override
 	public String doSign(PrivateKeyManager key, String hashAlgorithm, String plainText) {
-		/******** INPUT VERIFICATION - BEGIN ********/
-		if(key == null)
-		{
-			error.setError("AE001", "Private key cannot be null");
-			return "";
-		}
-		if(hashAlgorithm == null || hashAlgorithm.length() == 0 || SecurityUtils.compareStrings("", hashAlgorithm))
-		{
-			error.setError("AE002", "HashAlgorithm cannot be empty value; use HashAlgorithm domain");
-			return "";
-		}
-		if(plainText == null || plainText.length() == 0 || SecurityUtils.compareStrings("", plainText))
-		{
-			error.setError("AE003", "The plainText value to sign cannot be empty");
-			return "";
-		}
-		/******** INPUT VERIFICATION - END ********/
-		
+		this.error.cleanError();
 
+		/*******INPUT VERIFICATION - BEGIN*******/
+		SecurityUtils.validateObjectInput("key", key, this.error);
+		SecurityUtils.validateStringInput("hashAlgorithm", hashAlgorithm, this.error);
+		SecurityUtils.validateStringInput("plainText", plainText, this.error);
+		if(this.hasError()) { return "";};
+		/*******INPUT VERIFICATION - END*******/
+
 		EncodingUtil eu = new EncodingUtil();
 		byte[] inputText = eu.getBytes(plainText);
 		if (eu.hasError()) {
@@ -63,30 +53,21 @@ public String doSign(PrivateKeyManager key, String hashAlgorithm, String plainTe
 			result = sign(key, hashAlgorithm, inputStream);
 		}catch(Exception e)
 		{
-			error.setError("AE004", e.getMessage());
+			error.setError("AS001", e.getMessage());
 		}
 		return result;
 	}
 
 	@Override
 	public String doSignFile(PrivateKeyManager key, String hashAlgorithm, String path) {
-		/******** INPUT VERIFICATION - BEGIN ********/
-		if(key == null)
-		{
-			error.setError("AE005", "Private key cannot be null");
-			return "";
-		}
-		if(hashAlgorithm == null || hashAlgorithm.length() == 0 || SecurityUtils.compareStrings("", hashAlgorithm))
-		{
-			error.setError("AE006", "HashAlgorithm cannot be empty value; use HashAlgorithm domain");
-			return "";
-		}
-		if(path == null || path.length() == 0 || SecurityUtils.compareStrings("", path))
-		{
-			error.setError("AE007", "The path value of the file to sign cannot be empty");
-			return "";
-		}
-		/******** INPUT VERIFICATION - END ********/
+		this.error.cleanError();
+
+		/*******INPUT VERIFICATION - BEGIN*******/
+		SecurityUtils.validateObjectInput("key", key, this.error);
+		SecurityUtils.validateStringInput("hashAlgorithm", hashAlgorithm, this.error);
+		SecurityUtils.validateStringInput("path", path,  this.error);
+		if(this.hasError()) { return "";} 
+		/*******INPUT VERIFICATION - END*******/
 
 		String result = "";
 		try(InputStream input = SecurityUtils.getFileStream(path, this.error))
@@ -98,32 +79,22 @@ public String doSignFile(PrivateKeyManager key, String hashAlgorithm, String pat
 			result = sign(key, hashAlgorithm, input);
 		}catch(Exception e)
 		{
-			error.setError("AE008", e.getMessage());
+			error.setError("AS002", e.getMessage());
 		}
 		return result;
 	}
 
 	@Override
 	public boolean doVerify(CertificateX509 cert, String plainText, String signature) {
-		/******** INPUT VERIFICATION - BEGIN ********/
-		if(cert == null)
-		{
-			error.setError("AE009", "Certificate cannot be null");
-			return false;
-		}
-		if(plainText == null || plainText.length() == 0 || SecurityUtils.compareStrings("", plainText))
-		{
-			error.setError("AE010", "The plainText value to verify cannot be empty");
-			return false;
-		}
-		if(signature == null || signature.length() == 0 || SecurityUtils.compareStrings("", signature))
-		{
-			error.setError("AE011", "The signature value to verify cannot be empty");
-			return false;
-		}
-		/******** INPUT VERIFICATION - END ********/
-		
+		this.error.cleanError();
 
+		/*******INPUT VERIFICATION - BEGIN*******/
+		SecurityUtils.validateObjectInput("cert", cert, this.error);
+		SecurityUtils.validateStringInput("plainText", plainText, this.error);
+		SecurityUtils.validateStringInput("signature", signature,  this.error);
+		if(this.hasError()) { return false;} 
+		/*******INPUT VERIFICATION - END*******/
+				
 		EncodingUtil eu = new EncodingUtil();
 		byte[] inputText = eu.getBytes(plainText);
 		if (eu.hasError()) {
@@ -136,30 +107,21 @@ public boolean doVerify(CertificateX509 cert, String plainText, String signature
 			result = verify(cert, inputStream, signature);
 		}catch(Exception e)
 		{
-			error.setError("AE012", e.getMessage() );
+			error.setError("AS003", e.getMessage() );
 		}
 		return result;
 	}
 
 	@Override
 	public boolean doVerifyFile(CertificateX509 cert, String path, String signature) {
-		/******** INPUT VERIFICATION - BEGIN ********/
-		if(cert == null)
-		{
-			error.setError("AE013", "Certificate cannot be null");
-			return false;
-		}
-		if(path == null || path.length() == 0 || SecurityUtils.compareStrings("", path))
-		{
-			error.setError("AE014", "The path value of the faile to verify cannot be empty");
-			return false;
-		}
-		if(signature == null || signature.length() == 0 || SecurityUtils.compareStrings("", signature))
-		{
-			error.setError("AE015", "The signature value to verify cannot be empty");
-			return false;
-		}
-		/******** INPUT VERIFICATION - END ********/
+		this.error.cleanError();
+
+		/*******INPUT VERIFICATION - BEGIN*******/
+		SecurityUtils.validateObjectInput("cert", cert, this.error);
+		SecurityUtils.validateStringInput("path", path, this.error);
+		SecurityUtils.validateStringInput("signature", signature,  this.error);
+		if(this.hasError()) { return false;} 
+		/*******INPUT VERIFICATION - END*******/
 
 		boolean result = false;
 		try(InputStream input = SecurityUtils.getFileStream(path, this.error))
@@ -170,13 +132,13 @@ public boolean doVerifyFile(CertificateX509 cert, String path, String signature)
 			result = verify(cert, input, signature);
 		}catch(Exception e)
 		{
-			error.setError("AE016", e.getMessage());
+			error.setError("AS004", e.getMessage());
 		}
 		return result;
 	}
 
 	/******** EXTERNAL OBJECT PUBLIC METHODS - END ********/
-
+	
 	private String sign(PrivateKey key, String hashAlgorithm, InputStream input) {
 		PrivateKeyManager keyMan = (PrivateKeyManager) key;
 		if (keyMan.hasError()) {
@@ -195,14 +157,14 @@ private String sign(PrivateKey key, String hashAlgorithm, InputStream input) {
 		try {
 			outputBytes = signer.generateSignature();
 		} catch (Exception e) {
-			error.setError("AE01", e.getMessage());
+			error.setError("AS005", e.getMessage());
 			return "";
 		}
 		String result = "";
 		try {
 			result = Base64.toBase64String(outputBytes);
 		} catch (Exception e) {
-			error.setError("AE018", e.getMessage());
+			error.setError("AS006", e.getMessage());
 			return "";
 		}
 		return result;
@@ -232,19 +194,14 @@ private boolean verify(Certificate certificate, InputStream input, String signat
 		try {
 			signatureBytes = Base64.decode(signature);
 		} catch (Exception e) {
-			error.setError("AE019", e.getMessage());
-			return false;
-		}
-
-		if (signatureBytes == null || signatureBytes.length == 0) {
-			this.error.setError("AE020", "Error reading signature");
+			error.setError("AS007", e.getMessage());
 			return false;
 		}
 		boolean result = false;
 		try {
 			result = signer.verifySignature(signatureBytes);
 		} catch (Exception e) {
-			error.setError("AE021", e.getMessage());
+			error.setError("AS008", e.getMessage());
 			return false;
 		}
 		return result;
@@ -256,7 +213,7 @@ private void setUpSigner(Signer signer, InputStream input, AsymmetricKeyParamete
 		try {
 			signer.init(toSign, asymmetricKeyParameter);
 		} catch (Exception e) {
-			error.setError("AE022", e.getMessage());
+			error.setError("AS009", e.getMessage());
 			return;
 		}
 		byte[] buffer = new byte[8192];
@@ -266,7 +223,7 @@ private void setUpSigner(Signer signer, InputStream input, AsymmetricKeyParamete
 				signer.update(buffer, 0, n);
 			}
 		} catch (Exception e) {
-			error.setError("AE023", e.getMessage());
+			error.setError("AS010", e.getMessage());
 			return;
 		}
 	}

GeneXusCryptography/src/main/java/com/genexus/cryptography/checksum/ChecksumCreator.java

@@ -1,5 +1,10 @@
 package com.genexus.cryptography.checksum;
 
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+
+import org.bouncycastle.util.encoders.Hex;
+
 import com.genexus.cryptography.checksum.utils.CRCParameters;
 import com.genexus.cryptography.checksum.utils.ChecksumAlgorithm;
 import com.genexus.cryptography.checksum.utils.ChecksumInputType;
@@ -17,6 +22,15 @@ public ChecksumCreator() {
 	/********EXTERNAL OBJECT PUBLIC METHODS  - BEGIN ********/
 
 	public String generateChecksum(String input, String inputType, String checksumAlgorithm) {
+		this.error.cleanError();
+		
+		/*******INPUT VERIFICATION - BEGIN*******/
+		SecurityUtils.validateStringInput("input", input, this.error);
+		SecurityUtils.validateStringInput("inputType", inputType, this.error);
+		SecurityUtils.validateStringInput("checksumAlgorithm", checksumAlgorithm, this.error);
+		if(this.hasError()) { return "";};
+		/*******INPUT VERIFICATION - END*******/
+		
 		ChecksumInputType chksumInputType = ChecksumInputType.getChecksumInputType(inputType, this.error);
 		byte[] inputBytes = ChecksumInputType.getBytes(chksumInputType, input, this.error);
 		if (this.hasError()) {
@@ -32,6 +46,16 @@ public String generateChecksum(String input, String inputType, String checksumAl
 
 	public boolean verifyChecksum(String input, String inputType, String checksumAlgorithm, String digest)
 	{
+		this.error.cleanError();
+		
+		/*******INPUT VERIFICATION - BEGIN*******/
+		SecurityUtils.validateStringInput("input", input, this.error);
+		SecurityUtils.validateStringInput("inputType", inputType, this.error);
+		SecurityUtils.validateStringInput("checksumAlgorithm", checksumAlgorithm, this.error);
+		SecurityUtils.validateStringInput("digest", digest, this.error);
+		if(this.hasError()) { return false;};	
+		/*******INPUT VERIFICATION - END*******/
+		
 		String result = generateChecksum(input,  inputType,  checksumAlgorithm);
 		if(SecurityUtils.compareStrings(result, "") || this.hasError())
 		{
@@ -71,38 +95,24 @@ private String calculateHash(byte[] input, ChecksumAlgorithm checksumAlgorithm)
 			return "";
 		}
 		Hashing hash = new Hashing();
-		byte[] digest = hash.calculateHash(alg, input);
+		byte[] digest = null;
+		try (InputStream inputStream = new ByteArrayInputStream(input)) {
+			digest = hash.calculateHash(alg, inputStream);
+		} catch (Exception e) {
+			error.setError("CH001", e.getMessage());
+			return "";
+		}		
 		if (hash.hasError()) {
 			this.error = hash.getError();
 			return "";
 		}
-		return toHexaString(digest);
+		return Hex.toHexString(digest);
 	}
 
 	private HashAlgorithm getHashAlgorithm(ChecksumAlgorithm checksumAlgorithm) {
 		return HashAlgorithm.getHashAlgorithm(ChecksumAlgorithm.valueOf(checksumAlgorithm, this.error), this.error);
 	}
 
-	private String toHexaString(byte[] digest) {
-
-		if (this.error.existsError()) {
-			return "";
-		}
-
-		StringBuilder sb = new StringBuilder();
-		for (byte b : digest) {
-			sb.append(String.format("%02X ", b));
-		}
-		String result = sb.toString().replaceAll("\\s", "");
-		if (result == null || result.length() == 0) {
-			this.error.setError("HS001", "Error encoding hexa");
-			return "";
-		}
-		
-		return result.trim().toUpperCase();
-
-	}
-
 	private long calculateCRC(byte[] input, CRCParameters parms) {
 
 		long curValue = parms.getInit();

GeneXusCryptography/src/main/java/com/genexus/cryptography/checksum/utils/ChecksumAlgorithm.java

@@ -9,9 +9,15 @@ public enum ChecksumAlgorithm {
 	CRC16_DECT_X, CRC16_DNP, CRC16_EN_13757, CRC16_GENIBUS, CRC16_MAXIM, CRC16_MCRF4XX, CRC16_RIELLO, CRC16_T10_DIF,
 	CRC16_TELEDISK, CRC16_TMS_37157, CRC16_USB, CRC_A, CRC16_KERMIT, CRC16_MODBUS, CRC16_X_25, CRC16_XMODEM, CRC32,
 	CRC32_BZIP2, CRC32C, CRC32D, CRC32_MPEG_2, CRC32_POSIX, CRC32Q, CRC32_JAMCRC, CRC32_XFER, MD5, SHA1, SHA256,
-	SHA512,;
+	SHA512,NONE;
 
 	public static ChecksumAlgorithm getChecksumAlgorithm(String checksumAlgorithm, Error error) {
+		if(error == null) return ChecksumAlgorithm.NONE;
+		if (checksumAlgorithm == null)
+		{
+			error.setError("CHA04", "Unrecognized checksum algorithm");
+			return ChecksumAlgorithm.NONE;
+		}
 		switch (checksumAlgorithm.toUpperCase().trim()) {
 		case "CRC8":
 			return ChecksumAlgorithm.CRC8;
@@ -106,12 +112,13 @@ public static ChecksumAlgorithm getChecksumAlgorithm(String checksumAlgorithm, E
 		case "SHA512":
 			return ChecksumAlgorithm.SHA512;
 		default:
-			error.setError("CA001", "Unrecognized checksum algorithm");
+			error.setError("CHA01", "Unrecognized checksum algorithm");
 			return null;
 		}
 	}
 
 	public static String valueOf(ChecksumAlgorithm checksumAlgorithm, Error error) {
+		if (error == null) return null;
 		switch (checksumAlgorithm) {
 		case CRC8:
 			return "CRC8";
@@ -206,7 +213,7 @@ public static String valueOf(ChecksumAlgorithm checksumAlgorithm, Error error) {
 		case SHA512:
 			return "SHA512";
 		default:
-			error.setError("CA002", "Unrecognized checksum algorithm");
+			error.setError("CHA02", "Unrecognized checksum algorithm");
 			return null; 
 		}
 	}
@@ -227,6 +234,7 @@ public static boolean isHash(ChecksumAlgorithm checksumAlgorithm)
 
 	public static CRCParameters getParameters(ChecksumAlgorithm checksumAlgorithm, Error error)
 	{
+		if (error == null) return new CRCParameters(0, 0x00, 0x00, false, false, 0x00);
 		switch (checksumAlgorithm) {
 		case CRC8:
 			return new CRCParameters(8, 0x07, 0x00, false, false, 0x00);
@@ -313,7 +321,7 @@ public static CRCParameters getParameters(ChecksumAlgorithm checksumAlgorithm, E
 		case CRC32_XFER:
 			return new CRCParameters(32, 0x000000AF, 0x00000000, false, false, 0x0000000);
 		default:
-			error.setError("CA004", "Unrecognized checksum algorithm");
+			error.setError("CHA03", "Unrecognized checksum algorithm");
 			return null;
 		}
 	}