forked from TrueCloudLab/frostfs-sdk-java
[#1] Add additional security
Signed-off-by: Ori Bruk <o.bruk@yadro.com>
This commit is contained in:
parent
bf2f19f08d
commit
1be65c63ae
62 changed files with 670 additions and 281 deletions
|
|
@ -1,5 +1,6 @@
|
|||
package info.frostfs.sdk;
|
||||
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.bouncycastle.asn1.sec.SECNamedCurves;
|
||||
import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
|
||||
import org.bouncycastle.asn1.x9.X9ECParameters;
|
||||
|
|
@ -25,19 +26,23 @@ import java.util.Arrays;
|
|||
|
||||
import static info.frostfs.sdk.Helper.getRIPEMD160;
|
||||
import static info.frostfs.sdk.Helper.getSha256;
|
||||
import static java.util.Objects.isNull;
|
||||
import static org.bouncycastle.util.BigIntegers.fromUnsignedByteArray;
|
||||
|
||||
public class KeyExtension {
|
||||
public static final byte NEO_ADDRESS_VERSION = 0x35;
|
||||
private static final int DECODE_ADDRESS_LENGTH = 21;
|
||||
private static final int COMPRESSED_PUBLIC_KEY_LENGTH = 33;
|
||||
private static final int UNCOMPRESSED_PUBLIC_KEY_LENGTH = 65;
|
||||
|
||||
private static final int CHECK_SIG_DESCRIPTOR = ByteBuffer
|
||||
.wrap(getSha256("System.Crypto.CheckSig".getBytes(StandardCharsets.US_ASCII)))
|
||||
.order(ByteOrder.LITTLE_ENDIAN).getInt();
|
||||
|
||||
private KeyExtension() {
|
||||
}
|
||||
|
||||
public static byte[] compress(byte[] publicKey) {
|
||||
checkInputValue(publicKey);
|
||||
if (publicKey.length != UNCOMPRESSED_PUBLIC_KEY_LENGTH) {
|
||||
throw new IllegalArgumentException(
|
||||
String.format("Compress argument isn't uncompressed public key. Expected length=%s, actual=%s",
|
||||
|
|
@ -51,11 +56,17 @@ public class KeyExtension {
|
|||
}
|
||||
|
||||
public static byte[] getPrivateKeyFromWIF(String wif) {
|
||||
if (StringUtils.isEmpty(wif)) {
|
||||
throw new IllegalArgumentException("Input value is missing");
|
||||
}
|
||||
|
||||
var data = Base58.base58CheckDecode(wif);
|
||||
return Arrays.copyOfRange(data, 1, data.length - 1);
|
||||
}
|
||||
|
||||
public static byte[] loadPublicKey(byte[] privateKey) {
|
||||
checkInputValue(privateKey);
|
||||
|
||||
X9ECParameters params = SECNamedCurves.getByOID(SECObjectIdentifiers.secp256r1);
|
||||
ECDomainParameters domain = new ECDomainParameters(
|
||||
params.getCurve(), params.getG(), params.getN(), params.getH()
|
||||
|
|
@ -66,6 +77,8 @@ public class KeyExtension {
|
|||
}
|
||||
|
||||
public static PrivateKey loadPrivateKey(byte[] privateKey) {
|
||||
checkInputValue(privateKey);
|
||||
|
||||
X9ECParameters params = SECNamedCurves.getByOID(SECObjectIdentifiers.secp256r1);
|
||||
ECDomainParameters domain = new ECDomainParameters(
|
||||
params.getCurve(), params.getG(), params.getN(), params.getH()
|
||||
|
|
@ -85,6 +98,8 @@ public class KeyExtension {
|
|||
}
|
||||
|
||||
public static PublicKey getPublicKeyFromBytes(byte[] publicKey) {
|
||||
checkInputValue(publicKey);
|
||||
|
||||
if (publicKey.length != COMPRESSED_PUBLIC_KEY_LENGTH) {
|
||||
throw new IllegalArgumentException(
|
||||
String.format("Decompress argument isn't compressed public key. Expected length=%s, actual=%s",
|
||||
|
|
@ -116,12 +131,14 @@ public class KeyExtension {
|
|||
}
|
||||
|
||||
public static byte[] getScriptHash(byte[] publicKey) {
|
||||
var script = createSignatureRedeemScript(publicKey);
|
||||
checkInputValue(publicKey);
|
||||
|
||||
var script = createSignatureRedeemScript(publicKey);
|
||||
return getRIPEMD160(getSha256(script));
|
||||
}
|
||||
|
||||
public static String publicKeyToAddress(byte[] publicKey) {
|
||||
checkInputValue(publicKey);
|
||||
if (publicKey.length != COMPRESSED_PUBLIC_KEY_LENGTH) {
|
||||
throw new IllegalArgumentException(
|
||||
String.format("PublicKey isn't encoded compressed public key. Expected length=%s, actual=%s",
|
||||
|
|
@ -133,7 +150,8 @@ public class KeyExtension {
|
|||
}
|
||||
|
||||
private static String toAddress(byte[] scriptHash, byte version) {
|
||||
byte[] data = new byte[21];
|
||||
checkInputValue(scriptHash);
|
||||
byte[] data = new byte[DECODE_ADDRESS_LENGTH];
|
||||
data[0] = version;
|
||||
System.arraycopy(scriptHash, 0, data, 1, scriptHash.length);
|
||||
return Base58.base58CheckEncode(data);
|
||||
|
|
@ -150,6 +168,7 @@ public class KeyExtension {
|
|||
}
|
||||
|
||||
private static byte[] createSignatureRedeemScript(byte[] publicKey) {
|
||||
checkInputValue(publicKey);
|
||||
if (publicKey.length != COMPRESSED_PUBLIC_KEY_LENGTH) {
|
||||
throw new IllegalArgumentException(
|
||||
String.format("PublicKey isn't encoded compressed public key. Expected length=%s, actual=%s",
|
||||
|
|
@ -164,4 +183,10 @@ public class KeyExtension {
|
|||
script = ArrayHelper.concat(script, getBytes(CHECK_SIG_DESCRIPTOR)); //Neo_Crypto_CheckSig
|
||||
return script;
|
||||
}
|
||||
|
||||
private static void checkInputValue(byte[] data) {
|
||||
if (isNull(data)) {
|
||||
throw new IllegalArgumentException("Input value is missing");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue