Home | History | Annotate | Download | only in server 
      1 /*
      2  * Copyright (C) 2015 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License
     15  */
     16 
     17 package com.example.android.asymmetricfingerprintdialog.server;
     18 
     19 
     20 import java.security.InvalidKeyException;
     21 import java.security.NoSuchAlgorithmException;
     22 import java.security.PublicKey;
     23 import java.security.Signature;
     24 import java.security.SignatureException;
     25 import java.util.HashMap;
     26 import java.util.HashSet;
     27 import java.util.Map;
     28 import java.util.Set;
     29 
     30 /**
     31  * A fake backend implementation of {@link StoreBackend}.
     32  */
     33 public class StoreBackendImpl implements StoreBackend {
     34 
     35     private final Map<String, PublicKey> mPublicKeys = new HashMap<>();
     36     private final Set<Transaction> mReceivedTransactions = new HashSet<>();
     37 
     38     @Override
     39     public boolean verify(Transaction transaction, byte[] transactionSignature) {
     40         try {
     41             if (mReceivedTransactions.contains(transaction)) {
     42                 // It verifies the equality of the transaction including the client nonce
     43                 // So attackers can't do replay attacks.
     44                 return false;
     45             }
     46             mReceivedTransactions.add(transaction);
     47             PublicKey publicKey = mPublicKeys.get(transaction.getUserId());
     48             Signature verificationFunction = Signature.getInstance("SHA256withECDSA");
     49             verificationFunction.initVerify(publicKey);
     50             verificationFunction.update(transaction.toByteArray());
     51             if (verificationFunction.verify(transactionSignature)) {
     52                 // Transaction is verified with the public key associated with the user
     53                 // Do some post purchase processing in the server
     54                 return true;
     55             }
     56         } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) {
     57             // In a real world, better to send some error message to the user
     58         }
     59         return false;
     60     }
     61 
     62     @Override
     63     public boolean verify(Transaction transaction, String password) {
     64         // As this is just a sample, we always assume that the password is right.
     65         return true;
     66     }
     67 
     68     @Override
     69     public boolean enroll(String userId, String password, PublicKey publicKey) {
     70         if (publicKey != null) {
     71             mPublicKeys.put(userId, publicKey);
     72         }
     73         // We just ignore the provided password here, but in real life, it is registered to the
     74         // backend.
     75         return true;
     76     }
     77 }
     78