use different values for nonce and transaction key

Author: uwemaurer

src/main/java/org/kopi/ebics/utils/Utils.java

@@ -122,10 +122,17 @@ public static byte[] zip(byte[] toZip) throws EbicsException {
    * @throws EbicsException nonce generation fails.
    */
   public static byte[] generateNonce() throws EbicsException {
-    SecureRandom 		secureRandom;
+    try {
+      SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
+      return secureRandom.generateSeed(16);
+    } catch (NoSuchAlgorithmException e) {
+      throw new EbicsException(e.getMessage());
+    }
+  }
 
+  public static byte[] generateKey() throws EbicsException {
     try {
-      secureRandom = SecureRandom.getInstance("SHA1PRNG");
+      SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
       return secureRandom.generateSeed(16);
     } catch (NoSuchAlgorithmException e) {
       throw new EbicsException(e.getMessage());
@@ -135,7 +142,7 @@ public static byte[] generateNonce() throws EbicsException {
   /**
    * Uncompresses a given byte array input.
    * 
-   * <p>The Decompression is ensured via Universal compression 
+   * The Decompression is ensured via Universal compression
    * algorithm (RFC 1950, RFC 1951) As specified in the EBICS 
    * specification (16 Appendix: Standards and references)
    * 

src/main/java/org/kopi/ebics/xml/EbicsXmlFactory.java

@@ -864,7 +864,6 @@ public static StaticHeaderType createStaticHeaderType(String hostId,
    * Creates a new <code>StaticHeaderType</code> XML object
    * @param hostId the host ID
    * @param nonce the random nonce
-   * @param numSegments the segments number
    * @param partnerId the partner ID
    * @param product the <code>Product</code> element
    * @param securityMedium the security medium
@@ -989,7 +988,6 @@ public static FDLOrderParamsType createFDLOrderParamsType(FileFormatType fileFor
 
   /**
    * Creates a new <code>StandardOrderParamsType</code> XML object
-   * @param fileFormat the <code>FileFormatType</code> element
    * @return the <code>StandardOrderParamsType</code> XML object
    */
   public static StandardOrderParamsType createStandardOrderParamsType() {

src/main/java/org/kopi/ebics/xml/InitializationRequestElement.java

@@ -24,6 +24,7 @@
 import java.security.NoSuchProviderException;
 
 import javax.crypto.Cipher;
+import javax.crypto.spec.SecretKeySpec;
 
 import org.apache.commons.codec.DecoderException;
 import org.apache.commons.codec.binary.Hex;
@@ -61,6 +62,8 @@ public InitializationRequestElement(EbicsSession session,
     this.type = type;
     this.name = name;
     nonce = Utils.generateNonce();
+    key = Utils.generateKey();
+    keySpec = new SecretKeySpec(key, "EAS");
   }
 
   @Override
@@ -96,9 +99,7 @@ public byte[] getDigest() throws EbicsException {
 
     try {
       return MessageDigest.getInstance("SHA-256", "BC").digest(Utils.canonize(toByteArray()));
-    } catch (NoSuchAlgorithmException e) {
-      throw new EbicsException(e.getMessage());
-    } catch (NoSuchProviderException e) {
+    } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
       throw new EbicsException(e.getMessage());
     }
   }
@@ -135,12 +136,10 @@ protected byte[] decodeHex(byte[] hex) throws EbicsException {
    */
   protected byte[] generateTransactionKey() throws EbicsException {
     try {
-      Cipher			cipher;
-
-      cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding", BouncyCastleProvider.PROVIDER_NAME);
+      Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding", BouncyCastleProvider.PROVIDER_NAME);
       cipher.init(Cipher.ENCRYPT_MODE, session.getBankE002Key());
 
-      return cipher.doFinal(nonce);
+      return cipher.doFinal(key);
     } catch (Exception e) {
       throw new EbicsException(e.getMessage());
     }
@@ -157,8 +156,10 @@ protected byte[] generateTransactionKey() throws EbicsException {
   // DATA MEMBERS
   // --------------------------------------------------------------------
 
-  private String			name;
+  private final String name;
   protected EbicsOrderType type;
-  protected byte[]			nonce;
-  private static final long 		serialVersionUID = 8983807819242699280L;
+  protected final byte[] nonce;
+  private final byte[] key;
+  protected final SecretKeySpec keySpec;
+  private static final long serialVersionUID = 8983807819242699280L;
 }

src/main/java/org/kopi/ebics/xml/SPRRequestElement.java

@@ -21,8 +21,6 @@
 
 import java.util.Calendar;
 
-import javax.crypto.spec.SecretKeySpec;
-
 import org.kopi.ebics.exception.EbicsException;
 import org.kopi.ebics.schema.h003.DataEncryptionInfoType.EncryptionPubKeyDigest;
 import org.kopi.ebics.schema.h003.DataTransferRequestType;
@@ -60,7 +58,6 @@ public class SPRRequestElement extends InitializationRequestElement {
    */
   public SPRRequestElement(EbicsSession session) throws EbicsException {
     super(session, org.kopi.ebics.session.OrderType.SPR, "SPRRequest.xml");
-    keySpec = new SecretKeySpec(nonce, "EAS");
   }
 
   @Override
@@ -136,6 +133,5 @@ public void buildInitialization() throws EbicsException {
   // DATA MEMBERS
   // --------------------------------------------------------------------
 
-  private SecretKeySpec			keySpec;
   private static final long 		serialVersionUID = -6742241777786111337L;
 }

src/main/java/org/kopi/ebics/xml/UploadInitializationRequestElement.java

@@ -23,8 +23,6 @@
 import java.util.Calendar;
 import java.util.List;
 
-import javax.crypto.spec.SecretKeySpec;
-
 import org.kopi.ebics.exception.EbicsException;
 import org.kopi.ebics.interfaces.ContentFactory;
 import org.kopi.ebics.interfaces.EbicsOrderType;
@@ -78,7 +76,6 @@ public UploadInitializationRequestElement(EbicsSession session,
   {
     super(session, orderType, generateName(orderType));
     this.userData = userData;
-    keySpec = new SecretKeySpec(nonce, "EAS");
     splitter = new Splitter(userData);
     this.orderAttribute = orderAttribute;
   }
@@ -130,13 +127,13 @@ public void buildInitialization() throws EbicsException {
         FULOrderParamsType fULOrderParams = EbicsXmlFactory.createFULOrderParamsType(fileFormat);
 
         List<Parameter> parameters = new ArrayList<>();
-        if (Boolean.valueOf(session.getSessionParam("TEST")).booleanValue()) {
+        if (Boolean.parseBoolean(session.getSessionParam("TEST"))) {
           Value value = EbicsXmlFactory.createValue("String", "TRUE");
           Parameter parameter = EbicsXmlFactory.createParameter("TEST", value);
           parameters.add(parameter);
         }
 
-        if (Boolean.valueOf(session.getSessionParam("EBCDIC")).booleanValue()) {
+        if (Boolean.parseBoolean(session.getSessionParam("EBCDIC"))) {
           Value value = EbicsXmlFactory.createValue("String", "TRUE");
           Parameter parameter = EbicsXmlFactory.createParameter("EBCDIC", value);
           parameters.add(parameter);
@@ -221,9 +218,8 @@ public int getSegmentNumber() {
   // --------------------------------------------------------------------
 
   private final OrderAttributeType.Enum orderAttribute;
-  private byte[]			userData;
+  private final byte[] userData;
   private UserSignature			userSignature;
-  private SecretKeySpec			keySpec;
-  private Splitter			splitter;
+  private final Splitter splitter;
   private static final long 		serialVersionUID = -8083183483311283608L;
 }