| Code with Misuse: |
class SecureMessagingWrapper {
/**
* The <code>0x8E</code> tag has already been read.
*
* @param in inputstream to read from.
*/
private void readDO8E(DataInputStream in, byte[] rapdu) throws IOException, GeneralSecurityException {
int length = in.readUnsignedByte();
if (length != 8) {
throw new IllegalStateException("DO'8E wrong length");
}
byte[] cc1 = new byte[8];
in.readFully(cc1);
mac.init(ksMac);
ByteArrayOutputStream out = new ByteArrayOutputStream();
DataOutputStream dataOut = new DataOutputStream(out);
ssc++;
dataOut.writeLong(ssc);
byte[] paddedData = Util.pad(rapdu, 0, rapdu.length - 2 - 8 - 2);
dataOut.write(paddedData, 0, paddedData.length);
dataOut.flush();
byte[] cc2 = mac.doFinal(out.toByteArray());
if (!Arrays.equals(cc1, cc2)) {
throw new IllegalStateException("Incorrect MAC!");
}
}
}
|
