6 files changed, 244 insertions, 19 deletions

diff --git a/src/main/java/org/uic/barcode/Decoder.java b/src/main/java/org/uic/barcode/Decoder.java
index fe53ed0..e9dd4b0 100644
--- a/src/main/java/org/uic/barcode/Decoder.java
+++ b/src/main/java/org/uic/barcode/Decoder.java
@@ -3,6 +3,7 @@ package org.uic.barcode;
 import java.io.IOException;

 import java.security.InvalidKeyException;

 import java.security.NoSuchAlgorithmException;

+import java.security.Provider;

 import java.security.PublicKey;

 import java.security.SignatureException;

 import java.util.zip.DataFormatException;

@@ -89,6 +90,34 @@ public class Decoder {
 		}

 	}

 	

+	

+	/**

+	 * Validate level 1.

+	 *

+	 * @param key the public key

+	 * @param signingAlg the signing algorithm OID

+	 * @param security provider in case a dedicated provider must be used (otherwise null)

+	 * @return the return code indicating errors

+	 * @throws InvalidKeyException the invalid key exception

+	 * @throws NoSuchAlgorithmException the no such algorithm exception

+	 * @throws SignatureException the signature exception

+	 * @throws IllegalArgumentException the illegal argument exception

+	 * @throws UnsupportedOperationException the unsupported operation exception

+	 * @throws IOException Signals that an I/O exception has occurred.

+	 * @throws EncodingFormatException the encoding format exception

+	 */

+	public int validateLevel1(PublicKey key, String signingAlg, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException, IllegalArgumentException, UnsupportedOperationException, IOException, EncodingFormatException {

+		if (!isStaticHeader(data)) {

+			return dynamicFrame.validateLevel1(key) ;

+		} else {

+			if (staticFrame.verifyByAlgorithmOid(key,signingAlg, provider)) {

+				return Constants.LEVEL1_VALIDATION_OK;

+			} else {

+				return Constants.LEVEL1_VALIDATION_FRAUD;

+			}

+		}

+	}

+	

 	/**

 	 * Validate level 2.

 	 *

@@ -101,6 +130,20 @@ public class Decoder {
 			return Constants.LEVEL2_VALIDATION_NO_SIGNATURE;

 		}

 	}

+

+	/*

+	 * Validate level 2.

+	 * @param prov - provider of the java security implementation in case a dedicated provider must be used

+	 * @return the return code indicating errors

+	 */

+	public int validateLevel2(Provider prov) {

+		if (!isStaticHeader(data)) {

+			return dynamicFrame.validateLevel2(prov) ;

+		} else {

+			return Constants.LEVEL2_VALIDATION_NO_SIGNATURE;

+		}

+	}

+

 	

 	/**

 	 * Decode.

diff --git a/src/main/java/org/uic/barcode/Encoder.java b/src/main/java/org/uic/barcode/Encoder.java
index d971214..e906881 100644
--- a/src/main/java/org/uic/barcode/Encoder.java
+++ b/src/main/java/org/uic/barcode/Encoder.java
@@ -2,6 +2,7 @@ package org.uic.barcode;
 

 import java.io.IOException;

 import java.security.PrivateKey;

+import java.security.Provider;

 import java.security.PublicKey;

 

 import org.uic.barcode.asn1.datatypesimpl.OctetString;

@@ -120,6 +121,20 @@ public class Encoder {
 			dynamicFrame.signLevel2(key);

 		} 

 	}

+	

+	/**

+	 * Signing level 2 of a dynamic bar code

+	 *     

+	 * @param key the key

+	 * @param provider - provider of the java security implementation to be used

+	 * @throws Exception the exception

+	 */

+	public void signLevel2(PrivateKey key, Provider prov) throws Exception {

+		if (dynamicFrame != null) {

+			dynamicFrame.signLevel2(key, prov);

+		} 

+	}

+

 

 	/**

 	 * Sets the level 1 algorithm Is.

@@ -193,7 +208,7 @@ public class Encoder {
 	/**

 	 * Sign level 1 of a dynamic bar code or a static bar code.

 	 *

-	 * @param securityProvider the security provider

+	 * @param securityProvider the security provider (RICS code of the company responsible for the security)

 	 * @param key the key

 	 * @param signingAlg the signing algorithm (OID)

 	 * @param keyId the key id

@@ -216,6 +231,33 @@ public class Encoder {
 	}

 	

 	/**

+	 * Sign level 1 of a dynamic bar code or a static bar code.

+	 *

+	 * @param securityProvider the security provider (RICS code of the company responsible for the security)

+	 * @param key the key

+	 * @param signingAlg the signing algorithm (OID)

+	 * @param keyId the key id

+	 * @param provider - the provider of the java security implementation

+	 * @throws Exception the exception

+	 */

+	public void signLevel1(String securityProvider,PrivateKey key,String signingAlg, String keyId, Provider prov) throws Exception {

+		if (dynamicFrame != null) {

+			dynamicFrame.getLevel2SignedData().getLevel1Data().setSecurityProvider(securityProvider);

+			dynamicFrame.getLevel2SignedData().getLevel1Data().setLevel1SigningAlg(signingAlg);

+			dynamicFrame.getLevel2SignedData().getLevel1Data().setKeyId(Long.parseLong(keyId));

+			dynamicFrame.getLevel2SignedData().signLevel1(key, prov);

+		} else if (staticFrame != null) {

+			staticFrame.setSignatureKey(keyId);

+			staticFrame.setSecurityProvider(securityProvider);

+			if (staticFrame.getHeaderRecord()!= null && staticFrame.getHeaderRecord().getIssuer() == null) {

+				staticFrame.getHeaderRecord().setIssuer(securityProvider);

+			}

+			staticFrame.signByAlgorithmOID(key,signingAlg,prov);

+		}

+	}

+	

+	

+	/**

 	 * Sets the static header parameter.

 	 *

 	 * @param ticketId the ticket id

diff --git a/src/main/java/org/uic/barcode/dynamicFrame/DynamicFrame.java b/src/main/java/org/uic/barcode/dynamicFrame/DynamicFrame.java
index 375e2c6..1d96d05 100644
--- a/src/main/java/org/uic/barcode/dynamicFrame/DynamicFrame.java
+++ b/src/main/java/org/uic/barcode/dynamicFrame/DynamicFrame.java
@@ -4,6 +4,7 @@ import java.security.InvalidKeyException;
 import java.security.KeyFactory;

 import java.security.NoSuchAlgorithmException;

 import java.security.PrivateKey;

+import java.security.Provider;

 import java.security.PublicKey;

 import java.security.Signature;

 import java.security.SignatureException;

@@ -111,6 +112,18 @@ public class DynamicFrame extends Object{
 	 *

 	 */	

 	public int validateLevel2() {

+

+		return validateLevel2(null);

+	

+	}

+	

+	/**

+	 * Verify the level 2 signature

+	 * 

+	 * Note:  an appropriate security provider (e.g. BC) must be registered before 

+	 *

+	 */	

+	public int validateLevel2(Provider prov) {

 		

 		

 		String level2KeyAlg = this.getLevel2SignedData().getLevel1Data().level2KeyAlg;

@@ -155,7 +168,11 @@ public class DynamicFrame extends Object{
 		

 		Signature sig;

 		try {

-			sig = Signature.getInstance(algo);

+			if (prov == null) {

+				sig = Signature.getInstance(algo);

+			} else {

+				sig = Signature.getInstance(algo, prov);

+			}

 		} catch (NoSuchAlgorithmException e) {

 			return Constants.LEVEL2_VALIDATION_SIG_ALG_NOT_IMPLEMENTED;

 		}

@@ -262,6 +279,19 @@ public class DynamicFrame extends Object{
 		this.level2Signature = new OctetString(sig.sign());

 		

 	}

+

+	public void signLevel2(PrivateKey key, Provider prov) throws Exception {

+		

+		//find the algorithm name for the signature OID

+		String algo = AlgorithmNameResolver.getSignatureAlgorithmName(this.getLevel2SignedData().getLevel1Data().level2SigningAlg);

+		Signature sig = Signature.getInstance(algo,prov);

+		sig.initSign(key);

+		byte[] data = level2SignedData.encode();

+		sig.update(data);

+		this.level2Signature = new OctetString(sig.sign());

+		

+	}

+

 	

 	public void addLevel2DynamicData(UicDynamicContentDataFDC1 dynamicData) {

 		this.getLevel2SignedData().setLevel2Data( dynamicData.getDataType());	

diff --git a/src/main/java/org/uic/barcode/dynamicFrame/Level2DataType.java b/src/main/java/org/uic/barcode/dynamicFrame/Level2DataType.java
index dbd25ce..8c3cd60 100644
--- a/src/main/java/org/uic/barcode/dynamicFrame/Level2DataType.java
+++ b/src/main/java/org/uic/barcode/dynamicFrame/Level2DataType.java
@@ -1,6 +1,7 @@
 package org.uic.barcode.dynamicFrame;

 

 import java.security.PrivateKey;

+import java.security.Provider;

 import java.security.Signature;

 

 import org.uic.barcode.asn1.datatypes.Asn1Optional;

@@ -95,6 +96,26 @@ public class Level2DataType {
 		this.level1Signature = new OctetString(sig.sign());

 	}

 

+	/**

+	 * Sign the contained data block.

+	 * 

+	 * Note:  an appropriate security provider (e.g. BC) must be registered before 

+	 *

+	 * @param key the key

+	 * @param security provider - security provider that must be sued to create the signature

+	 * @return 

+	 * @return the byte[]

+	 * @throws Exception 

+	 */

+	public void signLevel1(PrivateKey key, Provider prov) throws Exception {

+		//find the algorithm name for the signature OID

+		String algo = AlgorithmNameResolver.getSignatureAlgorithmName(getLevel1Data().level1SigningAlg);

+		Signature sig = Signature.getInstance(algo, prov);

+		sig.initSign(key);

+		byte[] data = level1Data.encode();

+		sig.update(data);

+		this.level1Signature = new OctetString(sig.sign());

+	}

 	

 	

 }

diff --git a/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java b/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java
index 2759bf0..8dc1adb 100644
--- a/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java
+++ b/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java
@@ -677,6 +677,39 @@ public class StaticFrame {
 		sig.update(getDataForSignature());

 		return sig.verify(this.getSignature());

 	}

+

+	/**

+	 * Verify the signature

+	 * 

+	 * Note:  an appropriate security provider (e.g. BC) must be registered before 

+	 *

+	 * @param key the key

+	 * @param singningAlg the Object ID of the signing algorithm

+	 * @param a dedicated security provider to validate the signature

+	 * @return true, if successful

+	 * @throws InvalidKeyException the invalid key exception

+	 * @throws NoSuchAlgorithmException the no such algorithm exception

+	 * @throws SignatureException the signature exception

+	 * @throws IllegalArgumentException the illegal argument exception

+	 * @throws UnsupportedOperationException the unsupported operating exception

+	 * @throws EncodingFormatException 

+	 * @throws IOException 

+	 */

+	public boolean verifyByAlgorithmOid(PublicKey key, String signingAlg, Provider prov) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException, IllegalArgumentException, UnsupportedOperationException, IOException, EncodingFormatException {

+		//find the algorithm name for the signature OID

+		String algo = null;

+        Service service = prov.getService("Signature",signingAlg);

+	    if (service != null) {

+	    	algo = service.getAlgorithm();

+	    }

+		if (algo == null) {

+			throw new NoSuchAlgorithmException("No service for algorithm found: " + signingAlg);

+		}

+		Signature sig = Signature.getInstance(algo);

+		sig.initVerify(key);

+		sig.update(getDataForSignature());

+		return sig.verify(this.getSignature());

+	}

 	

 	/**

 	 * Sign the contained data block.

@@ -695,14 +728,51 @@ public class StaticFrame {
 	public void signByAlgorithmOID(PrivateKey key,String signingAlg) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException, EncodingFormatException {

 		//find the algorithm name for the signature OID

 		String algo = null;

+		algo = getAlgo(signingAlg);

+		if (algo == null) {

+			throw new NoSuchAlgorithmException("No service for algorthm found: " + signingAlg);

+		}

+		Signature sig = Signature.getInstance(algo);

+		sig.initSign(key);

+		signedData = getDataForSignature();

+		sig.update(signedData);

+		signature = sig.sign();

+	}

+	

+	private String getAlgo(String signingAlg) {

 		Provider[] provs = Security.getProviders();

 		for (Provider prov : provs) {

 	       Service service = prov.getService("Signature",signingAlg);

 	       if (service != null) {

-	    	   algo = service.getAlgorithm();

-	    	   break;

+	    	   return service.getAlgorithm();

 	       }

 		}

+		return null;

+	}

+

+

+

+	/**

+	 * Sign the contained data block.

+	 * 

+	 * Note:  an appropriate security provider (e.g. BC) must be registered before 

+	 *

+	 * @param key the key

+	 * @param singningAlg the Object ID of the signing algorithm

+	 * @return 

+	 * @throws NoSuchAlgorithmException the no such algorithm exception

+	 * @throws InvalidKeyException the invalid key exception

+	 * @throws SignatureException the signature exception

+	 * @throws EncodingFormatException 

+	 * @throws IOException 

+	 */

+	public void signByAlgorithmOID(PrivateKey key,String signingAlg, Provider prov) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException, EncodingFormatException {

+		//find the algorithm name for the signature OID

+		String algo = null;

+        Service service = prov.getService("Signature",signingAlg);

+	    if (service != null) {

+	      algo = service.getAlgorithm();

+	    }

 		if (algo == null) {

 			throw new NoSuchAlgorithmException("No service for algorthm found: " + signingAlg);

 		}

@@ -713,6 +783,7 @@ public class StaticFrame {
 		signature = sig.sign();

 	}

 	

+	

 	/**

 	 * Sign the contained data block.

 	 * 

diff --git a/src/main/java/org/uic/barcode/utils/AlgorithmNameResolver.java b/src/main/java/org/uic/barcode/utils/AlgorithmNameResolver.java
index e3918b0..1671ba9 100644
--- a/src/main/java/org/uic/barcode/utils/AlgorithmNameResolver.java
+++ b/src/main/java/org/uic/barcode/utils/AlgorithmNameResolver.java
@@ -39,24 +39,40 @@ public class AlgorithmNameResolver {
     	Provider[] provs = Security.getProviders();

 

         for (Provider prov : provs) {

+        	

+        	   String name = getName(type, oid, prov);

+        	   if (name != null) return name;

 	        	

-	       		SortedSet<String> typeAndOID = getTypeAndOIDStrings(prov);

-

-	       		for (String entry : typeAndOID) {

-	       			String[] typeAndOIDArray = entry.split("-");

-	       			String ptype = typeAndOIDArray[0];   

-	       			if (ptype.equalsIgnoreCase(type)) {

-		       			String poid = typeAndOIDArray[1];

-		       			Service pservice = prov.getService(ptype, poid);

-		       			String palgo = pservice.getAlgorithm();	

-

-	       				if (poid != null && ptype.equalsIgnoreCase(type) && poid.equals(oid)) {

-	       					return palgo;

-	       				}

-	       			}

-	       		}

         }

         

+		if (oid.startsWith("1.2.840.10045")) {

+			return "ECDSA";

+		} else if (oid.startsWith("1.2.840.10040")) {

+			return "DSA";

+		}

+		

+        return null;

+	        	

+	}    

+    

+   public static String getName(String type, String oid, Provider prov) throws Exception {

+    	

+   		SortedSet<String> typeAndOID = getTypeAndOIDStrings(prov);

+

+	    for (String entry : typeAndOID) {

+	       	String[] typeAndOIDArray = entry.split("-");

+	       	String ptype = typeAndOIDArray[0];   

+	       	if (ptype.equalsIgnoreCase(type)) {

+		    	String poid = typeAndOIDArray[1];

+		    	Service pservice = prov.getService(ptype, poid);

+		    	String palgo = pservice.getAlgorithm();	

+

+		    	if (poid != null && ptype.equalsIgnoreCase(type) && poid.equals(oid)) {

+	       			return palgo;

+	       		}

+	      	}

+	   	}

+              

         

 		if (oid.startsWith("1.2.840.10045")) {

 			return "ECDSA";

@@ -104,6 +120,8 @@ public class AlgorithmNameResolver {
         return null;

 	        	

 	}

+    

+

 

     private static SortedSet<String> getTypeAndOIDStrings(Provider prov) {