diff options
Diffstat (limited to 'src/main/java')
6 files changed, 244 insertions, 19 deletions
diff --git a/src/main/java/org/uic/barcode/Decoder.java b/src/main/java/org/uic/barcode/Decoder.java index fe53ed0..e9dd4b0 100644 --- a/src/main/java/org/uic/barcode/Decoder.java +++ b/src/main/java/org/uic/barcode/Decoder.java @@ -3,6 +3,7 @@ package org.uic.barcode; import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
import java.security.PublicKey;
import java.security.SignatureException;
import java.util.zip.DataFormatException;
@@ -89,6 +90,34 @@ public class Decoder { }
}
+
+ /**
+ * Validate level 1.
+ *
+ * @param key the public key
+ * @param signingAlg the signing algorithm OID
+ * @param security provider in case a dedicated provider must be used (otherwise null)
+ * @return the return code indicating errors
+ * @throws InvalidKeyException the invalid key exception
+ * @throws NoSuchAlgorithmException the no such algorithm exception
+ * @throws SignatureException the signature exception
+ * @throws IllegalArgumentException the illegal argument exception
+ * @throws UnsupportedOperationException the unsupported operation exception
+ * @throws IOException Signals that an I/O exception has occurred.
+ * @throws EncodingFormatException the encoding format exception
+ */
+ public int validateLevel1(PublicKey key, String signingAlg, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException, IllegalArgumentException, UnsupportedOperationException, IOException, EncodingFormatException {
+ if (!isStaticHeader(data)) {
+ return dynamicFrame.validateLevel1(key) ;
+ } else {
+ if (staticFrame.verifyByAlgorithmOid(key,signingAlg, provider)) {
+ return Constants.LEVEL1_VALIDATION_OK;
+ } else {
+ return Constants.LEVEL1_VALIDATION_FRAUD;
+ }
+ }
+ }
+
/**
* Validate level 2.
*
@@ -101,6 +130,20 @@ public class Decoder { return Constants.LEVEL2_VALIDATION_NO_SIGNATURE;
}
}
+
+ /*
+ * Validate level 2.
+ * @param prov - provider of the java security implementation in case a dedicated provider must be used
+ * @return the return code indicating errors
+ */
+ public int validateLevel2(Provider prov) {
+ if (!isStaticHeader(data)) {
+ return dynamicFrame.validateLevel2(prov) ;
+ } else {
+ return Constants.LEVEL2_VALIDATION_NO_SIGNATURE;
+ }
+ }
+
/**
* Decode.
diff --git a/src/main/java/org/uic/barcode/Encoder.java b/src/main/java/org/uic/barcode/Encoder.java index d971214..e906881 100644 --- a/src/main/java/org/uic/barcode/Encoder.java +++ b/src/main/java/org/uic/barcode/Encoder.java @@ -2,6 +2,7 @@ package org.uic.barcode; import java.io.IOException;
import java.security.PrivateKey;
+import java.security.Provider;
import java.security.PublicKey;
import org.uic.barcode.asn1.datatypesimpl.OctetString;
@@ -120,6 +121,20 @@ public class Encoder { dynamicFrame.signLevel2(key);
}
}
+
+ /**
+ * Signing level 2 of a dynamic bar code
+ *
+ * @param key the key
+ * @param provider - provider of the java security implementation to be used
+ * @throws Exception the exception
+ */
+ public void signLevel2(PrivateKey key, Provider prov) throws Exception {
+ if (dynamicFrame != null) {
+ dynamicFrame.signLevel2(key, prov);
+ }
+ }
+
/**
* Sets the level 1 algorithm Is.
@@ -193,7 +208,7 @@ public class Encoder { /**
* Sign level 1 of a dynamic bar code or a static bar code.
*
- * @param securityProvider the security provider
+ * @param securityProvider the security provider (RICS code of the company responsible for the security)
* @param key the key
* @param signingAlg the signing algorithm (OID)
* @param keyId the key id
@@ -216,6 +231,33 @@ public class Encoder { }
/**
+ * Sign level 1 of a dynamic bar code or a static bar code.
+ *
+ * @param securityProvider the security provider (RICS code of the company responsible for the security)
+ * @param key the key
+ * @param signingAlg the signing algorithm (OID)
+ * @param keyId the key id
+ * @param provider - the provider of the java security implementation
+ * @throws Exception the exception
+ */
+ public void signLevel1(String securityProvider,PrivateKey key,String signingAlg, String keyId, Provider prov) throws Exception {
+ if (dynamicFrame != null) {
+ dynamicFrame.getLevel2SignedData().getLevel1Data().setSecurityProvider(securityProvider);
+ dynamicFrame.getLevel2SignedData().getLevel1Data().setLevel1SigningAlg(signingAlg);
+ dynamicFrame.getLevel2SignedData().getLevel1Data().setKeyId(Long.parseLong(keyId));
+ dynamicFrame.getLevel2SignedData().signLevel1(key, prov);
+ } else if (staticFrame != null) {
+ staticFrame.setSignatureKey(keyId);
+ staticFrame.setSecurityProvider(securityProvider);
+ if (staticFrame.getHeaderRecord()!= null && staticFrame.getHeaderRecord().getIssuer() == null) {
+ staticFrame.getHeaderRecord().setIssuer(securityProvider);
+ }
+ staticFrame.signByAlgorithmOID(key,signingAlg,prov);
+ }
+ }
+
+
+ /**
* Sets the static header parameter.
*
* @param ticketId the ticket id
diff --git a/src/main/java/org/uic/barcode/dynamicFrame/DynamicFrame.java b/src/main/java/org/uic/barcode/dynamicFrame/DynamicFrame.java index 375e2c6..1d96d05 100644 --- a/src/main/java/org/uic/barcode/dynamicFrame/DynamicFrame.java +++ b/src/main/java/org/uic/barcode/dynamicFrame/DynamicFrame.java @@ -4,6 +4,7 @@ import java.security.InvalidKeyException; import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
+import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
@@ -111,6 +112,18 @@ public class DynamicFrame extends Object{ *
*/
public int validateLevel2() {
+
+ return validateLevel2(null);
+
+ }
+
+ /**
+ * Verify the level 2 signature
+ *
+ * Note: an appropriate security provider (e.g. BC) must be registered before
+ *
+ */
+ public int validateLevel2(Provider prov) {
String level2KeyAlg = this.getLevel2SignedData().getLevel1Data().level2KeyAlg;
@@ -155,7 +168,11 @@ public class DynamicFrame extends Object{ Signature sig;
try {
- sig = Signature.getInstance(algo);
+ if (prov == null) {
+ sig = Signature.getInstance(algo);
+ } else {
+ sig = Signature.getInstance(algo, prov);
+ }
} catch (NoSuchAlgorithmException e) {
return Constants.LEVEL2_VALIDATION_SIG_ALG_NOT_IMPLEMENTED;
}
@@ -262,6 +279,19 @@ public class DynamicFrame extends Object{ this.level2Signature = new OctetString(sig.sign());
}
+
+ public void signLevel2(PrivateKey key, Provider prov) throws Exception {
+
+ //find the algorithm name for the signature OID
+ String algo = AlgorithmNameResolver.getSignatureAlgorithmName(this.getLevel2SignedData().getLevel1Data().level2SigningAlg);
+ Signature sig = Signature.getInstance(algo,prov);
+ sig.initSign(key);
+ byte[] data = level2SignedData.encode();
+ sig.update(data);
+ this.level2Signature = new OctetString(sig.sign());
+
+ }
+
public void addLevel2DynamicData(UicDynamicContentDataFDC1 dynamicData) {
this.getLevel2SignedData().setLevel2Data( dynamicData.getDataType());
diff --git a/src/main/java/org/uic/barcode/dynamicFrame/Level2DataType.java b/src/main/java/org/uic/barcode/dynamicFrame/Level2DataType.java index dbd25ce..8c3cd60 100644 --- a/src/main/java/org/uic/barcode/dynamicFrame/Level2DataType.java +++ b/src/main/java/org/uic/barcode/dynamicFrame/Level2DataType.java @@ -1,6 +1,7 @@ package org.uic.barcode.dynamicFrame;
import java.security.PrivateKey;
+import java.security.Provider;
import java.security.Signature;
import org.uic.barcode.asn1.datatypes.Asn1Optional;
@@ -95,6 +96,26 @@ public class Level2DataType { this.level1Signature = new OctetString(sig.sign());
}
+ /**
+ * Sign the contained data block.
+ *
+ * Note: an appropriate security provider (e.g. BC) must be registered before
+ *
+ * @param key the key
+ * @param security provider - security provider that must be sued to create the signature
+ * @return
+ * @return the byte[]
+ * @throws Exception
+ */
+ public void signLevel1(PrivateKey key, Provider prov) throws Exception {
+ //find the algorithm name for the signature OID
+ String algo = AlgorithmNameResolver.getSignatureAlgorithmName(getLevel1Data().level1SigningAlg);
+ Signature sig = Signature.getInstance(algo, prov);
+ sig.initSign(key);
+ byte[] data = level1Data.encode();
+ sig.update(data);
+ this.level1Signature = new OctetString(sig.sign());
+ }
}
diff --git a/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java b/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java index 2759bf0..8dc1adb 100644 --- a/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java +++ b/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java @@ -677,6 +677,39 @@ public class StaticFrame { sig.update(getDataForSignature());
return sig.verify(this.getSignature());
}
+
+ /**
+ * Verify the signature
+ *
+ * Note: an appropriate security provider (e.g. BC) must be registered before
+ *
+ * @param key the key
+ * @param singningAlg the Object ID of the signing algorithm
+ * @param a dedicated security provider to validate the signature
+ * @return true, if successful
+ * @throws InvalidKeyException the invalid key exception
+ * @throws NoSuchAlgorithmException the no such algorithm exception
+ * @throws SignatureException the signature exception
+ * @throws IllegalArgumentException the illegal argument exception
+ * @throws UnsupportedOperationException the unsupported operating exception
+ * @throws EncodingFormatException
+ * @throws IOException
+ */
+ public boolean verifyByAlgorithmOid(PublicKey key, String signingAlg, Provider prov) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException, IllegalArgumentException, UnsupportedOperationException, IOException, EncodingFormatException {
+ //find the algorithm name for the signature OID
+ String algo = null;
+ Service service = prov.getService("Signature",signingAlg);
+ if (service != null) {
+ algo = service.getAlgorithm();
+ }
+ if (algo == null) {
+ throw new NoSuchAlgorithmException("No service for algorithm found: " + signingAlg);
+ }
+ Signature sig = Signature.getInstance(algo);
+ sig.initVerify(key);
+ sig.update(getDataForSignature());
+ return sig.verify(this.getSignature());
+ }
/**
* Sign the contained data block.
@@ -695,14 +728,51 @@ public class StaticFrame { public void signByAlgorithmOID(PrivateKey key,String signingAlg) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException, EncodingFormatException {
//find the algorithm name for the signature OID
String algo = null;
+ algo = getAlgo(signingAlg);
+ if (algo == null) {
+ throw new NoSuchAlgorithmException("No service for algorthm found: " + signingAlg);
+ }
+ Signature sig = Signature.getInstance(algo);
+ sig.initSign(key);
+ signedData = getDataForSignature();
+ sig.update(signedData);
+ signature = sig.sign();
+ }
+
+ private String getAlgo(String signingAlg) {
Provider[] provs = Security.getProviders();
for (Provider prov : provs) {
Service service = prov.getService("Signature",signingAlg);
if (service != null) {
- algo = service.getAlgorithm();
- break;
+ return service.getAlgorithm();
}
}
+ return null;
+ }
+
+
+
+ /**
+ * Sign the contained data block.
+ *
+ * Note: an appropriate security provider (e.g. BC) must be registered before
+ *
+ * @param key the key
+ * @param singningAlg the Object ID of the signing algorithm
+ * @return
+ * @throws NoSuchAlgorithmException the no such algorithm exception
+ * @throws InvalidKeyException the invalid key exception
+ * @throws SignatureException the signature exception
+ * @throws EncodingFormatException
+ * @throws IOException
+ */
+ public void signByAlgorithmOID(PrivateKey key,String signingAlg, Provider prov) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException, EncodingFormatException {
+ //find the algorithm name for the signature OID
+ String algo = null;
+ Service service = prov.getService("Signature",signingAlg);
+ if (service != null) {
+ algo = service.getAlgorithm();
+ }
if (algo == null) {
throw new NoSuchAlgorithmException("No service for algorthm found: " + signingAlg);
}
@@ -713,6 +783,7 @@ public class StaticFrame { signature = sig.sign();
}
+
/**
* Sign the contained data block.
*
diff --git a/src/main/java/org/uic/barcode/utils/AlgorithmNameResolver.java b/src/main/java/org/uic/barcode/utils/AlgorithmNameResolver.java index e3918b0..1671ba9 100644 --- a/src/main/java/org/uic/barcode/utils/AlgorithmNameResolver.java +++ b/src/main/java/org/uic/barcode/utils/AlgorithmNameResolver.java @@ -39,24 +39,40 @@ public class AlgorithmNameResolver { Provider[] provs = Security.getProviders();
for (Provider prov : provs) {
+
+ String name = getName(type, oid, prov);
+ if (name != null) return name;
- SortedSet<String> typeAndOID = getTypeAndOIDStrings(prov);
-
- for (String entry : typeAndOID) {
- String[] typeAndOIDArray = entry.split("-");
- String ptype = typeAndOIDArray[0];
- if (ptype.equalsIgnoreCase(type)) {
- String poid = typeAndOIDArray[1];
- Service pservice = prov.getService(ptype, poid);
- String palgo = pservice.getAlgorithm();
-
- if (poid != null && ptype.equalsIgnoreCase(type) && poid.equals(oid)) {
- return palgo;
- }
- }
- }
}
+ if (oid.startsWith("1.2.840.10045")) {
+ return "ECDSA";
+ } else if (oid.startsWith("1.2.840.10040")) {
+ return "DSA";
+ }
+
+ return null;
+
+ }
+
+ public static String getName(String type, String oid, Provider prov) throws Exception {
+
+ SortedSet<String> typeAndOID = getTypeAndOIDStrings(prov);
+
+ for (String entry : typeAndOID) {
+ String[] typeAndOIDArray = entry.split("-");
+ String ptype = typeAndOIDArray[0];
+ if (ptype.equalsIgnoreCase(type)) {
+ String poid = typeAndOIDArray[1];
+ Service pservice = prov.getService(ptype, poid);
+ String palgo = pservice.getAlgorithm();
+
+ if (poid != null && ptype.equalsIgnoreCase(type) && poid.equals(oid)) {
+ return palgo;
+ }
+ }
+ }
+
if (oid.startsWith("1.2.840.10045")) {
return "ECDSA";
@@ -104,6 +120,8 @@ public class AlgorithmNameResolver { return null;
}
+
+
private static SortedSet<String> getTypeAndOIDStrings(Provider prov) {
|