diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/main/java/org/uic/barcode/Decoder.java | 15 | ||||
-rw-r--r-- | src/main/java/org/uic/barcode/ssbFrame/SsbFrame.java | 25 | ||||
-rw-r--r-- | src/main/java/org/uic/barcode/staticFrame/StaticFrame.java | 16 | ||||
-rw-r--r-- | src/main/java/org/uic/barcode/utils/SecurityUtils.java | 41 | ||||
-rw-r--r-- | src/test/java/org/uic/barcode/test/StaticFrameBarcodeSignatureAlgorithmDetectionTest.java | 330 | ||||
-rw-r--r-- | src/test/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java (renamed from src/main/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java) | 0 |
6 files changed, 409 insertions, 18 deletions
diff --git a/src/main/java/org/uic/barcode/Decoder.java b/src/main/java/org/uic/barcode/Decoder.java index 85faa4a..637bbf6 100644 --- a/src/main/java/org/uic/barcode/Decoder.java +++ b/src/main/java/org/uic/barcode/Decoder.java @@ -84,15 +84,22 @@ public class Decoder { * @throws EncodingFormatException the encoding format exception
*/
public int validateLevel1(PublicKey key) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException, IllegalArgumentException, UnsupportedOperationException, IOException, EncodingFormatException {
- if (dynamicFrame != null && dynamicFrame != null) {
+ if (dynamicFrame != null) {
return dynamicFrame.validateLevel1(key) ;
- } else {
- if (staticFrame != null) {
- return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED;
+ } else if (staticFrame != null) {
+ if (staticFrame.verifyByAlgorithmOid(key,null)) {
+ return Constants.LEVEL1_VALIDATION_OK;
+ } else {
+ return Constants.LEVEL1_VALIDATION_FRAUD;
+ }
+ } else if (ssbFrame!= null) {
+ if (ssbFrame.verifyByAlgorithmOid(key,null, null)) {
+ return Constants.LEVEL1_VALIDATION_OK;
} else {
return Constants.LEVEL1_VALIDATION_FRAUD;
}
}
+ return Constants.LEVEL1_VALIDATION_NO_SIGNATURE;
}
/**
diff --git a/src/main/java/org/uic/barcode/ssbFrame/SsbFrame.java b/src/main/java/org/uic/barcode/ssbFrame/SsbFrame.java index b473c1e..2c8f66f 100644 --- a/src/main/java/org/uic/barcode/ssbFrame/SsbFrame.java +++ b/src/main/java/org/uic/barcode/ssbFrame/SsbFrame.java @@ -1,6 +1,5 @@ package org.uic.barcode.ssbFrame; -import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; import java.security.InvalidKeyException; @@ -14,7 +13,6 @@ import java.security.SignatureException; import java.security.Provider.Service; import java.util.Arrays; - import org.uic.barcode.ticket.EncodingFormatException; import org.uic.barcode.utils.AlgorithmNameResolver; import org.uic.barcode.utils.SecurityUtils; @@ -83,7 +81,7 @@ public class SsbFrame { try { //check for non-standard signature encoding BigInteger[] bInts = SecurityUtils.decodeSignatureIntegerSequence(signatureBytes); - byte[] sig = SecurityUtils.encodeSignatureIntegerSequence(bInts[0],bInts[1]); + SecurityUtils.encodeSignatureIntegerSequence(bInts[0],bInts[1]); signaturePart1 = bInts[0].toByteArray(); signaturePart2 = bInts[1].toByteArray(); //decoding the entire signature was ok, so there was no split @@ -334,8 +332,20 @@ public class SsbFrame { //find the algorithm name for the signature OID String algo = null; + + BigInteger r = new BigInteger(1,signaturePart1); + BigInteger s = new BigInteger(1,signaturePart2); + byte[] signature = SecurityUtils.encodeSignatureIntegerSequence(r,s); + + String signatureAlgorithmOid = signingAlg; + + // guess the signature algorithm based on the signature size + if ((signingAlg == null || signingAlg.length() < 1) && signature != null) { + signatureAlgorithmOid = SecurityUtils.getDsaAlgorithm(signature); + } + if (prov != null) { - Service service = prov.getService("Signature",signingAlg); + Service service = prov.getService("Signature",signatureAlgorithmOid); if (service != null) { algo = service.getAlgorithm(); } @@ -343,7 +353,7 @@ public class SsbFrame { Provider[] provs = Security.getProviders(); for (Provider p : provs) { if (algo == null) { - Service service = p.getService("Signature",signingAlg); + Service service = p.getService("Signature",signatureAlgorithmOid); if (service != null) { algo = service.getAlgorithm(); } @@ -359,11 +369,6 @@ public class SsbFrame { sig.initVerify(key); sig.update(getDataForSignature()); - BigInteger r = new BigInteger(1,signaturePart1); - BigInteger s = new BigInteger(1,signaturePart2); - - byte[] signature = SecurityUtils.encodeSignatureIntegerSequence(r,s); - return sig.verify(signature); } diff --git a/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java b/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java index 8dc1adb..25649df 100644 --- a/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java +++ b/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java @@ -19,7 +19,9 @@ import java.util.zip.DataFormatException; import java.util.zip.Deflater;
import java.util.zip.Inflater;
+import org.uic.barcode.dynamicFrame.Constants;
import org.uic.barcode.ticket.EncodingFormatException;
+import org.uic.barcode.utils.SecurityUtils;
/**
@@ -660,11 +662,20 @@ public class StaticFrame { * @throws IOException
*/
public boolean verifyByAlgorithmOid(PublicKey key, String signingAlg) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException, IllegalArgumentException, UnsupportedOperationException, IOException, EncodingFormatException {
+
+ String signatureAlgorithmOid = signingAlg;
+
+
+ // guess the signature algorithm based on the signature size
+ if ((signingAlg == null || signingAlg.length() < 1) && this.getSignature() != null) {
+ signatureAlgorithmOid = SecurityUtils.getDsaAlgorithm(this.getSignature());
+ }
+
//find the algorithm name for the signature OID
String algo = null;
Provider[] provs = Security.getProviders();
for (Provider prov : provs) {
- Service service = prov.getService("Signature",signingAlg);
+ Service service = prov.getService("Signature",signatureAlgorithmOid);
if (service != null) {
algo = service.getAlgorithm();
}
@@ -776,7 +787,8 @@ public class StaticFrame { if (algo == null) {
throw new NoSuchAlgorithmException("No service for algorthm found: " + signingAlg);
}
- Signature sig = Signature.getInstance(algo);
+ Signature sig = Signature.getInstance(algo,prov);
+
sig.initSign(key);
signedData = getDataForSignature();
sig.update(signedData);
diff --git a/src/main/java/org/uic/barcode/utils/SecurityUtils.java b/src/main/java/org/uic/barcode/utils/SecurityUtils.java index 8c981af..8f19e4b 100644 --- a/src/main/java/org/uic/barcode/utils/SecurityUtils.java +++ b/src/main/java/org/uic/barcode/utils/SecurityUtils.java @@ -15,6 +15,8 @@ import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
+import org.uic.barcode.dynamicFrame.Constants;
+
/**
* The Class SecurityUtils.
*/
@@ -23,8 +25,8 @@ public class SecurityUtils { /**
* Find provider by public key.
*
- * @param algorithmOid the algorithm oid used to generate the key
- * @param keyBytes the encoded bytes of the public key
+ * @param keyAlgorithmOid the key algorithm oid
+ * @param keyBytes the encoded bytes of the public key
* @return the provider
*/
public static Provider findPublicKeyProvider(String keyAlgorithmOid, byte[] keyBytes) {
@@ -263,6 +265,13 @@ public class SecurityUtils { return out.toByteArray();
}
+ /**
+ * Recombine dsa signature.
+ *
+ * @param sealdata the sealdata
+ * @return the byte[]
+ * @throws IOException Signals that an I/O exception has occurred.
+ */
public static byte[] recombineDsaSignature(byte[] sealdata) throws IOException {
//check whether the encoding is wrong and the sealdata contain a signature
@@ -311,4 +320,32 @@ public class SecurityUtils { return out.toByteArray();
}
+
+ /**
+ * Gets the dsa algorithm allowed for ssb or static frame.
+ *
+ * @param bs the size of the signature
+ * @return the dsa algorithm OID
+ */
+ public static String getDsaAlgorithm(byte[] bs) {
+
+ BigInteger[] bInts = null;
+ int size = 0;
+ try {
+ bInts = decodeSignatureIntegerSequence(bs);
+ int sizeR = bInts[0].bitLength();
+ int sizeS = bInts[1].bitLength();
+ size = Math.max(sizeR,sizeS);
+ } catch (Exception e) {
+ return null;
+ }
+
+ if (size > 224) {
+ return Constants.DSA_SHA256;
+ } else if (size > 160) {
+ return Constants.DSA_SHA224;
+ } else {
+ return Constants.DSA_SHA1;
+ }
+ }
}
diff --git a/src/test/java/org/uic/barcode/test/StaticFrameBarcodeSignatureAlgorithmDetectionTest.java b/src/test/java/org/uic/barcode/test/StaticFrameBarcodeSignatureAlgorithmDetectionTest.java new file mode 100644 index 0000000..be3db95 --- /dev/null +++ b/src/test/java/org/uic/barcode/test/StaticFrameBarcodeSignatureAlgorithmDetectionTest.java @@ -0,0 +1,330 @@ +package org.uic.barcode.test;
+
+import java.io.IOException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.SignatureException;
+import java.util.zip.DataFormatException;
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.junit.Before;
+import org.junit.Test;
+import org.uic.barcode.Decoder;
+import org.uic.barcode.Encoder;
+import org.uic.barcode.dynamicFrame.Constants;
+import org.uic.barcode.logger.LoggerFactory;
+import org.uic.barcode.staticFrame.ticketLayoutBarcode.TicketLayout;
+import org.uic.barcode.test.utils.SimpleTestTicketLayout;
+import org.uic.barcode.test.utils.SimpleUICTestTicket;
+import org.uic.barcode.ticket.EncodingFormatException;
+import org.uic.barcode.ticket.api.spec.IUicRailTicket;
+
+/**
+ * The Class StaticFrameBarcodeTest.
+ */
+public class StaticFrameBarcodeSignatureAlgorithmDetectionTest {
+
+ /** The algorithm OID. */
+ public String algorithmOID = Constants.DSA_SHA224;
+
+ public int keySize = 2048;
+
+ /** The key pair. */
+ public KeyPair keyPair = null;
+
+
+ public IUicRailTicket testFCBticket = null;
+
+ public TicketLayout testLayout = null;
+
+ public Provider prov = null;
+
+ /**
+ * Initialize.
+ *
+ * set the signature algorithm
+ * generate a key pair
+ * set the test content
+ * for ticket and layout
+ */
+ @Before public void initialize() {
+
+ LoggerFactory.setActivateConsoleLog(true);
+
+ prov = new BouncyCastleProvider();
+
+ Security.addProvider(prov);
+
+ }
+
+
+ /**
+ * Test DSA signature algorithm detection DSA SHA1
+ */
+ @Test public void testDsaSha1() {
+
+ LoggerFactory.setActivateConsoleLog(true);
+
+ algorithmOID = Constants.DSA_SHA1;
+ keySize = 512;
+ testFCBticket = SimpleUICTestTicket.getUicTestTicket();
+ testLayout = SimpleTestTicketLayout.getSimpleTestTicketLayout();
+
+
+ try {
+ keyPair = generateDSAKeys(keySize);
+ } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException e) {
+ e.printStackTrace();
+ }
+
+ assert(keyPair != null);
+
+
+ IUicRailTicket ticket = testFCBticket;
+
+ TicketLayout layout = testLayout;
+
+ Encoder enc = null;
+
+ try {
+ enc = new Encoder(ticket, layout, Encoder.UIC_BARCODE_TYPE_CLASSIC, 2, 13);
+ } catch (IOException | EncodingFormatException e1) {
+ assert(false);
+ }
+
+ enc.setStaticHeaderParams("123456789012", "de");
+
+ assert(enc != null);
+
+ try {
+ enc.signLevel1("1080", keyPair.getPrivate(), algorithmOID, "1", prov);
+ } catch (Exception e) {
+ assert(false);
+ }
+
+ byte[] encoded = null;
+ try {
+ encoded = enc.encode();
+ } catch (Exception e) {
+ assert(false);
+ }
+
+ assert(encoded != null);
+
+ Decoder dec = null;
+ try {
+ dec = new Decoder(encoded);
+ } catch (IOException e) {
+ assert(false);
+ } catch (EncodingFormatException e) {
+ assert(false);
+ } catch (DataFormatException e) {
+ assert(false);
+ }
+ assert(dec != null);
+
+ int signatureCheck = 0;
+ try {
+ signatureCheck = dec.validateLevel1(keyPair.getPublic());
+ } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException | IllegalArgumentException
+ | UnsupportedOperationException | IOException | EncodingFormatException e) {
+ assert(false);
+ }
+
+ assert(signatureCheck == Constants.LEVEL1_VALIDATION_OK);
+
+ SimpleUICTestTicket.compare(ticket, dec.getUicTicket());
+
+ SimpleTestTicketLayout.compare(layout, dec.getLayout());
+
+
+ }
+
+ /**
+ * Test DSA signature algorithm detection DSA SHA224
+ * DSAwithSHA224 is outdated an most provides don't support it properly!
+
+ @Test public void testDsaSha224() {
+
+ LoggerFactory.setActivateConsoleLog(true);
+
+ algorithmOID = Constants.DSA_SHA224;
+ keySize = 1024;
+ testFCBticket = SimpleUICTestTicket.getUicTestTicket();
+ testLayout = SimpleTestTicketLayout.getSimpleTestTicketLayout();
+
+
+ try {
+ keyPair = generateDSAKeys(keySize);
+ } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException e) {
+ e.printStackTrace();
+ }
+
+ assert(keyPair != null);
+
+
+ IUicRailTicket ticket = testFCBticket;
+
+ TicketLayout layout = testLayout;
+
+ Encoder enc = null;
+
+ try {
+ enc = new Encoder(ticket, layout, Encoder.UIC_BARCODE_TYPE_CLASSIC, 2, 13);
+ } catch (IOException | EncodingFormatException e1) {
+ assert(false);
+ }
+
+ enc.setStaticHeaderParams("123456789012", "de");
+
+ assert(enc != null);
+
+ try {
+ enc.signLevel1("1080", keyPair.getPrivate(), algorithmOID, "1", prov);
+ } catch (Exception e) {
+ assert(false);
+ }
+
+ byte[] encoded = null;
+ try {
+ encoded = enc.encode();
+ } catch (Exception e) {
+ assert(false);
+ }
+
+ assert(encoded != null);
+
+ Decoder dec = null;
+ try {
+ dec = new Decoder(encoded);
+ } catch (IOException e) {
+ assert(false);
+ } catch (EncodingFormatException e) {
+ assert(false);
+ } catch (DataFormatException e) {
+ assert(false);
+ }
+ assert(dec != null);
+
+ int signatureCheck = 0;
+ try {
+ signatureCheck = dec.validateLevel1(keyPair.getPublic());
+ } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException | IllegalArgumentException
+ | UnsupportedOperationException | IOException | EncodingFormatException e) {
+ assert(false);
+ }
+
+ assert(signatureCheck == Constants.LEVEL1_VALIDATION_OK);
+
+ SimpleUICTestTicket.compare(ticket, dec.getUicTicket());
+
+ SimpleTestTicketLayout.compare(layout, dec.getLayout());
+
+
+ }
+ */
+
+ /**
+ * Test DSA signature algorithm detection DSA SHA256
+ */
+ @Test public void testDsaSha256() {
+
+ LoggerFactory.setActivateConsoleLog(true);
+
+ algorithmOID = Constants.DSA_SHA256;
+ keySize = 2048;
+ testFCBticket = SimpleUICTestTicket.getUicTestTicket();
+ testLayout = SimpleTestTicketLayout.getSimpleTestTicketLayout();
+
+
+ try {
+ keyPair = generateDSAKeys(keySize);
+ } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException e) {
+ e.printStackTrace();
+ }
+
+ assert(keyPair != null);
+
+
+ IUicRailTicket ticket = testFCBticket;
+
+ TicketLayout layout = testLayout;
+
+ Encoder enc = null;
+
+ try {
+ enc = new Encoder(ticket, layout, Encoder.UIC_BARCODE_TYPE_CLASSIC, 2, 13);
+ } catch (IOException | EncodingFormatException e1) {
+ assert(false);
+ }
+
+ enc.setStaticHeaderParams("123456789012", "de");
+
+ assert(enc != null);
+
+ try {
+ enc.signLevel1("1080", keyPair.getPrivate(), algorithmOID, "1", prov);
+ } catch (Exception e) {
+ assert(false);
+ }
+
+ byte[] encoded = null;
+ try {
+ encoded = enc.encode();
+ } catch (Exception e) {
+ assert(false);
+ }
+
+ assert(encoded != null);
+
+ Decoder dec = null;
+ try {
+ dec = new Decoder(encoded);
+ } catch (IOException e) {
+ assert(false);
+ } catch (EncodingFormatException e) {
+ assert(false);
+ } catch (DataFormatException e) {
+ assert(false);
+ }
+ assert(dec != null);
+
+ int signatureCheck = 0;
+ try {
+ signatureCheck = dec.validateLevel1(keyPair.getPublic());
+ } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException | IllegalArgumentException
+ | UnsupportedOperationException | IOException | EncodingFormatException e) {
+ assert(false);
+ }
+
+ assert(signatureCheck == Constants.LEVEL1_VALIDATION_OK);
+
+ SimpleUICTestTicket.compare(ticket, dec.getUicTicket());
+
+ SimpleTestTicketLayout.compare(layout, dec.getLayout());
+
+
+ }
+
+ /**
+ * Generate DSA keys.
+ *
+ * @return the key pair
+ * @throws NoSuchAlgorithmException the no such algorithm exception
+ * @throws NoSuchProviderException the no such provider exception
+ * @throws InvalidAlgorithmParameterException the invalid algorithm parameter exception
+ */
+ public KeyPair generateDSAKeys(int keySize) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException{
+ KeyPairGenerator g = KeyPairGenerator.getInstance("DSA", "BC");
+ g.initialize(keySize, new SecureRandom());
+ return g.generateKeyPair();
+ }
+
+}
diff --git a/src/main/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java b/src/test/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java index f14acfa..f14acfa 100644 --- a/src/main/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java +++ b/src/test/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java |