summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/main/java/org/uic/barcode/Decoder.java15
-rw-r--r--src/main/java/org/uic/barcode/ssbFrame/SsbFrame.java25
-rw-r--r--src/main/java/org/uic/barcode/staticFrame/StaticFrame.java16
-rw-r--r--src/main/java/org/uic/barcode/utils/SecurityUtils.java41
-rw-r--r--src/test/java/org/uic/barcode/test/StaticFrameBarcodeSignatureAlgorithmDetectionTest.java330
-rw-r--r--src/test/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java (renamed from src/main/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java)0
6 files changed, 409 insertions, 18 deletions
diff --git a/src/main/java/org/uic/barcode/Decoder.java b/src/main/java/org/uic/barcode/Decoder.java
index 85faa4a..637bbf6 100644
--- a/src/main/java/org/uic/barcode/Decoder.java
+++ b/src/main/java/org/uic/barcode/Decoder.java
@@ -84,15 +84,22 @@ public class Decoder {
* @throws EncodingFormatException the encoding format exception
*/
public int validateLevel1(PublicKey key) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException, IllegalArgumentException, UnsupportedOperationException, IOException, EncodingFormatException {
- if (dynamicFrame != null && dynamicFrame != null) {
+ if (dynamicFrame != null) {
return dynamicFrame.validateLevel1(key) ;
- } else {
- if (staticFrame != null) {
- return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED;
+ } else if (staticFrame != null) {
+ if (staticFrame.verifyByAlgorithmOid(key,null)) {
+ return Constants.LEVEL1_VALIDATION_OK;
+ } else {
+ return Constants.LEVEL1_VALIDATION_FRAUD;
+ }
+ } else if (ssbFrame!= null) {
+ if (ssbFrame.verifyByAlgorithmOid(key,null, null)) {
+ return Constants.LEVEL1_VALIDATION_OK;
} else {
return Constants.LEVEL1_VALIDATION_FRAUD;
}
}
+ return Constants.LEVEL1_VALIDATION_NO_SIGNATURE;
}
/**
diff --git a/src/main/java/org/uic/barcode/ssbFrame/SsbFrame.java b/src/main/java/org/uic/barcode/ssbFrame/SsbFrame.java
index b473c1e..2c8f66f 100644
--- a/src/main/java/org/uic/barcode/ssbFrame/SsbFrame.java
+++ b/src/main/java/org/uic/barcode/ssbFrame/SsbFrame.java
@@ -1,6 +1,5 @@
package org.uic.barcode.ssbFrame;
-import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
@@ -14,7 +13,6 @@ import java.security.SignatureException;
import java.security.Provider.Service;
import java.util.Arrays;
-
import org.uic.barcode.ticket.EncodingFormatException;
import org.uic.barcode.utils.AlgorithmNameResolver;
import org.uic.barcode.utils.SecurityUtils;
@@ -83,7 +81,7 @@ public class SsbFrame {
try {
//check for non-standard signature encoding
BigInteger[] bInts = SecurityUtils.decodeSignatureIntegerSequence(signatureBytes);
- byte[] sig = SecurityUtils.encodeSignatureIntegerSequence(bInts[0],bInts[1]);
+ SecurityUtils.encodeSignatureIntegerSequence(bInts[0],bInts[1]);
signaturePart1 = bInts[0].toByteArray();
signaturePart2 = bInts[1].toByteArray();
//decoding the entire signature was ok, so there was no split
@@ -334,8 +332,20 @@ public class SsbFrame {
//find the algorithm name for the signature OID
String algo = null;
+
+ BigInteger r = new BigInteger(1,signaturePart1);
+ BigInteger s = new BigInteger(1,signaturePart2);
+ byte[] signature = SecurityUtils.encodeSignatureIntegerSequence(r,s);
+
+ String signatureAlgorithmOid = signingAlg;
+
+ // guess the signature algorithm based on the signature size
+ if ((signingAlg == null || signingAlg.length() < 1) && signature != null) {
+ signatureAlgorithmOid = SecurityUtils.getDsaAlgorithm(signature);
+ }
+
if (prov != null) {
- Service service = prov.getService("Signature",signingAlg);
+ Service service = prov.getService("Signature",signatureAlgorithmOid);
if (service != null) {
algo = service.getAlgorithm();
}
@@ -343,7 +353,7 @@ public class SsbFrame {
Provider[] provs = Security.getProviders();
for (Provider p : provs) {
if (algo == null) {
- Service service = p.getService("Signature",signingAlg);
+ Service service = p.getService("Signature",signatureAlgorithmOid);
if (service != null) {
algo = service.getAlgorithm();
}
@@ -359,11 +369,6 @@ public class SsbFrame {
sig.initVerify(key);
sig.update(getDataForSignature());
- BigInteger r = new BigInteger(1,signaturePart1);
- BigInteger s = new BigInteger(1,signaturePart2);
-
- byte[] signature = SecurityUtils.encodeSignatureIntegerSequence(r,s);
-
return sig.verify(signature);
}
diff --git a/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java b/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java
index 8dc1adb..25649df 100644
--- a/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java
+++ b/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java
@@ -19,7 +19,9 @@ import java.util.zip.DataFormatException;
import java.util.zip.Deflater;
import java.util.zip.Inflater;
+import org.uic.barcode.dynamicFrame.Constants;
import org.uic.barcode.ticket.EncodingFormatException;
+import org.uic.barcode.utils.SecurityUtils;
/**
@@ -660,11 +662,20 @@ public class StaticFrame {
* @throws IOException
*/
public boolean verifyByAlgorithmOid(PublicKey key, String signingAlg) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException, IllegalArgumentException, UnsupportedOperationException, IOException, EncodingFormatException {
+
+ String signatureAlgorithmOid = signingAlg;
+
+
+ // guess the signature algorithm based on the signature size
+ if ((signingAlg == null || signingAlg.length() < 1) && this.getSignature() != null) {
+ signatureAlgorithmOid = SecurityUtils.getDsaAlgorithm(this.getSignature());
+ }
+
//find the algorithm name for the signature OID
String algo = null;
Provider[] provs = Security.getProviders();
for (Provider prov : provs) {
- Service service = prov.getService("Signature",signingAlg);
+ Service service = prov.getService("Signature",signatureAlgorithmOid);
if (service != null) {
algo = service.getAlgorithm();
}
@@ -776,7 +787,8 @@ public class StaticFrame {
if (algo == null) {
throw new NoSuchAlgorithmException("No service for algorthm found: " + signingAlg);
}
- Signature sig = Signature.getInstance(algo);
+ Signature sig = Signature.getInstance(algo,prov);
+
sig.initSign(key);
signedData = getDataForSignature();
sig.update(signedData);
diff --git a/src/main/java/org/uic/barcode/utils/SecurityUtils.java b/src/main/java/org/uic/barcode/utils/SecurityUtils.java
index 8c981af..8f19e4b 100644
--- a/src/main/java/org/uic/barcode/utils/SecurityUtils.java
+++ b/src/main/java/org/uic/barcode/utils/SecurityUtils.java
@@ -15,6 +15,8 @@ import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
+import org.uic.barcode.dynamicFrame.Constants;
+
/**
* The Class SecurityUtils.
*/
@@ -23,8 +25,8 @@ public class SecurityUtils {
/**
* Find provider by public key.
*
- * @param algorithmOid the algorithm oid used to generate the key
- * @param keyBytes the encoded bytes of the public key
+ * @param keyAlgorithmOid the key algorithm oid
+ * @param keyBytes the encoded bytes of the public key
* @return the provider
*/
public static Provider findPublicKeyProvider(String keyAlgorithmOid, byte[] keyBytes) {
@@ -263,6 +265,13 @@ public class SecurityUtils {
return out.toByteArray();
}
+ /**
+ * Recombine dsa signature.
+ *
+ * @param sealdata the sealdata
+ * @return the byte[]
+ * @throws IOException Signals that an I/O exception has occurred.
+ */
public static byte[] recombineDsaSignature(byte[] sealdata) throws IOException {
//check whether the encoding is wrong and the sealdata contain a signature
@@ -311,4 +320,32 @@ public class SecurityUtils {
return out.toByteArray();
}
+
+ /**
+ * Gets the dsa algorithm allowed for ssb or static frame.
+ *
+ * @param bs the size of the signature
+ * @return the dsa algorithm OID
+ */
+ public static String getDsaAlgorithm(byte[] bs) {
+
+ BigInteger[] bInts = null;
+ int size = 0;
+ try {
+ bInts = decodeSignatureIntegerSequence(bs);
+ int sizeR = bInts[0].bitLength();
+ int sizeS = bInts[1].bitLength();
+ size = Math.max(sizeR,sizeS);
+ } catch (Exception e) {
+ return null;
+ }
+
+ if (size > 224) {
+ return Constants.DSA_SHA256;
+ } else if (size > 160) {
+ return Constants.DSA_SHA224;
+ } else {
+ return Constants.DSA_SHA1;
+ }
+ }
}
diff --git a/src/test/java/org/uic/barcode/test/StaticFrameBarcodeSignatureAlgorithmDetectionTest.java b/src/test/java/org/uic/barcode/test/StaticFrameBarcodeSignatureAlgorithmDetectionTest.java
new file mode 100644
index 0000000..be3db95
--- /dev/null
+++ b/src/test/java/org/uic/barcode/test/StaticFrameBarcodeSignatureAlgorithmDetectionTest.java
@@ -0,0 +1,330 @@
+package org.uic.barcode.test;
+
+import java.io.IOException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.SignatureException;
+import java.util.zip.DataFormatException;
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.junit.Before;
+import org.junit.Test;
+import org.uic.barcode.Decoder;
+import org.uic.barcode.Encoder;
+import org.uic.barcode.dynamicFrame.Constants;
+import org.uic.barcode.logger.LoggerFactory;
+import org.uic.barcode.staticFrame.ticketLayoutBarcode.TicketLayout;
+import org.uic.barcode.test.utils.SimpleTestTicketLayout;
+import org.uic.barcode.test.utils.SimpleUICTestTicket;
+import org.uic.barcode.ticket.EncodingFormatException;
+import org.uic.barcode.ticket.api.spec.IUicRailTicket;
+
+/**
+ * The Class StaticFrameBarcodeTest.
+ */
+public class StaticFrameBarcodeSignatureAlgorithmDetectionTest {
+
+ /** The algorithm OID. */
+ public String algorithmOID = Constants.DSA_SHA224;
+
+ public int keySize = 2048;
+
+ /** The key pair. */
+ public KeyPair keyPair = null;
+
+
+ public IUicRailTicket testFCBticket = null;
+
+ public TicketLayout testLayout = null;
+
+ public Provider prov = null;
+
+ /**
+ * Initialize.
+ *
+ * set the signature algorithm
+ * generate a key pair
+ * set the test content
+ * for ticket and layout
+ */
+ @Before public void initialize() {
+
+ LoggerFactory.setActivateConsoleLog(true);
+
+ prov = new BouncyCastleProvider();
+
+ Security.addProvider(prov);
+
+ }
+
+
+ /**
+ * Test DSA signature algorithm detection DSA SHA1
+ */
+ @Test public void testDsaSha1() {
+
+ LoggerFactory.setActivateConsoleLog(true);
+
+ algorithmOID = Constants.DSA_SHA1;
+ keySize = 512;
+ testFCBticket = SimpleUICTestTicket.getUicTestTicket();
+ testLayout = SimpleTestTicketLayout.getSimpleTestTicketLayout();
+
+
+ try {
+ keyPair = generateDSAKeys(keySize);
+ } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException e) {
+ e.printStackTrace();
+ }
+
+ assert(keyPair != null);
+
+
+ IUicRailTicket ticket = testFCBticket;
+
+ TicketLayout layout = testLayout;
+
+ Encoder enc = null;
+
+ try {
+ enc = new Encoder(ticket, layout, Encoder.UIC_BARCODE_TYPE_CLASSIC, 2, 13);
+ } catch (IOException | EncodingFormatException e1) {
+ assert(false);
+ }
+
+ enc.setStaticHeaderParams("123456789012", "de");
+
+ assert(enc != null);
+
+ try {
+ enc.signLevel1("1080", keyPair.getPrivate(), algorithmOID, "1", prov);
+ } catch (Exception e) {
+ assert(false);
+ }
+
+ byte[] encoded = null;
+ try {
+ encoded = enc.encode();
+ } catch (Exception e) {
+ assert(false);
+ }
+
+ assert(encoded != null);
+
+ Decoder dec = null;
+ try {
+ dec = new Decoder(encoded);
+ } catch (IOException e) {
+ assert(false);
+ } catch (EncodingFormatException e) {
+ assert(false);
+ } catch (DataFormatException e) {
+ assert(false);
+ }
+ assert(dec != null);
+
+ int signatureCheck = 0;
+ try {
+ signatureCheck = dec.validateLevel1(keyPair.getPublic());
+ } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException | IllegalArgumentException
+ | UnsupportedOperationException | IOException | EncodingFormatException e) {
+ assert(false);
+ }
+
+ assert(signatureCheck == Constants.LEVEL1_VALIDATION_OK);
+
+ SimpleUICTestTicket.compare(ticket, dec.getUicTicket());
+
+ SimpleTestTicketLayout.compare(layout, dec.getLayout());
+
+
+ }
+
+ /**
+ * Test DSA signature algorithm detection DSA SHA224
+ * DSAwithSHA224 is outdated an most provides don't support it properly!
+
+ @Test public void testDsaSha224() {
+
+ LoggerFactory.setActivateConsoleLog(true);
+
+ algorithmOID = Constants.DSA_SHA224;
+ keySize = 1024;
+ testFCBticket = SimpleUICTestTicket.getUicTestTicket();
+ testLayout = SimpleTestTicketLayout.getSimpleTestTicketLayout();
+
+
+ try {
+ keyPair = generateDSAKeys(keySize);
+ } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException e) {
+ e.printStackTrace();
+ }
+
+ assert(keyPair != null);
+
+
+ IUicRailTicket ticket = testFCBticket;
+
+ TicketLayout layout = testLayout;
+
+ Encoder enc = null;
+
+ try {
+ enc = new Encoder(ticket, layout, Encoder.UIC_BARCODE_TYPE_CLASSIC, 2, 13);
+ } catch (IOException | EncodingFormatException e1) {
+ assert(false);
+ }
+
+ enc.setStaticHeaderParams("123456789012", "de");
+
+ assert(enc != null);
+
+ try {
+ enc.signLevel1("1080", keyPair.getPrivate(), algorithmOID, "1", prov);
+ } catch (Exception e) {
+ assert(false);
+ }
+
+ byte[] encoded = null;
+ try {
+ encoded = enc.encode();
+ } catch (Exception e) {
+ assert(false);
+ }
+
+ assert(encoded != null);
+
+ Decoder dec = null;
+ try {
+ dec = new Decoder(encoded);
+ } catch (IOException e) {
+ assert(false);
+ } catch (EncodingFormatException e) {
+ assert(false);
+ } catch (DataFormatException e) {
+ assert(false);
+ }
+ assert(dec != null);
+
+ int signatureCheck = 0;
+ try {
+ signatureCheck = dec.validateLevel1(keyPair.getPublic());
+ } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException | IllegalArgumentException
+ | UnsupportedOperationException | IOException | EncodingFormatException e) {
+ assert(false);
+ }
+
+ assert(signatureCheck == Constants.LEVEL1_VALIDATION_OK);
+
+ SimpleUICTestTicket.compare(ticket, dec.getUicTicket());
+
+ SimpleTestTicketLayout.compare(layout, dec.getLayout());
+
+
+ }
+ */
+
+ /**
+ * Test DSA signature algorithm detection DSA SHA256
+ */
+ @Test public void testDsaSha256() {
+
+ LoggerFactory.setActivateConsoleLog(true);
+
+ algorithmOID = Constants.DSA_SHA256;
+ keySize = 2048;
+ testFCBticket = SimpleUICTestTicket.getUicTestTicket();
+ testLayout = SimpleTestTicketLayout.getSimpleTestTicketLayout();
+
+
+ try {
+ keyPair = generateDSAKeys(keySize);
+ } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException e) {
+ e.printStackTrace();
+ }
+
+ assert(keyPair != null);
+
+
+ IUicRailTicket ticket = testFCBticket;
+
+ TicketLayout layout = testLayout;
+
+ Encoder enc = null;
+
+ try {
+ enc = new Encoder(ticket, layout, Encoder.UIC_BARCODE_TYPE_CLASSIC, 2, 13);
+ } catch (IOException | EncodingFormatException e1) {
+ assert(false);
+ }
+
+ enc.setStaticHeaderParams("123456789012", "de");
+
+ assert(enc != null);
+
+ try {
+ enc.signLevel1("1080", keyPair.getPrivate(), algorithmOID, "1", prov);
+ } catch (Exception e) {
+ assert(false);
+ }
+
+ byte[] encoded = null;
+ try {
+ encoded = enc.encode();
+ } catch (Exception e) {
+ assert(false);
+ }
+
+ assert(encoded != null);
+
+ Decoder dec = null;
+ try {
+ dec = new Decoder(encoded);
+ } catch (IOException e) {
+ assert(false);
+ } catch (EncodingFormatException e) {
+ assert(false);
+ } catch (DataFormatException e) {
+ assert(false);
+ }
+ assert(dec != null);
+
+ int signatureCheck = 0;
+ try {
+ signatureCheck = dec.validateLevel1(keyPair.getPublic());
+ } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException | IllegalArgumentException
+ | UnsupportedOperationException | IOException | EncodingFormatException e) {
+ assert(false);
+ }
+
+ assert(signatureCheck == Constants.LEVEL1_VALIDATION_OK);
+
+ SimpleUICTestTicket.compare(ticket, dec.getUicTicket());
+
+ SimpleTestTicketLayout.compare(layout, dec.getLayout());
+
+
+ }
+
+ /**
+ * Generate DSA keys.
+ *
+ * @return the key pair
+ * @throws NoSuchAlgorithmException the no such algorithm exception
+ * @throws NoSuchProviderException the no such provider exception
+ * @throws InvalidAlgorithmParameterException the invalid algorithm parameter exception
+ */
+ public KeyPair generateDSAKeys(int keySize) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException{
+ KeyPairGenerator g = KeyPairGenerator.getInstance("DSA", "BC");
+ g.initialize(keySize, new SecureRandom());
+ return g.generateKeyPair();
+ }
+
+}
diff --git a/src/main/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java b/src/test/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java
index f14acfa..f14acfa 100644
--- a/src/main/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java
+++ b/src/test/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java