From 6ef85723cca938e298b318dc6d564318b83ab4ba Mon Sep 17 00:00:00 2001 From: CGantert345 <57003061+CGantert345@users.noreply.github.com> Date: Mon, 11 Apr 2022 16:30:32 +0200 Subject: use one provider only within validation --- .../dynamicFrame/api/SimpleDynamicFrame.java | 10 ++- .../java/org/uic/barcode/utils/SecurityUtils.java | 77 ++++++++++++++++------ 2 files changed, 67 insertions(+), 20 deletions(-) (limited to 'src/main') diff --git a/src/main/java/org/uic/barcode/dynamicFrame/api/SimpleDynamicFrame.java b/src/main/java/org/uic/barcode/dynamicFrame/api/SimpleDynamicFrame.java index ef31166..a8d7a0f 100644 --- a/src/main/java/org/uic/barcode/dynamicFrame/api/SimpleDynamicFrame.java +++ b/src/main/java/org/uic/barcode/dynamicFrame/api/SimpleDynamicFrame.java @@ -272,6 +272,7 @@ public class SimpleDynamicFrame implements IDynamicFrame { return Constants.LEVEL1_VALIDATION_NO_SIGNATURE; } + byte[] signature = this.getLevel2Data().getLevel1Signature(); @@ -288,7 +289,13 @@ public class SimpleDynamicFrame implements IDynamicFrame { if (signingAlgorithmOid == null || signingAlgorithmOid.length() == 0) { return Constants.LEVEL1_VALIDATION_NO_SIGNATURE; - } + } + + if (prov == null) { + prov = SecurityUtils.findSignatureProvider(key.getEncoded(), signingAlgorithmOid); + } + + //find the algorithm name for the signature OID String algo = null; try { @@ -312,6 +319,7 @@ public class SimpleDynamicFrame implements IDynamicFrame { return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; } try { + key = SecurityUtils.convert(key, prov); sig.initVerify(key); } catch (InvalidKeyException e) { return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; diff --git a/src/main/java/org/uic/barcode/utils/SecurityUtils.java b/src/main/java/org/uic/barcode/utils/SecurityUtils.java index 542208b..af1a65a 100644 --- a/src/main/java/org/uic/barcode/utils/SecurityUtils.java +++ b/src/main/java/org/uic/barcode/utils/SecurityUtils.java @@ -4,6 +4,7 @@ import java.security.KeyFactory; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.Provider; +import java.security.Provider.Service; import java.security.PublicKey; import java.security.Security; import java.security.spec.InvalidKeySpecException; @@ -81,28 +82,22 @@ public class SecurityUtils { return null; } - - - public static PublicKey convertPublicKey(PublicKey key) { - - - PublicKey publicKey; - try { - publicKey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(key.getEncoded())); - } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { - return key; - } - - return publicKey; - - } public static PublicKey convert(PublicKey key, Provider provider) { PublicKey publicKey; + KeyFactory keyFactory = null; + try { - publicKey = KeyFactory.getInstance("RSA", provider).generatePublic(new X509EncodedKeySpec(key.getEncoded())); + if (key.getAlgorithm() != null && key.getAlgorithm().toUpperCase().contains("EC") ) { + keyFactory = KeyFactory.getInstance("EC",provider); + } else if (key.getAlgorithm() != null && key.getAlgorithm().length() > 0 ) { + keyFactory = KeyFactory.getInstance("DSA",provider); + } else { + return key; + } + publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(key.getEncoded())); } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { return key; } @@ -113,17 +108,61 @@ public class SecurityUtils { } - public static PrivateKey convertPrivateKey(PrivateKey key) { - + public static PrivateKey convert(PrivateKey key, Provider provider) { PrivateKey privateKey; + KeyFactory keyFactory = null; + try { - privateKey = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(key.getEncoded())); + if (key.getAlgorithm() != null && key.getAlgorithm().toUpperCase().contains("EC") ) { + keyFactory = KeyFactory.getInstance("EC",provider); + } else if (key.getAlgorithm() != null && key.getAlgorithm().length() > 0 ) { + keyFactory = KeyFactory.getInstance("DSA",provider); + } else { + return key; + } + privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(key.getEncoded())); } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { return key; } return privateKey; + + } + + public static Provider findSignatureProvider(byte[] encoded, String oid) { + + KeyFactory keyFactory = null; + String signatureAlgorithmName = null; + + Provider[] provs = Security.getProviders(); + for (Provider provider : provs) { + try { + Service service = provider.getService(AlgorithmNameResolver.TYPE_SIGNATURE_ALG, oid); + if (service != null) { + signatureAlgorithmName = service.getAlgorithm(); + if (signatureAlgorithmName != null && signatureAlgorithmName.length() > 0) { + if (signatureAlgorithmName.toUpperCase().contains("EC") ) { + keyFactory = KeyFactory.getInstance("EC",provider); + } else { + keyFactory = KeyFactory.getInstance("DSA",provider); + } + if (keyFactory != null) { + X509EncodedKeySpec spec = new X509EncodedKeySpec(encoded); + //try to encode the key + keyFactory.generatePublic(spec); + } + } + } + } catch (Exception e1) { + keyFactory = null; + } + if (keyFactory != null) { + return keyFactory.getProvider(); + } + } + + return null; } } -- cgit v1.2.3