From 6eebf3f29b9658a4e74ab1d1f90146c8e029c736 Mon Sep 17 00:00:00 2001 From: CGantert345 <57003061+CGantert345@users.noreply.github.com> Date: Mon, 28 Jun 2021 17:28:50 +0200 Subject: - option to use a dedicated security provider implementation --- .../org/uic/barcode/dynamicFrame/DynamicFrame.java | 32 +++++++++++++++++++++- .../uic/barcode/dynamicFrame/Level2DataType.java | 21 ++++++++++++++ 2 files changed, 52 insertions(+), 1 deletion(-) (limited to 'src/main/java/org/uic/barcode/dynamicFrame') diff --git a/src/main/java/org/uic/barcode/dynamicFrame/DynamicFrame.java b/src/main/java/org/uic/barcode/dynamicFrame/DynamicFrame.java index 375e2c6..1d96d05 100644 --- a/src/main/java/org/uic/barcode/dynamicFrame/DynamicFrame.java +++ b/src/main/java/org/uic/barcode/dynamicFrame/DynamicFrame.java @@ -4,6 +4,7 @@ import java.security.InvalidKeyException; import java.security.KeyFactory; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; +import java.security.Provider; import java.security.PublicKey; import java.security.Signature; import java.security.SignatureException; @@ -111,6 +112,18 @@ public class DynamicFrame extends Object{ * */ public int validateLevel2() { + + return validateLevel2(null); + + } + + /** + * Verify the level 2 signature + * + * Note: an appropriate security provider (e.g. BC) must be registered before + * + */ + public int validateLevel2(Provider prov) { String level2KeyAlg = this.getLevel2SignedData().getLevel1Data().level2KeyAlg; @@ -155,7 +168,11 @@ public class DynamicFrame extends Object{ Signature sig; try { - sig = Signature.getInstance(algo); + if (prov == null) { + sig = Signature.getInstance(algo); + } else { + sig = Signature.getInstance(algo, prov); + } } catch (NoSuchAlgorithmException e) { return Constants.LEVEL2_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; } @@ -262,6 +279,19 @@ public class DynamicFrame extends Object{ this.level2Signature = new OctetString(sig.sign()); } + + public void signLevel2(PrivateKey key, Provider prov) throws Exception { + + //find the algorithm name for the signature OID + String algo = AlgorithmNameResolver.getSignatureAlgorithmName(this.getLevel2SignedData().getLevel1Data().level2SigningAlg); + Signature sig = Signature.getInstance(algo,prov); + sig.initSign(key); + byte[] data = level2SignedData.encode(); + sig.update(data); + this.level2Signature = new OctetString(sig.sign()); + + } + public void addLevel2DynamicData(UicDynamicContentDataFDC1 dynamicData) { this.getLevel2SignedData().setLevel2Data( dynamicData.getDataType()); diff --git a/src/main/java/org/uic/barcode/dynamicFrame/Level2DataType.java b/src/main/java/org/uic/barcode/dynamicFrame/Level2DataType.java index dbd25ce..8c3cd60 100644 --- a/src/main/java/org/uic/barcode/dynamicFrame/Level2DataType.java +++ b/src/main/java/org/uic/barcode/dynamicFrame/Level2DataType.java @@ -1,6 +1,7 @@ package org.uic.barcode.dynamicFrame; import java.security.PrivateKey; +import java.security.Provider; import java.security.Signature; import org.uic.barcode.asn1.datatypes.Asn1Optional; @@ -95,6 +96,26 @@ public class Level2DataType { this.level1Signature = new OctetString(sig.sign()); } + /** + * Sign the contained data block. + * + * Note: an appropriate security provider (e.g. BC) must be registered before + * + * @param key the key + * @param security provider - security provider that must be sued to create the signature + * @return + * @return the byte[] + * @throws Exception + */ + public void signLevel1(PrivateKey key, Provider prov) throws Exception { + //find the algorithm name for the signature OID + String algo = AlgorithmNameResolver.getSignatureAlgorithmName(getLevel1Data().level1SigningAlg); + Signature sig = Signature.getInstance(algo, prov); + sig.initSign(key); + byte[] data = level1Data.encode(); + sig.update(data); + this.level1Signature = new OctetString(sig.sign()); + } } -- cgit v1.2.3 From 67bd1413dc47ec37a9ba042949973eff0a5045fd Mon Sep 17 00:00:00 2001 From: CGantert345 <57003061+CGantert345@users.noreply.github.com> Date: Tue, 29 Jun 2021 14:59:45 +0200 Subject: - test for FCB version 3 --- .../org/uic/barcode/dynamicFrame/DynamicFrame.java | 50 ++++++++++++++++------ 1 file changed, 36 insertions(+), 14 deletions(-) (limited to 'src/main/java/org/uic/barcode/dynamicFrame') diff --git a/src/main/java/org/uic/barcode/dynamicFrame/DynamicFrame.java b/src/main/java/org/uic/barcode/dynamicFrame/DynamicFrame.java index 1d96d05..6cc1eaa 100644 --- a/src/main/java/org/uic/barcode/dynamicFrame/DynamicFrame.java +++ b/src/main/java/org/uic/barcode/dynamicFrame/DynamicFrame.java @@ -127,6 +127,7 @@ public class DynamicFrame extends Object{ String level2KeyAlg = this.getLevel2SignedData().getLevel1Data().level2KeyAlg; + if (level2KeyAlg == null || level2KeyAlg.length() == 0) { return Constants.LEVEL2_VALIDATION_NO_KEY; @@ -135,9 +136,7 @@ public class DynamicFrame extends Object{ if (this.level2Signature.toByteArray() == null || this.level2Signature.toByteArray().length == 0) { return Constants.LEVEL2_VALIDATION_NO_SIGNATURE; } - - - + String keyAlgName = null; try { keyAlgName = AlgorithmNameResolver.getName(AlgorithmNameResolver.TYPE_KEY_GENERATOR_ALG, level2KeyAlg); @@ -147,31 +146,35 @@ public class DynamicFrame extends Object{ if (keyAlgName == null || keyAlgName.length() == 0) { return Constants.LEVEL2_VALIDATION_KEY_ALG_NOT_IMPLEMENTED; } - + PublicKey key = null; try { - key = KeyFactory.getInstance(keyAlgName).generatePublic(new X509EncodedKeySpec(this.getLevel2SignedData().getLevel1Data().level2publicKey.toByteArray())); + byte[] keyBytes = this.getLevel2SignedData().getLevel1Data().level2publicKey.toByteArray(); + X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); + key = KeyFactory.getInstance(keyAlgName).generatePublic(keySpec); } catch (InvalidKeySpecException | NoSuchAlgorithmException e1) { return Constants.LEVEL2_VALIDATION_KEY_ALG_NOT_IMPLEMENTED; } //find the algorithm name for the signature OID - String algo = null; + String level2SigAlg = this.getLevel2SignedData().getLevel1Data().level2SigningAlg; + + String sigAlgName = null; try { - algo = AlgorithmNameResolver.getName(AlgorithmNameResolver.TYPE_SIGNATURE_ALG,this.getLevel2SignedData().getLevel1Data().level2SigningAlg); + sigAlgName = AlgorithmNameResolver.getName(AlgorithmNameResolver.TYPE_SIGNATURE_ALG,level2SigAlg); } catch (Exception e1) { return Constants.LEVEL2_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; } - if (algo == null) { + if (sigAlgName == null) { return Constants.LEVEL2_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; } Signature sig; try { if (prov == null) { - sig = Signature.getInstance(algo); + sig = Signature.getInstance(sigAlgName); } else { - sig = Signature.getInstance(algo, prov); + sig = Signature.getInstance(sigAlgName, prov); } } catch (NoSuchAlgorithmException e) { return Constants.LEVEL2_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; @@ -183,7 +186,8 @@ public class DynamicFrame extends Object{ } try { - sig.update(UperEncoder.encode(level2SignedData)); + byte[] data = UperEncoder.encode(level2SignedData); + sig.update(data); } catch (SignatureException e) { return Constants.LEVEL2_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; } catch (IllegalArgumentException e) { @@ -210,7 +214,7 @@ public class DynamicFrame extends Object{ * Note: an appropriate security provider (e.g. BC) must be registered before * */ - public int validateLevel1(PublicKey key) { + public int validateLevel1(PublicKey key, Provider prov) { if (this.level2SignedData == null) { return Constants.LEVEL1_VALIDATION_NO_SIGNATURE; @@ -236,7 +240,12 @@ public class DynamicFrame extends Object{ Signature sig; try { - sig = Signature.getInstance(algo); + if (prov != null) { + sig = Signature.getInstance(algo, prov); + } else { + sig = Signature.getInstance(algo); + + } } catch (NoSuchAlgorithmException e) { return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; } @@ -268,6 +277,18 @@ public class DynamicFrame extends Object{ } } + /** + * Verify the level 1 signature + * + * Note: an appropriate security provider (e.g. BC) must be registered before + * + */ + public int validateLevel1(PublicKey key) { + + return validateLevel1(key, null); + + } + public void signLevel2(PrivateKey key) throws Exception { //find the algorithm name for the signature OID @@ -276,7 +297,8 @@ public class DynamicFrame extends Object{ sig.initSign(key); byte[] data = level2SignedData.encode(); sig.update(data); - this.level2Signature = new OctetString(sig.sign()); + byte[] signature = sig.sign(); + this.level2Signature = new OctetString(signature); } -- cgit v1.2.3