From 2f72a6419dd1e20acf6e77a9276a6055892e732a Mon Sep 17 00:00:00 2001 From: CGantert345 <57003061+CGantert345@users.noreply.github.com> Date: Tue, 1 Feb 2022 12:45:04 +0100 Subject: - missing fieldOrder added - validation of level1 when the signature algorithm is missing --- src/main/java/org/uic/barcode/Decoder.java | 35 +++- .../barcode/dynamicFrame/api/IDynamicFrame.java | 45 +++-- .../dynamicFrame/api/SimpleDynamicFrame.java | 144 +++++++-------- .../org/uic/barcode/dynamicFrame/v1/DataType.java | 3 + .../uic/barcode/dynamicFrame/v1/DynamicFrame.java | 203 --------------------- .../org/uic/barcode/dynamicFrame/v2/DataType.java | 3 + .../uic/barcode/dynamicFrame/v2/DynamicFrame.java | 202 -------------------- 7 files changed, 137 insertions(+), 498 deletions(-) (limited to 'src/main') diff --git a/src/main/java/org/uic/barcode/Decoder.java b/src/main/java/org/uic/barcode/Decoder.java index 3d97e0a..9f5ea82 100644 --- a/src/main/java/org/uic/barcode/Decoder.java +++ b/src/main/java/org/uic/barcode/Decoder.java @@ -65,6 +65,32 @@ public class Decoder { decode(data); } + /** + * Validate level 1. + * + * @param key the public key + * @param signingAlg the signing algorithm OID + * @return the return code indicating errors + * @throws InvalidKeyException the invalid key exception + * @throws NoSuchAlgorithmException the no such algorithm exception + * @throws SignatureException the signature exception + * @throws IllegalArgumentException the illegal argument exception + * @throws UnsupportedOperationException the unsupported operation exception + * @throws IOException Signals that an I/O exception has occurred. + * @throws EncodingFormatException the encoding format exception + */ + public int validateLevel1(PublicKey key) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException, IllegalArgumentException, UnsupportedOperationException, IOException, EncodingFormatException { + if (dynamicFrame != null) { + return dynamicFrame.validateLevel1(key) ; + } else { + if (staticFrame != null) { + return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; + } else { + return Constants.LEVEL1_VALIDATION_FRAUD; + } + } + } + /** * Validate level 1. * @@ -81,7 +107,7 @@ public class Decoder { */ public int validateLevel1(PublicKey key, String signingAlg) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException, IllegalArgumentException, UnsupportedOperationException, IOException, EncodingFormatException { if (dynamicFrame != null) { - return dynamicFrame.validateLevel1(key, data) ; + return dynamicFrame.validateLevel1(key, signingAlg) ; } else { if (staticFrame.verifyByAlgorithmOid(key,signingAlg)) { return Constants.LEVEL1_VALIDATION_OK; @@ -108,7 +134,7 @@ public class Decoder { */ public int validateLevel1(PublicKey key, String signingAlg, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException, IllegalArgumentException, UnsupportedOperationException, IOException, EncodingFormatException { if (!isStaticHeader(data)) { - return dynamicFrame.validateLevel1(key, provider, data) ; + return dynamicFrame.validateLevel1(key, provider) ; } else { if (staticFrame.verifyByAlgorithmOid(key,signingAlg, provider)) { return Constants.LEVEL1_VALIDATION_OK; @@ -126,7 +152,7 @@ public class Decoder { */ public int validateLevel2() throws EncodingFormatException { if (!isStaticHeader(data)) { - return dynamicFrame.validateLevel2(null, data) ; + return dynamicFrame.validateLevel2() ; } else { return Constants.LEVEL2_VALIDATION_NO_SIGNATURE; } @@ -139,7 +165,7 @@ public class Decoder { */ public int validateLevel2(Provider prov) throws EncodingFormatException { if (!isStaticHeader(data)) { - return dynamicFrame.validateLevel2(prov,data) ; + return dynamicFrame.validateLevel2(prov) ; } else { return Constants.LEVEL2_VALIDATION_NO_SIGNATURE; } @@ -164,7 +190,6 @@ public class Decoder { ILevel1Data level1 = level2.getLevel1Data(); - for (IData level1Content : level1.getData()) { uicTicketCoder = new UicRailTicketCoder(); diff --git a/src/main/java/org/uic/barcode/dynamicFrame/api/IDynamicFrame.java b/src/main/java/org/uic/barcode/dynamicFrame/api/IDynamicFrame.java index c917b6a..4b2d1f4 100644 --- a/src/main/java/org/uic/barcode/dynamicFrame/api/IDynamicFrame.java +++ b/src/main/java/org/uic/barcode/dynamicFrame/api/IDynamicFrame.java @@ -66,12 +66,10 @@ public interface IDynamicFrame{ * Verify the level 2 signature * * Note: an appropriate security provider (e.g. BC) must be registered before - * - * @param data the data content * @return the return error code * @throws EncodingFormatException the encoding format exception */ - public int validateLevel2(byte[] data) throws EncodingFormatException; + public int validateLevel2() throws EncodingFormatException; /** * Verify the level 2 signature @@ -79,11 +77,10 @@ public interface IDynamicFrame{ * Note: an appropriate security provider (e.g. BC) must be registered before * * @param prov the registered security provider - * @param data the data content * @return the return error code * @throws EncodingFormatException the encoding format exception */ - public int validateLevel2(Provider prov, byte[] data) throws EncodingFormatException; + public int validateLevel2(Provider prov) throws EncodingFormatException; /** * Verify the level 1 signature @@ -95,7 +92,20 @@ public interface IDynamicFrame{ * @return the return error code * @throws EncodingFormatException the encoding format exception */ - public int validateLevel1(PublicKey key, byte[] data) throws EncodingFormatException; + public int validateLevel1(PublicKey key) throws EncodingFormatException; + + /** + * Verify the level 1 signature + * + * Note: an appropriate security provider (e.g. BC) must be registered before + * + * @param key the key + * @param signatureAlgorithmOid the signature algorithmOid to be used in case it is not contained in the barcode + * @return the return error code + * @throws EncodingFormatException the encoding format exception + */ + public int validateLevel1(PublicKey key,String signatureAlgorithmOid) throws EncodingFormatException; + /** * Verify the level 1 signature @@ -104,12 +114,22 @@ public interface IDynamicFrame{ * * @param key the key * @param prov the registered security provider - * @param data the data * @return the return error code * @throws EncodingFormatException the encoding format exception */ - public int validateLevel1(PublicKey key, Provider prov, byte[] data) throws EncodingFormatException; + public int validateLevel1(PublicKey key, Provider prov) throws EncodingFormatException; + /** + * Verify the level 1 signature + * + * Note: an appropriate security provider (e.g. BC) must be registered before + * + * @param key the key + * @param prov the registered security provider + * @return the return error code + * @throws EncodingFormatException the encoding format exception + */ + public int validateLevel1(PublicKey key, Provider prov, String signatureAlgorithmOid) throws EncodingFormatException; /** * Sign level 2 data without a specific security provider. @@ -159,8 +179,8 @@ public interface IDynamicFrame{ * * Note: an appropriate security provider (e.g. BC) must be registered before * - * @param key the key - * @return the byte[] + * @param key the private key + * @return the signature * @throws Exception the exception */ public void signLevel1(PrivateKey key) throws Exception; @@ -170,8 +190,8 @@ public interface IDynamicFrame{ * * Note: an appropriate security provider (e.g. BC) must be registered before * - * @param key the key - * @param prov the prov + * @param key the private key + * @param prov the security provider providing the signature implementation * @return the byte[] * @throws Exception the exception */ @@ -185,7 +205,6 @@ public interface IDynamicFrame{ */ public byte[] getLevel1Signature(); - /** * Gets the level 1 data in binary as they are signed by the level 1 signature. * diff --git a/src/main/java/org/uic/barcode/dynamicFrame/api/SimpleDynamicFrame.java b/src/main/java/org/uic/barcode/dynamicFrame/api/SimpleDynamicFrame.java index 8d53f9a..a05a936 100644 --- a/src/main/java/org/uic/barcode/dynamicFrame/api/SimpleDynamicFrame.java +++ b/src/main/java/org/uic/barcode/dynamicFrame/api/SimpleDynamicFrame.java @@ -12,7 +12,6 @@ import java.security.spec.InvalidKeySpecException; import java.security.spec.X509EncodedKeySpec; import java.util.Date; -import org.uic.barcode.asn1.uper.UperEncoder; import org.uic.barcode.dynamicContent.api.DynamicContentCoder; import org.uic.barcode.dynamicContent.api.IUicDynamicContent; import org.uic.barcode.dynamicContent.fdc1.UicDynamicContentDataFDC1; @@ -57,6 +56,7 @@ public class SimpleDynamicFrame implements IDynamicFrame { * * @return the format */ + @Override public String getFormat() { return format; } @@ -66,6 +66,7 @@ public class SimpleDynamicFrame implements IDynamicFrame { * * @param format the new format */ + @Override public void setFormat(String format) { this.format = format; } @@ -75,6 +76,7 @@ public class SimpleDynamicFrame implements IDynamicFrame { * * @return the level 2 signed data */ + @Override public ILevel2Data getLevel2Data() { return level2Data; } @@ -84,6 +86,7 @@ public class SimpleDynamicFrame implements IDynamicFrame { * * @param level2SignedData the new level 2 signed data */ + @Override public void setLevel2Data(ILevel2Data level2SignedData) { this.level2Data = level2SignedData; } @@ -93,6 +96,7 @@ public class SimpleDynamicFrame implements IDynamicFrame { * * @return the level 2 signature */ + @Override public byte[] getLevel2Signature() { return level2Signature; } @@ -102,29 +106,13 @@ public class SimpleDynamicFrame implements IDynamicFrame { * * @param level2Signature the new level 2 signature */ + @Override public void setLevel2Signature(byte[] level2Signature) { this.level2Signature = level2Signature; } - /** - * Encode. - * - * Encode the header as ASN.1 PER UNALIGNED byte array - * - * @return the byte[] - * @throws EncodingFormatException - */ - public byte[] encode() throws EncodingFormatException { - - return DynamicFrameCoder.encode(this); - - - - } - - /** * Verify the level 2 signature * @@ -133,9 +121,9 @@ public class SimpleDynamicFrame implements IDynamicFrame { * @return the int * @throws EncodingFormatException */ - public int validateLevel2(byte[] data) throws EncodingFormatException { - - return validateLevel2(null, data); + @Override + public int validateLevel2() throws EncodingFormatException { + return validateLevel2(null); } @@ -148,10 +136,17 @@ public class SimpleDynamicFrame implements IDynamicFrame { * @return the return error code * @throws EncodingFormatException */ - public int validateLevel2(Provider prov, byte[] data) throws EncodingFormatException { + @Override + public int validateLevel2(Provider prov) throws EncodingFormatException { + if (getLevel2Data() == null + || getLevel2Data().getLevel1Data() == null + || getLevel2Data().getLevel1Data().getLevel2KeyAlg() == null + || getLevel2Data().getLevel1Data().getLevel2KeyAlg().length() == 0) { + return Constants.LEVEL2_VALIDATION_NO_KEY; + } - String level2KeyAlg = this.getLevel2Data().getLevel1Data().getLevel2KeyAlg(); + String level2KeyAlg = getLevel2Data().getLevel1Data().getLevel2KeyAlg(); if (level2KeyAlg == null || level2KeyAlg.length() == 0) { @@ -235,34 +230,53 @@ public class SimpleDynamicFrame implements IDynamicFrame { } } - /** - * Verify the level 1 signature - * - * Note: an appropriate security provider (e.g. BC) must be registered before - * - * @param key the key - * @param prov the prov - * @return the int - * @throws EncodingFormatException - */ - public int validateLevel1(PublicKey key, Provider prov, byte[] data) throws EncodingFormatException { - - if (level2Data == null) { - return Constants.LEVEL1_VALIDATION_NO_SIGNATURE; - } - + @Override + public int validateLevel1(PublicKey key, Provider prov) throws EncodingFormatException { + return validateLevel1(key, prov, null); + + } - if (level2Data == null || - level2Data.getLevel1Signature().length == 0) { + @Override + public int validateLevel1(PublicKey key) throws EncodingFormatException { + return validateLevel1(key, null, null); + } + + @Override + public int validateLevel1(PublicKey key, String signatureAlgorithmOid) throws EncodingFormatException { + return validateLevel1(key, null, signatureAlgorithmOid); + } + + @Override + public int validateLevel1(PublicKey key, Provider prov, String signatureAlgorithmOid) throws EncodingFormatException { + + if (getLevel2Data() == null + || getLevel2Data().getLevel1Signature() == null + || getLevel2Data().getLevel1Signature() == null + || getLevel2Data().getLevel1Signature().length == 0) { return Constants.LEVEL1_VALIDATION_NO_SIGNATURE; } byte[] signature = this.getLevel2Data().getLevel1Signature(); + + + //find the algorithm name for the signature OID + String signingAlgorithmOid = null; + if (getLevel2Data() != null + && getLevel2Data().getLevel1Data() != null + && getLevel2Data().getLevel1Data().getLevel1SigningAlg() != null + && getLevel2Data().getLevel1Data().getLevel1SigningAlg().length() > 0) { + signingAlgorithmOid = getLevel2Data().getLevel1Data().getLevel1SigningAlg(); + } else { + signingAlgorithmOid = signatureAlgorithmOid; + } + if (signingAlgorithmOid == null || signingAlgorithmOid.length() == 0) { + return Constants.LEVEL1_VALIDATION_NO_SIGNATURE; + } //find the algorithm name for the signature OID String algo = null; try { - algo = AlgorithmNameResolver.getSignatureAlgorithmName(getLevel2Data().getLevel1Data().getLevel1SigningAlg(), prov); + algo = AlgorithmNameResolver.getSignatureAlgorithmName(signingAlgorithmOid, prov); } catch (Exception e1) { return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; } @@ -301,47 +315,20 @@ public class SimpleDynamicFrame implements IDynamicFrame { return Constants.LEVEL1_VALIDATION_ENCODING_ERROR; } - try { if (sig.verify(signature)){ - return Constants.LEVEL2_VALIDATION_OK; + return Constants.LEVEL1_VALIDATION_OK; } else { - return Constants.LEVEL2_VALIDATION_FRAUD; + return Constants.LEVEL1_VALIDATION_FRAUD; } } catch (SignatureException e) { - return Constants.LEVEL2_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; + return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; } - } - - - - - - /** - * Verify the level 1 signature - * - * Note: an appropriate security provider (e.g. BC) must be registered before - * - * @param key the key - * @return the int - * @throws EncodingFormatException - */ - public int validateLevel1(PublicKey key, byte[] data) throws EncodingFormatException { - - return validateLevel1(key, null,data); - - } + } - /** - * Sign level 2 data without a specific security provider. - * - * @param key the key - * @throws Exception the exception - */ + @Override public void signLevel2(PrivateKey key) throws Exception { - signLevel2(key, null); - } /** @@ -351,6 +338,7 @@ public class SimpleDynamicFrame implements IDynamicFrame { * @param prov the registered security provider * @throws Exception the exception */ + @Override public void signLevel2(PrivateKey key, Provider prov) throws Exception { //find the algorithm name for the signature OID @@ -375,6 +363,7 @@ public class SimpleDynamicFrame implements IDynamicFrame { * @param content the dynamic content * @throws EncodingFormatException the encoding format exception */ + @Override public void addDynamicContent(IUicDynamicContent content) throws EncodingFormatException { level2Data.setLevel2Data(new SimpleData()); @@ -390,6 +379,7 @@ public class SimpleDynamicFrame implements IDynamicFrame { * * @param dynamicData the dynamic data */ + @Override public void addLevel2DynamicData(UicDynamicContentDataFDC1 dynamicData) { this.getLevel2Data().setLevel2Data(dynamicData.getApiDataType()); } @@ -399,6 +389,7 @@ public class SimpleDynamicFrame implements IDynamicFrame { * * @return the dynamic content */ + @Override public IUicDynamicContent getDynamicContent() { if (this.getLevel2Data() == null || @@ -421,6 +412,7 @@ public class SimpleDynamicFrame implements IDynamicFrame { * @return the byte[] * @throws Exception */ + @Override public void signLevel1(PrivateKey key) throws Exception { signLevel1(key, null); @@ -484,7 +476,7 @@ public class SimpleDynamicFrame implements IDynamicFrame { } - + @Override public byte[] getLevel2DataBin() throws EncodingFormatException { if (Constants.DYNAMIC_BARCODE_FORMAT_VERSION_1.equals(format)) { @@ -501,5 +493,7 @@ public class SimpleDynamicFrame implements IDynamicFrame { } + + } diff --git a/src/main/java/org/uic/barcode/dynamicFrame/v1/DataType.java b/src/main/java/org/uic/barcode/dynamicFrame/v1/DataType.java index 6195b3c..e8cfc50 100644 --- a/src/main/java/org/uic/barcode/dynamicFrame/v1/DataType.java +++ b/src/main/java/org/uic/barcode/dynamicFrame/v1/DataType.java @@ -1,6 +1,7 @@ package org.uic.barcode.dynamicFrame.v1; import org.uic.barcode.asn1.datatypes.CharacterRestriction; +import org.uic.barcode.asn1.datatypes.FieldOrder; import org.uic.barcode.asn1.datatypes.RestrictedString; import org.uic.barcode.asn1.datatypes.Sequence; import org.uic.barcode.asn1.datatypesimpl.OctetString; @@ -19,10 +20,12 @@ public class DataType { * -- FCB2 FCB version 2 * -- RICS company code + ... **/ + @FieldOrder(order = 0) @RestrictedString(CharacterRestriction.IA5String) public String format; /** The data. */ + @FieldOrder(order = 1) public OctetString data; /** diff --git a/src/main/java/org/uic/barcode/dynamicFrame/v1/DynamicFrame.java b/src/main/java/org/uic/barcode/dynamicFrame/v1/DynamicFrame.java index 3af9c8f..3bfcbf5 100644 --- a/src/main/java/org/uic/barcode/dynamicFrame/v1/DynamicFrame.java +++ b/src/main/java/org/uic/barcode/dynamicFrame/v1/DynamicFrame.java @@ -1,16 +1,8 @@ package org.uic.barcode.dynamicFrame.v1; -import java.security.InvalidKeyException; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.Provider; -import java.security.PublicKey; import java.security.Signature; -import java.security.SignatureException; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.X509EncodedKeySpec; - import org.uic.barcode.asn1.datatypes.Asn1Optional; import org.uic.barcode.asn1.datatypes.CharacterRestriction; import org.uic.barcode.asn1.datatypes.FieldOrder; @@ -21,7 +13,6 @@ import org.uic.barcode.asn1.uper.UperEncoder; import org.uic.barcode.dynamicContent.api.DynamicContentCoder; import org.uic.barcode.dynamicContent.api.IUicDynamicContent; import org.uic.barcode.dynamicContent.fdc1.UicDynamicContentDataFDC1; -import org.uic.barcode.dynamicFrame.Constants; import org.uic.barcode.ticket.EncodingFormatException; import org.uic.barcode.utils.AlgorithmNameResolver; @@ -131,200 +122,6 @@ public class DynamicFrame extends Object{ return UperEncoder.decode(bytes, DynamicFrame.class); } - /** - * Verify the level 2 signature - * - * Note: an appropriate security provider (e.g. BC) must be registered before - * - * @return the int - */ - public int validateLevel2() { - - return validateLevel2(null); - - } - - /** - * Verify the level 2 signature - * - * Note: an appropriate security provider (e.g. BC) must be registered before - * - * @param prov the prov - * @return the int - */ - public int validateLevel2(Provider prov) { - - - String level2KeyAlg = this.getLevel2SignedData().getLevel1Data().level2KeyAlg; - - - if (level2KeyAlg == null || level2KeyAlg.length() == 0) { - return Constants.LEVEL2_VALIDATION_NO_KEY; - } - - if (this.level2Signature.toByteArray() == null || this.level2Signature.toByteArray().length == 0) { - return Constants.LEVEL2_VALIDATION_NO_SIGNATURE; - } - - String keyAlgName = null; - try { - keyAlgName = AlgorithmNameResolver.getName(AlgorithmNameResolver.TYPE_KEY_GENERATOR_ALG, level2KeyAlg); - } catch (Exception e1) { - return Constants.LEVEL2_VALIDATION_KEY_ALG_NOT_IMPLEMENTED; - } - if (keyAlgName == null || keyAlgName.length() == 0) { - return Constants.LEVEL2_VALIDATION_KEY_ALG_NOT_IMPLEMENTED; - } - - PublicKey key = null; - try { - byte[] keyBytes = this.getLevel2SignedData().getLevel1Data().level2publicKey.toByteArray(); - X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); - key = KeyFactory.getInstance(keyAlgName).generatePublic(keySpec); - } catch (InvalidKeySpecException e1) { - return Constants.LEVEL2_VALIDATION_KEY_ALG_NOT_IMPLEMENTED; - } catch (NoSuchAlgorithmException e1) { - return Constants.LEVEL2_VALIDATION_KEY_ALG_NOT_IMPLEMENTED; - } - - //find the algorithm name for the signature OID - String level2SigAlg = this.getLevel2SignedData().getLevel1Data().level2SigningAlg; - - String sigAlgName = null; - try { - sigAlgName = AlgorithmNameResolver.getName(AlgorithmNameResolver.TYPE_SIGNATURE_ALG,level2SigAlg); - } catch (Exception e1) { - return Constants.LEVEL2_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } - if (sigAlgName == null) { - return Constants.LEVEL2_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } - - Signature sig; - try { - if (prov == null) { - sig = Signature.getInstance(sigAlgName); - } else { - sig = Signature.getInstance(sigAlgName, prov); - } - } catch (NoSuchAlgorithmException e) { - return Constants.LEVEL2_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } - try { - sig.initVerify(key); - } catch (InvalidKeyException e) { - return Constants.LEVEL2_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } - - try { - byte[] data = UperEncoder.encode(level2SignedData); - sig.update(data); - } catch (SignatureException e) { - return Constants.LEVEL2_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } catch (IllegalArgumentException e) { - return Constants.LEVEL2_VALIDATION_ENCODING_ERROR; - } catch (UnsupportedOperationException e) { - return Constants.LEVEL2_VALIDATION_ENCODING_ERROR; - } - - byte[] signature = level2Signature.toByteArray(); - try { - if (sig.verify(signature)){ - return Constants.LEVEL2_VALIDATION_OK; - } else { - return Constants.LEVEL2_VALIDATION_FRAUD; - } - } catch (SignatureException e) { - return Constants.LEVEL2_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } - } - - /** - * Verify the level 1 signature - * - * Note: an appropriate security provider (e.g. BC) must be registered before - * - * @param key the key - * @param prov the prov - * @return the int - */ - public int validateLevel1(PublicKey key, Provider prov) { - - if (this.level2SignedData == null) { - return Constants.LEVEL1_VALIDATION_NO_SIGNATURE; - } - - - if (this.level2SignedData.level1Signature == null || this.level2SignedData.level1Signature.toByteArray().length == 0) { - return Constants.LEVEL1_VALIDATION_NO_SIGNATURE; - } - - byte[] signature = this.getLevel2SignedData().level1Signature.toByteArray(); - - //find the algorithm name for the signature OID - String algo = null; - try { - algo = AlgorithmNameResolver.getSignatureAlgorithmName(getLevel2SignedData().getLevel1Data().level1SigningAlg); - } catch (Exception e1) { - return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } - if (algo == null) { - return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } - - Signature sig; - try { - if (prov != null) { - sig = Signature.getInstance(algo, prov); - } else { - sig = Signature.getInstance(algo); - - } - } catch (NoSuchAlgorithmException e) { - return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } - try { - sig.initVerify(key); - } catch (InvalidKeyException e) { - return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } - - try { - sig.update(this.level2SignedData.level1Data.encode()); - } catch (SignatureException e) { - return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } catch (IllegalArgumentException e) { - return Constants.LEVEL1_VALIDATION_ENCODING_ERROR; - } catch (UnsupportedOperationException e) { - return Constants.LEVEL1_VALIDATION_ENCODING_ERROR; - } - - - try { - if (sig.verify(signature)){ - return Constants.LEVEL2_VALIDATION_OK; - } else { - return Constants.LEVEL2_VALIDATION_FRAUD; - } - } catch (SignatureException e) { - return Constants.LEVEL2_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } - } - - /** - * Verify the level 1 signature - * - * Note: an appropriate security provider (e.g. BC) must be registered before - * - * @param key the key - * @return the int - */ - public int validateLevel1(PublicKey key) { - - return validateLevel1(key, null); - - } - /** * Sign level 2 data without a specific security provider. * diff --git a/src/main/java/org/uic/barcode/dynamicFrame/v2/DataType.java b/src/main/java/org/uic/barcode/dynamicFrame/v2/DataType.java index d4f3c15..beceda9 100644 --- a/src/main/java/org/uic/barcode/dynamicFrame/v2/DataType.java +++ b/src/main/java/org/uic/barcode/dynamicFrame/v2/DataType.java @@ -1,6 +1,7 @@ package org.uic.barcode.dynamicFrame.v2; import org.uic.barcode.asn1.datatypes.CharacterRestriction; +import org.uic.barcode.asn1.datatypes.FieldOrder; import org.uic.barcode.asn1.datatypes.RestrictedString; import org.uic.barcode.asn1.datatypes.Sequence; import org.uic.barcode.asn1.datatypesimpl.OctetString; @@ -20,9 +21,11 @@ public class DataType { * -- RICS company code + ... **/ @RestrictedString(CharacterRestriction.IA5String) + @FieldOrder(order = 0) public String format; /** The data. */ + @FieldOrder(order = 1) public OctetString data; /** diff --git a/src/main/java/org/uic/barcode/dynamicFrame/v2/DynamicFrame.java b/src/main/java/org/uic/barcode/dynamicFrame/v2/DynamicFrame.java index 4831c6a..55af066 100644 --- a/src/main/java/org/uic/barcode/dynamicFrame/v2/DynamicFrame.java +++ b/src/main/java/org/uic/barcode/dynamicFrame/v2/DynamicFrame.java @@ -1,16 +1,8 @@ package org.uic.barcode.dynamicFrame.v2; -import java.security.InvalidKeyException; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.Provider; -import java.security.PublicKey; import java.security.Signature; -import java.security.SignatureException; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.X509EncodedKeySpec; - import org.uic.barcode.asn1.datatypes.Asn1Optional; import org.uic.barcode.asn1.datatypes.CharacterRestriction; import org.uic.barcode.asn1.datatypes.FieldOrder; @@ -21,7 +13,6 @@ import org.uic.barcode.asn1.uper.UperEncoder; import org.uic.barcode.dynamicContent.api.DynamicContentCoder; import org.uic.barcode.dynamicContent.api.IUicDynamicContent; import org.uic.barcode.dynamicContent.fdc1.UicDynamicContentDataFDC1; -import org.uic.barcode.dynamicFrame.Constants; import org.uic.barcode.ticket.EncodingFormatException; import org.uic.barcode.utils.AlgorithmNameResolver; @@ -131,199 +122,6 @@ public class DynamicFrame extends Object{ return UperEncoder.decode(bytes, DynamicFrame.class); } - /** - * Verify the level 2 signature - * - * Note: an appropriate security provider (e.g. BC) must be registered before - * - * @return the int - */ - public int validateLevel2() { - - return validateLevel2(null); - - } - - /** - * Verify the level 2 signature - * - * Note: an appropriate security provider (e.g. BC) must be registered before - * - * @param prov the prov - * @return the int - */ - public int validateLevel2(Provider prov) { - - - String level2KeyAlg = this.getLevel2SignedData().getLevel1Data().level2KeyAlg; - - - if (level2KeyAlg == null || level2KeyAlg.length() == 0) { - return Constants.LEVEL2_VALIDATION_NO_KEY; - } - - if (this.level2Signature.toByteArray() == null || this.level2Signature.toByteArray().length == 0) { - return Constants.LEVEL2_VALIDATION_NO_SIGNATURE; - } - - String keyAlgName = null; - try { - keyAlgName = AlgorithmNameResolver.getName(AlgorithmNameResolver.TYPE_KEY_GENERATOR_ALG, level2KeyAlg); - } catch (Exception e1) { - return Constants.LEVEL2_VALIDATION_KEY_ALG_NOT_IMPLEMENTED; - } - if (keyAlgName == null || keyAlgName.length() == 0) { - return Constants.LEVEL2_VALIDATION_KEY_ALG_NOT_IMPLEMENTED; - } - - PublicKey key = null; - try { - byte[] keyBytes = this.getLevel2SignedData().getLevel1Data().level2publicKey.toByteArray(); - X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); - key = KeyFactory.getInstance(keyAlgName).generatePublic(keySpec); - } catch (InvalidKeySpecException e1) { - return Constants.LEVEL2_VALIDATION_KEY_ALG_NOT_IMPLEMENTED; - } catch (NoSuchAlgorithmException e1) { - return Constants.LEVEL2_VALIDATION_KEY_ALG_NOT_IMPLEMENTED; - } - - //find the algorithm name for the signature OID - String level2SigAlg = this.getLevel2SignedData().getLevel1Data().level2SigningAlg; - - String sigAlgName = null; - try { - sigAlgName = AlgorithmNameResolver.getName(AlgorithmNameResolver.TYPE_SIGNATURE_ALG,level2SigAlg); - } catch (Exception e1) { - return Constants.LEVEL2_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } - if (sigAlgName == null) { - return Constants.LEVEL2_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } - - Signature sig; - try { - if (prov == null) { - sig = Signature.getInstance(sigAlgName); - } else { - sig = Signature.getInstance(sigAlgName, prov); - } - } catch (NoSuchAlgorithmException e) { - return Constants.LEVEL2_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } - try { - sig.initVerify(key); - } catch (InvalidKeyException e) { - return Constants.LEVEL2_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } - - try { - byte[] data = UperEncoder.encode(level2SignedData); - sig.update(data); - } catch (SignatureException e) { - return Constants.LEVEL2_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } catch (IllegalArgumentException e) { - return Constants.LEVEL2_VALIDATION_ENCODING_ERROR; - } catch (UnsupportedOperationException e) { - return Constants.LEVEL2_VALIDATION_ENCODING_ERROR; - } - - byte[] signature = level2Signature.toByteArray(); - try { - if (sig.verify(signature)){ - return Constants.LEVEL2_VALIDATION_OK; - } else { - return Constants.LEVEL2_VALIDATION_FRAUD; - } - } catch (SignatureException e) { - return Constants.LEVEL2_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } - } - - /** - * Verify the level 1 signature - * - * Note: an appropriate security provider (e.g. BC) must be registered before - * - * @param key the key - * @param prov the prov - * @return the int - */ - public int validateLevel1(PublicKey key, Provider prov) { - - if (this.level2SignedData == null) { - return Constants.LEVEL1_VALIDATION_NO_SIGNATURE; - } - - - if (this.level2SignedData.level1Signature == null || this.level2SignedData.level1Signature.toByteArray().length == 0) { - return Constants.LEVEL1_VALIDATION_NO_SIGNATURE; - } - - byte[] signature = this.getLevel2SignedData().level1Signature.toByteArray(); - - //find the algorithm name for the signature OID - String algo = null; - try { - algo = AlgorithmNameResolver.getSignatureAlgorithmName(getLevel2SignedData().getLevel1Data().level1SigningAlg); - } catch (Exception e1) { - return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } - if (algo == null) { - return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } - - Signature sig; - try { - if (prov != null) { - sig = Signature.getInstance(algo, prov); - } else { - sig = Signature.getInstance(algo); - - } - } catch (NoSuchAlgorithmException e) { - return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } - try { - sig.initVerify(key); - } catch (InvalidKeyException e) { - return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } - - try { - sig.update(this.level2SignedData.level1Data.encode()); - } catch (SignatureException e) { - return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } catch (IllegalArgumentException e) { - return Constants.LEVEL1_VALIDATION_ENCODING_ERROR; - } catch (UnsupportedOperationException e) { - return Constants.LEVEL1_VALIDATION_ENCODING_ERROR; - } - - - try { - if (sig.verify(signature)){ - return Constants.LEVEL2_VALIDATION_OK; - } else { - return Constants.LEVEL2_VALIDATION_FRAUD; - } - } catch (SignatureException e) { - return Constants.LEVEL2_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; - } - } - - /** - * Verify the level 1 signature - * - * Note: an appropriate security provider (e.g. BC) must be registered before - * - * @param key the key - * @return the int - */ - public int validateLevel1(PublicKey key) { - - return validateLevel1(key, null); - - } /** * Sign level 2 data without a specific security provider. -- cgit v1.2.3