package org.uic.barcode.staticFrame; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; import java.nio.ByteBuffer; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.Provider; import java.security.PublicKey; import java.security.Security; import java.security.Signature; import java.security.SignatureException; import java.security.Provider.Service; import java.util.ArrayList; import java.util.Arrays; import java.util.zip.DataFormatException; import java.util.zip.Deflater; import java.util.zip.Inflater; import org.uic.barcode.ticket.EncodingFormatException; import org.uic.barcode.utils.SecurityUtils; /** * The Class StaticHeader implements the static bar code header frame defined in UIC IRS 90918-9. * It allows to decode and encode the bar code content and to add sub-records as defined in the IRS 90918-9 for: * - additional header data * - Ticket Layout content * - Flexible content * - bilateral data records */ public class StaticFrame { /** The additional header record. */ private UHEADDataRecord headerRecord; /** The bar code version. */ private int version; /** The u_flex. */ private UFLEXDataRecord uFlex; /** The u_tlay. */ private UTLAYDataRecord uTlay; /** The security provider. */ private String securityProvider; /** The signature key. */ private String signatureKey; /** The signature. */ private byte[] signature; /** The data records. */ private ArrayList dataRecords = new ArrayList(); private byte[] signedData = null; /** * Instantiates a new static header frame. */ public StaticFrame (){ } /** * Instantiates a new static header and decodes the provided data. * * @param bytes the bar code data * @throws EncodingFormatException the encoding format exception * @throws DataFormatException the data format exception * @throws IOException Signals that an I/O exception has occurred. */ public StaticFrame (byte[] bytes) throws EncodingFormatException, DataFormatException, IOException{ decode(bytes); } /** * Encode the barcode data. * * @param version the barcode version * @return byte[] the encoded data as * @throws IOException Signals that an I/O exception has occurred. * @throws Exception the exception */ /* * creates a UIC bar code of version 1 * * limits: * - version 1 allows for signatures up to 50 byte length * - max data length 2048 Byte * input: * data to be included * provider of the signature * processing: * 1. create header informations * 2. compression of the data content * 3. adding a signature * output: * raw data to be included in an aztec bar code * */ public byte[] encode() throws IOException, Exception { if (headerRecord == null && uFlex == null && uTlay == null && (dataRecords == null || dataRecords.isEmpty())) return null; if (signedData == null) { signedData = encodeData(); } if (version != 1 && version != 2) { throw (new Exception(String.format("UIC Barcode Version %d not supported", version))); } if (signedData.length < 1) { throw new IOException("data missing!"); } if (signedData.length > 2048) { throw new IOException("too many data!"); //2048 should be enough } ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); //UIC bar code version 1 String header = "#UT01"; if (version == 2) { header = "#UT02"; } outputStream.write(header.getBytes()); outputStream.write(securityProvider.getBytes()); while (signatureKey.length() < 5) { signatureKey = "0" + signatureKey; } outputStream.write(signatureKey.getBytes()); if (signature.length < 1) { // signature too small for bar code version 1 throw new IOException("signature size too small!"); } if (version == 1) { if (signature.length > 50) { // signature too large for bar code version 1 throw new IOException("signature size too large!"); } outputStream.write(Arrays.copyOfRange(signature, 0, 50)); } else if (version == 2) { BigInteger[] bInts = null; byte zeroByte = 0; bInts = decodeSignatureIntegerSequence(signature); byte[] r = toUnsignedBytes(bInts[0]); byte[] s = toUnsignedBytes(bInts[1]); if (r.length > 32 || s.length > 32) { throw (new EncodingFormatException(String.format("DSA signature too big"))); } for (int i = 0; i < 32 - r.length; i++) { outputStream.write(zeroByte); } outputStream.write(r); for (int i = 0; i < 32 - s.length; i++) { outputStream.write(zeroByte); } outputStream.write(s); //outputStream.write(Arrays.copyOfRange(signature, 0, 64)); } String length = String.format("%04d", signedData.length); outputStream.write(length.getBytes()); outputStream.write(signedData); outputStream.close(); return outputStream.toByteArray(); } /** * Adds a proprietary data record. * * @param record the record */ public void addDataRecord(DataRecord record) { dataRecords.add(record); } /** * Gets the version of the header frame. * * @return the version */ public int getVersion() { return version; } /** * Sets the version of the header frame. * supported values are 1 and 2 * * @param version the new version */ public void setVersion(int version) { this.version = version; } /** * Gets the security provider. * * @return the security provider */ public String getSecurityProvider() { return securityProvider; } /** * Sets the security provider. * * @param securityProvider the new security provider */ public void setSecurityProvider(String securityProvider) { this.securityProvider = securityProvider; } /** * Gets the signature key identifier. * * @return the signature key */ public String getSignatureKey() { return signatureKey; } /** * Sets the signature key identifier. * * @param signatureKey the new signature key */ public void setSignatureKey(String signatureKey) { this.signatureKey = signatureKey; } /** * Gets the signature. * * @return the signature */ public byte[] getSignature() { return signature; } /** * Sets the signature. * * @param signature the new signature */ public void setSignature(byte[] signature) { this.signature = signature; } /** * Gets the additional header record. * * @return the header record */ public UHEADDataRecord getHeaderRecord() { return headerRecord; } /** * Gets the list of bilateral data records. * * @return the data records */ public ArrayList getDataRecords() { return dataRecords; } /** * Gets the data for signing. * * @return the data to be signed * @throws IOException Signals that an I/O exception has occurred. * @throws EncodingFormatException the encoding format exception */ public byte[] getDataForSignature() throws IOException, EncodingFormatException { // data compression if (signedData != null) return signedData; Deflater deflater = new Deflater(); byte[] data = encodeData(); deflater.setInput(data); ByteArrayOutputStream compressStream = new ByteArrayOutputStream(data.length); byte[] buffer = new byte[2048]; deflater.finish(); while (!deflater.finished()) { int count = deflater.deflate(buffer); // returns the number of result bytes compressStream.write(buffer, 0, count); } compressStream.close(); return compressStream.toByteArray(); } /** * Get the encoded data for the bar code. * * @return the byte[] * @throws IOException Signals that an I/O exception has occurred. * @throws EncodingFormatException the encoding format exception */ private byte[] encodeData() throws IOException, EncodingFormatException { if (this.uFlex == null && this.uTlay == null && this.headerRecord == null && (dataRecords == null || dataRecords.isEmpty())) return null; ByteArrayOutputStream totalStream = new ByteArrayOutputStream(); //encode header for layout if (headerRecord != null) { byte[] header = headerRecord.encode(); if (header != null && header.length > 0) { totalStream.write(header); } } //encode layout if (uTlay != null) { byte[] layout = uTlay.encode(); if (layout != null && layout.length > 0) { totalStream.write(layout); } } if (uFlex != null) { byte[] content = uFlex.encode(); if (content != null && content.length > 0){ totalStream.write(content); } } //third party content for (DataRecord dataRecord : dataRecords){ byte[] content = dataRecord.encode(); if (content != null && content.length > 0){ totalStream.write(content); } } return totalStream.toByteArray(); } /** * Encode signature integer sequence. * * Support function to format two parameters as DER encoded integer list * to get a valid formated DSA signature from the signature parameter * * @param i1 the i 1 * @param i2 the i 2 * @return the byte[] * @throws IOException Signals that an I/O exception has occurred. */ public static byte[] encodeSignatureIntegerSequence(BigInteger i1, BigInteger i2) throws IOException { //SEQUENCE OF --> tag 16 int sequenceTag = 16 + 32; // (bits 6 = 1 constructed) //INTEGER --> tag 2 int integerTag = 2; byte[] b1 = i1.toByteArray(); int lb1 = b1.length; byte[] b2 = i2.toByteArray(); int lb2 = b2.length; int sequenceLength = lb1 + lb2 + 4; ByteArrayOutputStream out = new ByteArrayOutputStream(); out.write((byte) sequenceTag); out.write((byte) sequenceLength); out.write((byte) integerTag); out.write((byte) lb1); out.write(b1); out.write((byte) integerTag); out.write((byte) lb2); out.write(b2); return out.toByteArray(); } /** * Decode signature integer sequence. * * Support function to decode a DSA signature * Provides the two DSA signature parameter encoded in a DSA signature * * @param bytes the bytes * @return the big integer[] * @throws Exception the exception */ public static BigInteger[] decodeSignatureIntegerSequence(byte[] bytes) throws Exception { int sequenceTag = (int) bytes[0]; if (sequenceTag != 48) throw new Exception("signature is not a sequence"); int sequenceLength = (int) bytes[1]; if (sequenceLength < 6) throw new Exception("signature sequence too short"); BigInteger[] result = new BigInteger[2]; int offset = 2; int i = 0; while (offset < bytes.length && i < 2) { int integerTag = (int) bytes[offset]; if (integerTag != 2) throw new Exception("signature is not an integer sequence"); int integerLength = (int) bytes[offset + 1]; byte[] value = Arrays.copyOfRange(bytes, offset + 2, offset + 2 + integerLength); result[i] = new BigInteger(+1, value); offset = offset + integerLength + 2; i++; } return result; } /** * Decode. * * @param inputData the input data * @throws EncodingFormatException the encoding format exception * @throws DataFormatException the data format exception * @throws IOException Signals that an I/O exception has occurred. */ public void decode(byte[] inputData) throws EncodingFormatException, DataFormatException, IOException { int offset = 0; String headerTag = new String( Arrays.copyOfRange(inputData,offset,offset + 3)); offset = offset + 3; if (!headerTag.equals("#UT")) { throw (new EncodingFormatException("not a UIC barcode")); } String versionValue = new String(Arrays.copyOfRange(inputData,offset,offset + 2)); offset = offset + 2; int barcodeVersion = 0; try { barcodeVersion = Integer.parseInt(versionValue); this.setVersion(barcodeVersion); } catch (NumberFormatException e2) { throw (new EncodingFormatException(String.format("UIC Barcode Version %s not supported", versionValue))); } String providerValue = new String( Arrays.copyOfRange(inputData,offset,offset + 4)); this.setSecurityProvider(providerValue); offset = offset + 4; String signatureKeyIdValue = new String( Arrays.copyOfRange(inputData,offset,offset + 5)); this.setSignatureKey(signatureKeyIdValue); offset = offset + 5; byte[] sealdata = null; if (barcodeVersion == 1) { sealdata = Arrays.copyOfRange(inputData, offset, offset + 50); signature = trimDsaSignature(sealdata); offset = offset + 50; } else if (barcodeVersion == 2) { sealdata = Arrays.copyOfRange(inputData, offset, offset + 64); signature = recombineDsaSignature(sealdata); offset = offset + 64; } else { throw (new EncodingFormatException(String.format("UIC Barcode Version %s not supported", versionValue))); } String lengthValue = new String( Arrays.copyOfRange(inputData,offset,offset + 4)); offset = offset + 4; int dataLength = 0; dataLength = Integer.parseInt(lengthValue); signedData = Arrays.copyOfRange(inputData, offset, offset + dataLength); ByteBuffer containedDataBuffer = ByteBuffer.allocate(dataLength); containedDataBuffer.put(signedData); byte[] inflatedDataBuffer = new byte[2000]; ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); Inflater inflater = new Inflater(); byte[] inflaterInput = containedDataBuffer.array(); inflater.setInput(inflaterInput); while (!inflater.finished()) { int count = inflater.inflate(inflatedDataBuffer,0,2000); if (inflater.needsDictionary() || count == 0) { break; } outputStream.write(inflatedDataBuffer, 0, count); } outputStream.close(); byte[] byteData = outputStream.toByteArray(); offset = 0; int remainingBytes = byteData.length; while (remainingBytes > 0) { String tag = new String(Arrays.copyOfRange(byteData, offset, offset + 6)); int length = 0; if (tag.startsWith("U_TLAY")) { UTLAYDataRecord record = new UTLAYDataRecord(); length = record.decode(Arrays.copyOfRange(byteData, offset, byteData.length)); this.uTlay = record; } else if (tag.startsWith("U_FLEX")) { UFLEXDataRecord record = new UFLEXDataRecord(); length = record.decode(Arrays.copyOfRange(byteData, offset, byteData.length)); this.uFlex = record; } else if (tag.startsWith("U_HEAD")) { UHEADDataRecord record = new UHEADDataRecord(); length = record.decode(Arrays.copyOfRange(byteData, offset, byteData.length)); this.headerRecord = record; } else { DataRecord record = new GENERICDataRecord(tag); length = record.decode(Arrays.copyOfRange(byteData, offset, byteData.length)); addDataRecord(record); } offset = offset + length; remainingBytes = remainingBytes - length; } } private byte[] recombineDsaSignature(byte[] sealdata) throws IOException { //check whether the encoding is wrong and the sealdata contain a signature //remove trailing zeroes from the signature BigInteger[] bInts = null; try { bInts = decodeSignatureIntegerSequence(sealdata); byte[] sig = encodeSignatureIntegerSequence(bInts[0],bInts[1]); //decoding the entire signature was ok, so there was no split return sig; } catch (Exception e) { //the signature is correctly implemented, continue with recombination } // split the data into two blocks int length = sealdata.length / 2; byte[] rBytes = Arrays.copyOfRange(sealdata, 0, length); byte[] sBytes = Arrays.copyOfRange(sealdata, length, length + length); //convert to BigInteger to get rid of leading zeroes BigInteger r = new BigInteger(1,rBytes); BigInteger s = new BigInteger(1,sBytes); //encode as DSA signature structure //SEQUENCE OF --> tag 16 int sequenceTag = 16 + 32; // (bits 6 = 1 constructed) //INTEGER --> tag 2 int integerTag = 2; byte[] b1 = r.toByteArray(); int lb1 = b1.length; byte[] b2 = s.toByteArray(); int lb2 = b2.length; int sequenceLength = lb1 + lb2 + 4; ByteArrayOutputStream out = new ByteArrayOutputStream(); out.write((byte) sequenceTag); out.write((byte) sequenceLength); out.write((byte) integerTag); out.write((byte) lb1); out.write(b1); out.write((byte) integerTag); out.write((byte) lb2); out.write(b2); return out.toByteArray(); } private static byte[] toUnsignedBytes(BigInteger i) { byte[] b = i.abs().toByteArray(); //remove top sign bit if (b[0] == 0) { b = Arrays.copyOfRange(b, 1, b.length); } return b; } private byte[] trimDsaSignature(byte[] sealdata) throws EncodingFormatException { //remove trailing zeroes from the signature BigInteger[] bInts = null; try { bInts = decodeSignatureIntegerSequence(sealdata); return encodeSignatureIntegerSequence(bInts[0],bInts[1]); } catch (Exception e) { throw (new EncodingFormatException(String.format("Invalid DSA signature"))); } } /** * Verify the signature * * Note: an appropriate security provider (e.g. BC) must be registered before * * @param key the key * @param algo the algorithm name * @return true, if successful * @throws InvalidKeyException the invalid key exception * @throws NoSuchAlgorithmException the no such algorithm exception * @throws SignatureException the signature exception * @throws IllegalArgumentException the illegal argument exception * @throws UnsupportedOperationException the unsupported operation exception * @throws EncodingFormatException * @throws IOException */ public boolean ByAlgorithmName(PublicKey key, String algo) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException, IllegalArgumentException, UnsupportedOperationException, IOException, EncodingFormatException { Signature sig = Signature.getInstance(algo); sig.initVerify(key); sig.update(this.getDataForSignature()); return sig.verify(this.getSignature()); } /** * Verify the signature * * Note: an appropriate security provider (e.g. BC) must be registered before * * @param key the key * @param singningAlg the Object ID of the signing algorithm * @return true, if successful * @throws InvalidKeyException the invalid key exception * @throws NoSuchAlgorithmException the no such algorithm exception * @throws SignatureException the signature exception * @throws IllegalArgumentException the illegal argument exception * @throws UnsupportedOperationException the unsupported operating exception * @throws EncodingFormatException * @throws IOException */ public boolean verifyByAlgorithmOid(PublicKey key, String signingAlg) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException, IllegalArgumentException, UnsupportedOperationException, IOException, EncodingFormatException { String signatureAlgorithmOid = signingAlg; // guess the signature algorithm based on the signature size if ((signingAlg == null || signingAlg.length() < 1) && this.getSignature() != null) { signatureAlgorithmOid = SecurityUtils.getDsaAlgorithm(this.getSignature()); } //find the algorithm name for the signature OID String algo = null; Provider[] provs = Security.getProviders(); for (Provider prov : provs) { Service service = prov.getService("Signature",signatureAlgorithmOid); if (service != null) { algo = service.getAlgorithm(); } } if (algo == null) { throw new NoSuchAlgorithmException("No service for algorithm found: " + signingAlg); } Signature sig = Signature.getInstance(algo); sig.initVerify(key); sig.update(getDataForSignature()); return sig.verify(this.getSignature()); } /** * Verify the signature * * Note: an appropriate security provider (e.g. BC) must be registered before * * @param key the key * @param singningAlg the Object ID of the signing algorithm * @param a dedicated security provider to validate the signature * @return true, if successful * @throws InvalidKeyException the invalid key exception * @throws NoSuchAlgorithmException the no such algorithm exception * @throws SignatureException the signature exception * @throws IllegalArgumentException the illegal argument exception * @throws UnsupportedOperationException the unsupported operating exception * @throws EncodingFormatException * @throws IOException */ public boolean verifyByAlgorithmOid(PublicKey key, String signatureAlgorithmOid, Provider prov) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException, IllegalArgumentException, UnsupportedOperationException, IOException, EncodingFormatException { if ((signatureAlgorithmOid == null || signatureAlgorithmOid.length() < 1) && this.getSignature() != null) { signatureAlgorithmOid = SecurityUtils.getDsaAlgorithm(this.getSignature()); } //find the algorithm name for the signature OID String algo = null; if (prov != null) { Service service = prov.getService("Signature",signatureAlgorithmOid); if (service != null) { algo = service.getAlgorithm(); } } else { Provider[] provs = Security.getProviders(); for (Provider p : provs) { if (algo == null) { Service service = p.getService("Signature",signatureAlgorithmOid); if (service != null) { algo = service.getAlgorithm(); } } } } if (algo == null) { throw new NoSuchAlgorithmException("No service for algorithm found: " + signatureAlgorithmOid); } Signature sig = null; if (prov != null) { sig = Signature.getInstance(algo,prov); } else { sig = Signature.getInstance(algo); } sig.initVerify(key); sig.update(getDataForSignature()); return sig.verify(this.getSignature()); } /** * Sign the contained data block. * * Note: an appropriate security provider (e.g. BC) must be registered before * * @param key the key * @param singningAlg the Object ID of the signing algorithm * @return * @throws NoSuchAlgorithmException the no such algorithm exception * @throws InvalidKeyException the invalid key exception * @throws SignatureException the signature exception * @throws EncodingFormatException * @throws IOException * @deprecated */ public void signByAlgorithmOID(PrivateKey key,String signatureAlgorithmOid) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException, EncodingFormatException { //find the algorithm name for the signature OID //find the algorithm name for the signature OID String algo = null; Provider[] provs = Security.getProviders(); for (Provider p : provs) { if (algo == null) { Service service = p.getService("Signature",signatureAlgorithmOid); if (service != null) { algo = service.getAlgorithm(); } } } if (algo == null) { throw new NoSuchAlgorithmException("No service for algorithm found: " + signatureAlgorithmOid); } Signature sig = Signature.getInstance(algo); sig.initSign(key); signedData = getDataForSignature(); sig.update(signedData); signature = sig.sign(); } /** * Sign the contained data block. * * Note: an appropriate security provider (e.g. BC) must be registered before * * @param key the key * @param singningAlg the Object ID of the signing algorithm * @return * @throws NoSuchAlgorithmException the no such algorithm exception * @throws InvalidKeyException the invalid key exception * @throws SignatureException the signature exception * @throws EncodingFormatException * @throws IOException */ public void signByAlgorithmOID(PrivateKey key,String signatureAlgorithmOid, Provider prov) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException, EncodingFormatException { //find the algorithm name for the signature OID String algo = null; if (prov != null) { Service service = prov.getService("Signature",signatureAlgorithmOid); if (service != null) { algo = service.getAlgorithm(); } } else { Provider[] provs = Security.getProviders(); for (Provider p : provs) { if (algo == null) { Service service = p.getService("Signature",signatureAlgorithmOid); if (service != null) { algo = service.getAlgorithm(); } } } } if (algo == null) { throw new NoSuchAlgorithmException("No service for algorithm found: " + signatureAlgorithmOid); } Signature sig = null; if (prov == null) { sig = Signature.getInstance(algo); } else { sig = Signature.getInstance(algo,prov); } sig.initSign(key); signedData = getDataForSignature(); sig.update(signedData); signature = sig.sign(); } /** * Sign the contained data block. * * Note: an appropriate security provider (e.g. BC) must be registered before * * @param key the key * @param algo the name of the signing algorithm * @return * @throws NoSuchAlgorithmException the no such algorithm exception * @throws InvalidKeyException the invalid key exception * @throws SignatureException the signature exception * @throws EncodingFormatException * @throws IOException * @deprecated */ public void signUsingAlgorithmName(PrivateKey key,String algo) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException, EncodingFormatException { Signature sig = Signature.getInstance(algo); sig.initSign(key); sig.update(getDataForSignature()); signature = sig.sign(); } public UFLEXDataRecord getuFlex() { return uFlex; } public UTLAYDataRecord getuTlay() { return uTlay; } public void setuFlex(UFLEXDataRecord uFlex) { this.uFlex = uFlex; } public void setuTlay(UTLAYDataRecord uTlay) { this.uTlay = uTlay; } public void setHeaderRecord(UHEADDataRecord headerRecord) { this.headerRecord = headerRecord; } }