a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: FSSignatureProvider.java,v 1.5 2009/06/08 23:41:51 madan_ranganath Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpackage com.sun.identity.federation.services.util;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This class implements interface <code>SignatureProviderSPI</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class FSSignatureProvider implements SignatureProviderSPI {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Default Constructor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Initializes the provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param keyProvider <code>KeyProvider</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void initialize(KeyProvider keyProvider) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSSignatureProvider.initialize: Key Provider "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Signs a String using enveloped signatures and default signature
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * algorithm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param data string that needs to be signed
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param certAlias Signer's certificate alias name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return byte array which contains signature object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception FSSignatureException if an error occurred during the signing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return signBuffer(data, certAlias, IFSConstants.DEF_SIG_ALGO_JCA);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Signs a string using enveloped signatures.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param data string that needs to be signed
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param certAlias Signer's certificate alias name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param algorithm signing algorithm
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return byte array which contains signature Element object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception FSSignatureException if an error occurred during the signing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSSignatureProvider.signBuffer: data to be "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "signed is null.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (certAlias == null || certAlias.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSSignatureProvider.signBuffer: certAlias is "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (PrivateKey) keystore.getPrivateKey(certAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (algorithm == null || algorithm.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSSignatureProvider.signBuffer: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "algorithm is null assigning algorithm= "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSSignatureProvider.signBuffer: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "algorithm is invalid ");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Signature sig = Signature.getInstance(algorithm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ByteArrayOutputStream bop = new ByteArrayOutputStream();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSSignatureProvider.signBuffer: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSSignatureException (ex.getMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws NoSuchAlgorithmException, NoSuchProviderException
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IFSConstants.ALGO_ID_SIGNATURE_RSA_JCA, ps[i]);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IFSConstants.ALGO_ID_SIGNATURE_RSA_JCA, rsaProviderName);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Verifies the signature of a signed string.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param data string whose signature to be verified
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param signature signature in byte array
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param algorithm signing algorithm
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param cert Signer's certificate
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>true</code> if the xml signature is verified;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>false</code> otherwise
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception FSSignatureException if problem occurs during verification
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSSignatureProvider.verifySignature: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "data to be signed is null.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (algorithm == null || algorithm.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Signature sig = Signature.getInstance(algorithm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSSignatureProvider.verifySignature:"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ByteArrayOutputStream bop = new ByteArrayOutputStream();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSSignatureProvider.verifySignature: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSSignatureException (ex.getMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the key provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>KeyProvider</code> instance
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private boolean isValidAlgorithm(String algorithm) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (algorithm.equals(IFSConstants.ALGO_ID_SIGNATURE_DSA_JCA) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster algorithm.equals(IFSConstants.ALGO_ID_SIGNATURE_RSA_JCA)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;