0N/A/*
0N/A * reserved comment block
0N/A * DO NOT REMOVE OR ALTER!
0N/A */
6159N/A/**
6159N/A * Licensed to the Apache Software Foundation (ASF) under one
6159N/A * or more contributor license agreements. See the NOTICE file
6159N/A * distributed with this work for additional information
6159N/A * regarding copyright ownership. The ASF licenses this file
6159N/A * to you under the Apache License, Version 2.0 (the
6159N/A * "License"); you may not use this file except in compliance
6159N/A * with the License. You may obtain a copy of the License at
0N/A *
6159N/A * http://www.apache.org/licenses/LICENSE-2.0
0N/A *
6159N/A * Unless required by applicable law or agreed to in writing,
6159N/A * software distributed under the License is distributed on an
6159N/A * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
6159N/A * KIND, either express or implied. See the License for the
6159N/A * specific language governing permissions and limitations
6159N/A * under the License.
0N/A */
0N/Apackage com.sun.org.apache.xml.internal.security.algorithms;
0N/A
0N/Aimport java.security.Key;
0N/Aimport java.security.SecureRandom;
0N/Aimport java.security.spec.AlgorithmParameterSpec;
661N/Aimport java.util.Map;
6159N/Aimport java.util.concurrent.ConcurrentHashMap;
0N/A
0N/Aimport com.sun.org.apache.xml.internal.security.algorithms.implementations.IntegrityHmac;
6159N/Aimport com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureBaseRSA;
6159N/Aimport com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureDSA;
6159N/Aimport com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureECDSA;
0N/Aimport com.sun.org.apache.xml.internal.security.exceptions.AlgorithmAlreadyRegisteredException;
0N/Aimport com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
6159N/Aimport com.sun.org.apache.xml.internal.security.signature.XMLSignature;
0N/Aimport com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
0N/Aimport com.sun.org.apache.xml.internal.security.utils.Constants;
6159N/Aimport org.w3c.dom.Attr;
0N/Aimport org.w3c.dom.Document;
0N/Aimport org.w3c.dom.Element;
0N/A
0N/A/**
6159N/A * Allows selection of digital signature's algorithm, private keys, other
6159N/A * security parameters, and algorithm's ID.
0N/A *
0N/A * @author Christian Geuer-Pollmann
0N/A */
0N/Apublic class SignatureAlgorithm extends Algorithm {
0N/A
6159N/A /** {@link org.apache.commons.logging} logging facility */
6159N/A private static java.util.logging.Logger log =
0N/A java.util.logging.Logger.getLogger(SignatureAlgorithm.class.getName());
0N/A
6159N/A /** All available algorithm classes are registered here */
6159N/A private static Map<String, Class<? extends SignatureAlgorithmSpi>> algorithmHash =
6159N/A new ConcurrentHashMap<String, Class<? extends SignatureAlgorithmSpi>>();
0N/A
6159N/A /** Field signatureAlgorithm */
6159N/A private final SignatureAlgorithmSpi signatureAlgorithm;
6159N/A
6159N/A private final String algorithmURI;
0N/A
6159N/A /**
6159N/A * Constructor SignatureAlgorithm
6159N/A *
6159N/A * @param doc
6159N/A * @param algorithmURI
6159N/A * @throws XMLSecurityException
6159N/A */
6159N/A public SignatureAlgorithm(Document doc, String algorithmURI) throws XMLSecurityException {
6159N/A super(doc, algorithmURI);
6159N/A this.algorithmURI = algorithmURI;
661N/A
6159N/A signatureAlgorithm = getSignatureAlgorithmSpi(algorithmURI);
6159N/A signatureAlgorithm.engineGetContextFromElement(this._constructionElement);
6159N/A }
661N/A
6159N/A /**
6159N/A * Constructor SignatureAlgorithm
6159N/A *
6159N/A * @param doc
6159N/A * @param algorithmURI
6159N/A * @param hmacOutputLength
6159N/A * @throws XMLSecurityException
6159N/A */
6159N/A public SignatureAlgorithm(
6159N/A Document doc, String algorithmURI, int hmacOutputLength
6159N/A ) throws XMLSecurityException {
6159N/A super(doc, algorithmURI);
6159N/A this.algorithmURI = algorithmURI;
661N/A
6159N/A signatureAlgorithm = getSignatureAlgorithmSpi(algorithmURI);
6159N/A signatureAlgorithm.engineGetContextFromElement(this._constructionElement);
0N/A
6159N/A signatureAlgorithm.engineSetHMACOutputLength(hmacOutputLength);
6159N/A ((IntegrityHmac)signatureAlgorithm).engineAddContextToElement(_constructionElement);
6159N/A }
661N/A
6159N/A /**
6159N/A * Constructor SignatureAlgorithm
6159N/A *
6159N/A * @param element
6159N/A * @param baseURI
6159N/A * @throws XMLSecurityException
6159N/A */
6159N/A public SignatureAlgorithm(Element element, String baseURI) throws XMLSecurityException {
6159N/A this(element, baseURI, false);
6159N/A }
0N/A
6159N/A /**
6159N/A * Constructor SignatureAlgorithm
6159N/A *
6159N/A * @param element
6159N/A * @param baseURI
6159N/A * @param secureValidation
6159N/A * @throws XMLSecurityException
6159N/A */
6159N/A public SignatureAlgorithm(
6159N/A Element element, String baseURI, boolean secureValidation
6159N/A ) throws XMLSecurityException {
6159N/A super(element, baseURI);
6159N/A algorithmURI = this.getURI();
0N/A
6159N/A Attr attr = element.getAttributeNodeNS(null, "Id");
6159N/A if (attr != null) {
6159N/A element.setIdAttributeNode(attr, true);
6159N/A }
6159N/A
6159N/A if (secureValidation && (XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5.equals(algorithmURI)
6159N/A || XMLSignature.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5.equals(algorithmURI))) {
6159N/A Object exArgs[] = { algorithmURI };
6159N/A
6159N/A throw new XMLSecurityException("signature.signatureAlgorithm", exArgs);
6159N/A }
661N/A
6159N/A signatureAlgorithm = getSignatureAlgorithmSpi(algorithmURI);
6159N/A signatureAlgorithm.engineGetContextFromElement(this._constructionElement);
6159N/A }
6159N/A
6159N/A /**
6159N/A * Get a SignatureAlgorithmSpi object corresponding to the algorithmURI argument
6159N/A */
6159N/A private static SignatureAlgorithmSpi getSignatureAlgorithmSpi(String algorithmURI)
6159N/A throws XMLSignatureException {
661N/A try {
6159N/A Class<? extends SignatureAlgorithmSpi> implementingClass =
6159N/A algorithmHash.get(algorithmURI);
6159N/A if (log.isLoggable(java.util.logging.Level.FINE)) {
661N/A log.log(java.util.logging.Level.FINE, "Create URI \"" + algorithmURI + "\" class \""
0N/A + implementingClass + "\"");
6159N/A }
6159N/A return implementingClass.newInstance();
6159N/A } catch (IllegalAccessException ex) {
6159N/A Object exArgs[] = { algorithmURI, ex.getMessage() };
6159N/A throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs, ex);
6159N/A } catch (InstantiationException ex) {
6159N/A Object exArgs[] = { algorithmURI, ex.getMessage() };
6159N/A throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs, ex);
6159N/A } catch (NullPointerException ex) {
6159N/A Object exArgs[] = { algorithmURI, ex.getMessage() };
6159N/A throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs, ex);
6159N/A }
6159N/A }
0N/A
0N/A
6159N/A /**
6159N/A * Proxy method for {@link java.security.Signature#sign()}
6159N/A * which is executed on the internal {@link java.security.Signature} object.
6159N/A *
6159N/A * @return the result of the {@link java.security.Signature#sign()} method
6159N/A * @throws XMLSignatureException
6159N/A */
6159N/A public byte[] sign() throws XMLSignatureException {
6159N/A return signatureAlgorithm.engineSign();
6159N/A }
0N/A
6159N/A /**
6159N/A * Proxy method for {@link java.security.Signature#getAlgorithm}
6159N/A * which is executed on the internal {@link java.security.Signature} object.
6159N/A *
6159N/A * @return the result of the {@link java.security.Signature#getAlgorithm} method
6159N/A */
6159N/A public String getJCEAlgorithmString() {
6159N/A return signatureAlgorithm.engineGetJCEAlgorithmString();
6159N/A }
0N/A
6159N/A /**
6159N/A * Method getJCEProviderName
6159N/A *
6159N/A * @return The Provider of this Signature Algorithm
6159N/A */
6159N/A public String getJCEProviderName() {
6159N/A return signatureAlgorithm.engineGetJCEProviderName();
6159N/A }
0N/A
6159N/A /**
6159N/A * Proxy method for {@link java.security.Signature#update(byte[])}
6159N/A * which is executed on the internal {@link java.security.Signature} object.
6159N/A *
6159N/A * @param input
6159N/A * @throws XMLSignatureException
6159N/A */
6159N/A public void update(byte[] input) throws XMLSignatureException {
6159N/A signatureAlgorithm.engineUpdate(input);
6159N/A }
0N/A
6159N/A /**
6159N/A * Proxy method for {@link java.security.Signature#update(byte)}
6159N/A * which is executed on the internal {@link java.security.Signature} object.
6159N/A *
6159N/A * @param input
6159N/A * @throws XMLSignatureException
6159N/A */
6159N/A public void update(byte input) throws XMLSignatureException {
6159N/A signatureAlgorithm.engineUpdate(input);
6159N/A }
0N/A
6159N/A /**
6159N/A * Proxy method for {@link java.security.Signature#update(byte[], int, int)}
6159N/A * which is executed on the internal {@link java.security.Signature} object.
6159N/A *
6159N/A * @param buf
6159N/A * @param offset
6159N/A * @param len
6159N/A * @throws XMLSignatureException
6159N/A */
6159N/A public void update(byte buf[], int offset, int len) throws XMLSignatureException {
6159N/A signatureAlgorithm.engineUpdate(buf, offset, len);
6159N/A }
0N/A
6159N/A /**
6159N/A * Proxy method for {@link java.security.Signature#initSign(java.security.PrivateKey)}
6159N/A * which is executed on the internal {@link java.security.Signature} object.
6159N/A *
6159N/A * @param signingKey
6159N/A * @throws XMLSignatureException
6159N/A */
6159N/A public void initSign(Key signingKey) throws XMLSignatureException {
6159N/A signatureAlgorithm.engineInitSign(signingKey);
6159N/A }
0N/A
6159N/A /**
6159N/A * Proxy method for {@link java.security.Signature#initSign(java.security.PrivateKey,
6159N/A * java.security.SecureRandom)}
6159N/A * which is executed on the internal {@link java.security.Signature} object.
6159N/A *
6159N/A * @param signingKey
6159N/A * @param secureRandom
6159N/A * @throws XMLSignatureException
6159N/A */
6159N/A public void initSign(Key signingKey, SecureRandom secureRandom) throws XMLSignatureException {
6159N/A signatureAlgorithm.engineInitSign(signingKey, secureRandom);
6159N/A }
0N/A
6159N/A /**
6159N/A * Proxy method for {@link java.security.Signature#initSign(java.security.PrivateKey)}
6159N/A * which is executed on the internal {@link java.security.Signature} object.
6159N/A *
6159N/A * @param signingKey
6159N/A * @param algorithmParameterSpec
6159N/A * @throws XMLSignatureException
6159N/A */
6159N/A public void initSign(
6159N/A Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
6159N/A ) throws XMLSignatureException {
6159N/A signatureAlgorithm.engineInitSign(signingKey, algorithmParameterSpec);
6159N/A }
0N/A
6159N/A /**
6159N/A * Proxy method for {@link java.security.Signature#setParameter(
6159N/A * java.security.spec.AlgorithmParameterSpec)}
6159N/A * which is executed on the internal {@link java.security.Signature} object.
6159N/A *
6159N/A * @param params
6159N/A * @throws XMLSignatureException
6159N/A */
6159N/A public void setParameter(AlgorithmParameterSpec params) throws XMLSignatureException {
6159N/A signatureAlgorithm.engineSetParameter(params);
6159N/A }
0N/A
6159N/A /**
6159N/A * Proxy method for {@link java.security.Signature#initVerify(java.security.PublicKey)}
6159N/A * which is executed on the internal {@link java.security.Signature} object.
6159N/A *
6159N/A * @param verificationKey
6159N/A * @throws XMLSignatureException
6159N/A */
6159N/A public void initVerify(Key verificationKey) throws XMLSignatureException {
6159N/A signatureAlgorithm.engineInitVerify(verificationKey);
6159N/A }
0N/A
6159N/A /**
6159N/A * Proxy method for {@link java.security.Signature#verify(byte[])}
6159N/A * which is executed on the internal {@link java.security.Signature} object.
6159N/A *
6159N/A * @param signature
6159N/A * @return true if if the signature is valid.
6159N/A *
6159N/A * @throws XMLSignatureException
6159N/A */
6159N/A public boolean verify(byte[] signature) throws XMLSignatureException {
6159N/A return signatureAlgorithm.engineVerify(signature);
6159N/A }
0N/A
6159N/A /**
6159N/A * Returns the URI representation of Transformation algorithm
6159N/A *
6159N/A * @return the URI representation of Transformation algorithm
6159N/A */
6159N/A public final String getURI() {
6159N/A return _constructionElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
6159N/A }
0N/A
6159N/A /**
6159N/A * Registers implementing class of the Transform algorithm with algorithmURI
6159N/A *
6159N/A * @param algorithmURI algorithmURI URI representation of <code>Transform algorithm</code>.
6159N/A * @param implementingClass <code>implementingClass</code> the implementing class of
6159N/A * {@link SignatureAlgorithmSpi}
6159N/A * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI is already registered
6159N/A * @throws XMLSignatureException
6159N/A */
6159N/A @SuppressWarnings("unchecked")
6159N/A public static void register(String algorithmURI, String implementingClass)
6159N/A throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
6159N/A XMLSignatureException {
6159N/A if (log.isLoggable(java.util.logging.Level.FINE)) {
6159N/A log.log(java.util.logging.Level.FINE, "Try to register " + algorithmURI + " " + implementingClass);
6159N/A }
0N/A
6159N/A // are we already registered?
6159N/A Class<? extends SignatureAlgorithmSpi> registeredClass = algorithmHash.get(algorithmURI);
6159N/A if (registeredClass != null) {
6159N/A Object exArgs[] = { algorithmURI, registeredClass };
6159N/A throw new AlgorithmAlreadyRegisteredException(
6159N/A "algorithm.alreadyRegistered", exArgs
6159N/A );
6159N/A }
6159N/A try {
6159N/A Class<? extends SignatureAlgorithmSpi> clazz =
6159N/A (Class<? extends SignatureAlgorithmSpi>)
6159N/A ClassLoaderUtils.loadClass(implementingClass, SignatureAlgorithm.class);
6159N/A algorithmHash.put(algorithmURI, clazz);
6159N/A } catch (NullPointerException ex) {
6159N/A Object exArgs[] = { algorithmURI, ex.getMessage() };
6159N/A throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs, ex);
6159N/A }
6159N/A }
0N/A
6159N/A /**
6159N/A * Registers implementing class of the Transform algorithm with algorithmURI
6159N/A *
6159N/A * @param algorithmURI algorithmURI URI representation of <code>Transform algorithm</code>.
6159N/A * @param implementingClass <code>implementingClass</code> the implementing class of
6159N/A * {@link SignatureAlgorithmSpi}
6159N/A * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI is already registered
6159N/A * @throws XMLSignatureException
6159N/A */
6159N/A public static void register(String algorithmURI, Class<? extends SignatureAlgorithmSpi> implementingClass)
6159N/A throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
6159N/A XMLSignatureException {
6159N/A if (log.isLoggable(java.util.logging.Level.FINE)) {
6159N/A log.log(java.util.logging.Level.FINE, "Try to register " + algorithmURI + " " + implementingClass);
6159N/A }
0N/A
6159N/A // are we already registered?
6159N/A Class<? extends SignatureAlgorithmSpi> registeredClass = algorithmHash.get(algorithmURI);
6159N/A if (registeredClass != null) {
6159N/A Object exArgs[] = { algorithmURI, registeredClass };
6159N/A throw new AlgorithmAlreadyRegisteredException(
6159N/A "algorithm.alreadyRegistered", exArgs
6159N/A );
6159N/A }
6159N/A algorithmHash.put(algorithmURI, implementingClass);
6159N/A }
0N/A
6159N/A /**
6159N/A * This method registers the default algorithms.
6159N/A */
6159N/A public static void registerDefaultAlgorithms() {
6159N/A algorithmHash.put(
6159N/A XMLSignature.ALGO_ID_SIGNATURE_DSA, SignatureDSA.class
6159N/A );
6159N/A algorithmHash.put(
6159N/A XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1, SignatureBaseRSA.SignatureRSASHA1.class
6159N/A );
6159N/A algorithmHash.put(
6159N/A XMLSignature.ALGO_ID_MAC_HMAC_SHA1, IntegrityHmac.IntegrityHmacSHA1.class
6159N/A );
6159N/A algorithmHash.put(
6159N/A XMLSignature.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5,
6159N/A SignatureBaseRSA.SignatureRSAMD5.class
6159N/A );
6159N/A algorithmHash.put(
6159N/A XMLSignature.ALGO_ID_SIGNATURE_RSA_RIPEMD160,
6159N/A SignatureBaseRSA.SignatureRSARIPEMD160.class
6159N/A );
6159N/A algorithmHash.put(
6159N/A XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256, SignatureBaseRSA.SignatureRSASHA256.class
6159N/A );
6159N/A algorithmHash.put(
6159N/A XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384, SignatureBaseRSA.SignatureRSASHA384.class
6159N/A );
6159N/A algorithmHash.put(
6159N/A XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512, SignatureBaseRSA.SignatureRSASHA512.class
6159N/A );
6159N/A algorithmHash.put(
6159N/A XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1, SignatureECDSA.SignatureECDSASHA1.class
6159N/A );
6159N/A algorithmHash.put(
6159N/A XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5, IntegrityHmac.IntegrityHmacMD5.class
6159N/A );
6159N/A algorithmHash.put(
6159N/A XMLSignature.ALGO_ID_MAC_HMAC_RIPEMD160, IntegrityHmac.IntegrityHmacRIPEMD160.class
6159N/A );
6159N/A algorithmHash.put(
6159N/A XMLSignature.ALGO_ID_MAC_HMAC_SHA256, IntegrityHmac.IntegrityHmacSHA256.class
6159N/A );
6159N/A algorithmHash.put(
6159N/A XMLSignature.ALGO_ID_MAC_HMAC_SHA384, IntegrityHmac.IntegrityHmacSHA384.class
6159N/A );
6159N/A algorithmHash.put(
6159N/A XMLSignature.ALGO_ID_MAC_HMAC_SHA512, IntegrityHmac.IntegrityHmacSHA512.class
6159N/A );
6159N/A }
0N/A
6159N/A /**
6159N/A * Method getBaseNamespace
6159N/A *
6159N/A * @return URI of this element
6159N/A */
6159N/A public String getBaseNamespace() {
6159N/A return Constants.SignatureSpecNS;
6159N/A }
0N/A
6159N/A /**
6159N/A * Method getBaseLocalName
6159N/A *
6159N/A * @return Local name
6159N/A */
6159N/A public String getBaseLocalName() {
6159N/A return Constants._TAG_SIGNATUREMETHOD;
6159N/A }
0N/A}