0N/A/*
0N/A * reserved comment block
0N/A * DO NOT REMOVE OR ALTER!
0N/A */
0N/A/*
0N/A * Copyright 1999-2004 The Apache Software Foundation.
0N/A *
0N/A * Licensed under the Apache License, Version 2.0 (the "License");
0N/A * you may not use this file except in compliance with the License.
0N/A * You may obtain a copy of the License at
0N/A *
0N/A * http://www.apache.org/licenses/LICENSE-2.0
0N/A *
0N/A * Unless required by applicable law or agreed to in writing, software
0N/A * distributed under the License is distributed on an "AS IS" BASIS,
0N/A * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
0N/A * See the License for the specific language governing permissions and
0N/A * limitations under the License.
0N/A *
0N/A */
0N/Apackage com.sun.org.apache.xml.internal.security.algorithms.implementations;
0N/A
0N/A
0N/A
0N/Aimport java.security.InvalidAlgorithmParameterException;
0N/Aimport java.security.InvalidKeyException;
0N/Aimport java.security.Key;
0N/Aimport java.security.SecureRandom;
0N/Aimport java.security.spec.AlgorithmParameterSpec;
0N/A
0N/Aimport javax.crypto.Mac;
0N/Aimport javax.crypto.SecretKey;
0N/A
0N/Aimport com.sun.org.apache.xml.internal.security.algorithms.JCEMapper;
0N/Aimport com.sun.org.apache.xml.internal.security.algorithms.MessageDigestAlgorithm;
0N/Aimport com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithmSpi;
0N/Aimport com.sun.org.apache.xml.internal.security.signature.XMLSignature;
0N/Aimport com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
0N/Aimport com.sun.org.apache.xml.internal.security.utils.Constants;
0N/Aimport com.sun.org.apache.xml.internal.security.utils.XMLUtils;
0N/Aimport org.w3c.dom.Document;
0N/Aimport org.w3c.dom.Element;
0N/Aimport org.w3c.dom.Text;
0N/A
0N/A
0N/A/**
0N/A *
661N/A * @author $Author: mullan $
0N/A */
0N/Apublic abstract class IntegrityHmac extends SignatureAlgorithmSpi {
0N/A
0N/A /** {@link java.util.logging} logging facility */
0N/A static java.util.logging.Logger log =
0N/A java.util.logging.Logger.getLogger(IntegrityHmacSHA1.class.getName());
0N/A
0N/A /**
0N/A * Method engineGetURI
0N/A *
0N/A *@inheritDoc
0N/A */
0N/A public abstract String engineGetURI();
0N/A
1515N/A /**
1515N/A * Returns the output length of the hash/digest.
1515N/A */
1515N/A abstract int getDigestLength();
1515N/A
0N/A /** Field _macAlgorithm */
0N/A private Mac _macAlgorithm = null;
1515N/A private boolean _HMACOutputLengthSet = false;
0N/A
0N/A /** Field _HMACOutputLength */
0N/A int _HMACOutputLength = 0;
0N/A
0N/A /**
0N/A * Method IntegrityHmacSHA1das
0N/A *
0N/A * @throws XMLSignatureException
0N/A */
0N/A public IntegrityHmac() throws XMLSignatureException {
0N/A
0N/A String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
661N/A if (log.isLoggable(java.util.logging.Level.FINE))
661N/A log.log(java.util.logging.Level.FINE, "Created IntegrityHmacSHA1 using " + algorithmID);
0N/A
0N/A try {
0N/A this._macAlgorithm = Mac.getInstance(algorithmID);
0N/A } catch (java.security.NoSuchAlgorithmException ex) {
0N/A Object[] exArgs = { algorithmID,
0N/A ex.getLocalizedMessage() };
0N/A
0N/A throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
0N/A }
0N/A }
0N/A
0N/A /**
0N/A * Proxy method for {@link java.security.Signature#setParameter(java.security.spec.AlgorithmParameterSpec)}
0N/A * which is executed on the internal {@link java.security.Signature} object.
0N/A *
0N/A * @param params
0N/A * @throws XMLSignatureException
0N/A */
0N/A protected void engineSetParameter(AlgorithmParameterSpec params)
0N/A throws XMLSignatureException {
0N/A throw new XMLSignatureException("empty");
0N/A }
0N/A
661N/A public void reset() {
1519N/A _HMACOutputLength=0;
1519N/A _HMACOutputLengthSet = false;
1519N/A _macAlgorithm.reset();
661N/A }
661N/A
0N/A /**
0N/A * Proxy method for {@link java.security.Signature#verify(byte[])}
0N/A * which is executed on the internal {@link java.security.Signature} object.
0N/A *
0N/A * @param signature
0N/A * @return true if the signature is correct
0N/A * @throws XMLSignatureException
0N/A */
0N/A protected boolean engineVerify(byte[] signature)
0N/A throws XMLSignatureException {
0N/A
0N/A try {
1515N/A if (this._HMACOutputLengthSet && this._HMACOutputLength < getDigestLength()) {
1515N/A if (log.isLoggable(java.util.logging.Level.FINE)) {
1515N/A log.log(java.util.logging.Level.FINE,
1515N/A "HMACOutputLength must not be less than " + getDigestLength());
1515N/A }
1515N/A throw new XMLSignatureException("errorMessages.XMLSignatureException");
1515N/A } else {
1515N/A byte[] completeResult = this._macAlgorithm.doFinal();
0N/A return MessageDigestAlgorithm.isEqual(completeResult, signature);
0N/A }
0N/A } catch (IllegalStateException ex) {
0N/A throw new XMLSignatureException("empty", ex);
0N/A }
0N/A }
0N/A
0N/A /**
0N/A * Proxy method for {@link java.security.Signature#initVerify(java.security.PublicKey)}
0N/A * which is executed on the internal {@link java.security.Signature} object.
0N/A *
0N/A * @param secretKey
0N/A * @throws XMLSignatureException
0N/A */
0N/A protected void engineInitVerify(Key secretKey) throws XMLSignatureException {
0N/A
0N/A if (!(secretKey instanceof SecretKey)) {
0N/A String supplied = secretKey.getClass().getName();
0N/A String needed = SecretKey.class.getName();
0N/A Object exArgs[] = { supplied, needed };
0N/A
0N/A throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
0N/A exArgs);
0N/A }
0N/A
0N/A try {
0N/A this._macAlgorithm.init(secretKey);
0N/A } catch (InvalidKeyException ex) {
661N/A // reinstantiate Mac object to work around bug in JDK
661N/A // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
661N/A Mac mac = this._macAlgorithm;
661N/A try {
661N/A this._macAlgorithm = Mac.getInstance
661N/A (_macAlgorithm.getAlgorithm());
661N/A } catch (Exception e) {
661N/A // this shouldn't occur, but if it does, restore previous Mac
661N/A if (log.isLoggable(java.util.logging.Level.FINE)) {
661N/A log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Mac:" + e);
661N/A }
661N/A this._macAlgorithm = mac;
661N/A }
661N/A throw new XMLSignatureException("empty", ex);
0N/A }
0N/A }
0N/A
0N/A /**
0N/A * Proxy method for {@link java.security.Signature#sign()}
0N/A * which is executed on the internal {@link java.security.Signature} object.
0N/A *
0N/A * @return the result of the {@link java.security.Signature#sign()} method
0N/A * @throws XMLSignatureException
0N/A */
0N/A protected byte[] engineSign() throws XMLSignatureException {
0N/A
0N/A try {
1515N/A if (this._HMACOutputLengthSet && this._HMACOutputLength < getDigestLength()) {
1515N/A if (log.isLoggable(java.util.logging.Level.FINE)) {
1515N/A log.log(java.util.logging.Level.FINE,
1515N/A "HMACOutputLength must not be less than " + getDigestLength());
1515N/A }
1515N/A throw new XMLSignatureException("errorMessages.XMLSignatureException");
1515N/A } else {
1515N/A return this._macAlgorithm.doFinal();
0N/A }
0N/A } catch (IllegalStateException ex) {
0N/A throw new XMLSignatureException("empty", ex);
0N/A }
0N/A }
0N/A
0N/A /**
0N/A * Method reduceBitLength
0N/A *
0N/A * @param completeResult
0N/A * @return the reduced bits.
0N/A * @param length
0N/A *
0N/A */
0N/A private static byte[] reduceBitLength(byte completeResult[], int length) {
0N/A
0N/A int bytes = length / 8;
0N/A int abits = length % 8;
0N/A byte[] strippedResult = new byte[bytes + ((abits == 0)
0N/A ? 0
0N/A : 1)];
0N/A
0N/A System.arraycopy(completeResult, 0, strippedResult, 0, bytes);
0N/A
0N/A if (abits > 0) {
0N/A byte[] MASK = { (byte) 0x00, (byte) 0x80, (byte) 0xC0, (byte) 0xE0,
0N/A (byte) 0xF0, (byte) 0xF8, (byte) 0xFC, (byte) 0xFE };
0N/A
0N/A strippedResult[bytes] = (byte) (completeResult[bytes] & MASK[abits]);
0N/A }
0N/A
0N/A return strippedResult;
0N/A }
0N/A
0N/A /**
0N/A * Method engineInitSign
0N/A *
0N/A * @param secretKey
0N/A * @throws XMLSignatureException
0N/A */
0N/A protected void engineInitSign(Key secretKey) throws XMLSignatureException {
0N/A
0N/A if (!(secretKey instanceof SecretKey)) {
0N/A String supplied = secretKey.getClass().getName();
0N/A String needed = SecretKey.class.getName();
0N/A Object exArgs[] = { supplied, needed };
0N/A
0N/A throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
0N/A exArgs);
0N/A }
0N/A
0N/A try {
0N/A this._macAlgorithm.init(secretKey);
0N/A } catch (InvalidKeyException ex) {
0N/A throw new XMLSignatureException("empty", ex);
0N/A }
0N/A }
0N/A
0N/A /**
0N/A * Method engineInitSign
0N/A *
0N/A * @param secretKey
0N/A * @param algorithmParameterSpec
0N/A * @throws XMLSignatureException
0N/A */
0N/A protected void engineInitSign(
0N/A Key secretKey, AlgorithmParameterSpec algorithmParameterSpec)
0N/A throws XMLSignatureException {
0N/A
0N/A if (!(secretKey instanceof SecretKey)) {
0N/A String supplied = secretKey.getClass().getName();
0N/A String needed = SecretKey.class.getName();
0N/A Object exArgs[] = { supplied, needed };
0N/A
0N/A throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
0N/A exArgs);
0N/A }
0N/A
0N/A try {
0N/A this._macAlgorithm.init(secretKey, algorithmParameterSpec);
0N/A } catch (InvalidKeyException ex) {
0N/A throw new XMLSignatureException("empty", ex);
0N/A } catch (InvalidAlgorithmParameterException ex) {
0N/A throw new XMLSignatureException("empty", ex);
0N/A }
0N/A }
0N/A
0N/A /**
0N/A * Method engineInitSign
0N/A *
0N/A * @param secretKey
0N/A * @param secureRandom
0N/A * @throws XMLSignatureException
0N/A */
0N/A protected void engineInitSign(Key secretKey, SecureRandom secureRandom)
0N/A throws XMLSignatureException {
0N/A throw new XMLSignatureException("algorithms.CannotUseSecureRandomOnMAC");
0N/A }
0N/A
0N/A /**
0N/A * Proxy method for {@link java.security.Signature#update(byte[])}
0N/A * which is executed on the internal {@link java.security.Signature} object.
0N/A *
0N/A * @param input
0N/A * @throws XMLSignatureException
0N/A */
0N/A protected void engineUpdate(byte[] input) throws XMLSignatureException {
0N/A
0N/A try {
0N/A this._macAlgorithm.update(input);
0N/A } catch (IllegalStateException ex) {
0N/A throw new XMLSignatureException("empty", ex);
0N/A }
0N/A }
0N/A
0N/A /**
0N/A * Proxy method for {@link java.security.Signature#update(byte)}
0N/A * which is executed on the internal {@link java.security.Signature} object.
0N/A *
0N/A * @param input
0N/A * @throws XMLSignatureException
0N/A */
0N/A protected void engineUpdate(byte input) throws XMLSignatureException {
0N/A
0N/A try {
0N/A this._macAlgorithm.update(input);
0N/A } catch (IllegalStateException ex) {
0N/A throw new XMLSignatureException("empty", ex);
0N/A }
0N/A }
0N/A
0N/A /**
0N/A * Proxy method for {@link java.security.Signature#update(byte[], int, int)}
0N/A * which is executed on the internal {@link java.security.Signature} object.
0N/A *
0N/A * @param buf
0N/A * @param offset
0N/A * @param len
0N/A * @throws XMLSignatureException
0N/A */
0N/A protected void engineUpdate(byte buf[], int offset, int len)
0N/A throws XMLSignatureException {
0N/A
0N/A try {
0N/A this._macAlgorithm.update(buf, offset, len);
0N/A } catch (IllegalStateException ex) {
0N/A throw new XMLSignatureException("empty", ex);
0N/A }
0N/A }
0N/A
0N/A /**
0N/A * Method engineGetJCEAlgorithmString
0N/A * @inheritDoc
0N/A *
0N/A */
0N/A protected String engineGetJCEAlgorithmString() {
0N/A
661N/A log.log(java.util.logging.Level.FINE, "engineGetJCEAlgorithmString()");
0N/A
0N/A return this._macAlgorithm.getAlgorithm();
0N/A }
0N/A
0N/A /**
0N/A * Method engineGetJCEAlgorithmString
0N/A *
0N/A * @inheritDoc
0N/A */
0N/A protected String engineGetJCEProviderName() {
0N/A return this._macAlgorithm.getProvider().getName();
0N/A }
0N/A
0N/A /**
0N/A * Method engineSetHMACOutputLength
0N/A *
0N/A * @param HMACOutputLength
0N/A */
0N/A protected void engineSetHMACOutputLength(int HMACOutputLength) {
0N/A this._HMACOutputLength = HMACOutputLength;
1515N/A this._HMACOutputLengthSet = true;
0N/A }
0N/A
0N/A /**
0N/A * Method engineGetContextFromElement
0N/A *
0N/A * @param element
0N/A */
0N/A protected void engineGetContextFromElement(Element element) {
0N/A
0N/A super.engineGetContextFromElement(element);
0N/A
0N/A if (element == null) {
0N/A throw new IllegalArgumentException("element null");
0N/A }
0N/A
1515N/A Text hmaclength =XMLUtils.selectDsNodeText(element.getFirstChild(),
1515N/A Constants._TAG_HMACOUTPUTLENGTH,0);
0N/A
1515N/A if (hmaclength != null) {
1515N/A this._HMACOutputLength = Integer.parseInt(hmaclength.getData());
1515N/A this._HMACOutputLengthSet = true;
1515N/A }
0N/A
0N/A }
0N/A
0N/A /**
0N/A * Method engineAddContextToElement
0N/A *
0N/A * @param element
0N/A */
1515N/A public void engineAddContextToElement(Element element) {
0N/A
0N/A if (element == null) {
0N/A throw new IllegalArgumentException("null element");
0N/A }
0N/A
1515N/A if (this._HMACOutputLengthSet) {
0N/A Document doc = element.getOwnerDocument();
0N/A Element HMElem = XMLUtils.createElementInSignatureSpace(doc,
0N/A Constants._TAG_HMACOUTPUTLENGTH);
0N/A Text HMText =
0N/A doc.createTextNode(new Integer(this._HMACOutputLength).toString());
0N/A
0N/A HMElem.appendChild(HMText);
0N/A XMLUtils.addReturnToElement(element);
0N/A element.appendChild(HMElem);
0N/A XMLUtils.addReturnToElement(element);
0N/A }
0N/A }
0N/A
0N/A /**
0N/A * Class IntegrityHmacSHA1
0N/A *
661N/A * @author $Author: mullan $
661N/A * @version $Revision: 1.5 $
0N/A */
0N/A public static class IntegrityHmacSHA1 extends IntegrityHmac {
0N/A
0N/A /**
0N/A * Constructor IntegrityHmacSHA1
0N/A *
0N/A * @throws XMLSignatureException
0N/A */
0N/A public IntegrityHmacSHA1() throws XMLSignatureException {
0N/A super();
0N/A }
0N/A
0N/A /**
0N/A * Method engineGetURI
0N/A * @inheritDoc
0N/A *
0N/A */
0N/A public String engineGetURI() {
0N/A return XMLSignature.ALGO_ID_MAC_HMAC_SHA1;
0N/A }
1515N/A
1515N/A int getDigestLength() {
1515N/A return 160;
1515N/A }
0N/A }
0N/A
0N/A /**
0N/A * Class IntegrityHmacSHA256
0N/A *
661N/A * @author $Author: mullan $
661N/A * @version $Revision: 1.5 $
0N/A */
0N/A public static class IntegrityHmacSHA256 extends IntegrityHmac {
0N/A
0N/A /**
0N/A * Constructor IntegrityHmacSHA256
0N/A *
0N/A * @throws XMLSignatureException
0N/A */
0N/A public IntegrityHmacSHA256() throws XMLSignatureException {
0N/A super();
0N/A }
0N/A
0N/A /**
0N/A * Method engineGetURI
0N/A *
0N/A * @inheritDoc
0N/A */
0N/A public String engineGetURI() {
0N/A return XMLSignature.ALGO_ID_MAC_HMAC_SHA256;
0N/A }
1515N/A
1515N/A int getDigestLength() {
1515N/A return 256;
1515N/A }
0N/A }
0N/A
0N/A /**
0N/A * Class IntegrityHmacSHA384
0N/A *
661N/A * @author $Author: mullan $
661N/A * @version $Revision: 1.5 $
0N/A */
0N/A public static class IntegrityHmacSHA384 extends IntegrityHmac {
0N/A
0N/A /**
0N/A * Constructor IntegrityHmacSHA384
0N/A *
0N/A * @throws XMLSignatureException
0N/A */
0N/A public IntegrityHmacSHA384() throws XMLSignatureException {
0N/A super();
0N/A }
0N/A
0N/A /**
0N/A * Method engineGetURI
0N/A * @inheritDoc
0N/A *
0N/A */
0N/A public String engineGetURI() {
0N/A return XMLSignature.ALGO_ID_MAC_HMAC_SHA384;
0N/A }
1515N/A
1515N/A int getDigestLength() {
1515N/A return 384;
1515N/A }
0N/A }
0N/A
0N/A /**
0N/A * Class IntegrityHmacSHA512
0N/A *
661N/A * @author $Author: mullan $
661N/A * @version $Revision: 1.5 $
0N/A */
0N/A public static class IntegrityHmacSHA512 extends IntegrityHmac {
0N/A
0N/A /**
0N/A * Constructor IntegrityHmacSHA512
0N/A *
0N/A * @throws XMLSignatureException
0N/A */
0N/A public IntegrityHmacSHA512() throws XMLSignatureException {
0N/A super();
0N/A }
0N/A
0N/A /**
0N/A * Method engineGetURI
0N/A * @inheritDoc
0N/A *
0N/A */
0N/A public String engineGetURI() {
0N/A return XMLSignature.ALGO_ID_MAC_HMAC_SHA512;
0N/A }
1515N/A
1515N/A int getDigestLength() {
1515N/A return 512;
1515N/A }
0N/A }
0N/A
0N/A /**
0N/A * Class IntegrityHmacRIPEMD160
0N/A *
661N/A * @author $Author: mullan $
661N/A * @version $Revision: 1.5 $
0N/A */
0N/A public static class IntegrityHmacRIPEMD160 extends IntegrityHmac {
0N/A
0N/A /**
0N/A * Constructor IntegrityHmacRIPEMD160
0N/A *
0N/A * @throws XMLSignatureException
0N/A */
0N/A public IntegrityHmacRIPEMD160() throws XMLSignatureException {
0N/A super();
0N/A }
0N/A
0N/A /**
0N/A * Method engineGetURI
0N/A *
0N/A * @inheritDoc
0N/A */
0N/A public String engineGetURI() {
0N/A return XMLSignature.ALGO_ID_MAC_HMAC_RIPEMD160;
0N/A }
1515N/A
1515N/A int getDigestLength() {
1515N/A return 160;
1515N/A }
0N/A }
0N/A
0N/A /**
0N/A * Class IntegrityHmacMD5
0N/A *
661N/A * @author $Author: mullan $
661N/A * @version $Revision: 1.5 $
0N/A */
0N/A public static class IntegrityHmacMD5 extends IntegrityHmac {
0N/A
0N/A /**
0N/A * Constructor IntegrityHmacMD5
0N/A *
0N/A * @throws XMLSignatureException
0N/A */
0N/A public IntegrityHmacMD5() throws XMLSignatureException {
0N/A super();
0N/A }
0N/A
0N/A /**
0N/A * Method engineGetURI
0N/A *
0N/A * @inheritDoc
0N/A */
0N/A public String engineGetURI() {
0N/A return XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5;
0N/A }
1515N/A
1515N/A int getDigestLength() {
1515N/A return 128;
1515N/A }
0N/A }
0N/A}