0N/A/*
0N/A * reserved comment block
0N/A * DO NOT REMOVE OR ALTER!
0N/A */
0N/A/*
0N/A * Copyright 1999-2004 The Apache Software Foundation.
0N/A *
0N/A * Licensed under the Apache License, Version 2.0 (the "License");
0N/A * you may not use this file except in compliance with the License.
0N/A * You may obtain a copy of the License at
0N/A *
0N/A * http://www.apache.org/licenses/LICENSE-2.0
0N/A *
0N/A * Unless required by applicable law or agreed to in writing, software
0N/A * distributed under the License is distributed on an "AS IS" BASIS,
0N/A * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
0N/A * See the License for the specific language governing permissions and
0N/A * limitations under the License.
0N/A *
0N/A */
0N/Apackage com.sun.org.apache.xml.internal.security.algorithms.implementations;
0N/A
0N/Aimport java.io.IOException;
0N/Aimport java.security.InvalidAlgorithmParameterException;
0N/Aimport java.security.InvalidKeyException;
0N/Aimport java.security.Key;
0N/Aimport java.security.PrivateKey;
0N/Aimport java.security.PublicKey;
0N/Aimport java.security.SecureRandom;
0N/Aimport java.security.Signature;
0N/Aimport java.security.SignatureException;
0N/Aimport java.security.spec.AlgorithmParameterSpec;
0N/A
0N/Aimport com.sun.org.apache.xml.internal.security.algorithms.JCEMapper;
0N/Aimport com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithmSpi;
0N/Aimport com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
0N/Aimport com.sun.org.apache.xml.internal.security.utils.Base64;
0N/Aimport com.sun.org.apache.xml.internal.security.utils.Constants;
0N/A
0N/A/**
0N/A *
661N/A * @author $Author: mullan $
0N/A */
0N/Apublic class SignatureDSA extends SignatureAlgorithmSpi {
0N/A
661N/A /** {@link java.util.logging} logging facility */
0N/A static java.util.logging.Logger log =
0N/A java.util.logging.Logger.getLogger(SignatureDSA.class.getName());
0N/A
661N/A /** Field _URI */
661N/A public static final String _URI = Constants.SignatureSpecNS + "dsa-sha1";
0N/A
661N/A /** Field algorithm */
661N/A private java.security.Signature _signatureAlgorithm = null;
0N/A
661N/A /**
661N/A * Method engineGetURI
661N/A *
661N/A * @inheritDoc
661N/A */
661N/A protected String engineGetURI() {
661N/A return SignatureDSA._URI;
661N/A }
0N/A
661N/A /**
661N/A * Constructor SignatureDSA
661N/A *
661N/A * @throws XMLSignatureException
661N/A */
661N/A public SignatureDSA() throws XMLSignatureException {
0N/A
661N/A String algorithmID = JCEMapper.translateURItoJCEID(SignatureDSA._URI);
661N/A if (log.isLoggable(java.util.logging.Level.FINE))
661N/A log.log(java.util.logging.Level.FINE, "Created SignatureDSA using " + algorithmID);
0N/A
661N/A String provider = JCEMapper.getProviderId();
661N/A try {
661N/A if (provider == null) {
661N/A this._signatureAlgorithm = Signature.getInstance(algorithmID);
661N/A } else {
661N/A this._signatureAlgorithm =
661N/A Signature.getInstance(algorithmID, provider);
661N/A }
661N/A } catch (java.security.NoSuchAlgorithmException ex) {
661N/A Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
661N/A throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
661N/A } catch (java.security.NoSuchProviderException ex) {
661N/A Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
661N/A throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
661N/A }
661N/A }
0N/A
661N/A /**
661N/A * @inheritDoc
661N/A */
661N/A protected void engineSetParameter(AlgorithmParameterSpec params)
661N/A throws XMLSignatureException {
0N/A
661N/A try {
661N/A this._signatureAlgorithm.setParameter(params);
661N/A } catch (InvalidAlgorithmParameterException ex) {
661N/A throw new XMLSignatureException("empty", ex);
661N/A }
661N/A }
0N/A
661N/A /**
661N/A * @inheritDoc
661N/A */
661N/A protected boolean engineVerify(byte[] signature)
0N/A throws XMLSignatureException {
0N/A
661N/A try {
661N/A if (log.isLoggable(java.util.logging.Level.FINE))
661N/A log.log(java.util.logging.Level.FINE, "Called DSA.verify() on " + Base64.encode(signature));
0N/A
661N/A byte[] jcebytes = SignatureDSA.convertXMLDSIGtoASN1(signature);
0N/A
661N/A return this._signatureAlgorithm.verify(jcebytes);
661N/A } catch (SignatureException ex) {
661N/A throw new XMLSignatureException("empty", ex);
661N/A } catch (IOException ex) {
661N/A throw new XMLSignatureException("empty", ex);
661N/A }
661N/A }
0N/A
661N/A /**
661N/A * @inheritDoc
661N/A */
661N/A protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
0N/A
661N/A if (!(publicKey instanceof PublicKey)) {
661N/A String supplied = publicKey.getClass().getName();
661N/A String needed = PublicKey.class.getName();
661N/A Object exArgs[] = { supplied, needed };
0N/A
661N/A throw new XMLSignatureException
661N/A ("algorithms.WrongKeyForThisOperation", exArgs);
661N/A }
0N/A
661N/A try {
661N/A this._signatureAlgorithm.initVerify((PublicKey) publicKey);
661N/A } catch (InvalidKeyException ex) {
661N/A // reinstantiate Signature object to work around bug in JDK
661N/A // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
661N/A Signature sig = this._signatureAlgorithm;
661N/A try {
661N/A this._signatureAlgorithm = Signature.getInstance
661N/A (_signatureAlgorithm.getAlgorithm());
661N/A } catch (Exception e) {
661N/A // this shouldn't occur, but if it does, restore previous
661N/A // Signature
661N/A if (log.isLoggable(java.util.logging.Level.FINE)) {
661N/A log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
661N/A }
661N/A this._signatureAlgorithm = sig;
661N/A }
661N/A throw new XMLSignatureException("empty", ex);
661N/A }
661N/A }
0N/A
661N/A /**
661N/A * @inheritDoc
661N/A */
661N/A protected byte[] engineSign() throws XMLSignatureException {
661N/A
661N/A try {
661N/A byte jcebytes[] = this._signatureAlgorithm.sign();
0N/A
661N/A return SignatureDSA.convertASN1toXMLDSIG(jcebytes);
661N/A } catch (IOException ex) {
661N/A throw new XMLSignatureException("empty", ex);
661N/A } catch (SignatureException ex) {
661N/A throw new XMLSignatureException("empty", ex);
661N/A }
661N/A }
0N/A
661N/A /**
661N/A * @inheritDoc
661N/A */
661N/A protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
0N/A throws XMLSignatureException {
0N/A
661N/A if (!(privateKey instanceof PrivateKey)) {
661N/A String supplied = privateKey.getClass().getName();
661N/A String needed = PrivateKey.class.getName();
661N/A Object exArgs[] = { supplied, needed };
0N/A
661N/A throw new XMLSignatureException
661N/A ("algorithms.WrongKeyForThisOperation", exArgs);
661N/A }
0N/A
661N/A try {
661N/A this._signatureAlgorithm.initSign((PrivateKey) privateKey,
0N/A secureRandom);
661N/A } catch (InvalidKeyException ex) {
661N/A throw new XMLSignatureException("empty", ex);
661N/A }
661N/A }
0N/A
661N/A /**
661N/A * @inheritDoc
661N/A */
661N/A protected void engineInitSign(Key privateKey) throws XMLSignatureException {
0N/A
661N/A if (!(privateKey instanceof PrivateKey)) {
661N/A String supplied = privateKey.getClass().getName();
661N/A String needed = PrivateKey.class.getName();
661N/A Object exArgs[] = { supplied, needed };
0N/A
661N/A throw new XMLSignatureException
661N/A ("algorithms.WrongKeyForThisOperation", exArgs);
661N/A }
0N/A
661N/A try {
661N/A this._signatureAlgorithm.initSign((PrivateKey) privateKey);
661N/A } catch (InvalidKeyException ex) {
661N/A throw new XMLSignatureException("empty", ex);
661N/A }
661N/A }
0N/A
661N/A /**
661N/A * @inheritDoc
661N/A */
661N/A protected void engineUpdate(byte[] input) throws XMLSignatureException {
661N/A try {
661N/A this._signatureAlgorithm.update(input);
661N/A } catch (SignatureException ex) {
661N/A throw new XMLSignatureException("empty", ex);
661N/A }
661N/A }
0N/A
661N/A /**
661N/A * @inheritDoc
661N/A */
661N/A protected void engineUpdate(byte input) throws XMLSignatureException {
661N/A try {
661N/A this._signatureAlgorithm.update(input);
661N/A } catch (SignatureException ex) {
661N/A throw new XMLSignatureException("empty", ex);
661N/A }
661N/A }
0N/A
661N/A /**
661N/A * @inheritDoc
661N/A */
661N/A protected void engineUpdate(byte buf[], int offset, int len)
661N/A throws XMLSignatureException {
661N/A try {
661N/A this._signatureAlgorithm.update(buf, offset, len);
661N/A } catch (SignatureException ex) {
661N/A throw new XMLSignatureException("empty", ex);
661N/A }
661N/A }
0N/A
661N/A /**
661N/A * Method engineGetJCEAlgorithmString
661N/A *
661N/A * @inheritDoc
661N/A */
661N/A protected String engineGetJCEAlgorithmString() {
661N/A return this._signatureAlgorithm.getAlgorithm();
661N/A }
0N/A
661N/A /**
661N/A * Method engineGetJCEProviderName
661N/A *
661N/A * @inheritDoc
661N/A */
661N/A protected String engineGetJCEProviderName() {
661N/A return this._signatureAlgorithm.getProvider().getName();
661N/A }
0N/A
661N/A /**
661N/A * Converts an ASN.1 DSA value to a XML Signature DSA Value.
661N/A *
661N/A * The JAVA JCE DSA Signature algorithm creates ASN.1 encoded (r,s) value
661N/A * pairs; the XML Signature requires the core BigInteger values.
661N/A *
661N/A * @param asn1Bytes
661N/A * @return the decode bytes
661N/A *
661N/A * @throws IOException
661N/A * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
661N/A */
661N/A private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[])
0N/A throws IOException {
0N/A
661N/A byte rLength = asn1Bytes[3];
661N/A int i;
0N/A
661N/A for (i = rLength; (i > 0) && (asn1Bytes[(4 + rLength) - i] == 0); i--);
0N/A
661N/A byte sLength = asn1Bytes[5 + rLength];
661N/A int j;
0N/A
661N/A for (j = sLength;
0N/A (j > 0) && (asn1Bytes[(6 + rLength + sLength) - j] == 0); j--);
0N/A
661N/A if ((asn1Bytes[0] != 48) || (asn1Bytes[1] != asn1Bytes.length - 2)
0N/A || (asn1Bytes[2] != 2) || (i > 20)
0N/A || (asn1Bytes[4 + rLength] != 2) || (j > 20)) {
661N/A throw new IOException("Invalid ASN.1 format of DSA signature");
661N/A }
661N/A byte xmldsigBytes[] = new byte[40];
0N/A
661N/A System.arraycopy(asn1Bytes, (4 + rLength) - i, xmldsigBytes, 20 - i,
0N/A i);
661N/A System.arraycopy(asn1Bytes, (6 + rLength + sLength) - j, xmldsigBytes,
0N/A 40 - j, j);
0N/A
661N/A return xmldsigBytes;
661N/A }
0N/A
661N/A /**
661N/A * Converts a XML Signature DSA Value to an ASN.1 DSA value.
661N/A *
661N/A * The JAVA JCE DSA Signature algorithm creates ASN.1 encoded (r,s) value
661N/A * pairs; the XML Signature requires the core BigInteger values.
661N/A *
661N/A * @param xmldsigBytes
661N/A * @return the encoded ASN.1 bytes
661N/A *
661N/A * @throws IOException
661N/A * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
661N/A */
661N/A private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[])
0N/A throws IOException {
0N/A
661N/A if (xmldsigBytes.length != 40) {
661N/A throw new IOException("Invalid XMLDSIG format of DSA signature");
661N/A }
0N/A
661N/A int i;
0N/A
661N/A for (i = 20; (i > 0) && (xmldsigBytes[20 - i] == 0); i--);
0N/A
661N/A int j = i;
0N/A
661N/A if (xmldsigBytes[20 - i] < 0) {
0N/A j += 1;
661N/A }
0N/A
661N/A int k;
0N/A
661N/A for (k = 20; (k > 0) && (xmldsigBytes[40 - k] == 0); k--);
0N/A
661N/A int l = k;
0N/A
661N/A if (xmldsigBytes[40 - k] < 0) {
661N/A l += 1;
661N/A }
0N/A
661N/A byte asn1Bytes[] = new byte[6 + j + l];
0N/A
661N/A asn1Bytes[0] = 48;
661N/A asn1Bytes[1] = (byte) (4 + j + l);
661N/A asn1Bytes[2] = 2;
661N/A asn1Bytes[3] = (byte) j;
0N/A
661N/A System.arraycopy(xmldsigBytes, 20 - i, asn1Bytes, (4 + j) - i, i);
0N/A
661N/A asn1Bytes[4 + j] = 2;
661N/A asn1Bytes[5 + j] = (byte) l;
0N/A
661N/A System.arraycopy(xmldsigBytes, 40 - k, asn1Bytes, (6 + j + l) - k, k);
0N/A
661N/A return asn1Bytes;
661N/A }
0N/A
661N/A /**
661N/A * Method engineSetHMACOutputLength
661N/A *
661N/A * @param HMACOutputLength
661N/A * @throws XMLSignatureException
661N/A */
661N/A protected void engineSetHMACOutputLength(int HMACOutputLength)
661N/A throws XMLSignatureException {
661N/A throw new XMLSignatureException(
661N/A "algorithms.HMACOutputLengthOnlyForHMAC");
661N/A }
0N/A
661N/A /**
661N/A * Method engineInitSign
661N/A *
661N/A * @param signingKey
661N/A * @param algorithmParameterSpec
661N/A * @throws XMLSignatureException
661N/A */
661N/A protected void engineInitSign(
661N/A Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
661N/A throws XMLSignatureException {
661N/A throw new XMLSignatureException(
661N/A "algorithms.CannotUseAlgorithmParameterSpecOnDSA");
661N/A }
0N/A}