summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCGantert345 <57003061+CGantert345@users.noreply.github.com>2022-04-11 16:30:32 +0200
committerCGantert345 <57003061+CGantert345@users.noreply.github.com>2022-04-11 16:30:32 +0200
commit6ef85723cca938e298b318dc6d564318b83ab4ba (patch)
treefe1ddcef09ee7c98509ffdcf7d4dac949dd12588
parentfixing DOSIPAS algorithm names and supported EC curves (diff)
downloadUIC-barcode-6ef85723cca938e298b318dc6d564318b83ab4ba.tar
UIC-barcode-6ef85723cca938e298b318dc6d564318b83ab4ba.tar.gz
UIC-barcode-6ef85723cca938e298b318dc6d564318b83ab4ba.tar.bz2
UIC-barcode-6ef85723cca938e298b318dc6d564318b83ab4ba.tar.lz
UIC-barcode-6ef85723cca938e298b318dc6d564318b83ab4ba.tar.xz
UIC-barcode-6ef85723cca938e298b318dc6d564318b83ab4ba.tar.zst
UIC-barcode-6ef85723cca938e298b318dc6d564318b83ab4ba.zip
-rw-r--r--src/main/java/org/uic/barcode/dynamicFrame/api/SimpleDynamicFrame.java10
-rw-r--r--src/main/java/org/uic/barcode/utils/SecurityUtils.java77
-rw-r--r--src/test/java/org/uic/barcode/test/DynamicFrameDoubleSignatureTest.java8
-rw-r--r--src/test/java/org/uic/barcode/test/DynamicFrameFcbVersion3Test.java8
4 files changed, 74 insertions, 29 deletions
diff --git a/src/main/java/org/uic/barcode/dynamicFrame/api/SimpleDynamicFrame.java b/src/main/java/org/uic/barcode/dynamicFrame/api/SimpleDynamicFrame.java
index ef31166..a8d7a0f 100644
--- a/src/main/java/org/uic/barcode/dynamicFrame/api/SimpleDynamicFrame.java
+++ b/src/main/java/org/uic/barcode/dynamicFrame/api/SimpleDynamicFrame.java
@@ -272,6 +272,7 @@ public class SimpleDynamicFrame implements IDynamicFrame {
return Constants.LEVEL1_VALIDATION_NO_SIGNATURE;
}
+
byte[] signature = this.getLevel2Data().getLevel1Signature();
@@ -288,7 +289,13 @@ public class SimpleDynamicFrame implements IDynamicFrame {
if (signingAlgorithmOid == null || signingAlgorithmOid.length() == 0) {
return Constants.LEVEL1_VALIDATION_NO_SIGNATURE;
- }
+ }
+
+ if (prov == null) {
+ prov = SecurityUtils.findSignatureProvider(key.getEncoded(), signingAlgorithmOid);
+ }
+
+
//find the algorithm name for the signature OID
String algo = null;
try {
@@ -312,6 +319,7 @@ public class SimpleDynamicFrame implements IDynamicFrame {
return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED;
}
try {
+ key = SecurityUtils.convert(key, prov);
sig.initVerify(key);
} catch (InvalidKeyException e) {
return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED;
diff --git a/src/main/java/org/uic/barcode/utils/SecurityUtils.java b/src/main/java/org/uic/barcode/utils/SecurityUtils.java
index 542208b..af1a65a 100644
--- a/src/main/java/org/uic/barcode/utils/SecurityUtils.java
+++ b/src/main/java/org/uic/barcode/utils/SecurityUtils.java
@@ -4,6 +4,7 @@ import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
+import java.security.Provider.Service;
import java.security.PublicKey;
import java.security.Security;
import java.security.spec.InvalidKeySpecException;
@@ -81,28 +82,22 @@ public class SecurityUtils {
return null;
}
-
-
- public static PublicKey convertPublicKey(PublicKey key) {
-
-
- PublicKey publicKey;
- try {
- publicKey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(key.getEncoded()));
- } catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
- return key;
- }
-
- return publicKey;
-
- }
public static PublicKey convert(PublicKey key, Provider provider) {
PublicKey publicKey;
+ KeyFactory keyFactory = null;
+
try {
- publicKey = KeyFactory.getInstance("RSA", provider).generatePublic(new X509EncodedKeySpec(key.getEncoded()));
+ if (key.getAlgorithm() != null && key.getAlgorithm().toUpperCase().contains("EC") ) {
+ keyFactory = KeyFactory.getInstance("EC",provider);
+ } else if (key.getAlgorithm() != null && key.getAlgorithm().length() > 0 ) {
+ keyFactory = KeyFactory.getInstance("DSA",provider);
+ } else {
+ return key;
+ }
+ publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(key.getEncoded()));
} catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
return key;
}
@@ -113,17 +108,61 @@ public class SecurityUtils {
}
- public static PrivateKey convertPrivateKey(PrivateKey key) {
-
+ public static PrivateKey convert(PrivateKey key, Provider provider) {
PrivateKey privateKey;
+ KeyFactory keyFactory = null;
+
try {
- privateKey = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(key.getEncoded()));
+ if (key.getAlgorithm() != null && key.getAlgorithm().toUpperCase().contains("EC") ) {
+ keyFactory = KeyFactory.getInstance("EC",provider);
+ } else if (key.getAlgorithm() != null && key.getAlgorithm().length() > 0 ) {
+ keyFactory = KeyFactory.getInstance("DSA",provider);
+ } else {
+ return key;
+ }
+ privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(key.getEncoded()));
} catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
return key;
}
return privateKey;
+
+ }
+
+ public static Provider findSignatureProvider(byte[] encoded, String oid) {
+
+ KeyFactory keyFactory = null;
+ String signatureAlgorithmName = null;
+
+ Provider[] provs = Security.getProviders();
+ for (Provider provider : provs) {
+ try {
+ Service service = provider.getService(AlgorithmNameResolver.TYPE_SIGNATURE_ALG, oid);
+ if (service != null) {
+ signatureAlgorithmName = service.getAlgorithm();
+ if (signatureAlgorithmName != null && signatureAlgorithmName.length() > 0) {
+ if (signatureAlgorithmName.toUpperCase().contains("EC") ) {
+ keyFactory = KeyFactory.getInstance("EC",provider);
+ } else {
+ keyFactory = KeyFactory.getInstance("DSA",provider);
+ }
+ if (keyFactory != null) {
+ X509EncodedKeySpec spec = new X509EncodedKeySpec(encoded);
+ //try to encode the key
+ keyFactory.generatePublic(spec);
+ }
+ }
+ }
+ } catch (Exception e1) {
+ keyFactory = null;
+ }
+ if (keyFactory != null) {
+ return keyFactory.getProvider();
+ }
+ }
+
+ return null;
}
}
diff --git a/src/test/java/org/uic/barcode/test/DynamicFrameDoubleSignatureTest.java b/src/test/java/org/uic/barcode/test/DynamicFrameDoubleSignatureTest.java
index bd0f9a4..6533938 100644
--- a/src/test/java/org/uic/barcode/test/DynamicFrameDoubleSignatureTest.java
+++ b/src/test/java/org/uic/barcode/test/DynamicFrameDoubleSignatureTest.java
@@ -5,6 +5,7 @@ import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
@@ -37,6 +38,8 @@ public class DynamicFrameDoubleSignatureTest {
public IUicRailTicket testFCBticket = null;
+ public Provider provider = null;
+
@Before public void initialize() {
@@ -44,10 +47,11 @@ public class DynamicFrameDoubleSignatureTest {
signatureAlgorithmOID = Constants.ECDSA_SHA256;
keyPairAlgorithmOID = Constants.KG_EC_256;
- elipticCurve = "secp256r1";
+ elipticCurve = "secp256k1";
testFCBticket = SimpleUICTestTicket.getUicTestTicket();
+ provider = new BouncyCastleProvider();
Security.addProvider(new BouncyCastleProvider());
try {
@@ -155,7 +159,7 @@ public class DynamicFrameDoubleSignatureTest {
KeyPairGenerator ecKPGen = KeyPairGenerator.getInstance("EC", "BC");
ecKPGen.initialize(namedParamSpec, new SecureRandom());
KeyPair keyPair = ecKPGen.generateKeyPair();
- KeyPair kp = new KeyPair(SecurityUtils.convertPublicKey(keyPair.getPublic()),SecurityUtils.convertPrivateKey(keyPair.getPrivate()));
+ KeyPair kp = new KeyPair(SecurityUtils.convert(keyPair.getPublic(), provider),SecurityUtils.convert(keyPair.getPrivate(), provider));
return kp;
}
diff --git a/src/test/java/org/uic/barcode/test/DynamicFrameFcbVersion3Test.java b/src/test/java/org/uic/barcode/test/DynamicFrameFcbVersion3Test.java
index f8a03ba..7f03658 100644
--- a/src/test/java/org/uic/barcode/test/DynamicFrameFcbVersion3Test.java
+++ b/src/test/java/org/uic/barcode/test/DynamicFrameFcbVersion3Test.java
@@ -159,13 +159,7 @@ public class DynamicFrameFcbVersion3Test {
}
- public KeyPair generateECDSAKeys(String keyAlgorithmName, String paramName) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException{
- ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(paramName);
- KeyPairGenerator g = KeyPairGenerator.getInstance(keyAlgorithmName, "BC");
- g.initialize(ecSpec, new SecureRandom());
- return g.generateKeyPair();
- }
-
+
public KeyPair generateECKeys(String keyAlgorithmOid, String curve) throws Exception{
String keyAlgorithmName = "ECDSA";