aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-03-10 15:35:48 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-03-10 15:35:48 +0100
commit576f5ea5cfaf2ea174f198dc5df238c1ca0c331a (patch)
treefce79f2d8e76501337cc5e921838576220d64c87 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util
parente8773689b175e5617fe116ac0e3d9978351ac4a8 (diff)
downloadmoa-id-spss-576f5ea5cfaf2ea174f198dc5df238c1ca0c331a.tar.gz
moa-id-spss-576f5ea5cfaf2ea174f198dc5df238c1ca0c331a.tar.bz2
moa-id-spss-576f5ea5cfaf2ea174f198dc5df238c1ca0c331a.zip
MOA-ID, which use MOA-Sig (includes new IAIK-MOA, with iaik_xect, iaik_eccelerate, and new iaik_PKI module
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java122
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java8
2 files changed, 66 insertions, 64 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
index 2c0a82708..f37ae0b0b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
@@ -20,48 +20,15 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
package at.gv.egovernment.moa.id.util;
-import iaik.security.ecc.ecdsa.ECDSAParameter;
-import iaik.security.ecc.ecdsa.ECPublicKey;
-import iaik.security.ecc.math.ecgroup.AffineCoordinate;
-import iaik.security.ecc.math.ecgroup.Coordinate;
-import iaik.security.ecc.math.ecgroup.CoordinateTypes;
-import iaik.security.ecc.math.ecgroup.ECGroupFactory;
-import iaik.security.ecc.math.ecgroup.ECPoint;
-import iaik.security.ecc.math.ecgroup.EllipticCurve;
-import iaik.security.ecc.math.field.Field;
-import iaik.security.ecc.math.field.FieldElement;
-import iaik.security.ecc.math.field.PrimeField;
-import iaik.security.ecc.parameter.ECCParameterFactory;
-import iaik.security.ecc.spec.ECCParameterSpec;
-
import java.math.BigInteger;
import java.security.PublicKey;
+import java.security.spec.ECField;
+import java.security.spec.ECFieldF2m;
+import java.security.spec.ECFieldFp;
+import java.security.spec.ECPoint;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Vector;
@@ -72,6 +39,15 @@ import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
+import at.gv.egovernment.moa.logging.Logger;
+import iaik.security.ec.common.ECParameterSpec;
+import iaik.security.ec.common.ECPublicKey;
+import iaik.security.ec.common.ECStandardizedParameterFactory;
+import iaik.security.ec.common.EllipticCurve;
+import iaik.security.ec.math.field.Field;
+import iaik.security.ec.math.field.FieldElement;
+import iaik.security.ec.math.field.PrimeField;
+
public class ECDSAKeyValueConverter
{
@@ -94,15 +70,13 @@ public class ECDSAKeyValueConverter
if (domainParams == null) throw new Exception("Domain parameters must not be implicit.");
Element namedCurve = getChildElement(domainParams, ecdsaNS, "NamedCurve", 1);
- ECCParameterSpec eccParameterSpec;
+ ECParameterSpec eccParameterSpec;
if (namedCurve != null)
{
// URL curveNameURN = new URL(namedCurve.getAttributeNS(null, "URN"));
String curveNameOID = namedCurve.getAttributeNS(null, "URN").substring(8);
- ECCParameterFactory eccParamFactory = ECCParameterFactory.getInstance();
- // eccParameterSpec = eccParamFactory.getParameterByOID(curveNameURN.getPath().substring(4));
- eccParameterSpec = eccParamFactory.getParameterByOID(curveNameOID);
+ eccParameterSpec = ECStandardizedParameterFactory.getParametersByOID(curveNameOID);
}
else
{
@@ -167,14 +141,21 @@ public class ECDSAKeyValueConverter
String cofactorStr = getChildElementText(basePointParams, ecdsaNS, "Cofactor", 1);
BigInteger cofactor = (cofactorStr != null) ? new BigInteger(cofactorStr, 10) : null;
+ BigInteger a = new BigInteger(aStr, 10);
+ BigInteger b = new BigInteger(bStr, 10);
+ BigInteger basePointX = new BigInteger(basePointXStr, 10);
+ BigInteger basePointY = new BigInteger(basePointYStr, 10);
+
if (fieldParamsType == FIELD_TYPE_PRIME)
- {
- BigInteger a = new BigInteger(aStr, 10);
- BigInteger b = new BigInteger(bStr, 10);
- BigInteger basePointX = new BigInteger(basePointXStr, 10);
- BigInteger basePointY = new BigInteger(basePointYStr, 10);
- eccParameterSpec = new ECCParameterSpec(p, cofactor, order, seed, null, a, b, basePointX,
- basePointY, null);
+ {
+ ECField javaECField = new ECFieldFp(p);
+ java.security.spec.EllipticCurve curve =
+ new java.security.spec.EllipticCurve(javaECField, a, b, seed.toByteArray());
+ java.security.spec.ECPoint javaECbasePoint =
+ new java.security.spec.ECPoint(basePointX, basePointY);
+ java.security.spec.ECParameterSpec javaECSpec =
+ new java.security.spec.ECParameterSpec(curve, javaECbasePoint, order, cofactor.intValue());
+ eccParameterSpec = ECParameterSpec.getParameterSpec(javaECSpec);
}
else
{
@@ -193,9 +174,19 @@ public class ECDSAKeyValueConverter
irreducible[k1/32] += 1 << k1 % 32;
irreducible[0] += 1;
}
- eccParameterSpec = new ECCParameterSpec(irreducible, cofactor, order, octetString2IntArray(aStr),
- octetString2IntArray(bStr), octetString2IntArray(basePointXStr),
- octetString2IntArray(basePointYStr), null);
+
+ ECField javaECField = new ECFieldF2m(m, irreducible);
+ java.security.spec.EllipticCurve curve =
+ new java.security.spec.EllipticCurve(javaECField, a, b, seed.toByteArray());
+ java.security.spec.ECPoint javaECbasePoint =
+ new java.security.spec.ECPoint(basePointX, basePointY);
+ java.security.spec.ECParameterSpec javaECSpec =
+ new java.security.spec.ECParameterSpec(curve, javaECbasePoint, order, cofactor.intValue());
+ eccParameterSpec = ECParameterSpec.getParameterSpec(javaECSpec);
+
+// eccParameterSpec = new ECCParameterSpec(irreducible, cofactor, order, octetString2IntArray(aStr),
+// octetString2IntArray(bStr), octetString2IntArray(basePointXStr),
+// octetString2IntArray(basePointYStr), null);
}
}
@@ -206,10 +197,14 @@ public class ECDSAKeyValueConverter
Element publicKeyYElem = getChildElement(publicKeyElem, ecdsaNS, "Y", 1);
String publicKeyYStr = publicKeyYElem.getAttributeNS(null, "Value");
- ECDSAParameter ecdsaParams = new ECDSAParameter(eccParameterSpec, CoordinateTypes.PROJECTIVE_COORDINATES);
- ECGroupFactory ecGroupFactory = ECGroupFactory.getInstance();
- EllipticCurve eCurve = ecGroupFactory.getCurve(eccParameterSpec.getA(),
- eccParameterSpec.getB(), eccParameterSpec.getR(), CoordinateTypes.PROJECTIVE_COORDINATES);
+ //ECParameterSpec ecdsaParams = new ECParameterSpec(eccParameterSpec, CoordinateTypes.PROJECTIVE_COORDINATES);
+ //ECGroupFactory ecGroupFactory = ECGroupFactory.getInstance();
+
+ EllipticCurve eCurve = eccParameterSpec.getCurve();
+
+// EllipticCurve eCurve = ecGroupFactory.getCurve(eccParameterSpec.getA(),
+// eccParameterSpec.getB(), eccParameterSpec.getR(), CoordinateTypes.PROJECTIVE_COORDINATES);
+
Field field = eCurve.getField();
// Detect type of public key field elements
@@ -239,10 +234,19 @@ public class ECDSAKeyValueConverter
}
// ProjectiveCoordinate publicKeyPointCoordinate = new ProjectiveCoordinate(publicKeyPointX,
// publicKeyPointY, field.getONEelement());
- Coordinate publicKeyPointCoordinate = new AffineCoordinate(publicKeyPointX,
- publicKeyPointY).toProjective();
- ECPoint publicKeyPoint = eCurve.newPoint(publicKeyPointCoordinate);
- ECPublicKey publicKey = new ECPublicKey(ecdsaParams, publicKeyPoint);
+// Coordinate publicKeyPointCoordinate = new AffineCoordinate(publicKeyPointX,
+// publicKeyPointY).toProjective();
+
+ ECPoint publicKeyPointECPoint = new ECPoint(publicKeyPointX.toBigInteger(),
+ publicKeyPointY.toBigInteger());
+
+ if (!eCurve.containsPoint(publicKeyPointECPoint)) {
+ Logger.error("IDL ECC parameter extraction FAILED! Public-Key ECPoint is not on the curve!");
+ throw new Exception("IDL ECC parameter extraction FAILED! Public-Key ECPoint is not on the curve!");
+
+ }
+
+ ECPublicKey publicKey = new ECPublicKey(eccParameterSpec, publicKeyPointECPoint);
return publicKey;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index af3424881..d3fba8854 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -46,9 +46,6 @@
package at.gv.egovernment.moa.id.util;
-import iaik.pki.PKIException;
-import iaik.security.provider.IAIK;
-
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.IOException;
@@ -71,6 +68,8 @@ import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.ConnectionParameterInterface;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import iaik.pki.PKIException;
+import iaik.security.provider.IAIK;
/**
@@ -126,8 +125,7 @@ public class SSLUtils {
//INFO: MOA-ID 2.x always use defaultChainingMode
try {
- SSLSocketFactory ssf =
- at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
+ SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
connParam.getUrl(),
conf.getCertstoreDirectory(),
trustStoreURL,