diff options
author | mcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2009-11-11 15:51:08 +0000 |
---|---|---|
committer | mcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2009-11-11 15:51:08 +0000 |
commit | 68941b57df2caeead67a5bede2ef5a635d07db32 (patch) | |
tree | 78c93c71a20b4775af3991f4395c2267cc39fab8 /bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java | |
parent | caca721368d8c24559b1cd5ea2018884b4874f6b (diff) | |
download | mocca-68941b57df2caeead67a5bede2ef5a635d07db32.tar.gz mocca-68941b57df2caeead67a5bede2ef5a635d07db32.tar.bz2 mocca-68941b57df2caeead67a5bede2ef5a635d07db32.zip |
Added support for SHA-256 and partial support for e-card G3, BELPIC and Italian cards.
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@540 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java')
-rw-r--r-- | bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java | 86 |
1 files changed, 64 insertions, 22 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java index 6b963465..061fe707 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java @@ -16,18 +16,23 @@ */ package at.gv.egiz.bku.slcommands.impl.xsect;
-import iaik.xml.crypto.XmldsigMore;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.X509Certificate;
-
-import javax.xml.crypto.dsig.CanonicalizationMethod;
-import javax.xml.crypto.dsig.DigestMethod;
-import javax.xml.crypto.dsig.SignatureMethod;
-import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
-import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
-import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
+import iaik.security.ecc.interfaces.ECDSAParams; +import iaik.xml.crypto.XmldsigMore; + +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.PublicKey; +import java.security.cert.X509Certificate; +import java.security.interfaces.ECPublicKey; +import java.security.interfaces.RSAPublicKey; +import java.security.spec.ECParameterSpec; + +import javax.xml.crypto.dsig.CanonicalizationMethod; +import javax.xml.crypto.dsig.DigestMethod; +import javax.xml.crypto.dsig.SignatureMethod; +import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec; +import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec; +import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec; /**
* An implementation of the AlgorithmMethod factory that uses the signing
@@ -40,7 +45,12 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { /**
* The signature algorithm URI.
*/
- private String signatureAlgorithmURI;
+ private String signatureAlgorithmURI; + + /** + * the digest algorithm URI. + */ + private String digestAlgorithmURI = DigestMethod.SHA1;
/**
* The algorithm parameters for the signature algorithm.
@@ -51,23 +61,55 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { * Creates a new AlgrithmMethodFactory with the given
* <code>signingCertificate</code>.
*
- * @param siginingCertificate
+ * @param signingCertificate
*
* @throws NoSuchAlgorithmException
* if the public key algorithm of the given
* <code>signingCertificate</code> is not supported
*/
- public AlgorithmMethodFactoryImpl(X509Certificate siginingCertificate)
+ public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate)
throws NoSuchAlgorithmException {
-
- String algorithm = siginingCertificate.getPublicKey().getAlgorithm();
+ + PublicKey publicKey = signingCertificate.getPublicKey();
+ String algorithm = publicKey.getAlgorithm(); if ("DSA".equals(algorithm)) {
signatureAlgorithmURI = SignatureMethod.DSA_SHA1;
- } else if ("RSA".equals(algorithm)) {
- signatureAlgorithmURI = SignatureMethod.RSA_SHA1;
- } else if (("EC".equals(algorithm)) || ("ECDSA".equals(algorithm))) {
- signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1;
+ } else if ("RSA".equals(algorithm)) { + + int keyLength = 0; + if (publicKey instanceof RSAPublicKey) { + keyLength = ((RSAPublicKey) publicKey).getModulus().bitLength(); + } + + if (keyLength >= 2048) { + signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_SHA256; + digestAlgorithmURI = DigestMethod.SHA256; + } else { + signatureAlgorithmURI = SignatureMethod.RSA_SHA1; + } +
+ } else if (("EC".equals(algorithm)) || ("ECDSA".equals(algorithm))) { + + int fieldSize = 0; + if (publicKey instanceof iaik.security.ecc.ecdsa.ECPublicKey) { + ECDSAParams params = ((iaik.security.ecc.ecdsa.ECPublicKey) publicKey).getParameter(); + fieldSize = params.getG().getCurve().getField().getSize().bitLength(); + } else if (publicKey instanceof ECPublicKey) { + ECParameterSpec params = ((ECPublicKey) publicKey).getParams(); + fieldSize = params.getCurve().getField().getFieldSize(); + } + + if (fieldSize < 256) { + signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1; + } else if (fieldSize < 512) { + signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA256; + digestAlgorithmURI = DigestMethod.SHA256; + } else { + signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA512; + digestAlgorithmURI = DigestMethod.SHA512; + } +
} else {
throw new NoSuchAlgorithmException("Public key algorithm '" + algorithm
+ "' not supported.");
@@ -104,7 +146,7 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
return signatureContext.getSignatureFactory().newDigestMethod(
- DigestMethod.SHA1, (DigestMethodParameterSpec) null);
+ digestAlgorithmURI, (DigestMethodParameterSpec) null);
}
/*
|