Added support for SHA-256 and partial support for e-card G3, BELPIC and Italian cards.

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@540 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
author: mcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> 2009-11-11 15:51:08 +0000
committer: mcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> 2009-11-11 15:51:08 +0000
commit: 68941b57df2caeead67a5bede2ef5a635d07db32 (patch)
tree: 78c93c71a20b4775af3991f4395c2267cc39fab8 /bkucommon/src/main/java/at/gv/egiz/bku/slcommands
parent: caca721368d8c24559b1cd5ea2018884b4874f6b (diff)
download: mocca-68941b57df2caeead67a5bede2ef5a635d07db32.tar.gz
mocca-68941b57df2caeead67a5bede2ef5a635d07db32.tar.bz2
mocca-68941b57df2caeead67a5bede2ef5a635d07db32.zip
4 files changed, 111 insertions, 30 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/STALHelper.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/STALHelper.java
index 0c7ce3f5..e903c608 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/STALHelper.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/STALHelper.java
@@ -18,8 +18,15 @@ package at.gv.egiz.bku.slcommands.impl;
 
 import iaik.asn1.CodingException;
 import iaik.asn1.DerCoder;
+import iaik.utils.Base64OutputStream;
 
 import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.OutputStreamWriter;
+import java.io.StringWriter;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
@@ -174,7 +181,24 @@ public class STALHelper {
       try {
         certificates.add((X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(cert)));
       } catch (CertificateException e) {
-        log.info("Failed to decode certificate.", e);
+        if (log.isDebugEnabled()) {
+          ByteArrayOutputStream certDump = new ByteArrayOutputStream();
+          OutputStreamWriter writer = new OutputStreamWriter(certDump);
+          try {
+            writer.write("-----BEGIN CERTIFICATE-----\n");
+            writer.flush();
+            Base64OutputStream b64os = new Base64OutputStream(certDump);
+            b64os.write(cert);
+            b64os.flush();
+            writer.write("\n-----END CERTIFICATE-----");
+            writer.flush();
+          } catch (IOException e1) {
+            log.info("Failed to decode certificate.", e);
+          }
+          log.debug("Failed to decode certificate.\n" + certDump.toString(), e);
+        } else {
+          log.info("Failed to decode certificate.", e);
+        }
         throw new SLCommandException(4000,
             SLExceptionMessages.EC4000_UNCLASSIFIED_INFOBOX_INVALID,
             new Object[] { "Certificates" });
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java
index 6b963465..061fe707 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java
@@ -16,18 +16,23 @@
 */
 package at.gv.egiz.bku.slcommands.impl.xsect;
 
-import iaik.xml.crypto.XmldsigMore;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.X509Certificate;
-
-import javax.xml.crypto.dsig.CanonicalizationMethod;
-import javax.xml.crypto.dsig.DigestMethod;
-import javax.xml.crypto.dsig.SignatureMethod;
-import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
-import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
-import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
+import iaik.security.ecc.interfaces.ECDSAParams;
+import iaik.xml.crypto.XmldsigMore;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.ECParameterSpec;
+
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.SignatureMethod;
+import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
+import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
+import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
 
 /**
  * An implementation of the AlgorithmMethod factory that uses the signing
@@ -40,7 +45,12 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
   /**
    * The signature algorithm URI.
    */
-  private String signatureAlgorithmURI;
+  private String signatureAlgorithmURI;
+  
+  /**
+   * the digest algorithm URI.
+   */
+  private String digestAlgorithmURI = DigestMethod.SHA1;
 
   /**
    * The algorithm parameters for the signature algorithm.
@@ -51,23 +61,55 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
    * Creates a new AlgrithmMethodFactory with the given
    * <code>signingCertificate</code>.
    * 
-   * @param siginingCertificate
+   * @param signingCertificate
    * 
    * @throws NoSuchAlgorithmException
    *           if the public key algorithm of the given
    *           <code>signingCertificate</code> is not supported
    */
-  public AlgorithmMethodFactoryImpl(X509Certificate siginingCertificate)
+  public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate)
       throws NoSuchAlgorithmException {
-
-    String algorithm = siginingCertificate.getPublicKey().getAlgorithm();
+
+    PublicKey publicKey = signingCertificate.getPublicKey();
+    String algorithm = publicKey.getAlgorithm();
 
     if ("DSA".equals(algorithm)) {
       signatureAlgorithmURI = SignatureMethod.DSA_SHA1;
-    } else if ("RSA".equals(algorithm)) {
-      signatureAlgorithmURI = SignatureMethod.RSA_SHA1;
-    } else if (("EC".equals(algorithm)) || ("ECDSA".equals(algorithm))) {
-      signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1;
+    } else if ("RSA".equals(algorithm)) {
+      
+      int keyLength = 0;
+      if (publicKey instanceof RSAPublicKey) {
+        keyLength = ((RSAPublicKey) publicKey).getModulus().bitLength();
+      }
+      
+      if (keyLength >= 2048) {
+        signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_SHA256;
+        digestAlgorithmURI = DigestMethod.SHA256;
+      } else {
+        signatureAlgorithmURI = SignatureMethod.RSA_SHA1;
+      }
+      
+    } else if (("EC".equals(algorithm)) || ("ECDSA".equals(algorithm))) {
+      
+      int fieldSize = 0;
+      if (publicKey instanceof iaik.security.ecc.ecdsa.ECPublicKey) {
+        ECDSAParams params = ((iaik.security.ecc.ecdsa.ECPublicKey) publicKey).getParameter();
+        fieldSize = params.getG().getCurve().getField().getSize().bitLength();
+      } else if (publicKey instanceof ECPublicKey) {
+        ECParameterSpec params = ((ECPublicKey) publicKey).getParams();
+        fieldSize = params.getCurve().getField().getFieldSize();
+      }
+      
+      if (fieldSize < 256) {
+        signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1;
+      } else if (fieldSize < 512) {
+        signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA256;
+        digestAlgorithmURI = DigestMethod.SHA256;
+      } else {
+        signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA512;
+        digestAlgorithmURI = DigestMethod.SHA512;
+      }
+      
     } else {
       throw new NoSuchAlgorithmException("Public key algorithm '" + algorithm
           + "' not supported.");
@@ -104,7 +146,7 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
       throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
 
     return signatureContext.getSignatureFactory().newDigestMethod(
-        DigestMethod.SHA1, (DigestMethodParameterSpec) null);
+        digestAlgorithmURI, (DigestMethodParameterSpec) null);
   }
 
   /*
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALProvider.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALProvider.java
index 0ab30530..42c6a4c5 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALProvider.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALProvider.java
@@ -49,7 +49,11 @@ public class STALProvider extends Provider {
     map.put("Signature." + SignatureMethod.RSA_SHA1,
         IMPL_PACKAGE_NAME + ".STALSignature");
     map.put("Signature." + XmldsigMore.SIGNATURE_ECDSA_SHA1, 
-        IMPL_PACKAGE_NAME + ".STALSignature");
+        IMPL_PACKAGE_NAME + ".STALSignature");
+    map.put("Signature." + XmldsigMore.SIGNATURE_RSA_SHA256, 
+        IMPL_PACKAGE_NAME + ".STALSignature");
+    map.put("Signature." + XmldsigMore.SIGNATURE_ECDSA_SHA256, 
+        IMPL_PACKAGE_NAME + ".STALSignature");
 
     AccessController.doPrivileged(new PrivilegedAction<Void>() {
       @Override
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
index 26ddb153..3cebb6a3 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
@@ -628,9 +628,20 @@ public class Signature {
     
     String target = "#" + signatureId;
     
+    DigestMethod dm;
+    try {
+      dm = ctx.getAlgorithmMethodFactory().createDigestMethod(ctx);
+    } catch (NoSuchAlgorithmException e) {
+      log.error("Failed to get DigestMethod algorithm.", e);
+      throw new SLCommandException(4006);
+    } catch (InvalidAlgorithmParameterException e) {
+      log.error("Failed to get DigestMethod algorithm.", e);
+      throw new SLCommandException(4006);
+    }
+    
     JAXBElement<QualifyingPropertiesType> qualifyingProperties;
     try {
-      qualifyingProperties = factory.createQualifyingProperties111(target, date, signingCertificates, idValue, dataObjectFormats);
+      qualifyingProperties = factory.createQualifyingProperties111(target, date, signingCertificates, idValue, dataObjectFormats, dm);
     } catch (QualifyingPropertiesException e) {
       log.error("Failed to create QualifyingProperties.", e);
       throw new SLCommandException(4000);
@@ -665,7 +676,10 @@ public class Signature {
     String referenceURI = "#xmlns(xades=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('"
         + objectIdValue
         + "')/child::xades:QualifyingProperties/child::xades:SignedProperties)";
-    DigestMethod dm;
+    
+    String referenceIdValue = ctx.getIdValueFactory().createIdValue("Reference");
+    String referenceType = QualifyingPropertiesFactory.SIGNED_PROPERTIES_REFERENCE_TYPE_V1_1_1;
+    
     try {
       dm = ctx.getAlgorithmMethodFactory().createDigestMethod(ctx);
     } catch (NoSuchAlgorithmException e) {
@@ -675,10 +689,7 @@ public class Signature {
       log.error("Failed to get DigestMethod algorithm.", e);
       throw new SLCommandException(4006);
     }
-    
-    String referenceIdValue = ctx.getIdValueFactory().createIdValue("Reference");
-    String referenceType = QualifyingPropertiesFactory.SIGNED_PROPERTIES_REFERENCE_TYPE_V1_1_1;
-    
+
     Reference reference = ctx.getSignatureFactory().newReference(referenceURI, dm, null, referenceType, referenceIdValue);
     
     references.add(reference);
author	mcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>	2009-11-11 15:51:08 +0000
committer	mcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>	2009-11-11 15:51:08 +0000
commit	68941b57df2caeead67a5bede2ef5a635d07db32 (patch)
tree	78c93c71a20b4775af3991f4395c2267cc39fab8 /bkucommon/src/main/java/at/gv/egiz/bku/slcommands
parent	caca721368d8c24559b1cd5ea2018884b4874f6b (diff)
download	mocca-68941b57df2caeead67a5bede2ef5a635d07db32.tar.gz mocca-68941b57df2caeead67a5bede2ef5a635d07db32.tar.bz2 mocca-68941b57df2caeead67a5bede2ef5a635d07db32.zip