summaryrefslogtreecommitdiff
path: root/bkucommon
diff options
context:
space:
mode:
authortkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2013-12-10 16:25:02 +0000
committertkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2013-12-10 16:25:02 +0000
commit9cb5db8eacfe6bba50fe10a5a73389f30509df91 (patch)
treecbbd09837fc6c0cf7cb8c5db41026eb427b989c7 /bkucommon
parentcac60be3e0be598bf30bc39d813a19c4f213482d (diff)
downloadmocca-9cb5db8eacfe6bba50fe10a5a73389f30509df91.tar.gz
mocca-9cb5db8eacfe6bba50fe10a5a73389f30509df91.tar.bz2
mocca-9cb5db8eacfe6bba50fe10a5a73389f30509df91.zip
Correctly wrap X9.62 ECDSA signatures
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1248 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'bkucommon')
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java30
1 files changed, 27 insertions, 3 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java
index 437d29ef..cb7d9a7a 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java
@@ -1,13 +1,18 @@
package at.gv.egiz.bku.slcommands.impl.cms;
+import iaik.asn1.DerCoder;
+import iaik.asn1.INTEGER;
+import iaik.asn1.SEQUENCE;
import iaik.asn1.structures.AlgorithmID;
import iaik.cms.IaikProvider;
import iaik.utils.Util;
+import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SignatureException;
+import java.util.Arrays;
import java.util.Collections;
import java.util.List;
@@ -52,7 +57,7 @@ public class STALSecurityProvider extends IaikProvider {
signRequest.setSignedInfoIsRawData(true);
signRequest.setSignatureMethod(privateKey.getAlgorithm());
- log.debug("Sending STAL request");
+ log.debug("Sending STAL request ({})", privateKey.getAlgorithm());
List<STALResponse> responses =
stal.handleRequest(Collections.singletonList((STALRequest) signRequest));
@@ -62,8 +67,9 @@ public class STALSecurityProvider extends IaikProvider {
STALResponse response = responses.get(0);
if (response instanceof SignResponse) {
- log.debug("Got STAL response: " + Util.toBase64String(((SignResponse) response).getSignatureValue()));
- return ((SignResponse) response).getSignatureValue();
+ byte[] sig = ((SignResponse) response).getSignatureValue();
+ log.debug("Got STAL response: " + Util.toBase64String(sig));
+ return wrapSignatureValue(sig, signatureAlgorithm);
} else if (response instanceof ErrorResponse) {
ErrorResponse err = (ErrorResponse) response;
STALSignatureException se = new STALSignatureException(err.getErrorCode(), err.getErrorMessage());
@@ -73,4 +79,22 @@ public class STALSecurityProvider extends IaikProvider {
}
}
+ private static byte[] wrapSignatureValue(byte[] sig, AlgorithmID sigAlgorithmID) {
+ String id = sigAlgorithmID.getAlgorithm().getID();
+ // 0.4.0.127.0.7.1.1.4.1...: ecdsa-plain-signatures
+ // 1.2.840.10045.4...: id-ecSigType
+ if (id.startsWith("1.2.840.10045.4")) //X9.62 Format ECDSA signatures
+ {
+ //Wrap r and s in ASN.1 SEQUENCE
+ byte[] r = Arrays.copyOfRange(sig, 0, sig.length/2);
+ byte[] s = Arrays.copyOfRange(sig, sig.length/2, sig.length);
+ SEQUENCE sigS = new SEQUENCE();
+ sigS.addComponent(new INTEGER(new BigInteger(1, r)));
+ sigS.addComponent(new INTEGER(new BigInteger(1, s)));
+ return DerCoder.encode(sigS);
+ }
+ else
+ return sig;
+ }
+
}