From 32d17447a258188b2d534bcb0bf65a659ba7b7d0 Mon Sep 17 00:00:00 2001 From: mcentner Date: Fri, 29 Aug 2008 12:11:34 +0000 Subject: Initial import. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../impl/xsect/AlgorithmMethodFactoryImpl.java | 125 +++++++++++++++++++++ 1 file changed, 125 insertions(+) create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java new file mode 100644 index 00000000..6b963465 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java @@ -0,0 +1,125 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.slcommands.impl.xsect; + +import iaik.xml.crypto.XmldsigMore; + +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.X509Certificate; + +import javax.xml.crypto.dsig.CanonicalizationMethod; +import javax.xml.crypto.dsig.DigestMethod; +import javax.xml.crypto.dsig.SignatureMethod; +import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec; +import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec; +import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec; + +/** + * An implementation of the AlgorithmMethod factory that uses the signing + * certificate to choose appropriate algorithms. + * + * @author mcentner + */ +public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { + + /** + * The signature algorithm URI. + */ + private String signatureAlgorithmURI; + + /** + * The algorithm parameters for the signature algorithm. + */ + private SignatureMethodParameterSpec signatureMethodParameterSpec; + + /** + * Creates a new AlgrithmMethodFactory with the given + * signingCertificate. + * + * @param siginingCertificate + * + * @throws NoSuchAlgorithmException + * if the public key algorithm of the given + * signingCertificate is not supported + */ + public AlgorithmMethodFactoryImpl(X509Certificate siginingCertificate) + throws NoSuchAlgorithmException { + + String algorithm = siginingCertificate.getPublicKey().getAlgorithm(); + + if ("DSA".equals(algorithm)) { + signatureAlgorithmURI = SignatureMethod.DSA_SHA1; + } else if ("RSA".equals(algorithm)) { + signatureAlgorithmURI = SignatureMethod.RSA_SHA1; + } else if (("EC".equals(algorithm)) || ("ECDSA".equals(algorithm))) { + signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1; + } else { + throw new NoSuchAlgorithmException("Public key algorithm '" + algorithm + + "' not supported."); + } + + } + + /* + * (non-Javadoc) + * + * @seeat.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactory# + * createCanonicalizationMethod + * (at.gv.egiz.bku.slcommands.impl.xsect.SignatureContext) + */ + @Override + public CanonicalizationMethod createCanonicalizationMethod( + SignatureContext signatureContext) throws NoSuchAlgorithmException, + InvalidAlgorithmParameterException { + + return signatureContext.getSignatureFactory().newCanonicalizationMethod( + CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null); + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactory#createDigestMethod + * (at.gv.egiz.bku.slcommands.impl.xsect.SignatureContext) + */ + @Override + public DigestMethod createDigestMethod(SignatureContext signatureContext) + throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { + + return signatureContext.getSignatureFactory().newDigestMethod( + DigestMethod.SHA1, (DigestMethodParameterSpec) null); + } + + /* + * (non-Javadoc) + * + * @seeat.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactory# + * createSignatureMethod + * (at.gv.egiz.bku.slcommands.impl.xsect.SignatureContext) + */ + @Override + public SignatureMethod createSignatureMethod(SignatureContext signatureContext) + throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { + + return signatureContext.getSignatureFactory().newSignatureMethod( + signatureAlgorithmURI, signatureMethodParameterSpec); + } + +} -- cgit v1.2.3 From 68941b57df2caeead67a5bede2ef5a635d07db32 Mon Sep 17 00:00:00 2001 From: mcentner Date: Wed, 11 Nov 2009 15:51:08 +0000 Subject: Added support for SHA-256 and partial support for e-card G3, BELPIC and Italian cards. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@540 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../impl/xsect/AlgorithmMethodFactoryImpl.java | 86 ++++++++++++++++------ 1 file changed, 64 insertions(+), 22 deletions(-) (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java index 6b963465..061fe707 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java @@ -16,18 +16,23 @@ */ package at.gv.egiz.bku.slcommands.impl.xsect; -import iaik.xml.crypto.XmldsigMore; - -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; -import java.security.cert.X509Certificate; - -import javax.xml.crypto.dsig.CanonicalizationMethod; -import javax.xml.crypto.dsig.DigestMethod; -import javax.xml.crypto.dsig.SignatureMethod; -import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec; -import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec; -import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec; +import iaik.security.ecc.interfaces.ECDSAParams; +import iaik.xml.crypto.XmldsigMore; + +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.PublicKey; +import java.security.cert.X509Certificate; +import java.security.interfaces.ECPublicKey; +import java.security.interfaces.RSAPublicKey; +import java.security.spec.ECParameterSpec; + +import javax.xml.crypto.dsig.CanonicalizationMethod; +import javax.xml.crypto.dsig.DigestMethod; +import javax.xml.crypto.dsig.SignatureMethod; +import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec; +import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec; +import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec; /** * An implementation of the AlgorithmMethod factory that uses the signing @@ -40,7 +45,12 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { /** * The signature algorithm URI. */ - private String signatureAlgorithmURI; + private String signatureAlgorithmURI; + + /** + * the digest algorithm URI. + */ + private String digestAlgorithmURI = DigestMethod.SHA1; /** * The algorithm parameters for the signature algorithm. @@ -51,23 +61,55 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { * Creates a new AlgrithmMethodFactory with the given * signingCertificate. * - * @param siginingCertificate + * @param signingCertificate * * @throws NoSuchAlgorithmException * if the public key algorithm of the given * signingCertificate is not supported */ - public AlgorithmMethodFactoryImpl(X509Certificate siginingCertificate) + public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate) throws NoSuchAlgorithmException { - - String algorithm = siginingCertificate.getPublicKey().getAlgorithm(); + + PublicKey publicKey = signingCertificate.getPublicKey(); + String algorithm = publicKey.getAlgorithm(); if ("DSA".equals(algorithm)) { signatureAlgorithmURI = SignatureMethod.DSA_SHA1; - } else if ("RSA".equals(algorithm)) { - signatureAlgorithmURI = SignatureMethod.RSA_SHA1; - } else if (("EC".equals(algorithm)) || ("ECDSA".equals(algorithm))) { - signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1; + } else if ("RSA".equals(algorithm)) { + + int keyLength = 0; + if (publicKey instanceof RSAPublicKey) { + keyLength = ((RSAPublicKey) publicKey).getModulus().bitLength(); + } + + if (keyLength >= 2048) { + signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_SHA256; + digestAlgorithmURI = DigestMethod.SHA256; + } else { + signatureAlgorithmURI = SignatureMethod.RSA_SHA1; + } + + } else if (("EC".equals(algorithm)) || ("ECDSA".equals(algorithm))) { + + int fieldSize = 0; + if (publicKey instanceof iaik.security.ecc.ecdsa.ECPublicKey) { + ECDSAParams params = ((iaik.security.ecc.ecdsa.ECPublicKey) publicKey).getParameter(); + fieldSize = params.getG().getCurve().getField().getSize().bitLength(); + } else if (publicKey instanceof ECPublicKey) { + ECParameterSpec params = ((ECPublicKey) publicKey).getParams(); + fieldSize = params.getCurve().getField().getFieldSize(); + } + + if (fieldSize < 256) { + signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1; + } else if (fieldSize < 512) { + signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA256; + digestAlgorithmURI = DigestMethod.SHA256; + } else { + signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA512; + digestAlgorithmURI = DigestMethod.SHA512; + } + } else { throw new NoSuchAlgorithmException("Public key algorithm '" + algorithm + "' not supported."); @@ -104,7 +146,7 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { return signatureContext.getSignatureFactory().newDigestMethod( - DigestMethod.SHA1, (DigestMethodParameterSpec) null); + digestAlgorithmURI, (DigestMethodParameterSpec) null); } /* -- cgit v1.2.3 From 5406f90edc47fecff0ff9a00b64b8740b6ac02f8 Mon Sep 17 00:00:00 2001 From: mcentner Date: Fri, 13 Nov 2009 10:28:00 +0000 Subject: SHA-2 disabled for the moment. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@542 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../impl/xsect/AlgorithmMethodFactoryImpl.java | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java index 061fe707..8391e450 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java @@ -41,7 +41,12 @@ import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec; * @author mcentner */ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { - + + /** + * Use SHA-2? + */ + private static boolean SHA2 = false; + /** * The signature algorithm URI. */ @@ -82,7 +87,7 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { keyLength = ((RSAPublicKey) publicKey).getModulus().bitLength(); } - if (keyLength >= 2048) { + if (SHA2 && keyLength >= 2048) { signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_SHA256; digestAlgorithmURI = DigestMethod.SHA256; } else { @@ -100,14 +105,14 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { fieldSize = params.getCurve().getField().getFieldSize(); } - if (fieldSize < 256) { - signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1; - } else if (fieldSize < 512) { + if (SHA2 && fieldSize >= 512) { + signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA512; + digestAlgorithmURI = DigestMethod.SHA512; + } else if (SHA2 && fieldSize >= 256) { signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA256; digestAlgorithmURI = DigestMethod.SHA256; } else { - signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA512; - digestAlgorithmURI = DigestMethod.SHA512; + signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1; } } else { -- cgit v1.2.3