From e8b488d309f94321d374883368389f3206007495 Mon Sep 17 00:00:00 2001 From: Andreas Abraham Date: Wed, 19 Sep 2018 10:07:27 +0200 Subject: mac mocca.app template renewed, important crypto libraries updated --- .../slcommands/impl/xsect/STALSignatureMethod.java | 283 +++++++++++---------- .../bku/slcommands/impl/cms/SignatureTest.java | 260 +++++++++---------- 2 files changed, 274 insertions(+), 269 deletions(-) (limited to 'bkucommon/src') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignatureMethod.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignatureMethod.java index 1a6f6df9..a9eba7e8 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignatureMethod.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignatureMethod.java @@ -1,139 +1,144 @@ -/* - * Copyright 2011 by Graz University of Technology, Austria - * MOCCA has been developed by the E-Government Innovation Center EGIZ, a joint - * initiative of the Federal Chancellery Austria and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - - -package at.gv.egiz.bku.slcommands.impl.xsect; - -import iaik.xml.crypto.dsig.AbstractSignatureMethodImpl; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.security.InvalidAlgorithmParameterException; -import java.security.Key; -import java.security.NoSuchAlgorithmException; -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; - -import javax.xml.crypto.XMLCryptoContext; -import javax.xml.crypto.dsig.XMLSignatureException; -import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec; - -import at.gv.egiz.bku.slcommands.impl.DataObjectHashDataInput; -import at.gv.egiz.bku.slexceptions.SLViewerException; -import at.gv.egiz.bku.utils.StreamUtil; -import at.gv.egiz.stal.ErrorResponse; -import at.gv.egiz.stal.HashDataInput; -import at.gv.egiz.stal.STAL; -import at.gv.egiz.stal.STALRequest; -import at.gv.egiz.stal.STALResponse; -import at.gv.egiz.stal.SignRequest; -import at.gv.egiz.stal.SignRequest.SignedInfo; -import at.gv.egiz.stal.SignResponse; - -public class STALSignatureMethod extends AbstractSignatureMethodImpl { - - /** - * Creates a new instance of this STALSignatureMethod - * with the given algorithm and params. - * - * @param algorithm the algorithm URI - * @param params optional algorithm parameters - * @throws InvalidAlgorithmParameterException if the specified parameters - * are inappropriate for the requested algorithm - * @throws NoSuchAlgorithmException if an implementation of the specified - * algorithm cannot be found - * @throws NullPointerException if algorithm is null - */ - public STALSignatureMethod(String algorithm, - SignatureMethodParameterSpec params) - throws InvalidAlgorithmParameterException, NoSuchAlgorithmException { - super(algorithm, params); - } - - @Override - public byte[] calculateSignatureValue(XMLCryptoContext context, Key key, InputStream message) - throws XMLSignatureException, IOException { - - if (!(key instanceof STALPrivateKey)) { - throw new XMLSignatureException("STALSignatureMethod expects STALPrivateKey."); - } - - STAL stal = ((STALPrivateKey) key).getStal(); - String keyboxIdentifier = ((STALPrivateKey) key).getKeyboxIdentifier(); - List dataObjects = ((STALPrivateKey) key).getDataObjects(); - - List hashDataInputs = new ArrayList(); - for (DataObject dataObject : dataObjects) { - try { - dataObject.validateHashDataInput(); - } catch (SLViewerException e) { - throw new XMLSignatureException(e); - } - hashDataInputs.add(new DataObjectHashDataInput(dataObject)); - } - - ByteArrayOutputStream m = new ByteArrayOutputStream(); - StreamUtil.copyStream(message, m); - - SignRequest signRequest = new SignRequest(); - signRequest.setKeyIdentifier(keyboxIdentifier); - SignedInfo signedInfo = new SignedInfo(); - signedInfo.setValue(m.toByteArray()); - signRequest.setSignedInfo(signedInfo); - signRequest.setHashDataInput(hashDataInputs); - - List responses = - stal.handleRequest(Collections.singletonList((STALRequest) signRequest)); - - if (responses == null || responses.size() != 1) { - throw new XMLSignatureException("Failed to access STAL."); - } - - STALResponse response = responses.get(0); - if (response instanceof SignResponse) { - return ((SignResponse) response).getSignatureValue(); - } else if (response instanceof ErrorResponse) { - ErrorResponse err = (ErrorResponse) response; - STALSignatureException se = new STALSignatureException(err.getErrorCode(), err.getErrorMessage()); - throw new XMLSignatureException(se); - } else { - throw new XMLSignatureException("Failed to access STAL."); - } - - } - - @Override - public boolean validateSignatureValue(XMLCryptoContext context, Key key, byte[] value, - InputStream message) throws XMLSignatureException, IOException { - throw new XMLSignatureException("The STALSignatureMethod does not support validation."); - } - - @Override - protected Class getParameterSpecClass() { - return null; - } - -} +/* + * Copyright 2011 by Graz University of Technology, Austria + * MOCCA has been developed by the E-Government Innovation Center EGIZ, a joint + * initiative of the Federal Chancellery Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.gv.egiz.bku.slcommands.impl.xsect; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.security.InvalidAlgorithmParameterException; +import java.security.Key; +import java.security.NoSuchAlgorithmException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import javax.xml.crypto.XMLCryptoContext; +import javax.xml.crypto.dsig.XMLSignatureException; +import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec; + +import at.gv.egiz.bku.slcommands.impl.DataObjectHashDataInput; +import at.gv.egiz.bku.slexceptions.SLViewerException; +import at.gv.egiz.bku.utils.StreamUtil; +import at.gv.egiz.stal.ErrorResponse; +import at.gv.egiz.stal.HashDataInput; +import at.gv.egiz.stal.STAL; +import at.gv.egiz.stal.STALRequest; +import at.gv.egiz.stal.STALResponse; +import at.gv.egiz.stal.SignRequest; +import at.gv.egiz.stal.SignRequest.SignedInfo; +import at.gv.egiz.stal.SignResponse; +import iaik.xml.crypto.dsig.SignatureMethodImpl; + +public class STALSignatureMethod extends SignatureMethodImpl { + + /** + * Creates a new instance of this STALSignatureMethod with the + * given algorithm and params. + * + * @param algorithm + * the algorithm URI + * @param params + * optional algorithm parameters + * @throws InvalidAlgorithmParameterException + * if the specified parameters are inappropriate for the requested + * algorithm + * @throws NoSuchAlgorithmException + * if an implementation of the specified algorithm cannot be found + * @throws NullPointerException + * if algorithm is null + */ + public STALSignatureMethod(String algorithm, SignatureMethodParameterSpec params) + throws InvalidAlgorithmParameterException, NoSuchAlgorithmException { + super(algorithm, params); + } + + @Override + public byte[] calculateSignatureValue(XMLCryptoContext context, Key key, InputStream message) + throws XMLSignatureException, IOException { + + if (!(key instanceof STALPrivateKey)) { + throw new XMLSignatureException("STALSignatureMethod expects STALPrivateKey."); + } + + STAL stal = ((STALPrivateKey) key).getStal(); + String keyboxIdentifier = ((STALPrivateKey) key).getKeyboxIdentifier(); + List dataObjects = ((STALPrivateKey) key).getDataObjects(); + + List hashDataInputs = new ArrayList(); + for (DataObject dataObject : dataObjects) { + try { + dataObject.validateHashDataInput(); + } catch (SLViewerException e) { + throw new XMLSignatureException(e); + } + hashDataInputs.add(new DataObjectHashDataInput(dataObject)); + } + + ByteArrayOutputStream m = new ByteArrayOutputStream(); + StreamUtil.copyStream(message, m); + + SignRequest signRequest = new SignRequest(); + signRequest.setKeyIdentifier(keyboxIdentifier); + SignedInfo signedInfo = new SignedInfo(); + signedInfo.setValue(m.toByteArray()); + signRequest.setSignedInfo(signedInfo); + signRequest.setHashDataInput(hashDataInputs); + + List responses = stal.handleRequest(Collections.singletonList((STALRequest) signRequest)); + + if (responses == null || responses.size() != 1) { + throw new XMLSignatureException("Failed to access STAL."); + } + + STALResponse response = responses.get(0); + if (response instanceof SignResponse) { + return ((SignResponse) response).getSignatureValue(); + } else if (response instanceof ErrorResponse) { + ErrorResponse err = (ErrorResponse) response; + STALSignatureException se = new STALSignatureException(err.getErrorCode(), err.getErrorMessage()); + throw new XMLSignatureException(se); + } else { + throw new XMLSignatureException("Failed to access STAL."); + } + + } + + @Override + public boolean validateSignatureValue(XMLCryptoContext context, Key key, byte[] value, InputStream message) + throws XMLSignatureException, IOException { + throw new XMLSignatureException("The STALSignatureMethod does not support validation."); + } + +// @Override +// protected Class getParameterSpecClass() { +// return null; +// } + + @Override + public boolean validateSignatureValue(Key key, byte[] value, InputStream message) throws XMLSignatureException, IOException { + throw new XMLSignatureException("The STALSignatureMethod does not support validation."); + } + + +} diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/cms/SignatureTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/cms/SignatureTest.java index 56229b83..f17b0329 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/cms/SignatureTest.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/cms/SignatureTest.java @@ -1,130 +1,130 @@ -package at.gv.egiz.bku.slcommands.impl.cms; - -import static org.junit.Assert.*; - -import java.io.ByteArrayInputStream; -import java.net.URI; -import java.net.URISyntaxException; -import java.nio.charset.Charset; -import java.security.MessageDigest; -import java.util.Date; - -import org.junit.BeforeClass; -import org.junit.Test; -import org.w3._2000._09.xmldsig_.DigestMethodType; - -import at.buergerkarte.namespaces.securitylayer._1_2_3.Base64OptRefContentType; -import at.buergerkarte.namespaces.securitylayer._1_2_3.CMSDataObjectRequiredMetaType; -import at.buergerkarte.namespaces.securitylayer._1_2_3.DigestAndRefType; -import at.buergerkarte.namespaces.securitylayer._1_2_3.MetaInfoType; -import at.gv.egiz.stal.dummy.DummySTAL; -import iaik.asn1.ObjectID; -import iaik.asn1.structures.AlgorithmID; -import iaik.cms.InvalidSignatureValueException; -import iaik.cms.SignedData; -import iaik.cms.SignerInfo; -import iaik.security.ecc.provider.ECCProvider; -import iaik.security.provider.IAIK; -import iaik.x509.X509Certificate; - -public class SignatureTest { - - private DummySTAL stal = new DummySTAL(); - - @BeforeClass - public static void setUpClass() { - IAIK.addAsProvider(); - ECCProvider.addAsProvider(); - } - - @Test - public void testSignCMSDataObject() throws Exception { - - byte[] plaintext = "Plaintext".getBytes(Charset.forName("UTF-8")); - - CMSDataObjectRequiredMetaType dataObject = new CMSDataObjectRequiredMetaType(); - Base64OptRefContentType base64OptRefContentType = new Base64OptRefContentType(); - base64OptRefContentType.setBase64Content(plaintext); - dataObject.setContent(base64OptRefContentType); - MetaInfoType metaInfoType = new MetaInfoType(); - metaInfoType.setMimeType("text/plain"); - dataObject.setMetaInfo(metaInfoType); - - Signature signature = new Signature(dataObject, "detached", stal.getCert(), new Date(), null, true); - byte[] cmsSignature = signature.sign(stal, "SecureSignatureKeypair"); - - SignedData signedData = new SignedData(new ByteArrayInputStream(cmsSignature)); - signedData.setContent(plaintext); - assertEquals(ObjectID.pkcs7_data, signedData.getEncapsulatedContentType()); - SignerInfo[] signerInfos = signedData.getSignerInfos(); - assertEquals(1, signerInfos.length); - SignerInfo signerInfo = signerInfos[0]; - signedData.verify((X509Certificate) stal.getCert()); - assertEquals(AlgorithmID.sha1, signerInfo.getDigestAlgorithm()); - assertEquals(AlgorithmID.sha1WithRSAEncryption, signerInfo.getSignatureAlgorithm()); - - System.out.println(AlgorithmID.sha1); - - } - - @Test - public void testSignCMSReferenceSha1() throws Exception { - testSignCMSReference(AlgorithmID.sha1); - } - - //TODO Why doesn't it work this way?? - @Test(expected = InvalidSignatureValueException.class) - public void testSignCMSReferenceSha256() throws Exception { - testSignCMSReference(AlgorithmID.sha256); - } - - private void testSignCMSReference(AlgorithmID digestAlgorithmID) throws Exception { - - byte[] plaintext = "Plaintext".getBytes(Charset.forName("UTF-8")); - - MessageDigest messageDigest = MessageDigest.getInstance(digestAlgorithmID.getImplementationName()); - byte[] digestValue = messageDigest.digest(plaintext); - - CMSDataObjectRequiredMetaType dataObject = new CMSDataObjectRequiredMetaType(); - DigestAndRefType digestAndRefType = new DigestAndRefType(); - DigestMethodType digestMethodType = new DigestMethodType(); - digestMethodType.setAlgorithm("URN:OID:" + digestAlgorithmID.getAlgorithm().getID()); - digestAndRefType.setDigestMethod(digestMethodType); - digestAndRefType.setDigestValue(digestValue); - dataObject.setDigestAndRef(digestAndRefType); - MetaInfoType metaInfoType = new MetaInfoType(); - metaInfoType.setMimeType("text/plain"); - dataObject.setMetaInfo(metaInfoType); - - Signature signature = new Signature(dataObject, "detached", stal.getCert(), new Date(), null, true); - byte[] cmsSignature = signature.sign(stal, "SecureSignatureKeypair"); - - SignedData signedData = new SignedData(new ByteArrayInputStream(cmsSignature)); - signedData.setContent(plaintext); - assertEquals(ObjectID.pkcs7_data, signedData.getEncapsulatedContentType()); - SignerInfo[] signerInfos = signedData.getSignerInfos(); - assertEquals(1, signerInfos.length); - SignerInfo signerInfo = signerInfos[0]; - signedData.verify((X509Certificate) stal.getCert()); - assertEquals(digestAlgorithmID, signerInfo.getDigestAlgorithm()); - assertEquals(AlgorithmID.sha1WithRSAEncryption, signerInfo.getSignatureAlgorithm()); - - } - - @Test - public void test() throws URISyntaxException { - - String oid = null; - URI uri = new URI("URN:OID:1.3.14.3.2.26"); - String scheme = uri.getScheme(); - if ("URN".equalsIgnoreCase(scheme)) { - String schemeSpecificPart = uri.getSchemeSpecificPart().toLowerCase(); - if (schemeSpecificPart.startsWith("oid:")) { - oid = schemeSpecificPart.substring(4, schemeSpecificPart.length()); - } - } - assertEquals("1.3.14.3.2.26", oid); - - } - -} +package at.gv.egiz.bku.slcommands.impl.cms; + +import static org.junit.Assert.*; + +import java.io.ByteArrayInputStream; +import java.net.URI; +import java.net.URISyntaxException; +import java.nio.charset.Charset; +import java.security.MessageDigest; +import java.util.Date; + +import org.junit.BeforeClass; +import org.junit.Test; +import org.w3._2000._09.xmldsig_.DigestMethodType; + +import at.buergerkarte.namespaces.securitylayer._1_2_3.Base64OptRefContentType; +import at.buergerkarte.namespaces.securitylayer._1_2_3.CMSDataObjectRequiredMetaType; +import at.buergerkarte.namespaces.securitylayer._1_2_3.DigestAndRefType; +import at.buergerkarte.namespaces.securitylayer._1_2_3.MetaInfoType; +import at.gv.egiz.stal.dummy.DummySTAL; +import iaik.asn1.ObjectID; +import iaik.asn1.structures.AlgorithmID; +import iaik.cms.InvalidSignatureValueException; +import iaik.cms.SignedData; +import iaik.cms.SignerInfo; +import iaik.security.ec.provider.ECCelerate; +import iaik.security.provider.IAIK; +import iaik.x509.X509Certificate; + +public class SignatureTest { + + private DummySTAL stal = new DummySTAL(); + + @BeforeClass + public static void setUpClass() { + IAIK.addAsProvider(); + ECCelerate.addAsProvider(); + } + + @Test + public void testSignCMSDataObject() throws Exception { + + byte[] plaintext = "Plaintext".getBytes(Charset.forName("UTF-8")); + + CMSDataObjectRequiredMetaType dataObject = new CMSDataObjectRequiredMetaType(); + Base64OptRefContentType base64OptRefContentType = new Base64OptRefContentType(); + base64OptRefContentType.setBase64Content(plaintext); + dataObject.setContent(base64OptRefContentType); + MetaInfoType metaInfoType = new MetaInfoType(); + metaInfoType.setMimeType("text/plain"); + dataObject.setMetaInfo(metaInfoType); + + Signature signature = new Signature(dataObject, "detached", stal.getCert(), new Date(), null, true); + byte[] cmsSignature = signature.sign(stal, "SecureSignatureKeypair"); + + SignedData signedData = new SignedData(new ByteArrayInputStream(cmsSignature)); + signedData.setContent(plaintext); + assertEquals(ObjectID.pkcs7_data, signedData.getEncapsulatedContentType()); + SignerInfo[] signerInfos = signedData.getSignerInfos(); + assertEquals(1, signerInfos.length); + SignerInfo signerInfo = signerInfos[0]; + signedData.verify((X509Certificate) stal.getCert()); + assertEquals(AlgorithmID.sha1, signerInfo.getDigestAlgorithm()); + assertEquals(AlgorithmID.sha1WithRSAEncryption, signerInfo.getSignatureAlgorithm()); + + System.out.println(AlgorithmID.sha1); + + } + + @Test + public void testSignCMSReferenceSha1() throws Exception { + testSignCMSReference(AlgorithmID.sha1); + } + + //TODO Why doesn't it work this way?? + @Test(expected = InvalidSignatureValueException.class) + public void testSignCMSReferenceSha256() throws Exception { + testSignCMSReference(AlgorithmID.sha256); + } + + private void testSignCMSReference(AlgorithmID digestAlgorithmID) throws Exception { + + byte[] plaintext = "Plaintext".getBytes(Charset.forName("UTF-8")); + + MessageDigest messageDigest = MessageDigest.getInstance(digestAlgorithmID.getImplementationName()); + byte[] digestValue = messageDigest.digest(plaintext); + + CMSDataObjectRequiredMetaType dataObject = new CMSDataObjectRequiredMetaType(); + DigestAndRefType digestAndRefType = new DigestAndRefType(); + DigestMethodType digestMethodType = new DigestMethodType(); + digestMethodType.setAlgorithm("URN:OID:" + digestAlgorithmID.getAlgorithm().getID()); + digestAndRefType.setDigestMethod(digestMethodType); + digestAndRefType.setDigestValue(digestValue); + dataObject.setDigestAndRef(digestAndRefType); + MetaInfoType metaInfoType = new MetaInfoType(); + metaInfoType.setMimeType("text/plain"); + dataObject.setMetaInfo(metaInfoType); + + Signature signature = new Signature(dataObject, "detached", stal.getCert(), new Date(), null, true); + byte[] cmsSignature = signature.sign(stal, "SecureSignatureKeypair"); + + SignedData signedData = new SignedData(new ByteArrayInputStream(cmsSignature)); + signedData.setContent(plaintext); + assertEquals(ObjectID.pkcs7_data, signedData.getEncapsulatedContentType()); + SignerInfo[] signerInfos = signedData.getSignerInfos(); + assertEquals(1, signerInfos.length); + SignerInfo signerInfo = signerInfos[0]; + signedData.verify((X509Certificate) stal.getCert()); + assertEquals(digestAlgorithmID, signerInfo.getDigestAlgorithm()); + assertEquals(AlgorithmID.sha1WithRSAEncryption, signerInfo.getSignatureAlgorithm()); + + } + + @Test + public void test() throws URISyntaxException { + + String oid = null; + URI uri = new URI("URN:OID:1.3.14.3.2.26"); + String scheme = uri.getScheme(); + if ("URN".equalsIgnoreCase(scheme)) { + String schemeSpecificPart = uri.getSchemeSpecificPart().toLowerCase(); + if (schemeSpecificPart.startsWith("oid:")) { + oid = schemeSpecificPart.substring(4, schemeSpecificPart.length()); + } + } + assertEquals("1.3.14.3.2.26", oid); + + } + +} -- cgit v1.2.3