/*
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
/*
* Copyright 2005 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
/*
* Copyright (c) 2005, 2008, Oracle and/or its affiliates. All rights reserved.
*/
/*
* $Id: DOMSignatureMethod.java,v 1.2 2008/07/24 15:20:32 mullan Exp $
*/
package org.jcp.xml.dsig.internal.dom;
import javax.xml.crypto.*;
import javax.xml.crypto.dom.DOMCryptoContext;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import java.io.IOException;
import java.security.*;
import java.security.spec.AlgorithmParameterSpec;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.jcp.xml.dsig.internal.SignerOutputStream;
import sun.security.util.KeyUtil;
DOM-based abstract implementation of SignatureMethod.
Author: Sean Mullan
/**
* DOM-based abstract implementation of SignatureMethod.
*
* @author Sean Mullan
*/
public abstract class DOMSignatureMethod extends DOMStructure
implements SignatureMethod {
private static Logger log =
Logger.getLogger("org.jcp.xml.dsig.internal.dom");
// see RFC 4051 for these algorithm definitions
final static String RSA_SHA256 =
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
final static String RSA_SHA384 =
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
final static String RSA_SHA512 =
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
final static String HMAC_SHA256 =
"http://www.w3.org/2001/04/xmldsig-more#hmac-sha256";
final static String HMAC_SHA384 =
"http://www.w3.org/2001/04/xmldsig-more#hmac-sha384";
final static String HMAC_SHA512 =
"http://www.w3.org/2001/04/xmldsig-more#hmac-sha512";
private SignatureMethodParameterSpec params;
private Signature signature;
Creates a DOMSignatureMethod
.
Params: - params – the algorithm-specific params (may be
null
)
Throws: - InvalidAlgorithmParameterException – if the parameters are not
appropriate for this signature method
/**
* Creates a <code>DOMSignatureMethod</code>.
*
* @param params the algorithm-specific params (may be <code>null</code>)
* @throws InvalidAlgorithmParameterException if the parameters are not
* appropriate for this signature method
*/
DOMSignatureMethod(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException {
if (params != null &&
!(params instanceof SignatureMethodParameterSpec)) {
throw new InvalidAlgorithmParameterException
("params must be of type SignatureMethodParameterSpec");
}
checkParams((SignatureMethodParameterSpec) params);
this.params = (SignatureMethodParameterSpec) params;
}
Creates a DOMSignatureMethod
from an element. This ctor invokes the abstract unmarshalParams
method to unmarshal any algorithm-specific input parameters. Params: - smElem – a SignatureMethod element
/**
* Creates a <code>DOMSignatureMethod</code> from an element. This ctor
* invokes the abstract {@link #unmarshalParams unmarshalParams} method to
* unmarshal any algorithm-specific input parameters.
*
* @param smElem a SignatureMethod element
*/
DOMSignatureMethod(Element smElem) throws MarshalException {
Element paramsElem = DOMUtils.getFirstChildElement(smElem);
if (paramsElem != null) {
params = unmarshalParams(paramsElem);
}
try {
checkParams(params);
} catch (InvalidAlgorithmParameterException iape) {
throw new MarshalException(iape);
}
}
static SignatureMethod unmarshal(Element smElem) throws MarshalException {
String alg = DOMUtils.getAttributeValue(smElem, "Algorithm");
if (alg.equals(SignatureMethod.RSA_SHA1)) {
return new SHA1withRSA(smElem);
} else if (alg.equals(RSA_SHA256)) {
return new SHA256withRSA(smElem);
} else if (alg.equals(RSA_SHA384)) {
return new SHA384withRSA(smElem);
} else if (alg.equals(RSA_SHA512)) {
return new SHA512withRSA(smElem);
} else if (alg.equals(SignatureMethod.DSA_SHA1)) {
return new SHA1withDSA(smElem);
} else if (alg.equals(SignatureMethod.HMAC_SHA1)) {
return new DOMHMACSignatureMethod.SHA1(smElem);
} else if (alg.equals(HMAC_SHA256)) {
return new DOMHMACSignatureMethod.SHA256(smElem);
} else if (alg.equals(HMAC_SHA384)) {
return new DOMHMACSignatureMethod.SHA384(smElem);
} else if (alg.equals(HMAC_SHA512)) {
return new DOMHMACSignatureMethod.SHA512(smElem);
} else {
throw new MarshalException
("unsupported SignatureMethod algorithm: " + alg);
}
}
Checks if the specified parameters are valid for this algorithm. By
default, this method throws an exception if parameters are specified
since most SignatureMethod algorithms do not have parameters. Subclasses
should override it if they have parameters.
Params: - params – the algorithm-specific params (may be
null
)
Throws: - InvalidAlgorithmParameterException – if the parameters are not
appropriate for this signature method
/**
* Checks if the specified parameters are valid for this algorithm. By
* default, this method throws an exception if parameters are specified
* since most SignatureMethod algorithms do not have parameters. Subclasses
* should override it if they have parameters.
*
* @param params the algorithm-specific params (may be <code>null</code>)
* @throws InvalidAlgorithmParameterException if the parameters are not
* appropriate for this signature method
*/
void checkParams(SignatureMethodParameterSpec params)
throws InvalidAlgorithmParameterException {
if (params != null) {
throw new InvalidAlgorithmParameterException("no parameters " +
"should be specified for the " + getSignatureAlgorithm()
+ " SignatureMethod algorithm");
}
}
public final AlgorithmParameterSpec getParameterSpec() {
return params;
}
Unmarshals SignatureMethodParameterSpec
from the specified
Element
. By default, this method throws an exception since
most SignatureMethod algorithms do not have parameters. Subclasses should
override it if they have parameters.
Params: - paramsElem – the
Element
holding the input params
Throws: - MarshalException – if the parameters cannot be unmarshalled
Returns: the algorithm-specific SignatureMethodParameterSpec
/**
* Unmarshals <code>SignatureMethodParameterSpec</code> from the specified
* <code>Element</code>. By default, this method throws an exception since
* most SignatureMethod algorithms do not have parameters. Subclasses should
* override it if they have parameters.
*
* @param paramsElem the <code>Element</code> holding the input params
* @return the algorithm-specific <code>SignatureMethodParameterSpec</code>
* @throws MarshalException if the parameters cannot be unmarshalled
*/
SignatureMethodParameterSpec
unmarshalParams(Element paramsElem) throws MarshalException {
throw new MarshalException("no parameters should " +
"be specified for the " + getSignatureAlgorithm() +
" SignatureMethod algorithm");
}
This method invokes the abstract marshalParams
method to marshal any algorithm-specific parameters. /**
* This method invokes the abstract {@link #marshalParams marshalParams}
* method to marshal any algorithm-specific parameters.
*/
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
throws MarshalException {
Document ownerDoc = DOMUtils.getOwnerDocument(parent);
Element smElem = DOMUtils.createElement
(ownerDoc, "SignatureMethod", XMLSignature.XMLNS, dsPrefix);
DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());
if (params != null) {
marshalParams(smElem, dsPrefix);
}
parent.appendChild(smElem);
}
Verifies the passed-in signature with the specified key, using the
underlying signature or MAC algorithm.
Params: - key – the verification key
- si – the DOMSignedInfo
- signature – the signature bytes to be verified
- context – the XMLValidateContext
Throws: - NullPointerException – if
key
, si
or
signature
are null
- InvalidKeyException – if the key is improperly encoded, of
the wrong type, or parameters are missing, etc
- SignatureException – if an unexpected error occurs, such
as the passed in signature is improperly encoded
- XMLSignatureException – if an unexpected error occurs
Returns: true
if the signature verified successfully,
false
if not
/**
* Verifies the passed-in signature with the specified key, using the
* underlying signature or MAC algorithm.
*
* @param key the verification key
* @param si the DOMSignedInfo
* @param signature the signature bytes to be verified
* @param context the XMLValidateContext
* @return <code>true</code> if the signature verified successfully,
* <code>false</code> if not
* @throws NullPointerException if <code>key</code>, <code>si</code> or
* <code>signature</code> are <code>null</code>
* @throws InvalidKeyException if the key is improperly encoded, of
* the wrong type, or parameters are missing, etc
* @throws SignatureException if an unexpected error occurs, such
* as the passed in signature is improperly encoded
* @throws XMLSignatureException if an unexpected error occurs
*/
boolean verify(Key key, DOMSignedInfo si, byte[] sig,
XMLValidateContext context) throws InvalidKeyException,
SignatureException, XMLSignatureException {
if (key == null || si == null || sig == null) {
throw new NullPointerException();
}
if (!(key instanceof PublicKey)) {
throw new InvalidKeyException("key must be PublicKey");
}
checkKeySize(context, key);
if (signature == null) {
try {
Provider p = (Provider) context.getProperty
("org.jcp.xml.dsig.internal.dom.SignatureProvider");
signature = (p == null)
? Signature.getInstance(getSignatureAlgorithm())
: Signature.getInstance(getSignatureAlgorithm(), p);
} catch (NoSuchAlgorithmException nsae) {
throw new XMLSignatureException(nsae);
}
}
signature.initVerify((PublicKey) key);
if (log.isLoggable(Level.FINE)) {
log.log(Level.FINE, "Signature provider:"+ signature.getProvider());
log.log(Level.FINE, "verifying with key: " + key);
}
si.canonicalize(context, new SignerOutputStream(signature));
if (getAlgorithm().equals(SignatureMethod.DSA_SHA1)) {
try {
return signature.verify(convertXMLDSIGtoASN1(sig));
} catch (IOException ioe) {
throw new XMLSignatureException(ioe);
}
} else {
return signature.verify(sig);
}
}
If secure validation mode is enabled, checks that the key size is
restricted.
Params: - context – the context
- key – the key to check
Throws: - XMLSignatureException – if the key size is restricted
/**
* If secure validation mode is enabled, checks that the key size is
* restricted.
*
* @param context the context
* @param key the key to check
* @throws XMLSignatureException if the key size is restricted
*/
private static void checkKeySize(XMLCryptoContext context, Key key)
throws XMLSignatureException {
if (Utils.secureValidation(context)) {
int size = KeyUtil.getKeySize(key);
if (size == -1) {
// key size cannot be determined, so we cannot check against
// restrictions. Note that a DSA key w/o params will be
// rejected later if the certificate chain is validated.
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Size for " +
key.getAlgorithm() + " key cannot be determined");
}
return;
}
if (Policy.restrictKey(key.getAlgorithm(), size)) {
throw new XMLSignatureException(key.getAlgorithm() +
" keys less than " +
Policy.minKeySize(key.getAlgorithm()) + " bits are" +
" forbidden when secure validation is enabled");
}
}
}
Signs the bytes with the specified key, using the underlying
signature or MAC algorithm.
Params: - key – the signing key
- si – the DOMSignedInfo
- context – the XMLSignContext
Throws: - NullPointerException – if
key
or
si
are null
- InvalidKeyException – if the key is improperly encoded, of
the wrong type, or parameters are missing, etc
- XMLSignatureException – if an unexpected error occurs
Returns: the signature
/**
* Signs the bytes with the specified key, using the underlying
* signature or MAC algorithm.
*
* @param key the signing key
* @param si the DOMSignedInfo
* @param context the XMLSignContext
* @return the signature
* @throws NullPointerException if <code>key</code> or
* <code>si</code> are <code>null</code>
* @throws InvalidKeyException if the key is improperly encoded, of
* the wrong type, or parameters are missing, etc
* @throws XMLSignatureException if an unexpected error occurs
*/
byte[] sign(Key key, DOMSignedInfo si, XMLSignContext context)
throws InvalidKeyException, XMLSignatureException {
if (key == null || si == null) {
throw new NullPointerException();
}
if (!(key instanceof PrivateKey)) {
throw new InvalidKeyException("key must be PrivateKey");
}
checkKeySize(context, key);
if (signature == null) {
try {
Provider p = (Provider) context.getProperty
("org.jcp.xml.dsig.internal.dom.SignatureProvider");
signature = (p == null)
? Signature.getInstance(getSignatureAlgorithm())
: Signature.getInstance(getSignatureAlgorithm(), p);
} catch (NoSuchAlgorithmException nsae) {
throw new XMLSignatureException(nsae);
}
}
signature.initSign((PrivateKey) key);
if (log.isLoggable(Level.FINE)) {
log.log(Level.FINE, "Signature provider:" +signature.getProvider());
log.log(Level.FINE, "Signing with key: " + key);
}
si.canonicalize(context, new SignerOutputStream(signature));
try {
if (getAlgorithm().equals(SignatureMethod.DSA_SHA1)) {
return convertASN1toXMLDSIG(signature.sign());
} else {
return signature.sign();
}
} catch (SignatureException se) {
throw new XMLSignatureException(se);
} catch (IOException ioe) {
throw new XMLSignatureException(ioe);
}
}
Marshals the algorithm-specific parameters to an Element and
appends it to the specified parent element. By default, this method
throws an exception since most SignatureMethod algorithms do not have
parameters. Subclasses should override it if they have parameters.
Params: - parent – the parent element to append the parameters to
- paramsPrefix – the algorithm parameters prefix to use
Throws: - MarshalException – if the parameters cannot be marshalled
/**
* Marshals the algorithm-specific parameters to an Element and
* appends it to the specified parent element. By default, this method
* throws an exception since most SignatureMethod algorithms do not have
* parameters. Subclasses should override it if they have parameters.
*
* @param parent the parent element to append the parameters to
* @param paramsPrefix the algorithm parameters prefix to use
* @throws MarshalException if the parameters cannot be marshalled
*/
void marshalParams(Element parent, String paramsPrefix)
throws MarshalException {
throw new MarshalException("no parameters should " +
"be specified for the " + getSignatureAlgorithm() +
" SignatureMethod algorithm");
}
Returns the java.security.Signature standard algorithm name.
/**
* Returns the java.security.Signature standard algorithm name.
*/
abstract String getSignatureAlgorithm();
Returns true if parameters are equal; false otherwise.
Subclasses should override this method to compare algorithm-specific
parameters.
/**
* Returns true if parameters are equal; false otherwise.
*
* Subclasses should override this method to compare algorithm-specific
* parameters.
*/
boolean paramsEqual(AlgorithmParameterSpec spec) {
return (getParameterSpec() == spec);
}
public boolean equals(Object o) {
if (this == o) {
return true;
}
if (!(o instanceof SignatureMethod)) {
return false;
}
SignatureMethod osm = (SignatureMethod) o;
return (getAlgorithm().equals(osm.getAlgorithm()) &&
paramsEqual(osm.getParameterSpec()));
}
Converts an ASN.1 DSA value to a XML Signature DSA Value.
The JAVA JCE DSA Signature algorithm creates ASN.1 encoded (r,s) value
pairs; the XML Signature requires the core BigInteger values.
Params: - asn1Bytes –
Throws: See Also:
/**
* Converts an ASN.1 DSA value to a XML Signature DSA Value.
*
* The JAVA JCE DSA Signature algorithm creates ASN.1 encoded (r,s) value
* pairs; the XML Signature requires the core BigInteger values.
*
* @param asn1Bytes
*
* @throws IOException
* @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
*/
private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[])
throws IOException {
byte rLength = asn1Bytes[3];
int i;
for (i = rLength; (i > 0) && (asn1Bytes[(4 + rLength) - i] == 0); i--);
byte sLength = asn1Bytes[5 + rLength];
int j;
for (j = sLength;
(j > 0) && (asn1Bytes[(6 + rLength + sLength) - j] == 0); j--);
if ((asn1Bytes[0] != 48) || (asn1Bytes[1] != asn1Bytes.length - 2)
|| (asn1Bytes[2] != 2) || (i > 20)
|| (asn1Bytes[4 + rLength] != 2) || (j > 20)) {
throw new IOException("Invalid ASN.1 format of DSA signature");
} else {
byte xmldsigBytes[] = new byte[40];
System.arraycopy(asn1Bytes, (4+rLength)-i, xmldsigBytes, 20-i, i);
System.arraycopy(asn1Bytes, (6+rLength+sLength)-j, xmldsigBytes,
40 - j, j);
return xmldsigBytes;
}
}
Converts a XML Signature DSA Value to an ASN.1 DSA value.
The JAVA JCE DSA Signature algorithm creates ASN.1 encoded (r,s) value
pairs; the XML Signature requires the core BigInteger values.
Params: - xmldsigBytes –
Throws: See Also:
/**
* Converts a XML Signature DSA Value to an ASN.1 DSA value.
*
* The JAVA JCE DSA Signature algorithm creates ASN.1 encoded (r,s) value
* pairs; the XML Signature requires the core BigInteger values.
*
* @param xmldsigBytes
*
* @throws IOException
* @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
*/
private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[])
throws IOException {
if (xmldsigBytes.length != 40) {
throw new IOException("Invalid XMLDSIG format of DSA signature");
}
int i;
for (i = 20; (i > 0) && (xmldsigBytes[20 - i] == 0); i--);
int j = i;
if (xmldsigBytes[20 - i] < 0) {
j += 1;
}
int k;
for (k = 20; (k > 0) && (xmldsigBytes[40 - k] == 0); k--);
int l = k;
if (xmldsigBytes[40 - k] < 0) {
l += 1;
}
byte asn1Bytes[] = new byte[6 + j + l];
asn1Bytes[0] = 48;
asn1Bytes[1] = (byte) (4 + j + l);
asn1Bytes[2] = 2;
asn1Bytes[3] = (byte) j;
System.arraycopy(xmldsigBytes, 20 - i, asn1Bytes, (4 + j) - i, i);
asn1Bytes[4 + j] = 2;
asn1Bytes[5 + j] = (byte) l;
System.arraycopy(xmldsigBytes, 40 - k, asn1Bytes, (6 + j + l) - k, k);
return asn1Bytes;
}
static final class SHA1withRSA extends DOMSignatureMethod {
SHA1withRSA(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException {
super(params);
}
SHA1withRSA(Element dmElem) throws MarshalException {
super(dmElem);
}
public String getAlgorithm() {
return SignatureMethod.RSA_SHA1;
}
String getSignatureAlgorithm() {
return "SHA1withRSA";
}
}
static final class SHA256withRSA extends DOMSignatureMethod {
SHA256withRSA(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException {
super(params);
}
SHA256withRSA(Element dmElem) throws MarshalException {
super(dmElem);
}
public String getAlgorithm() {
return RSA_SHA256;
}
String getSignatureAlgorithm() {
return "SHA256withRSA";
}
}
static final class SHA384withRSA extends DOMSignatureMethod {
SHA384withRSA(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException {
super(params);
}
SHA384withRSA(Element dmElem) throws MarshalException {
super(dmElem);
}
public String getAlgorithm() {
return RSA_SHA384;
}
String getSignatureAlgorithm() {
return "SHA384withRSA";
}
}
static final class SHA512withRSA extends DOMSignatureMethod {
SHA512withRSA(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException {
super(params);
}
SHA512withRSA(Element dmElem) throws MarshalException {
super(dmElem);
}
public String getAlgorithm() {
return RSA_SHA512;
}
String getSignatureAlgorithm() {
return "SHA512withRSA";
}
}
static final class SHA1withDSA extends DOMSignatureMethod {
SHA1withDSA(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException {
super(params);
}
SHA1withDSA(Element dmElem) throws MarshalException {
super(dmElem);
}
public String getAlgorithm() {
return SignatureMethod.DSA_SHA1;
}
String getSignatureAlgorithm() {
return "SHA1withDSA";
}
}
}