/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.xml.security.algorithms.implementations;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.AlgorithmParameterSpec;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.algorithms.SignatureAlgorithmSpi;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.utils.Base64;
/**
*
* @author $Author: raul $
* @author Alex Dupre
*/
public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
private static org.slf4j.Logger log =
org.slf4j.LoggerFactory.getLogger(SignatureECDSA.class);
/** @inheritDoc */
public abstract String engineGetURI();
/** Field algorithm */
private Signature signatureAlgorithm = null;
/**
* Converts an ASN.1 ECDSA value to a XML Signature ECDSA Value.
*
* The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value
* pairs; the XML Signature requires the core BigInteger values.
*
* @param asn1Bytes
* @return the decode bytes
*
* @throws IOException
* @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
* @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
*/
public static byte[] convertASN1toXMLDSIG(byte asn1Bytes[]) throws IOException {
if (asn1Bytes.length < 8 || asn1Bytes[0] != 48) {
throw new IOException("Invalid ASN.1 format of ECDSA signature");
}
int offset;
if (asn1Bytes[1] > 0) {
offset = 2;
} else if (asn1Bytes[1] == (byte) 0x81) {
offset = 3;
} else {
throw new IOException("Invalid ASN.1 format of ECDSA signature");
}
byte rLength = asn1Bytes[offset + 1];
int i;
for (i = rLength; i > 0 && asn1Bytes[offset + 2 + rLength - i] == 0; i--);
byte sLength = asn1Bytes[offset + 2 + rLength + 1];
int j;
for (j = sLength;
j > 0 && asn1Bytes[offset + 2 + rLength + 2 + sLength - j] == 0; j--);
int rawLen = Math.max(i, j);
if ((asn1Bytes[offset - 1] & 0xff) != asn1Bytes.length - offset
|| (asn1Bytes[offset - 1] & 0xff) != 2 + rLength + 2 + sLength
|| asn1Bytes[offset] != 2
|| asn1Bytes[offset + 2 + rLength] != 2) {
throw new IOException("Invalid ASN.1 format of ECDSA signature");
}
byte xmldsigBytes[] = new byte[2*rawLen];
System.arraycopy(asn1Bytes, offset + 2 + rLength - i, xmldsigBytes, rawLen - i, i);
System.arraycopy(asn1Bytes, offset + 2 + rLength + 2 + sLength - j, xmldsigBytes,
2 * rawLen - j, j);
return xmldsigBytes;
}
/**
* Converts a XML Signature ECDSA Value to an ASN.1 DSA value.
*
* The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value
* pairs; the XML Signature requires the core BigInteger values.
*
* @param xmldsigBytes
* @return the encoded ASN.1 bytes
*
* @throws IOException
* @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
* @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
*/
public static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[]) throws IOException {
int rawLen = xmldsigBytes.length/2;
int i;
for (i = rawLen; i > 0 && xmldsigBytes[rawLen - i] == 0; i--);
int j = i;
if (xmldsigBytes[rawLen - i] < 0) {
j += 1;
}
int k;
for (k = rawLen; k > 0 && xmldsigBytes[2*rawLen - k] == 0; k--);
int l = k;
if (xmldsigBytes[2*rawLen - k] < 0) {
l += 1;
}
int len = 2 + j + 2 + l;
if (len > 255) {
throw new IOException("Invalid XMLDSIG format of ECDSA signature");
}
int offset;
byte asn1Bytes[];
if (len < 128) {
asn1Bytes = new byte[2 + 2 + j + 2 + l];
offset = 1;
} else {
asn1Bytes = new byte[3 + 2 + j + 2 + l];
asn1Bytes[1] = (byte) 0x81;
offset = 2;
}
asn1Bytes[0] = 48;
asn1Bytes[offset++] = (byte) len;
asn1Bytes[offset++] = 2;
asn1Bytes[offset++] = (byte) j;
System.arraycopy(xmldsigBytes, rawLen - i, asn1Bytes, offset + j - i, i);
offset += j;
asn1Bytes[offset++] = 2;
asn1Bytes[offset++] = (byte) l;
System.arraycopy(xmldsigBytes, 2*rawLen - k, asn1Bytes, offset + l - k, k);
return asn1Bytes;
}
/**
* Constructor SignatureRSA
*
* @throws XMLSignatureException
*/
public SignatureECDSA() throws XMLSignatureException {
String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
if (log.isDebugEnabled()) {
log.debug("Created SignatureECDSA using " + algorithmID);
}
String provider = JCEMapper.getProviderId();
try {
if (provider == null) {
this.signatureAlgorithm = Signature.getInstance(algorithmID);
} else {
this.signatureAlgorithm = Signature.getInstance(algorithmID,provider);
}
} catch (java.security.NoSuchAlgorithmException ex) {
Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
} catch (NoSuchProviderException ex) {
Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
}
}
/** @inheritDoc */
protected void engineSetParameter(AlgorithmParameterSpec params)
throws XMLSignatureException {
try {
this.signatureAlgorithm.setParameter(params);
} catch (InvalidAlgorithmParameterException ex) {
throw new XMLSignatureException("empty", ex);
}
}
/** @inheritDoc */
protected boolean engineVerify(byte[] signature) throws XMLSignatureException {
try {
byte[] jcebytes = SignatureECDSA.convertXMLDSIGtoASN1(signature);
if (log.isDebugEnabled()) {
log.debug("Called ECDSA.verify() on " + Base64.encode(signature));
}
return this.signatureAlgorithm.verify(jcebytes);
} catch (SignatureException ex) {
throw new XMLSignatureException("empty", ex);
} catch (IOException ex) {
throw new XMLSignatureException("empty", ex);
}
}
/** @inheritDoc */
protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
if (!(publicKey instanceof PublicKey)) {
String supplied = publicKey.getClass().getName();
String needed = PublicKey.class.getName();
Object exArgs[] = { supplied, needed };
throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
}
try {
this.signatureAlgorithm.initVerify((PublicKey) publicKey);
} catch (InvalidKeyException ex) {
// reinstantiate Signature object to work around bug in JDK
// see: http://bugs.sun.com/view_bug.do?bug_id=4953555
Signature sig = this.signatureAlgorithm;
try {
this.signatureAlgorithm = Signature.getInstance(signatureAlgorithm.getAlgorithm());
} catch (Exception e) {
// this shouldn't occur, but if it does, restore previous
// Signature
if (log.isDebugEnabled()) {
log.debug("Exception when reinstantiating Signature:" + e);
}
this.signatureAlgorithm = sig;
}
throw new XMLSignatureException("empty", ex);
}
}
/** @inheritDoc */
protected byte[] engineSign() throws XMLSignatureException {
try {
byte jcebytes[] = this.signatureAlgorithm.sign();
return SignatureECDSA.convertASN1toXMLDSIG(jcebytes);
} catch (SignatureException ex) {
throw new XMLSignatureException("empty", ex);
} catch (IOException ex) {
throw new XMLSignatureException("empty", ex);
}
}
/** @inheritDoc */
protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
throws XMLSignatureException {
if (!(privateKey instanceof PrivateKey)) {
String supplied = privateKey.getClass().getName();
String needed = PrivateKey.class.getName();
Object exArgs[] = { supplied, needed };
throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
}
try {
this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
} catch (InvalidKeyException ex) {
throw new XMLSignatureException("empty", ex);
}
}
/** @inheritDoc */
protected void engineInitSign(Key privateKey) throws XMLSignatureException {
if (!(privateKey instanceof PrivateKey)) {
String supplied = privateKey.getClass().getName();
String needed = PrivateKey.class.getName();
Object exArgs[] = { supplied, needed };
throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
}
try {
this.signatureAlgorithm.initSign((PrivateKey) privateKey);
} catch (InvalidKeyException ex) {
throw new XMLSignatureException("empty", ex);
}
}
/** @inheritDoc */
protected void engineUpdate(byte[] input) throws XMLSignatureException {
try {
this.signatureAlgorithm.update(input);
} catch (SignatureException ex) {
throw new XMLSignatureException("empty", ex);
}
}
/** @inheritDoc */
protected void engineUpdate(byte input) throws XMLSignatureException {
try {
this.signatureAlgorithm.update(input);
} catch (SignatureException ex) {
throw new XMLSignatureException("empty", ex);
}
}
/** @inheritDoc */
protected void engineUpdate(byte buf[], int offset, int len) throws XMLSignatureException {
try {
this.signatureAlgorithm.update(buf, offset, len);
} catch (SignatureException ex) {
throw new XMLSignatureException("empty", ex);
}
}
/** @inheritDoc */
protected String engineGetJCEAlgorithmString() {
return this.signatureAlgorithm.getAlgorithm();
}
/** @inheritDoc */
protected String engineGetJCEProviderName() {
return this.signatureAlgorithm.getProvider().getName();
}
/** @inheritDoc */
protected void engineSetHMACOutputLength(int HMACOutputLength)
throws XMLSignatureException {
throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
}
/** @inheritDoc */
protected void engineInitSign(
Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
) throws XMLSignatureException {
throw new XMLSignatureException("algorithms.CannotUseAlgorithmParameterSpecOnRSA");
}
/**
* Class SignatureECDSASHA1
*
* @author $Author: marcx $
*/
public static class SignatureECDSASHA1 extends SignatureECDSA {
/**
* Constructor SignatureECDSASHA1
*
* @throws XMLSignatureException
*/
public SignatureECDSASHA1() throws XMLSignatureException {
super();
}
/** @inheritDoc */
public String engineGetURI() {
return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1;
}
}
/**
* Class SignatureECDSASHA224
*/
public static class SignatureECDSASHA224 extends SignatureECDSA {
/**
* Constructor SignatureECDSASHA224
*
* @throws XMLSignatureException
*/
public SignatureECDSASHA224() throws XMLSignatureException {
super();
}
/** @inheritDoc */
public String engineGetURI() {
return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA224;
}
}
/**
* Class SignatureECDSASHA256
*
* @author Alex Dupre
*/
public static class SignatureECDSASHA256 extends SignatureECDSA {
/**
* Constructor SignatureECDSASHA256
*
* @throws XMLSignatureException
*/
public SignatureECDSASHA256() throws XMLSignatureException {
super();
}
/** @inheritDoc */
public String engineGetURI() {
return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256;
}
}
/**
* Class SignatureECDSASHA384
*
* @author Alex Dupre
*/
public static class SignatureECDSASHA384 extends SignatureECDSA {
/**
* Constructor SignatureECDSASHA384
*
* @throws XMLSignatureException
*/
public SignatureECDSASHA384() throws XMLSignatureException {
super();
}
/** @inheritDoc */
public String engineGetURI() {
return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA384;
}
}
/**
* Class SignatureECDSASHA512
*
* @author Alex Dupre
*/
public static class SignatureECDSASHA512 extends SignatureECDSA {
/**
* Constructor SignatureECDSASHA512
*
* @throws XMLSignatureException
*/
public SignatureECDSASHA512() throws XMLSignatureException {
super();
}
/** @inheritDoc */
public String engineGetURI() {
return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512;
}
}
/**
* Class SignatureECDSARIPEMD160
*/
public static class SignatureECDSARIPEMD160 extends SignatureECDSA {
/**
* Constructor SignatureECDSARIPEMD160
*
* @throws XMLSignatureException
*/
public SignatureECDSARIPEMD160() throws XMLSignatureException {
super();
}
/** @inheritDoc */
public String engineGetURI() {
return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160;
}
}
}