src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java
Print this page
@@ -1,98 +1,98 @@
/*
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-/*
- * Copyright 2005 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
/*
* Copyright (c) 2005, 2008, Oracle and/or its affiliates. All rights reserved.
*/
/*
- * $Id: DOMSignatureMethod.java,v 1.2 2008/07/24 15:20:32 mullan Exp $
+ * $Id: DOMSignatureMethod.java 1333415 2012-05-03 12:03:51Z coheigea $
*/
package org.jcp.xml.dsig.internal.dom;
import javax.xml.crypto.*;
-import javax.xml.crypto.dom.DOMCryptoContext;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import java.io.IOException;
import java.security.*;
import java.security.spec.AlgorithmParameterSpec;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.Node;
+import com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureECDSA;
import org.jcp.xml.dsig.internal.SignerOutputStream;
/**
* DOM-based abstract implementation of SignatureMethod.
*
* @author Sean Mullan
*/
-public abstract class DOMSignatureMethod extends DOMStructure
- implements SignatureMethod {
+public abstract class DOMSignatureMethod extends AbstractDOMSignatureMethod {
- private static Logger log =
- Logger.getLogger("org.jcp.xml.dsig.internal.dom");
+ private static java.util.logging.Logger log =
+ java.util.logging.Logger.getLogger("org.jcp.xml.dsig.internal.dom");
+
+ private SignatureMethodParameterSpec params;
+ private Signature signature;
// see RFC 4051 for these algorithm definitions
- final static String RSA_SHA256 =
+ static final String RSA_SHA256 =
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
- final static String RSA_SHA384 =
+ static final String RSA_SHA384 =
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
- final static String RSA_SHA512 =
+ static final String RSA_SHA512 =
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
- final static String HMAC_SHA256 =
- "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256";
- final static String HMAC_SHA384 =
- "http://www.w3.org/2001/04/xmldsig-more#hmac-sha384";
- final static String HMAC_SHA512 =
- "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512";
-
- private SignatureMethodParameterSpec params;
- private Signature signature;
+ static final String ECDSA_SHA1 =
+ "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1";
+ static final String ECDSA_SHA256 =
+ "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";
+ static final String ECDSA_SHA384 =
+ "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384";
+ static final String ECDSA_SHA512 =
+ "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512";
/**
* Creates a <code>DOMSignatureMethod</code>.
*
* @param params the algorithm-specific params (may be <code>null</code>)
* @throws InvalidAlgorithmParameterException if the parameters are not
* appropriate for this signature method
*/
DOMSignatureMethod(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException {
+ throws InvalidAlgorithmParameterException
+ {
if (params != null &&
!(params instanceof SignatureMethodParameterSpec)) {
throw new InvalidAlgorithmParameterException
("params must be of type SignatureMethodParameterSpec");
}
- checkParams((SignatureMethodParameterSpec) params);
- this.params = (SignatureMethodParameterSpec) params;
+ checkParams((SignatureMethodParameterSpec)params);
+ this.params = (SignatureMethodParameterSpec)params;
}
/**
* Creates a <code>DOMSignatureMethod</code> from an element. This ctor
- * invokes the abstract {@link #unmarshalParams unmarshalParams} method to
+ * invokes the {@link #unmarshalParams unmarshalParams} method to
* unmarshal any algorithm-specific input parameters.
*
* @param smElem a SignatureMethod element
*/
DOMSignatureMethod(Element smElem) throws MarshalException {
@@ -117,185 +117,116 @@
return new SHA384withRSA(smElem);
} else if (alg.equals(RSA_SHA512)) {
return new SHA512withRSA(smElem);
} else if (alg.equals(SignatureMethod.DSA_SHA1)) {
return new SHA1withDSA(smElem);
+ } else if (alg.equals(ECDSA_SHA1)) {
+ return new SHA1withECDSA(smElem);
+ } else if (alg.equals(ECDSA_SHA256)) {
+ return new SHA256withECDSA(smElem);
+ } else if (alg.equals(ECDSA_SHA384)) {
+ return new SHA384withECDSA(smElem);
+ } else if (alg.equals(ECDSA_SHA512)) {
+ return new SHA512withECDSA(smElem);
} else if (alg.equals(SignatureMethod.HMAC_SHA1)) {
return new DOMHMACSignatureMethod.SHA1(smElem);
- } else if (alg.equals(HMAC_SHA256)) {
+ } else if (alg.equals(DOMHMACSignatureMethod.HMAC_SHA256)) {
return new DOMHMACSignatureMethod.SHA256(smElem);
- } else if (alg.equals(HMAC_SHA384)) {
+ } else if (alg.equals(DOMHMACSignatureMethod.HMAC_SHA384)) {
return new DOMHMACSignatureMethod.SHA384(smElem);
- } else if (alg.equals(HMAC_SHA512)) {
+ } else if (alg.equals(DOMHMACSignatureMethod.HMAC_SHA512)) {
return new DOMHMACSignatureMethod.SHA512(smElem);
} else {
throw new MarshalException
("unsupported SignatureMethod algorithm: " + alg);
}
}
- /**
- * Checks if the specified parameters are valid for this algorithm. By
- * default, this method throws an exception if parameters are specified
- * since most SignatureMethod algorithms do not have parameters. Subclasses
- * should override it if they have parameters.
- *
- * @param params the algorithm-specific params (may be <code>null</code>)
- * @throws InvalidAlgorithmParameterException if the parameters are not
- * appropriate for this signature method
- */
- void checkParams(SignatureMethodParameterSpec params)
- throws InvalidAlgorithmParameterException {
- if (params != null) {
- throw new InvalidAlgorithmParameterException("no parameters " +
- "should be specified for the " + getSignatureAlgorithm()
- + " SignatureMethod algorithm");
- }
- }
-
public final AlgorithmParameterSpec getParameterSpec() {
return params;
}
- /**
- * Unmarshals <code>SignatureMethodParameterSpec</code> from the specified
- * <code>Element</code>. By default, this method throws an exception since
- * most SignatureMethod algorithms do not have parameters. Subclasses should
- * override it if they have parameters.
- *
- * @param paramsElem the <code>Element</code> holding the input params
- * @return the algorithm-specific <code>SignatureMethodParameterSpec</code>
- * @throws MarshalException if the parameters cannot be unmarshalled
- */
- SignatureMethodParameterSpec
- unmarshalParams(Element paramsElem) throws MarshalException {
- throw new MarshalException("no parameters should " +
- "be specified for the " + getSignatureAlgorithm() +
- " SignatureMethod algorithm");
- }
-
- /**
- * This method invokes the abstract {@link #marshalParams marshalParams}
- * method to marshal any algorithm-specific parameters.
- */
- public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
- throws MarshalException {
- Document ownerDoc = DOMUtils.getOwnerDocument(parent);
-
- Element smElem = DOMUtils.createElement
- (ownerDoc, "SignatureMethod", XMLSignature.XMLNS, dsPrefix);
- DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());
-
- if (params != null) {
- marshalParams(smElem, dsPrefix);
- }
-
- parent.appendChild(smElem);
- }
-
- /**
- * Verifies the passed-in signature with the specified key, using the
- * underlying signature or MAC algorithm.
- *
- * @param key the verification key
- * @param si the DOMSignedInfo
- * @param signature the signature bytes to be verified
- * @param context the XMLValidateContext
- * @return <code>true</code> if the signature verified successfully,
- * <code>false</code> if not
- * @throws NullPointerException if <code>key</code>, <code>si</code> or
- * <code>signature</code> are <code>null</code>
- * @throws InvalidKeyException if the key is improperly encoded, of
- * the wrong type, or parameters are missing, etc
- * @throws SignatureException if an unexpected error occurs, such
- * as the passed in signature is improperly encoded
- * @throws XMLSignatureException if an unexpected error occurs
- */
- boolean verify(Key key, DOMSignedInfo si, byte[] sig,
- XMLValidateContext context) throws InvalidKeyException,
- SignatureException, XMLSignatureException {
+ boolean verify(Key key, SignedInfo si, byte[] sig,
+ XMLValidateContext context)
+ throws InvalidKeyException, SignatureException, XMLSignatureException
+ {
if (key == null || si == null || sig == null) {
throw new NullPointerException();
}
if (!(key instanceof PublicKey)) {
throw new InvalidKeyException("key must be PublicKey");
}
if (signature == null) {
try {
- Provider p = (Provider) context.getProperty
+ Provider p = (Provider)context.getProperty
("org.jcp.xml.dsig.internal.dom.SignatureProvider");
signature = (p == null)
- ? Signature.getInstance(getSignatureAlgorithm())
- : Signature.getInstance(getSignatureAlgorithm(), p);
+ ? Signature.getInstance(getJCAAlgorithm())
+ : Signature.getInstance(getJCAAlgorithm(), p);
} catch (NoSuchAlgorithmException nsae) {
throw new XMLSignatureException(nsae);
}
}
- signature.initVerify((PublicKey) key);
- if (log.isLoggable(Level.FINE)) {
- log.log(Level.FINE, "Signature provider:"+ signature.getProvider());
- log.log(Level.FINE, "verifying with key: " + key);
+ signature.initVerify((PublicKey)key);
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, "Signature provider:" + signature.getProvider());
+ log.log(java.util.logging.Level.FINE, "verifying with key: " + key);
}
- si.canonicalize(context, new SignerOutputStream(signature));
+ ((DOMSignedInfo)si).canonicalize(context,
+ new SignerOutputStream(signature));
- if (getAlgorithm().equals(SignatureMethod.DSA_SHA1)) {
try {
+ Type type = getAlgorithmType();
+ if (type == Type.DSA) {
return signature.verify(convertXMLDSIGtoASN1(sig));
- } catch (IOException ioe) {
- throw new XMLSignatureException(ioe);
- }
+ } else if (type == Type.ECDSA) {
+ return signature.verify(SignatureECDSA.convertXMLDSIGtoASN1(sig));
} else {
return signature.verify(sig);
}
+ } catch (IOException ioe) {
+ throw new XMLSignatureException(ioe);
+ }
}
- /**
- * Signs the bytes with the specified key, using the underlying
- * signature or MAC algorithm.
- *
- * @param key the signing key
- * @param si the DOMSignedInfo
- * @param context the XMLSignContext
- * @return the signature
- * @throws NullPointerException if <code>key</code> or
- * <code>si</code> are <code>null</code>
- * @throws InvalidKeyException if the key is improperly encoded, of
- * the wrong type, or parameters are missing, etc
- * @throws XMLSignatureException if an unexpected error occurs
- */
- byte[] sign(Key key, DOMSignedInfo si, XMLSignContext context)
- throws InvalidKeyException, XMLSignatureException {
+ byte[] sign(Key key, SignedInfo si, XMLSignContext context)
+ throws InvalidKeyException, XMLSignatureException
+ {
if (key == null || si == null) {
throw new NullPointerException();
}
if (!(key instanceof PrivateKey)) {
throw new InvalidKeyException("key must be PrivateKey");
}
if (signature == null) {
try {
- Provider p = (Provider) context.getProperty
+ Provider p = (Provider)context.getProperty
("org.jcp.xml.dsig.internal.dom.SignatureProvider");
signature = (p == null)
- ? Signature.getInstance(getSignatureAlgorithm())
- : Signature.getInstance(getSignatureAlgorithm(), p);
+ ? Signature.getInstance(getJCAAlgorithm())
+ : Signature.getInstance(getJCAAlgorithm(), p);
} catch (NoSuchAlgorithmException nsae) {
throw new XMLSignatureException(nsae);
}
}
- signature.initSign((PrivateKey) key);
- if (log.isLoggable(Level.FINE)) {
- log.log(Level.FINE, "Signature provider:" +signature.getProvider());
- log.log(Level.FINE, "Signing with key: " + key);
+ signature.initSign((PrivateKey)key);
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, "Signature provider:" + signature.getProvider());
+ log.log(java.util.logging.Level.FINE, "Signing with key: " + key);
}
- si.canonicalize(context, new SignerOutputStream(signature));
+ ((DOMSignedInfo)si).canonicalize(context,
+ new SignerOutputStream(signature));
try {
- if (getAlgorithm().equals(SignatureMethod.DSA_SHA1)) {
+ Type type = getAlgorithmType();
+ if (type == Type.DSA) {
return convertASN1toXMLDSIG(signature.sign());
+ } else if (type == Type.ECDSA) {
+ return SignatureECDSA.convertASN1toXMLDSIG(signature.sign());
} else {
return signature.sign();
}
} catch (SignatureException se) {
throw new XMLSignatureException(se);
@@ -303,56 +234,10 @@
throw new XMLSignatureException(ioe);
}
}
/**
- * Marshals the algorithm-specific parameters to an Element and
- * appends it to the specified parent element. By default, this method
- * throws an exception since most SignatureMethod algorithms do not have
- * parameters. Subclasses should override it if they have parameters.
- *
- * @param parent the parent element to append the parameters to
- * @param paramsPrefix the algorithm parameters prefix to use
- * @throws MarshalException if the parameters cannot be marshalled
- */
- void marshalParams(Element parent, String paramsPrefix)
- throws MarshalException {
- throw new MarshalException("no parameters should " +
- "be specified for the " + getSignatureAlgorithm() +
- " SignatureMethod algorithm");
- }
-
- /**
- * Returns the java.security.Signature standard algorithm name.
- */
- abstract String getSignatureAlgorithm();
-
- /**
- * Returns true if parameters are equal; false otherwise.
- *
- * Subclasses should override this method to compare algorithm-specific
- * parameters.
- */
- boolean paramsEqual(AlgorithmParameterSpec spec) {
- return (getParameterSpec() == spec);
- }
-
- public boolean equals(Object o) {
- if (this == o) {
- return true;
- }
-
- if (!(o instanceof SignatureMethod)) {
- return false;
- }
- SignatureMethod osm = (SignatureMethod) o;
-
- return (getAlgorithm().equals(osm.getAlgorithm()) &&
- paramsEqual(osm.getParameterSpec()));
- }
-
- /**
* Converts an ASN.1 DSA value to a XML Signature DSA Value.
*
* The JAVA JCE DSA Signature algorithm creates ASN.1 encoded (r,s) value
* pairs; the XML Signature requires the core BigInteger values.
*
@@ -360,12 +245,12 @@
*
* @throws IOException
* @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
*/
private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[])
- throws IOException {
-
+ throws IOException
+ {
byte rLength = asn1Bytes[3];
int i;
for (i = rLength; (i > 0) && (asn1Bytes[(4 + rLength) - i] == 0); i--);
@@ -400,12 +285,12 @@
*
* @throws IOException
* @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
*/
private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[])
- throws IOException {
-
+ throws IOException
+ {
if (xmldsigBytes.length != 40) {
throw new IOException("Invalid XMLDSIG format of DSA signature");
}
int i;
@@ -429,13 +314,13 @@
}
byte asn1Bytes[] = new byte[6 + j + l];
asn1Bytes[0] = 48;
- asn1Bytes[1] = (byte) (4 + j + l);
+ asn1Bytes[1] = (byte)(4 + j + l);
asn1Bytes[2] = 2;
- asn1Bytes[3] = (byte) j;
+ asn1Bytes[3] = (byte)j;
System.arraycopy(xmldsigBytes, 20 - i, asn1Bytes, (4 + j) - i, i);
asn1Bytes[4 + j] = 2;
asn1Bytes[5 + j] = (byte) l;
@@ -454,13 +339,16 @@
super(dmElem);
}
public String getAlgorithm() {
return SignatureMethod.RSA_SHA1;
}
- String getSignatureAlgorithm() {
+ String getJCAAlgorithm() {
return "SHA1withRSA";
}
+ Type getAlgorithmType() {
+ return Type.RSA;
+ }
}
static final class SHA256withRSA extends DOMSignatureMethod {
SHA256withRSA(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException {
@@ -470,13 +358,16 @@
super(dmElem);
}
public String getAlgorithm() {
return RSA_SHA256;
}
- String getSignatureAlgorithm() {
+ String getJCAAlgorithm() {
return "SHA256withRSA";
}
+ Type getAlgorithmType() {
+ return Type.RSA;
+ }
}
static final class SHA384withRSA extends DOMSignatureMethod {
SHA384withRSA(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException {
@@ -486,13 +377,16 @@
super(dmElem);
}
public String getAlgorithm() {
return RSA_SHA384;
}
- String getSignatureAlgorithm() {
+ String getJCAAlgorithm() {
return "SHA384withRSA";
}
+ Type getAlgorithmType() {
+ return Type.RSA;
+ }
}
static final class SHA512withRSA extends DOMSignatureMethod {
SHA512withRSA(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException {
@@ -502,13 +396,16 @@
super(dmElem);
}
public String getAlgorithm() {
return RSA_SHA512;
}
- String getSignatureAlgorithm() {
+ String getJCAAlgorithm() {
return "SHA512withRSA";
}
+ Type getAlgorithmType() {
+ return Type.RSA;
+ }
}
static final class SHA1withDSA extends DOMSignatureMethod {
SHA1withDSA(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException {
@@ -518,10 +415,89 @@
super(dmElem);
}
public String getAlgorithm() {
return SignatureMethod.DSA_SHA1;
}
- String getSignatureAlgorithm() {
+ String getJCAAlgorithm() {
return "SHA1withDSA";
}
+ Type getAlgorithmType() {
+ return Type.DSA;
+ }
+ }
+
+ static final class SHA1withECDSA extends DOMSignatureMethod {
+ SHA1withECDSA(AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException {
+ super(params);
+ }
+ SHA1withECDSA(Element dmElem) throws MarshalException {
+ super(dmElem);
+ }
+ public String getAlgorithm() {
+ return ECDSA_SHA1;
+ }
+ String getJCAAlgorithm() {
+ return "SHA1withECDSA";
+ }
+ Type getAlgorithmType() {
+ return Type.ECDSA;
+ }
+ }
+
+ static final class SHA256withECDSA extends DOMSignatureMethod {
+ SHA256withECDSA(AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException {
+ super(params);
+ }
+ SHA256withECDSA(Element dmElem) throws MarshalException {
+ super(dmElem);
+ }
+ public String getAlgorithm() {
+ return ECDSA_SHA256;
+ }
+ String getJCAAlgorithm() {
+ return "SHA256withECDSA";
+ }
+ Type getAlgorithmType() {
+ return Type.ECDSA;
+ }
+ }
+
+ static final class SHA384withECDSA extends DOMSignatureMethod {
+ SHA384withECDSA(AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException {
+ super(params);
+ }
+ SHA384withECDSA(Element dmElem) throws MarshalException {
+ super(dmElem);
+ }
+ public String getAlgorithm() {
+ return ECDSA_SHA384;
+ }
+ String getJCAAlgorithm() {
+ return "SHA384withECDSA";
+ }
+ Type getAlgorithmType() {
+ return Type.ECDSA;
+ }
+ }
+
+ static final class SHA512withECDSA extends DOMSignatureMethod {
+ SHA512withECDSA(AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException {
+ super(params);
+ }
+ SHA512withECDSA(Element dmElem) throws MarshalException {
+ super(dmElem);
+ }
+ public String getAlgorithm() {
+ return ECDSA_SHA512;
+ }
+ String getJCAAlgorithm() {
+ return "SHA512withECDSA";
+ }
+ Type getAlgorithmType() {
+ return Type.ECDSA;
+ }
}
}