Example 1 with InvalidSignatureException
use of org.openecard.common.sal.exception.InvalidSignatureException in project open-ecard by ecsec.
the class VerifySignatureStep method perform.
@Override
public VerifySignatureResponse perform(VerifySignature request, Map<String, Object> internalData) {
VerifySignatureResponse response = WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
String didName = SALUtils.getDIDName(request);
DIDStructureType didStructure = SALUtils.getDIDStructure(request, didName, cardStateEntry, connectionHandle);
// required
byte[] signature = request.getSignature();
// optional
byte[] message = request.getMessage();
CryptoMarkerType cryptoMarker = new CryptoMarkerType(didStructure.getDIDMarker());
String dataSetNameCertificate = cryptoMarker.getCertificateRefs().get(0).getDataSetName();
String algorithmIdentifier = cryptoMarker.getAlgorithmInfo().getAlgorithmIdentifier().getAlgorithm();
DSIRead dsiRead = new DSIRead();
dsiRead.setConnectionHandle(connectionHandle);
dsiRead.setDSIName(dataSetNameCertificate);
DSIReadResponse dsiReadResponse = (DSIReadResponse) dispatcher.safeDeliver(dsiRead);
WSHelper.checkResult(dsiReadResponse);
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(dsiReadResponse.getDSIContent()));
Signature signatureAlgorithm;
if (algorithmIdentifier.equals(GenericCryptoUris.RSA_ENCRYPTION)) {
signatureAlgorithm = Signature.getInstance("RSA", new BouncyCastleProvider());
} else if (algorithmIdentifier.equals(GenericCryptoUris.RSASSA_PSS_SHA256)) {
signatureAlgorithm = Signature.getInstance("RAWRSASSA-PSS", new BouncyCastleProvider());
signatureAlgorithm.setParameter(new PSSParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), 32, 1));
} else if (algorithmIdentifier.equals(GenericCryptoUris.sigS_ISO9796_2)) {
return WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultUnknownError(algorithmIdentifier + " Not supported yet."));
} else if (algorithmIdentifier.equals(GenericCryptoUris.sigS_ISO9796_2rnd)) {
return WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultUnknownError(algorithmIdentifier + " Not supported yet."));
} else {
throw new IncorrectParameterException("Unknown signature algorithm.");
}
signatureAlgorithm.initVerify(cert);
if (message != null) {
signatureAlgorithm.update(message);
}
if (!signatureAlgorithm.verify(signature)) {
throw new InvalidSignatureException();
}
} catch (ECardException e) {
LOG.error(e.getMessage(), e);
response.setResult(e.getResult());
} catch (Exception e) {
response.setResult(WSHelper.makeResult(e));
}
return response;
}
Also used :
ConnectionHandleType(iso.std.iso_iec._24727.tech.schema.ConnectionHandleType)
CardStateEntry(org.openecard.common.sal.state.CardStateEntry)
InvalidSignatureException(org.openecard.common.sal.exception.InvalidSignatureException)
DSIRead(iso.std.iso_iec._24727.tech.schema.DSIRead)
CryptoMarkerType(org.openecard.crypto.common.sal.did.CryptoMarkerType)
VerifySignatureResponse(iso.std.iso_iec._24727.tech.schema.VerifySignatureResponse)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
ECardException(org.openecard.common.ECardException)
IncorrectParameterException(org.openecard.common.sal.exception.IncorrectParameterException)
InvalidSignatureException(org.openecard.common.sal.exception.InvalidSignatureException)
ECardException(org.openecard.common.ECardException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
PSSParameterSpec(java.security.spec.PSSParameterSpec)
Signature(java.security.Signature)
VerifySignature(iso.std.iso_iec._24727.tech.schema.VerifySignature)
IncorrectParameterException(org.openecard.common.sal.exception.IncorrectParameterException)
DIDStructureType(iso.std.iso_iec._24727.tech.schema.DIDStructureType)
DSIReadResponse(iso.std.iso_iec._24727.tech.schema.DSIReadResponse)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
BouncyCastleProvider(org.openecard.bouncycastle.jce.provider.BouncyCastleProvider)
MGF1ParameterSpec(java.security.spec.MGF1ParameterSpec)
Aggregations
ConnectionHandleType (iso.std.iso_iec._24727.tech.schema.ConnectionHandleType)1
DIDStructureType (iso.std.iso_iec._24727.tech.schema.DIDStructureType)1
DSIRead (iso.std.iso_iec._24727.tech.schema.DSIRead)1
DSIReadResponse (iso.std.iso_iec._24727.tech.schema.DSIReadResponse)1
VerifySignature (iso.std.iso_iec._24727.tech.schema.VerifySignature)1
VerifySignatureResponse (iso.std.iso_iec._24727.tech.schema.VerifySignatureResponse)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
Signature (java.security.Signature)1
Certificate (java.security.cert.Certificate)1
CertificateFactory (java.security.cert.CertificateFactory)1
X509Certificate (java.security.cert.X509Certificate)1
MGF1ParameterSpec (java.security.spec.MGF1ParameterSpec)1
PSSParameterSpec (java.security.spec.PSSParameterSpec)1
BouncyCastleProvider (org.openecard.bouncycastle.jce.provider.BouncyCastleProvider)1
ECardException (org.openecard.common.ECardException)1
IncorrectParameterException (org.openecard.common.sal.exception.IncorrectParameterException)1
InvalidSignatureException (org.openecard.common.sal.exception.InvalidSignatureException)1
CardStateEntry (org.openecard.common.sal.state.CardStateEntry)1
CryptoMarkerType (org.openecard.crypto.common.sal.did.CryptoMarkerType)1
