Examples with SignatureAlgorithms org.openecard.crypto.common.SignatureAlgorithms used on opensource projects

Search in sources :

Example 1 with SignatureAlgorithms

use of org.openecard.crypto.common.SignatureAlgorithms in project open-ecard by ecsec.

the class CIFCreator method addMechanism.

private void addMechanism(MwPublicKey pubKey, MwMechanism mechanism, ArrayList<SignatureAlgorithms> sigAlgs) throws CryptokiException {
    try {
        SignatureAlgorithms sigAlg = mechanism.getSignatureAlgorithm();
        LOG.debug("Card signature algorithm: {}", sigAlg);
        // only use algorithms matching the key type
        long keyType = sigAlg.getKeyType().getPkcs11Mechanism();
        if (keyType == pubKey.getKeyType()) {
            // only use algorithm if it is in whitelist
            if (cardAlgorithms.contains(sigAlg)) {
                LOG.debug("Allowing signature algorithm: {}", sigAlg);
                sigAlgs.add(sigAlg);
            } else {
                LOG.debug("Not using signature algorithm {}, because it is not in whitelist for this card.", sigAlg);
            }
        }
    } catch (UnsupportedAlgorithmException ex) {
        LOG.warn("Skipping unknown signature algorithm ({}).", mechanism);
    }
}
Also used : SignatureAlgorithms(org.openecard.crypto.common.SignatureAlgorithms) UnsupportedAlgorithmException(org.openecard.crypto.common.UnsupportedAlgorithmException)

Example 2 with SignatureAlgorithms

use of org.openecard.crypto.common.SignatureAlgorithms in project open-ecard by ecsec.

the class Signer method sign.

public byte[] sign(byte[] data) throws NoSuchDid, WSHelper.WSException, SecurityConditionUnsatisfiable, ParameterInvalid, SlotHandleInvalid, PinBlocked {
    Semaphore s = getLock(handle.getIFDName());
    boolean acquired = false;
    try {
        s.acquire();
        acquired = true;
        // get crypto dids
        DidInfos didInfos = tokenCache.getInfo(pin, handle);
        DidInfo didInfo = didInfos.getDidInfo(didName);
        didInfo.connectApplication();
        didInfo.authenticateMissing();
        CryptoMarkerType cryptoMarker = didInfo.getGenericCryptoMarker();
        String algUri = cryptoMarker.getAlgorithmInfo().getAlgorithmIdentifier().getAlgorithm();
        try {
            SignatureAlgorithms alg = SignatureAlgorithms.fromAlgId(algUri);
            // calculate hash if needed
            byte[] digest = data;
            if (alg.getHashAlg() != null && (cryptoMarker.getHashGenerationInfo() == null || cryptoMarker.getHashGenerationInfo() == HashGenerationInfoType.NOT_ON_CARD)) {
                digest = didInfo.hash(digest);
            }
            // wrap hash in DigestInfo if needed
            if (alg == SignatureAlgorithms.CKM_RSA_PKCS) {
                try {
                    ASN1ObjectIdentifier digestOid = getHashAlgOid(data);
                    DigestInfo di = new DigestInfo(new AlgorithmIdentifier(digestOid, DERNull.INSTANCE), digest);
                    byte[] sigMsg = di.getEncoded(ASN1Encoding.DER);
                    digest = sigMsg;
                } catch (IOException ex) {
                    String msg = "Error encoding DigestInfo object.";
                    Result r = WSHelper.makeResultError(ECardConstants.Minor.App.INT_ERROR, msg);
                    throw WSHelper.createException(r);
                } catch (InvalidParameterException ex) {
                    String msg = "Hash algorithm could not be determined for the given hash.";
                    Result r = WSHelper.makeResultError(ECardConstants.Minor.App.INCORRECT_PARM, msg);
                    throw WSHelper.createException(r);
                }
            }
            byte[] signature = didInfo.sign(digest);
            return signature;
        } catch (UnsupportedAlgorithmException ex) {
            String msg = String.format("DID uses unsupported algorithm %s.", algUri);
            throw WSHelper.createException(WSHelper.makeResultError(ECardConstants.Minor.App.INT_ERROR, msg));
        }
    } catch (WSHelper.WSException ex) {
        String minor = StringUtils.nullToEmpty(ex.getResultMinor());
        switch(minor) {
            case ECardConstants.Minor.App.INCORRECT_PARM:
                throw new ParameterInvalid(ex.getMessage(), ex);
            case ECardConstants.Minor.IFD.INVALID_SLOT_HANDLE:
                throw new SlotHandleInvalid(ex.getMessage(), ex);
            case ECardConstants.Minor.IFD.PASSWORD_BLOCKED:
            case ECardConstants.Minor.IFD.PASSWORD_SUSPENDED:
            case ECardConstants.Minor.IFD.PASSWORD_DEACTIVATED:
                throw new PinBlocked(ex.getMessage(), ex);
            case ECardConstants.Minor.SAL.SECURITY_CONDITION_NOT_SATISFIED:
                throw new SecurityConditionUnsatisfiable(ex.getMessage(), ex);
            case ECardConstants.Minor.IFD.CANCELLATION_BY_USER:
            case ECardConstants.Minor.SAL.CANCELLATION_BY_USER:
                throw new ThreadTerminateException("Signature generation cancelled.", ex);
            default:
                throw ex;
        }
    } catch (InvocationTargetExceptionUnchecked ex) {
        if (ex.getCause() instanceof InterruptedException || ex.getCause() instanceof ThreadTerminateException) {
            throw new ThreadTerminateException("Signature creation interrupted.");
        } else {
            String msg = ex.getCause().getMessage();
            throw WSHelper.createException(WSHelper.makeResultError(ECardConstants.Minor.App.INT_ERROR, msg));
        }
    } catch (InterruptedException ex) {
        throw new ThreadTerminateException("Signature creation interrupted.");
    } finally {
        tokenCache.clearPins();
        if (acquired) {
            s.release();
        }
    }
}
Also used : WSHelper(org.openecard.common.WSHelper) PinBlocked(org.openecard.addons.cg.ex.PinBlocked) InvocationTargetExceptionUnchecked(org.openecard.common.interfaces.InvocationTargetExceptionUnchecked) SecurityConditionUnsatisfiable(org.openecard.common.SecurityConditionUnsatisfiable) CryptoMarkerType(org.openecard.crypto.common.sal.did.CryptoMarkerType) SlotHandleInvalid(org.openecard.addons.cg.ex.SlotHandleInvalid) Semaphore(java.util.concurrent.Semaphore) IOException(java.io.IOException) AlgorithmIdentifier(org.openecard.bouncycastle.asn1.x509.AlgorithmIdentifier) Result(oasis.names.tc.dss._1_0.core.schema.Result) InvalidParameterException(java.security.InvalidParameterException) DidInfo(org.openecard.crypto.common.sal.did.DidInfo) DigestInfo(org.openecard.bouncycastle.asn1.x509.DigestInfo) SignatureAlgorithms(org.openecard.crypto.common.SignatureAlgorithms) UnsupportedAlgorithmException(org.openecard.crypto.common.UnsupportedAlgorithmException) ParameterInvalid(org.openecard.addons.cg.ex.ParameterInvalid) ThreadTerminateException(org.openecard.common.ThreadTerminateException) DidInfos(org.openecard.crypto.common.sal.did.DidInfos) ASN1ObjectIdentifier(org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 3 with SignatureAlgorithms

use of org.openecard.crypto.common.SignatureAlgorithms in project open-ecard by ecsec.

the class SmartCardCredentialFactory method isRawRSA.

private boolean isRawRSA(DidInfo info) throws WSHelper.WSException, UnsupportedAlgorithmException {
    AlgorithmInfoType algInfo = info.getGenericCryptoMarker().getAlgorithmInfo();
    SignatureAlgorithms alg = SignatureAlgorithms.fromAlgId(algInfo.getAlgorithmIdentifier().getAlgorithm());
    return SignatureAlgorithms.CKM_RSA_PKCS == alg;
}
Also used : AlgorithmInfoType(iso.std.iso_iec._24727.tech.schema.AlgorithmInfoType) SignatureAlgorithms(org.openecard.crypto.common.SignatureAlgorithms)

Example 4 with SignatureAlgorithms

use of org.openecard.crypto.common.SignatureAlgorithms in project open-ecard by ecsec.

the class SmartCardSignerCredential method genSig.

private byte[] genSig(SignatureAndHashAlgorithm algorithm, byte[] sigData, boolean isRaw) throws IOException {
    SignatureAlgorithms didAlg = getDidAlgorithm();
    LOG.debug("Using DID with algorithm={}.", didAlg.getJcaAlg());
    if (algorithm != null) {
        String reqAlgStr = String.format("%s-%s", SignatureAlgorithm.getText(algorithm.getSignature()), HashAlgorithm.getText(algorithm.getHash()));
        LOG.debug("Performing TLS 1.2 signature for algorithm={}.", reqAlgStr);
        if (isRaw && isRawRSA(didAlg)) {
            // TLS >= 1.2 needs a PKCS#1 v1.5 signature and no raw RSA signature
            ASN1ObjectIdentifier hashAlgId = TlsUtils.getOIDForHashAlgorithm(algorithm.getHash());
            DigestInfo digestInfo = new DigestInfo(new AlgorithmIdentifier(hashAlgId, DERNull.INSTANCE), sigData);
            sigData = digestInfo.getEncoded(ASN1Encoding.DER);
            LOG.debug("Signing DigestInfo with algorithm={}.", hashAlgId);
        }
    } else {
        LOG.debug("Performing pre-TLS 1.2 signature.");
    }
    try {
        if (isRaw) {
            LOG.debug("Raw Signature of data={}.", ByteUtils.toHexString(sigData));
        } else {
            LOG.debug("Hashed Signature of data blob.");
            CryptoMarkerType cryptoMarker = did.getGenericCryptoMarker();
            if (didAlg.getHashAlg() != null && (cryptoMarker.getHashGenerationInfo() == null || cryptoMarker.getHashGenerationInfo() == HashGenerationInfoType.NOT_ON_CARD)) {
                sigData = did.hash(sigData);
            }
        }
        did.authenticateMissing();
        byte[] signature = did.sign(sigData);
        return signature;
    } catch (WSHelper.WSException ex) {
        String msg = "Failed to create signature because of an unknown error.";
        LOG.warn(msg, ex);
        throw new IOException(msg, ex);
    } catch (SecurityConditionUnsatisfiable ex) {
        String msg = "Access to the signature DID could not be obtained.";
        LOG.warn(msg, ex);
        throw new IOException(msg, ex);
    } catch (NoSuchDid ex) {
        String msg = "Signing DID not available anymore.";
        LOG.warn(msg, ex);
        throw new IOException(msg, ex);
    }
}
Also used : WSHelper(org.openecard.common.WSHelper) DigestInfo(org.openecard.bouncycastle.asn1.x509.DigestInfo) SignatureAlgorithms(org.openecard.crypto.common.SignatureAlgorithms) SecurityConditionUnsatisfiable(org.openecard.common.SecurityConditionUnsatisfiable) CryptoMarkerType(org.openecard.crypto.common.sal.did.CryptoMarkerType) IOException(java.io.IOException) NoSuchDid(org.openecard.crypto.common.sal.did.NoSuchDid) ASN1ObjectIdentifier(org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier) AlgorithmIdentifier(org.openecard.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 5 with SignatureAlgorithms

use of org.openecard.crypto.common.SignatureAlgorithms in project open-ecard by ecsec.

the class CardSpecType method getMappedSignatureAlgorithms.

@Nonnull
public EnumSet<SignatureAlgorithms> getMappedSignatureAlgorithms() {
    if (getSignatureAlgorithms().isEmpty()) {
        return EnumSet.allOf(SignatureAlgorithms.class);
    } else {
        EnumSet result = EnumSet.noneOf(SignatureAlgorithms.class);
        for (String next : getSignatureAlgorithms()) {
            try {
                SignatureAlgorithms alg = SignatureAlgorithms.fromJcaName(next);
                result.add(alg);
            } catch (UnsupportedAlgorithmException ex) {
                LOG.warn("Unknown JCA name specified as allowed signature algorithm: {}", next);
            }
        }
        return result;
    }
}
Also used : EnumSet(java.util.EnumSet) SignatureAlgorithms(org.openecard.crypto.common.SignatureAlgorithms) UnsupportedAlgorithmException(org.openecard.crypto.common.UnsupportedAlgorithmException) Nonnull(javax.annotation.Nonnull)

Aggregations

SignatureAlgorithms (org.openecard.crypto.common.SignatureAlgorithms)12 UnsupportedAlgorithmException (org.openecard.crypto.common.UnsupportedAlgorithmException)8 AlgorithmInfoType (iso.std.iso_iec._24727.tech.schema.AlgorithmInfoType)4 ArrayList (java.util.ArrayList)4 WSHelper (org.openecard.common.WSHelper)4 IOException (java.io.IOException)3 SecurityConditionUnsatisfiable (org.openecard.common.SecurityConditionUnsatisfiable)3 CryptoMarkerType (org.openecard.crypto.common.sal.did.CryptoMarkerType)3 DidInfo (org.openecard.crypto.common.sal.did.DidInfo)3 ASN1ObjectIdentifier (org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier)2 AlgorithmIdentifier (org.openecard.bouncycastle.asn1.x509.AlgorithmIdentifier)2 DigestInfo (org.openecard.bouncycastle.asn1.x509.DigestInfo)2 DidInfos (org.openecard.crypto.common.sal.did.DidInfos)2 NoSuchDid (org.openecard.crypto.common.sal.did.NoSuchDid)2 CryptokiException (org.openecard.mdlw.sal.exceptions.CryptokiException)2 ConnectionHandleType (iso.std.iso_iec._24727.tech.schema.ConnectionHandleType)1 DIDInfoType (iso.std.iso_iec._24727.tech.schema.DIDInfoType)1 DIDStructureType (iso.std.iso_iec._24727.tech.schema.DIDStructureType)1 HashGenerationInfoType (iso.std.iso_iec._24727.tech.schema.HashGenerationInfoType)1 HashResponse (iso.std.iso_iec._24727.tech.schema.HashResponse)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial