Attachment #20038 for bug #42239

View | Details | Raw Unified | Return to bug 42239
Collapse All | Expand All







import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;

import org.apache.xml.security.algorithms.SignatureAlgorithmSpi;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.utils.Base64;


/**

   private java.security.Signature _signatureAlgorithm = null;

   /**
    * Converts an ASN.1 ECDSA value to a XML Signature ECDSA Value.
    *
    * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value
    * pairs; the XML Signature requires the core BigInteger values.
    *
    * @param asn1Bytes
    * @return the decode bytes
    *
    * @throws IOException
    * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
    * @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
    */
   private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[])
           throws IOException {

      byte rLength = asn1Bytes[3];
      int i;

      for (i = rLength; (i > 0) && (asn1Bytes[(4 + rLength) - i] == 0); i--);

      byte sLength = asn1Bytes[5 + rLength];
      int j;

      for (j = sLength;
              (j > 0) && (asn1Bytes[(6 + rLength + sLength) - j] == 0); j--);

      if ((asn1Bytes[0] != 48) || (asn1Bytes[1] != asn1Bytes.length - 2)
              || (asn1Bytes[2] != 2) || (i > 24)
              || (asn1Bytes[4 + rLength] != 2) || (j > 24)) {
         throw new IOException("Invalid ASN.1 format of ECDSA signature");
      } 
      byte xmldsigBytes[] = new byte[48];

      System.arraycopy(asn1Bytes, (4 + rLength) - i, xmldsigBytes, 24 - i,
                          i);
      System.arraycopy(asn1Bytes, (6 + rLength + sLength) - j, xmldsigBytes,
                          48 - j, j);

       return xmldsigBytes;      
   }

   /**
    * Converts a XML Signature ECDSA Value to an ASN.1 DSA value.
    *
    * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value
    * pairs; the XML Signature requires the core BigInteger values.
    *
    * @param xmldsigBytes
    * @return the encoded ASN.1 bytes
    *
    * @throws IOException
    * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
    * @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
    */
   private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[])
           throws IOException {

      if (xmldsigBytes.length != 48) {
         throw new IOException("Invalid XMLDSIG format of ECDSA signature");
      }

      int i;

      for (i = 24; (i > 0) && (xmldsigBytes[24 - i] == 0); i--);

      int j = i;

      if (xmldsigBytes[24 - i] < 0) {
         j += 1;
      }

      int k;

      for (k = 24; (k > 0) && (xmldsigBytes[48 - k] == 0); k--);

      int l = k;

      if (xmldsigBytes[48 - k] < 0) {
         l += 1;
      }

      byte asn1Bytes[] = new byte[6 + j + l];

      asn1Bytes[0] = 48;
      asn1Bytes[1] = (byte) (4 + j + l);
      asn1Bytes[2] = 2;
      asn1Bytes[3] = (byte) j;

      System.arraycopy(xmldsigBytes, 24 - i, asn1Bytes, (4 + j) - i, i);

      asn1Bytes[4 + j] = 2;
      asn1Bytes[5 + j] = (byte) l;

      System.arraycopy(xmldsigBytes, 48 - k, asn1Bytes, (6 + j + l) - k, k);

      return asn1Bytes;
   }

   /**
    * Constructor SignatureRSA
    *
    * @throws XMLSignatureException

           throws XMLSignatureException {

      try {
         byte[] jcebytes = SignatureECDSA.convertXMLDSIGtoASN1(signature);

         if (log.isDebugEnabled())
            log.debug("Called ECDSA.verify() on " + Base64.encode(signature));
          
         return this._signatureAlgorithm.verify(jcebytes);
      } catch (SignatureException ex) {
         throw new XMLSignatureException("empty", ex);
      } catch (IOException ex) {
         throw new XMLSignatureException("empty", ex);
      }
   }


   protected byte[] engineSign() throws XMLSignatureException {

      try {
         byte jcebytes[] = this._signatureAlgorithm.sign();

         return SignatureECDSA.convertASN1toXMLDSIG(jcebytes);
      } catch (SignatureException ex) {
         throw new XMLSignatureException("empty", ex);
      } catch (IOException ex) {
          throw new XMLSignatureException("empty", ex);
      }
   }


Return to bug 42239

Lines 18-23 Link Here

(-)src/org/apache/xml/security/algorithms/implementations/SignatureECDSA.java.orig (-2 / +114 lines)
18		18
19		19
20		20
		21	import java.io.IOException;
21	import java.security.InvalidAlgorithmParameterException;	22	import java.security.InvalidAlgorithmParameterException;
22	import java.security.InvalidKeyException;	23	import java.security.InvalidKeyException;
23	import java.security.Key;	24	import java.security.Key;
Lines 33-38 Link Here
33	import org.apache.xml.security.algorithms.SignatureAlgorithmSpi;	34	import org.apache.xml.security.algorithms.SignatureAlgorithmSpi;
34	import org.apache.xml.security.signature.XMLSignature;	35	import org.apache.xml.security.signature.XMLSignature;
35	import org.apache.xml.security.signature.XMLSignatureException;	36	import org.apache.xml.security.signature.XMLSignatureException;
		37	import org.apache.xml.security.utils.Base64;
36		38
37		39
38	/**	40	/**
Lines 52-57 Link Here
52	private java.security.Signature _signatureAlgorithm = null;	54	private java.security.Signature _signatureAlgorithm = null;
53		55
54	/**	56	/**
		57	* Converts an ASN.1 ECDSA value to a XML Signature ECDSA Value.
		58	*
		59	* The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value
		60	* pairs; the XML Signature requires the core BigInteger values.
		61	*
		62	* @param asn1Bytes
		63	* @return the decode bytes
		64	*
		65	* @throws IOException
		66	* @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
		67	* @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
		68	*/
		69	private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[])
		70	throws IOException {
		71
		72	byte rLength = asn1Bytes[3];
		73	int i;
		74
		75	for (i = rLength; (i > 0) && (asn1Bytes[(4 + rLength) - i] == 0); i--);
		76
		77	byte sLength = asn1Bytes[5 + rLength];
		78	int j;
		79
		80	for (j = sLength;
		81	(j > 0) && (asn1Bytes[(6 + rLength + sLength) - j] == 0); j--);
		82
		83	if ((asn1Bytes[0] != 48) \|\| (asn1Bytes[1] != asn1Bytes.length - 2)
		84	\|\| (asn1Bytes[2] != 2) \|\| (i > 24)
		85	\|\| (asn1Bytes[4 + rLength] != 2) \|\| (j > 24)) {
		86	throw new IOException("Invalid ASN.1 format of ECDSA signature");
		87	}
		88	byte xmldsigBytes[] = new byte[48];
		89
		90	System.arraycopy(asn1Bytes, (4 + rLength) - i, xmldsigBytes, 24 - i,
		91	i);
		92	System.arraycopy(asn1Bytes, (6 + rLength + sLength) - j, xmldsigBytes,
		93	48 - j, j);
		94
		95	return xmldsigBytes;
		96	}
		97
		98	/**
		99	* Converts a XML Signature ECDSA Value to an ASN.1 DSA value.
		100	*
		101	* The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value
		102	* pairs; the XML Signature requires the core BigInteger values.
		103	*
		104	* @param xmldsigBytes
		105	* @return the encoded ASN.1 bytes
		106	*
		107	* @throws IOException
		108	* @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
		109	* @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
		110	*/
		111	private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[])
		112	throws IOException {
		113
		114	if (xmldsigBytes.length != 48) {
		115	throw new IOException("Invalid XMLDSIG format of ECDSA signature");
		116	}
		117
		118	int i;
		119
		120	for (i = 24; (i > 0) && (xmldsigBytes[24 - i] == 0); i--);
121
122	int j = i;
123
124	if (xmldsigBytes[24 - i] < 0) {
125	j += 1;
126	}
127
128	int k;
129
130	for (k = 24; (k > 0) && (xmldsigBytes[48 - k] == 0); k--);
131
132	int l = k;
133
134	if (xmldsigBytes[48 - k] < 0) {
135	l += 1;
136	}
137
138	byte asn1Bytes[] = new byte[6 + j + l];
139
140	asn1Bytes[0] = 48;
141	asn1Bytes[1] = (byte) (4 + j + l);
142	asn1Bytes[2] = 2;
143	asn1Bytes[3] = (byte) j;
144
145	System.arraycopy(xmldsigBytes, 24 - i, asn1Bytes, (4 + j) - i, i);
146
147	asn1Bytes[4 + j] = 2;
148	asn1Bytes[5 + j] = (byte) l;
149
150	System.arraycopy(xmldsigBytes, 48 - k, asn1Bytes, (6 + j + l) - k, k);
151
152	return asn1Bytes;
153	}
154
155	/**
55	* Constructor SignatureRSA	156	* Constructor SignatureRSA
56	*	157	*
57	* @throws XMLSignatureException	158	* @throws XMLSignatureException
Lines 98-106 Link Here
98	throws XMLSignatureException {	199	throws XMLSignatureException {
99		200
100	try {	201	try {
101	return this._signatureAlgorithm.verify(signature);	202	byte[] jcebytes = SignatureECDSA.convertXMLDSIGtoASN1(signature);
		203
		204	if (log.isDebugEnabled())
		205	log.debug("Called ECDSA.verify() on " + Base64.encode(signature));
		206
		207	return this._signatureAlgorithm.verify(jcebytes);
102	} catch (SignatureException ex) {	208	} catch (SignatureException ex) {
103	throw new XMLSignatureException("empty", ex);	209	throw new XMLSignatureException("empty", ex);
		210	} catch (IOException ex) {
		211	throw new XMLSignatureException("empty", ex);
104	}	212	}
105	}	213	}
106		214
Lines 127-135 Link Here
127	protected byte[] engineSign() throws XMLSignatureException {	235	protected byte[] engineSign() throws XMLSignatureException {
128		236
129	try {	237	try {
130	return this._signatureAlgorithm.sign();	238	byte jcebytes[] = this._signatureAlgorithm.sign();
		239
		240	return SignatureECDSA.convertASN1toXMLDSIG(jcebytes);
131	} catch (SignatureException ex) {	241	} catch (SignatureException ex) {
132	throw new XMLSignatureException("empty", ex);	242	throw new XMLSignatureException("empty", ex);
		243	} catch (IOException ex) {
		244	throw new XMLSignatureException("empty", ex);
133	}	245	}
134	}	246	}
135		247