Lines 18-23
Link Here
|
18 |
|
18 |
|
19 |
|
19 |
|
20 |
|
20 |
|
|
|
21 |
import java.io.IOException; |
21 |
import java.security.InvalidAlgorithmParameterException; |
22 |
import java.security.InvalidAlgorithmParameterException; |
22 |
import java.security.InvalidKeyException; |
23 |
import java.security.InvalidKeyException; |
23 |
import java.security.Key; |
24 |
import java.security.Key; |
Lines 33-38
Link Here
|
33 |
import org.apache.xml.security.algorithms.SignatureAlgorithmSpi; |
34 |
import org.apache.xml.security.algorithms.SignatureAlgorithmSpi; |
34 |
import org.apache.xml.security.signature.XMLSignature; |
35 |
import org.apache.xml.security.signature.XMLSignature; |
35 |
import org.apache.xml.security.signature.XMLSignatureException; |
36 |
import org.apache.xml.security.signature.XMLSignatureException; |
|
|
37 |
import org.apache.xml.security.utils.Base64; |
36 |
|
38 |
|
37 |
|
39 |
|
38 |
/** |
40 |
/** |
Lines 52-57
Link Here
|
52 |
private java.security.Signature _signatureAlgorithm = null; |
54 |
private java.security.Signature _signatureAlgorithm = null; |
53 |
|
55 |
|
54 |
/** |
56 |
/** |
|
|
57 |
* Converts an ASN.1 ECDSA value to a XML Signature ECDSA Value. |
58 |
* |
59 |
* The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value |
60 |
* pairs; the XML Signature requires the core BigInteger values. |
61 |
* |
62 |
* @param asn1Bytes |
63 |
* @return the decode bytes |
64 |
* |
65 |
* @throws IOException |
66 |
* @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A> |
67 |
* @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A> |
68 |
*/ |
69 |
private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[]) |
70 |
throws IOException { |
71 |
|
72 |
byte rLength = asn1Bytes[3]; |
73 |
int i; |
74 |
|
75 |
for (i = rLength; (i > 0) && (asn1Bytes[(4 + rLength) - i] == 0); i--); |
76 |
|
77 |
byte sLength = asn1Bytes[5 + rLength]; |
78 |
int j; |
79 |
|
80 |
for (j = sLength; |
81 |
(j > 0) && (asn1Bytes[(6 + rLength + sLength) - j] == 0); j--); |
82 |
|
83 |
if ((asn1Bytes[0] != 48) || (asn1Bytes[1] != asn1Bytes.length - 2) |
84 |
|| (asn1Bytes[2] != 2) || (i > 24) |
85 |
|| (asn1Bytes[4 + rLength] != 2) || (j > 24)) { |
86 |
throw new IOException("Invalid ASN.1 format of ECDSA signature"); |
87 |
} |
88 |
byte xmldsigBytes[] = new byte[48]; |
89 |
|
90 |
System.arraycopy(asn1Bytes, (4 + rLength) - i, xmldsigBytes, 24 - i, |
91 |
i); |
92 |
System.arraycopy(asn1Bytes, (6 + rLength + sLength) - j, xmldsigBytes, |
93 |
48 - j, j); |
94 |
|
95 |
return xmldsigBytes; |
96 |
} |
97 |
|
98 |
/** |
99 |
* Converts a XML Signature ECDSA Value to an ASN.1 DSA value. |
100 |
* |
101 |
* The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value |
102 |
* pairs; the XML Signature requires the core BigInteger values. |
103 |
* |
104 |
* @param xmldsigBytes |
105 |
* @return the encoded ASN.1 bytes |
106 |
* |
107 |
* @throws IOException |
108 |
* @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A> |
109 |
* @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A> |
110 |
*/ |
111 |
private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[]) |
112 |
throws IOException { |
113 |
|
114 |
if (xmldsigBytes.length != 48) { |
115 |
throw new IOException("Invalid XMLDSIG format of ECDSA signature"); |
116 |
} |
117 |
|
118 |
int i; |
119 |
|
120 |
for (i = 24; (i > 0) && (xmldsigBytes[24 - i] == 0); i--); |
121 |
|
122 |
int j = i; |
123 |
|
124 |
if (xmldsigBytes[24 - i] < 0) { |
125 |
j += 1; |
126 |
} |
127 |
|
128 |
int k; |
129 |
|
130 |
for (k = 24; (k > 0) && (xmldsigBytes[48 - k] == 0); k--); |
131 |
|
132 |
int l = k; |
133 |
|
134 |
if (xmldsigBytes[48 - k] < 0) { |
135 |
l += 1; |
136 |
} |
137 |
|
138 |
byte asn1Bytes[] = new byte[6 + j + l]; |
139 |
|
140 |
asn1Bytes[0] = 48; |
141 |
asn1Bytes[1] = (byte) (4 + j + l); |
142 |
asn1Bytes[2] = 2; |
143 |
asn1Bytes[3] = (byte) j; |
144 |
|
145 |
System.arraycopy(xmldsigBytes, 24 - i, asn1Bytes, (4 + j) - i, i); |
146 |
|
147 |
asn1Bytes[4 + j] = 2; |
148 |
asn1Bytes[5 + j] = (byte) l; |
149 |
|
150 |
System.arraycopy(xmldsigBytes, 48 - k, asn1Bytes, (6 + j + l) - k, k); |
151 |
|
152 |
return asn1Bytes; |
153 |
} |
154 |
|
155 |
/** |
55 |
* Constructor SignatureRSA |
156 |
* Constructor SignatureRSA |
56 |
* |
157 |
* |
57 |
* @throws XMLSignatureException |
158 |
* @throws XMLSignatureException |
Lines 98-106
Link Here
|
98 |
throws XMLSignatureException { |
199 |
throws XMLSignatureException { |
99 |
|
200 |
|
100 |
try { |
201 |
try { |
101 |
return this._signatureAlgorithm.verify(signature); |
202 |
byte[] jcebytes = SignatureECDSA.convertXMLDSIGtoASN1(signature); |
|
|
203 |
|
204 |
if (log.isDebugEnabled()) |
205 |
log.debug("Called ECDSA.verify() on " + Base64.encode(signature)); |
206 |
|
207 |
return this._signatureAlgorithm.verify(jcebytes); |
102 |
} catch (SignatureException ex) { |
208 |
} catch (SignatureException ex) { |
103 |
throw new XMLSignatureException("empty", ex); |
209 |
throw new XMLSignatureException("empty", ex); |
|
|
210 |
} catch (IOException ex) { |
211 |
throw new XMLSignatureException("empty", ex); |
104 |
} |
212 |
} |
105 |
} |
213 |
} |
106 |
|
214 |
|
Lines 127-135
Link Here
|
127 |
protected byte[] engineSign() throws XMLSignatureException { |
235 |
protected byte[] engineSign() throws XMLSignatureException { |
128 |
|
236 |
|
129 |
try { |
237 |
try { |
130 |
return this._signatureAlgorithm.sign(); |
238 |
byte jcebytes[] = this._signatureAlgorithm.sign(); |
|
|
239 |
|
240 |
return SignatureECDSA.convertASN1toXMLDSIG(jcebytes); |
131 |
} catch (SignatureException ex) { |
241 |
} catch (SignatureException ex) { |
132 |
throw new XMLSignatureException("empty", ex); |
242 |
throw new XMLSignatureException("empty", ex); |
|
|
243 |
} catch (IOException ex) { |
244 |
throw new XMLSignatureException("empty", ex); |
133 |
} |
245 |
} |
134 |
} |
246 |
} |
135 |
|
247 |
|