diff options
| author | CGantert345 <57003061+CGantert345@users.noreply.github.com> | 2023-05-17 13:57:03 +0200 |
|---|---|---|
| committer | CGantert345 <57003061+CGantert345@users.noreply.github.com> | 2023-05-17 13:57:03 +0200 |
| commit | 74d19c0493d7bf464d466b2dff2305021d911c27 (patch) | |
| tree | 8ba8fe9fd1cd0dd7bc03564c5c9f11621e17a2b6 /src/main/java/org | |
| parent | Delete uicRailTicketData_v1.3.1.asn (diff) | |
| download | UIC-barcode-74d19c0493d7bf464d466b2dff2305021d911c27.tar UIC-barcode-74d19c0493d7bf464d466b2dff2305021d911c27.tar.gz UIC-barcode-74d19c0493d7bf464d466b2dff2305021d911c27.tar.bz2 UIC-barcode-74d19c0493d7bf464d466b2dff2305021d911c27.tar.lz UIC-barcode-74d19c0493d7bf464d466b2dff2305021d911c27.tar.xz UIC-barcode-74d19c0493d7bf464d466b2dff2305021d911c27.tar.zst UIC-barcode-74d19c0493d7bf464d466b2dff2305021d911c27.zip | |
Diffstat (limited to '')
| -rw-r--r-- | src/main/java/org/uic/barcode/Decoder.java | 15 | ||||
| -rw-r--r-- | src/main/java/org/uic/barcode/ssbFrame/SsbFrame.java | 25 | ||||
| -rw-r--r-- | src/main/java/org/uic/barcode/staticFrame/StaticFrame.java | 16 | ||||
| -rw-r--r-- | src/main/java/org/uic/barcode/utils/SecurityUtils.java | 41 | ||||
| -rw-r--r-- | src/test/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java (renamed from src/main/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java) | 0 |
5 files changed, 79 insertions, 18 deletions
diff --git a/src/main/java/org/uic/barcode/Decoder.java b/src/main/java/org/uic/barcode/Decoder.java index 85faa4a..637bbf6 100644 --- a/src/main/java/org/uic/barcode/Decoder.java +++ b/src/main/java/org/uic/barcode/Decoder.java @@ -84,15 +84,22 @@ public class Decoder { * @throws EncodingFormatException the encoding format exception
*/
public int validateLevel1(PublicKey key) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException, IllegalArgumentException, UnsupportedOperationException, IOException, EncodingFormatException {
- if (dynamicFrame != null && dynamicFrame != null) {
+ if (dynamicFrame != null) {
return dynamicFrame.validateLevel1(key) ;
- } else {
- if (staticFrame != null) {
- return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED;
+ } else if (staticFrame != null) {
+ if (staticFrame.verifyByAlgorithmOid(key,null)) {
+ return Constants.LEVEL1_VALIDATION_OK;
+ } else {
+ return Constants.LEVEL1_VALIDATION_FRAUD;
+ }
+ } else if (ssbFrame!= null) {
+ if (ssbFrame.verifyByAlgorithmOid(key,null, null)) {
+ return Constants.LEVEL1_VALIDATION_OK;
} else {
return Constants.LEVEL1_VALIDATION_FRAUD;
}
}
+ return Constants.LEVEL1_VALIDATION_NO_SIGNATURE;
}
/**
diff --git a/src/main/java/org/uic/barcode/ssbFrame/SsbFrame.java b/src/main/java/org/uic/barcode/ssbFrame/SsbFrame.java index b473c1e..2c8f66f 100644 --- a/src/main/java/org/uic/barcode/ssbFrame/SsbFrame.java +++ b/src/main/java/org/uic/barcode/ssbFrame/SsbFrame.java @@ -1,6 +1,5 @@ package org.uic.barcode.ssbFrame; -import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; import java.security.InvalidKeyException; @@ -14,7 +13,6 @@ import java.security.SignatureException; import java.security.Provider.Service; import java.util.Arrays; - import org.uic.barcode.ticket.EncodingFormatException; import org.uic.barcode.utils.AlgorithmNameResolver; import org.uic.barcode.utils.SecurityUtils; @@ -83,7 +81,7 @@ public class SsbFrame { try { //check for non-standard signature encoding BigInteger[] bInts = SecurityUtils.decodeSignatureIntegerSequence(signatureBytes); - byte[] sig = SecurityUtils.encodeSignatureIntegerSequence(bInts[0],bInts[1]); + SecurityUtils.encodeSignatureIntegerSequence(bInts[0],bInts[1]); signaturePart1 = bInts[0].toByteArray(); signaturePart2 = bInts[1].toByteArray(); //decoding the entire signature was ok, so there was no split @@ -334,8 +332,20 @@ public class SsbFrame { //find the algorithm name for the signature OID String algo = null; + + BigInteger r = new BigInteger(1,signaturePart1); + BigInteger s = new BigInteger(1,signaturePart2); + byte[] signature = SecurityUtils.encodeSignatureIntegerSequence(r,s); + + String signatureAlgorithmOid = signingAlg; + + // guess the signature algorithm based on the signature size + if ((signingAlg == null || signingAlg.length() < 1) && signature != null) { + signatureAlgorithmOid = SecurityUtils.getDsaAlgorithm(signature); + } + if (prov != null) { - Service service = prov.getService("Signature",signingAlg); + Service service = prov.getService("Signature",signatureAlgorithmOid); if (service != null) { algo = service.getAlgorithm(); } @@ -343,7 +353,7 @@ public class SsbFrame { Provider[] provs = Security.getProviders(); for (Provider p : provs) { if (algo == null) { - Service service = p.getService("Signature",signingAlg); + Service service = p.getService("Signature",signatureAlgorithmOid); if (service != null) { algo = service.getAlgorithm(); } @@ -359,11 +369,6 @@ public class SsbFrame { sig.initVerify(key); sig.update(getDataForSignature()); - BigInteger r = new BigInteger(1,signaturePart1); - BigInteger s = new BigInteger(1,signaturePart2); - - byte[] signature = SecurityUtils.encodeSignatureIntegerSequence(r,s); - return sig.verify(signature); } diff --git a/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java b/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java index 8dc1adb..25649df 100644 --- a/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java +++ b/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java @@ -19,7 +19,9 @@ import java.util.zip.DataFormatException; import java.util.zip.Deflater;
import java.util.zip.Inflater;
+import org.uic.barcode.dynamicFrame.Constants;
import org.uic.barcode.ticket.EncodingFormatException;
+import org.uic.barcode.utils.SecurityUtils;
/**
@@ -660,11 +662,20 @@ public class StaticFrame { * @throws IOException
*/
public boolean verifyByAlgorithmOid(PublicKey key, String signingAlg) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException, IllegalArgumentException, UnsupportedOperationException, IOException, EncodingFormatException {
+
+ String signatureAlgorithmOid = signingAlg;
+
+
+ // guess the signature algorithm based on the signature size
+ if ((signingAlg == null || signingAlg.length() < 1) && this.getSignature() != null) {
+ signatureAlgorithmOid = SecurityUtils.getDsaAlgorithm(this.getSignature());
+ }
+
//find the algorithm name for the signature OID
String algo = null;
Provider[] provs = Security.getProviders();
for (Provider prov : provs) {
- Service service = prov.getService("Signature",signingAlg);
+ Service service = prov.getService("Signature",signatureAlgorithmOid);
if (service != null) {
algo = service.getAlgorithm();
}
@@ -776,7 +787,8 @@ public class StaticFrame { if (algo == null) {
throw new NoSuchAlgorithmException("No service for algorthm found: " + signingAlg);
}
- Signature sig = Signature.getInstance(algo);
+ Signature sig = Signature.getInstance(algo,prov);
+
sig.initSign(key);
signedData = getDataForSignature();
sig.update(signedData);
diff --git a/src/main/java/org/uic/barcode/utils/SecurityUtils.java b/src/main/java/org/uic/barcode/utils/SecurityUtils.java index 8c981af..8f19e4b 100644 --- a/src/main/java/org/uic/barcode/utils/SecurityUtils.java +++ b/src/main/java/org/uic/barcode/utils/SecurityUtils.java @@ -15,6 +15,8 @@ import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
+import org.uic.barcode.dynamicFrame.Constants;
+
/**
* The Class SecurityUtils.
*/
@@ -23,8 +25,8 @@ public class SecurityUtils { /**
* Find provider by public key.
*
- * @param algorithmOid the algorithm oid used to generate the key
- * @param keyBytes the encoded bytes of the public key
+ * @param keyAlgorithmOid the key algorithm oid
+ * @param keyBytes the encoded bytes of the public key
* @return the provider
*/
public static Provider findPublicKeyProvider(String keyAlgorithmOid, byte[] keyBytes) {
@@ -263,6 +265,13 @@ public class SecurityUtils { return out.toByteArray();
}
+ /**
+ * Recombine dsa signature.
+ *
+ * @param sealdata the sealdata
+ * @return the byte[]
+ * @throws IOException Signals that an I/O exception has occurred.
+ */
public static byte[] recombineDsaSignature(byte[] sealdata) throws IOException {
//check whether the encoding is wrong and the sealdata contain a signature
@@ -311,4 +320,32 @@ public class SecurityUtils { return out.toByteArray();
}
+
+ /**
+ * Gets the dsa algorithm allowed for ssb or static frame.
+ *
+ * @param bs the size of the signature
+ * @return the dsa algorithm OID
+ */
+ public static String getDsaAlgorithm(byte[] bs) {
+
+ BigInteger[] bInts = null;
+ int size = 0;
+ try {
+ bInts = decodeSignatureIntegerSequence(bs);
+ int sizeR = bInts[0].bitLength();
+ int sizeS = bInts[1].bitLength();
+ size = Math.max(sizeR,sizeS);
+ } catch (Exception e) {
+ return null;
+ }
+
+ if (size > 224) {
+ return Constants.DSA_SHA256;
+ } else if (size > 160) {
+ return Constants.DSA_SHA224;
+ } else {
+ return Constants.DSA_SHA1;
+ }
+ }
}
diff --git a/src/main/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java b/src/test/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java index f14acfa..f14acfa 100644 --- a/src/main/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java +++ b/src/test/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java |