summaryrefslogtreecommitdiffstats
path: root/src/main
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/main/java/org/uic/barcode/Decoder.java15
-rw-r--r--src/main/java/org/uic/barcode/ssbFrame/SsbFrame.java25
-rw-r--r--src/main/java/org/uic/barcode/staticFrame/StaticFrame.java16
-rw-r--r--src/main/java/org/uic/barcode/utils/SecurityUtils.java41
-rw-r--r--src/test/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java (renamed from src/main/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java)0
5 files changed, 79 insertions, 18 deletions
diff --git a/src/main/java/org/uic/barcode/Decoder.java b/src/main/java/org/uic/barcode/Decoder.java
index 85faa4a..637bbf6 100644
--- a/src/main/java/org/uic/barcode/Decoder.java
+++ b/src/main/java/org/uic/barcode/Decoder.java
@@ -84,15 +84,22 @@ public class Decoder {
* @throws EncodingFormatException the encoding format exception
*/
public int validateLevel1(PublicKey key) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException, IllegalArgumentException, UnsupportedOperationException, IOException, EncodingFormatException {
- if (dynamicFrame != null && dynamicFrame != null) {
+ if (dynamicFrame != null) {
return dynamicFrame.validateLevel1(key) ;
- } else {
- if (staticFrame != null) {
- return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED;
+ } else if (staticFrame != null) {
+ if (staticFrame.verifyByAlgorithmOid(key,null)) {
+ return Constants.LEVEL1_VALIDATION_OK;
+ } else {
+ return Constants.LEVEL1_VALIDATION_FRAUD;
+ }
+ } else if (ssbFrame!= null) {
+ if (ssbFrame.verifyByAlgorithmOid(key,null, null)) {
+ return Constants.LEVEL1_VALIDATION_OK;
} else {
return Constants.LEVEL1_VALIDATION_FRAUD;
}
}
+ return Constants.LEVEL1_VALIDATION_NO_SIGNATURE;
}
/**
diff --git a/src/main/java/org/uic/barcode/ssbFrame/SsbFrame.java b/src/main/java/org/uic/barcode/ssbFrame/SsbFrame.java
index b473c1e..2c8f66f 100644
--- a/src/main/java/org/uic/barcode/ssbFrame/SsbFrame.java
+++ b/src/main/java/org/uic/barcode/ssbFrame/SsbFrame.java
@@ -1,6 +1,5 @@
package org.uic.barcode.ssbFrame;
-import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
@@ -14,7 +13,6 @@ import java.security.SignatureException;
import java.security.Provider.Service;
import java.util.Arrays;
-
import org.uic.barcode.ticket.EncodingFormatException;
import org.uic.barcode.utils.AlgorithmNameResolver;
import org.uic.barcode.utils.SecurityUtils;
@@ -83,7 +81,7 @@ public class SsbFrame {
try {
//check for non-standard signature encoding
BigInteger[] bInts = SecurityUtils.decodeSignatureIntegerSequence(signatureBytes);
- byte[] sig = SecurityUtils.encodeSignatureIntegerSequence(bInts[0],bInts[1]);
+ SecurityUtils.encodeSignatureIntegerSequence(bInts[0],bInts[1]);
signaturePart1 = bInts[0].toByteArray();
signaturePart2 = bInts[1].toByteArray();
//decoding the entire signature was ok, so there was no split
@@ -334,8 +332,20 @@ public class SsbFrame {
//find the algorithm name for the signature OID
String algo = null;
+
+ BigInteger r = new BigInteger(1,signaturePart1);
+ BigInteger s = new BigInteger(1,signaturePart2);
+ byte[] signature = SecurityUtils.encodeSignatureIntegerSequence(r,s);
+
+ String signatureAlgorithmOid = signingAlg;
+
+ // guess the signature algorithm based on the signature size
+ if ((signingAlg == null || signingAlg.length() < 1) && signature != null) {
+ signatureAlgorithmOid = SecurityUtils.getDsaAlgorithm(signature);
+ }
+
if (prov != null) {
- Service service = prov.getService("Signature",signingAlg);
+ Service service = prov.getService("Signature",signatureAlgorithmOid);
if (service != null) {
algo = service.getAlgorithm();
}
@@ -343,7 +353,7 @@ public class SsbFrame {
Provider[] provs = Security.getProviders();
for (Provider p : provs) {
if (algo == null) {
- Service service = p.getService("Signature",signingAlg);
+ Service service = p.getService("Signature",signatureAlgorithmOid);
if (service != null) {
algo = service.getAlgorithm();
}
@@ -359,11 +369,6 @@ public class SsbFrame {
sig.initVerify(key);
sig.update(getDataForSignature());
- BigInteger r = new BigInteger(1,signaturePart1);
- BigInteger s = new BigInteger(1,signaturePart2);
-
- byte[] signature = SecurityUtils.encodeSignatureIntegerSequence(r,s);
-
return sig.verify(signature);
}
diff --git a/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java b/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java
index 8dc1adb..25649df 100644
--- a/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java
+++ b/src/main/java/org/uic/barcode/staticFrame/StaticFrame.java
@@ -19,7 +19,9 @@ import java.util.zip.DataFormatException;
import java.util.zip.Deflater;
import java.util.zip.Inflater;
+import org.uic.barcode.dynamicFrame.Constants;
import org.uic.barcode.ticket.EncodingFormatException;
+import org.uic.barcode.utils.SecurityUtils;
/**
@@ -660,11 +662,20 @@ public class StaticFrame {
* @throws IOException
*/
public boolean verifyByAlgorithmOid(PublicKey key, String signingAlg) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException, IllegalArgumentException, UnsupportedOperationException, IOException, EncodingFormatException {
+
+ String signatureAlgorithmOid = signingAlg;
+
+
+ // guess the signature algorithm based on the signature size
+ if ((signingAlg == null || signingAlg.length() < 1) && this.getSignature() != null) {
+ signatureAlgorithmOid = SecurityUtils.getDsaAlgorithm(this.getSignature());
+ }
+
//find the algorithm name for the signature OID
String algo = null;
Provider[] provs = Security.getProviders();
for (Provider prov : provs) {
- Service service = prov.getService("Signature",signingAlg);
+ Service service = prov.getService("Signature",signatureAlgorithmOid);
if (service != null) {
algo = service.getAlgorithm();
}
@@ -776,7 +787,8 @@ public class StaticFrame {
if (algo == null) {
throw new NoSuchAlgorithmException("No service for algorthm found: " + signingAlg);
}
- Signature sig = Signature.getInstance(algo);
+ Signature sig = Signature.getInstance(algo,prov);
+
sig.initSign(key);
signedData = getDataForSignature();
sig.update(signedData);
diff --git a/src/main/java/org/uic/barcode/utils/SecurityUtils.java b/src/main/java/org/uic/barcode/utils/SecurityUtils.java
index 8c981af..8f19e4b 100644
--- a/src/main/java/org/uic/barcode/utils/SecurityUtils.java
+++ b/src/main/java/org/uic/barcode/utils/SecurityUtils.java
@@ -15,6 +15,8 @@ import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
+import org.uic.barcode.dynamicFrame.Constants;
+
/**
* The Class SecurityUtils.
*/
@@ -23,8 +25,8 @@ public class SecurityUtils {
/**
* Find provider by public key.
*
- * @param algorithmOid the algorithm oid used to generate the key
- * @param keyBytes the encoded bytes of the public key
+ * @param keyAlgorithmOid the key algorithm oid
+ * @param keyBytes the encoded bytes of the public key
* @return the provider
*/
public static Provider findPublicKeyProvider(String keyAlgorithmOid, byte[] keyBytes) {
@@ -263,6 +265,13 @@ public class SecurityUtils {
return out.toByteArray();
}
+ /**
+ * Recombine dsa signature.
+ *
+ * @param sealdata the sealdata
+ * @return the byte[]
+ * @throws IOException Signals that an I/O exception has occurred.
+ */
public static byte[] recombineDsaSignature(byte[] sealdata) throws IOException {
//check whether the encoding is wrong and the sealdata contain a signature
@@ -311,4 +320,32 @@ public class SecurityUtils {
return out.toByteArray();
}
+
+ /**
+ * Gets the dsa algorithm allowed for ssb or static frame.
+ *
+ * @param bs the size of the signature
+ * @return the dsa algorithm OID
+ */
+ public static String getDsaAlgorithm(byte[] bs) {
+
+ BigInteger[] bInts = null;
+ int size = 0;
+ try {
+ bInts = decodeSignatureIntegerSequence(bs);
+ int sizeR = bInts[0].bitLength();
+ int sizeS = bInts[1].bitLength();
+ size = Math.max(sizeR,sizeS);
+ } catch (Exception e) {
+ return null;
+ }
+
+ if (size > 224) {
+ return Constants.DSA_SHA256;
+ } else if (size > 160) {
+ return Constants.DSA_SHA224;
+ } else {
+ return Constants.DSA_SHA1;
+ }
+ }
}
diff --git a/src/main/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java b/src/test/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java
index f14acfa..f14acfa 100644
--- a/src/main/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java
+++ b/src/test/java/org/uic/barcode/ticket/api/test/testtickets/OpenLuggageRestrictionTestTicketV3.java