diff options
Diffstat (limited to 'pkix/src/main/java/org/spongycastle/eac/operator/jcajce/JcaEACSignerBuilder.java')
-rw-r--r-- | pkix/src/main/java/org/spongycastle/eac/operator/jcajce/JcaEACSignerBuilder.java | 234 |
1 files changed, 234 insertions, 0 deletions
diff --git a/pkix/src/main/java/org/spongycastle/eac/operator/jcajce/JcaEACSignerBuilder.java b/pkix/src/main/java/org/spongycastle/eac/operator/jcajce/JcaEACSignerBuilder.java new file mode 100644 index 00000000..460bb5cf --- /dev/null +++ b/pkix/src/main/java/org/spongycastle/eac/operator/jcajce/JcaEACSignerBuilder.java @@ -0,0 +1,234 @@ +package org.spongycastle.eac.operator.jcajce; + +import java.io.IOException; +import java.io.OutputStream; +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.Signature; +import java.security.SignatureException; +import java.util.Arrays; +import java.util.Hashtable; + +import org.spongycastle.asn1.ASN1Integer; +import org.spongycastle.asn1.ASN1ObjectIdentifier; +import org.spongycastle.asn1.ASN1Sequence; +import org.spongycastle.asn1.eac.EACObjectIdentifiers; +import org.spongycastle.eac.operator.EACSigner; +import org.spongycastle.operator.OperatorCreationException; +import org.spongycastle.operator.OperatorStreamException; +import org.spongycastle.operator.RuntimeOperatorException; + +public class JcaEACSignerBuilder +{ + private static final Hashtable sigNames = new Hashtable(); + + static + { + sigNames.put("SHA1withRSA", EACObjectIdentifiers.id_TA_RSA_v1_5_SHA_1); + sigNames.put("SHA256withRSA", EACObjectIdentifiers.id_TA_RSA_v1_5_SHA_256); + sigNames.put("SHA1withRSAandMGF1", EACObjectIdentifiers.id_TA_RSA_PSS_SHA_1); + sigNames.put("SHA256withRSAandMGF1", EACObjectIdentifiers.id_TA_RSA_PSS_SHA_256); + sigNames.put("SHA512withRSA", EACObjectIdentifiers.id_TA_RSA_v1_5_SHA_512); + sigNames.put("SHA512withRSAandMGF1", EACObjectIdentifiers.id_TA_RSA_PSS_SHA_512); + + sigNames.put("SHA1withECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1); + sigNames.put("SHA224withECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_224); + sigNames.put("SHA256withECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_256); + sigNames.put("SHA384withECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_384); + sigNames.put("SHA512withECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_512); + } + + private EACHelper helper = new DefaultEACHelper(); + + public JcaEACSignerBuilder setProvider(String providerName) + { + this.helper = new NamedEACHelper(providerName); + + return this; + } + + public JcaEACSignerBuilder setProvider(Provider provider) + { + this.helper = new ProviderEACHelper(provider); + + return this; + } + + public EACSigner build(String algorithm, PrivateKey privKey) + throws OperatorCreationException + { + return build((ASN1ObjectIdentifier)sigNames.get(algorithm), privKey); + } + + public EACSigner build(final ASN1ObjectIdentifier usageOid, PrivateKey privKey) + throws OperatorCreationException + { + Signature sig; + try + { + sig = helper.getSignature(usageOid); + + sig.initSign(privKey); + } + catch (NoSuchAlgorithmException e) + { + throw new OperatorCreationException("unable to find algorithm: " + e.getMessage(), e); + } + catch (NoSuchProviderException e) + { + throw new OperatorCreationException("unable to find provider: " + e.getMessage(), e); + } + catch (InvalidKeyException e) + { + throw new OperatorCreationException("invalid key: " + e.getMessage(), e); + } + + final SignatureOutputStream sigStream = new SignatureOutputStream(sig); + + return new EACSigner() + { + public ASN1ObjectIdentifier getUsageIdentifier() + { + return usageOid; + } + + public OutputStream getOutputStream() + { + return sigStream; + } + + public byte[] getSignature() + { + try + { + byte[] signature = sigStream.getSignature(); + + if (usageOid.on(EACObjectIdentifiers.id_TA_ECDSA)) + { + return reencode(signature); + } + + return signature; + } + catch (SignatureException e) + { + throw new RuntimeOperatorException("exception obtaining signature: " + e.getMessage(), e); + } + } + }; + } + + public static int max(int el1, int el2) + { + return el1 > el2 ? el1 : el2; + } + + private static byte[] reencode(byte[] rawSign) + { + ASN1Sequence sData = ASN1Sequence.getInstance(rawSign); + + BigInteger r = ASN1Integer.getInstance(sData.getObjectAt(0)).getValue(); + BigInteger s = ASN1Integer.getInstance(sData.getObjectAt(1)).getValue(); + + byte[] rB = r.toByteArray(); + byte[] sB = s.toByteArray(); + + int rLen = unsignedIntLength(rB); + int sLen = unsignedIntLength(sB); + + byte[] ret; + int len = max(rLen, sLen); + + ret = new byte[len * 2]; + Arrays.fill(ret, (byte)0); + + copyUnsignedInt(rB, ret, len - rLen); + copyUnsignedInt(sB, ret, 2 * len - sLen); + + return ret; + } + + private static int unsignedIntLength(byte[] i) + { + int len = i.length; + if (i[0] == 0) + { + len--; + } + + return len; + } + + private static void copyUnsignedInt(byte[] src, byte[] dst, int offset) + { + int len = src.length; + int readoffset = 0; + if (src[0] == 0) + { + len--; + readoffset = 1; + } + + System.arraycopy(src, readoffset, dst, offset, len); + } + + private class SignatureOutputStream + extends OutputStream + { + private Signature sig; + + SignatureOutputStream(Signature sig) + { + this.sig = sig; + } + + public void write(byte[] bytes, int off, int len) + throws IOException + { + try + { + sig.update(bytes, off, len); + } + catch (SignatureException e) + { + throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e); + } + } + + public void write(byte[] bytes) + throws IOException + { + try + { + sig.update(bytes); + } + catch (SignatureException e) + { + throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e); + } + } + + public void write(int b) + throws IOException + { + try + { + sig.update((byte)b); + } + catch (SignatureException e) + { + throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e); + } + } + + byte[] getSignature() + throws SignatureException + { + return sig.sign(); + } + } +} |