From 6ef85723cca938e298b318dc6d564318b83ab4ba Mon Sep 17 00:00:00 2001 From: CGantert345 <57003061+CGantert345@users.noreply.github.com> Date: Mon, 11 Apr 2022 16:30:32 +0200 Subject: use one provider only within validation --- .../dynamicFrame/api/SimpleDynamicFrame.java | 10 ++- .../java/org/uic/barcode/utils/SecurityUtils.java | 77 ++++++++++++++++------ .../test/DynamicFrameDoubleSignatureTest.java | 8 ++- .../barcode/test/DynamicFrameFcbVersion3Test.java | 8 +-- 4 files changed, 74 insertions(+), 29 deletions(-) diff --git a/src/main/java/org/uic/barcode/dynamicFrame/api/SimpleDynamicFrame.java b/src/main/java/org/uic/barcode/dynamicFrame/api/SimpleDynamicFrame.java index ef31166..a8d7a0f 100644 --- a/src/main/java/org/uic/barcode/dynamicFrame/api/SimpleDynamicFrame.java +++ b/src/main/java/org/uic/barcode/dynamicFrame/api/SimpleDynamicFrame.java @@ -272,6 +272,7 @@ public class SimpleDynamicFrame implements IDynamicFrame { return Constants.LEVEL1_VALIDATION_NO_SIGNATURE; } + byte[] signature = this.getLevel2Data().getLevel1Signature(); @@ -288,7 +289,13 @@ public class SimpleDynamicFrame implements IDynamicFrame { if (signingAlgorithmOid == null || signingAlgorithmOid.length() == 0) { return Constants.LEVEL1_VALIDATION_NO_SIGNATURE; - } + } + + if (prov == null) { + prov = SecurityUtils.findSignatureProvider(key.getEncoded(), signingAlgorithmOid); + } + + //find the algorithm name for the signature OID String algo = null; try { @@ -312,6 +319,7 @@ public class SimpleDynamicFrame implements IDynamicFrame { return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; } try { + key = SecurityUtils.convert(key, prov); sig.initVerify(key); } catch (InvalidKeyException e) { return Constants.LEVEL1_VALIDATION_SIG_ALG_NOT_IMPLEMENTED; diff --git a/src/main/java/org/uic/barcode/utils/SecurityUtils.java b/src/main/java/org/uic/barcode/utils/SecurityUtils.java index 542208b..af1a65a 100644 --- a/src/main/java/org/uic/barcode/utils/SecurityUtils.java +++ b/src/main/java/org/uic/barcode/utils/SecurityUtils.java @@ -4,6 +4,7 @@ import java.security.KeyFactory; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.Provider; +import java.security.Provider.Service; import java.security.PublicKey; import java.security.Security; import java.security.spec.InvalidKeySpecException; @@ -81,28 +82,22 @@ public class SecurityUtils { return null; } - - - public static PublicKey convertPublicKey(PublicKey key) { - - - PublicKey publicKey; - try { - publicKey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(key.getEncoded())); - } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { - return key; - } - - return publicKey; - - } public static PublicKey convert(PublicKey key, Provider provider) { PublicKey publicKey; + KeyFactory keyFactory = null; + try { - publicKey = KeyFactory.getInstance("RSA", provider).generatePublic(new X509EncodedKeySpec(key.getEncoded())); + if (key.getAlgorithm() != null && key.getAlgorithm().toUpperCase().contains("EC") ) { + keyFactory = KeyFactory.getInstance("EC",provider); + } else if (key.getAlgorithm() != null && key.getAlgorithm().length() > 0 ) { + keyFactory = KeyFactory.getInstance("DSA",provider); + } else { + return key; + } + publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(key.getEncoded())); } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { return key; } @@ -113,17 +108,61 @@ public class SecurityUtils { } - public static PrivateKey convertPrivateKey(PrivateKey key) { - + public static PrivateKey convert(PrivateKey key, Provider provider) { PrivateKey privateKey; + KeyFactory keyFactory = null; + try { - privateKey = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(key.getEncoded())); + if (key.getAlgorithm() != null && key.getAlgorithm().toUpperCase().contains("EC") ) { + keyFactory = KeyFactory.getInstance("EC",provider); + } else if (key.getAlgorithm() != null && key.getAlgorithm().length() > 0 ) { + keyFactory = KeyFactory.getInstance("DSA",provider); + } else { + return key; + } + privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(key.getEncoded())); } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { return key; } return privateKey; + + } + + public static Provider findSignatureProvider(byte[] encoded, String oid) { + + KeyFactory keyFactory = null; + String signatureAlgorithmName = null; + + Provider[] provs = Security.getProviders(); + for (Provider provider : provs) { + try { + Service service = provider.getService(AlgorithmNameResolver.TYPE_SIGNATURE_ALG, oid); + if (service != null) { + signatureAlgorithmName = service.getAlgorithm(); + if (signatureAlgorithmName != null && signatureAlgorithmName.length() > 0) { + if (signatureAlgorithmName.toUpperCase().contains("EC") ) { + keyFactory = KeyFactory.getInstance("EC",provider); + } else { + keyFactory = KeyFactory.getInstance("DSA",provider); + } + if (keyFactory != null) { + X509EncodedKeySpec spec = new X509EncodedKeySpec(encoded); + //try to encode the key + keyFactory.generatePublic(spec); + } + } + } + } catch (Exception e1) { + keyFactory = null; + } + if (keyFactory != null) { + return keyFactory.getProvider(); + } + } + + return null; } } diff --git a/src/test/java/org/uic/barcode/test/DynamicFrameDoubleSignatureTest.java b/src/test/java/org/uic/barcode/test/DynamicFrameDoubleSignatureTest.java index bd0f9a4..6533938 100644 --- a/src/test/java/org/uic/barcode/test/DynamicFrameDoubleSignatureTest.java +++ b/src/test/java/org/uic/barcode/test/DynamicFrameDoubleSignatureTest.java @@ -5,6 +5,7 @@ import java.security.InvalidKeyException; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; +import java.security.Provider; import java.security.SecureRandom; import java.security.Security; import java.security.SignatureException; @@ -37,6 +38,8 @@ public class DynamicFrameDoubleSignatureTest { public IUicRailTicket testFCBticket = null; + public Provider provider = null; + @Before public void initialize() { @@ -44,10 +47,11 @@ public class DynamicFrameDoubleSignatureTest { signatureAlgorithmOID = Constants.ECDSA_SHA256; keyPairAlgorithmOID = Constants.KG_EC_256; - elipticCurve = "secp256r1"; + elipticCurve = "secp256k1"; testFCBticket = SimpleUICTestTicket.getUicTestTicket(); + provider = new BouncyCastleProvider(); Security.addProvider(new BouncyCastleProvider()); try { @@ -155,7 +159,7 @@ public class DynamicFrameDoubleSignatureTest { KeyPairGenerator ecKPGen = KeyPairGenerator.getInstance("EC", "BC"); ecKPGen.initialize(namedParamSpec, new SecureRandom()); KeyPair keyPair = ecKPGen.generateKeyPair(); - KeyPair kp = new KeyPair(SecurityUtils.convertPublicKey(keyPair.getPublic()),SecurityUtils.convertPrivateKey(keyPair.getPrivate())); + KeyPair kp = new KeyPair(SecurityUtils.convert(keyPair.getPublic(), provider),SecurityUtils.convert(keyPair.getPrivate(), provider)); return kp; } diff --git a/src/test/java/org/uic/barcode/test/DynamicFrameFcbVersion3Test.java b/src/test/java/org/uic/barcode/test/DynamicFrameFcbVersion3Test.java index f8a03ba..7f03658 100644 --- a/src/test/java/org/uic/barcode/test/DynamicFrameFcbVersion3Test.java +++ b/src/test/java/org/uic/barcode/test/DynamicFrameFcbVersion3Test.java @@ -159,13 +159,7 @@ public class DynamicFrameFcbVersion3Test { } - public KeyPair generateECDSAKeys(String keyAlgorithmName, String paramName) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException{ - ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(paramName); - KeyPairGenerator g = KeyPairGenerator.getInstance(keyAlgorithmName, "BC"); - g.initialize(ecSpec, new SecureRandom()); - return g.generateKeyPair(); - } - + public KeyPair generateECKeys(String keyAlgorithmOid, String curve) throws Exception{ String keyAlgorithmName = "ECDSA"; -- cgit v1.2.3