org.jmrtd.lds

Class SODFile

java.lang.Object

org.jmrtd.lds.DataGroup

org.jmrtd.lds.SODFile

All Implemented Interfaces:

java.io.Serializable, LDSElement, LDSFile

public class SODFile
extends DataGroup

File structure for the EF_SOD file (the Document Security Object). Based on Appendix 3 of Doc 9303 Part 1 Vol 2. Basically the Document Security Object is a SignedData type as specified in RFC 3369.

Version:

$Revision: 1573 $

Author:

Wojciech Mostowski ([email protected]), Martijn Oostdijk ([email protected])

See Also:

Serialized Form

Field Summary

Fields inherited from interface org.jmrtd.lds.LDSFile

EF_COM_TAG, EF_DG1_TAG, EF_DG10_TAG, EF_DG11_TAG, EF_DG12_TAG, EF_DG13_TAG, EF_DG14_TAG, EF_DG15_TAG, EF_DG16_TAG, EF_DG2_TAG, EF_DG3_TAG, EF_DG4_TAG, EF_DG5_TAG, EF_DG6_TAG, EF_DG7_TAG, EF_DG8_TAG, EF_DG9_TAG, EF_SOD_TAG

Constructor Summary

Constructors

Constructor and Description
SODFile(java.io.InputStream inputStream) Constructs a Security Object data structure.
SODFile(java.lang.String digestAlgorithm, java.lang.String digestEncryptionAlgorithm, java.util.Map<java.lang.Integer,byte[]> dataGroupHashes, byte[] encryptedDigest, java.security.cert.X509Certificate docSigningCertificate) Constructs a Security Object data structure.
SODFile(java.lang.String digestAlgorithm, java.lang.String digestEncryptionAlgorithm, java.util.Map<java.lang.Integer,byte[]> dataGroupHashes, java.security.PrivateKey privateKey, java.security.cert.X509Certificate docSigningCertificate) Constructs a Security Object data structure.
SODFile(java.lang.String digestAlgorithm, java.lang.String digestEncryptionAlgorithm, java.util.Map<java.lang.Integer,byte[]> dataGroupHashes, java.security.PrivateKey privateKey, java.security.cert.X509Certificate docSigningCertificate, java.lang.String provider) Constructs a Security Object data structure using a specified signature provider.
SODFile(java.lang.String digestAlgorithm, java.lang.String digestEncryptionAlgorithm, java.util.Map<java.lang.Integer,byte[]> dataGroupHashes, java.security.PrivateKey privateKey, java.security.cert.X509Certificate docSigningCertificate, java.lang.String provider, java.lang.String ldsVersion, java.lang.String unicodeVersion) Constructs a Security Object data structure using a specified signature provider.

Method Summary

Modifier and Type	Method and Description
boolean	checkDocSignature(java.security.cert.Certificate docSigningCert) Verifies the signature over the contents of the security object.
boolean	equals(java.lang.Object obj)
java.util.Map<java.lang.Integer,byte[]>	getDataGroupHashes() Gets the stored data group hashes.
java.lang.String	getDigestAlgorithm() Gets the name of the algorithm used in the data group hashes.
java.lang.String	getDigestEncryptionAlgorithm() Gets the name of the digest encryption algorithm used in the signature.
java.security.cert.X509Certificate	getDocSigningCertificate() Gets the embedded document signing certificate (if present).
byte[]	getEContent() Gets the e-content inside the signed data strucure.
byte[]	getEncoded() Gets the contents of this file as byte array, includes the ICAO tag and length.
byte[]	getEncryptedDigest() Gets the signature (the encrypted digest) over the hashes.
javax.security.auth.x500.X500Principal	getIssuerX500Principal() Gets the issuer of the document signing certificate.
java.lang.String	getLDSVersion() Gets the version of the LDS if stored in the Security Object (SOd).
java.math.BigInteger	getSerialNumber() Gets the serial number of the document signing certificate.
java.lang.String	getSignerInfoDigestAlgorithm() Gets the name of the digest algorithm used in the signature.
java.lang.String	getUnicodeVersion() Gets the version of unicode if stored in the Security Object (SOd).
int	hashCode()
protected void	readContent(java.io.InputStream inputStream) Reads the contents of the data group from an input stream.
java.lang.String	toString() Gets a textual representation of this file.
protected void	writeContent(java.io.OutputStream out) Writes the contents of the data group to an output stream.

Methods inherited from class org.jmrtd.lds.DataGroup

getLength, getTag, readObject, writeObject

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

SODFile

public SODFile(java.lang.String digestAlgorithm,
               java.lang.String digestEncryptionAlgorithm,
               java.util.Map<java.lang.Integer,byte[]> dataGroupHashes,
               byte[] encryptedDigest,
               java.security.cert.X509Certificate docSigningCertificate)
        throws java.security.NoSuchAlgorithmException,
               java.security.cert.CertificateException

Constructs a Security Object data structure.

Parameters:

digestAlgorithm - a digest algorithm, such as "SHA-1" or "SHA-256"

digestEncryptionAlgorithm - a digest encryption algorithm, such as "SHA256withRSA"

dataGroupHashes - maps datagroup numbers (1 to 16) to hashes of the data groups

encryptedDigest - ???

docSigningCertificate - the document signing certificate

Throws:

java.security.NoSuchAlgorithmException - if either of the algorithm parameters is not recognized

java.security.cert.CertificateException - if the document signing certificate cannot be used

SODFile

public SODFile(java.lang.String digestAlgorithm,
               java.lang.String digestEncryptionAlgorithm,
               java.util.Map<java.lang.Integer,byte[]> dataGroupHashes,
               java.security.PrivateKey privateKey,
               java.security.cert.X509Certificate docSigningCertificate,
               java.lang.String provider)
        throws java.security.NoSuchAlgorithmException,
               java.security.cert.CertificateException

Constructs a Security Object data structure using a specified signature provider.

Parameters:

digestAlgorithm - a digest algorithm, such as "SHA-1" or "SHA-256"

digestEncryptionAlgorithm - a digest encryption algorithm, such as "SHA256withRSA"

dataGroupHashes - maps datagroup numbers (1 to 16) to hashes of the data groups

privateKey - private key to sign the data

docSigningCertificate - the document signing certificate

provider - specific signature provider that should be used to create the signature

Throws:

java.security.NoSuchAlgorithmException - if either of the algorithm parameters is not recognized

java.security.cert.CertificateException - if the document signing certificate cannot be used

SODFile

public SODFile(java.lang.String digestAlgorithm,
               java.lang.String digestEncryptionAlgorithm,
               java.util.Map<java.lang.Integer,byte[]> dataGroupHashes,
               java.security.PrivateKey privateKey,
               java.security.cert.X509Certificate docSigningCertificate,
               java.lang.String provider,
               java.lang.String ldsVersion,
               java.lang.String unicodeVersion)
        throws java.security.NoSuchAlgorithmException,
               java.security.cert.CertificateException

Constructs a Security Object data structure using a specified signature provider.

Parameters:

digestAlgorithm - a digest algorithm, such as "SHA-1" or "SHA-256"

digestEncryptionAlgorithm - a digest encryption algorithm, such as "SHA256withRSA"

dataGroupHashes - maps datagroup numbers (1 to 16) to hashes of the data groups

privateKey - private key to sign the data

docSigningCertificate - the document signing certificate

provider - specific signature provider that should be used to create the signature

ldsVersion - LDS version

unicodeVersion - Unicode version

Throws:

java.security.NoSuchAlgorithmException - if either of the algorithm parameters is not recognized

java.security.cert.CertificateException - if the document signing certificate cannot be used

SODFile

public SODFile(java.lang.String digestAlgorithm,
               java.lang.String digestEncryptionAlgorithm,
               java.util.Map<java.lang.Integer,byte[]> dataGroupHashes,
               java.security.PrivateKey privateKey,
               java.security.cert.X509Certificate docSigningCertificate)
        throws java.security.NoSuchAlgorithmException,
               java.security.cert.CertificateException

Constructs a Security Object data structure.

Parameters:

digestAlgorithm - a digest algorithm, such as "SHA1" or "SHA256"

digestEncryptionAlgorithm - a digest encryption algorithm, such as "SHA256withRSA"

dataGroupHashes - maps datagroup numbers (1 to 16) to hashes of the data groups

privateKey - private key to sign the data

docSigningCertificate - the document signing certificate

Throws:

java.security.NoSuchAlgorithmException - if either of the algorithm parameters is not recognized

java.security.cert.CertificateException - if the document signing certificate cannot be used

SODFile

public SODFile(java.io.InputStream inputStream)
        throws java.io.IOException

Constructs a Security Object data structure.

Parameters:

inputStream - some inputstream

Throws:

java.io.IOException - if something goes wrong

Method Detail

readContent

protected void readContent(java.io.InputStream inputStream)
                    throws java.io.IOException

Description copied from class: DataGroup

Reads the contents of the data group from an input stream. Client code implementing this method should only read the contents from the input stream, not the tag or length of the data group.

Specified by:

readContent in class DataGroup

Parameters:

inputStream - the input stream to read from

Throws:

java.io.IOException - on error reading from input stream

writeContent

protected void writeContent(java.io.OutputStream out)
                     throws java.io.IOException

Description copied from class: DataGroup

Writes the contents of the data group to an output stream. Client code implementing this method should only write the contents to the output stream, not the tag or length of the data group.

Specified by:

writeContent in class DataGroup

Parameters:

out - the output stream to write to

Throws:

java.io.IOException - on error writing to output stream

getDataGroupHashes

public java.util.Map<java.lang.Integer,byte[]> getDataGroupHashes()

Gets the stored data group hashes.

Returns:

data group hashes indexed by data group numbers (1 to 16)

getEncryptedDigest

public byte[] getEncryptedDigest()

Gets the signature (the encrypted digest) over the hashes.

Returns:

the encrypted digest

getEContent

public byte[] getEContent()

Gets the e-content inside the signed data strucure.

Returns:

the e-content

getDigestAlgorithm

public java.lang.String getDigestAlgorithm()

Gets the name of the algorithm used in the data group hashes.

Returns:

an algorithm string such as "SHA-1" or "SHA-256"

getSignerInfoDigestAlgorithm

public java.lang.String getSignerInfoDigestAlgorithm()

Gets the name of the digest algorithm used in the signature.

Returns:

an algorithm string such as "SHA-1" or "SHA-256"

getDigestEncryptionAlgorithm

public java.lang.String getDigestEncryptionAlgorithm()

Gets the name of the digest encryption algorithm used in the signature.

Returns:

an algorithm string such as "SHA256withRSA"

getLDSVersion

public java.lang.String getLDSVersion()

Gets the version of the LDS if stored in the Security Object (SOd).

Returns:

the version of the LDS in "aabb" format or null if LDS < V1.8

Since:

LDS V1.8

getUnicodeVersion

public java.lang.String getUnicodeVersion()

Gets the version of unicode if stored in the Security Object (SOd).

Returns:

the unicode version in "aabbcc" format or null if LDS < V1.8

Since:

LDS V1.8

getDocSigningCertificate

public java.security.cert.X509Certificate getDocSigningCertificate()
                                                            throws java.security.cert.CertificateException

Gets the embedded document signing certificate (if present). Use this certificate to verify that eSignature is a valid signature for eContent. This certificate itself is signed using the country signing certificate.

Returns:

the document signing certificate

Throws:

java.security.cert.CertificateException - when certificate not be constructed from this SOd

checkDocSignature

public boolean checkDocSignature(java.security.cert.Certificate docSigningCert)
                          throws java.security.GeneralSecurityException

Verifies the signature over the contents of the security object. Clients can also use the accessors of this class and check the validity of the signature for themselves. See RFC 3369, Cryptographic Message Syntax, August 2002, Section 5.4 for details.

Parameters:

docSigningCert - the certificate to use (should be X509 certificate)

Returns:

status of the verification

Throws:

java.security.GeneralSecurityException - if something goes wrong

getIssuerX500Principal

public javax.security.auth.x500.X500Principal getIssuerX500Principal()

Gets the issuer of the document signing certificate.

Returns:

a certificate issuer

getSerialNumber

public java.math.BigInteger getSerialNumber()

Gets the serial number of the document signing certificate.

Returns:

a certificate serial number

toString

public java.lang.String toString()

Gets a textual representation of this file.

Overrides:

toString in class DataGroup

Returns:

a textual representation of this file

equals

public boolean equals(java.lang.Object obj)

Overrides:

equals in class java.lang.Object

hashCode

public int hashCode()

Overrides:

hashCode in class java.lang.Object

getEncoded

public byte[] getEncoded()

Gets the contents of this file as byte array, includes the ICAO tag and length.

Specified by:

getEncoded in interface LDSElement

Returns:

a byte array containing the file