Package org.jmrtd.lds

Class SODFile

  • All Implemented Interfaces:
    java.io.Serializable, LDSElement, LDSFile
    public class SODFile
extends AbstractTaggedLDSFile
    File structure for the EF_SOD file (the Document Security Object). Based on Appendix 3 of Doc 9303 Part 1 Vol 2. Basically the Document Security Object is a SignedData type as specified in RFC 3369.
    Version:
    $Revision: 1861 $
    Author:
    The JMRTD team ([email protected])
    See Also:
    Serialized Form

    • Constructor Summary

      Constructors 
      Constructor Description
      SODFile​(java.io.InputStream inputStream)
      Constructs a Security Object data structure.
      SODFile​(java.lang.String digestAlgorithm, java.lang.String digestEncryptionAlgorithm, java.security.spec.AlgorithmParameterSpec digestEncryptionParameters, java.util.Map<java.lang.Integer,​byte[]> dataGroupHashes, byte[] encryptedDigest, java.security.cert.X509Certificate docSigningCertificate)
      Constructs a Security Object data structure.
      SODFile​(java.lang.String digestAlgorithm, java.lang.String digestEncryptionAlgorithm, java.security.spec.AlgorithmParameterSpec digestEncryptionParameters, java.util.Map<java.lang.Integer,​byte[]> dataGroupHashes, java.security.PrivateKey privateKey, java.security.cert.X509Certificate docSigningCertificate)
      Constructs a Security Object data structure.
      SODFile​(java.lang.String digestAlgorithm, java.lang.String digestEncryptionAlgorithm, java.security.spec.AlgorithmParameterSpec digestEncryptionParameters, java.util.Map<java.lang.Integer,​byte[]> dataGroupHashes, java.security.PrivateKey privateKey, java.security.cert.X509Certificate docSigningCertificate, java.lang.String provider)
      Constructs a Security Object data structure using a specified signature provider.
      SODFile​(java.lang.String digestAlgorithm, java.lang.String digestEncryptionAlgorithm, java.security.spec.AlgorithmParameterSpec digestEncryptionParameters, java.util.Map<java.lang.Integer,​byte[]> dataGroupHashes, java.security.PrivateKey privateKey, java.security.cert.X509Certificate docSigningCertificate, java.lang.String provider, java.lang.String ldsVersion, java.lang.String unicodeVersion)
      Constructs a Security Object data structure using a specified signature provider.
      SODFile​(java.lang.String digestAlgorithm, java.lang.String digestEncryptionAlgorithm, java.util.Map<java.lang.Integer,​byte[]> dataGroupHashes, byte[] encryptedDigest, java.security.cert.X509Certificate docSigningCertificate)
      Constructs a Security Object data structure.
      SODFile​(java.lang.String digestAlgorithm, java.lang.String digestEncryptionAlgorithm, java.util.Map<java.lang.Integer,​byte[]> dataGroupHashes, java.security.PrivateKey privateKey, java.security.cert.X509Certificate docSigningCertificate)
      Constructs a Security Object data structure.
      SODFile​(java.lang.String digestAlgorithm, java.lang.String digestEncryptionAlgorithm, java.util.Map<java.lang.Integer,​byte[]> dataGroupHashes, java.security.PrivateKey privateKey, java.security.cert.X509Certificate docSigningCertificate, java.lang.String provider)
      Constructs a Security Object data structure using a specified signature provider.
      SODFile​(java.lang.String digestAlgorithm, java.lang.String digestEncryptionAlgorithm, java.util.Map<java.lang.Integer,​byte[]> dataGroupHashes, java.security.PrivateKey privateKey, java.security.cert.X509Certificate docSigningCertificate, java.lang.String provider, java.lang.String ldsVersion, java.lang.String unicodeVersion)
      Constructs a Security Object data structure using a specified signature provider.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean equals​(java.lang.Object obj)  
      java.util.Map<java.lang.Integer,​byte[]> getDataGroupHashes()
      Returns the stored data group hashes indexed by data group number.
      java.lang.String getDigestAlgorithm()
      Returns the name of the algorithm used in the data group hashes.
      java.lang.String getDigestEncryptionAlgorithm()
      Returns the name of the digest encryption algorithm used in the signature.
      java.security.spec.AlgorithmParameterSpec getDigestEncryptionAlgorithmParams()
      Returns the parameters of the digest encryption (signature) algorithm.
      java.security.cert.X509Certificate getDocSigningCertificate()
      Returns the embedded document signing certificate (if present) or null if not present.
      java.util.List<java.security.cert.X509Certificate> getDocSigningCertificates()
      Returns any embedded (document signing) certificates.
      byte[] getEContent()
      Returns the encoded contents of the signed data over which the signature is to be computed.
      byte[] getEncoded()
      Returns the contents of this file as byte array, includes the ICAO tag and length.
      byte[] getEncryptedDigest()
      Returns the signature (the encrypted digest) over the hashes.
      javax.security.auth.x500.X500Principal getIssuerX500Principal()
      Returns the issuer name of the document signing certificate as it appears in the signer-info in the signed-data structure This returns null when the signer is identified through subject-key-identifier instead.
      java.lang.String getLDSVersion()
      Returns the version of the LDS if stored in the Security Object (SOd).
      java.math.BigInteger getSerialNumber()
      Returns the serial number as it appears in the signer-info in the signed-data structure.
      java.lang.String getSignerInfoDigestAlgorithm()
      Returns the name of the digest algorithm used in the signature.
      byte[] getSubjectKeyIdentifier()
      Returns the signer's subject-key-identifier as it appears in the signer-info in the signed-data structure.
      java.lang.String getUnicodeVersion()
      Returns the version of unicode if stored in the Security Object (SOd).
      int hashCode()  
      protected void readContent​(java.io.InputStream inputStream)
      Reads the contents of the data group from an input stream.
      java.lang.String toString()
      Returns a textual representation of this file.
      protected void writeContent​(java.io.OutputStream outputStream)
      Writes the contents of the data group to an output stream.

      • Methods inherited from class java.lang.Object

        clone, finalize, getClass, notify, notifyAll, wait, wait, wait

    • Constructor Detail

      • SODFile

        public SODFile​(java.lang.String digestAlgorithm,
               java.lang.String digestEncryptionAlgorithm,
               java.util.Map<java.lang.Integer,​byte[]> dataGroupHashes,
               java.security.PrivateKey privateKey,
               java.security.cert.X509Certificate docSigningCertificate)
        throws java.security.GeneralSecurityException
        Constructs a Security Object data structure.
        Parameters:
        digestAlgorithm - a digest algorithm, such as "SHA1" or "SHA256"
        digestEncryptionAlgorithm - a digest encryption algorithm, such as "SHA256withRSA"
        dataGroupHashes - maps datagroup numbers (1 to 16) to hashes of the data groups
        privateKey - private key to sign the data
        docSigningCertificate - the document signing certificate
        Throws:
        java.security.GeneralSecurityException - if either of the algorithm parameters is not recognized, or if the document signing certificate cannot be used

      • SODFile

        public SODFile​(java.lang.String digestAlgorithm,
               java.lang.String digestEncryptionAlgorithm,
               java.security.spec.AlgorithmParameterSpec digestEncryptionParameters,
               java.util.Map<java.lang.Integer,​byte[]> dataGroupHashes,
               java.security.PrivateKey privateKey,
               java.security.cert.X509Certificate docSigningCertificate)
        throws java.security.GeneralSecurityException
        Constructs a Security Object data structure.
        Parameters:
        digestAlgorithm - a digest algorithm, such as "SHA1" or "SHA256"
        digestEncryptionAlgorithm - a digest encryption algorithm, such as "SHA256withRSA"
        digestEncryptionParameters - the digest encryption algorithm parameters
        dataGroupHashes - maps datagroup numbers (1 to 16) to hashes of the data groups
        privateKey - private key to sign the data
        docSigningCertificate - the document signing certificate
        Throws:
        java.security.GeneralSecurityException - if either of the algorithm parameters is not recognized, or if the document signing certificate cannot be used

      • SODFile

        public SODFile​(java.lang.String digestAlgorithm,
               java.lang.String digestEncryptionAlgorithm,
               java.util.Map<java.lang.Integer,​byte[]> dataGroupHashes,
               java.security.PrivateKey privateKey,
               java.security.cert.X509Certificate docSigningCertificate,
               java.lang.String provider)
        throws java.security.GeneralSecurityException
        Constructs a Security Object data structure using a specified signature provider.
        Parameters:
        digestAlgorithm - a digest algorithm, such as "SHA-1" or "SHA-256"
        digestEncryptionAlgorithm - a digest encryption algorithm, such as "SHA256withRSA"
        dataGroupHashes - maps datagroup numbers (1 to 16) to hashes of the data groups
        privateKey - private key to sign the contents
        docSigningCertificate - the document signing certificate to embed
        provider - specific signature provider that should be used to create the signature
        Throws:
        java.security.GeneralSecurityException - if either of the algorithm parameters is not recognized, or if the document signing certificate cannot be used

      • SODFile

        public SODFile​(java.lang.String digestAlgorithm,
               java.lang.String digestEncryptionAlgorithm,
               java.security.spec.AlgorithmParameterSpec digestEncryptionParameters,
               java.util.Map<java.lang.Integer,​byte[]> dataGroupHashes,
               java.security.PrivateKey privateKey,
               java.security.cert.X509Certificate docSigningCertificate,
               java.lang.String provider)
        throws java.security.GeneralSecurityException
        Constructs a Security Object data structure using a specified signature provider.
        Parameters:
        digestAlgorithm - a digest algorithm, such as "SHA-1" or "SHA-256"
        digestEncryptionAlgorithm - a digest encryption algorithm, such as "SHA256withRSA"
        digestEncryptionParameters - the digest encryption algorithm parameters
        dataGroupHashes - maps datagroup numbers (1 to 16) to hashes of the data groups
        privateKey - private key to sign the contents
        docSigningCertificate - the document signing certificate to embed
        provider - specific signature provider that should be used to create the signature
        Throws:
        java.security.GeneralSecurityException - if either of the algorithm parameters is not recognized, or if the document signing certificate cannot be used

      • SODFile

        public SODFile​(java.lang.String digestAlgorithm,
               java.lang.String digestEncryptionAlgorithm,
               java.util.Map<java.lang.Integer,​byte[]> dataGroupHashes,
               java.security.PrivateKey privateKey,
               java.security.cert.X509Certificate docSigningCertificate,
               java.lang.String provider,
               java.lang.String ldsVersion,
               java.lang.String unicodeVersion)
        throws java.security.GeneralSecurityException
        Constructs a Security Object data structure using a specified signature provider.
        Parameters:
        digestAlgorithm - a digest algorithm, such as "SHA-1" or "SHA-256"
        digestEncryptionAlgorithm - a digest encryption algorithm, such as "SHA256withRSA"
        dataGroupHashes - maps datagroup numbers (1 to 16) to hashes of the data groups
        privateKey - private key to sign the data
        docSigningCertificate - the document signing certificate
        provider - specific signature provider that should be used to create the signature
        ldsVersion - LDS version
        unicodeVersion - Unicode version
        Throws:
        java.security.GeneralSecurityException - if either of the algorithm parameters is not recognized, or if the document signing certificate cannot be used

      • SODFile

        public SODFile​(java.lang.String digestAlgorithm,
               java.lang.String digestEncryptionAlgorithm,
               java.security.spec.AlgorithmParameterSpec digestEncryptionParameters,
               java.util.Map<java.lang.Integer,​byte[]> dataGroupHashes,
               java.security.PrivateKey privateKey,
               java.security.cert.X509Certificate docSigningCertificate,
               java.lang.String provider,
               java.lang.String ldsVersion,
               java.lang.String unicodeVersion)
        throws java.security.GeneralSecurityException
        Constructs a Security Object data structure using a specified signature provider.
        Parameters:
        digestAlgorithm - a digest algorithm, such as "SHA-1" or "SHA-256"
        digestEncryptionAlgorithm - a digest encryption algorithm, such as "SHA256withRSA"
        digestEncryptionParameters - the digest encryption algorithm parameters
        dataGroupHashes - maps datagroup numbers (1 to 16) to hashes of the data groups
        privateKey - private key to sign the data
        docSigningCertificate - the document signing certificate
        provider - specific signature provider that should be used to create the signature
        ldsVersion - LDS version
        unicodeVersion - Unicode version
        Throws:
        java.security.GeneralSecurityException - if either of the algorithm parameters is not recognized, or if the document signing certificate cannot be used

      • SODFile

        public SODFile​(java.lang.String digestAlgorithm,
               java.lang.String digestEncryptionAlgorithm,
               java.util.Map<java.lang.Integer,​byte[]> dataGroupHashes,
               byte[] encryptedDigest,
               java.security.cert.X509Certificate docSigningCertificate)
        throws java.security.GeneralSecurityException
        Constructs a Security Object data structure.
        Parameters:
        digestAlgorithm - a digest algorithm, such as "SHA-1" or "SHA-256"
        digestEncryptionAlgorithm - a digest encryption algorithm, such as "SHA256withRSA"
        dataGroupHashes - maps datagroup numbers (1 to 16) to hashes of the data groups
        encryptedDigest - externally signed contents
        docSigningCertificate - the document signing certificate
        Throws:
        java.security.GeneralSecurityException - if either of the algorithm parameters is not recognized, or if the document signing certificate cannot be used

      • SODFile

        public SODFile​(java.lang.String digestAlgorithm,
               java.lang.String digestEncryptionAlgorithm,
               java.security.spec.AlgorithmParameterSpec digestEncryptionParameters,
               java.util.Map<java.lang.Integer,​byte[]> dataGroupHashes,
               byte[] encryptedDigest,
               java.security.cert.X509Certificate docSigningCertificate)
        throws java.security.GeneralSecurityException
        Constructs a Security Object data structure.
        Parameters:
        digestAlgorithm - a digest algorithm, such as "SHA-1" or "SHA-256"
        digestEncryptionAlgorithm - a digest encryption algorithm, such as "SHA256withRSA"
        digestEncryptionParameters - the digest encryption algorithm parameters
        dataGroupHashes - maps datagroup numbers (1 to 16) to hashes of the data groups
        encryptedDigest - externally signed contents
        docSigningCertificate - the document signing certificate
        Throws:
        java.security.GeneralSecurityException - if either of the algorithm parameters is not recognized, or if the document signing certificate cannot be used

      • SODFile

        public SODFile​(java.io.InputStream inputStream)
        throws java.io.IOException
        Constructs a Security Object data structure.
        Parameters:
        inputStream - some inputstream
        Throws:
        java.io.IOException - if something goes wrong

    • Method Detail

      • readContent

        protected void readContent​(java.io.InputStream inputStream)
                    throws java.io.IOException
        Description copied from class: AbstractTaggedLDSFile
        Reads the contents of the data group from an input stream. Client code implementing this method should only read the contents from the input stream, not the tag or length of the data group.
        Specified by:
        readContent in class AbstractTaggedLDSFile
        Parameters:
        inputStream - the input stream to read from
        Throws:
        java.io.IOException - on error reading from input stream

      • writeContent

        protected void writeContent​(java.io.OutputStream outputStream)
                     throws java.io.IOException
        Description copied from class: AbstractTaggedLDSFile
        Writes the contents of the data group to an output stream. Client code implementing this method should only write the contents to the output stream, not the tag or length of the data group.
        Specified by:
        writeContent in class AbstractTaggedLDSFile
        Parameters:
        outputStream - the output stream to write to
        Throws:
        java.io.IOException - on error writing to output stream

      • getDataGroupHashes

        public java.util.Map<java.lang.Integer,​byte[]> getDataGroupHashes()
        Returns the stored data group hashes indexed by data group number.
        Returns:
        data group hashes indexed by data group number (1 to 16)

      • getEncryptedDigest

        public byte[] getEncryptedDigest()
        Returns the signature (the encrypted digest) over the hashes.
        Returns:
        the encrypted digest

      • getDigestEncryptionAlgorithmParams

        public java.security.spec.AlgorithmParameterSpec getDigestEncryptionAlgorithmParams()
        Returns the parameters of the digest encryption (signature) algorithm. For instance for "RSASSA/PSS" this includes the hash algorithm and the salt length.
        Returns:
        the algorithm parameters

      • getEContent

        public byte[] getEContent()
                   throws java.security.SignatureException
        Returns the encoded contents of the signed data over which the signature is to be computed.
        Returns:
        the encoded contents
        Throws:
        java.security.SignatureException - if the contents do not check out

      • getDigestAlgorithm

        public java.lang.String getDigestAlgorithm()
        Returns the name of the algorithm used in the data group hashes.
        Returns:
        an algorithm string such as "SHA-1" or "SHA-256"

      • getSignerInfoDigestAlgorithm

        public java.lang.String getSignerInfoDigestAlgorithm()
        Returns the name of the digest algorithm used in the signature.
        Returns:
        an algorithm string such as "SHA-1" or "SHA-256"

      • getDigestEncryptionAlgorithm

        public java.lang.String getDigestEncryptionAlgorithm()
        Returns the name of the digest encryption algorithm used in the signature.
        Returns:
        an algorithm string such as "SHA256withRSA"

      • getLDSVersion

        public java.lang.String getLDSVersion()
        Returns the version of the LDS if stored in the Security Object (SOd).
        Returns:
        the version of the LDS in "aabb" format or null if LDS < V1.8
        Since:
        LDS V1.8

      • getUnicodeVersion

        public java.lang.String getUnicodeVersion()
        Returns the version of unicode if stored in the Security Object (SOd).
        Returns:
        the unicode version in "aabbcc" format or null if LDS < V1.8
        Since:
        LDS V1.8

      • getDocSigningCertificates

        public java.util.List<java.security.cert.X509Certificate> getDocSigningCertificates()
        Returns any embedded (document signing) certificates. If the document signing certificate is embedded, a list of size 1 is returned. If a document signing certificate is not embedded, the empty list is returned. Doc 9303 part 10 (in our interpretation) does not allow multiple certificates here, PKCS7 does allow this.
        Returns:
        the document signing certificate

      • getDocSigningCertificate

        public java.security.cert.X509Certificate getDocSigningCertificate()
        Returns the embedded document signing certificate (if present) or null if not present. Use this certificate to verify that eSignature is a valid signature for eContent. This certificate itself is signed using the country signing certificate.
        Returns:
        the document signing certificate

      • getIssuerX500Principal

        public javax.security.auth.x500.X500Principal getIssuerX500Principal()
        Returns the issuer name of the document signing certificate as it appears in the signer-info in the signed-data structure This returns null when the signer is identified through subject-key-identifier instead.
        Returns:
        a certificate issuer, or null if not present

      • getSerialNumber

        public java.math.BigInteger getSerialNumber()
        Returns the serial number as it appears in the signer-info in the signed-data structure. This returns null when the signer is identified through subject-key-identifier instead.
        Returns:
        a certificate serial number, or null if not present

      • getSubjectKeyIdentifier

        public byte[] getSubjectKeyIdentifier()
        Returns the signer's subject-key-identifier as it appears in the signer-info in the signed-data structure. This returns null when the signer is identified through issuer name and serial instead.
        Returns:
        the subject-key-identifier, or null if not present

      • toString

        public java.lang.String toString()
        Returns a textual representation of this file.
        Overrides:
        toString in class AbstractTaggedLDSFile
        Returns:
        a textual representation of this file

      • equals

        public boolean equals​(java.lang.Object obj)
        Overrides:
        equals in class java.lang.Object

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class java.lang.Object

      • getEncoded

        public byte[] getEncoded()
        Returns the contents of this file as byte array, includes the ICAO tag and length.
        Specified by:
        getEncoded in interface LDSElement
        Returns:
        a byte array containing the file