Package org.jmrtd.lds

Class SODFile

    • Constructor Detail

      • SODFile

        public SODFile​(String digestAlgorithm,
               String digestEncryptionAlgorithm,
               Map<Integer,byte[]> dataGroupHashes,
               PrivateKey privateKey,
               X509Certificate docSigningCertificate)
        throws GeneralSecurityException
        Constructs a Security Object data structure.
        Parameters:
        digestAlgorithm - a digest algorithm, such as "SHA1" or "SHA256"
        digestEncryptionAlgorithm - a digest encryption algorithm, such as "SHA256withRSA"
        dataGroupHashes - maps datagroup numbers (1 to 16) to hashes of the data groups
        privateKey - private key to sign the data
        docSigningCertificate - the document signing certificate
        Throws:
        GeneralSecurityException - if either of the algorithm parameters is not recognized, or if the document signing certificate cannot be used

      • SODFile

        public SODFile​(String digestAlgorithm,
               String digestEncryptionAlgorithm,
               Map<Integer,byte[]> dataGroupHashes,
               PrivateKey privateKey,
               X509Certificate docSigningCertificate,
               String provider)
        throws GeneralSecurityException
        Constructs a Security Object data structure using a specified signature provider.
        Parameters:
        digestAlgorithm - a digest algorithm, such as "SHA-1" or "SHA-256"
        digestEncryptionAlgorithm - a digest encryption algorithm, such as "SHA256withRSA"
        dataGroupHashes - maps datagroup numbers (1 to 16) to hashes of the data groups
        privateKey - private key to sign the contents
        docSigningCertificate - the document signing certificate to embed
        provider - specific signature provider that should be used to create the signature
        Throws:
        GeneralSecurityException - if either of the algorithm parameters is not recognized, or if the document signing certificate cannot be used

      • SODFile

        public SODFile​(String digestAlgorithm,
               String digestEncryptionAlgorithm,
               Map<Integer,byte[]> dataGroupHashes,
               PrivateKey privateKey,
               X509Certificate docSigningCertificate,
               String provider,
               String ldsVersion,
               String unicodeVersion)
        throws GeneralSecurityException
        Constructs a Security Object data structure using a specified signature provider.
        Parameters:
        digestAlgorithm - a digest algorithm, such as "SHA-1" or "SHA-256"
        digestEncryptionAlgorithm - a digest encryption algorithm, such as "SHA256withRSA"
        dataGroupHashes - maps datagroup numbers (1 to 16) to hashes of the data groups
        privateKey - private key to sign the data
        docSigningCertificate - the document signing certificate
        provider - specific signature provider that should be used to create the signature
        ldsVersion - LDS version
        unicodeVersion - Unicode version
        Throws:
        GeneralSecurityException - if either of the algorithm parameters is not recognized, or if the document signing certificate cannot be used

      • SODFile

        public SODFile​(String digestAlgorithm,
               String digestEncryptionAlgorithm,
               Map<Integer,byte[]> dataGroupHashes,
               byte[] encryptedDigest,
               X509Certificate docSigningCertificate)
        throws GeneralSecurityException
        Constructs a Security Object data structure.
        Parameters:
        digestAlgorithm - a digest algorithm, such as "SHA-1" or "SHA-256"
        digestEncryptionAlgorithm - a digest encryption algorithm, such as "SHA256withRSA"
        dataGroupHashes - maps datagroup numbers (1 to 16) to hashes of the data groups
        encryptedDigest - externally signed contents
        docSigningCertificate - the document signing certificate
        Throws:
        GeneralSecurityException - if either of the algorithm parameters is not recognized, or if the document signing certificate cannot be used

      • SODFile

        public SODFile​(InputStream inputStream)
        throws IOException
        Constructs a Security Object data structure.
        Parameters:
        inputStream - some inputstream
        Throws:
        IOException - if something goes wrong

    • Method Detail

      • readContent

        protected void readContent​(InputStream inputStream)
                    throws IOException
        Description copied from class: AbstractTaggedLDSFile
        Reads the contents of the data group from an input stream. Client code implementing this method should only read the contents from the input stream, not the tag or length of the data group.
        Specified by:
        readContent in class AbstractTaggedLDSFile
        Parameters:
        inputStream - the input stream to read from
        Throws:
        IOException - on error reading from input stream

      • writeContent

        protected void writeContent​(OutputStream outputStream)
                     throws IOException
        Description copied from class: AbstractTaggedLDSFile
        Writes the contents of the data group to an output stream. Client code implementing this method should only write the contents to the output stream, not the tag or length of the data group.
        Specified by:
        writeContent in class AbstractTaggedLDSFile
        Parameters:
        outputStream - the output stream to write to
        Throws:
        IOException - on error writing to output stream

      • getDataGroupHashes

        public Map<Integer,byte[]> getDataGroupHashes()
        Returns the stored data group hashes indexed by data group number.
        Returns:
        data group hashes indexed by data group number (1 to 16)

      • getEncryptedDigest

        public byte[] getEncryptedDigest()
        Returns the signature (the encrypted digest) over the hashes.
        Returns:
        the encrypted digest

      • getDigestEncryptionAlgorithmParams

        public AlgorithmParameterSpec getDigestEncryptionAlgorithmParams()
        Returns the parameters of the digest encryption (signature) algorithm. For instance for "RSASSA/PSS" this includes the hash algorithm and the salt length.
        Returns:
        the algorithm parameters

      • getEContent

        public byte[] getEContent()
                   throws SignatureException
        Returns the encoded contents of the signed data over which the signature is to be computed.
        Returns:
        the encoded contents
        Throws:
        SignatureException - if the contents do not check out

      • getDigestAlgorithm

        public String getDigestAlgorithm()
        Returns the name of the algorithm used in the data group hashes.
        Returns:
        an algorithm string such as "SHA-1" or "SHA-256"

      • getSignerInfoDigestAlgorithm

        public String getSignerInfoDigestAlgorithm()
        Returns the name of the digest algorithm used in the signature.
        Returns:
        an algorithm string such as "SHA-1" or "SHA-256"

      • getDigestEncryptionAlgorithm

        public String getDigestEncryptionAlgorithm()
        Returns the name of the digest encryption algorithm used in the signature.
        Returns:
        an algorithm string such as "SHA256withRSA"

      • getLDSVersion

        public String getLDSVersion()
        Returns the version of the LDS if stored in the Security Object (SOd).
        Returns:
        the version of the LDS in "aabb" format or null if LDS < V1.8
        Since:
        LDS V1.8

      • getUnicodeVersion

        public String getUnicodeVersion()
        Returns the version of unicode if stored in the Security Object (SOd).
        Returns:
        the unicode version in "aabbcc" format or null if LDS < V1.8
        Since:
        LDS V1.8

      • getDocSigningCertificates

        public List<X509Certificate> getDocSigningCertificates()
        Returns any embedded (document signing) certificates. If the document signing certificate is embedded, a list of size 1 is returned. If a document signing certificate is not embedded, the empty list is returned. Doc 9303 part 10 (in our interpretation) does not allow multiple certificates here, PKCS7 does allow this.
        Returns:
        the document signing certificate

      • getDocSigningCertificate

        public X509Certificate getDocSigningCertificate()
        Returns the embedded document signing certificate (if present) or null if not present. Use this certificate to verify that eSignature is a valid signature for eContent. This certificate itself is signed using the country signing certificate.
        Returns:
        the document signing certificate

      • getIssuerX500Principal

        public X500Principal getIssuerX500Principal()
        Returns the issuer name of the document signing certificate as it appears in the signer-info in the signed-data structure.
        Returns:
        a certificate issuer

      • getSerialNumber

        public BigInteger getSerialNumber()
        Returns the serial number as it appears in the signer-info in the signed-data structure.
        Returns:
        a certificate serial number

      • toString

        public String toString()
        Returns a textual representation of this file.
        Overrides:
        toString in class AbstractTaggedLDSFile
        Returns:
        a textual representation of this file

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object

      • getEncoded

        public byte[] getEncoded()
        Returns the contents of this file as byte array, includes the ICAO tag and length.
        Specified by:
        getEncoded in interface LDSElement
        Returns:
        a byte array containing the file