Package org.jmrtd.lds
Class SODFile
- java.lang.Object
-
- org.jmrtd.lds.AbstractTaggedLDSFile
-
- org.jmrtd.lds.SODFile
-
- All Implemented Interfaces:
Serializable
,LDSElement
,LDSFile
public class SODFile extends AbstractTaggedLDSFile
File structure for the EF_SOD file (the Document Security Object). Based on Appendix 3 of Doc 9303 Part 1 Vol 2. Basically the Document Security Object is a SignedData type as specified in RFC 3369.- Version:
- $Revision: 1799 $
- Author:
- The JMRTD team ([email protected])
- See Also:
- Serialized Form
-
-
Field Summary
-
Fields inherited from interface org.jmrtd.lds.LDSFile
EF_COM_TAG, EF_DG1_TAG, EF_DG10_TAG, EF_DG11_TAG, EF_DG12_TAG, EF_DG13_TAG, EF_DG14_TAG, EF_DG15_TAG, EF_DG16_TAG, EF_DG2_TAG, EF_DG3_TAG, EF_DG4_TAG, EF_DG5_TAG, EF_DG6_TAG, EF_DG7_TAG, EF_DG8_TAG, EF_DG9_TAG, EF_SOD_TAG
-
-
Constructor Summary
Constructors Constructor Description SODFile(InputStream inputStream)
Constructs a Security Object data structure.SODFile(String digestAlgorithm, String digestEncryptionAlgorithm, Map<Integer,byte[]> dataGroupHashes, byte[] encryptedDigest, X509Certificate docSigningCertificate)
Constructs a Security Object data structure.SODFile(String digestAlgorithm, String digestEncryptionAlgorithm, Map<Integer,byte[]> dataGroupHashes, PrivateKey privateKey, X509Certificate docSigningCertificate)
Constructs a Security Object data structure.SODFile(String digestAlgorithm, String digestEncryptionAlgorithm, Map<Integer,byte[]> dataGroupHashes, PrivateKey privateKey, X509Certificate docSigningCertificate, String provider)
Constructs a Security Object data structure using a specified signature provider.SODFile(String digestAlgorithm, String digestEncryptionAlgorithm, Map<Integer,byte[]> dataGroupHashes, PrivateKey privateKey, X509Certificate docSigningCertificate, String provider, String ldsVersion, String unicodeVersion)
Constructs a Security Object data structure using a specified signature provider.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
equals(Object obj)
Map<Integer,byte[]>
getDataGroupHashes()
Returns the stored data group hashes indexed by data group number.String
getDigestAlgorithm()
Returns the name of the algorithm used in the data group hashes.String
getDigestEncryptionAlgorithm()
Returns the name of the digest encryption algorithm used in the signature.AlgorithmParameterSpec
getDigestEncryptionAlgorithmParams()
Returns the parameters of the digest encryption (signature) algorithm.X509Certificate
getDocSigningCertificate()
Returns the embedded document signing certificate (if present) ornull
if not present.List<X509Certificate>
getDocSigningCertificates()
Returns any embedded (document signing) certificates.byte[]
getEContent()
Returns the encoded contents of the signed data over which the signature is to be computed.byte[]
getEncoded()
Returns the contents of this file as byte array, includes the ICAO tag and length.byte[]
getEncryptedDigest()
Returns the signature (the encrypted digest) over the hashes.X500Principal
getIssuerX500Principal()
Returns the issuer name of the document signing certificate as it appears in the signer-info in the signed-data structure.String
getLDSVersion()
Returns the version of the LDS if stored in the Security Object (SOd).BigInteger
getSerialNumber()
Returns the serial number as it appears in the signer-info in the signed-data structure.String
getSignerInfoDigestAlgorithm()
Returns the name of the digest algorithm used in the signature.String
getUnicodeVersion()
Returns the version of unicode if stored in the Security Object (SOd).int
hashCode()
protected void
readContent(InputStream inputStream)
Reads the contents of the data group from an input stream.String
toString()
Returns a textual representation of this file.protected void
writeContent(OutputStream outputStream)
Writes the contents of the data group to an output stream.-
Methods inherited from class org.jmrtd.lds.AbstractTaggedLDSFile
getLength, getTag, readObject, writeObject
-
-
-
-
Constructor Detail
-
SODFile
public SODFile(String digestAlgorithm, String digestEncryptionAlgorithm, Map<Integer,byte[]> dataGroupHashes, PrivateKey privateKey, X509Certificate docSigningCertificate) throws GeneralSecurityException
Constructs a Security Object data structure.- Parameters:
digestAlgorithm
- a digest algorithm, such as "SHA1" or "SHA256"digestEncryptionAlgorithm
- a digest encryption algorithm, such as "SHA256withRSA"dataGroupHashes
- maps datagroup numbers (1 to 16) to hashes of the data groupsprivateKey
- private key to sign the datadocSigningCertificate
- the document signing certificate- Throws:
GeneralSecurityException
- if either of the algorithm parameters is not recognized, or if the document signing certificate cannot be used
-
SODFile
public SODFile(String digestAlgorithm, String digestEncryptionAlgorithm, Map<Integer,byte[]> dataGroupHashes, PrivateKey privateKey, X509Certificate docSigningCertificate, String provider) throws GeneralSecurityException
Constructs a Security Object data structure using a specified signature provider.- Parameters:
digestAlgorithm
- a digest algorithm, such as "SHA-1" or "SHA-256"digestEncryptionAlgorithm
- a digest encryption algorithm, such as "SHA256withRSA"dataGroupHashes
- maps datagroup numbers (1 to 16) to hashes of the data groupsprivateKey
- private key to sign the contentsdocSigningCertificate
- the document signing certificate to embedprovider
- specific signature provider that should be used to create the signature- Throws:
GeneralSecurityException
- if either of the algorithm parameters is not recognized, or if the document signing certificate cannot be used
-
SODFile
public SODFile(String digestAlgorithm, String digestEncryptionAlgorithm, Map<Integer,byte[]> dataGroupHashes, PrivateKey privateKey, X509Certificate docSigningCertificate, String provider, String ldsVersion, String unicodeVersion) throws GeneralSecurityException
Constructs a Security Object data structure using a specified signature provider.- Parameters:
digestAlgorithm
- a digest algorithm, such as "SHA-1" or "SHA-256"digestEncryptionAlgorithm
- a digest encryption algorithm, such as "SHA256withRSA"dataGroupHashes
- maps datagroup numbers (1 to 16) to hashes of the data groupsprivateKey
- private key to sign the datadocSigningCertificate
- the document signing certificateprovider
- specific signature provider that should be used to create the signatureldsVersion
- LDS versionunicodeVersion
- Unicode version- Throws:
GeneralSecurityException
- if either of the algorithm parameters is not recognized, or if the document signing certificate cannot be used
-
SODFile
public SODFile(String digestAlgorithm, String digestEncryptionAlgorithm, Map<Integer,byte[]> dataGroupHashes, byte[] encryptedDigest, X509Certificate docSigningCertificate) throws GeneralSecurityException
Constructs a Security Object data structure.- Parameters:
digestAlgorithm
- a digest algorithm, such as "SHA-1" or "SHA-256"digestEncryptionAlgorithm
- a digest encryption algorithm, such as "SHA256withRSA"dataGroupHashes
- maps datagroup numbers (1 to 16) to hashes of the data groupsencryptedDigest
- externally signed contentsdocSigningCertificate
- the document signing certificate- Throws:
GeneralSecurityException
- if either of the algorithm parameters is not recognized, or if the document signing certificate cannot be used
-
SODFile
public SODFile(InputStream inputStream) throws IOException
Constructs a Security Object data structure.- Parameters:
inputStream
- some inputstream- Throws:
IOException
- if something goes wrong
-
-
Method Detail
-
readContent
protected void readContent(InputStream inputStream) throws IOException
Description copied from class:AbstractTaggedLDSFile
Reads the contents of the data group from an input stream. Client code implementing this method should only read the contents from the input stream, not the tag or length of the data group.- Specified by:
readContent
in classAbstractTaggedLDSFile
- Parameters:
inputStream
- the input stream to read from- Throws:
IOException
- on error reading from input stream
-
writeContent
protected void writeContent(OutputStream outputStream) throws IOException
Description copied from class:AbstractTaggedLDSFile
Writes the contents of the data group to an output stream. Client code implementing this method should only write the contents to the output stream, not the tag or length of the data group.- Specified by:
writeContent
in classAbstractTaggedLDSFile
- Parameters:
outputStream
- the output stream to write to- Throws:
IOException
- on error writing to output stream
-
getDataGroupHashes
public Map<Integer,byte[]> getDataGroupHashes()
Returns the stored data group hashes indexed by data group number.- Returns:
- data group hashes indexed by data group number (1 to 16)
-
getEncryptedDigest
public byte[] getEncryptedDigest()
Returns the signature (the encrypted digest) over the hashes.- Returns:
- the encrypted digest
-
getDigestEncryptionAlgorithmParams
public AlgorithmParameterSpec getDigestEncryptionAlgorithmParams()
Returns the parameters of the digest encryption (signature) algorithm. For instance for"RSASSA/PSS"
this includes the hash algorithm and the salt length.- Returns:
- the algorithm parameters
-
getEContent
public byte[] getEContent() throws SignatureException
Returns the encoded contents of the signed data over which the signature is to be computed.- Returns:
- the encoded contents
- Throws:
SignatureException
- if the contents do not check out
-
getDigestAlgorithm
public String getDigestAlgorithm()
Returns the name of the algorithm used in the data group hashes.- Returns:
- an algorithm string such as "SHA-1" or "SHA-256"
-
getSignerInfoDigestAlgorithm
public String getSignerInfoDigestAlgorithm()
Returns the name of the digest algorithm used in the signature.- Returns:
- an algorithm string such as "SHA-1" or "SHA-256"
-
getDigestEncryptionAlgorithm
public String getDigestEncryptionAlgorithm()
Returns the name of the digest encryption algorithm used in the signature.- Returns:
- an algorithm string such as "SHA256withRSA"
-
getLDSVersion
public String getLDSVersion()
Returns the version of the LDS if stored in the Security Object (SOd).- Returns:
- the version of the LDS in "aabb" format or null if LDS < V1.8
- Since:
- LDS V1.8
-
getUnicodeVersion
public String getUnicodeVersion()
Returns the version of unicode if stored in the Security Object (SOd).- Returns:
- the unicode version in "aabbcc" format or null if LDS < V1.8
- Since:
- LDS V1.8
-
getDocSigningCertificates
public List<X509Certificate> getDocSigningCertificates()
Returns any embedded (document signing) certificates. If the document signing certificate is embedded, a list of size 1 is returned. If a document signing certificate is not embedded, the empty list is returned. Doc 9303 part 10 (in our interpretation) does not allow multiple certificates here, PKCS7 does allow this.- Returns:
- the document signing certificate
-
getDocSigningCertificate
public X509Certificate getDocSigningCertificate()
Returns the embedded document signing certificate (if present) ornull
if not present. Use this certificate to verify that eSignature is a valid signature for eContent. This certificate itself is signed using the country signing certificate.- Returns:
- the document signing certificate
-
getIssuerX500Principal
public X500Principal getIssuerX500Principal()
Returns the issuer name of the document signing certificate as it appears in the signer-info in the signed-data structure.- Returns:
- a certificate issuer
-
getSerialNumber
public BigInteger getSerialNumber()
Returns the serial number as it appears in the signer-info in the signed-data structure.- Returns:
- a certificate serial number
-
toString
public String toString()
Returns a textual representation of this file.- Overrides:
toString
in classAbstractTaggedLDSFile
- Returns:
- a textual representation of this file
-
getEncoded
public byte[] getEncoded()
Returns the contents of this file as byte array, includes the ICAO tag and length.- Specified by:
getEncoded
in interfaceLDSElement
- Returns:
- a byte array containing the file
-
-