Package org.jmrtd.lds

Class SignedDataUtil

  • public final class SignedDataUtil
extends Object
    Utility class for helping with CMS SignedData in security object document and card security file. This hopefully abstracts some of the BC dependencies away.
    Version:
    $Revision: 1799 $
    Author:
    The JMRTD team ([email protected])

    • Field Detail

      • RFC_3369_SIGNED_DATA_OID

        public static final String RFC_3369_SIGNED_DATA_OID
        SignedData related object identifier.
        See Also:
        Constant Field Values

      • RFC_3369_CONTENT_TYPE_OID

        public static final String RFC_3369_CONTENT_TYPE_OID
        SignedData related object identifier.
        See Also:
        Constant Field Values

      • RFC_3369_MESSAGE_DIGEST_OID

        public static final String RFC_3369_MESSAGE_DIGEST_OID
        SignedData related object identifier.
        See Also:
        Constant Field Values

      • PKCS1_MD2_WITH_RSA_OID

        public static final String PKCS1_MD2_WITH_RSA_OID
        SignedData related object identifier.
        See Also:
        Constant Field Values

      • PKCS1_MD4_WITH_RSA_OID

        public static final String PKCS1_MD4_WITH_RSA_OID
        SignedData related object identifier.
        See Also:
        Constant Field Values

      • PKCS1_MD5_WITH_RSA_OID

        public static final String PKCS1_MD5_WITH_RSA_OID
        SignedData related object identifier.
        See Also:
        Constant Field Values

      • PKCS1_SHA1_WITH_RSA_OID

        public static final String PKCS1_SHA1_WITH_RSA_OID
        SignedData related object identifier.
        See Also:
        Constant Field Values

      • PKCS1_RSASSA_PSS_OID

        public static final String PKCS1_RSASSA_PSS_OID
        SignedData related object identifier.
        See Also:
        Constant Field Values

      • PKCS1_SHA256_WITH_RSA_OID

        public static final String PKCS1_SHA256_WITH_RSA_OID
        SignedData related object identifier.
        See Also:
        Constant Field Values

      • PKCS1_SHA384_WITH_RSA_OID

        public static final String PKCS1_SHA384_WITH_RSA_OID
        SignedData related object identifier.
        See Also:
        Constant Field Values

      • PKCS1_SHA512_WITH_RSA_OID

        public static final String PKCS1_SHA512_WITH_RSA_OID
        SignedData related object identifier.
        See Also:
        Constant Field Values

      • PKCS1_SHA224_WITH_RSA_OID

        public static final String PKCS1_SHA224_WITH_RSA_OID
        SignedData related object identifier.
        See Also:
        Constant Field Values

      • X9_SHA1_WITH_ECDSA_OID

        public static final String X9_SHA1_WITH_ECDSA_OID
        SignedData related object identifier.
        See Also:
        Constant Field Values

      • X9_SHA224_WITH_ECDSA_OID

        public static final String X9_SHA224_WITH_ECDSA_OID
        SignedData related object identifier.
        See Also:
        Constant Field Values

      • X9_SHA256_WITH_ECDSA_OID

        public static final String X9_SHA256_WITH_ECDSA_OID
        SignedData related object identifier.
        See Also:
        Constant Field Values

      • X9_SHA384_WITH_ECDSA_OID

        public static final String X9_SHA384_WITH_ECDSA_OID
        SignedData related object identifier.
        See Also:
        Constant Field Values

      • X9_SHA512_WITH_ECDSA_OID

        public static final String X9_SHA512_WITH_ECDSA_OID
        SignedData related object identifier.
        See Also:
        Constant Field Values

      • IEEE_P1363_SHA1_OID

        public static final String IEEE_P1363_SHA1_OID
        SignedData related object identifier.
        See Also:
        Constant Field Values

    • Method Detail

      • readSignedData

        public static SignedData readSignedData​(InputStream inputStream)
                                 throws IOException
        Reads a signed data structure from a stream.
        Parameters:
        inputStream - the stream to read from
        Returns:
        the signed data structure
        Throws:
        IOException - on error reading from the stream

      • writeData

        public static void writeData​(SignedData signedData,
                             OutputStream outputStream)
                      throws IOException
        Writes a signed data structure to a stream.
        Parameters:
        signedData - the signed data to write
        outputStream - the stream to write to
        Throws:
        IOException - on error writing to the stream

      • getContent

        public static ASN1Primitive getContent​(SignedData signedData)
        Extracts the content from a signed data structure.
        Parameters:
        signedData - the signed data
        Returns:
        the contents of the e-content in the signed data structure

      • getObjectFromTaggedObject

        public static ASN1Primitive getObjectFromTaggedObject​(ASN1Encodable asn1Encodable)
                                               throws IOException
        Removes the tag from a tagged object.
        Parameters:
        asn1Encodable - the encoded tagged object
        Returns:
        the object
        Throws:
        IOException - if the input is not a tagged object or the tagNo is not 0

      • getSignerInfoDigestAlgorithm

        public static String getSignerInfoDigestAlgorithm​(SignedData signedData)
        Returns the digest algirithm used in the signer info in a signed data structure.
        Parameters:
        signedData - the signed data structure
        Returns:
        the digest algorithm

      • getDigestEncryptionAlgorithmParams

        public static AlgorithmParameterSpec getDigestEncryptionAlgorithmParams​(SignedData signedData)
        Returns the parameters of the digest encryption (signature) algorithm used in the given signed data object. For instance for "RSASSA/PSS" this includes the hash algorithm and the salt length.
        Parameters:
        signedData - the signed data object
        Returns:
        the algorithm parameters

      • getDigestEncryptionAlgorithm

        public static String getDigestEncryptionAlgorithm​(SignedData signedData)
        Returns the signature algorithm used in the given signed data structure.
        Parameters:
        signedData - the signed data structure
        Returns:
        a JCE mnemonic algorithm string

      • getEContent

        public static byte[] getEContent​(SignedData signedData)
                          throws SignatureException
        Returns the contents of the signed data over which the signature is to be computed. See RFC 3369, Cryptographic Message Syntax, August 2002, Section 5.4 for details. FIXME: Maybe throw an exception instead of issuing warnings on logger if signed attributes do not check out.
        Parameters:
        signedData - the signed data
        Returns:
        the contents of the security object over which the signature is to be computed
        Throws:
        SignatureException - if the contents do not check out

      • getEncryptedDigest

        public static byte[] getEncryptedDigest​(SignedData signedData)
        Returns the stored signature of the security object.
        Parameters:
        signedData - the signed data
        Returns:
        the signature

      • getIssuerAndSerialNumber

        public static IssuerAndSerialNumber getIssuerAndSerialNumber​(SignedData signedData)
        Returns the issuer and serial number stored in the given signed data structure.
        Parameters:
        signedData - the signed data structure
        Returns:
        the issuer and serial number

      • getObjectsFromOctetString

        public static List<ASN1Primitive> getObjectsFromOctetString​(ASN1OctetString octetString)
        Reads any objects in the given ASN1 octet string (as an ASN1 input stream).
        Parameters:
        octetString - the octet string
        Returns:
        a list of objects read

      • getCertificates

        public static List<X509Certificate> getCertificates​(SignedData signedData)
        Extracts the list of embedded certificates from a signed data object.
        Parameters:
        signedData - the signed data object
        Returns:
        the list of certificates

      • createSignedData

        public static SignedData createSignedData​(String digestAlgorithm,
                                          String digestEncryptionAlgorithm,
                                          String contentTypeOID,
                                          ContentInfo contentInfo,
                                          byte[] encryptedDigest,
                                          X509Certificate docSigningCertificate)
                                   throws GeneralSecurityException
        Creates a signed data structure, for inclusion in a security object.
        Parameters:
        digestAlgorithm - the digest algorithm
        digestEncryptionAlgorithm - the signature algorithm
        contentTypeOID - the object identifier
        contentInfo - the content info
        encryptedDigest - the signature bytes
        docSigningCertificate - the document signer certificate
        Returns:
        the signed data structure
        Throws:
        GeneralSecurityException - on error

      • createSignerInfo

        public static SignerInfo createSignerInfo​(String digestAlgorithm,
                                          String digestEncryptionAlgorithm,
                                          String contentTypeOID,
                                          ContentInfo contentInfo,
                                          byte[] encryptedDigest,
                                          X509Certificate docSigningCertificate)
                                   throws GeneralSecurityException
        Creates a signer info structures.
        Parameters:
        digestAlgorithm - the digest algorithm
        digestEncryptionAlgorithm - the signature algorithm
        contentTypeOID - the object identifier
        contentInfo - the content info
        encryptedDigest - the signature bytes
        docSigningCertificate - the document signer certificate
        Returns:
        the signer info structure
        Throws:
        GeneralSecurityException - on error

      • createAuthenticatedAttributes

        public static ASN1Set createAuthenticatedAttributes​(String digestAlgorithm,
                                                    String contentTypeOID,
                                                    ContentInfo contentInfo)
                                             throws GeneralSecurityException
        Creates the authenticated attributes to be signed.
        Parameters:
        digestAlgorithm - the digest algorithm
        contentTypeOID - the object identifier
        contentInfo - the content info to digest
        Returns:
        authenticated attributes to be signed
        Throws:
        GeneralSecurityException - on error

      • createDigestAlgorithms

        public static ASN1Sequence createDigestAlgorithms​(String digestAlgorithm)
                                           throws NoSuchAlgorithmException
        Encodes the given JCE mnemonic digest algorithm as an BC ASN1 sequence.
        Parameters:
        digestAlgorithm - the JCE mnemonic digest algorithm
        Returns:
        the encoded digest algorithm
        Throws:
        NoSuchAlgorithmException - when the digest algorithm is not known

      • signData

        public static byte[] signData​(String digestAlgorithm,
                              String digestEncryptionAlgorithm,
                              String contentTypeOID,
                              ContentInfo contentInfo,
                              PrivateKey privateKey,
                              String provider)
        Signs the (authenticated attributes derived from the given) data.
        Parameters:
        digestAlgorithm - the digest algorithm
        digestEncryptionAlgorithm - the signature algorithm
        contentTypeOID - the object identifier
        contentInfo - the content info
        privateKey - the private key to use for signing
        provider - the preferred provider to use
        Returns:
        the signed data

      • lookupMnemonicByOID

        public static String lookupMnemonicByOID​(String oid)
                                  throws NoSuchAlgorithmException
        Returns the common mnemonic string (such as "SHA1", "SHA256withRSA") given an OID.
        Parameters:
        oid - an object identifier
        Returns:
        a mnemonic string
        Throws:
        NoSuchAlgorithmException - if the provided OID is not yet supported

      • lookupOIDByMnemonic

        public static String lookupOIDByMnemonic​(String name)
                                  throws NoSuchAlgorithmException
        Looks up an object identifier for the given JCE mnemonic.
        Parameters:
        name - a JCE mnemonic string
        Returns:
        an object identifier if known
        Throws:
        NoSuchAlgorithmException - if the mnemonic does not correspond to a known object identifier