/** * Get the Java security JCA/JCE key algorithm specifier associated with an algorithm URI. * * @param algorithmURI the algorithm URI to evaluate * @return the Java key algorithm specifier, or null if the mapping is unavailable or indeterminable from the URI */ public static String getKeyAlgorithmFromURI(String algorithmURI) { // The default Apache config file currently only includes the key algorithm for // the block ciphers and key wrap URI's. Note: could use a custom config file which contains others. String apacheValue = DatatypeHelper.safeTrimOrNullString(JCEMapper.getJCEKeyAlgorithmFromURI(algorithmURI)); if (apacheValue != null) { return apacheValue; } // HMAC uses any symmetric key, so there is no implied specific key algorithm if (isHMAC(algorithmURI)) { return null; } // As a last ditch fallback, check some known common and supported ones. if (rsaAlgorithmURIs.contains(algorithmURI)) { return "RSA"; } if (dsaAlgorithmURIs.contains(algorithmURI)) { return "DSA"; } if (ecdsaAlgorithmURIs.contains(algorithmURI)) { return "EC"; } return null; }
/** * Get the Java security JCA/JCE key algorithm specifier associated with an algorithm URI. * * @param algorithmURI the algorithm URI to evaluate * @return the Java key algorithm specifier, or null if the mapping is unavailable or indeterminable from the URI */ public static String getKeyAlgorithmFromURI(String algorithmURI) { // The default Apache config file currently only includes the key algorithm for // the block ciphers and key wrap URI's. Note: could use a custom config file which contains others. String apacheValue = DatatypeHelper.safeTrimOrNullString(JCEMapper.getJCEKeyAlgorithmFromURI(algorithmURI)); if (apacheValue != null) { return apacheValue; } // HMAC uses any symmetric key, so there is no implied specific key algorithm if (isHMAC(algorithmURI)) { return null; } // As a last ditch fallback, check some known common and supported ones. if (rsaAlgorithmURIs.contains(algorithmURI)) { return "RSA"; } if (dsaAlgorithmURIs.contains(algorithmURI)) { return "DSA"; } if (ecdsaAlgorithmURIs.contains(algorithmURI)) { return "EC"; } return null; }
/** * Verify the signature value computed over the supplied input against the supplied signature value. * * It is up to the caller to ensure that the specified algorithm URI are consistent with the type of verification * credential supplied. * * @param verificationCredential the credential containing the verification key * @param algorithmURI the algorithm URI to use * @param signature the computed signature value received from the signer * @param input the input over which the signature is computed and verified * @return true if the signature value computed over the input using the supplied key and algorithm ID is identical * to the supplied signature value * @throws SecurityException thrown if the signature computation or verification process results in an error */ public static boolean verifyWithURI(Credential verificationCredential, String algorithmURI, byte[] signature, byte[] input) throws SecurityException { String jcaAlgorithmID = SecurityHelper.getAlgorithmIDFromURI(algorithmURI); if (jcaAlgorithmID == null) { throw new SecurityException("Could not derive JCA algorithm identifier from algorithm URI"); } boolean isHMAC = SecurityHelper.isHMAC(algorithmURI); return verify(verificationCredential, jcaAlgorithmID, isHMAC, signature, input); }
/** * Compute the signature or MAC value over the supplied input. * * It is up to the caller to ensure that the specified algorithm URI is consistent with the type of signing key * supplied in the signing credential. * * @param signingCredential the credential containing the signing key * @param algorithmURI the algorithm URI to use * @param input the input over which to compute the signature * @return the computed signature or MAC value * @throws SecurityException throw if the computation process results in an error */ public static byte[] signWithURI(Credential signingCredential, String algorithmURI, byte[] input) throws SecurityException { String jcaAlgorithmID = SecurityHelper.getAlgorithmIDFromURI(algorithmURI); if (jcaAlgorithmID == null) { throw new SecurityException("Could not derive JCA algorithm identifier from algorithm URI"); } boolean isHMAC = SecurityHelper.isHMAC(algorithmURI); return sign(signingCredential, jcaAlgorithmID, isHMAC, input); }
/** * Compute the signature or MAC value over the supplied input. * * It is up to the caller to ensure that the specified algorithm URI is consistent with the type of signing key * supplied in the signing credential. * * @param signingCredential the credential containing the signing key * @param algorithmURI the algorithm URI to use * @param input the input over which to compute the signature * @return the computed signature or MAC value * @throws SecurityException throw if the computation process results in an error */ public static byte[] signWithURI(Credential signingCredential, String algorithmURI, byte[] input) throws SecurityException { String jcaAlgorithmID = SecurityHelper.getAlgorithmIDFromURI(algorithmURI); if (jcaAlgorithmID == null) { throw new SecurityException("Could not derive JCA algorithm identifier from algorithm URI"); } boolean isHMAC = SecurityHelper.isHMAC(algorithmURI); return sign(signingCredential, jcaAlgorithmID, isHMAC, input); }
/** * Verify the signature value computed over the supplied input against the supplied signature value. * * It is up to the caller to ensure that the specified algorithm URI are consistent with the type of verification * credential supplied. * * @param verificationCredential the credential containing the verification key * @param algorithmURI the algorithm URI to use * @param signature the computed signature value received from the signer * @param input the input over which the signature is computed and verified * @return true if the signature value computed over the input using the supplied key and algorithm ID is identical * to the supplied signature value * @throws SecurityException thrown if the signature computation or verification process results in an error */ public static boolean verifyWithURI(Credential verificationCredential, String algorithmURI, byte[] signature, byte[] input) throws SecurityException { String jcaAlgorithmID = SecurityHelper.getAlgorithmIDFromURI(algorithmURI); if (jcaAlgorithmID == null) { throw new SecurityException("Could not derive JCA algorithm identifier from algorithm URI"); } boolean isHMAC = SecurityHelper.isHMAC(algorithmURI); return verify(verificationCredential, jcaAlgorithmID, isHMAC, signature, input); }
log.debug("Creating XMLSignature object"); XMLSignature dsig = null; if (signature.getHMACOutputLength() != null && SecurityHelper.isHMAC(signature.getSignatureAlgorithm())) { dsig = new XMLSignature(document, "", signature.getSignatureAlgorithm(), signature .getHMACOutputLength(), signature.getCanonicalizationAlgorithm());
if (SecurityHelper.isHMAC(signAlgo)) { if (signature.getHMACOutputLength() == null) { signature.setHMACOutputLength(secConfig.getSignatureHMACOutputLength());
if (SecurityHelper.isHMAC(signAlgo)) { if (signature.getHMACOutputLength() == null) { signature.setHMACOutputLength(secConfig.getSignatureHMACOutputLength());
log.debug("Creating XMLSignature object"); XMLSignature dsig = null; if (signature.getHMACOutputLength() != null && SecurityHelper.isHMAC(signature.getSignatureAlgorithm())) { dsig = new XMLSignature(document, "", signature.getSignatureAlgorithm(), signature .getHMACOutputLength(), signature.getCanonicalizationAlgorithm());