| /* |
| * Copyright 2005-2007 Sun Microsystems, Inc. All Rights Reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. Sun designates this |
| * particular file as subject to the "Classpath" exception as provided |
| * by Sun in the LICENSE file that accompanied this code. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, |
| * CA 95054 USA or visit www.sun.com if you need additional information or |
| * have any questions. |
| */ |
| /* |
| * $Id: DOMHMACSignatureMethod.java,v 1.17 2005/09/15 14:29:04 mullan Exp $ |
| */ |
| package org.jcp.xml.dsig.internal.dom; |
| |
| import javax.xml.crypto.*; |
| import javax.xml.crypto.dsig.*; |
| import javax.xml.crypto.dsig.spec.HMACParameterSpec; |
| import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec; |
| |
| import java.security.InvalidAlgorithmParameterException; |
| import java.security.InvalidKeyException; |
| import java.security.Key; |
| import java.security.MessageDigest; |
| import java.security.NoSuchAlgorithmException; |
| import java.security.SignatureException; |
| import java.security.spec.AlgorithmParameterSpec; |
| import java.util.logging.Level; |
| import java.util.logging.Logger; |
| import javax.crypto.Mac; |
| import javax.crypto.SecretKey; |
| import org.w3c.dom.Document; |
| import org.w3c.dom.Element; |
| |
| import org.jcp.xml.dsig.internal.MacOutputStream; |
| |
| /** |
| * DOM-based implementation of HMAC SignatureMethod. |
| * |
| * @author Sean Mullan |
| */ |
| public abstract class DOMHMACSignatureMethod extends DOMSignatureMethod { |
| |
| private static Logger log = |
| Logger.getLogger("org.jcp.xml.dsig.internal.dom"); |
| private Mac hmac; |
| private int outputLength; |
| |
| /** |
| * Creates a <code>DOMHMACSignatureMethod</code> with the specified params |
| * |
| * @param params algorithm-specific parameters (may be <code>null</code>) |
| * @throws InvalidAlgorithmParameterException if params are inappropriate |
| */ |
| DOMHMACSignatureMethod(AlgorithmParameterSpec params) |
| throws InvalidAlgorithmParameterException { |
| super(params); |
| } |
| |
| /** |
| * Creates a <code>DOMHMACSignatureMethod</code> from an element. |
| * |
| * @param smElem a SignatureMethod element |
| */ |
| DOMHMACSignatureMethod(Element smElem) throws MarshalException { |
| super(smElem); |
| } |
| |
| void checkParams(SignatureMethodParameterSpec params) |
| throws InvalidAlgorithmParameterException { |
| if (params != null) { |
| if (!(params instanceof HMACParameterSpec)) { |
| throw new InvalidAlgorithmParameterException |
| ("params must be of type HMACParameterSpec"); |
| } |
| outputLength = ((HMACParameterSpec) params).getOutputLength(); |
| if (log.isLoggable(Level.FINE)) { |
| log.log(Level.FINE, |
| "Setting outputLength from HMACParameterSpec to: " |
| + outputLength); |
| } |
| } else { |
| outputLength = -1; |
| } |
| } |
| |
| SignatureMethodParameterSpec unmarshalParams(Element paramsElem) |
| throws MarshalException { |
| outputLength = new Integer |
| (paramsElem.getFirstChild().getNodeValue()).intValue(); |
| if (log.isLoggable(Level.FINE)) { |
| log.log(Level.FINE, "unmarshalled outputLength: " + outputLength); |
| } |
| return new HMACParameterSpec(outputLength); |
| } |
| |
| void marshalParams(Element parent, String prefix) |
| throws MarshalException { |
| |
| Document ownerDoc = DOMUtils.getOwnerDocument(parent); |
| Element hmacElem = DOMUtils.createElement(ownerDoc, "HMACOutputLength", |
| XMLSignature.XMLNS, prefix); |
| hmacElem.appendChild(ownerDoc.createTextNode |
| (String.valueOf(outputLength))); |
| |
| parent.appendChild(hmacElem); |
| } |
| |
| boolean verify(Key key, DOMSignedInfo si, byte[] sig, |
| XMLValidateContext context) |
| throws InvalidKeyException, SignatureException, XMLSignatureException { |
| if (key == null || si == null || sig == null) { |
| throw new NullPointerException(); |
| } |
| if (!(key instanceof SecretKey)) { |
| throw new InvalidKeyException("key must be SecretKey"); |
| } |
| if (hmac == null) { |
| try { |
| hmac = Mac.getInstance(getSignatureAlgorithm()); |
| } catch (NoSuchAlgorithmException nsae) { |
| throw new XMLSignatureException(nsae); |
| } |
| } |
| if (log.isLoggable(Level.FINE)) { |
| log.log(Level.FINE, "outputLength = " + outputLength); |
| } |
| hmac.init((SecretKey) key); |
| si.canonicalize(context, new MacOutputStream(hmac)); |
| byte[] result = hmac.doFinal(); |
| if (log.isLoggable(Level.FINE)) { |
| log.log(Level.FINE, "resultLength = " + result.length); |
| } |
| if (outputLength != -1) { |
| int byteLength = outputLength/8; |
| if (result.length > byteLength) { |
| byte[] truncated = new byte[byteLength]; |
| System.arraycopy(result, 0, truncated, 0, byteLength); |
| result = truncated; |
| } |
| } |
| |
| return MessageDigest.isEqual(sig, result); |
| } |
| |
| byte[] sign(Key key, DOMSignedInfo si, XMLSignContext context) |
| throws InvalidKeyException, XMLSignatureException { |
| if (key == null || si == null) { |
| throw new NullPointerException(); |
| } |
| if (!(key instanceof SecretKey)) { |
| throw new InvalidKeyException("key must be SecretKey"); |
| } |
| if (hmac == null) { |
| try { |
| hmac = Mac.getInstance(getSignatureAlgorithm()); |
| } catch (NoSuchAlgorithmException nsae) { |
| throw new XMLSignatureException(nsae); |
| } |
| } |
| hmac.init((SecretKey) key); |
| si.canonicalize(context, new MacOutputStream(hmac)); |
| byte[] result = hmac.doFinal(); |
| if (outputLength != -1) { |
| int byteLength = outputLength/8; |
| if (result.length > byteLength) { |
| byte[] truncated = new byte[byteLength]; |
| System.arraycopy(result, 0, truncated, 0, byteLength); |
| result = truncated; |
| } |
| } |
| return result; |
| } |
| |
| boolean paramsEqual(AlgorithmParameterSpec spec) { |
| if (getParameterSpec() == spec) { |
| return true; |
| } |
| if (!(spec instanceof HMACParameterSpec)) { |
| return false; |
| } |
| HMACParameterSpec ospec = (HMACParameterSpec) spec; |
| |
| return (outputLength == ospec.getOutputLength()); |
| } |
| |
| static final class SHA1 extends DOMHMACSignatureMethod { |
| SHA1(AlgorithmParameterSpec params) |
| throws InvalidAlgorithmParameterException { |
| super(params); |
| } |
| SHA1(Element dmElem) throws MarshalException { |
| super(dmElem); |
| } |
| public String getAlgorithm() { |
| return SignatureMethod.HMAC_SHA1; |
| } |
| String getSignatureAlgorithm() { |
| return "HmacSHA1"; |
| } |
| } |
| |
| static final class SHA256 extends DOMHMACSignatureMethod { |
| SHA256(AlgorithmParameterSpec params) |
| throws InvalidAlgorithmParameterException { |
| super(params); |
| } |
| SHA256(Element dmElem) throws MarshalException { |
| super(dmElem); |
| } |
| public String getAlgorithm() { |
| return HMAC_SHA256; |
| } |
| String getSignatureAlgorithm() { |
| return "HmacSHA256"; |
| } |
| } |
| |
| static final class SHA384 extends DOMHMACSignatureMethod { |
| SHA384(AlgorithmParameterSpec params) |
| throws InvalidAlgorithmParameterException { |
| super(params); |
| } |
| SHA384(Element dmElem) throws MarshalException { |
| super(dmElem); |
| } |
| public String getAlgorithm() { |
| return HMAC_SHA384; |
| } |
| String getSignatureAlgorithm() { |
| return "HmacSHA384"; |
| } |
| } |
| |
| static final class SHA512 extends DOMHMACSignatureMethod { |
| SHA512(AlgorithmParameterSpec params) |
| throws InvalidAlgorithmParameterException { |
| super(params); |
| } |
| SHA512(Element dmElem) throws MarshalException { |
| super(dmElem); |
| } |
| public String getAlgorithm() { |
| return HMAC_SHA512; |
| } |
| String getSignatureAlgorithm() { |
| return "HmacSHA512"; |
| } |
| } |
| } |