com.ibm.opencard.signature
Class MFCSignatureService
java.lang.Object
|
+--opencard.core.service.CardService
|
+--com.ibm.opencard.service.MFCCardService
|
+--com.ibm.opencard.signature.MFCSignatureService
- Direct Known Subclasses:
- MFCKeyImportService
- public class MFCSignatureService
- extends MFCCardService
- implements SignatureCardService
MFCSignatureService extends the common base class
MFCCardService of all MFC card services and implements the
SignatureCardService interface defined by OCF.
MFCSignatureService serves as the base class of all IBM
MFC-based SignatureCardService implementations.
Instances of MFCSignatureService or one of its
subclasses, which talk to a specific physical smart card, delegate
execution of the functionality defined in SignatureCardService
to a (singleton) driver for that card, which implements interface
MFCSignatureImpl for a specific card.
- Version:
- $Id: MFCSignatureService.java,v 1.1 1999/12/02 16:06:10 damke Exp $
- See Also:
MFCCardService,
SignatureCardService
|
Method Summary |
protected void |
initialize(CardServiceScheduler scheduler,
SmartCard smartcard,
boolean blocking)
Initializes this service.
|
void |
initSignature(MFCSignatureParameter parameter)
Initializes this service from encapsulated parameters.
|
protected void |
satisfyAccessConditions(MFCKeyInfo ki)
satisfy access conditions.
|
byte[] |
signData(PrivateKeyRef privateKey,
java.lang.String signAlgorithm,
byte[] data)
Generate a digital Signature.
|
byte[] |
signData(PrivateKeyRef privateKey,
java.lang.String signAlgorithm,
java.lang.String padAlgorithm,
byte[] data)
Overloaded method to generate a digital Signature
that allows to specify the padding algorithm. |
protected byte[] |
signDataInternal(PrivateKeyRef privateKey,
java.lang.String signAlgorithm,
java.lang.String padAlgorithm,
byte[] data)
calculate hash and generate signatre |
byte[] |
signHash(PrivateKeyRef privateKey,
java.lang.String signAlgorithm,
byte[] hash)
Generate a digital Signature on the provided hash.
|
byte[] |
signHash(PrivateKeyRef privateKey,
java.lang.String signAlgorithm,
java.lang.String padAlgorithm,
byte[] hash)
Overloaded method to generate a digital Signature
that allows to specify the padding algorithm. |
protected byte[] |
signHashInternal(PrivateKeyRef privateKey,
java.lang.String signAlgorithm,
java.lang.String padAlgorithm,
byte[] data)
generate signature on the provided hash |
boolean |
verifySignedData(PublicKeyRef publicKey,
java.lang.String signAlgorithm,
byte[] data,
byte[] signature)
Verify a digital Signature including hashing.
|
boolean |
verifySignedData(PublicKeyRef publicKey,
java.lang.String signAlgorithm,
java.lang.String padAlgorithm,
byte[] data,
byte[] signature)
Verify a digital Signature including hashing
(overload method that allows to specify the padding algorithm to be used).
|
protected boolean |
verifySignedDataInternal(PublicKeyRef publicKey,
java.lang.String signAlgorithm,
java.lang.String padAlgorithm,
byte[] data,
byte[] signature)
calculate hash and verify signature |
boolean |
verifySignedHash(PublicKeyRef publicKey,
java.lang.String signAlgorithm,
byte[] hash,
byte[] signature)
Verify a digital Signature.
|
boolean |
verifySignedHash(PublicKeyRef publicKey,
java.lang.String signAlgorithm,
java.lang.String padAlgorithm,
byte[] hash,
byte[] signature)
Verify a digital Signature
(overloaded method that allows to specify the padding algorithm to be used).
|
protected boolean |
verifySignedHashInternal(PublicKeyRef publicKey,
java.lang.String signAlgorithm,
java.lang.String padAlgorithm,
byte[] hash,
byte[] signature)
verify signature for given hash |
| Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
sigImpl
protected MFCSignatureImpl sigImpl
- Instances of MFCSignatureServices share a single instance
of a card service implementation class implementing MFCSignatureImpl.
kiParser
protected MFCKeyInfoRParser kiParser
MFCSignatureService
public MFCSignatureService()
- Creates a new signature service for MFC smartcards.
The service cannot be used until it has been initialized by invoking
initialize. If this service has to be initialized as part
of a derived service, initSignature has to be invoked instead.
- See Also:
initialize(opencard.core.service.CardServiceScheduler, opencard.core.service.SmartCard, boolean),
initSignature(com.ibm.opencard.signature.MFCSignatureParameter)
initialize
protected void initialize(CardServiceScheduler scheduler,
SmartCard smartcard,
boolean blocking)
throws CardServiceException
- Initializes this service.
This is an entry point for initializing the MFC signature service.
It invokes initSignature to perform the actual initialization.
Derived services must not invoke this method, but have to invoke
initSignature directly.
- Parameters:
scheduler - where to allocate channelssmartcard - which smartcard to contactblocking - whether operation shall be blocking- Throws:
- CardServiceException - initialization failed
- Overrides:
- initialize in class MFCCardService
- See Also:
initSignature(com.ibm.opencard.signature.MFCSignatureParameter),
MFCCardService.initialize(opencard.core.service.CardServiceScheduler, opencard.core.service.SmartCard, boolean)
initSignature
public final void initSignature(MFCSignatureParameter parameter)
throws CardServiceException
- Initializes this service from encapsulated parameters.
This method initializes the local attributes and invokes
initGeneric in the base class.
- Parameters:
parameter - an object encapsulating the parameters to this service- Throws:
- CardServiceException - if the initialization failed.
With the current implementation, this cannot happen.
- See Also:
MFCSignatureParameter,
MFCCardService.initGeneric(com.ibm.opencard.service.MFCCardServiceParameter)
satisfyAccessConditions
protected void satisfyAccessConditions(MFCKeyInfo ki)
throws CardServiceException,
CardTerminalException
- satisfy access conditions.
Access conditions must be satisfied before calculating the hash.
beetween calculating the hash and generating the signature no other
command may be sent to the card.
The trick is to send a generateSignature command to the card using a hash key.
The MFCCardAccessor will retry the command until the access conditions are
satisfied and then a rc 69 85 (the key is a hash key) is expected.
- Throws:
- CardServiceException - any subclass of CardServiceException
- CardTerminalException - any subclass of CardTerminalException
signData
public byte[] signData(PrivateKeyRef privateKey,
java.lang.String signAlgorithm,
byte[] data)
throws CardServiceException,
java.security.InvalidKeyException,
CardTerminalException
- Generate a digital Signature.
First hash the data, then pad the hash and then
apply the PKA algorithm to the padded hash.
The padding algorithm is chosen as defined in the Java Cryptography Architecture Specification.
SHA1withRSA: PKCS#1 padding.
SHA1withDSA: currently JCA does not specify the padding, thus the padding defined in the key is
implicitly being used
The standard algorithm name must be specified as defined in the
Java Cryptography Architecture API Specification & Reference,
for example
- MD5withRSA
- The Signature algorithm obtained by combining the RSA
AsymmetricCipher algorithm with the MD5 MessageDigest Algorithm.
- MD2withRSA
- The Signature algorithm obtained by combining the RSA
AsymmetricCipher algorithm with the MD2 MessageDigest Algorithm.
- SHA1withRSA
- The Signature algorithm obtained by combining the RSA
AsymmetricCipher algorithm with the SHA-1 MessageDigest Algorithm.
- SHA1withDSA
- Digital Signature Algorithm, as defined in Digital Signature Standard,
NIST FIPS 186. This standard defines a digital signature algorithm
that uses the RawDSA asymmetric transformation along with the SHA-1
message digest algorithm.
- Specified by:
- signData in interface SignatureCardService
- Parameters:
privateKey - a reference to the private key on card to be used for signing.
MFC cards only support key references of type PrivateKeyFile.signAlgorithm - standard digital signature algorithm namedata - data to be signed- Returns:
- signature
- Throws:
- java.security.InvalidKeyException - Thrown when the key is not valid or does not match the requested algorithm.
- CardServiceException - any subclass of CardServiceException
- CardTerminalException - any subclass of CardTerminalException
- See Also:
JCAStandardNames
signData
public byte[] signData(PrivateKeyRef privateKey,
java.lang.String signAlgorithm,
java.lang.String padAlgorithm,
byte[] data)
throws CardServiceException,
java.security.InvalidKeyException,
CardTerminalException
- Overloaded method to generate a digital Signature
that allows to specify the padding algorithm.
- Specified by:
- signData in interface SignatureCardService
- Throws:
- java.security.InvalidKeyException - The key type is not supported by the specific card service.
- CardServiceException - any subclass of CardServiceException
- CardTerminalException - any subclass of CardTerminalException
signDataInternal
protected byte[] signDataInternal(PrivateKeyRef privateKey,
java.lang.String signAlgorithm,
java.lang.String padAlgorithm,
byte[] data)
throws CardServiceException,
java.security.InvalidKeyException,
CardTerminalException
- calculate hash and generate signatre
- Parameters:
padAlgorithm - If specified, check whether the card and the key support the pad algorithm.
If not specified, use the key's pad algorithm- Throws:
- java.security.InvalidKeyException - The key type is not supported by the specific card service.
- CardServiceException - any subclass of CardServiceException
- CardTerminalException - any subclass of CardTerminalException
signHash
public byte[] signHash(PrivateKeyRef privateKey,
java.lang.String signAlgorithm,
byte[] hash)
throws CardServiceException,
java.security.InvalidKeyException,
CardTerminalException
- Generate a digital Signature on the provided hash.
Pad the hash and then
apply the PKA algorithm to the padded hash.
The padding algorithm is chosen as defined in the Java Cryptography Architecture Specification.
- Specified by:
- signHash in interface SignatureCardService
- Throws:
- java.security.InvalidKeyException - Thrown when the key is not valid or does not match the requested algorithm.
- CardServiceException - any subclass of CardServiceException
- CardTerminalException - any subclass of CardTerminalException
signHash
public byte[] signHash(PrivateKeyRef privateKey,
java.lang.String signAlgorithm,
java.lang.String padAlgorithm,
byte[] hash)
throws CardServiceException,
java.security.InvalidKeyException,
CardTerminalException
- Overloaded method to generate a digital Signature
that allows to specify the padding algorithm.
- Specified by:
- signHash in interface SignatureCardService
- Throws:
- java.security.InvalidKeyException - The key type is not supported by the specific card service.
- CardServiceException - any subclass of CardServiceException
- CardTerminalException - any subclass of CardTerminalException
signHashInternal
protected byte[] signHashInternal(PrivateKeyRef privateKey,
java.lang.String signAlgorithm,
java.lang.String padAlgorithm,
byte[] data)
throws CardServiceException,
java.security.InvalidKeyException,
CardTerminalException
- generate signature on the provided hash
- Parameters:
padAlgorithm - If specified, check whether the card and the key support the pad algorithm.
If not specified, use the key's pad algorithm- Throws:
- java.security.InvalidKeyException - The key type is not supported by the specific card service.
- CardServiceException - any subclass of CardServiceException
- CardTerminalException - any subclass of CardTerminalException
verifySignedData
public boolean verifySignedData(PublicKeyRef publicKey,
java.lang.String signAlgorithm,
byte[] data,
byte[] signature)
throws CardServiceException,
java.security.InvalidKeyException,
CardTerminalException
- Verify a digital Signature including hashing.
First hash the data, then pad the hash,
apply the PKA algorithm to the padded hash, then compare the result
to the provided signature.
The padding algorithm is chosen as defined in the Java Cryptography Architecture Specification.
The standard algorithm name must be specified as defined in the
Java Cryptography Architecture API Specification & Reference,
for example
- MD5withRSA
- The Signature algorithm obtained by combining the RSA
AsymmetricCipher algorithm with the MD5 MessageDigest Algorithm.
- MD2withRSA
- The Signature algorithm obtained by combining the RSA
AsymmetricCipher algorithm with the MD2 MessageDigest Algorithm.
- SHA1withRSA
- The Signature algorithm obtained by combining the RSA
AsymmetricCipher algorithm with the SHA-1 MessageDigest Algorithm.
- SHA1withDSA
- Digital Signature Algorithm, as defined in Digital Signature Standard,
NIST FIPS 186. This standard defines a digital signature algorithm
that uses the RawDSA asymmetric transformation along with the SHA-1
message digest algorithm.
- Specified by:
- verifySignedData in interface SignatureCardService
- Parameters:
publicKey - a reference to the public key on card to be used for signature validationsignAlgorithm - standard digital signature algorithm namedata - the data for which the signature should be verifiedsignature - signature to be verified- Returns:
- True if signature valdidation was successfull
- Throws:
- java.security.InvalidKeyException - Thrown when the key is not valid or does not match the requested algorithm.
- CardServiceException - any subclass of CardServiceException
- CardTerminalException - any subclass of CardTerminalException
- See Also:
JCAStandardNames
verifySignedData
public boolean verifySignedData(PublicKeyRef publicKey,
java.lang.String signAlgorithm,
java.lang.String padAlgorithm,
byte[] data,
byte[] signature)
throws CardServiceException,
java.security.InvalidKeyException,
CardTerminalException
- Verify a digital Signature including hashing
(overload method that allows to specify the padding algorithm to be used).
First hash the data, then pad the hash,
apply the PKA algorithm to the padded hash, then compare the result
to the provided signature.
The standard algorithm name must be specified as defined in the
Java Cryptography Architecture API Specification & Reference,
for example
- MD5withRSA
- The Signature algorithm obtained by combining the RSA
AsymmetricCipher algorithm with the MD5 MessageDigest Algorithm.
- MD2withRSA
- The Signature algorithm obtained by combining the RSA
AsymmetricCipher algorithm with the MD2 MessageDigest Algorithm.
- SHA1withRSA
- The Signature algorithm obtained by combining the RSA
AsymmetricCipher algorithm with the SHA-1 MessageDigest Algorithm.
- SHA1withDSA
- Digital Signature Algorithm, as defined in Digital Signature Standard,
NIST FIPS 186. This standard defines a digital signature algorithm
that uses the RawDSA asymmetric transformation along with the SHA-1
message digest algorithm.
- Specified by:
- verifySignedData in interface SignatureCardService
- Parameters:
publicKey - a reference to the public key on card to be used for signature validationsignAlgorithm - standard digital signature algorithm namepadAlgorithm - padding algorithm name, for example one of
ISO9796,
PKCS#1,
ZEROPADDINGdata - the data for which the signature should be verifiedsignature - signature to be verified- Returns:
- True if signature valdidation was successfull
- Throws:
- java.security.InvalidKeyException - Thrown when the key is not valid or does not match the requested algorithm.
- CardServiceException - any subclass of CardServiceException
- CardTerminalException - any subclass of CardTerminalException
- See Also:
JCAStandardNames
verifySignedDataInternal
protected boolean verifySignedDataInternal(PublicKeyRef publicKey,
java.lang.String signAlgorithm,
java.lang.String padAlgorithm,
byte[] data,
byte[] signature)
throws CardServiceException,
java.security.InvalidKeyException,
CardTerminalException
- calculate hash and verify signature
- Parameters:
padAlgorithm - If specified, check whether the card and the key support the pad algorithm.
If not specified, use the key's pad algorithm- Throws:
- java.security.InvalidKeyException - The key type is not supported by the specific card service.
- CardServiceException - any subclass of CardServiceException
- CardTerminalException - any subclass of CardTerminalException
verifySignedHash
public boolean verifySignedHash(PublicKeyRef publicKey,
java.lang.String signAlgorithm,
byte[] hash,
byte[] signature)
throws CardServiceException,
java.security.InvalidKeyException,
CardTerminalException
- Verify a digital Signature.
Since hashing of large amounts of data may be slow if performed on card
this method allows to hash outside the card service and just perform
the signature verificationoperation on card.
Pad the provided hash,
apply the PKA algorithm to the padded hash, then compare the result
to the provided signature.
The padding algorithm is chosen as defined in the Java Cryptography Architecture Specification.
Use a key algorithm name (not a digital signature algorithm name, because digital
signature algorithms include hashing)
a defined in the Java Cryptography Architecture API Specification & Reference,
for example
- DSA
- The asymmetric transformation described in NIST FIPS 186, described
as the "DSA Sign Operation" and the "DSA Verify Operation", prior to
creating a digest. The input to DSA is always 20 bytes long.
- RSA
- The Rivest, Shamir and Adleman AsymmetricCipher algorithm. RSA
Encryption as defined in the RSA Laboratory Technical Note PKCS#1.
- Specified by:
- verifySignedHash in interface SignatureCardService
- Parameters:
publicKey - a reference to the public key on card to be used for signature validationsignAlgorithm - standard key algorithm namehash - The hash for which the signature should be verified.signature - signature to be verified- Returns:
- True if signature valdidation was successfull
- Throws:
- java.security.InvalidKeyException - Thrown when the key is not valid or does not match the requested algorithm.
- CardServiceException - any subclass of CardServiceException
- CardTerminalException - any subclass of CardTerminalException
- See Also:
JCAStandardNames
verifySignedHash
public boolean verifySignedHash(PublicKeyRef publicKey,
java.lang.String signAlgorithm,
java.lang.String padAlgorithm,
byte[] hash,
byte[] signature)
throws CardServiceException,
java.security.InvalidKeyException,
CardTerminalException
- Verify a digital Signature
(overloaded method that allows to specify the padding algorithm to be used).
Since hashing of large amounts of data may be slow if performed on card
this method allows to hash outside the card service and just perform
the signature verification operation on card.
Pad the provided hash,
apply the PKA algorithm to the padded hash, then compare the result
to the provided signature.
Use a key algorithm name (not a digital signature algorithm name, because digital
signature algorithms include hashing)
a defined in the Java Cryptography Architecture API Specification & Reference,
for example
- DSA
- The asymmetric transformation described in NIST FIPS 186, described
as the "DSA Sign Operation" and the "DSA Verify Operation", prior to
creating a digest. The input to DSA is always 20 bytes long.
- RSA
- The Rivest, Shamir and Adleman AsymmetricCipher algorithm. RSA
Encryption as defined in the RSA Laboratory Technical Note PKCS#1.
- Specified by:
- verifySignedHash in interface SignatureCardService
- Parameters:
publicKey - a reference to the public key on card to be used for signature validationsignAlgorithm - standard key algorithm namepadAlgorithm - padding algorithm name, for example one of
ISO9796,
PKCS#1,
ZEROPADDINGhash - The hash for which the signature should be verified.signature - signature to be verified- Returns:
- True if signature valdidation was successfull
- Throws:
- java.security.InvalidKeyException - Thrown when the key is not valid or does not match the requested algorithm.
- CardServiceException - any subclass of CardServiceException
- CardTerminalException - any subclass of CardTerminalException
- See Also:
JCAStandardNames
verifySignedHashInternal
protected boolean verifySignedHashInternal(PublicKeyRef publicKey,
java.lang.String signAlgorithm,
java.lang.String padAlgorithm,
byte[] hash,
byte[] signature)
throws CardServiceException,
java.security.InvalidKeyException,
CardTerminalException
- verify signature for given hash
- Parameters:
padAlgorithm - If specified, check whether the card and the key support the pad algorithm.
If not specified, use the key's pad algorithm- Throws:
- java.security.InvalidKeyException - The key type is not supported by the specific card service.
- CardServiceException - any subclass of CardServiceException
- CardTerminalException - any subclass of CardTerminalException
|
