Example usage for java.security Signature getAlgorithm

List of usage examples for java.security Signature getAlgorithm

Introduction

In this page you can find the example usage for java.security Signature getAlgorithm.

Prototype

public final String getAlgorithm() 

Source Link

Document

Returns the name of the algorithm for this signature object.

Usage

From source file:com.alfaariss.oa.util.saml2.crypto.SAML2CryptoUtils.java

/**
 * Retrieve the XML Signature specification URI based on OA Crypto.
 *
 * @param crypto The OA crypto manager.//  w  ww  .  j a va 2  s  .  c  om
 * @return  The SAML2 signature URI
 * @throws OAException If OA signing is disabled or protocol is invalid.
 * @see SignatureConstants
 */
public static String getXMLSignatureURI(CryptoManager crypto) throws OAException {
    String sUri = null;
    Signature signature = crypto.getSignature();
    if (signature == null) {
        _logger.warn("OA Signing is disabled");
        throw new OAException(SystemErrors.ERROR_INTERNAL);
    }

    String algorithm = signature.getAlgorithm();
    if ("SHA1withRSA".equals(algorithm)) {
        sUri = SignatureConstants.ALGO_ID_SIGNATURE_RSA;
    } else if ("SHA1withDSA".equals(algorithm)) {
        sUri = SignatureConstants.ALGO_ID_SIGNATURE_DSA;
    } else if ("SHA256withRSA".equals(algorithm)) {
        sUri = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
    } else if ("SHA384withRSA".equals(algorithm)) {
        sUri = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA384;
    } else if ("SHA512withRSA".equals(algorithm)) {
        sUri = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512;
    } else if ("MD5withRSA".equals(algorithm)) {
        sUri = SignatureConstants.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5;
    } else {
        //DD Only a limited number of signing algorithms are supported in OA SAML2
        _logger.error("Unsupported digital signature algorithm: " + algorithm);
        throw new OAException(SystemErrors.ERROR_INTERNAL);
    }

    return sUri;
}

From source file:de.schlichtherle.xml.GenericCertificate.java

/**
 * Encodes and signs the given <tt>content</tt> in this certificate and
 * locks it./*from   ww  w.ja va  2  s  .  c  om*/
 * <p>
 * Please note the following:
 * <ul>
 * <li>This method will throw a <tt>PropertyVetoException</tt> if this
 *     certificate is already locked, i.e. if it has been signed or
 *     verified before.</li>
 * <li>Because this method locks this certificate, a subsequent call to
 *     {@link #sign(Object, PrivateKey, Signature)} or
 *     {@link #verify(PublicKey, Signature)} is redundant
 *     and will throw a <tt>PropertyVetoException</tt>.
 *     Use {@link #isLocked()} to detect whether a
 *     generic certificate has been successfuly signed or verified before
 *     or call {@link #getContent()} and expect an 
 *     Exception to be thrown if it hasn't.</li>
 * <li>There is no way to unlock this certificate.
 *     Call the copy constructor of {@link GenericCertificate} if you
 *     need an unlocked copy of the certificate.</li>
 * </ul>
 * 
 * @param content The object to sign. This must either be a JavaBean or an
 *        instance of any other class which is supported by
 *        <tt>{@link PersistenceService}</tt>
 *        - maybe <tt>null</tt>.
 * @param signingKey The private key for signing
 *        - may <em>not</em> be <tt>null</tt>.
 * @param signingEngine The signature signing engine
 *        - may <em>not</em> be <tt>null</tt>.
 * 
 * @throws NullPointerException If the preconditions for the parameters
 *         do not hold.
 * @throws GenericCertificateIsLockedException If this certificate is
 *         already locked by signing or verifying it before.
 *         Note that this is actually a subclass of
 *         {@link PropertyVetoException}.
 * @throws PropertyVetoException If locking the certifificate (and thus
 *         signing the object) is vetoed by any listener.
 * @throws PersistenceServiceException If the object cannot be serialised.
 * @throws InvalidKeyException If the verification key is invalid.
 */
public synchronized final void sign(final Object content, final PrivateKey signingKey,
        final Signature signingEngine) throws NullPointerException, GenericCertificateIsLockedException,
        PropertyVetoException, PersistenceServiceException, InvalidKeyException {
    // Check parameters.
    if (signingKey == null)
        throw new NullPointerException("signingKey");
    if (signingEngine == null)
        throw new NullPointerException("signingEngine");

    // Check lock status.
    final PropertyChangeEvent evt = new PropertyChangeEvent(this, "locked", Boolean.valueOf(isLocked()),
            Boolean.TRUE); // NOI18N
    if (isLocked())
        throw new GenericCertificateIsLockedException(evt);

    // Notify vetoable listeners and give them a chance to veto.
    fireVetoableChange(evt);

    try {
        // Encode the object.
        final byte[] beo = PersistenceService.store2ByteArray(content);

        // Sign the byte encoded object.
        signingEngine.initSign(signingKey);
        signingEngine.update(beo);
        final byte[] b64es = Base64.encodeBase64(signingEngine.sign()); // the base64 encoded signature
        final String signature = new String(b64es, 0, b64es.length, BASE64_CHARSET);

        // Store results.
        setEncoded(new String(beo, XML_CHARSET));
        setSignature(signature);
        setSignatureAlgorithm(signingEngine.getAlgorithm());
        setSignatureEncoding(SIGNATURE_ENCODING); // NOI18N
    } catch (UnsupportedEncodingException cannotHappen) {
        throw new AssertionError(cannotHappen);
    } catch (SignatureException cannotHappen) {
        throw new AssertionError(cannotHappen);
    }

    // Lock this certificate and notify property change listeners.
    this.locked = true;
    firePropertyChange(evt);
}

From source file:de.schlichtherle.xml.GenericCertificate.java

/**
 * //from w w  w . j a v  a2s . c o m
 * Verifies the digital signature of the encoded content in this
 * certificate and locks it.
 * <p>
 * Please note the following:
 * <ul>
 * <li>This method will throw a <tt>PropertyVetoException</tt> if this
 *     certificate is already locked, i.e. if it has been signed or
 *     verified before.</li>
 * <li>Because this method locks this certificate, a subsequent call to
 *     {@link #sign(Object, PrivateKey, Signature)} or
 *     {@link #verify(PublicKey, Signature)} is redundant
 *     and will throw a <tt>PropertyVetoException</tt>.
 *     Use {@link #isLocked()} to detect whether a
 *     generic certificate has been successfuly signed or verified before
 *     or call {@link #getContent()} and expect an 
 *     Exception to be thrown if it hasn't.</li>
 * <li>There is no way to unlock this certificate.
 *     Call the copy constructor of {@link GenericCertificate} if you
 *     need an unlocked copy of the certificate.</li>
 * </ul>
 * 
 * @param verificationKey The public key for verification
 *        - may <em>not</em> be <tt>null</tt>.
 * @param verificationEngine The signature verification engine
 *        - may <em>not</em> be <tt>null</tt>.
 * 
 * @throws NullPointerException If the preconditions for the parameters
 *         do not hold.
 * @throws GenericCertificateIsLockedException If this certificate is
 *         already locked by signing or verifying it before.
 *         Note that this is actually a subclass of
 *         {@link PropertyVetoException}.
 * @throws PropertyVetoException If locking the certifificate (and thus
 *         verifying the object) is vetoed by any listener.
 * @throws InvalidKeyException If the verification key is invalid.
 * @throws SignatureException If signature verification failed.
 * @throws GenericCertificateIntegrityException If the integrity of this
 *         certificate has been compromised.
 */
public synchronized final void verify(final PublicKey verificationKey, final Signature verificationEngine)
        throws NullPointerException, GenericCertificateIsLockedException, PropertyVetoException,
        InvalidKeyException, SignatureException, GenericCertificateIntegrityException {
    // Check parameters.
    if (verificationKey == null)
        throw new NullPointerException("verificationKey");
    if (verificationEngine == null)
        throw new NullPointerException("verificationEngine");

    // Check lock status.
    final PropertyChangeEvent evt = new PropertyChangeEvent(this, "locked", Boolean.valueOf(isLocked()),
            Boolean.TRUE); // NOI18N
    if (isLocked())
        throw new GenericCertificateIsLockedException(evt);

    // Notify vetoable listeners and give them a chance to veto.
    fireVetoableChange(evt);

    try {
        // Init the byte encoded object.
        final byte[] beo = getEncoded().getBytes(XML_CHARSET);

        // Verify the byte encoded object.
        verificationEngine.initVerify(verificationKey);
        verificationEngine.update(beo);
        final byte[] b64ds = Base64.decodeBase64(getSignature().getBytes(BASE64_CHARSET));
        if (!verificationEngine.verify(b64ds))
            throw new GenericCertificateIntegrityException();

        // Reset signature parameters.
        setSignatureAlgorithm(verificationEngine.getAlgorithm());
        setSignatureEncoding(SIGNATURE_ENCODING);
    } catch (UnsupportedEncodingException cannotHappen) {
        throw new AssertionError(cannotHappen);
    }

    // Lock this certificate and notify property change listeners.
    this.locked = true;
    firePropertyChange(evt);
}

From source file:zlicense.de.schlichtherle.xml.GenericCertificate.java

public final synchronized void sign(Object paramObject, PrivateKey paramPrivateKey, Signature paramSignature)
        throws NullPointerException, GenericCertificateIsLockedException, PropertyVetoException,
        PersistenceServiceException, InvalidKeyException {
    if (paramPrivateKey == null) {
        throw new NullPointerException("signingKey");
    }//from   w  w w  .ja  v  a  2 s.  c o  m
    if (paramSignature == null) {
        throw new NullPointerException("signingEngine");
    }
    PropertyChangeEvent localPropertyChangeEvent = new PropertyChangeEvent(this, "locked",
            Boolean.valueOf(isLocked()), Boolean.TRUE);
    if (isLocked()) {
        throw new GenericCertificateIsLockedException(localPropertyChangeEvent);
    }
    fireVetoableChange(localPropertyChangeEvent);
    try {
        byte[] arrayOfByte1 = PersistenceService.store2ByteArray(paramObject);
        paramSignature.initSign(paramPrivateKey);
        paramSignature.update(arrayOfByte1);
        byte[] arrayOfByte2 = Base64.encodeBase64(paramSignature.sign());
        String str = new String(arrayOfByte2, 0, arrayOfByte2.length, "US-ASCII");
        setEncoded(new String(arrayOfByte1, "UTF-8"));
        setSignature(str);
        setSignatureAlgorithm(paramSignature.getAlgorithm());
        setSignatureEncoding("US-ASCII/Base64");
    } catch (UnsupportedEncodingException localUnsupportedEncodingException) {
        throw new AssertionError(localUnsupportedEncodingException);
    } catch (SignatureException localSignatureException) {
        throw new AssertionError(localSignatureException);
    }
    this.locked = true;
    firePropertyChange(localPropertyChangeEvent);
}

From source file:zlicense.de.schlichtherle.xml.GenericCertificate.java

public final synchronized void verify(PublicKey paramPublicKey, Signature paramSignature)
        throws NullPointerException, GenericCertificateIsLockedException, PropertyVetoException,
        InvalidKeyException, SignatureException, GenericCertificateIntegrityException {
    if (paramPublicKey == null) {
        throw new NullPointerException("verificationKey");
    }/*from   w ww .  j a va 2  s  .co m*/
    if (paramSignature == null) {
        throw new NullPointerException("verificationEngine");
    }
    PropertyChangeEvent localPropertyChangeEvent = new PropertyChangeEvent(this, "locked",
            Boolean.valueOf(isLocked()), Boolean.TRUE);
    if (isLocked()) {
        throw new GenericCertificateIsLockedException(localPropertyChangeEvent);
    }
    fireVetoableChange(localPropertyChangeEvent);
    try {
        byte[] arrayOfByte1 = getEncoded().getBytes("UTF-8");
        paramSignature.initVerify(paramPublicKey);
        paramSignature.update(arrayOfByte1);
        byte[] arrayOfByte2 = Base64.decodeBase64(getSignature().getBytes("US-ASCII"));
        if (!paramSignature.verify(arrayOfByte2)) {
            throw new GenericCertificateIntegrityException();
        }
        setSignatureAlgorithm(paramSignature.getAlgorithm());
        setSignatureEncoding("US-ASCII/Base64");
    } catch (UnsupportedEncodingException localUnsupportedEncodingException) {
        throw new AssertionError(localUnsupportedEncodingException);
    }
    this.locked = true;
    firePropertyChange(localPropertyChangeEvent);
}