de.cardcontact.opencard.service.signature
Class ISSSSignatureService

java.lang.Object
  extended by opencard.core.service.CardService
      extended by de.cardcontact.opencard.service.signature.ISSSSignatureService
All Implemented Interfaces:
SecureService, CardServiceInterface, SignatureCardService

public class ISSSSignatureService
extends CardService
implements SignatureCardService

Version:
$Id: ISSSSignatureService.java,v 1.1 2005/09/19 19:22:30 asc Exp $
Author:
Andreas Schwier (info@cardcontact.de)

Constructor Summary
ISSSSignatureService()
          Instantiate ISSSSignatureService Initialization is done in #ISSSSignatureService.initialize
 
Method Summary
protected  void cardHash(CardChannel channel, byte[] data)
          Performed chained hash in card The data is split into chunks of 64 bytes.
protected  void cardSelectAlgorithm(CardChannel channel, java.lang.String signAlgorithm)
           
protected  void cardSelectKey(CardChannel channel, PrivateKeyRef privateKey)
           
protected  byte[] cardSign(CardChannel channel, byte[] hash)
          Sign data either provided or already hashed in the card
protected  byte[] cardSignDummy(CardChannel channel, byte[] hash)
          Sign data either provided or already hashed in the card (Dummy)
protected  void initialize(CardServiceScheduler scheduler, SmartCard smartcard, boolean blocking)
          Check that the IsoCardState object exists in the card channel Overwrites #opencard.core.service.CardService#initialize
 void provideCredentials(SecurityDomain domain, CredentialBag creds)
          Provides credentials to a card service.
 byte[] signData(PrivateKeyRef privateKey, java.lang.String signAlgorithm, byte[] data)
          Implement signData
 byte[] signData(PrivateKeyRef privateKey, java.lang.String signAlgorithm, java.lang.String padAlgorithm, byte[] data)
          Implement signData
 byte[] signHash(PrivateKeyRef privateKey, java.lang.String signAgorithm, byte[] hash)
          Generate a digital Signature on the provided hash.
 byte[] signHash(PrivateKeyRef privateKey, java.lang.String signAgorithm, java.lang.String padAlgorithm, byte[] hash)
          Generate a digital Signature on the provided hash (Overloaded method that allows to specify the padding algorithm).
 boolean verifySignedData(PublicKeyRef publicKey, java.lang.String signAlgorithm, byte[] data, byte[] signature)
          Verify a digital Signature including hashing.
 boolean verifySignedData(PublicKeyRef publicKey, java.lang.String signAlgorithm, java.lang.String padAlgorithm, byte[] data, byte[] signature)
          Verify a digital Signature including hashing (overload method that allows to specify the padding algorithm to be used).
 boolean verifySignedHash(PublicKeyRef publicKey, java.lang.String signAlgorithm, byte[] hash, byte[] signature)
          Verify a digital Signature.
 boolean verifySignedHash(PublicKeyRef publicKey, java.lang.String signAlgorithm, java.lang.String padAlgorithm, byte[] hash, byte[] signature)
          Verify a digital Signature (overloaded method that allows to specify the padding algorithm to be used).
 
Methods inherited from class opencard.core.service.CardService
allocateCardChannel, getCard, getCardChannel, getCHVDialog, releaseCardChannel, setCardChannel, setCHVDialog
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface opencard.opt.service.CardServiceInterface
getCard, setCHVDialog
 

Constructor Detail

ISSSSignatureService

public ISSSSignatureService()
Instantiate ISSSSignatureService Initialization is done in #ISSSSignatureService.initialize

Method Detail

initialize

protected void initialize(CardServiceScheduler scheduler,
                          SmartCard smartcard,
                          boolean blocking)
                   throws CardServiceException
Check that the IsoCardState object exists in the card channel Overwrites #opencard.core.service.CardService#initialize

Overrides:
initialize in class CardService
Parameters:
scheduler - where this service is going to allocate channels
smartcard - which smartcard has to be supported by this service
blocking - whether channel allocation is going to be blocking
Throws:
CardServiceException - if the service could not be initialized. The object created via the default constructor may not be used if this happens.
See Also:
CardServiceFactory

signData

public byte[] signData(PrivateKeyRef privateKey,
                       java.lang.String signAlgorithm,
                       byte[] data)
                throws CardServiceException,
                       java.security.InvalidKeyException,
                       CardTerminalException
Implement signData

Specified by:
signData in interface SignatureCardService
Parameters:
privateKey - a reference to the private key on card to be used for signing
signAlgorithm - standard digital signature algorithm name
data - data to be signed
Returns:
signature
Throws:
CardServiceException - any subclass of CardServiceException
java.security.InvalidKeyException - Thrown when the key is not valid or does not match the requested algorithm.
CardTerminalException - any subclass of CardTerminalException
See Also:
SignatureCardService.signData(opencard.opt.security.PrivateKeyRef, java.lang.String, byte[])

signData

public byte[] signData(PrivateKeyRef privateKey,
                       java.lang.String signAlgorithm,
                       java.lang.String padAlgorithm,
                       byte[] data)
                throws CardServiceException,
                       java.security.InvalidKeyException,
                       CardTerminalException
Implement signData

Specified by:
signData in interface SignatureCardService
Parameters:
privateKey - a reference to the private key on card to be used for signing
signAlgorithm - standard digital signature algorithm name
padAlgorithm - padding algorithm name, for example one of ISO9796, PKCS#1, ZEROPADDING
data - data to be signed
Returns:
signature
Throws:
CardServiceException - any subclass of CardServiceException
java.security.InvalidKeyException - Thrown when the key is not valid or does not match the requested algorithm.
CardTerminalException - any subclass of CardTerminalException
See Also:
SignatureCardService.signData(opencard.opt.security.PrivateKeyRef, java.lang.String, java.lang.String, byte[])

signHash

public byte[] signHash(PrivateKeyRef privateKey,
                       java.lang.String signAgorithm,
                       byte[] hash)
                throws CardServiceException,
                       java.security.InvalidKeyException,
                       CardTerminalException
Description copied from interface: SignatureCardService
Generate a digital Signature on the provided hash. Since hashing of large amounts of data may be slow if performed on card this method allows to hash outside the card service and just perform the signature operation on card. Pad the hash and then apply the PKA algorithm to the padded hash.

The padding algorithm is chosen as defined in the Java Cryptography Architecture Specification.

Use a key algorithm name (not a digital signature algorithm name, because digital signature algorithms include hashing) a defined in the Java Cryptography Architecture API Specification & Reference, for example

DSA
The asymmetric transformation described in NIST FIPS 186, described as the "DSA Sign Operation" and the "DSA Verify Operation", prior to creating a digest. The input to DSA is always 20 bytes long.
RSA
The Rivest, Shamir and Adleman AsymmetricCipher algorithm. RSA Encryption as defined in the RSA Laboratory Technical Note PKCS#1.

Specified by:
signHash in interface SignatureCardService
Parameters:
privateKey - a reference to the private key on card to be used for signing
signAgorithm - standard key algorithm name
hash - the hash/digest to be signed
Returns:
signature
Throws:
CardServiceException - any subclass of CardServiceException
java.security.InvalidKeyException - Thrown when the key is not valid or does not match the requested algorithm.
CardTerminalException - any subclass of CardTerminalException
See Also:
JCAStandardNames

signHash

public byte[] signHash(PrivateKeyRef privateKey,
                       java.lang.String signAgorithm,
                       java.lang.String padAlgorithm,
                       byte[] hash)
                throws CardServiceException,
                       java.security.InvalidKeyException,
                       CardTerminalException
Description copied from interface: SignatureCardService
Generate a digital Signature on the provided hash (Overloaded method that allows to specify the padding algorithm). Since hashing of large amounts of data may be slow if performed on card this method allows to hash outside the card service and just perform the signature operation on card. Pad the hash and then apply the PKA algorithm to the padded hash.

Use a key algorithm name (not a digital signature algorithm name, because digital signature algorithms include hashing) a defined in the Java Cryptography Architecture API Specification & Reference, for example

DSA
The asymmetric transformation described in NIST FIPS 186, described as the "DSA Sign Operation" and the "DSA Verify Operation", prior to creating a digest. The input to DSA is always 20 bytes long.
RSA
The Rivest, Shamir and Adleman AsymmetricCipher algorithm. RSA Encryption as defined in the RSA Laboratory Technical Note PKCS#1.

Specified by:
signHash in interface SignatureCardService
Parameters:
privateKey - a reference to the private key on card to be used for signing
signAgorithm - standard key algorithm name
padAlgorithm - padding algorithm name, for example one of ISO9796, PKCS#1, ZEROPADDING
hash - the hash/digest to be signed
Returns:
signature
Throws:
CardServiceException - any subclass of CardServiceException
java.security.InvalidKeyException - Thrown when the key is not valid or does not match the requested algorithm.
CardTerminalException - any subclass of CardTerminalException
See Also:
JCAStandardNames

verifySignedData

public boolean verifySignedData(PublicKeyRef publicKey,
                                java.lang.String signAlgorithm,
                                byte[] data,
                                byte[] signature)
                         throws CardServiceException,
                                java.security.InvalidKeyException,
                                CardTerminalException
Description copied from interface: SignatureCardService
Verify a digital Signature including hashing. First hash the data, then pad the hash, apply the PKA algorithm to the padded hash, then compare the result to the provided signature.

The padding algorithm is chosen as defined in the Java Cryptography Architecture Specification.

The standard algorithm name must be specified as defined in the Java Cryptography Architecture API Specification & Reference, for example

MD5withRSA
The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the MD5 MessageDigest Algorithm.
MD2withRSA
The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the MD2 MessageDigest Algorithm.
SHA1withRSA
The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the SHA-1 MessageDigest Algorithm.
SHA1withDSA
Digital Signature Algorithm, as defined in Digital Signature Standard, NIST FIPS 186. This standard defines a digital signature algorithm that uses the RawDSA asymmetric transformation along with the SHA-1 message digest algorithm.

Specified by:
verifySignedData in interface SignatureCardService
Parameters:
publicKey - a reference to the public key on card to be used for signature validation
signAlgorithm - standard digital signature algorithm name
data - the data for which the signature should be verified
signature - signature to be verified
Returns:
True if signature valdidation was successfull
Throws:
CardServiceException - any subclass of CardServiceException
java.security.InvalidKeyException - Thrown when the key is not valid or does not match the requested algorithm.
CardTerminalException - any subclass of CardTerminalException
See Also:
JCAStandardNames

verifySignedData

public boolean verifySignedData(PublicKeyRef publicKey,
                                java.lang.String signAlgorithm,
                                java.lang.String padAlgorithm,
                                byte[] data,
                                byte[] signature)
                         throws CardServiceException,
                                java.security.InvalidKeyException,
                                CardTerminalException
Description copied from interface: SignatureCardService
Verify a digital Signature including hashing (overload method that allows to specify the padding algorithm to be used). First hash the data, then pad the hash, apply the PKA algorithm to the padded hash, then compare the result to the provided signature.

The standard algorithm name must be specified as defined in the Java Cryptography Architecture API Specification & Reference, for example

MD5withRSA
The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the MD5 MessageDigest Algorithm.
MD2withRSA
The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the MD2 MessageDigest Algorithm.
SHA1withRSA
The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the SHA-1 MessageDigest Algorithm.
SHA1withDSA
Digital Signature Algorithm, as defined in Digital Signature Standard, NIST FIPS 186. This standard defines a digital signature algorithm that uses the RawDSA asymmetric transformation along with the SHA-1 message digest algorithm.

Specified by:
verifySignedData in interface SignatureCardService
Parameters:
publicKey - a reference to the public key on card to be used for signature validation
signAlgorithm - standard digital signature algorithm name
padAlgorithm - padding algorithm name, for example one of ISO9796, PKCS#1, ZEROPADDING
data - the data for which the signature should be verified
signature - signature to be verified
Returns:
True if signature valdidation was successfull
Throws:
CardServiceException - any subclass of CardServiceException
java.security.InvalidKeyException - Thrown when the key is not valid or does not match the requested algorithm.
CardTerminalException - any subclass of CardTerminalException
See Also:
JCAStandardNames

verifySignedHash

public boolean verifySignedHash(PublicKeyRef publicKey,
                                java.lang.String signAlgorithm,
                                byte[] hash,
                                byte[] signature)
                         throws CardServiceException,
                                java.security.InvalidKeyException,
                                CardTerminalException
Description copied from interface: SignatureCardService
Verify a digital Signature. Since hashing of large amounts of data may be slow if performed on card this method allows to hash outside the card service and just perform the signature verificationoperation on card. Pad the provided hash, apply the PKA algorithm to the padded hash, then compare the result to the provided signature.

The padding algorithm is chosen as defined in the Java Cryptography Architecture Specification.

Use a key algorithm name (not a digital signature algorithm name, because digital signature algorithms include hashing) a defined in the Java Cryptography Architecture API Specification & Reference, for example

DSA
The asymmetric transformation described in NIST FIPS 186, described as the "DSA Sign Operation" and the "DSA Verify Operation", prior to creating a digest. The input to DSA is always 20 bytes long.
RSA
The Rivest, Shamir and Adleman AsymmetricCipher algorithm. RSA Encryption as defined in the RSA Laboratory Technical Note PKCS#1.

Specified by:
verifySignedHash in interface SignatureCardService
Parameters:
publicKey - a reference to the public key on card to be used for signature validation
signAlgorithm - standard key algorithm name
hash - The hash for which the signature should be verified.
signature - signature to be verified
Returns:
True if signature valdidation was successfull
Throws:
CardServiceException - any subclass of CardServiceException
java.security.InvalidKeyException - Thrown when the key is not valid or does not match the requested algorithm.
CardTerminalException - any subclass of CardTerminalException
See Also:
JCAStandardNames

verifySignedHash

public boolean verifySignedHash(PublicKeyRef publicKey,
                                java.lang.String signAlgorithm,
                                java.lang.String padAlgorithm,
                                byte[] hash,
                                byte[] signature)
                         throws CardServiceException,
                                java.security.InvalidKeyException,
                                CardTerminalException
Description copied from interface: SignatureCardService
Verify a digital Signature (overloaded method that allows to specify the padding algorithm to be used). Since hashing of large amounts of data may be slow if performed on card this method allows to hash outside the card service and just perform the signature verification operation on card. Pad the provided hash, apply the PKA algorithm to the padded hash, then compare the result to the provided signature.

Use a key algorithm name (not a digital signature algorithm name, because digital signature algorithms include hashing) a defined in the Java Cryptography Architecture API Specification & Reference, for example

DSA
The asymmetric transformation described in NIST FIPS 186, described as the "DSA Sign Operation" and the "DSA Verify Operation", prior to creating a digest. The input to DSA is always 20 bytes long.
RSA
The Rivest, Shamir and Adleman AsymmetricCipher algorithm. RSA Encryption as defined in the RSA Laboratory Technical Note PKCS#1.

Specified by:
verifySignedHash in interface SignatureCardService
Parameters:
publicKey - a reference to the public key on card to be used for signature validation
signAlgorithm - standard key algorithm name
padAlgorithm - padding algorithm name, for example one of ISO9796, PKCS#1, ZEROPADDING
hash - The hash for which the signature should be verified.
signature - signature to be verified
Returns:
True if signature valdidation was successfull
Throws:
CardServiceException - any subclass of CardServiceException
java.security.InvalidKeyException - Thrown when the key is not valid or does not match the requested algorithm.
CardTerminalException - any subclass of CardTerminalException
See Also:
JCAStandardNames

provideCredentials

public void provideCredentials(SecurityDomain domain,
                               CredentialBag creds)
                        throws CardServiceException
Description copied from interface: SecureService
Provides credentials to a card service. The security domain should be specified as the path to the directory in which the application's card resident parts are located. The bag of credentials should hold a credential store suitable for the respective card and card service implementation. Only credentials in that store will (and can) be used by the service.

Specified by:
provideCredentials in interface SecureService
Parameters:
domain - the security domain for which to provide credentials
creds - the credentials for that domain
Throws:
CardServiceException - If the card service could not process the credentials, if the SecurityDomain is invalid.
See Also:
CardService

cardSelectKey

protected void cardSelectKey(CardChannel channel,
                             PrivateKeyRef privateKey)
                      throws CardTerminalException,
                             CardServiceOperationFailedException
Throws:
CardTerminalException
CardServiceOperationFailedException

cardSelectAlgorithm

protected void cardSelectAlgorithm(CardChannel channel,
                                   java.lang.String signAlgorithm)
                            throws CardTerminalException,
                                   CardServiceOperationFailedException,
                                   java.security.InvalidKeyException
Throws:
CardTerminalException
CardServiceOperationFailedException
java.security.InvalidKeyException

cardHash

protected void cardHash(CardChannel channel,
                        byte[] data)
                 throws CardTerminalException,
                        CardServiceOperationFailedException
Performed chained hash in card The data is split into chunks of 64 bytes. The final hash is stored in the card for a subsequent sign operation

Parameters:
channel - Open channel for card communication
data - Data to be hashed
Throws:
CardTerminalException
CardServiceOperationFailedException

cardSign

protected byte[] cardSign(CardChannel channel,
                          byte[] hash)
                   throws CardTerminalException,
                          CardServiceOperationFailedException
Sign data either provided or already hashed in the card

Parameters:
channel - Open card channel
hash - Hash value or null if hashed in the card
Returns:
Signature
Throws:
CardTerminalException
CardServiceOperationFailedException

cardSignDummy

protected byte[] cardSignDummy(CardChannel channel,
                               byte[] hash)
                        throws CardTerminalException,
                               CardServiceOperationFailedException
Sign data either provided or already hashed in the card (Dummy)

Parameters:
channel - Open card channel
hash - Hash value or null if hashed in the card
Returns:
Signature
Throws:
CardTerminalException
CardServiceOperationFailedException