org.jmrtd.lds
Class SODFile

java.lang.Object
  org.jmrtd.lds.PassportFile
      org.jmrtd.lds.SODFile

public class SODFile
extends PassportFile

File structure for the EF_SOD file. This file contains the security object.

Version:

$Revision: 1293 $

Author:

Wojciech Mostowski (woj@cs.ru.nl), Martijn Oostdijk (martijn.oostdijk@gmail.com)

Field Summary

Fields inherited from class org.jmrtd.lds.PassportFile

EF_COM_TAG, EF_DG1_TAG, EF_DG10_TAG, EF_DG11_TAG, EF_DG12_TAG, EF_DG13_TAG, EF_DG14_TAG, EF_DG15_TAG, EF_DG16_TAG, EF_DG2_TAG, EF_DG3_TAG, EF_DG4_TAG, EF_DG5_TAG, EF_DG6_TAG, EF_DG7_TAG, EF_DG8_TAG, EF_DG9_TAG, EF_SOD_TAG

Constructor Summary

SODFile(InputStream in)
Constructs a Security Object data structure.

SODFile(String digestAlgorithm, String digestEncryptionAlgorithm, Map<Integer,byte[]> dataGroupHashes, byte[] encryptedDigest, X509Certificate docSigningCertificate)
Constructs a Security Object data structure.

SODFile(String digestAlgorithm, String digestEncryptionAlgorithm, Map<Integer,byte[]> dataGroupHashes, PrivateKey privateKey, X509Certificate docSigningCertificate)
Constructs a Security Object data structure.

SODFile(String digestAlgorithm, String digestEncryptionAlgorithm, Map<Integer,byte[]> dataGroupHashes, PrivateKey privateKey, X509Certificate docSigningCertificate, String provider)
Constructs a Security Object data structure using a specified signature provider.

SODFile(String digestAlgorithm, String digestEncryptionAlgorithm, Map<Integer,byte[]> dataGroupHashes, PrivateKey privateKey, X509Certificate docSigningCertificate, String provider, String ldsVersion, String unicodeVersion)
Constructs a Security Object data structure using a specified signature provider.

Method Summary

boolean	checkDocSignature(Certificate docSigningCert) Verifies the signature over the contents of the security object.
boolean	equals(Object obj)
Map<Integer,byte[]>	getDataGroupHashes() Gets the stored data group hashes.
String	getDigestAlgorithm() Gets the name of the algorithm used in the data group hashes.
String	getDigestEncryptionAlgorithm() Gets the name of the algorithm used in the signature.
X509Certificate	getDocSigningCertificate() Gets the document signing certificate.
byte[]	getEncoded() Gets the contents of this file as byte array, includes the ICAO tag and length.
byte[]	getEncryptedDigest() Gets the signature (the encrypted digest) over the hashes.
X500Principal	getIssuerX500Principal()
String	getLdsVersion() Gets the version of the LDS if stored in the Security Object (SOd).
BigInteger	getSerialNumber()
int	getTag() The tag of this file.
String	getUnicodeVersion() Gets the version of unicode if stored in the Security Object (SOd).
int	hashCode()
String	toString() Gets a textual representation of this file.

Methods inherited from class org.jmrtd.lds.PassportFile

createPassportFile, lookupDataGroupNumberByTag, lookupFIDByDataGroupNumber, lookupFIDByTag, lookupTagByDataGroupNumber, lookupTagByFID, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

SODFile

public SODFile(String digestAlgorithm,
               String digestEncryptionAlgorithm,
               Map<Integer,byte[]> dataGroupHashes,
               byte[] encryptedDigest,
               X509Certificate docSigningCertificate)
        throws NoSuchAlgorithmException,
               CertificateException

Constructs a Security Object data structure.

Parameters:

digestAlgorithm - a digest algorithm, such as "SHA1" or "SHA256"

digestEncryptionAlgorithm - a digest encryption algorithm, such as "SHA256withRSA"

dataGroupHashes - maps datagroupnumbers (1 to 16) to hashes of the data groups

encryptedDigest - ???

docSigningCertificate - the document signing certificate

Throws:

NoSuchAlgorithmException - if either of the algorithm parameters is not recognized

CertificateException - if the document signing certificate cannot be used

SODFile

public SODFile(String digestAlgorithm,
               String digestEncryptionAlgorithm,
               Map<Integer,byte[]> dataGroupHashes,
               PrivateKey privateKey,
               X509Certificate docSigningCertificate,
               String provider)
        throws NoSuchAlgorithmException,
               CertificateException

Constructs a Security Object data structure using a specified signature provider.

Parameters:

digestAlgorithm - a digest algorithm, such as "SHA1" or "SHA256"

digestEncryptionAlgorithm - a digest encryption algorithm, such as "SHA256withRSA"

dataGroupHashes - maps datagroup numbers (1 to 16) to hashes of the data groups

privateKey - private key to sign the data

docSigningCertificate - the document signing certificate

provider - specific signature provider that should be used to create the signature

Throws:

NoSuchAlgorithmException - if either of the algorithm parameters is not recognized

CertificateException - if the document signing certificate cannot be used

SODFile

public SODFile(String digestAlgorithm,
               String digestEncryptionAlgorithm,
               Map<Integer,byte[]> dataGroupHashes,
               PrivateKey privateKey,
               X509Certificate docSigningCertificate,
               String provider,
               String ldsVersion,
               String unicodeVersion)
        throws NoSuchAlgorithmException,
               CertificateException

Constructs a Security Object data structure using a specified signature provider.

Parameters:

digestAlgorithm - a digest algorithm, such as "SHA1" or "SHA256"

digestEncryptionAlgorithm - a digest encryption algorithm, such as "SHA256withRSA"

dataGroupHashes - maps datagroup numbers (1 to 16) to hashes of the data groups

privateKey - private key to sign the data

docSigningCertificate - the document signing certificate

provider - specific signature provider that should be used to create the signature

Throws:

NoSuchAlgorithmException - if either of the algorithm parameters is not recognized

CertificateException - if the document signing certificate cannot be used

SODFile

public SODFile(String digestAlgorithm,
               String digestEncryptionAlgorithm,
               Map<Integer,byte[]> dataGroupHashes,
               PrivateKey privateKey,
               X509Certificate docSigningCertificate)
        throws NoSuchAlgorithmException,
               CertificateException

Constructs a Security Object data structure.

Parameters:

digestAlgorithm - a digest algorithm, such as "SHA1" or "SHA256"

digestEncryptionAlgorithm - a digest encryption algorithm, such as "SHA256withRSA"

dataGroupHashes - maps datagroup numbers (1 to 16) to hashes of the data groups

privateKey - private key to sign the data

docSigningCertificate - the document signing certificate

Throws:

NoSuchAlgorithmException - if either of the algorithm parameters is not recognized

CertificateException - if the document signing certificate cannot be used

SODFile

public SODFile(InputStream in)
        throws IOException

Constructs a Security Object data structure.

Parameters:

in - some inputstream

Throws:

IOException - if something goes wrong

Method Detail

getTag

public int getTag()

The tag of this file.

Returns:

the tag

getEncoded

public byte[] getEncoded()

Description copied from class: PassportFile

Gets the contents of this file as byte array, includes the ICAO tag and length.

Specified by:

getEncoded in class PassportFile

Returns:

a byte array containing the file

getDataGroupHashes

public Map<Integer,byte[]> getDataGroupHashes()

Gets the stored data group hashes.

Returns:

data group hashes indexed by data group numbers (1 to 16)

getEncryptedDigest

public byte[] getEncryptedDigest()

Gets the signature (the encrypted digest) over the hashes.

Returns:

the encrypted digest

getDigestAlgorithm

public String getDigestAlgorithm()

Gets the name of the algorithm used in the data group hashes.

Returns:

an algorithm string such as "SHA1" or "SHA256"

getDigestEncryptionAlgorithm

public String getDigestEncryptionAlgorithm()

Gets the name of the algorithm used in the signature.

Returns:

an algorithm string such as "SHA256withRSA"

getLdsVersion

public String getLdsVersion()

Gets the version of the LDS if stored in the Security Object (SOd).

Returns:

the version of the LDS in "aabb" format or null if LDS < V1.8

Since:

LDS V1.8

getUnicodeVersion

public String getUnicodeVersion()

Gets the version of unicode if stored in the Security Object (SOd).

Returns:

the unicode version in "aabbcc" format or null if LDS < V1.8

Since:

LDS V1.8

getDocSigningCertificate

public X509Certificate getDocSigningCertificate()
                                         throws IOException,
                                                CertificateException

Gets the document signing certificate. Use this certificate to verify that eSignature is a valid signature for eContent. This certificate itself is signed using the country signing certificate.

Returns:

the document signing certificate

Throws:

IOException

CertificateException

checkDocSignature

public boolean checkDocSignature(Certificate docSigningCert)
                          throws GeneralSecurityException

Verifies the signature over the contents of the security object. Clients can also use the accessors of this class and check the validity of the signature for themselves. See RFC 3369, Cryptographic Message Syntax, August 2002, Section 5.4 for details.

Parameters:

docSigningCert - the certificate to use (should be X509 certificate)

Returns:

status of the verification

Throws:

GeneralSecurityException - if something goes wrong

getIssuerX500Principal

public X500Principal getIssuerX500Principal()

getSerialNumber

public BigInteger getSerialNumber()

toString

public String toString()

Gets a textual representation of this file.

Overrides:

toString in class Object

Returns:

a textual representation of this file

equals

public boolean equals(Object obj)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object