iaik.ixsil.algorithms

Class SignatureAlgorithmImplHMAC

java.lang.Object

iaik.ixsil.algorithms.Algorithm

iaik.ixsil.algorithms.SignatureAlgorithm

iaik.ixsil.algorithms.SignatureAlgorithmImplHMAC

public class SignatureAlgorithmImplHMAC
extends SignatureAlgorithm

Provides an signature algorithm implementation of the HMAC signature algorithm, as it has been specified in XML Signature, Signature Algorithms. The Java Cryptography Architecture API is used for implementing the cryptographic computations.

Field Summary

Fields

Modifier and Type	Field and Description
protected java.lang.String	DEFAULT_ALGORITHM_URI_ The default algorithm URI for this algorithm implementation.
protected java.lang.String	HMAC_JCA_ALGID_ The identifier used for the HMAC with SHA-1 algorithm within the Java Cryptography Architecture.
protected int	maxLength_ The maximum length for the signature output.
protected int	outputLength_ The length for the signature output.
protected java.security.Key	secretKey_ The secret key used to compute the MAC.

Fields inherited from class iaik.ixsil.algorithms.SignatureAlgorithm

input_, jCEProviderName_, privateKey_

Fields inherited from class iaik.ixsil.algorithms.Algorithm

uri_

Constructor Summary

Constructors

Constructor and Description
SignatureAlgorithmImplHMAC() Standard constructor.
SignatureAlgorithmImplHMAC(java.lang.String URI, java.lang.String HmacAlg) Constructor that allows specific HMAC algorithms to be defined.

Method Summary

Methods

Modifier and Type	Method and Description
int	getOutputLength() Gets the length of the signature output.
void	setOutputLength(int outputLength) Sets the length of the signature output.
void	setParameters(org.w3c.dom.Element algorithmElement) This algorithm takes the output length in bits as an optional parameter.
void	setSignerKey(java.security.Key signerKey) Sets the private key, which is used to compute the signature for the algorithm's input.
void	setSignerKey(java.security.PrivateKey signerKey) Sets the private key to be used by the signature algorithm.
void	setVerifierKey(java.security.Key verifierKey) Sets the public key, which is used to verify the signature for the algorithm's input.
java.io.InputStream	sign() Computes the signature value for the input previously provided by means of method SignatureAlgorithm.setInput(java.io.InputStream).
org.w3c.dom.Element	toElement(org.w3c.dom.Document signatureDOMDoc) Returns the DOM element representation of the algorithm.
boolean	verifierKeyUnknown() Gets the information, if this signature algorithm knows about the verification key.
boolean	verify(java.io.InputStream signature) Verifies the specified signature for the input data previously set with method SignatureAlgorithm.setInput(java.io.InputStream).

Methods inherited from class iaik.ixsil.algorithms.SignatureAlgorithm

setInput, setJCEProviderName

Methods inherited from class iaik.ixsil.algorithms.Algorithm

getURI, setURI

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_ALGORITHM_URI_

protected java.lang.String DEFAULT_ALGORITHM_URI_

The default algorithm URI for this algorithm implementation.

HMAC_JCA_ALGID_

protected java.lang.String HMAC_JCA_ALGID_

The identifier used for the HMAC with SHA-1 algorithm within the Java Cryptography Architecture.

secretKey_

protected java.security.Key secretKey_

The secret key used to compute the MAC.

outputLength_

protected int outputLength_

The length for the signature output.

maxLength_

protected int maxLength_

The maximum length for the signature output.

Constructor Detail

SignatureAlgorithmImplHMAC

public SignatureAlgorithmImplHMAC()

Standard constructor. Sets the default value for the algorithm URI to http://www.w3.org/2000/09/xmldsig#hmac-sha1. Sets the default output length to 160 bits.

SignatureAlgorithmImplHMAC

public SignatureAlgorithmImplHMAC(java.lang.String URI,
                          java.lang.String HmacAlg)

Constructor that allows specific HMAC algorithms to be defined. The specified URI must be the appropriate type of URI for the HMAC Algorithm defined. For example,

For example, the default constructor uses HMAC-SHA1

 
 URI:        http://www.w3.org/2000/09/xmldsig#hmac-sha1
 JCE AlgID:  HMAC/SHA
 

Note: This constructor does not take any parameters, so only HMAC based algorithms that do not require parameters may be used

Parameters:

URI - The URI to use for the specified signature algorithm

HmacAlg - The HMAC JCA/JCE algorithm String which identifies the algorithm to use

Method Detail

setParameters

public void setParameters(org.w3c.dom.Element algorithmElement)
                   throws AlgorithmException

This algorithm takes the output length in bits as an optional parameter. The length must be a mulitple of 8, since the output is returned as a byte array and otherwise there would be no way to detect the actual length of the output. The maximum length will be 160 bits, since this is the output length of the utilized SHA-1 message digest algorithm. If there is no such parameter provided, the output length will be set to 160 bits.

Overrides:

setParameters in class Algorithm

Parameters:

algorithmElement - The DOM element representation of the algorithm, as it will be found by IXSIL in the XML signature. Must not be null.

Throws:

AlgorithmException - if an invalid output length parameter has been specified, or if reading the parameter Element fails for any other reason.

setOutputLength

public void setOutputLength(int outputLength)
                     throws AlgorithmException

Sets the length of the signature output.

Parameters:

outputLength - The signature output length in bits. Must be a multiple of 8 and must meet the boundaries [8, 160].

Throws:

AlgorithmException - if outputLength does not meet the conditions specified above.

getOutputLength

public int getOutputLength()

Gets the length of the signature output.

Returns:

the signature output length in bits.

toElement

public org.w3c.dom.Element toElement(org.w3c.dom.Document signatureDOMDoc)
                              throws AlgorithmException

Returns the DOM element representation of the algorithm.

Specified by:

toElement in class Algorithm

Parameters:

signatureDOMDoc - The DOM document which should be used to create necessary DOM nodes. Must not be null.

Returns:

the DOM element representation of the algorithm.

Throws:

AlgorithmException - if no identifying URI has been specified for this algorithm.

sign

public java.io.InputStream sign()
                         throws AlgorithmException

Computes the signature value for the input previously provided by means of method SignatureAlgorithm.setInput(java.io.InputStream). The length of the output depends on the selected output length. If no output length has been set explicitely with method setOutputLength(int), the default output length will be 160 bits.

Specified by:

sign in class SignatureAlgorithm

Returns:

the signature value for the input specified with method SignatureAlgorithm.setInput(java.io.InputStream). This value will NOT be base64 encoded.

Throws:

AlgorithmException - if the signer key or the input data have not been set, or if computing the signature value fails for any reason.

verify

public boolean verify(java.io.InputStream signature)
               throws AlgorithmException

Verifies the specified signature for the input data previously set with method SignatureAlgorithm.setInput(java.io.InputStream).

Specified by:

verify in class SignatureAlgorithm

Parameters:

signature - The bytes representing the signature to be verified. Must not be null.

Returns:

true, if the signature is valid, false otherwise.

Throws:

AlgorithmException - if the verifier key or the input data have not been set, or if verifying the signature fails for any reason.

setSignerKey

public void setSignerKey(java.security.Key signerKey)

Sets the private key, which is used to compute the signature for the algorithm's input.

Parameters:

signerKey - The private key for computing the signature. Must not be null.

setVerifierKey

public void setVerifierKey(java.security.Key verifierKey)

Sets the public key, which is used to verify the signature for the algorithm's input.

Specified by:

setVerifierKey in class SignatureAlgorithm

Parameters:

verifierKey - The public key for verifying the signature. Must not be null.

verifierKeyUnknown

public boolean verifierKeyUnknown()

Gets the information, if this signature algorithm knows about the verification key. This depends on wheter the key has already been set explicitely with method setVerifierKey(java.security.Key) or not.

Specified by:

verifierKeyUnknown in class SignatureAlgorithm

Returns:

true, if this signature algorithm does not know about the verification key.

setSignerKey

public void setSignerKey(java.security.PrivateKey signerKey)
                  throws AlgorithmException

Sets the private key to be used by the signature algorithm. This method is implemented only so HMAC can implement the SignatureAlgorithm interface. It is not really required, because setSignerKey(Key signerKey) does the same thing. throws an exception if invoked by the application.

Overrides:

setSignerKey in class SignatureAlgorithm

Parameters:

privatekey - The private key to be used by the signature algorithm.

Throws:

AlgorithmException