I am using SpongCastle Provider v1.51. I added following maven to my project which are as follows(only relevant to SpongyCastle)
Based on answer here from StackOverflow, Already have added SpongyCastle PGP to maven pom file.
I am still testing on debugging and not using any Proguard features, whatsoever.
pom.xml
<dependency>
<groupId>com.madgag.spongycastle</groupId>
<artifactId>core</artifactId>
<version>1.51.0.0</version>
</dependency>
<dependency>
<groupId>com.madgag.spongycastle</groupId>
<artifactId>prov</artifactId>
<version>1.51.0.0</version>
</dependency>
<dependency>
<groupId>com.madgag.spongycastle</groupId>
<artifactId>pg</artifactId>
<version>1.51.0.0</version>
</dependency>
Following is the code for signing
private Document sign(Document document, boolean paramBoolean)throws Exception{
if (System.getenv("SKIP_DIGITAL_SIGNATURE") != null) {
return document;
}
X509Certificate x509Certificate = (X509Certificate)this.ks.getCertificate(this.alias);
Logger.d(TAG, "document base uri "+document.getBaseURI());
if(!Init.isInitialized()){
Logger.d(TAG, "initialzing the Init");
Init.init();
}else{
Logger.d(TAG, "already initialzed");
}
// Logger.d(TAG, ""+localX509Certificate.get);
XMLSignature localXMLSignature = new XMLSignature(document,"", XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
document.getDocumentElement().appendChild(localXMLSignature.getElement());
Transforms localTransforms = new Transforms(document);
localTransforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
localXMLSignature.addDocument("", localTransforms, XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
X509Data localX509Data = new X509Data(document);
localXMLSignature.getKeyInfo().add(localX509Data);
localX509Data.addSubjectName(x509Certificate.getSubjectX500Principal().getName());
localX509Data.addCertificate(x509Certificate);
localXMLSignature.sign(this.privateKey);
return document;
}
public String signXML(String paramString, boolean paramBoolean)
{
/* BouncyCastleProvider provider=new BouncyCastleProvider();
Set<Service>service=provider.getServices();
PKCSObjectIdentifiers.sha1WithRSAEncryption
Security.addProvider(new BouncyCastleProvider());
Iterator<Service> itr=service.iterator();
while(itr.hasNext()){
Service ser=itr.next();
ser.
}*/
//added spongycastle provider here
Security.addProvider(new org.spongycastle.jce.provider.BouncyCastleProvider());
// new org.spongycastle.jce.provider.BouncyCastleProvider().
// Security.addProvider(new );
try
{
DocumentBuilderFactory localDocumentBuilderFactory = DocumentBuilderFactory.newInstance();
localDocumentBuilderFactory.setNamespaceAware(true);
Document localDocument = sign(localDocumentBuilderFactory.newDocumentBuilder().parse(new InputSource(new StringReader(paramString))), paramBoolean);
StringWriter localStringWriter = new StringWriter();
TransformerFactory.newInstance().newTransformer().transform(new DOMSource(localDocument), new StreamResult(localStringWriter));
String str = localStringWriter.getBuffer().toString();
return str;
}
catch (Exception localException)
{
localException.printStackTrace();
throw new RuntimeException("Error while digitally signing the XML document", localException);
}
}
The log stack trace
05-04 11:26:34.716: W/dalvikvm(10319): dvmFindClassByName rejecting 'org/apache/xml/security/resource/xmlsecurity_en_US'
05-04 11:26:34.716: W/dalvikvm(10319): dvmFindClassByName rejecting 'org/apache/xml/security/resource/xmlsecurity_en'
05-04 11:26:34.746: W/dalvikvm(10319): dvmFindClassByName rejecting 'org/apache/xml/security/resource/xmlsecurity'
05-04 11:26:34.846: W/System.err(10319): org.apache.xml.security.signature.XMLSignatureException: The requested algorithm SHA1withRSA does not exist. Original Message was: MessageDigest SHA1withRSA implementation not found
05-04 11:26:34.846: W/System.err(10319): at org.apache.xml.security.algorithms.MessageDigestAlgorithm.getInstance(Unknown Source)
05-04 11:26:34.846: W/System.err(10319): at org.apache.xml.security.signature.Reference.<init>(Unknown Source)
05-04 11:26:34.846: W/System.err(10319): at org.apache.xml.security.signature.Manifest.addDocument(Unknown Source)
05-04 11:26:34.846: W/System.err(10319): at org.apache.xml.security.signature.XMLSignature.addDocument(Unknown Source)
05-04 11:26:34.846: W/System.err(10319): at com.companyname.project.auth.helper.DigitalSigner.sign(DigitalSigner.java:78)
05-04 11:26:34.846: W/System.err(10319): at com.companyname.project.auth.helper.DigitalSigner.signXML(DigitalSigner.java:106)
05-04 11:26:34.846: W/System.err(10319): at com.companyname.project.auth.client.AuthClient.authenticate(AuthClient.java:50)
05-04 11:26:34.846: W/System.err(10319): at com.companyname.project.auth.client.AuthRequest.authenticateRequest(AuthRequest.java:138)
05-04 11:26:34.856: W/System.err(10319): at com.companyname.project.activity.MainActivity$AuthenticateResultAsyncTask.doInBackground(MainActivity.java:163)
05-04 11:26:34.856: W/System.err(10319): at com.companyname.project.activity.MainActivity$AuthenticateResultAsyncTask.doInBackground(MainActivity.java:132)
05-04 11:26:34.856: W/System.err(10319): at android.os.AsyncTask$2.call(AsyncTask.java:264)
05-04 11:26:34.856: W/System.err(10319): at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
05-04 11:26:34.856: W/System.err(10319): at java.util.concurrent.FutureTask.run(FutureTask.java:137)
05-04 11:26:34.856: W/System.err(10319): at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:208)
05-04 11:26:34.856: W/System.err(10319): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076)
05-04 11:26:34.856: W/System.err(10319): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569)
05-04 11:26:34.856: W/System.err(10319): at java.lang.Thread.run(Thread.java:856)
05-04 11:26:34.856: W/System.err(10319): java.lang.RuntimeException: Error while digitally signing the XML document
05-04 11:26:34.866: W/System.err(10319): at com.companyname.project.auth.helper.DigitalSigner.signXML(DigitalSigner.java:115)
05-04 11:26:34.866: W/System.err(10319): at com.companyname.project.auth.client.AuthClient.authenticate(AuthClient.java:50)
05-04 11:26:34.876: W/System.err(10319): at com.companyname.project.auth.client.AuthRequest.authenticateRequest(AuthRequest.java:138)
05-04 11:26:34.876: W/System.err(10319): at com.companyname.project.activity.MainActivity$AuthenticateResultAsyncTask.doInBackground(MainActivity.java:163)
05-04 11:26:34.876: W/System.err(10319): at com.companyname.project.activity.MainActivity$AuthenticateResultAsyncTask.doInBackground(MainActivity.java:132)
05-04 11:26:34.876: W/System.err(10319): at android.os.AsyncTask$2.call(AsyncTask.java:264)
05-04 11:26:34.876: W/System.err(10319): at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
05-04 11:26:34.876: W/System.err(10319): at java.util.concurrent.FutureTask.run(FutureTask.java:137)
05-04 11:26:34.876: W/System.err(10319): at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:208)
05-04 11:26:34.876: W/System.err(10319): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076)
05-04 11:26:34.876: W/System.err(10319): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569)
05-04 11:26:34.876: W/System.err(10319): at java.lang.Thread.run(Thread.java:856)
Q.1 Why is it SHA1WithRSA algorithm not available, Even after SpongyCastle loads the algorithm?
Q.2 Why in the world Android does not support Class loading as it is java using .class, which is used by JAXB(I am trying to marshall/pack an XML and digitally sign it). It increase my development time from days into weeks.
Poor android does not support XML that good.
Please feel free to ask for further clarifications. Thank you for your time.
UPDATE:
I have added following code from here, to get list of Algorithms
Security.addProvider(new org.spongycastle.jce.provider.BouncyCastleProvider());
// new org.spongycastle.jce.provider.BouncyCastleProvider().
// Security.addProvider(new );
for (Provider provider : Security.getProviders()) {
System.out.println("Provider: " + provider.getName());
for (Provider.Service service : provider.getServices()) {
System.out.println(" Algorithm: " + service.getAlgorithm());
}
}
Output for list of Algorithms (Not Complete, Only Specific)
05-04 12:13:48.145: I/System.out(22193): Algorithm: DETECDSA
05-04 12:13:48.145: I/System.out(22193): Algorithm: SEED-GMAC
05-04 12:13:48.145: I/System.out(22193): Algorithm: RC5
05-04 12:13:48.145: I/System.out(22193): Algorithm: CERTIFICATE
05-04 12:13:48.145: I/System.out(22193): Algorithm: POLY1305-CAMELLIA
05-04 12:13:48.145: I/System.out(22193): Algorithm: HC256
05-04 12:13:48.145: I/System.out(22193): Algorithm: VMPC-KSA3
05-04 12:13:48.145: I/System.out(22193): Algorithm: DESMAC64
05-04 12:13:48.145: I/System.out(22193): Algorithm: SHA1WITHRSA
05-04 12:13:48.145: I/System.out(22193): Algorithm: BouncyCastle
05-04 12:13:48.145: I/System.out(22193): Algorithm: SKIPJACK
05-04 12:13:48.145: I/System.out(22193): Algorithm: DESEDEMAC
05-04 12:13:48.155: I/System.out(22193): Algorithm: POLY1305-CAMELLIA
05-04 12:13:48.155: I/System.out(22193): Algorithm: SHA3-224
05-04 12:13:48.155: I/System.out(22193): Algorithm: Skein-512-384
Algorithm is not available even after being loaded.
