protected static AlgorithmIdentifier getAlgorithmIdentifier( PublicKey key) throws CertPathValidatorException { try { ASN1InputStream aIn = new ASN1InputStream(key.getEncoded()); SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject()); return info.getAlgorithmId(); } catch (Exception e) { throw new ExtCertPathValidatorException("Subject public key cannot be decoded.", e); } }
public PublicKey getPublicKey(String provider) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException { SubjectPublicKeyInfo subjectPKInfo = pkac.getSubjectPublicKeyInfo(); try { DERBitString bStr = new DERBitString(subjectPKInfo); X509EncodedKeySpec xspec = new X509EncodedKeySpec(bStr.getBytes()); AlgorithmIdentifier keyAlg = subjectPKInfo.getAlgorithm(); KeyFactory factory = KeyFactory.getInstance(keyAlg.getAlgorithm().getId(),provider); return factory.generatePublic(xspec); } catch (Exception e) { throw new InvalidKeyException("error encoding public key"); } }
static String getSignatureName( AlgorithmIdentifier sigAlgId) { ASN1Encodable params = sigAlgId.getParameters(); if (params != null && !DERNull.INSTANCE.equals(params)) { if (sigAlgId.getObjectId().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) { RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); return getDigestAlgName(rsaParams.getHashAlgorithm().getObjectId()) + "withRSAandMGF1"; } } return sigAlgId.getObjectId().getId(); }
/** * Return the keyData to encode in the SubjectPublicKeyInfo structure. * <p/> * The ASN.1 definition of the key structure is * <p/> * <pre> * McEliecePublicKey ::= SEQUENCE { * n Integer -- length of the code * t Integer -- error correcting capability * matrixG OctetString -- generator matrix as octet string * } * </pre> * * @return the keyData to encode in the SubjectPublicKeyInfo structure */ public byte[] getEncoded() { McEliecePublicKey key = new McEliecePublicKey(new ASN1ObjectIdentifier(oid), n, t, g); AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(this.getOID(), DERNull.INSTANCE); try { SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algorithmIdentifier, key); return subjectPublicKeyInfo.getEncoded(); } catch (IOException e) { return null; } }
public static AlgorithmCode getSigOrMacAlgoCode(AlgorithmIdentifier algId) throws NoSuchAlgorithmException { ASN1ObjectIdentifier oid = algId.getAlgorithm(); AlgorithmCode code = algOidToCodeMap.get(oid); if (code != null) { return code; } if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(oid)) { RSASSAPSSparams param = RSASSAPSSparams.getInstance(algId.getParameters()); ASN1ObjectIdentifier digestAlgOid = param.getHashAlgorithm().getAlgorithm(); code = digestToMgf1AlgCodeMap.get(digestAlgOid); if (code == null) { throw new NoSuchAlgorithmException("unsupported digest algorithm " + digestAlgOid); } return code; } else { throw new NoSuchAlgorithmException("unsupported signature algorithm " + oid.getId()); } }
public InputDecryptor getValueDecryptor(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey) throws CRMFException { Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentEncryptionAlgorithm, encryptedContentEncryptionKey); final Cipher dataCipher = helper.createContentCipher(secretKey, contentEncryptionAlgorithm); return new InputDecryptor() { public AlgorithmIdentifier getAlgorithmIdentifier() { return contentEncryptionAlgorithm; } public InputStream getInputStream(InputStream dataIn) { return new CipherInputStream(dataIn, dataCipher); } }; }
P11DSAContentSigner(P11CryptService cryptService, P11EntityIdentifier identityId, AlgorithmIdentifier signatureAlgId, boolean plain) throws XiSecurityException, P11TokenException { this.identityId = ParamUtil.requireNonNull("identityId", identityId); this.cryptService = ParamUtil.requireNonNull("cryptService", cryptService); this.algorithmIdentifier = ParamUtil.requireNonNull("signatureAlgId", signatureAlgId); try { this.encodedAlgorithmIdentifier = algorithmIdentifier.getEncoded(); } catch (IOException ex) { throw new XiSecurityException("could not encode AlgorithmIdentifier", ex); } this.plain = plain; String algOid = signatureAlgId.getAlgorithm().getId(); HashAlgoType hashAlgo = sigAlgHashMap.get(algOid); if (hashAlgo == null) { throw new XiSecurityException("unsupported signature algorithm " + algOid); } P11SlotIdentifier slotId = identityId.slotId(); P11Slot slot = cryptService.getSlot(slotId); if (slot.supportsMechanism(PKCS11Constants.CKM_DSA)) { this.mechanism = PKCS11Constants.CKM_DSA; Digest digest = hashAlgo.createDigest(); this.outputStream = new DigestOutputStream(digest); } else { this.mechanism = hashMechMap.get(hashAlgo).longValue(); if (!slot.supportsMechanism(this.mechanism)) { throw new XiSecurityException("unsupported signature algorithm " + algOid); } this.outputStream = new ByteArrayOutputStream(); } }
AlgorithmIdentifier getAlgorithmIdentifier(ASN1ObjectIdentifier encryptionOID, AlgorithmParameters params) throws CMSException { ASN1Encodable asn1Params; if (params != null) { try { asn1Params = ASN1Primitive.fromByteArray(params.getEncoded("ASN.1")); } catch (IOException e) { throw new CMSException("cannot encode parameters: " + e.getMessage(), e); } } else { asn1Params = DERNull.INSTANCE; } return new AlgorithmIdentifier( encryptionOID, asn1Params); }
protected AlgorithmIdentifier getAlgorithmIdentifier(String encryptionOID, AlgorithmParameters params) throws IOException { ASN1Encodable asn1Params; if (params != null) { asn1Params = ASN1Primitive.fromByteArray(params.getEncoded("ASN.1")); } else { asn1Params = DERNull.INSTANCE; } return new AlgorithmIdentifier( new ASN1ObjectIdentifier(encryptionOID), asn1Params); }
public HmacContentSigner(HashAlgoType hashAlgo, AlgorithmIdentifier algorithmIdentifier, SecretKey signingKey) throws XiSecurityException { this.algorithmIdentifier = ParamUtil.requireNonNull("algorithmIdentifier", algorithmIdentifier); try { this.encodedAlgorithmIdentifier = algorithmIdentifier.getEncoded(); } catch (IOException ex) { throw new XiSecurityException("could not encode AlgorithmIdentifier", ex); } ParamUtil.requireNonNull("signingKey", signingKey); if (hashAlgo == null) { hashAlgo = AlgorithmUtil.extractHashAlgoFromMacAlg(algorithmIdentifier); } this.hmac = new HMac(hashAlgo.createDigest()); byte[] keyBytes = signingKey.getEncoded(); this.hmac.init(new KeyParameter(keyBytes, 0, keyBytes.length)); this.outLen = hmac.getMacSize(); this.outputStream = new HmacOutputStream(); }
static AlgorithmIdentifier determineKeyEncAlg(KeyParameter key) { int length = key.getKey().length * 8; ASN1ObjectIdentifier wrapOid; if (length == 128) { wrapOid = NISTObjectIdentifiers.id_aes128_wrap; } else if (length == 192) { wrapOid = NISTObjectIdentifiers.id_aes192_wrap; } else if (length == 256) { wrapOid = NISTObjectIdentifiers.id_aes256_wrap; } else { throw new IllegalArgumentException("illegal keysize in AES"); } return new AlgorithmIdentifier(wrapOid); // parameters absent }
public KeyAgreeRecipientInfo( ASN1Sequence seq) { int index = 0; version = (ASN1Integer)seq.getObjectAt(index++); originator = OriginatorIdentifierOrKey.getInstance( (ASN1TaggedObject)seq.getObjectAt(index++), true); if (seq.getObjectAt(index) instanceof ASN1TaggedObject) { ukm = ASN1OctetString.getInstance( (ASN1TaggedObject)seq.getObjectAt(index++), true); } keyEncryptionAlgorithm = AlgorithmIdentifier.getInstance( seq.getObjectAt(index++)); recipientEncryptedKeys = (ASN1Sequence)seq.getObjectAt(index++); }
public static String getSignatureAlgoName(AlgorithmIdentifier sigAlgId) throws NoSuchAlgorithmException { ParamUtil.requireNonNull("sigAlgId", sigAlgId); ASN1ObjectIdentifier algOid = sigAlgId.getAlgorithm(); String name = null; if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algOid)) { RSASSAPSSparams param = RSASSAPSSparams.getInstance(sigAlgId.getParameters()); ASN1ObjectIdentifier digestAlgOid = param.getHashAlgorithm().getAlgorithm(); name = digestOidToMgf1SigNameMap.get(digestAlgOid); if (name == null) { throw new NoSuchAlgorithmException("unsupported digest algorithm " + digestAlgOid); } } else { name = sigAlgOidToNameMap.get(algOid); } if (name == null) { throw new NoSuchAlgorithmException("unsupported signature algorithm " + algOid.getId()); } return name; }
public SignerInfo( SignerIdentifier sid, AlgorithmIdentifier digAlgorithm, Attributes authenticatedAttributes, AlgorithmIdentifier digEncryptionAlgorithm, ASN1OctetString encryptedDigest, Attributes unauthenticatedAttributes) { if (sid.isTagged()) { this.version = new ASN1Integer(3); } else { this.version = new ASN1Integer(1); } this.sid = sid; this.digAlgorithm = digAlgorithm; this.authenticatedAttributes = ASN1Set.getInstance(authenticatedAttributes); this.digEncryptionAlgorithm = digEncryptionAlgorithm; this.encryptedDigest = encryptedDigest; this.unauthenticatedAttributes = ASN1Set.getInstance(unauthenticatedAttributes); }
public SignerInfo( ASN1Integer version, IssuerAndSerialNumber issuerAndSerialNumber, AlgorithmIdentifier digAlgorithm, ASN1Set authenticatedAttributes, AlgorithmIdentifier digEncryptionAlgorithm, ASN1OctetString encryptedDigest, ASN1Set unauthenticatedAttributes) { this.version = version; this.issuerAndSerialNumber = issuerAndSerialNumber; this.digAlgorithm = digAlgorithm; this.authenticatedAttributes = authenticatedAttributes; this.digEncryptionAlgorithm = digEncryptionAlgorithm; this.encryptedDigest = encryptedDigest; this.unauthenticatedAttributes = unauthenticatedAttributes; }
static String getSignatureName( AlgorithmIdentifier sigAlgId) { ASN1Encodable params = sigAlgId.getParameters(); if (params != null && !derNull.equals(params)) { if (sigAlgId.getObjectId().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) { RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); return getDigestAlgName(rsaParams.getHashAlgorithm().getObjectId()) + "withRSAandMGF1"; } if (sigAlgId.getObjectId().equals(X9ObjectIdentifiers.ecdsa_with_SHA2)) { ASN1Sequence ecDsaParams = ASN1Sequence.getInstance(params); return getDigestAlgName((DERObjectIdentifier)ecDsaParams.getObjectAt(0)) + "withECDSA"; } } return sigAlgId.getObjectId().getId(); }
public DfltConcurrentContentSigner(boolean mac, List<XiContentSigner> signers, Key signingKey) throws NoSuchAlgorithmException { ParamUtil.requireNonEmpty("signers", signers); this.mac = mac; AlgorithmIdentifier algorithmIdentifier = signers.get(0).getAlgorithmIdentifier(); this.algorithmName = AlgorithmUtil.getSigOrMacAlgoName(algorithmIdentifier); this.algorithmCode = AlgorithmUtil.getSigOrMacAlgoCode(algorithmIdentifier); for (XiContentSigner signer : signers) { this.signers.add(new ConcurrentBagEntrySigner(signer)); } this.signingKey = signingKey; this.name = "defaultSigner-" + NAME_INDEX.getAndIncrement(); }
/** * Verify the MacData attached to the PFX is consistent with what is expected. * * @param macCalcProviderBuilder provider builder for the calculator for the MAC * @param password password to use * @return true if mac data is valid, false otherwise. * @throws PKCSException if there is a problem evaluating the MAC. * @throws IllegalStateException if no MAC is actually present */ public boolean isMacValid(PKCS12MacCalculatorBuilderProvider macCalcProviderBuilder, char[] password) throws PKCSException { if (hasMac()) { MacData pfxmData = pfx.getMacData(); MacDataGenerator mdGen = new MacDataGenerator(macCalcProviderBuilder.get(new AlgorithmIdentifier(pfxmData.getMac().getAlgorithmId().getAlgorithm(), new PKCS12PBEParams(pfxmData.getSalt(), pfxmData.getIterationCount().intValue())))); try { MacData mData = mdGen.build( password, ASN1OctetString.getInstance(pfx.getAuthSafe().getContent()).getOctets()); return Arrays.constantTimeAreEqual(mData.getEncoded(), pfx.getMacData().getEncoded()); } catch (IOException e) { throw new PKCSException("unable to process AuthSafe: " + e.getMessage()); } } throw new IllegalStateException("no MAC present on PFX"); }
private CertID( ASN1Sequence seq) { hashAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(0)); issuerNameHash = (ASN1OctetString)seq.getObjectAt(1); issuerKeyHash = (ASN1OctetString)seq.getObjectAt(2); serialNumber = (ASN1Integer)seq.getObjectAt(3); }
private static RSASSAPSSparams creatPSSParams(AlgorithmIdentifier hashAlgId, int saltSize) { return new RSASSAPSSparams( hashAlgId, new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, hashAlgId), new ASN1Integer(saltSize), new ASN1Integer(1)); }
public static byte[] getEncodedSubjectPublicKeyInfo(AlgorithmIdentifier algId, byte[] keyData) { try { return getEncodedSubjectPublicKeyInfo(new SubjectPublicKeyInfo(algId, keyData)); } catch (Exception e) { return null; } }
private static Certificate generateStructure(TBSCertificate tbsCert, AlgorithmIdentifier sigAlgId, byte[] signature) { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(tbsCert); v.add(sigAlgId); v.add(new DERBitString(signature)); return Certificate.getInstance(new DERSequence(v)); }
private static CertificateList generateCRLStructure(TBSCertList tbsCertList, AlgorithmIdentifier sigAlgId, byte[] signature) { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(tbsCertList); v.add(sigAlgId); v.add(new DERBitString(signature)); return CertificateList.getInstance(new DERSequence(v)); }
/** * Return a PKCS8 representation of the key. The sequence returned * represents a full PrivateKeyInfo object. * * @return a PKCS8 representation of the key. */ public byte[] getEncoded() { try { PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(elSpec.getP(), elSpec.getG())), new DERInteger(getX())); return info.getEncoded(ASN1Encoding.DER); } catch (IOException e) { return null; } }
/** * create from an issuer certificate and the serial number of the * certificate it signed. * * @param hashAlgorithm hash algorithm to use * @param issuerCert issuing certificate * @param number serial number * @param provider provider to use for hashAlgorithm, null if the default one should be used. * * @exception OCSPException if any problems occur creating the id fields. */ public CertificateID( String hashAlgorithm, X509Certificate issuerCert, BigInteger number, String provider) throws OCSPException { AlgorithmIdentifier hashAlg = new AlgorithmIdentifier( new DERObjectIdentifier(hashAlgorithm), DERNull.INSTANCE); this.id = createCertID(hashAlg, issuerCert, new ASN1Integer(number), provider); }
public AlgorithmIdentifier getHashAlgorithm() { if (null == this.otherHash) { return new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1); } return this.otherHash.getHashAlgorithm(); }
public MacData build(char[] password, byte[] data) throws PKCSException { MacCalculator macCalculator; try { macCalculator = builder.build(password); OutputStream out = macCalculator.getOutputStream(); out.write(data); out.close(); } catch (Exception e) { throw new PKCSException("unable to process data: " + e.getMessage(), e); } AlgorithmIdentifier algId = macCalculator.getAlgorithmIdentifier(); DigestInfo dInfo = new DigestInfo(builder.getDigestAlgorithmIdentifier(), macCalculator.getMac()); PKCS12PBEParams params = PKCS12PBEParams.getInstance(algId.getParameters()); return new MacData(dInfo, params.getIV(), params.getIterations().intValue()); }
private boolean isAlgIdEqual(AlgorithmIdentifier id1, AlgorithmIdentifier id2) { if (!id1.getAlgorithm().equals(id2.getAlgorithm())) { return false; } if (id1.getParameters() == null) { if (id2.getParameters() != null && !id2.getParameters().equals(DERNull.INSTANCE)) { return false; } return true; } if (id2.getParameters() == null) { if (id1.getParameters() != null && !id1.getParameters().equals(DERNull.INSTANCE)) { return false; } return true; } return id1.getParameters().equals(id2.getParameters()); }
public EncryptedContentInfo( ASN1ObjectIdentifier contentType, AlgorithmIdentifier contentEncryptionAlgorithm, ASN1OctetString encryptedContent) { this.contentType = contentType; this.contentEncryptionAlgorithm = contentEncryptionAlgorithm; this.encryptedContent = encryptedContent; }
public EncryptedPrivateKeyInfo( AlgorithmIdentifier algId, byte[] encoding) { this.algId = algId; this.data = new DEROctetString(encoding); }
private static AlgorithmIdentifier getECSigAlgId(HashAlgoType hashAlgo, boolean plainSignature, boolean gm) throws NoSuchAlgorithmException { ParamUtil.requireNonNull("hashAlgo", hashAlgo); if (gm && plainSignature) { throw new IllegalArgumentException("plainSignature and gm cannot be both true"); } ASN1ObjectIdentifier sigAlgOid; if (gm) { switch (hashAlgo) { case SM3: sigAlgOid = GMObjectIdentifiers.sm2sign_with_sm3; break; default: throw new NoSuchAlgorithmException("unsupported hash " + hashAlgo + " for SM2 EC key"); } } else if (plainSignature) { sigAlgOid = digestToECPlainSigAlgMap.get(hashAlgo); if (sigAlgOid == null) { throw new NoSuchAlgorithmException( "unsupported hash " + hashAlgo + " for SM2 EC key"); } } else { sigAlgOid = digestToECSigAlgMap.get(hashAlgo); if (sigAlgOid == null) { throw new NoSuchAlgorithmException("unsupported hash " + hashAlgo + " for EC key"); } } return new AlgorithmIdentifier(sigAlgOid); }
public PBMParameter( byte[] salt, AlgorithmIdentifier owf, int iterationCount, AlgorithmIdentifier mac) { this(new DEROctetString(salt), owf, new ASN1Integer(iterationCount), mac); }
public CompressedData( AlgorithmIdentifier compressionAlgorithm, ContentInfo encapContentInfo) { this.version = new ASN1Integer(0); this.compressionAlgorithm = compressionAlgorithm; this.encapContentInfo = encapContentInfo; }
public static byte[] getEncodedSubjectPublicKeyInfo(AlgorithmIdentifier algId, ASN1Encodable keyData) { try { return getEncodedSubjectPublicKeyInfo(new SubjectPublicKeyInfo(algId, keyData)); } catch (Exception e) { return null; } }
P11ECDSAContentSigner(P11CryptService cryptService, P11EntityIdentifier identityId, AlgorithmIdentifier signatureAlgId, boolean plain) throws XiSecurityException, P11TokenException { this.cryptService = ParamUtil.requireNonNull("cryptService", cryptService); this.identityId = ParamUtil.requireNonNull("identityId", identityId); this.algorithmIdentifier = ParamUtil.requireNonNull("signatureAlgId", signatureAlgId); try { this.encodedAlgorithmIdentifier = algorithmIdentifier.getEncoded(); } catch (IOException ex) { throw new XiSecurityException("could not encode AlgorithmIdentifier", ex); } this.plain = plain; String algOid = signatureAlgId.getAlgorithm().getId(); HashAlgoType hashAlgo = sigAlgHashMap.get(algOid); if (hashAlgo == null) { throw new XiSecurityException("unsupported signature algorithm " + algOid); } P11Slot slot = cryptService.getSlot(identityId.slotId()); if (slot.supportsMechanism(PKCS11Constants.CKM_ECDSA)) { this.mechanism = PKCS11Constants.CKM_ECDSA; Digest digest = hashAlgo.createDigest(); this.outputStream = new DigestOutputStream(digest); } else { this.mechanism = hashMechMap.get(hashAlgo).longValue(); if (!slot.supportsMechanism(this.mechanism)) { throw new XiSecurityException("unsupported signature algorithm " + algOid); } this.outputStream = new ByteArrayOutputStream(); } }
public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentMacAlgorithm, byte[] derivedKey, byte[] encryptedContentEncryptionKey) throws CMSException { final Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentMacAlgorithm, derivedKey, encryptedContentEncryptionKey); final Mac dataMac = helper.createContentMac(secretKey, contentMacAlgorithm); return new RecipientOperator(new MacCalculator() { public AlgorithmIdentifier getAlgorithmIdentifier() { return contentMacAlgorithm; } public GenericKey getKey() { return new JceGenericKey(contentMacAlgorithm, secretKey); } public OutputStream getOutputStream() { return new MacOutputStream(dataMac); } public byte[] getMac() { return dataMac.doFinal(); } }); }
/** * Creates a new PKMACValue. * @param aid CMPObjectIdentifiers.passwordBasedMAC, with PBMParameter * @param value MAC of the DER-encoded SubjectPublicKeyInfo */ public PKMACValue( AlgorithmIdentifier aid, DERBitString value) { this.algId = aid; this.value = value; }
public MessageImprint( AlgorithmIdentifier hashAlgorithm, byte[] hashedMessage) { this.hashAlgorithm = hashAlgorithm; this.hashedMessage = hashedMessage; }
public static PSSSigner createPSSRSASigner(AlgorithmIdentifier sigAlgId, AsymmetricBlockCipher cipher) throws XiSecurityException { ParamUtil.requireNonNull("sigAlgId", sigAlgId); if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(sigAlgId.getAlgorithm())) { throw new XiSecurityException("signature algorithm " + sigAlgId.getAlgorithm() + " is not allowed"); } AlgorithmIdentifier digAlgId; try { digAlgId = AlgorithmUtil.extractDigesetAlgFromSigAlg(sigAlgId); } catch (NoSuchAlgorithmException ex) { throw new XiSecurityException(ex.getMessage(), ex); } RSASSAPSSparams param = RSASSAPSSparams.getInstance(sigAlgId.getParameters()); AlgorithmIdentifier mfgDigAlgId = AlgorithmIdentifier.getInstance( param.getMaskGenAlgorithm().getParameters()); Digest dig = getDigest(digAlgId); Digest mfgDig = getDigest(mfgDigAlgId); int saltSize = param.getSaltLength().intValue(); int trailerField = param.getTrailerField().intValue(); AsymmetricBlockCipher tmpCipher = (cipher == null) ? new RSABlindedEngine() : cipher; return new PSSSigner(tmpCipher, dig, mfgDig, saltSize, getTrailer(trailerField)); }
