Example 26 with AlgorithmParameters
use of java.security.AlgorithmParameters in project platform_frameworks_base by android.
the class ESTHandler method buildCSR.
private byte[] buildCSR(ByteBuffer octetBuffer, OMADMAdapter omadmAdapter, HTTPHandler httpHandler) throws IOException, GeneralSecurityException {
//Security.addProvider(new BouncyCastleProvider());
Log.d(TAG, "/csrattrs:");
/*
byte[] octets = new byte[octetBuffer.remaining()];
octetBuffer.duplicate().get(octets);
for (byte b : octets) {
System.out.printf("%02x ", b & 0xff);
}
*/
Collection<Asn1Object> csrs = Asn1Decoder.decode(octetBuffer);
for (Asn1Object asn1Object : csrs) {
Log.d(TAG, asn1Object.toString());
}
if (csrs.size() != 1) {
throw new IOException("Unexpected object count in CSR attributes response: " + csrs.size());
}
Asn1Object sequence = csrs.iterator().next();
if (sequence.getClass() != Asn1Constructed.class) {
throw new IOException("Unexpected CSR attribute container: " + sequence);
}
String keyAlgo = null;
Asn1Oid keyAlgoOID = null;
String sigAlgo = null;
String curveName = null;
Asn1Oid pubCrypto = null;
int keySize = -1;
Map<Asn1Oid, ASN1Encodable> idAttributes = new HashMap<>();
for (Asn1Object child : sequence.getChildren()) {
if (child.getTag() == Asn1Decoder.TAG_OID) {
Asn1Oid oid = (Asn1Oid) child;
OidMappings.SigEntry sigEntry = OidMappings.getSigEntry(oid);
if (sigEntry != null) {
sigAlgo = sigEntry.getSigAlgo();
keyAlgoOID = sigEntry.getKeyAlgo();
keyAlgo = OidMappings.getJCEName(keyAlgoOID);
} else if (oid.equals(OidMappings.sPkcs9AtChallengePassword)) {
byte[] tlsUnique = httpHandler.getTLSUnique();
if (tlsUnique != null) {
idAttributes.put(oid, new DERPrintableString(Base64.encodeToString(tlsUnique, Base64.DEFAULT)));
} else {
Log.w(TAG, "Cannot retrieve TLS unique channel binding");
}
}
} else if (child.getTag() == Asn1Decoder.TAG_SEQ) {
Asn1Oid oid = null;
Set<Asn1Oid> oidValues = new HashSet<>();
List<Asn1Object> values = new ArrayList<>();
for (Asn1Object attributeSeq : child.getChildren()) {
if (attributeSeq.getTag() == Asn1Decoder.TAG_OID) {
oid = (Asn1Oid) attributeSeq;
} else if (attributeSeq.getTag() == Asn1Decoder.TAG_SET) {
for (Asn1Object value : attributeSeq.getChildren()) {
if (value.getTag() == Asn1Decoder.TAG_OID) {
oidValues.add((Asn1Oid) value);
} else {
values.add(value);
}
}
}
}
if (oid == null) {
throw new IOException("Invalid attribute, no OID");
}
if (oid.equals(OidMappings.sExtensionRequest)) {
for (Asn1Oid subOid : oidValues) {
if (OidMappings.isIDAttribute(subOid)) {
if (subOid.equals(OidMappings.sMAC)) {
idAttributes.put(subOid, new DERIA5String(omadmAdapter.getMAC()));
} else if (subOid.equals(OidMappings.sIMEI)) {
idAttributes.put(subOid, new DERIA5String(omadmAdapter.getImei()));
} else if (subOid.equals(OidMappings.sMEID)) {
idAttributes.put(subOid, new DERBitString(omadmAdapter.getMeid()));
} else if (subOid.equals(OidMappings.sDevID)) {
idAttributes.put(subOid, new DERPrintableString(omadmAdapter.getDevID()));
}
}
}
} else if (OidMappings.getCryptoID(oid) != null) {
pubCrypto = oid;
if (!values.isEmpty()) {
for (Asn1Object value : values) {
if (value.getTag() == Asn1Decoder.TAG_INTEGER) {
keySize = (int) ((Asn1Integer) value).getValue();
}
}
}
if (oid.equals(OidMappings.sAlgo_EC)) {
if (oidValues.isEmpty()) {
throw new IOException("No ECC curve name provided");
}
for (Asn1Oid value : oidValues) {
curveName = OidMappings.getJCEName(value);
if (curveName != null) {
break;
}
}
if (curveName == null) {
throw new IOException("Found no ECC curve for " + oidValues);
}
}
}
}
}
if (keyAlgoOID == null) {
throw new IOException("No public key algorithm specified");
}
if (pubCrypto != null && !pubCrypto.equals(keyAlgoOID)) {
throw new IOException("Mismatching key algorithms");
}
if (keyAlgoOID.equals(OidMappings.sAlgo_RSA)) {
if (keySize < MinRSAKeySize) {
if (keySize >= 0) {
Log.i(TAG, "Upgrading suggested RSA key size from " + keySize + " to " + MinRSAKeySize);
}
keySize = MinRSAKeySize;
}
}
Log.d(TAG, String.format("pub key '%s', signature '%s', ECC curve '%s', id-atts %s", keyAlgo, sigAlgo, curveName, idAttributes));
/*
Ruckus:
SEQUENCE:
OID=1.2.840.113549.1.1.11 (algo_id_sha256WithRSAEncryption)
RFC-7030:
SEQUENCE:
OID=1.2.840.113549.1.9.7 (challengePassword)
SEQUENCE:
OID=1.2.840.10045.2.1 (algo_id_ecPublicKey)
SET:
OID=1.3.132.0.34 (secp384r1)
SEQUENCE:
OID=1.2.840.113549.1.9.14 (extensionRequest)
SET:
OID=1.3.6.1.1.1.1.22 (mac-address)
OID=1.2.840.10045.4.3.3 (eccdaWithSHA384)
1L, 3L, 6L, 1L, 1L, 1L, 1L, 22
*/
// ECC Does not appear to be supported currently
KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgo);
if (curveName != null) {
AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(keyAlgo);
algorithmParameters.init(new ECNamedCurveGenParameterSpec(curveName));
kpg.initialize(algorithmParameters.getParameterSpec(ECNamedCurveGenParameterSpec.class));
} else {
kpg.initialize(keySize);
}
KeyPair kp = kpg.generateKeyPair();
X500Principal subject = new X500Principal("CN=Android, O=Google, C=US");
mClientKey = kp.getPrivate();
// !!! Map the idAttributes into an ASN1Set of values to pass to
// the PKCS10CertificationRequest - this code is using outdated BC classes and
// has *not* been tested.
ASN1Set attributes;
if (!idAttributes.isEmpty()) {
ASN1EncodableVector payload = new DEREncodableVector();
for (Map.Entry<Asn1Oid, ASN1Encodable> entry : idAttributes.entrySet()) {
DERObjectIdentifier type = new DERObjectIdentifier(entry.getKey().toOIDString());
ASN1Set values = new DERSet(entry.getValue());
Attribute attribute = new Attribute(type, values);
payload.add(attribute);
}
attributes = new DERSet(payload);
} else {
attributes = null;
}
return new PKCS10CertificationRequest(sigAlgo, subject, kp.getPublic(), attributes, mClientKey).getEncoded();
}
Also used :
DERSet(com.android.org.bouncycastle.asn1.DERSet)
ASN1Set(com.android.org.bouncycastle.asn1.ASN1Set)
Set(java.util.Set)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
Attribute(com.android.org.bouncycastle.asn1.x509.Attribute)
DERBitString(com.android.org.bouncycastle.asn1.DERBitString)
DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString)
DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String)
DERSet(com.android.org.bouncycastle.asn1.DERSet)
DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String)
Asn1Integer(com.android.hotspot2.asn1.Asn1Integer)
DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString)
ASN1EncodableVector(com.android.org.bouncycastle.asn1.ASN1EncodableVector)
List(java.util.List)
ArrayList(java.util.ArrayList)
ASN1Encodable(com.android.org.bouncycastle.asn1.ASN1Encodable)
PKCS10CertificationRequest(com.android.org.bouncycastle.jce.PKCS10CertificationRequest)
Asn1Oid(com.android.hotspot2.asn1.Asn1Oid)
KeyPair(java.security.KeyPair)
ECNamedCurveGenParameterSpec(com.android.org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec)
DEREncodableVector(com.android.org.bouncycastle.asn1.DEREncodableVector)
DERBitString(com.android.org.bouncycastle.asn1.DERBitString)
IOException(java.io.IOException)
KeyPairGenerator(java.security.KeyPairGenerator)
DERObjectIdentifier(com.android.org.bouncycastle.asn1.DERObjectIdentifier)
Asn1Object(com.android.hotspot2.asn1.Asn1Object)
OidMappings(com.android.hotspot2.asn1.OidMappings)
ASN1Set(com.android.org.bouncycastle.asn1.ASN1Set)
X500Principal(javax.security.auth.x500.X500Principal)
Map(java.util.Map)
HashMap(java.util.HashMap)
AlgorithmParameters(java.security.AlgorithmParameters)
Example 27 with AlgorithmParameters
use of java.security.AlgorithmParameters in project platform_frameworks_base by android.
the class AndroidKeyStoreUnauthenticatedAESCipherSpi method engineGetParameters.
@Nullable
@Override
protected final AlgorithmParameters engineGetParameters() {
if (!mIvRequired) {
return null;
}
if ((mIv != null) && (mIv.length > 0)) {
try {
AlgorithmParameters params = AlgorithmParameters.getInstance("AES");
params.init(new IvParameterSpec(mIv));
return params;
} catch (NoSuchAlgorithmException e) {
throw new ProviderException("Failed to obtain AES AlgorithmParameters", e);
} catch (InvalidParameterSpecException e) {
throw new ProviderException("Failed to initialize AES AlgorithmParameters with an IV", e);
}
}
return null;
}
Also used :
ProviderException(java.security.ProviderException)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidParameterSpecException(java.security.spec.InvalidParameterSpecException)
AlgorithmParameters(java.security.AlgorithmParameters)
Nullable(android.annotation.Nullable)
Example 28 with AlgorithmParameters
use of java.security.AlgorithmParameters in project j2objc by google.
the class AlgorithmParametersTest method test_getProvider.
/**
* java.security.AlgorithmParameters#getProvider()
*/
public void test_getProvider() throws Exception {
// test: null value
AlgorithmParameters ap = new DummyAlgorithmParameters(null, null, "AAA");
assertNull(ap.getProvider());
// test: not null value
ap = new DummyAlgorithmParameters(null, p, "AAA");
assertSame(p, ap.getProvider());
}
Also used :
AlgorithmParameters(java.security.AlgorithmParameters)
Example 29 with AlgorithmParameters
use of java.security.AlgorithmParameters in project j2objc by google.
the class AlgorithmParametersTest method test_toString.
/**
* java.security.AlgorithmParameters#toString()
*/
public void test_toString() throws Exception {
final String str = "AlgorithmParameters";
MyAlgorithmParameters paramSpi = new MyAlgorithmParameters() {
protected String engineToString() {
return str;
}
};
AlgorithmParameters params = new DummyAlgorithmParameters(paramSpi, p, "algorithm");
assertNull("unititialized", params.toString());
params.init(new byte[0]);
assertSame(str, params.toString());
}
Also used :
AlgorithmParameters(java.security.AlgorithmParameters)
Example 30 with AlgorithmParameters
use of java.security.AlgorithmParameters in project j2objc by google.
the class AlgorithmParametersTest method test_initLjava_security_spec_AlgorithmParameterSpec.
/**
* java.security.AlgorithmParameters#init(java.security.spec.AlgorithmParameterSpec)
*/
public void test_initLjava_security_spec_AlgorithmParameterSpec() throws Exception {
//
// test: corresponding spi method is invoked
//
final MyAlgorithmParameterSpec spec = new MyAlgorithmParameterSpec();
MyAlgorithmParameters paramSpi = new MyAlgorithmParameters() {
protected void engineInit(AlgorithmParameterSpec paramSpec) throws InvalidParameterSpecException {
assertSame(spec, paramSpec);
runEngineInit_AlgParamSpec = true;
}
};
AlgorithmParameters params = new DummyAlgorithmParameters(paramSpi, p, "algorithm");
params.init(spec);
assertTrue(paramSpi.runEngineInit_AlgParamSpec);
//
try {
params.init(spec);
fail("No expected InvalidParameterSpecException");
} catch (InvalidParameterSpecException e) {
// expected
}
params = new DummyAlgorithmParameters(paramSpi, p, "algorithm");
params.init(new byte[0]);
try {
params.init(spec);
fail("No expected InvalidParameterSpecException");
} catch (InvalidParameterSpecException e) {
// expected
}
params = new DummyAlgorithmParameters(paramSpi, p, "algorithm");
params.init(new byte[0], "format");
try {
params.init(spec);
fail("No expected InvalidParameterSpecException");
} catch (InvalidParameterSpecException e) {
// expected
}
//
// test: if paramSpec is null
//
paramSpi = new MyAlgorithmParameters() {
protected void engineInit(AlgorithmParameterSpec paramSpec) throws InvalidParameterSpecException {
// null is passed to spi-provider
assertNull(paramSpec);
runEngineInit_AlgParamSpec = true;
}
};
params = new DummyAlgorithmParameters(paramSpi, p, "algorithm");
params.init((AlgorithmParameterSpec) null);
assertTrue(paramSpi.runEngineInit_AlgParamSpec);
}
Also used :
InvalidParameterSpecException(java.security.spec.InvalidParameterSpecException)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
AlgorithmParameters(java.security.AlgorithmParameters)
Aggregations
AlgorithmParameters (java.security.AlgorithmParameters)107
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)39
IOException (java.io.IOException)31
InvalidParameterSpecException (java.security.spec.InvalidParameterSpecException)22
Cipher (javax.crypto.Cipher)22
SecretKey (javax.crypto.SecretKey)18
AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)13
NoSuchProviderException (java.security.NoSuchProviderException)12
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)11
Key (java.security.Key)11
SecureRandom (java.security.SecureRandom)10
EncryptedPrivateKeyInfo (javax.crypto.EncryptedPrivateKeyInfo)10
InvalidKeyException (java.security.InvalidKeyException)8
PBEParameterSpec (javax.crypto.spec.PBEParameterSpec)8
UnrecoverableKeyException (java.security.UnrecoverableKeyException)7
KeyPair (java.security.KeyPair)6
KeyPairGenerator (java.security.KeyPairGenerator)6
AlgorithmId (sun.security.x509.AlgorithmId)6
Nullable (android.annotation.Nullable)5
Asn1Integer (com.android.hotspot2.asn1.Asn1Integer)5
