Example 56 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project xipki by xipki.
the class AlgorithmUtil method getRSASigAlgId.
// CHECKSTYLE:SKIP
private static AlgorithmIdentifier getRSASigAlgId(HashAlgo hashAlgo, boolean mgf1) throws NoSuchAlgorithmException {
ParamUtil.requireNonNull("hashAlgo", hashAlgo);
if (mgf1) {
return buildRSAPSSAlgId(hashAlgo);
}
ASN1ObjectIdentifier sigAlgOid = digestToRSASigAlgMap.get(hashAlgo);
if (sigAlgOid == null) {
throw new NoSuchAlgorithmException("unsupported hash " + hashAlgo + " for RSA key");
}
return new AlgorithmIdentifier(sigAlgOid, DERNull.INSTANCE);
}
Also used :
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 57 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project xipki by xipki.
the class SignerUtil method createPSSRSASigner.
// CHECKSTYLE:SKIP
public static PSSSigner createPSSRSASigner(AlgorithmIdentifier sigAlgId, AsymmetricBlockCipher cipher) throws XiSecurityException {
ParamUtil.requireNonNull("sigAlgId", sigAlgId);
if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(sigAlgId.getAlgorithm())) {
throw new XiSecurityException("signature algorithm " + sigAlgId.getAlgorithm() + " is not allowed");
}
AlgorithmIdentifier digAlgId;
try {
digAlgId = AlgorithmUtil.extractDigesetAlgFromSigAlg(sigAlgId);
} catch (NoSuchAlgorithmException ex) {
throw new XiSecurityException(ex.getMessage(), ex);
}
RSASSAPSSparams param = RSASSAPSSparams.getInstance(sigAlgId.getParameters());
AlgorithmIdentifier mfgDigAlgId = AlgorithmIdentifier.getInstance(param.getMaskGenAlgorithm().getParameters());
Digest dig = getDigest(digAlgId);
Digest mfgDig = getDigest(mfgDigAlgId);
int saltSize = param.getSaltLength().intValue();
int trailerField = param.getTrailerField().intValue();
AsymmetricBlockCipher tmpCipher = (cipher == null) ? new RSABlindedEngine() : cipher;
return new PSSSigner(tmpCipher, dig, mfgDig, saltSize, getTrailer(trailerField));
}
Also used :
XiSecurityException(org.xipki.security.exception.XiSecurityException)
Digest(org.bouncycastle.crypto.Digest)
RSABlindedEngine(org.bouncycastle.crypto.engines.RSABlindedEngine)
RSASSAPSSparams(org.bouncycastle.asn1.pkcs.RSASSAPSSparams)
PSSSigner(org.bouncycastle.crypto.signers.PSSSigner)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
AsymmetricBlockCipher(org.bouncycastle.crypto.AsymmetricBlockCipher)
Example 58 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project xipki by xipki.
the class OcspBenchRequestor method init.
public void init(OcspBenchmark responseHandler, String responderUrl, Certificate issuerCert, RequestOptions requestOptions, int queueSize) throws Exception {
ParamUtil.requireNonNull("issuerCert", issuerCert);
ParamUtil.requireNonNull("responseHandler", responseHandler);
this.requestOptions = ParamUtil.requireNonNull("requestOptions", requestOptions);
HashAlgo hashAlgo = HashAlgo.getInstance(requestOptions.getHashAlgorithmId());
if (hashAlgo == null) {
throw new OcspRequestorException("unknown HashAlgo " + requestOptions.getHashAlgorithmId().getId());
}
this.issuerhashAlg = hashAlgo.getAlgorithmIdentifier();
this.issuerNameHash = new DEROctetString(hashAlgo.hash(issuerCert.getSubject().getEncoded()));
this.issuerKeyHash = new DEROctetString(hashAlgo.hash(issuerCert.getSubjectPublicKeyInfo().getPublicKeyData().getOctets()));
List<AlgorithmIdentifier> prefSigAlgs = requestOptions.getPreferredSignatureAlgorithms();
if (prefSigAlgs == null || prefSigAlgs.size() == 0) {
this.extensions = null;
} else {
ASN1EncodableVector vec = new ASN1EncodableVector();
for (AlgorithmIdentifier algId : prefSigAlgs) {
ASN1Sequence prefSigAlgObj = new DERSequence(algId);
vec.add(prefSigAlgObj);
}
ASN1Sequence extnValue = new DERSequence(vec);
Extension extn;
try {
extn = new Extension(ObjectIdentifiers.id_pkix_ocsp_prefSigAlgs, false, new DEROctetString(extnValue));
} catch (IOException ex) {
throw new OcspRequestorException(ex.getMessage(), ex);
}
this.extensions = new Extension[] { extn };
}
URI uri = new URI(responderUrl);
this.responderRawPathPost = uri.getRawPath();
if (this.responderRawPathPost.endsWith("/")) {
this.responderRawPathGet = this.responderRawPathPost;
} else {
this.responderRawPathGet = this.responderRawPathPost + "/";
}
this.httpClient = new HttpClient(responderUrl, responseHandler, queueSize);
this.httpClient.start();
}
Also used :
OcspRequestorException(org.xipki.ocsp.client.api.OcspRequestorException)
Extension(org.bouncycastle.asn1.x509.Extension)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DERSequence(org.bouncycastle.asn1.DERSequence)
HashAlgo(org.xipki.security.HashAlgo)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
IOException(java.io.IOException)
URI(java.net.URI)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 59 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project xipki by xipki.
the class RequestOptions method createPSSRSAParams.
// method createAlgId
// CHECKSTYLE:SKIP
public static RSASSAPSSparams createPSSRSAParams(ASN1ObjectIdentifier digestAlgOid) {
int saltSize;
if (X509ObjectIdentifiers.id_SHA1.equals(digestAlgOid)) {
saltSize = 20;
} else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOid)) {
saltSize = 28;
} else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOid)) {
saltSize = 32;
} else if (NISTObjectIdentifiers.id_sha384.equals(digestAlgOid)) {
saltSize = 48;
} else if (NISTObjectIdentifiers.id_sha512.equals(digestAlgOid)) {
saltSize = 64;
} else {
throw new RuntimeException("unknown digest algorithm " + digestAlgOid);
}
AlgorithmIdentifier digAlgId = new AlgorithmIdentifier(digestAlgOid, DERNull.INSTANCE);
return new RSASSAPSSparams(digAlgId, new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, digAlgId), new ASN1Integer(saltSize), RSASSAPSSparams.DEFAULT_TRAILER_FIELD);
}
Also used :
RSASSAPSSparams(org.bouncycastle.asn1.pkcs.RSASSAPSSparams)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 60 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project xipki by xipki.
the class RequestOptions method createAlgId.
private static AlgorithmIdentifier createAlgId(String algoName) {
algoName = algoName.toUpperCase();
ASN1ObjectIdentifier algOid = null;
if ("SHA1WITHRSA".equals(algoName)) {
algOid = PKCSObjectIdentifiers.sha1WithRSAEncryption;
} else if ("SHA256WITHRSA".equals(algoName)) {
algOid = PKCSObjectIdentifiers.sha256WithRSAEncryption;
} else if ("SHA384WITHRSA".equals(algoName)) {
algOid = PKCSObjectIdentifiers.sha384WithRSAEncryption;
} else if ("SHA512WITHRSA".equals(algoName)) {
algOid = PKCSObjectIdentifiers.sha512WithRSAEncryption;
} else if ("SHA1WITHECDSA".equals(algoName)) {
algOid = X9ObjectIdentifiers.ecdsa_with_SHA1;
} else if ("SHA256WITHECDSA".equals(algoName)) {
algOid = X9ObjectIdentifiers.ecdsa_with_SHA256;
} else if ("SHA384WITHECDSA".equals(algoName)) {
algOid = X9ObjectIdentifiers.ecdsa_with_SHA384;
} else if ("SHA512WITHECDSA".equals(algoName)) {
algOid = X9ObjectIdentifiers.ecdsa_with_SHA512;
} else if ("SHA1WITHRSAANDMGF1".equals(algoName) || "SHA256WITHRSAANDMGF1".equals(algoName) || "SHA384WITHRSAANDMGF1".equals(algoName) || "SHA512WITHRSAANDMGF1".equals(algoName)) {
algOid = PKCSObjectIdentifiers.id_RSASSA_PSS;
} else {
// should not happen
throw new RuntimeException("Unsupported algorithm " + algoName);
}
ASN1Encodable params;
if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algOid)) {
ASN1ObjectIdentifier digestAlgOid = null;
if ("SHA1WITHRSAANDMGF1".equals(algoName)) {
digestAlgOid = X509ObjectIdentifiers.id_SHA1;
} else if ("SHA256WITHRSAANDMGF1".equals(algoName)) {
digestAlgOid = NISTObjectIdentifiers.id_sha256;
} else if ("SHA384WITHRSAANDMGF1".equals(algoName)) {
digestAlgOid = NISTObjectIdentifiers.id_sha384;
} else {
// if ("SHA512WITHRSAANDMGF1".equals(algoName))
digestAlgOid = NISTObjectIdentifiers.id_sha512;
}
params = createPSSRSAParams(digestAlgOid);
} else {
params = DERNull.INSTANCE;
}
return new AlgorithmIdentifier(algOid, params);
}
Also used :
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Aggregations
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)249
IOException (java.io.IOException)144
AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)140
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)75
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)71
BigInteger (java.math.BigInteger)60
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)55
X500Name (org.bouncycastle.asn1.x500.X500Name)50
X509Certificate (java.security.cert.X509Certificate)44
Date (java.util.Date)43
ContentSigner (org.bouncycastle.operator.ContentSigner)39
DEROctetString (org.bouncycastle.asn1.DEROctetString)38
OutputStream (java.io.OutputStream)37
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)36
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)34
PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)33
BcRSAContentSignerBuilder (org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)33
DefaultDigestAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)31
DefaultSignatureAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)31
DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)28
