Examples with AlgorithmIdentifier com.android.apksig.internal.pkcs7.AlgorithmIdentifier used on opensource projects

Example 61 with AlgorithmIdentifier

use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project xipki by xipki.

the class CmpResponder method verifyProtection.

private ProtectionVerificationResult verifyProtection(String tid, GeneralPKIMessage pkiMessage, CmpControl cmpControl) throws CMPException, InvalidKeyException, OperatorCreationException {
    ProtectedPKIMessage protectedMsg = new ProtectedPKIMessage(pkiMessage);
    if (protectedMsg.hasPasswordBasedMacProtection()) {
        LOG.warn("NOT_SIGNAUTRE_BASED: {}", pkiMessage.getHeader().getProtectionAlg().getAlgorithm().getId());
        return new ProtectionVerificationResult(null, ProtectionResult.NOT_SIGNATURE_BASED);
    }
    PKIHeader header = protectedMsg.getHeader();
    AlgorithmIdentifier protectionAlg = header.getProtectionAlg();
    if (!cmpControl.getSigAlgoValidator().isAlgorithmPermitted(protectionAlg)) {
        LOG.warn("SIG_ALGO_FORBIDDEN: {}", pkiMessage.getHeader().getProtectionAlg().getAlgorithm().getId());
        return new ProtectionVerificationResult(null, ProtectionResult.SIGALGO_FORBIDDEN);
    }
    CmpRequestorInfo requestor = getRequestor(header);
    if (requestor == null) {
        LOG.warn("tid={}: not authorized requestor '{}'", tid, header.getSender());
        return new ProtectionVerificationResult(null, ProtectionResult.SENDER_NOT_AUTHORIZED);
    }
    ContentVerifierProvider verifierProvider = securityFactory.getContentVerifierProvider(requestor.getCert().getCert());
    if (verifierProvider == null) {
        LOG.warn("tid={}: not authorized requestor '{}'", tid, header.getSender());
        return new ProtectionVerificationResult(requestor, ProtectionResult.SENDER_NOT_AUTHORIZED);
    }
    boolean signatureValid = protectedMsg.verify(verifierProvider);
    return new ProtectionVerificationResult(requestor, signatureValid ? ProtectionResult.VALID : ProtectionResult.INVALID);
}

Example 62 with AlgorithmIdentifier

use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project xipki by xipki.

the class P11ProviderTestCmd method getSignatureAlgo.

private String getSignatureAlgo(PublicKey pubKey) throws NoSuchAlgorithmException {
    SignatureAlgoControl algoControl = new SignatureAlgoControl(rsaMgf1, dsaPlain, gm);
    AlgorithmIdentifier sigAlgId = AlgorithmUtil.getSigAlgId(pubKey, HashAlgo.getNonNullInstance(hashAlgo), algoControl);
    return AlgorithmUtil.getSignatureAlgoName(sigAlgId);
}

Example 63 with AlgorithmIdentifier

use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project airavata by apache.

the class X509SecurityContext method generateShortLivedCredential.

public KeyAndCertCredential generateShortLivedCredential(String userDN, String caCertPath, String caKeyPath, String caPwd) throws Exception {
    // 15 minutes
    final long CredentialGoodFromOffset = 1000L * 60L * 15L;
    // ago
    final long startTime = System.currentTimeMillis() - CredentialGoodFromOffset;
    final long endTime = startTime + 30 * 3600 * 1000;
    String keyLengthProp = "1024";
    int keyLength = Integer.parseInt(keyLengthProp);
    String signatureAlgorithm = "SHA1withRSA";
    KeyAndCertCredential caCred = getCACredential(caCertPath, caKeyPath, caPwd);
    KeyPairGenerator kpg = KeyPairGenerator.getInstance(caCred.getKey().getAlgorithm());
    kpg.initialize(keyLength);
    KeyPair pair = kpg.generateKeyPair();
    X500Principal subjectDN = new X500Principal(userDN);
    Random rand = new Random();
    SubjectPublicKeyInfo publicKeyInfo;
    try {
        publicKeyInfo = SubjectPublicKeyInfo.getInstance(new ASN1InputStream(pair.getPublic().getEncoded()).readObject());
    } catch (IOException e) {
        throw new InvalidKeyException("Can not parse the public key" + "being included in the short lived certificate", e);
    }
    X500Name issuerX500Name = CertificateHelpers.toX500Name(caCred.getCertificate().getSubjectX500Principal());
    X500Name subjectX500Name = CertificateHelpers.toX500Name(subjectDN);
    X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuerX500Name, new BigInteger(20, rand), new Date(startTime), new Date(endTime), subjectX500Name, publicKeyInfo);
    AlgorithmIdentifier sigAlgId = X509v3CertificateBuilder.extractAlgorithmId(caCred.getCertificate());
    X509Certificate certificate = certBuilder.build(caCred.getKey(), sigAlgId, signatureAlgorithm, null, null);
    certificate.checkValidity(new Date());
    certificate.verify(caCred.getCertificate().getPublicKey());
    KeyAndCertCredential result = new KeyAndCertCredential(pair.getPrivate(), new X509Certificate[] { certificate, caCred.getCertificate() });
    return result;
}

Example 64 with AlgorithmIdentifier

use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project airavata by apache.

the class MyProxyLogon method generateCertificationRequest.

private PKCS10CertificationRequest generateCertificationRequest(String dn, KeyPair kp) throws Exception {
    X500Name subject = new X500Name(dn);
    PublicKey pubKey = kp.getPublic();
    PrivateKey privKey = kp.getPrivate();
    AsymmetricKeyParameter pubkeyParam = PublicKeyFactory.createKey(pubKey.getEncoded());
    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(pubkeyParam);
    PKCS10CertificationRequestBuilder builder = new PKCS10CertificationRequestBuilder(subject, publicKeyInfo);
    AlgorithmIdentifier signatureAi = new AlgorithmIdentifier(OIWObjectIdentifiers.sha1WithRSA);
    BcRSAContentSignerBuilder signerBuilder = new BcRSAContentSignerBuilder(signatureAi, AlgorithmIdentifier.getInstance(OIWObjectIdentifiers.idSHA1));
    AsymmetricKeyParameter pkParam = PrivateKeyFactory.createKey(privKey.getEncoded());
    ContentSigner signer = signerBuilder.build(pkParam);
    return builder.build(signer);
}

Example 65 with AlgorithmIdentifier

use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project airavata by apache.

the class X509SecurityContext method generateShortLivedCredential.

public KeyAndCertCredential generateShortLivedCredential(String userDN, String caCertPath, String caKeyPath, String caPwd) throws Exception {
    // 15 minutes
    final long CredentialGoodFromOffset = 1000L * 60L * 15L;
    // ago
    final long startTime = System.currentTimeMillis() - CredentialGoodFromOffset;
    final long endTime = startTime + 30 * 3600 * 1000;
    String keyLengthProp = "1024";
    int keyLength = Integer.parseInt(keyLengthProp);
    String signatureAlgorithm = "SHA1withRSA";
    KeyAndCertCredential caCred = getCACredential(caCertPath, caKeyPath, caPwd);
    KeyPairGenerator kpg = KeyPairGenerator.getInstance(caCred.getKey().getAlgorithm());
    kpg.initialize(keyLength);
    KeyPair pair = kpg.generateKeyPair();
    X500Principal subjectDN = new X500Principal(userDN);
    Random rand = new Random();
    SubjectPublicKeyInfo publicKeyInfo;
    try {
        publicKeyInfo = SubjectPublicKeyInfo.getInstance(new ASN1InputStream(pair.getPublic().getEncoded()).readObject());
    } catch (IOException e) {
        throw new InvalidKeyException("Can not parse the public key" + "being included in the short lived certificate", e);
    }
    X500Name issuerX500Name = CertificateHelpers.toX500Name(caCred.getCertificate().getSubjectX500Principal());
    X500Name subjectX500Name = CertificateHelpers.toX500Name(subjectDN);
    X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuerX500Name, new BigInteger(20, rand), new Date(startTime), new Date(endTime), subjectX500Name, publicKeyInfo);
    AlgorithmIdentifier sigAlgId = X509v3CertificateBuilder.extractAlgorithmId(caCred.getCertificate());
    X509Certificate certificate = certBuilder.build(caCred.getKey(), sigAlgId, signatureAlgorithm, null, null);
    certificate.checkValidity(new Date());
    certificate.verify(caCred.getCertificate().getPublicKey());
    KeyAndCertCredential result = new KeyAndCertCredential(pair.getPrivate(), new X509Certificate[] { certificate, caCred.getCertificate() });
    return result;
}