Example 81 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project keystore-explorer by kaikramer.
the class JarSigner method createSignatureBlock.
private static byte[] createSignatureBlock(byte[] toSign, PrivateKey privateKey, X509Certificate[] certificateChain, SignatureType signatureType, String tsaUrl, Provider provider) throws CryptoException {
try {
List<X509Certificate> certList = new ArrayList<>();
Collections.addAll(certList, certificateChain);
DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build();
JcaContentSignerBuilder csb = new JcaContentSignerBuilder(signatureType.jce()).setSecureRandom(SecureRandom.getInstance("SHA1PRNG"));
if (provider != null) {
csb.setProvider(provider);
}
// Workaround for display issue in verify function of jarsigner for Java <= 15
// see https://github.com/kaikramer/keystore-explorer/issues/293
JcaSignerInfoGeneratorBuilder siGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(digCalcProv, new DefaultCMSSignatureEncryptionAlgorithmFinder() {
@Override
public AlgorithmIdentifier findEncryptionAlgorithm(AlgorithmIdentifier signatureAlgorithm) {
List<ASN1ObjectIdentifier> shaRsaIdentifiers = Arrays.asList(PKCSObjectIdentifiers.sha256WithRSAEncryption, PKCSObjectIdentifiers.sha384WithRSAEncryption, PKCSObjectIdentifiers.sha512WithRSAEncryption);
// map OIDs for RSAwithSHA256/384/512 to OID for RSAEncryption
return shaRsaIdentifiers.contains(signatureAlgorithm.getAlgorithm()) ? new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE) : super.findEncryptionAlgorithm(signatureAlgorithm);
}
});
// remove cmsAlgorithmProtect for compatibility reasons
SignerInfoGenerator sigGen = siGeneratorBuilder.build(csb.build(privateKey), certificateChain[0]);
final CMSAttributeTableGenerator sAttrGen = sigGen.getSignedAttributeTableGenerator();
sigGen = new SignerInfoGenerator(sigGen, new DefaultSignedAttributeTableGenerator() {
@Override
public AttributeTable getAttributes(@SuppressWarnings("rawtypes") Map parameters) {
AttributeTable ret = sAttrGen.getAttributes(parameters);
return ret.remove(CMSAttributes.cmsAlgorithmProtect);
}
}, sigGen.getUnsignedAttributeTableGenerator());
CMSSignedDataGenerator dataGen = new CMSSignedDataGenerator();
dataGen.addSignerInfoGenerator(sigGen);
dataGen.addCertificates(new JcaCertStore(certList));
CMSSignedData signedData = dataGen.generate(new CMSProcessableByteArray(toSign), true);
// now let TSA time-stamp the signature
if (tsaUrl != null && !tsaUrl.isEmpty()) {
signedData = addTimestamp(tsaUrl, signedData);
}
return signedData.getEncoded();
} catch (Exception ex) {
throw new CryptoException(res.getString("SignatureBlockCreationFailed.exception.message"), ex);
}
}
Also used :
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
DefaultSignedAttributeTableGenerator(org.bouncycastle.cms.DefaultSignedAttributeTableGenerator)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ArrayList(java.util.ArrayList)
AttributeTable(org.bouncycastle.asn1.cms.AttributeTable)
DefaultCMSSignatureEncryptionAlgorithmFinder(org.bouncycastle.cms.DefaultCMSSignatureEncryptionAlgorithmFinder)
JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
X509Certificate(java.security.cert.X509Certificate)
CryptoException(org.kse.crypto.CryptoException)
IOException(java.io.IOException)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
JcaSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder)
DigestCalculatorProvider(org.bouncycastle.operator.DigestCalculatorProvider)
CMSAttributeTableGenerator(org.bouncycastle.cms.CMSAttributeTableGenerator)
SignerInfoGenerator(org.bouncycastle.cms.SignerInfoGenerator)
List(java.util.List)
ArrayList(java.util.ArrayList)
JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)
CryptoException(org.kse.crypto.CryptoException)
Map(java.util.Map)
Example 82 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project jmulticard by ctt-gob-es.
the class JcaContentVerifierProviderBuilder method build.
public ContentVerifierProvider build(final X509Certificate certificate) throws OperatorCreationException {
final X509CertificateHolder certHolder;
try {
certHolder = new JcaX509CertificateHolder(certificate);
} catch (CertificateEncodingException e) {
throw new OperatorCreationException("cannot process certificate: " + e.getMessage(), e);
}
return new ContentVerifierProvider() {
public boolean hasAssociatedCertificate() {
return true;
}
public X509CertificateHolder getAssociatedCertificate() {
return certHolder;
}
public ContentVerifier get(AlgorithmIdentifier algorithm) throws OperatorCreationException {
if (algorithm.getAlgorithm().equals(MiscObjectIdentifiers.id_alg_composite)) {
return createCompositeVerifier(algorithm, certificate.getPublicKey());
} else {
Signature sig;
try {
sig = helper.createSignature(algorithm);
sig.initVerify(certificate.getPublicKey());
} catch (GeneralSecurityException e) {
throw new OperatorCreationException("exception on setup: " + e, e);
}
Signature rawSig = createRawSig(algorithm, certificate.getPublicKey());
if (rawSig != null) {
return new RawSigVerifier(algorithm, sig, rawSig);
} else {
return new SigVerifier(algorithm, sig);
}
}
}
};
}
Also used :
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
Signature(java.security.Signature)
GeneralSecurityException(java.security.GeneralSecurityException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
ContentVerifierProvider(org.bouncycastle.operator.ContentVerifierProvider)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 83 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project jmulticard by ctt-gob-es.
the class JcaContentVerifierProviderBuilder method createCompositeVerifier.
private ContentVerifier createCompositeVerifier(AlgorithmIdentifier compAlgId, PublicKey publicKey) throws OperatorCreationException {
if (publicKey instanceof CompositePublicKey) {
List<PublicKey> pubKeys = ((CompositePublicKey) publicKey).getPublicKeys();
ASN1Sequence keySeq = ASN1Sequence.getInstance(compAlgId.getParameters());
Signature[] sigs = new Signature[keySeq.size()];
for (int i = 0; i != keySeq.size(); i++) {
AlgorithmIdentifier sigAlg = AlgorithmIdentifier.getInstance(keySeq.getObjectAt(i));
if (pubKeys.get(i) != null) {
sigs[i] = createSignature(sigAlg, (PublicKey) pubKeys.get(i));
} else {
sigs[i] = null;
}
}
return new CompositeVerifier(sigs);
} else {
ASN1Sequence keySeq = ASN1Sequence.getInstance(compAlgId.getParameters());
Signature[] sigs = new Signature[keySeq.size()];
for (int i = 0; i != keySeq.size(); i++) {
AlgorithmIdentifier sigAlg = AlgorithmIdentifier.getInstance(keySeq.getObjectAt(i));
try {
sigs[i] = createSignature(sigAlg, publicKey);
} catch (Exception e) {
sigs[i] = null;
// continue
}
}
return new CompositeVerifier(sigs);
}
}
Also used :
CompositePublicKey(org.bouncycastle.jcajce.CompositePublicKey)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
CompositePublicKey(org.bouncycastle.jcajce.CompositePublicKey)
PublicKey(java.security.PublicKey)
Signature(java.security.Signature)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
GeneralSecurityException(java.security.GeneralSecurityException)
SignatureException(java.security.SignatureException)
CertificateException(java.security.cert.CertificateException)
RuntimeOperatorException(org.bouncycastle.operator.RuntimeOperatorException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 84 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project jmulticard by ctt-gob-es.
the class DefaultDigestAlgorithmIdentifierFinder method addDigestAlgId.
private static void addDigestAlgId(ASN1ObjectIdentifier oid, boolean withNullParams) {
AlgorithmIdentifier algId;
if (withNullParams) {
algId = new AlgorithmIdentifier(oid, DERNull.INSTANCE);
} else {
algId = new AlgorithmIdentifier(oid);
}
digestOidToAlgIds.put(oid, algId);
}
Also used :
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 85 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project jmulticard by ctt-gob-es.
the class DefaultSignatureNameFinder method getAlgorithmName.
/**
* Return the signature name for the passed in algorithm identifier. For signatures
* that require parameters, like RSASSA-PSS, this is the best one to use.
*
* @param algorithmIdentifier the AlgorithmIdentifier of interest.
* @return a string representation of the name.
*/
public String getAlgorithmName(AlgorithmIdentifier algorithmIdentifier) {
ASN1Encodable params = algorithmIdentifier.getParameters();
if (params != null && !DERNull.INSTANCE.equals(params)) {
if (algorithmIdentifier.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) {
RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params);
AlgorithmIdentifier mgfAlg = rsaParams.getMaskGenAlgorithm();
if (mgfAlg.getAlgorithm().equals(PKCSObjectIdentifiers.id_mgf1)) {
AlgorithmIdentifier digAlg = rsaParams.getHashAlgorithm();
ASN1ObjectIdentifier mgfHashOid = AlgorithmIdentifier.getInstance(mgfAlg.getParameters()).getAlgorithm();
if (mgfHashOid.equals(digAlg.getAlgorithm())) {
return getDigestName(digAlg.getAlgorithm()) + "WITHRSAANDMGF1";
} else {
return getDigestName(digAlg.getAlgorithm()) + "WITHRSAANDMGF1USING" + getDigestName(mgfHashOid);
}
}
return getDigestName(rsaParams.getHashAlgorithm().getAlgorithm()) + "WITHRSAAND" + mgfAlg.getAlgorithm().getId();
}
}
if (oids.containsKey(algorithmIdentifier.getAlgorithm())) {
return (String) oids.get(algorithmIdentifier.getAlgorithm());
}
return algorithmIdentifier.getAlgorithm().getId();
}
Also used :
RSASSAPSSparams(org.bouncycastle.asn1.pkcs.RSASSAPSSparams)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Aggregations
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)249
IOException (java.io.IOException)144
AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)140
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)75
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)71
BigInteger (java.math.BigInteger)60
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)55
X500Name (org.bouncycastle.asn1.x500.X500Name)50
X509Certificate (java.security.cert.X509Certificate)44
Date (java.util.Date)43
ContentSigner (org.bouncycastle.operator.ContentSigner)39
DEROctetString (org.bouncycastle.asn1.DEROctetString)38
OutputStream (java.io.OutputStream)37
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)36
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)34
PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)33
BcRSAContentSignerBuilder (org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)33
DefaultDigestAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)31
DefaultSignatureAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)31
DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)28
