Example 86 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project jmulticard by ctt-gob-es.
the class SignerInformation method doVerify.
private boolean doVerify(SignerInformationVerifier verifier) throws CMSException {
String encName = CMSSignedHelper.INSTANCE.getEncryptionAlgName(this.getEncryptionAlgOID());
ContentVerifier contentVerifier;
try {
contentVerifier = verifier.getContentVerifier(encryptionAlgorithm, info.getDigestAlgorithm());
} catch (OperatorCreationException e) {
throw new CMSException("can't create content verifier: " + e.getMessage(), e);
}
try {
OutputStream sigOut = contentVerifier.getOutputStream();
if (resultDigest == null) {
DigestCalculator calc = verifier.getDigestCalculator(this.getDigestAlgorithmID());
if (content != null) {
OutputStream digOut = calc.getOutputStream();
if (signedAttributeSet == null) {
if (contentVerifier instanceof RawContentVerifier) {
content.write(digOut);
} else {
OutputStream cOut = new TeeOutputStream(digOut, sigOut);
content.write(cOut);
cOut.close();
}
} else {
content.write(digOut);
sigOut.write(this.getEncodedSignedAttributes());
}
digOut.close();
} else if (signedAttributeSet != null) {
sigOut.write(this.getEncodedSignedAttributes());
} else {
// TODO Get rid of this exception and just treat content==null as empty not missing?
throw new CMSException("data not encapsulated in signature - use detached constructor.");
}
resultDigest = calc.getDigest();
} else {
if (signedAttributeSet == null) {
if (content != null) {
content.write(sigOut);
}
} else {
sigOut.write(this.getEncodedSignedAttributes());
}
}
sigOut.close();
} catch (IOException e) {
throw new CMSException("can't process mime object to create signature.", e);
} catch (OperatorCreationException e) {
throw new CMSException("can't create digest calculator: " + e.getMessage(), e);
}
// RFC 3852 11.1 Check the content-type attribute is correct
verifyContentTypeAttributeValue();
AttributeTable signedAttrTable = this.getSignedAttributes();
// RFC 6211 Validate Algorithm Identifier protection attribute if present
verifyAlgorithmIdentifierProtectionAttribute(signedAttrTable);
// RFC 3852 11.2 Check the message-digest attribute is correct
verifyMessageDigestAttribute();
// RFC 3852 11.4 Validate countersignature attribute(s)
verifyCounterSignatureAttribute(signedAttrTable);
try {
if (signedAttributeSet == null && resultDigest != null) {
if (contentVerifier instanceof RawContentVerifier) {
RawContentVerifier rawVerifier = (RawContentVerifier) contentVerifier;
if (encName.equals("RSA")) {
DigestInfo digInfo = new DigestInfo(new AlgorithmIdentifier(digestAlgorithm.getAlgorithm(), DERNull.INSTANCE), resultDigest);
return rawVerifier.verify(digInfo.getEncoded(ASN1Encoding.DER), this.getSignature());
}
return rawVerifier.verify(resultDigest, this.getSignature());
}
}
return contentVerifier.verify(this.getSignature());
} catch (IOException e) {
throw new CMSException("can't process mime object to create signature.", e);
}
}
Also used :
TeeOutputStream(org.bouncycastle.util.io.TeeOutputStream)
DigestInfo(org.bouncycastle.asn1.x509.DigestInfo)
ContentVerifier(org.bouncycastle.operator.ContentVerifier)
RawContentVerifier(org.bouncycastle.operator.RawContentVerifier)
OutputStream(java.io.OutputStream)
TeeOutputStream(org.bouncycastle.util.io.TeeOutputStream)
DigestCalculator(org.bouncycastle.operator.DigestCalculator)
AttributeTable(org.bouncycastle.asn1.cms.AttributeTable)
RawContentVerifier(org.bouncycastle.operator.RawContentVerifier)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
IOException(java.io.IOException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 87 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project jmulticard by ctt-gob-es.
the class SignerInformationVerifier method getContentVerifier.
public ContentVerifier getContentVerifier(AlgorithmIdentifier signingAlgorithm, AlgorithmIdentifier digestAlgorithm) throws OperatorCreationException {
String signatureName = sigNameGenerator.getSignatureName(digestAlgorithm, signingAlgorithm);
AlgorithmIdentifier baseAlgID = sigAlgorithmFinder.find(signatureName);
return verifierProvider.get(new AlgorithmIdentifier(baseAlgID.getAlgorithm(), signingAlgorithm.getParameters()));
}
Also used :
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 88 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project jmulticard by ctt-gob-es.
the class BCECPublicKey method getEncoded.
public byte[] getEncoded() {
boolean pcSet = Properties.isOverrideSet("org.bouncycastle.ec.enable_pc");
if (encoding == null || oldPcSet != pcSet) {
boolean compress = withCompression || pcSet;
AlgorithmIdentifier algId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, ECUtils.getDomainParametersFromName(ecSpec, compress));
byte[] pubKeyOctets = ecPublicKey.getQ().getEncoded(compress);
// stored curve is null if ImplicitlyCa
encoding = KeyUtil.getEncodedSubjectPublicKeyInfo(algId, pubKeyOctets);
oldPcSet = pcSet;
}
return Arrays.clone(encoding);
}
Also used :
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 89 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project jmulticard by ctt-gob-es.
the class BCMcElieceCCA2PrivateKey method getEncoded.
/**
* Return the keyData to encode in the SubjectPublicKeyInfo structure.
* <p>
* The ASN.1 definition of the key structure is
* <pre>
* McEliecePrivateKey ::= SEQUENCE {
* m INTEGER -- extension degree of the field
* k INTEGER -- dimension of the code
* field OCTET STRING -- field polynomial
* goppaPoly OCTET STRING -- irreducible Goppa polynomial
* p OCTET STRING -- permutation vector
* matrixH OCTET STRING -- canonical check matrix
* sqRootMatrix SEQUENCE OF OCTET STRING -- square root matrix
* }
* </pre>
* @return the keyData to encode in the SubjectPublicKeyInfo structure
*/
public byte[] getEncoded() {
PrivateKeyInfo pki;
try {
McElieceCCA2PrivateKey privateKey = new McElieceCCA2PrivateKey(getN(), getK(), getField(), getGoppaPoly(), getP(), MessageDigestUtils.getDigestAlgID(params.getDigest()));
AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PQCObjectIdentifiers.mcElieceCca2);
pki = new PrivateKeyInfo(algorithmIdentifier, privateKey);
return pki.getEncoded();
} catch (IOException e) {
return null;
}
}
Also used :
McElieceCCA2PrivateKey(org.bouncycastle.pqc.asn1.McElieceCCA2PrivateKey)
IOException(java.io.IOException)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 90 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project jmulticard by ctt-gob-es.
the class BCMcEliecePrivateKey method getEncoded.
/**
* Return the key data to encode in the SubjectPublicKeyInfo structure.
* <p>
* The ASN.1 definition of the key structure is
* </p>
* <pre>
* McEliecePrivateKey ::= SEQUENCE {
* n INTEGER -- length of the code
* k INTEGER -- dimension of the code
* fieldPoly OCTET STRING -- field polynomial defining GF(2ˆm)
* getGoppaPoly() OCTET STRING -- irreducible Goppa polynomial
* sInv OCTET STRING -- matrix Sˆ-1
* p1 OCTET STRING -- permutation P1
* p2 OCTET STRING -- permutation P2
* h OCTET STRING -- canonical check matrix
* qInv SEQUENCE OF OCTET STRING -- matrix used to compute square roots
* }
* </pre>
*
* @return the key data to encode in the SubjectPublicKeyInfo structure
*/
public byte[] getEncoded() {
McEliecePrivateKey privateKey = new McEliecePrivateKey(params.getN(), params.getK(), params.getField(), params.getGoppaPoly(), params.getP1(), params.getP2(), params.getSInv());
PrivateKeyInfo pki;
try {
AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PQCObjectIdentifiers.mcEliece);
pki = new PrivateKeyInfo(algorithmIdentifier, privateKey);
} catch (IOException e) {
return null;
}
try {
byte[] encoded = pki.getEncoded();
return encoded;
} catch (IOException e) {
return null;
}
}
Also used :
IOException(java.io.IOException)
McEliecePrivateKey(org.bouncycastle.pqc.asn1.McEliecePrivateKey)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Aggregations
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)249
IOException (java.io.IOException)144
AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)140
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)75
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)71
BigInteger (java.math.BigInteger)60
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)55
X500Name (org.bouncycastle.asn1.x500.X500Name)50
X509Certificate (java.security.cert.X509Certificate)44
Date (java.util.Date)43
ContentSigner (org.bouncycastle.operator.ContentSigner)39
DEROctetString (org.bouncycastle.asn1.DEROctetString)38
OutputStream (java.io.OutputStream)37
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)36
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)34
PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)33
BcRSAContentSignerBuilder (org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)33
DefaultDigestAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)31
DefaultSignatureAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)31
DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)28
