Example 11 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project modules by assimbly.
the class CertificatesUtil method createSubjectKeyId.
/**
* Creates the hash value of the public key.
*
* @param publicKey of the certificate
*
* @return SubjectKeyIdentifier hash
*
* @throws OperatorCreationException
*/
private static SubjectKeyIdentifier createSubjectKeyId(final PublicKey publicKey) throws OperatorCreationException {
final SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
final DigestCalculator digCalc = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
return new X509ExtensionUtils(digCalc).createSubjectKeyIdentifier(publicKeyInfo);
}
Also used :
BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider)
DigestCalculator(org.bouncycastle.operator.DigestCalculator)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
X509ExtensionUtils(org.bouncycastle.cert.X509ExtensionUtils)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 12 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project alibabacloud-dkms-gcs-java-sdk by aliyun.
the class SHA256withRSASigner method formatPkcs1ToPkcs8.
private byte[] formatPkcs1ToPkcs8(byte[] pkcs1PrivateKey) {
try (ASN1InputStream asn1InputStream = new ASN1InputStream(pkcs1PrivateKey)) {
AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption);
ASN1Primitive asn1Object = asn1InputStream.readObject();
PrivateKeyInfo privKeyInfo = new PrivateKeyInfo(algorithmIdentifier, asn1Object);
return privKeyInfo.getEncoded();
} catch (IOException e) {
throw new IllegalArgumentException(e.toString());
}
}
Also used :
IOException(java.io.IOException)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 13 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project mercury by yellow013.
the class Digester method sha256.
public static DigestCalculator sha256() {
Digest digest = new SHA256Digest();
// The OID for SHA-256: http://www.oid-info.com/get/2.16.840.1.101.3.4.2.1
ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier("2.16.840.1.101.3.4.2.1").intern();
AlgorithmIdentifier algId = new AlgorithmIdentifier(oid);
return new Digester(digest, algId);
}
Also used :
Digest(org.bouncycastle.crypto.Digest)
SHA1Digest(org.bouncycastle.crypto.digests.SHA1Digest)
SHA256Digest(org.bouncycastle.crypto.digests.SHA256Digest)
SHA256Digest(org.bouncycastle.crypto.digests.SHA256Digest)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 14 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project conformance-suite by openid-certification.
the class ValidateMTLSCertificatesAsX509 method verifyECPrivateKey.
private void verifyECPrivateKey(String certString, String keyString, byte[] decodedKey, X509Certificate certificate) {
PrivateKey privateKey;
try {
// try to generate private key is PKCS8
KeySpec kspec = new PKCS8EncodedKeySpec(decodedKey);
privateKey = KeyFactory.getInstance("EC", "BC").generatePrivate(kspec);
} catch (InvalidKeySpecException e) {
try {
// try to generate private key isn't PKCS8
ASN1Sequence seq = ASN1Sequence.getInstance(decodedKey);
org.bouncycastle.asn1.sec.ECPrivateKey pKey = org.bouncycastle.asn1.sec.ECPrivateKey.getInstance(seq);
AlgorithmIdentifier algId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, pKey.getParameters());
byte[] server_pkcs8 = new PrivateKeyInfo(algId, pKey).getEncoded();
privateKey = KeyFactory.getInstance("EC", "BC").generatePrivate(new PKCS8EncodedKeySpec(server_pkcs8));
} catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException | NoSuchProviderException ex) {
throw error("Couldn't generate private key", e, args("key", keyString));
}
} catch (NoSuchProviderException | NoSuchAlgorithmException e) {
throw error("Provider or Algorithm of KeyFactory is invalid", e);
}
// TODO: Need to check that the private key and the certificate match
// This check isn't sure yet
ECPublicKey ecPublicKey = (ECPublicKey) certificate.getPublicKey();
if (!((ECPrivateKey) privateKey).getParameters().equals(ecPublicKey.getParameters())) {
throw error("MTLS Private Key and Cert do not match", args("cert", certString, "key", keyString));
}
}
Also used :
ECPrivateKey(org.bouncycastle.jce.interfaces.ECPrivateKey)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
ECPrivateKey(org.bouncycastle.jce.interfaces.ECPrivateKey)
PrivateKey(java.security.PrivateKey)
KeySpec(java.security.spec.KeySpec)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ECPublicKey(org.bouncycastle.jce.interfaces.ECPublicKey)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
NoSuchProviderException(java.security.NoSuchProviderException)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
Example 15 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project PdfBox-Android by TomRoush.
the class PublicKeySecurityHandler method createDERForRecipient.
private ASN1Primitive createDERForRecipient(byte[] in, X509Certificate cert) throws IOException, GeneralSecurityException {
String algorithm = PKCSObjectIdentifiers.RC2_CBC.getId();
AlgorithmParameterGenerator apg;
KeyGenerator keygen;
Cipher cipher;
try {
apg = AlgorithmParameterGenerator.getInstance(algorithm, SecurityProvider.getProvider());
keygen = KeyGenerator.getInstance(algorithm, SecurityProvider.getProvider());
cipher = Cipher.getInstance(algorithm, SecurityProvider.getProvider());
} catch (NoSuchAlgorithmException e) {
// happens when using the command line app .jar file
throw new IOException("Could not find a suitable javax.crypto provider for algorithm " + algorithm + "; possible reason: using an unsigned .jar file", e);
} catch (NoSuchPaddingException e) {
// should never happen, if this happens throw IOException instead
throw new RuntimeException("Could not find a suitable javax.crypto provider", e);
}
AlgorithmParameters parameters = apg.generateParameters();
ASN1InputStream input = new ASN1InputStream(parameters.getEncoded("ASN.1"));
ASN1Primitive object = input.readObject();
input.close();
keygen.init(128);
SecretKey secretkey = keygen.generateKey();
cipher.init(1, secretkey, parameters);
byte[] bytes = cipher.doFinal(in);
KeyTransRecipientInfo recipientInfo = computeRecipientInfo(cert, secretkey.getEncoded());
DERSet set = new DERSet(new RecipientInfo(recipientInfo));
AlgorithmIdentifier algorithmId = new AlgorithmIdentifier(new ASN1ObjectIdentifier(algorithm), object);
EncryptedContentInfo encryptedInfo = new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmId, new DEROctetString(bytes));
EnvelopedData enveloped = new EnvelopedData(null, set, encryptedInfo, (ASN1Set) null);
ContentInfo contentInfo = new ContentInfo(PKCSObjectIdentifiers.envelopedData, enveloped);
return contentInfo.toASN1Primitive();
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
KeyTransRecipientInfo(org.bouncycastle.asn1.cms.KeyTransRecipientInfo)
AlgorithmParameterGenerator(java.security.AlgorithmParameterGenerator)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
COSString(com.tom_roush.pdfbox.cos.COSString)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
DERSet(org.bouncycastle.asn1.DERSet)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
SecretKey(javax.crypto.SecretKey)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
EncryptedContentInfo(org.bouncycastle.asn1.cms.EncryptedContentInfo)
Cipher(javax.crypto.Cipher)
KeyGenerator(javax.crypto.KeyGenerator)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
KeyTransRecipientInfo(org.bouncycastle.asn1.cms.KeyTransRecipientInfo)
RecipientInfo(org.bouncycastle.asn1.cms.RecipientInfo)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
EnvelopedData(org.bouncycastle.asn1.cms.EnvelopedData)
CMSEnvelopedData(org.bouncycastle.cms.CMSEnvelopedData)
AlgorithmParameters(java.security.AlgorithmParameters)
EncryptedContentInfo(org.bouncycastle.asn1.cms.EncryptedContentInfo)
Aggregations
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)249
IOException (java.io.IOException)144
AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)140
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)75
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)71
BigInteger (java.math.BigInteger)60
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)55
X500Name (org.bouncycastle.asn1.x500.X500Name)50
X509Certificate (java.security.cert.X509Certificate)44
Date (java.util.Date)43
ContentSigner (org.bouncycastle.operator.ContentSigner)39
DEROctetString (org.bouncycastle.asn1.DEROctetString)38
OutputStream (java.io.OutputStream)37
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)36
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)34
PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)33
BcRSAContentSignerBuilder (org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)33
DefaultDigestAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)31
DefaultSignatureAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)31
DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)28
