Examples with AlgorithmIdentifier com.android.apksig.internal.pkcs7.AlgorithmIdentifier used on opensource projects

Example 16 with AlgorithmIdentifier

use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project PdfBox-Android by TomRoush.

the class PublicKeySecurityHandler method computeRecipientInfo.

private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0) throws IOException, CertificateEncodingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
    ASN1InputStream input = new ASN1InputStream(x509certificate.getTBSCertificate());
    TBSCertificate certificate = TBSCertificate.getInstance(input.readObject());
    input.close();
    AlgorithmIdentifier algorithmId = certificate.getSubjectPublicKeyInfo().getAlgorithm();
    IssuerAndSerialNumber serial = new IssuerAndSerialNumber(certificate.getIssuer(), certificate.getSerialNumber().getValue());
    Cipher cipher;
    try {
        cipher = Cipher.getInstance(algorithmId.getAlgorithm().getId(), SecurityProvider.getProvider());
    } catch (NoSuchAlgorithmException e) {
        // should never happen, if this happens throw IOException instead
        throw new RuntimeException("Could not find a suitable javax.crypto provider", e);
    } catch (NoSuchPaddingException e) {
        // should never happen, if this happens throw IOException instead
        throw new RuntimeException("Could not find a suitable javax.crypto provider", e);
    }
    cipher.init(1, x509certificate.getPublicKey());
    DEROctetString octets = new DEROctetString(cipher.doFinal(abyte0));
    RecipientIdentifier recipientId = new RecipientIdentifier(serial);
    return new KeyTransRecipientInfo(recipientId, algorithmId, octets);
}

Example 17 with AlgorithmIdentifier

use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project fabric-gateway by hyperledger.

the class X509Credentials method generateCertificate.

private X509Certificate generateCertificate(KeyPair keyPair) {
    X500Name dnName = new X500Name("CN=John Doe");
    // Yesterday
    Date validityBeginDate = new Date(System.currentTimeMillis() - 24L * 60 * 60 * 1000);
    // 2 years from now
    Date validityEndDate = new Date(System.currentTimeMillis() + 2L * 365 * 24 * 60 * 60 * 1000);
    SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
    X509v3CertificateBuilder builder = new X509v3CertificateBuilder(dnName, BigInteger.valueOf(System.currentTimeMillis()), validityBeginDate, validityEndDate, Locale.getDefault(), dnName, subPubKeyInfo);
    AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
    AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
    try {
        ContentSigner contentSigner = new BcECContentSignerBuilder(sigAlgId, digAlgId).build(PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded()));
        X509CertificateHolder holder = builder.build(contentSigner);
        return new JcaX509CertificateConverter().getCertificate(holder);
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    } catch (OperatorCreationException | CertificateException e) {
        throw new RuntimeException(e);
    }
}

Example 18 with AlgorithmIdentifier

use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project attestation by TokenScript.

the class ASN1Util method restorePublicKey.

/**
 * Extract the public key from its DER encoded BITString
 * @param input
 * @return
 */
public static AsymmetricKeyParameter restorePublicKey(byte[] input, X9ECParameters parameters, String oid) throws IOException {
    AlgorithmIdentifier identifierEnc = new AlgorithmIdentifier(new ASN1ObjectIdentifier(oid), parameters.toASN1Primitive());
    ASN1BitString keyEnc = DERBitString.getInstance(input);
    ASN1Sequence spkiEnc = new DERSequence(new ASN1Encodable[] { identifierEnc, keyEnc });
    SubjectPublicKeyInfo spki = SubjectPublicKeyInfo.getInstance(spkiEnc);
    return PublicKeyFactory.createKey(spki);
}

Example 19 with AlgorithmIdentifier

use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project attestation by TokenScript.

the class TicketDecoder method parseEncodingOfPKInfo.

void parseEncodingOfPKInfo(ASN1Sequence publicKeyInfo, String devconId) throws IOException, IllegalArgumentException {
    AlgorithmIdentifier algorithm = AlgorithmIdentifier.getInstance(publicKeyInfo.getObjectAt(0));
    byte[] publicKeyBytes = DERBitString.getInstance(publicKeyInfo.getObjectAt(1)).getEncoded();
    AsymmetricKeyParameter decodedPublicKey = SignatureUtility.restoreDefaultKey(algorithm, publicKeyBytes);
    SubjectPublicKeyInfo decodedSpki = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(decodedPublicKey);
    // Ensure that the right type of public key is given
    if (getPk(devconId) != null) {
        SubjectPublicKeyInfo referenceSpki = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(getPk(devconId));
        if (!Arrays.equals(referenceSpki.getEncoded(), decodedSpki.getEncoded())) {
            throw ExceptionUtil.throwException(logger, new IllegalArgumentException("The public key is not of the same as supplied as argument"));
        }
    }
    idsToKeys.put(devconId, decodedPublicKey);
}

Example 20 with AlgorithmIdentifier

use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project hedera-sdk-java by hashgraph.

the class Pem method decryptPrivateKey.

private static PrivateKeyInfo decryptPrivateKey(byte[] encodedStruct, String passphrase) throws IOException {
    var encryptedPrivateKeyInfo = EncryptedPrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(encodedStruct));
    AlgorithmIdentifier encryptAlg = encryptedPrivateKeyInfo.getEncryptionAlgorithm();
    if (!encryptAlg.getAlgorithm().equals(PKCSObjectIdentifiers.id_PBES2)) {
        throw new BadKeyException("unsupported PEM key encryption: " + encryptAlg);
    }
    PBES2Parameters params = PBES2Parameters.getInstance(encryptAlg.getParameters());
    KeyDerivationFunc kdf = params.getKeyDerivationFunc();
    EncryptionScheme encScheme = params.getEncryptionScheme();
    if (!kdf.getAlgorithm().equals(PKCSObjectIdentifiers.id_PBKDF2)) {
        throw new BadKeyException("unsupported KDF: " + kdf.getAlgorithm());
    }
    if (!encScheme.getAlgorithm().equals(NISTObjectIdentifiers.id_aes128_CBC)) {
        throw new BadKeyException("unsupported encryption: " + encScheme.getAlgorithm());
    }
    PBKDF2Params kdfParams = PBKDF2Params.getInstance(kdf.getParameters());
    if (!kdfParams.getPrf().getAlgorithm().equals(PKCSObjectIdentifiers.id_hmacWithSHA256)) {
        throw new BadKeyException("unsupported PRF: " + kdfParams.getPrf());
    }
    int keyLength = kdfParams.getKeyLength() != null ? kdfParams.getKeyLength().intValue() : Crypto.CBC_DK_LEN;
    KeyParameter derivedKey = Crypto.deriveKeySha256(passphrase, kdfParams.getSalt(), kdfParams.getIterationCount().intValue(), keyLength);
    AlgorithmParameters aesParams;
    try {
        aesParams = AlgorithmParameters.getInstance("AES");
    } catch (NoSuchAlgorithmException e) {
        throw new RuntimeException(e);
    }
    aesParams.init(encScheme.getParameters().toASN1Primitive().getEncoded());
    Cipher cipher = Crypto.initAesCbc128Decrypt(derivedKey, aesParams);
    byte[] decrypted = Crypto.runCipher(cipher, encryptedPrivateKeyInfo.getEncryptedData());
    // we need to parse our input data as the cipher may add padding
    ASN1InputStream inputStream = new ASN1InputStream(new ByteArrayInputStream(decrypted));
    return PrivateKeyInfo.getInstance(inputStream.readObject());
}