Example 36 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project robovm by robovm.
the class BcDefaultDigestProvider method createTable.
private static Map createTable() {
Map table = new HashMap();
table.put(OIWObjectIdentifiers.idSHA1, new BcDigestProvider() {
public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) {
return new SHA1Digest();
}
});
// BEGIN android-removed
// table.put(NISTObjectIdentifiers.id_sha224, new BcDigestProvider()
// {
// public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
// {
// return new SHA224Digest();
// }
// });
// END android-removed
table.put(NISTObjectIdentifiers.id_sha256, new BcDigestProvider() {
public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) {
return new SHA256Digest();
}
});
table.put(NISTObjectIdentifiers.id_sha384, new BcDigestProvider() {
public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) {
return new SHA384Digest();
}
});
table.put(NISTObjectIdentifiers.id_sha512, new BcDigestProvider() {
public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) {
return new SHA512Digest();
}
});
table.put(PKCSObjectIdentifiers.md5, new BcDigestProvider() {
public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) {
return new MD5Digest();
}
});
return Collections.unmodifiableMap(table);
}
Also used :
ExtendedDigest(org.bouncycastle.crypto.ExtendedDigest)
SHA512Digest(org.bouncycastle.crypto.digests.SHA512Digest)
MD5Digest(org.bouncycastle.crypto.digests.MD5Digest)
HashMap(java.util.HashMap)
SHA256Digest(org.bouncycastle.crypto.digests.SHA256Digest)
SHA1Digest(org.bouncycastle.crypto.digests.SHA1Digest)
HashMap(java.util.HashMap)
Map(java.util.Map)
SHA384Digest(org.bouncycastle.crypto.digests.SHA384Digest)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 37 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project robovm by robovm.
the class JcaDigestCalculatorProviderBuilder method build.
public DigestCalculatorProvider build() throws OperatorCreationException {
return new DigestCalculatorProvider() {
public DigestCalculator get(final AlgorithmIdentifier algorithm) throws OperatorCreationException {
final DigestOutputStream stream;
try {
MessageDigest dig = helper.createDigest(algorithm);
stream = new DigestOutputStream(dig);
} catch (GeneralSecurityException e) {
throw new OperatorCreationException("exception on setup: " + e, e);
}
return new DigestCalculator() {
public AlgorithmIdentifier getAlgorithmIdentifier() {
return algorithm;
}
public OutputStream getOutputStream() {
return stream;
}
public byte[] getDigest() {
return stream.getDigest();
}
};
}
};
}
Also used :
DigestCalculatorProvider(org.bouncycastle.operator.DigestCalculatorProvider)
GeneralSecurityException(java.security.GeneralSecurityException)
DigestCalculator(org.bouncycastle.operator.DigestCalculator)
MessageDigest(java.security.MessageDigest)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 38 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project robovm by robovm.
the class X509CertSelector method match.
/**
* Returns whether the specified certificate matches all the criteria
* collected in this instance.
*
* @param certificate
* the certificate to check.
* @return {@code true} if the certificate matches all the criteria,
* otherwise {@code false}.
*/
public boolean match(Certificate certificate) {
if (!(certificate instanceof X509Certificate)) {
return false;
}
X509Certificate cert = (X509Certificate) certificate;
if ((certificateEquals != null) && !certificateEquals.equals(cert)) {
return false;
}
if ((serialNumber != null) && !serialNumber.equals(cert.getSerialNumber())) {
return false;
}
if ((issuer != null) && !issuer.equals(cert.getIssuerX500Principal())) {
return false;
}
if ((subject != null) && !subject.equals(cert.getSubjectX500Principal())) {
return false;
}
if ((subjectKeyIdentifier != null) && !Arrays.equals(subjectKeyIdentifier, // are taken from rfc 3280 (http://www.ietf.org/rfc/rfc3280.txt)
getExtensionValue(cert, "2.5.29.14"))) {
return false;
}
if ((authorityKeyIdentifier != null) && !Arrays.equals(authorityKeyIdentifier, getExtensionValue(cert, "2.5.29.35"))) {
return false;
}
if (certificateValid != null) {
try {
cert.checkValidity(certificateValid);
} catch (CertificateExpiredException e) {
return false;
} catch (CertificateNotYetValidException e) {
return false;
}
}
if (privateKeyValid != null) {
try {
byte[] bytes = getExtensionValue(cert, "2.5.29.16");
if (bytes == null) {
return false;
}
PrivateKeyUsagePeriod pkup = (PrivateKeyUsagePeriod) PrivateKeyUsagePeriod.ASN1.decode(bytes);
Date notBefore = pkup.getNotBefore();
Date notAfter = pkup.getNotAfter();
if ((notBefore == null) && (notAfter == null)) {
return false;
}
if ((notBefore != null) && notBefore.compareTo(privateKeyValid) > 0) {
return false;
}
if ((notAfter != null) && notAfter.compareTo(privateKeyValid) < 0) {
return false;
}
} catch (IOException e) {
return false;
}
}
if (subjectPublicKeyAlgID != null) {
try {
byte[] encoding = cert.getPublicKey().getEncoded();
AlgorithmIdentifier ai = ((SubjectPublicKeyInfo) SubjectPublicKeyInfo.ASN1.decode(encoding)).getAlgorithmIdentifier();
if (!subjectPublicKeyAlgID.equals(ai.getAlgorithm())) {
return false;
}
} catch (IOException e) {
e.printStackTrace();
return false;
}
}
if (subjectPublicKey != null) {
if (!Arrays.equals(subjectPublicKey, cert.getPublicKey().getEncoded())) {
return false;
}
}
if (keyUsage != null) {
boolean[] ku = cert.getKeyUsage();
if (ku != null) {
int i = 0;
int min_length = (ku.length < keyUsage.length) ? ku.length : keyUsage.length;
for (; i < min_length; i++) {
if (keyUsage[i] && !ku[i]) {
// but certificate does not.
return false;
}
}
for (; i < keyUsage.length; i++) {
if (keyUsage[i]) {
return false;
}
}
}
}
if (extendedKeyUsage != null) {
try {
List keyUsage = cert.getExtendedKeyUsage();
if (keyUsage != null) {
if (!keyUsage.containsAll(extendedKeyUsage)) {
return false;
}
}
} catch (CertificateParsingException e) {
return false;
}
}
if (pathLen != -1) {
int p_len = cert.getBasicConstraints();
if ((pathLen < 0) && (p_len >= 0)) {
// need end-entity but got CA
return false;
}
if ((pathLen > 0) && (pathLen > p_len)) {
// allowed _pathLen is small
return false;
}
}
if (subjectAltNames != null) {
PASSED: try {
byte[] bytes = getExtensionValue(cert, "2.5.29.17");
if (bytes == null) {
return false;
}
List<GeneralName> sans = ((GeneralNames) GeneralNames.ASN1.decode(bytes)).getNames();
if ((sans == null) || (sans.size() == 0)) {
return false;
}
boolean[][] map = new boolean[9][];
// initialize the check map
for (int i = 0; i < 9; i++) {
map[i] = (subjectAltNames[i] == null) ? EmptyArray.BOOLEAN : new boolean[subjectAltNames[i].size()];
}
for (GeneralName name : sans) {
int tag = name.getTag();
for (int i = 0; i < map[tag].length; i++) {
if (subjectAltNames[tag].get(i).equals(name)) {
if (!matchAllNames) {
break PASSED;
}
map[tag][i] = true;
}
}
}
if (!matchAllNames) {
// there was not any match
return false;
}
// else check the map
for (int tag = 0; tag < 9; tag++) {
for (int name = 0; name < map[tag].length; name++) {
if (!map[tag][name]) {
return false;
}
}
}
} catch (IOException e) {
e.printStackTrace();
return false;
}
}
if (nameConstraints != null) {
if (!nameConstraints.isAcceptable(cert)) {
return false;
}
}
if (policies != null) {
byte[] bytes = getExtensionValue(cert, "2.5.29.32");
if (bytes == null) {
return false;
}
if (policies.size() == 0) {
// one policy in it.
return true;
}
PASSED: try {
List<PolicyInformation> policyInformations = ((CertificatePolicies) CertificatePolicies.ASN1.decode(bytes)).getPolicyInformations();
for (PolicyInformation policyInformation : policyInformations) {
if (policies.contains(policyInformation.getPolicyIdentifier())) {
break PASSED;
}
}
return false;
} catch (IOException e) {
// the extension is invalid
return false;
}
}
if (pathToNames != null) {
byte[] bytes = getExtensionValue(cert, "2.5.29.30");
if (bytes != null) {
NameConstraints nameConstraints;
try {
nameConstraints = (NameConstraints) NameConstraints.ASN1.decode(bytes);
} catch (IOException e) {
// the extension is invalid;
return false;
}
if (!nameConstraints.isAcceptable(pathToNames)) {
return false;
}
}
}
return true;
}
Also used :
NameConstraints(org.apache.harmony.security.x509.NameConstraints)
PolicyInformation(org.apache.harmony.security.x509.PolicyInformation)
IOException(java.io.IOException)
SubjectPublicKeyInfo(org.apache.harmony.security.x509.SubjectPublicKeyInfo)
Date(java.util.Date)
AlgorithmIdentifier(org.apache.harmony.security.x509.AlgorithmIdentifier)
ArrayList(java.util.ArrayList)
List(java.util.List)
GeneralName(org.apache.harmony.security.x509.GeneralName)
PrivateKeyUsagePeriod(org.apache.harmony.security.x509.PrivateKeyUsagePeriod)
Example 39 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project robovm by robovm.
the class SubjectPublicKeyInfoTest method test_getPublicKey_NameKnownButOnlyOIDFactoryRegistered.
public void test_getPublicKey_NameKnownButOnlyOIDFactoryRegistered() throws Exception {
Security.addProvider(new MyTestProvider());
try {
AlgorithmIdentifier algid = new AlgorithmIdentifier(MY_TEST_KEY_OID, "UnknownKey");
SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo(algid, ENCODED_BROKEN);
PublicKey pubKey = spki.getPublicKey();
assertNotNull(pubKey);
assertEquals(MyTestPublicKey.class, pubKey.getClass());
byte[] encoded = pubKey.getEncoded();
assertEquals(Arrays.toString(ENCODED_BROKEN), Arrays.toString(Arrays.copyOfRange(encoded, encoded.length - ENCODED_BROKEN.length, encoded.length)));
} finally {
Security.removeProvider(MyTestProvider.NAME);
}
}
Also used :
X509PublicKey(org.apache.harmony.security.x509.X509PublicKey)
PublicKey(java.security.PublicKey)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
SubjectPublicKeyInfo(org.apache.harmony.security.x509.SubjectPublicKeyInfo)
AlgorithmIdentifier(org.apache.harmony.security.x509.AlgorithmIdentifier)
Example 40 with AlgorithmIdentifier
use of com.android.apksig.internal.pkcs7.AlgorithmIdentifier in project robovm by robovm.
the class SubjectPublicKeyInfoTest method test_getPublicKey_Unknown_OID.
public void test_getPublicKey_Unknown_OID() throws Exception {
AlgorithmIdentifier algid = new AlgorithmIdentifier("1.30.9999999999.8734878");
SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo(algid, ENCODED_BROKEN);
PublicKey pubKey = spki.getPublicKey();
assertNotNull(pubKey);
assertEquals(X509PublicKey.class, pubKey.getClass());
}
Also used :
X509PublicKey(org.apache.harmony.security.x509.X509PublicKey)
PublicKey(java.security.PublicKey)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
SubjectPublicKeyInfo(org.apache.harmony.security.x509.SubjectPublicKeyInfo)
AlgorithmIdentifier(org.apache.harmony.security.x509.AlgorithmIdentifier)
Aggregations
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)249
IOException (java.io.IOException)144
AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)140
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)75
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)71
BigInteger (java.math.BigInteger)60
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)55
X500Name (org.bouncycastle.asn1.x500.X500Name)50
X509Certificate (java.security.cert.X509Certificate)44
Date (java.util.Date)43
ContentSigner (org.bouncycastle.operator.ContentSigner)39
DEROctetString (org.bouncycastle.asn1.DEROctetString)38
OutputStream (java.io.OutputStream)37
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)36
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)34
PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)33
BcRSAContentSignerBuilder (org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)33
DefaultDigestAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)31
DefaultSignatureAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)31
DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)28
