Search in sources :

Example 56 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class JcaContentVerifierProviderBuilder method createCompositeVerifier.

private ContentVerifier createCompositeVerifier(AlgorithmIdentifier compAlgId, PublicKey publicKey) throws OperatorCreationException {
    if (publicKey instanceof CompositePublicKey) {
        List<PublicKey> pubKeys = ((CompositePublicKey) publicKey).getPublicKeys();
        ASN1Sequence keySeq = ASN1Sequence.getInstance(compAlgId.getParameters());
        Signature[] sigs = new Signature[keySeq.size()];
        for (int i = 0; i != keySeq.size(); i++) {
            AlgorithmIdentifier sigAlg = AlgorithmIdentifier.getInstance(keySeq.getObjectAt(i));
            if (pubKeys.get(i) != null) {
                sigs[i] = createSignature(sigAlg, (PublicKey) pubKeys.get(i));
            } else {
                sigs[i] = null;
            }
        }
        return new CompositeVerifier(sigs);
    } else {
        ASN1Sequence keySeq = ASN1Sequence.getInstance(compAlgId.getParameters());
        Signature[] sigs = new Signature[keySeq.size()];
        for (int i = 0; i != keySeq.size(); i++) {
            AlgorithmIdentifier sigAlg = AlgorithmIdentifier.getInstance(keySeq.getObjectAt(i));
            try {
                sigs[i] = createSignature(sigAlg, publicKey);
            } catch (Exception e) {
                sigs[i] = null;
            // continue
            }
        }
        return new CompositeVerifier(sigs);
    }
}
Also used : CompositePublicKey(com.github.zhenwei.provider.jcajce.CompositePublicKey) ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence) CompositePublicKey(com.github.zhenwei.provider.jcajce.CompositePublicKey) PublicKey(java.security.PublicKey) Signature(java.security.Signature) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) GeneralSecurityException(java.security.GeneralSecurityException) RuntimeOperatorException(com.github.zhenwei.pkix.operator.RuntimeOperatorException) SignatureException(java.security.SignatureException) CertificateException(java.security.cert.CertificateException) CertificateEncodingException(java.security.cert.CertificateEncodingException) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)

Example 57 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class PKCS10CertificationRequestBuilder method build.

/**
 * Generate an PKCS#10 request based on the past in signer.
 *
 * @param signer the content signer to be used to generate the signature validating the
 *               certificate.
 * @return a holder containing the resulting PKCS#10 certification request.
 */
public PKCS10CertificationRequest build(ContentSigner signer) {
    CertificationRequestInfo info;
    if (attributes.isEmpty()) {
        if (leaveOffEmpty) {
            info = new CertificationRequestInfo(subject, publicKeyInfo, null);
        } else {
            info = new CertificationRequestInfo(subject, publicKeyInfo, new DERSet());
        }
    } else {
        ASN1EncodableVector v = new ASN1EncodableVector();
        for (Iterator it = attributes.iterator(); it.hasNext(); ) {
            v.add(Attribute.getInstance(it.next()));
        }
        info = new CertificationRequestInfo(subject, publicKeyInfo, new DERSet(v));
    }
    try {
        OutputStream sOut = signer.getOutputStream();
        sOut.write(info.getEncoded(ASN1Encoding.DER));
        sOut.close();
        return new PKCS10CertificationRequest(new CertificationRequest(info, signer.getAlgorithmIdentifier(), new DERBitString(signer.getSignature())));
    } catch (IOException e) {
        throw new IllegalStateException("cannot produce certification request signature");
    }
}
Also used : CertificationRequestInfo(com.github.zhenwei.core.asn1.pkcs.CertificationRequestInfo) OutputStream(java.io.OutputStream) Iterator(java.util.Iterator) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) DERBitString(com.github.zhenwei.core.asn1.DERBitString) IOException(java.io.IOException) DERSet(com.github.zhenwei.core.asn1.DERSet) CertificationRequest(com.github.zhenwei.core.asn1.pkcs.CertificationRequest)

Example 58 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class DefaultSignatureAlgorithmIdentifierFinder method generate.

private static AlgorithmIdentifier generate(String signatureAlgorithm) {
    AlgorithmIdentifier sigAlgId;
    String algorithmName = Strings.toUpperCase(signatureAlgorithm);
    ASN1ObjectIdentifier sigOID = (ASN1ObjectIdentifier) algorithms.get(algorithmName);
    if (sigOID == null) {
        throw new IllegalArgumentException("Unknown signature type requested: " + algorithmName);
    }
    if (noParams.contains(sigOID)) {
        sigAlgId = new AlgorithmIdentifier(sigOID);
    } else if (params.containsKey(algorithmName)) {
        sigAlgId = new AlgorithmIdentifier(sigOID, (ASN1Encodable) params.get(algorithmName));
    } else {
        sigAlgId = new AlgorithmIdentifier(sigOID, DERNull.INSTANCE);
    }
    return sigAlgId;
}
Also used : ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)

Example 59 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class DefaultSignatureNameFinder method getAlgorithmName.

/**
 * Return the signature name for the passed in algorithm identifier. For signatures that require
 * parameters, like RSASSA-PSS, this is the best one to use.
 *
 * @param algorithmIdentifier the AlgorithmIdentifier of interest.
 * @return a string representation of the name.
 */
public String getAlgorithmName(AlgorithmIdentifier algorithmIdentifier) {
    ASN1Encodable params = algorithmIdentifier.getParameters();
    if (params != null && !DERNull.INSTANCE.equals(params)) {
        if (algorithmIdentifier.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) {
            RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params);
            AlgorithmIdentifier mgfAlg = rsaParams.getMaskGenAlgorithm();
            if (mgfAlg.getAlgorithm().equals(PKCSObjectIdentifiers.id_mgf1)) {
                AlgorithmIdentifier digAlg = rsaParams.getHashAlgorithm();
                ASN1ObjectIdentifier mgfHashOid = AlgorithmIdentifier.getInstance(mgfAlg.getParameters()).getAlgorithm();
                if (mgfHashOid.equals(digAlg.getAlgorithm())) {
                    return getDigestName(digAlg.getAlgorithm()) + "WITHRSAANDMGF1";
                } else {
                    return getDigestName(digAlg.getAlgorithm()) + "WITHRSAANDMGF1USING" + getDigestName(mgfHashOid);
                }
            }
            return getDigestName(rsaParams.getHashAlgorithm().getAlgorithm()) + "WITHRSAAND" + mgfAlg.getAlgorithm().getId();
        }
    }
    if (oids.containsKey(algorithmIdentifier.getAlgorithm())) {
        return (String) oids.get(algorithmIdentifier.getAlgorithm());
    }
    return algorithmIdentifier.getAlgorithm().getId();
}
Also used : RSASSAPSSparams(com.github.zhenwei.core.asn1.pkcs.RSASSAPSSparams) ASN1Encodable(com.github.zhenwei.core.asn1.ASN1Encodable) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)

Example 60 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class TimeStampToken method validate.

/**
 * Validate the time stamp token.
 * <p>
 * To be valid the token must be signed by the passed in certificate and the certificate must be
 * the one referred to by the SigningCertificate attribute included in the hashed attributes of
 * the token. The certificate must also have the ExtendedKeyUsageExtension with only
 * KeyPurposeId.id_kp_timeStamping and have been valid at the time the timestamp was created.
 * </p>
 * <p>
 * A successful call to validate means all the above are true.
 * </p>
 *
 * @param sigVerifier the content verifier create the objects required to verify the CMS object in
 *                    the timestamp.
 * @throws TSPException             if an exception occurs in processing the token.
 * @throws TSPValidationException   if the certificate or signature fail to be valid.
 * @throws IllegalArgumentException if the sigVerifierProvider has no associated certificate.
 */
public void validate(SignerInformationVerifier sigVerifier) throws TSPException, TSPValidationException {
    if (!sigVerifier.hasAssociatedCertificate()) {
        throw new IllegalArgumentException("verifier provider needs an associated certificate");
    }
    try {
        X509CertificateHolder certHolder = sigVerifier.getAssociatedCertificate();
        DigestCalculator calc = sigVerifier.getDigestCalculator(certID.getHashAlgorithm());
        OutputStream cOut = calc.getOutputStream();
        cOut.write(certHolder.getEncoded());
        cOut.close();
        if (!Arrays.constantTimeAreEqual(certID.getCertHash(), calc.getDigest())) {
            throw new TSPValidationException("certificate hash does not match certID hash.");
        }
        if (certID.getIssuerSerial() != null) {
            IssuerAndSerialNumber issuerSerial = new IssuerAndSerialNumber(certHolder.toASN1Structure());
            if (!certID.getIssuerSerial().getSerial().equals(issuerSerial.getSerialNumber())) {
                throw new TSPValidationException("certificate serial number does not match certID for signature.");
            }
            GeneralName[] names = certID.getIssuerSerial().getIssuer().getNames();
            boolean found = false;
            for (int i = 0; i != names.length; i++) {
                if (names[i].getTagNo() == 4 && X500Name.getInstance(names[i].getName()).equals(X500Name.getInstance(issuerSerial.getName()))) {
                    found = true;
                    break;
                }
            }
            if (!found) {
                throw new TSPValidationException("certificate name does not match certID for signature. ");
            }
        }
        TSPUtil.validateCertificate(certHolder);
        if (!certHolder.isValidOn(tstInfo.getGenTime())) {
            throw new TSPValidationException("certificate not valid when time stamp created.");
        }
        if (!tsaSignerInfo.verify(sigVerifier)) {
            throw new TSPValidationException("signature not created by certificate.");
        }
    } catch (CMSException e) {
        if (e.getUnderlyingException() != null) {
            throw new TSPException(e.getMessage(), e.getUnderlyingException());
        } else {
            throw new TSPException("CMS exception: " + e, e);
        }
    } catch (IOException e) {
        throw new TSPException("problem processing certificate: " + e, e);
    } catch (OperatorCreationException e) {
        throw new TSPException("unable to create digest: " + e.getMessage(), e);
    }
}
Also used : IssuerAndSerialNumber(com.github.zhenwei.pkix.util.asn1.cms.IssuerAndSerialNumber) ByteArrayOutputStream(java.io.ByteArrayOutputStream) OutputStream(java.io.OutputStream) DigestCalculator(com.github.zhenwei.pkix.operator.DigestCalculator) IOException(java.io.IOException) X509CertificateHolder(com.github.zhenwei.pkix.cert.X509CertificateHolder) GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) CMSException(com.github.zhenwei.pkix.cms.CMSException)

Aggregations

IOException (java.io.IOException)44 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)34 DERSequence (com.github.zhenwei.core.asn1.DERSequence)29 DERBitString (com.github.zhenwei.core.asn1.DERBitString)21 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)20 OutputStream (java.io.OutputStream)20 SignatureException (java.security.SignatureException)20 GeneralSecurityException (java.security.GeneralSecurityException)15 Signature (java.security.Signature)15 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)14 DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)14 InvalidKeyException (java.security.InvalidKeyException)13 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)13 Iterator (java.util.Iterator)13 OperatorCreationException (com.github.zhenwei.pkix.operator.OperatorCreationException)11 CertificateEncodingException (java.security.cert.CertificateEncodingException)11 NoSuchProviderException (java.security.NoSuchProviderException)10 ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)9 ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)9 List (java.util.List)9