Search in sources :

Example 41 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class JcaContentSignerBuilder method build.

public ContentSigner build(PrivateKey privateKey) throws OperatorCreationException {
    if (privateKey instanceof CompositePrivateKey) {
        return buildComposite((CompositePrivateKey) privateKey);
    }
    try {
        final Signature sig = helper.createSignature(sigAlgId);
        final AlgorithmIdentifier signatureAlgId = sigAlgId;
        if (random != null) {
            sig.initSign(privateKey, random);
        } else {
            sig.initSign(privateKey);
        }
        return new ContentSigner() {

            private OutputStream stream = OutputStreamFactory.createStream(sig);

            public AlgorithmIdentifier getAlgorithmIdentifier() {
                return signatureAlgId;
            }

            public OutputStream getOutputStream() {
                return stream;
            }

            public byte[] getSignature() {
                try {
                    return sig.sign();
                } catch (SignatureException e) {
                    throw new RuntimeOperatorException("exception obtaining signature: " + e.getMessage(), e);
                }
            }
        };
    } catch (GeneralSecurityException e) {
        throw new OperatorCreationException("cannot create signer: " + e.getMessage(), e);
    }
}
Also used : RuntimeOperatorException(com.github.zhenwei.pkix.operator.RuntimeOperatorException) Signature(java.security.Signature) TeeOutputStream(com.github.zhenwei.core.util.io.TeeOutputStream) OutputStream(java.io.OutputStream) GeneralSecurityException(java.security.GeneralSecurityException) ContentSigner(com.github.zhenwei.pkix.operator.ContentSigner) CompositePrivateKey(com.github.zhenwei.provider.jcajce.CompositePrivateKey) SignatureException(java.security.SignatureException) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)

Example 42 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class JcaContentSignerBuilder method buildComposite.

private ContentSigner buildComposite(CompositePrivateKey privateKey) throws OperatorCreationException {
    try {
        List<PrivateKey> privateKeys = privateKey.getPrivateKeys();
        final ASN1Sequence sigAlgIds = ASN1Sequence.getInstance(sigAlgId.getParameters());
        final Signature[] sigs = new Signature[sigAlgIds.size()];
        for (int i = 0; i != sigAlgIds.size(); i++) {
            sigs[i] = helper.createSignature(AlgorithmIdentifier.getInstance(sigAlgIds.getObjectAt(i)));
            if (random != null) {
                sigs[i].initSign(privateKeys.get(i), random);
            } else {
                sigs[i].initSign(privateKeys.get(i));
            }
        }
        OutputStream sStream = OutputStreamFactory.createStream(sigs[0]);
        for (int i = 1; i != sigs.length; i++) {
            sStream = new TeeOutputStream(sStream, OutputStreamFactory.createStream(sigs[i]));
        }
        final OutputStream sigStream = sStream;
        return new ContentSigner() {

            OutputStream stream = sigStream;

            public AlgorithmIdentifier getAlgorithmIdentifier() {
                return sigAlgId;
            }

            public OutputStream getOutputStream() {
                return stream;
            }

            public byte[] getSignature() {
                try {
                    ASN1EncodableVector sigV = new ASN1EncodableVector();
                    for (int i = 0; i != sigs.length; i++) {
                        sigV.add(new DERBitString(sigs[i].sign()));
                    }
                    return new DERSequence(sigV).getEncoded(ASN1Encoding.DER);
                } catch (IOException e) {
                    throw new RuntimeOperatorException("exception encoding signature: " + e.getMessage(), e);
                } catch (SignatureException e) {
                    throw new RuntimeOperatorException("exception obtaining signature: " + e.getMessage(), e);
                }
            }
        };
    } catch (GeneralSecurityException e) {
        throw new OperatorCreationException("cannot create signer: " + e.getMessage(), e);
    }
}
Also used : TeeOutputStream(com.github.zhenwei.core.util.io.TeeOutputStream) PrivateKey(java.security.PrivateKey) CompositePrivateKey(com.github.zhenwei.provider.jcajce.CompositePrivateKey) TeeOutputStream(com.github.zhenwei.core.util.io.TeeOutputStream) OutputStream(java.io.OutputStream) GeneralSecurityException(java.security.GeneralSecurityException) ContentSigner(com.github.zhenwei.pkix.operator.ContentSigner) DERBitString(com.github.zhenwei.core.asn1.DERBitString) IOException(java.io.IOException) SignatureException(java.security.SignatureException) ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence) DERSequence(com.github.zhenwei.core.asn1.DERSequence) RuntimeOperatorException(com.github.zhenwei.pkix.operator.RuntimeOperatorException) Signature(java.security.Signature) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)

Example 43 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class JcaContentVerifierProviderBuilder method build.

public ContentVerifierProvider build(final PublicKey publicKey) throws OperatorCreationException {
    return new ContentVerifierProvider() {

        public boolean hasAssociatedCertificate() {
            return false;
        }

        public X509CertificateHolder getAssociatedCertificate() {
            return null;
        }

        public ContentVerifier get(AlgorithmIdentifier algorithm) throws OperatorCreationException {
            if (algorithm.getAlgorithm().equals(MiscObjectIdentifiers.id_alg_composite)) {
                return createCompositeVerifier(algorithm, publicKey);
            }
            if (publicKey instanceof CompositePublicKey) {
                List<PublicKey> keys = ((CompositePublicKey) publicKey).getPublicKeys();
                for (int i = 0; i != keys.size(); i++) {
                    try {
                        Signature sig = createSignature(algorithm, (PublicKey) keys.get(i));
                        Signature rawSig = createRawSig(algorithm, (PublicKey) keys.get(i));
                        if (rawSig != null) {
                            return new RawSigVerifier(algorithm, sig, rawSig);
                        } else {
                            return new SigVerifier(algorithm, sig);
                        }
                    } catch (OperatorCreationException e) {
                    // skip incorrect keys
                    }
                }
                throw new OperatorCreationException("no matching algorithm found for key");
            } else {
                Signature sig = createSignature(algorithm, publicKey);
                Signature rawSig = createRawSig(algorithm, publicKey);
                if (rawSig != null) {
                    return new RawSigVerifier(algorithm, sig, rawSig);
                } else {
                    return new SigVerifier(algorithm, sig);
                }
            }
        }
    };
}
Also used : CompositePublicKey(com.github.zhenwei.provider.jcajce.CompositePublicKey) CompositePublicKey(com.github.zhenwei.provider.jcajce.CompositePublicKey) PublicKey(java.security.PublicKey) Signature(java.security.Signature) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) ContentVerifierProvider(com.github.zhenwei.pkix.operator.ContentVerifierProvider) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)

Example 44 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class TSPUtil method getSignatureTimestamps.

/**
 * Fetches the signature time-stamp attributes from a SignerInformation object. Checks that the
 * MessageImprint for each time-stamp matches the signature field. (see RFC 3161 Appendix A).
 *
 * @param signerInfo      a SignerInformation to search for time-stamps
 * @param digCalcProvider provider for digest calculators
 * @return a collection of TimeStampToken objects
 * @throws TSPValidationException
 */
public static Collection getSignatureTimestamps(SignerInformation signerInfo, DigestCalculatorProvider digCalcProvider) throws TSPValidationException {
    List timestamps = new ArrayList();
    AttributeTable unsignedAttrs = signerInfo.getUnsignedAttributes();
    if (unsignedAttrs != null) {
        ASN1EncodableVector allTSAttrs = unsignedAttrs.getAll(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken);
        for (int i = 0; i < allTSAttrs.size(); ++i) {
            Attribute tsAttr = (Attribute) allTSAttrs.get(i);
            ASN1Set tsAttrValues = tsAttr.getAttrValues();
            for (int j = 0; j < tsAttrValues.size(); ++j) {
                try {
                    ContentInfo contentInfo = ContentInfo.getInstance(tsAttrValues.getObjectAt(j));
                    TimeStampToken timeStampToken = new TimeStampToken(contentInfo);
                    TimeStampTokenInfo tstInfo = timeStampToken.getTimeStampInfo();
                    DigestCalculator digCalc = digCalcProvider.get(tstInfo.getHashAlgorithm());
                    OutputStream dOut = digCalc.getOutputStream();
                    dOut.write(signerInfo.getSignature());
                    dOut.close();
                    byte[] expectedDigest = digCalc.getDigest();
                    if (!Arrays.constantTimeAreEqual(expectedDigest, tstInfo.getMessageImprintDigest())) {
                        throw new TSPValidationException("Incorrect digest in message imprint");
                    }
                    timestamps.add(timeStampToken);
                } catch (OperatorCreationException e) {
                    throw new TSPValidationException("Unknown hash algorithm specified in timestamp");
                } catch (Exception e) {
                    throw new TSPValidationException("Timestamp could not be parsed");
                }
            }
        }
    }
    return timestamps;
}
Also used : Attribute(com.github.zhenwei.pkix.util.asn1.cms.Attribute) OutputStream(java.io.OutputStream) ArrayList(java.util.ArrayList) AttributeTable(com.github.zhenwei.pkix.util.asn1.cms.AttributeTable) DigestCalculator(com.github.zhenwei.pkix.operator.DigestCalculator) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) IOException(java.io.IOException) ASN1Set(com.github.zhenwei.core.asn1.ASN1Set) ContentInfo(com.github.zhenwei.pkix.util.asn1.cms.ContentInfo) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) ArrayList(java.util.ArrayList) List(java.util.List) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)

Example 45 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class CertificateBase method getInstance.

public static CertificateBase getInstance(Object o) {
    if (o instanceof CertificateBase) {
        return (CertificateBase) o;
    }
    ASN1Sequence seq = ASN1Sequence.getInstance(o);
    ASN1Integer version = ASN1Integer.getInstance(seq.getObjectAt(0));
    CertificateType type = CertificateType.getInstance(seq.getObjectAt(1));
    IssuerIdentifier issuerIdentifier = IssuerIdentifier.getInstance(seq.getObjectAt(2));
    ToBeSignedCertificate cert = ToBeSignedCertificate.getInstance(seq.getObjectAt(3));
    Signature signature = OEROptional.getValue(Signature.class, seq.getObjectAt(4));
    return new Builder().setVersion(version).setType(type).setIssuer(issuerIdentifier).setToBeSignedCertificate(cert).setSignature(signature).createCertificateBase();
}
Also used : ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence) ASN1Integer(com.github.zhenwei.core.asn1.ASN1Integer)

Aggregations

IOException (java.io.IOException)44 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)34 DERSequence (com.github.zhenwei.core.asn1.DERSequence)29 DERBitString (com.github.zhenwei.core.asn1.DERBitString)21 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)20 OutputStream (java.io.OutputStream)20 SignatureException (java.security.SignatureException)20 GeneralSecurityException (java.security.GeneralSecurityException)15 Signature (java.security.Signature)15 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)14 DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)14 InvalidKeyException (java.security.InvalidKeyException)13 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)13 Iterator (java.util.Iterator)13 OperatorCreationException (com.github.zhenwei.pkix.operator.OperatorCreationException)11 CertificateEncodingException (java.security.cert.CertificateEncodingException)11 NoSuchProviderException (java.security.NoSuchProviderException)10 ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)9 ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)9 List (java.util.List)9