Search in sources :

Example 61 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project xipki by xipki.

the class OcspBenchRequestor method init.

public void init(OcspBenchmark responseHandler, String responderUrl, Certificate issuerCert, RequestOptions requestOptions, int queueSize) throws Exception {
    ParamUtil.requireNonNull("issuerCert", issuerCert);
    ParamUtil.requireNonNull("responseHandler", responseHandler);
    this.requestOptions = ParamUtil.requireNonNull("requestOptions", requestOptions);
    HashAlgo hashAlgo = HashAlgo.getInstance(requestOptions.getHashAlgorithmId());
    if (hashAlgo == null) {
        throw new OcspRequestorException("unknown HashAlgo " + requestOptions.getHashAlgorithmId().getId());
    }
    this.issuerhashAlg = hashAlgo.getAlgorithmIdentifier();
    this.issuerNameHash = new DEROctetString(hashAlgo.hash(issuerCert.getSubject().getEncoded()));
    this.issuerKeyHash = new DEROctetString(hashAlgo.hash(issuerCert.getSubjectPublicKeyInfo().getPublicKeyData().getOctets()));
    List<AlgorithmIdentifier> prefSigAlgs = requestOptions.getPreferredSignatureAlgorithms();
    if (prefSigAlgs == null || prefSigAlgs.size() == 0) {
        this.extensions = null;
    } else {
        ASN1EncodableVector vec = new ASN1EncodableVector();
        for (AlgorithmIdentifier algId : prefSigAlgs) {
            ASN1Sequence prefSigAlgObj = new DERSequence(algId);
            vec.add(prefSigAlgObj);
        }
        ASN1Sequence extnValue = new DERSequence(vec);
        Extension extn;
        try {
            extn = new Extension(ObjectIdentifiers.id_pkix_ocsp_prefSigAlgs, false, new DEROctetString(extnValue));
        } catch (IOException ex) {
            throw new OcspRequestorException(ex.getMessage(), ex);
        }
        this.extensions = new Extension[] { extn };
    }
    URI uri = new URI(responderUrl);
    this.responderRawPathPost = uri.getRawPath();
    if (this.responderRawPathPost.endsWith("/")) {
        this.responderRawPathGet = this.responderRawPathPost;
    } else {
        this.responderRawPathGet = this.responderRawPathPost + "/";
    }
    this.httpClient = new HttpClient(responderUrl, responseHandler, queueSize);
    this.httpClient.start();
}
Also used : OcspRequestorException(org.xipki.ocsp.client.api.OcspRequestorException) Extension(org.bouncycastle.asn1.x509.Extension) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERSequence(org.bouncycastle.asn1.DERSequence) HashAlgo(org.xipki.security.HashAlgo) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) IOException(java.io.IOException) URI(java.net.URI) DEROctetString(org.bouncycastle.asn1.DEROctetString) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 62 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project xipki by xipki.

the class RequestOptions method createPSSRSAParams.

// method createAlgId
// CHECKSTYLE:SKIP
public static RSASSAPSSparams createPSSRSAParams(ASN1ObjectIdentifier digestAlgOid) {
    int saltSize;
    if (X509ObjectIdentifiers.id_SHA1.equals(digestAlgOid)) {
        saltSize = 20;
    } else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOid)) {
        saltSize = 28;
    } else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOid)) {
        saltSize = 32;
    } else if (NISTObjectIdentifiers.id_sha384.equals(digestAlgOid)) {
        saltSize = 48;
    } else if (NISTObjectIdentifiers.id_sha512.equals(digestAlgOid)) {
        saltSize = 64;
    } else {
        throw new RuntimeException("unknown digest algorithm " + digestAlgOid);
    }
    AlgorithmIdentifier digAlgId = new AlgorithmIdentifier(digestAlgOid, DERNull.INSTANCE);
    return new RSASSAPSSparams(digAlgId, new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, digAlgId), new ASN1Integer(saltSize), RSASSAPSSparams.DEFAULT_TRAILER_FIELD);
}
Also used : RSASSAPSSparams(org.bouncycastle.asn1.pkcs.RSASSAPSSparams) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 63 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project xipki by xipki.

the class RequestOptions method createAlgId.

private static AlgorithmIdentifier createAlgId(String algoName) {
    algoName = algoName.toUpperCase();
    ASN1ObjectIdentifier algOid = null;
    if ("SHA1WITHRSA".equals(algoName)) {
        algOid = PKCSObjectIdentifiers.sha1WithRSAEncryption;
    } else if ("SHA256WITHRSA".equals(algoName)) {
        algOid = PKCSObjectIdentifiers.sha256WithRSAEncryption;
    } else if ("SHA384WITHRSA".equals(algoName)) {
        algOid = PKCSObjectIdentifiers.sha384WithRSAEncryption;
    } else if ("SHA512WITHRSA".equals(algoName)) {
        algOid = PKCSObjectIdentifiers.sha512WithRSAEncryption;
    } else if ("SHA1WITHECDSA".equals(algoName)) {
        algOid = X9ObjectIdentifiers.ecdsa_with_SHA1;
    } else if ("SHA256WITHECDSA".equals(algoName)) {
        algOid = X9ObjectIdentifiers.ecdsa_with_SHA256;
    } else if ("SHA384WITHECDSA".equals(algoName)) {
        algOid = X9ObjectIdentifiers.ecdsa_with_SHA384;
    } else if ("SHA512WITHECDSA".equals(algoName)) {
        algOid = X9ObjectIdentifiers.ecdsa_with_SHA512;
    } else if ("SHA1WITHRSAANDMGF1".equals(algoName) || "SHA256WITHRSAANDMGF1".equals(algoName) || "SHA384WITHRSAANDMGF1".equals(algoName) || "SHA512WITHRSAANDMGF1".equals(algoName)) {
        algOid = PKCSObjectIdentifiers.id_RSASSA_PSS;
    } else {
        // should not happen
        throw new RuntimeException("Unsupported algorithm " + algoName);
    }
    ASN1Encodable params;
    if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algOid)) {
        ASN1ObjectIdentifier digestAlgOid = null;
        if ("SHA1WITHRSAANDMGF1".equals(algoName)) {
            digestAlgOid = X509ObjectIdentifiers.id_SHA1;
        } else if ("SHA256WITHRSAANDMGF1".equals(algoName)) {
            digestAlgOid = NISTObjectIdentifiers.id_sha256;
        } else if ("SHA384WITHRSAANDMGF1".equals(algoName)) {
            digestAlgOid = NISTObjectIdentifiers.id_sha384;
        } else {
            // if ("SHA512WITHRSAANDMGF1".equals(algoName))
            digestAlgOid = NISTObjectIdentifiers.id_sha512;
        }
        params = createPSSRSAParams(digestAlgOid);
    } else {
        params = DERNull.INSTANCE;
    }
    return new AlgorithmIdentifier(algOid, params);
}
Also used : ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 64 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project xipki by xipki.

the class CmpResponder method verifyProtection.

private ProtectionVerificationResult verifyProtection(String tid, GeneralPKIMessage pkiMessage, CmpControl cmpControl) throws CMPException, InvalidKeyException, OperatorCreationException {
    ProtectedPKIMessage protectedMsg = new ProtectedPKIMessage(pkiMessage);
    if (protectedMsg.hasPasswordBasedMacProtection()) {
        LOG.warn("NOT_SIGNAUTRE_BASED: {}", pkiMessage.getHeader().getProtectionAlg().getAlgorithm().getId());
        return new ProtectionVerificationResult(null, ProtectionResult.NOT_SIGNATURE_BASED);
    }
    PKIHeader header = protectedMsg.getHeader();
    AlgorithmIdentifier protectionAlg = header.getProtectionAlg();
    if (!cmpControl.getSigAlgoValidator().isAlgorithmPermitted(protectionAlg)) {
        LOG.warn("SIG_ALGO_FORBIDDEN: {}", pkiMessage.getHeader().getProtectionAlg().getAlgorithm().getId());
        return new ProtectionVerificationResult(null, ProtectionResult.SIGALGO_FORBIDDEN);
    }
    CmpRequestorInfo requestor = getRequestor(header);
    if (requestor == null) {
        LOG.warn("tid={}: not authorized requestor '{}'", tid, header.getSender());
        return new ProtectionVerificationResult(null, ProtectionResult.SENDER_NOT_AUTHORIZED);
    }
    ContentVerifierProvider verifierProvider = securityFactory.getContentVerifierProvider(requestor.getCert().getCert());
    if (verifierProvider == null) {
        LOG.warn("tid={}: not authorized requestor '{}'", tid, header.getSender());
        return new ProtectionVerificationResult(requestor, ProtectionResult.SENDER_NOT_AUTHORIZED);
    }
    boolean signatureValid = protectedMsg.verify(verifierProvider);
    return new ProtectionVerificationResult(requestor, signatureValid ? ProtectionResult.VALID : ProtectionResult.INVALID);
}
Also used : PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader) ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) ProtectionVerificationResult(org.xipki.cmp.ProtectionVerificationResult) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) ContentVerifierProvider(org.bouncycastle.operator.ContentVerifierProvider)

Example 65 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project xipki by xipki.

the class P11ProviderTestCmd method getSignatureAlgo.

private String getSignatureAlgo(PublicKey pubKey) throws NoSuchAlgorithmException {
    SignatureAlgoControl algoControl = new SignatureAlgoControl(rsaMgf1, dsaPlain, gm);
    AlgorithmIdentifier sigAlgId = AlgorithmUtil.getSigAlgId(pubKey, HashAlgo.getNonNullInstance(hashAlgo), algoControl);
    return AlgorithmUtil.getSignatureAlgoName(sigAlgId);
}
Also used : SignatureAlgoControl(org.xipki.security.SignatureAlgoControl) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Aggregations

AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)249 IOException (java.io.IOException)157 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)140 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)79 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)72 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)65 BigInteger (java.math.BigInteger)62 X500Name (org.bouncycastle.asn1.x500.X500Name)52 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)47 Date (java.util.Date)47 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)45 X509Certificate (java.security.cert.X509Certificate)45 ContentSigner (org.bouncycastle.operator.ContentSigner)40 DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)39 OutputStream (java.io.OutputStream)39 DERSequence (com.github.zhenwei.core.asn1.DERSequence)38 GeneralSecurityException (java.security.GeneralSecurityException)37 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)35 Cipher (javax.crypto.Cipher)33 PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)33