use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project jmulticard by ctt-gob-es.
the class JcaContentVerifierProviderBuilder method build.
public ContentVerifierProvider build(final X509Certificate certificate) throws OperatorCreationException {
final X509CertificateHolder certHolder;
try {
certHolder = new JcaX509CertificateHolder(certificate);
} catch (CertificateEncodingException e) {
throw new OperatorCreationException("cannot process certificate: " + e.getMessage(), e);
}
return new ContentVerifierProvider() {
public boolean hasAssociatedCertificate() {
return true;
}
public X509CertificateHolder getAssociatedCertificate() {
return certHolder;
}
public ContentVerifier get(AlgorithmIdentifier algorithm) throws OperatorCreationException {
if (algorithm.getAlgorithm().equals(MiscObjectIdentifiers.id_alg_composite)) {
return createCompositeVerifier(algorithm, certificate.getPublicKey());
} else {
Signature sig;
try {
sig = helper.createSignature(algorithm);
sig.initVerify(certificate.getPublicKey());
} catch (GeneralSecurityException e) {
throw new OperatorCreationException("exception on setup: " + e, e);
}
Signature rawSig = createRawSig(algorithm, certificate.getPublicKey());
if (rawSig != null) {
return new RawSigVerifier(algorithm, sig, rawSig);
} else {
return new SigVerifier(algorithm, sig);
}
}
}
};
}
use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project jmulticard by ctt-gob-es.
the class JcaContentVerifierProviderBuilder method createCompositeVerifier.
private ContentVerifier createCompositeVerifier(AlgorithmIdentifier compAlgId, PublicKey publicKey) throws OperatorCreationException {
if (publicKey instanceof CompositePublicKey) {
List<PublicKey> pubKeys = ((CompositePublicKey) publicKey).getPublicKeys();
ASN1Sequence keySeq = ASN1Sequence.getInstance(compAlgId.getParameters());
Signature[] sigs = new Signature[keySeq.size()];
for (int i = 0; i != keySeq.size(); i++) {
AlgorithmIdentifier sigAlg = AlgorithmIdentifier.getInstance(keySeq.getObjectAt(i));
if (pubKeys.get(i) != null) {
sigs[i] = createSignature(sigAlg, (PublicKey) pubKeys.get(i));
} else {
sigs[i] = null;
}
}
return new CompositeVerifier(sigs);
} else {
ASN1Sequence keySeq = ASN1Sequence.getInstance(compAlgId.getParameters());
Signature[] sigs = new Signature[keySeq.size()];
for (int i = 0; i != keySeq.size(); i++) {
AlgorithmIdentifier sigAlg = AlgorithmIdentifier.getInstance(keySeq.getObjectAt(i));
try {
sigs[i] = createSignature(sigAlg, publicKey);
} catch (Exception e) {
sigs[i] = null;
// continue
}
}
return new CompositeVerifier(sigs);
}
}
use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project jmulticard by ctt-gob-es.
the class DefaultDigestAlgorithmIdentifierFinder method addDigestAlgId.
private static void addDigestAlgId(ASN1ObjectIdentifier oid, boolean withNullParams) {
AlgorithmIdentifier algId;
if (withNullParams) {
algId = new AlgorithmIdentifier(oid, DERNull.INSTANCE);
} else {
algId = new AlgorithmIdentifier(oid);
}
digestOidToAlgIds.put(oid, algId);
}
use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project jmulticard by ctt-gob-es.
the class DefaultSignatureNameFinder method getAlgorithmName.
/**
* Return the signature name for the passed in algorithm identifier. For signatures
* that require parameters, like RSASSA-PSS, this is the best one to use.
*
* @param algorithmIdentifier the AlgorithmIdentifier of interest.
* @return a string representation of the name.
*/
public String getAlgorithmName(AlgorithmIdentifier algorithmIdentifier) {
ASN1Encodable params = algorithmIdentifier.getParameters();
if (params != null && !DERNull.INSTANCE.equals(params)) {
if (algorithmIdentifier.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) {
RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params);
AlgorithmIdentifier mgfAlg = rsaParams.getMaskGenAlgorithm();
if (mgfAlg.getAlgorithm().equals(PKCSObjectIdentifiers.id_mgf1)) {
AlgorithmIdentifier digAlg = rsaParams.getHashAlgorithm();
ASN1ObjectIdentifier mgfHashOid = AlgorithmIdentifier.getInstance(mgfAlg.getParameters()).getAlgorithm();
if (mgfHashOid.equals(digAlg.getAlgorithm())) {
return getDigestName(digAlg.getAlgorithm()) + "WITHRSAANDMGF1";
} else {
return getDigestName(digAlg.getAlgorithm()) + "WITHRSAANDMGF1USING" + getDigestName(mgfHashOid);
}
}
return getDigestName(rsaParams.getHashAlgorithm().getAlgorithm()) + "WITHRSAAND" + mgfAlg.getAlgorithm().getId();
}
}
if (oids.containsKey(algorithmIdentifier.getAlgorithm())) {
return (String) oids.get(algorithmIdentifier.getAlgorithm());
}
return algorithmIdentifier.getAlgorithm().getId();
}
use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project jmulticard by ctt-gob-es.
the class SignerInformation method doVerify.
private boolean doVerify(SignerInformationVerifier verifier) throws CMSException {
String encName = CMSSignedHelper.INSTANCE.getEncryptionAlgName(this.getEncryptionAlgOID());
ContentVerifier contentVerifier;
try {
contentVerifier = verifier.getContentVerifier(encryptionAlgorithm, info.getDigestAlgorithm());
} catch (OperatorCreationException e) {
throw new CMSException("can't create content verifier: " + e.getMessage(), e);
}
try {
OutputStream sigOut = contentVerifier.getOutputStream();
if (resultDigest == null) {
DigestCalculator calc = verifier.getDigestCalculator(this.getDigestAlgorithmID());
if (content != null) {
OutputStream digOut = calc.getOutputStream();
if (signedAttributeSet == null) {
if (contentVerifier instanceof RawContentVerifier) {
content.write(digOut);
} else {
OutputStream cOut = new TeeOutputStream(digOut, sigOut);
content.write(cOut);
cOut.close();
}
} else {
content.write(digOut);
sigOut.write(this.getEncodedSignedAttributes());
}
digOut.close();
} else if (signedAttributeSet != null) {
sigOut.write(this.getEncodedSignedAttributes());
} else {
// TODO Get rid of this exception and just treat content==null as empty not missing?
throw new CMSException("data not encapsulated in signature - use detached constructor.");
}
resultDigest = calc.getDigest();
} else {
if (signedAttributeSet == null) {
if (content != null) {
content.write(sigOut);
}
} else {
sigOut.write(this.getEncodedSignedAttributes());
}
}
sigOut.close();
} catch (IOException e) {
throw new CMSException("can't process mime object to create signature.", e);
} catch (OperatorCreationException e) {
throw new CMSException("can't create digest calculator: " + e.getMessage(), e);
}
// RFC 3852 11.1 Check the content-type attribute is correct
verifyContentTypeAttributeValue();
AttributeTable signedAttrTable = this.getSignedAttributes();
// RFC 6211 Validate Algorithm Identifier protection attribute if present
verifyAlgorithmIdentifierProtectionAttribute(signedAttrTable);
// RFC 3852 11.2 Check the message-digest attribute is correct
verifyMessageDigestAttribute();
// RFC 3852 11.4 Validate countersignature attribute(s)
verifyCounterSignatureAttribute(signedAttrTable);
try {
if (signedAttributeSet == null && resultDigest != null) {
if (contentVerifier instanceof RawContentVerifier) {
RawContentVerifier rawVerifier = (RawContentVerifier) contentVerifier;
if (encName.equals("RSA")) {
DigestInfo digInfo = new DigestInfo(new AlgorithmIdentifier(digestAlgorithm.getAlgorithm(), DERNull.INSTANCE), resultDigest);
return rawVerifier.verify(digInfo.getEncoded(ASN1Encoding.DER), this.getSignature());
}
return rawVerifier.verify(resultDigest, this.getSignature());
}
}
return contentVerifier.verify(this.getSignature());
} catch (IOException e) {
throw new CMSException("can't process mime object to create signature.", e);
}
}
Aggregations