Search in sources :

Example 86 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project jmulticard by ctt-gob-es.

the class JcaContentVerifierProviderBuilder method build.

public ContentVerifierProvider build(final X509Certificate certificate) throws OperatorCreationException {
    final X509CertificateHolder certHolder;
    try {
        certHolder = new JcaX509CertificateHolder(certificate);
    } catch (CertificateEncodingException e) {
        throw new OperatorCreationException("cannot process certificate: " + e.getMessage(), e);
    }
    return new ContentVerifierProvider() {

        public boolean hasAssociatedCertificate() {
            return true;
        }

        public X509CertificateHolder getAssociatedCertificate() {
            return certHolder;
        }

        public ContentVerifier get(AlgorithmIdentifier algorithm) throws OperatorCreationException {
            if (algorithm.getAlgorithm().equals(MiscObjectIdentifiers.id_alg_composite)) {
                return createCompositeVerifier(algorithm, certificate.getPublicKey());
            } else {
                Signature sig;
                try {
                    sig = helper.createSignature(algorithm);
                    sig.initVerify(certificate.getPublicKey());
                } catch (GeneralSecurityException e) {
                    throw new OperatorCreationException("exception on setup: " + e, e);
                }
                Signature rawSig = createRawSig(algorithm, certificate.getPublicKey());
                if (rawSig != null) {
                    return new RawSigVerifier(algorithm, sig, rawSig);
                } else {
                    return new SigVerifier(algorithm, sig);
                }
            }
        }
    };
}
Also used : X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) Signature(java.security.Signature) GeneralSecurityException(java.security.GeneralSecurityException) CertificateEncodingException(java.security.cert.CertificateEncodingException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) ContentVerifierProvider(org.bouncycastle.operator.ContentVerifierProvider) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 87 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project jmulticard by ctt-gob-es.

the class JcaContentVerifierProviderBuilder method createCompositeVerifier.

private ContentVerifier createCompositeVerifier(AlgorithmIdentifier compAlgId, PublicKey publicKey) throws OperatorCreationException {
    if (publicKey instanceof CompositePublicKey) {
        List<PublicKey> pubKeys = ((CompositePublicKey) publicKey).getPublicKeys();
        ASN1Sequence keySeq = ASN1Sequence.getInstance(compAlgId.getParameters());
        Signature[] sigs = new Signature[keySeq.size()];
        for (int i = 0; i != keySeq.size(); i++) {
            AlgorithmIdentifier sigAlg = AlgorithmIdentifier.getInstance(keySeq.getObjectAt(i));
            if (pubKeys.get(i) != null) {
                sigs[i] = createSignature(sigAlg, (PublicKey) pubKeys.get(i));
            } else {
                sigs[i] = null;
            }
        }
        return new CompositeVerifier(sigs);
    } else {
        ASN1Sequence keySeq = ASN1Sequence.getInstance(compAlgId.getParameters());
        Signature[] sigs = new Signature[keySeq.size()];
        for (int i = 0; i != keySeq.size(); i++) {
            AlgorithmIdentifier sigAlg = AlgorithmIdentifier.getInstance(keySeq.getObjectAt(i));
            try {
                sigs[i] = createSignature(sigAlg, publicKey);
            } catch (Exception e) {
                sigs[i] = null;
            // continue
            }
        }
        return new CompositeVerifier(sigs);
    }
}
Also used : CompositePublicKey(org.bouncycastle.jcajce.CompositePublicKey) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) CompositePublicKey(org.bouncycastle.jcajce.CompositePublicKey) PublicKey(java.security.PublicKey) Signature(java.security.Signature) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) GeneralSecurityException(java.security.GeneralSecurityException) SignatureException(java.security.SignatureException) CertificateException(java.security.cert.CertificateException) RuntimeOperatorException(org.bouncycastle.operator.RuntimeOperatorException) CertificateEncodingException(java.security.cert.CertificateEncodingException) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 88 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project jmulticard by ctt-gob-es.

the class DefaultDigestAlgorithmIdentifierFinder method addDigestAlgId.

private static void addDigestAlgId(ASN1ObjectIdentifier oid, boolean withNullParams) {
    AlgorithmIdentifier algId;
    if (withNullParams) {
        algId = new AlgorithmIdentifier(oid, DERNull.INSTANCE);
    } else {
        algId = new AlgorithmIdentifier(oid);
    }
    digestOidToAlgIds.put(oid, algId);
}
Also used : AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 89 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project jmulticard by ctt-gob-es.

the class DefaultSignatureNameFinder method getAlgorithmName.

/**
 * Return the signature name for the passed in algorithm identifier. For signatures
 * that require parameters, like RSASSA-PSS, this is the best one to use.
 *
 * @param algorithmIdentifier the AlgorithmIdentifier of interest.
 * @return a string representation of the name.
 */
public String getAlgorithmName(AlgorithmIdentifier algorithmIdentifier) {
    ASN1Encodable params = algorithmIdentifier.getParameters();
    if (params != null && !DERNull.INSTANCE.equals(params)) {
        if (algorithmIdentifier.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) {
            RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params);
            AlgorithmIdentifier mgfAlg = rsaParams.getMaskGenAlgorithm();
            if (mgfAlg.getAlgorithm().equals(PKCSObjectIdentifiers.id_mgf1)) {
                AlgorithmIdentifier digAlg = rsaParams.getHashAlgorithm();
                ASN1ObjectIdentifier mgfHashOid = AlgorithmIdentifier.getInstance(mgfAlg.getParameters()).getAlgorithm();
                if (mgfHashOid.equals(digAlg.getAlgorithm())) {
                    return getDigestName(digAlg.getAlgorithm()) + "WITHRSAANDMGF1";
                } else {
                    return getDigestName(digAlg.getAlgorithm()) + "WITHRSAANDMGF1USING" + getDigestName(mgfHashOid);
                }
            }
            return getDigestName(rsaParams.getHashAlgorithm().getAlgorithm()) + "WITHRSAAND" + mgfAlg.getAlgorithm().getId();
        }
    }
    if (oids.containsKey(algorithmIdentifier.getAlgorithm())) {
        return (String) oids.get(algorithmIdentifier.getAlgorithm());
    }
    return algorithmIdentifier.getAlgorithm().getId();
}
Also used : RSASSAPSSparams(org.bouncycastle.asn1.pkcs.RSASSAPSSparams) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 90 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project jmulticard by ctt-gob-es.

the class SignerInformation method doVerify.

private boolean doVerify(SignerInformationVerifier verifier) throws CMSException {
    String encName = CMSSignedHelper.INSTANCE.getEncryptionAlgName(this.getEncryptionAlgOID());
    ContentVerifier contentVerifier;
    try {
        contentVerifier = verifier.getContentVerifier(encryptionAlgorithm, info.getDigestAlgorithm());
    } catch (OperatorCreationException e) {
        throw new CMSException("can't create content verifier: " + e.getMessage(), e);
    }
    try {
        OutputStream sigOut = contentVerifier.getOutputStream();
        if (resultDigest == null) {
            DigestCalculator calc = verifier.getDigestCalculator(this.getDigestAlgorithmID());
            if (content != null) {
                OutputStream digOut = calc.getOutputStream();
                if (signedAttributeSet == null) {
                    if (contentVerifier instanceof RawContentVerifier) {
                        content.write(digOut);
                    } else {
                        OutputStream cOut = new TeeOutputStream(digOut, sigOut);
                        content.write(cOut);
                        cOut.close();
                    }
                } else {
                    content.write(digOut);
                    sigOut.write(this.getEncodedSignedAttributes());
                }
                digOut.close();
            } else if (signedAttributeSet != null) {
                sigOut.write(this.getEncodedSignedAttributes());
            } else {
                // TODO Get rid of this exception and just treat content==null as empty not missing?
                throw new CMSException("data not encapsulated in signature - use detached constructor.");
            }
            resultDigest = calc.getDigest();
        } else {
            if (signedAttributeSet == null) {
                if (content != null) {
                    content.write(sigOut);
                }
            } else {
                sigOut.write(this.getEncodedSignedAttributes());
            }
        }
        sigOut.close();
    } catch (IOException e) {
        throw new CMSException("can't process mime object to create signature.", e);
    } catch (OperatorCreationException e) {
        throw new CMSException("can't create digest calculator: " + e.getMessage(), e);
    }
    // RFC 3852 11.1 Check the content-type attribute is correct
    verifyContentTypeAttributeValue();
    AttributeTable signedAttrTable = this.getSignedAttributes();
    // RFC 6211 Validate Algorithm Identifier protection attribute if present
    verifyAlgorithmIdentifierProtectionAttribute(signedAttrTable);
    // RFC 3852 11.2 Check the message-digest attribute is correct
    verifyMessageDigestAttribute();
    // RFC 3852 11.4 Validate countersignature attribute(s)
    verifyCounterSignatureAttribute(signedAttrTable);
    try {
        if (signedAttributeSet == null && resultDigest != null) {
            if (contentVerifier instanceof RawContentVerifier) {
                RawContentVerifier rawVerifier = (RawContentVerifier) contentVerifier;
                if (encName.equals("RSA")) {
                    DigestInfo digInfo = new DigestInfo(new AlgorithmIdentifier(digestAlgorithm.getAlgorithm(), DERNull.INSTANCE), resultDigest);
                    return rawVerifier.verify(digInfo.getEncoded(ASN1Encoding.DER), this.getSignature());
                }
                return rawVerifier.verify(resultDigest, this.getSignature());
            }
        }
        return contentVerifier.verify(this.getSignature());
    } catch (IOException e) {
        throw new CMSException("can't process mime object to create signature.", e);
    }
}
Also used : TeeOutputStream(org.bouncycastle.util.io.TeeOutputStream) DigestInfo(org.bouncycastle.asn1.x509.DigestInfo) ContentVerifier(org.bouncycastle.operator.ContentVerifier) RawContentVerifier(org.bouncycastle.operator.RawContentVerifier) OutputStream(java.io.OutputStream) TeeOutputStream(org.bouncycastle.util.io.TeeOutputStream) DigestCalculator(org.bouncycastle.operator.DigestCalculator) AttributeTable(org.bouncycastle.asn1.cms.AttributeTable) RawContentVerifier(org.bouncycastle.operator.RawContentVerifier) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) IOException(java.io.IOException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Aggregations

AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)249 IOException (java.io.IOException)157 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)140 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)79 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)72 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)65 BigInteger (java.math.BigInteger)62 X500Name (org.bouncycastle.asn1.x500.X500Name)52 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)47 Date (java.util.Date)47 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)45 X509Certificate (java.security.cert.X509Certificate)45 ContentSigner (org.bouncycastle.operator.ContentSigner)40 DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)39 OutputStream (java.io.OutputStream)39 DERSequence (com.github.zhenwei.core.asn1.DERSequence)38 GeneralSecurityException (java.security.GeneralSecurityException)37 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)35 Cipher (javax.crypto.Cipher)33 PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)33