Search in sources :

Example 96 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project jmulticard by ctt-gob-es.

the class SubjectPublicKeyInfoFactory method createSubjectPublicKeyInfo.

/**
 * Create a SubjectPublicKeyInfo public key.
 *
 * @param publicKey the key to be encoded into the info object.
 * @return a SubjectPublicKeyInfo representing the key.
 * @throws java.io.IOException on an error encoding the key
 */
public static SubjectPublicKeyInfo createSubjectPublicKeyInfo(AsymmetricKeyParameter publicKey) throws IOException {
    if (publicKey instanceof QTESLAPublicKeyParameters) {
        QTESLAPublicKeyParameters keyParams = (QTESLAPublicKeyParameters) publicKey;
        AlgorithmIdentifier algorithmIdentifier = Utils.qTeslaLookupAlgID(keyParams.getSecurityCategory());
        return new SubjectPublicKeyInfo(algorithmIdentifier, keyParams.getPublicData());
    } else if (publicKey instanceof SPHINCSPublicKeyParameters) {
        SPHINCSPublicKeyParameters params = (SPHINCSPublicKeyParameters) publicKey;
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PQCObjectIdentifiers.sphincs256, new SPHINCS256KeyParams(Utils.sphincs256LookupTreeAlgID(params.getTreeDigest())));
        return new SubjectPublicKeyInfo(algorithmIdentifier, params.getKeyData());
    } else if (publicKey instanceof NHPublicKeyParameters) {
        NHPublicKeyParameters params = (NHPublicKeyParameters) publicKey;
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PQCObjectIdentifiers.newHope);
        return new SubjectPublicKeyInfo(algorithmIdentifier, params.getPubData());
    } else if (publicKey instanceof LMSPublicKeyParameters) {
        LMSPublicKeyParameters params = (LMSPublicKeyParameters) publicKey;
        byte[] encoding = Composer.compose().u32str(1).bytes(params).build();
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_hss_lms_hashsig);
        return new SubjectPublicKeyInfo(algorithmIdentifier, new DEROctetString(encoding));
    } else if (publicKey instanceof HSSPublicKeyParameters) {
        HSSPublicKeyParameters params = (HSSPublicKeyParameters) publicKey;
        byte[] encoding = Composer.compose().u32str(params.getL()).bytes(params.getLMSPublicKey()).build();
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_hss_lms_hashsig);
        return new SubjectPublicKeyInfo(algorithmIdentifier, new DEROctetString(encoding));
    } else if (publicKey instanceof SPHINCSPlusPublicKeyParameters) {
        SPHINCSPlusPublicKeyParameters params = (SPHINCSPlusPublicKeyParameters) publicKey;
        byte[] encoding = params.getEncoded();
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Utils.sphincsPlusOidLookup(params.getParameters()));
        return new SubjectPublicKeyInfo(algorithmIdentifier, new DEROctetString(encoding));
    } else if (publicKey instanceof CMCEPublicKeyParameters) {
        CMCEPublicKeyParameters params = (CMCEPublicKeyParameters) publicKey;
        byte[] encoding = params.getEncoded();
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Utils.mcElieceOidLookup(params.getParameters()));
        // https://datatracker.ietf.org/doc/draft-uni-qsckeys/
        return new SubjectPublicKeyInfo(algorithmIdentifier, new CMCEPublicKey(encoding));
    } else if (publicKey instanceof XMSSPublicKeyParameters) {
        XMSSPublicKeyParameters keyParams = (XMSSPublicKeyParameters) publicKey;
        byte[] publicSeed = keyParams.getPublicSeed();
        byte[] root = keyParams.getRoot();
        byte[] keyEnc = keyParams.getEncoded();
        if (keyEnc.length > publicSeed.length + root.length) {
            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(IsaraObjectIdentifiers.id_alg_xmss);
            return new SubjectPublicKeyInfo(algorithmIdentifier, new DEROctetString(keyEnc));
        } else {
            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PQCObjectIdentifiers.xmss, new XMSSKeyParams(keyParams.getParameters().getHeight(), Utils.xmssLookupTreeAlgID(keyParams.getTreeDigest())));
            return new SubjectPublicKeyInfo(algorithmIdentifier, new XMSSPublicKey(publicSeed, root));
        }
    } else if (publicKey instanceof XMSSMTPublicKeyParameters) {
        XMSSMTPublicKeyParameters keyParams = (XMSSMTPublicKeyParameters) publicKey;
        byte[] publicSeed = keyParams.getPublicSeed();
        byte[] root = keyParams.getRoot();
        byte[] keyEnc = keyParams.getEncoded();
        if (keyEnc.length > publicSeed.length + root.length) {
            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(IsaraObjectIdentifiers.id_alg_xmssmt);
            return new SubjectPublicKeyInfo(algorithmIdentifier, new DEROctetString(keyEnc));
        } else {
            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PQCObjectIdentifiers.xmss_mt, new XMSSMTKeyParams(keyParams.getParameters().getHeight(), keyParams.getParameters().getLayers(), Utils.xmssLookupTreeAlgID(keyParams.getTreeDigest())));
            return new SubjectPublicKeyInfo(algorithmIdentifier, new XMSSMTPublicKey(keyParams.getPublicSeed(), keyParams.getRoot()));
        }
    } else if (publicKey instanceof McElieceCCA2PublicKeyParameters) {
        McElieceCCA2PublicKeyParameters pub = (McElieceCCA2PublicKeyParameters) publicKey;
        McElieceCCA2PublicKey mcEliecePub = new McElieceCCA2PublicKey(pub.getN(), pub.getT(), pub.getG(), Utils.getAlgorithmIdentifier(pub.getDigest()));
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PQCObjectIdentifiers.mcElieceCca2);
        return new SubjectPublicKeyInfo(algorithmIdentifier, mcEliecePub);
    } else if (publicKey instanceof FrodoPublicKeyParameters) {
        FrodoPublicKeyParameters params = (FrodoPublicKeyParameters) publicKey;
        byte[] encoding = params.getEncoded();
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Utils.frodoOidLookup(params.getParameters()));
        return new SubjectPublicKeyInfo(algorithmIdentifier, (new DEROctetString(encoding)));
    } else if (publicKey instanceof SABERPublicKeyParameters) {
        SABERPublicKeyParameters params = (SABERPublicKeyParameters) publicKey;
        byte[] encoding = params.getEncoded();
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Utils.saberOidLookup(params.getParameters()));
        // https://datatracker.ietf.org/doc/draft-uni-qsckeys/
        return new SubjectPublicKeyInfo(algorithmIdentifier, new DERSequence(new DEROctetString(encoding)));
    } else {
        throw new IOException("key parameters not recognized");
    }
}
Also used : CMCEPublicKeyParameters(org.bouncycastle.pqc.crypto.cmce.CMCEPublicKeyParameters) SABERPublicKeyParameters(org.bouncycastle.pqc.crypto.saber.SABERPublicKeyParameters) XMSSKeyParams(org.bouncycastle.pqc.asn1.XMSSKeyParams) CMCEPublicKey(org.bouncycastle.pqc.asn1.CMCEPublicKey) LMSPublicKeyParameters(org.bouncycastle.pqc.crypto.lms.LMSPublicKeyParameters) McElieceCCA2PublicKeyParameters(org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2PublicKeyParameters) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) DEROctetString(org.bouncycastle.asn1.DEROctetString) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) XMSSMTPublicKey(org.bouncycastle.pqc.asn1.XMSSMTPublicKey) DERSequence(org.bouncycastle.asn1.DERSequence) SPHINCSPublicKeyParameters(org.bouncycastle.pqc.crypto.sphincs.SPHINCSPublicKeyParameters) HSSPublicKeyParameters(org.bouncycastle.pqc.crypto.lms.HSSPublicKeyParameters) QTESLAPublicKeyParameters(org.bouncycastle.pqc.crypto.qtesla.QTESLAPublicKeyParameters) IOException(java.io.IOException) McElieceCCA2PublicKey(org.bouncycastle.pqc.asn1.McElieceCCA2PublicKey) SPHINCS256KeyParams(org.bouncycastle.pqc.asn1.SPHINCS256KeyParams) XMSSMTKeyParams(org.bouncycastle.pqc.asn1.XMSSMTKeyParams) FrodoPublicKeyParameters(org.bouncycastle.pqc.crypto.frodo.FrodoPublicKeyParameters) XMSSPublicKeyParameters(org.bouncycastle.pqc.crypto.xmss.XMSSPublicKeyParameters) XMSSMTPublicKeyParameters(org.bouncycastle.pqc.crypto.xmss.XMSSMTPublicKeyParameters) SPHINCSPlusPublicKeyParameters(org.bouncycastle.pqc.crypto.sphincsplus.SPHINCSPlusPublicKeyParameters) NHPublicKeyParameters(org.bouncycastle.pqc.crypto.newhope.NHPublicKeyParameters) XMSSPublicKey(org.bouncycastle.pqc.asn1.XMSSPublicKey)

Example 97 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project jmulticard by ctt-gob-es.

the class BCRainbowPrivateKey method getEncoded.

public byte[] getEncoded() {
    RainbowPrivateKey privateKey = new RainbowPrivateKey(A1inv, b1, A2inv, b2, vi, layers);
    PrivateKeyInfo pki;
    try {
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PQCObjectIdentifiers.rainbow, DERNull.INSTANCE);
        pki = new PrivateKeyInfo(algorithmIdentifier, privateKey);
    } catch (IOException e) {
        return null;
    }
    try {
        byte[] encoded = pki.getEncoded();
        return encoded;
    } catch (IOException e) {
        return null;
    }
}
Also used : RainbowPrivateKey(org.bouncycastle.pqc.asn1.RainbowPrivateKey) IOException(java.io.IOException) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 98 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project jmulticard by ctt-gob-es.

the class BCRainbowPublicKey method getEncoded.

public byte[] getEncoded() {
    RainbowPublicKey key = new RainbowPublicKey(docLength, coeffquadratic, coeffsingular, coeffscalar);
    AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PQCObjectIdentifiers.rainbow, DERNull.INSTANCE);
    return KeyUtil.getEncodedSubjectPublicKeyInfo(algorithmIdentifier, key);
}
Also used : RainbowPublicKey(org.bouncycastle.pqc.asn1.RainbowPublicKey) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 99 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project signer by demoiselle.

the class CertificateRefs method getValue.

@Override
public Attribute getValue() throws SignerException {
    try {
        int chainSize = certificates.length - 1;
        OtherCertID[] arrayOtherCertID = new OtherCertID[chainSize];
        for (int i = 1; i <= chainSize; i++) {
            X509Certificate issuerCert = null;
            X509Certificate cert = (X509Certificate) certificates[i];
            if (i < chainSize) {
                issuerCert = (X509Certificate) certificates[i + 1];
            } else {
                // raiz
                issuerCert = (X509Certificate) certificates[i];
            }
            Digest digest = DigestFactory.getInstance().factoryDefault();
            digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
            byte[] certHash = digest.digest(cert.getEncoded());
            // X500Name dirName = new X500Name(issuerCert.getSubjectX500Principal().getName());
            X500Name dirName = new JcaX509CertificateHolder(issuerCert).getSubject();
            GeneralName name = new GeneralName(dirName);
            GeneralNames issuer = new GeneralNames(name);
            ASN1Integer serialNumber = new ASN1Integer(cert.getSerialNumber());
            IssuerSerial issuerSerial = new IssuerSerial(issuer, serialNumber);
            AlgorithmIdentifier algId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256);
            OtherCertID otherCertID = new OtherCertID(algId, certHash, issuerSerial);
            arrayOtherCertID[i - 1] = otherCertID;
        }
        return new Attribute(identifier, new DERSet(new ASN1Encodable[] { new DERSequence(arrayOtherCertID) }));
    } catch (CertificateEncodingException e) {
        throw new SignerException(e.getMessage());
    }
}
Also used : IssuerSerial(org.bouncycastle.asn1.x509.IssuerSerial) Digest(org.demoiselle.signer.cryptography.Digest) Attribute(org.bouncycastle.asn1.cms.Attribute) UnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute) CertificateEncodingException(java.security.cert.CertificateEncodingException) X500Name(org.bouncycastle.asn1.x500.X500Name) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) DERSet(org.bouncycastle.asn1.DERSet) X509Certificate(java.security.cert.X509Certificate) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) OtherCertID(org.bouncycastle.asn1.ess.OtherCertID) DERSequence(org.bouncycastle.asn1.DERSequence) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)

Example 100 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project signer by demoiselle.

the class RevocationRefs method makeCrlValidatedID.

/**
 * @param crl CrlValidatedID from X509CRL
 * @return a CrlValidatedID
 * @throws NoSuchAlgorithmException
 * @throws CRLException
 */
private CrlValidatedID makeCrlValidatedID(X509CRL crl) throws CRLException {
    Digest digest = DigestFactory.getInstance().factoryDefault();
    digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
    OtherHashAlgAndValue otherHashAlgAndValue = new OtherHashAlgAndValue(new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256), new DEROctetString(digest.digest(crl.getEncoded())));
    OtherHash hash = new OtherHash(otherHashAlgAndValue);
    BigInteger crlnumber;
    CrlIdentifier crlid;
    if (crl.getExtensionValue("2.5.29.20") != null) {
        ASN1Integer varASN1Integer = new ASN1Integer(crl.getExtensionValue("2.5.29.20"));
        crlnumber = varASN1Integer.getPositiveValue();
        crlid = new CrlIdentifier(new X500Name(crl.getIssuerX500Principal().getName()), new DERUTCTime(crl.getThisUpdate()), crlnumber);
    } else {
        crlid = new CrlIdentifier(new X500Name(crl.getIssuerX500Principal().getName()), new DERUTCTime(crl.getThisUpdate()));
    }
    CrlValidatedID crlvid = new CrlValidatedID(hash, crlid);
    return crlvid;
}
Also used : CrlValidatedID(org.bouncycastle.asn1.esf.CrlValidatedID) Digest(org.demoiselle.signer.cryptography.Digest) DERUTCTime(org.bouncycastle.asn1.DERUTCTime) BigInteger(java.math.BigInteger) CrlIdentifier(org.bouncycastle.asn1.esf.CrlIdentifier) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) X500Name(org.bouncycastle.asn1.x500.X500Name) OtherHashAlgAndValue(org.bouncycastle.asn1.esf.OtherHashAlgAndValue) DEROctetString(org.bouncycastle.asn1.DEROctetString) OtherHash(org.bouncycastle.asn1.esf.OtherHash) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Aggregations

AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)249 IOException (java.io.IOException)157 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)140 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)79 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)72 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)65 BigInteger (java.math.BigInteger)62 X500Name (org.bouncycastle.asn1.x500.X500Name)52 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)47 Date (java.util.Date)47 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)45 X509Certificate (java.security.cert.X509Certificate)45 ContentSigner (org.bouncycastle.operator.ContentSigner)40 DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)39 OutputStream (java.io.OutputStream)39 DERSequence (com.github.zhenwei.core.asn1.DERSequence)38 GeneralSecurityException (java.security.GeneralSecurityException)37 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)35 Cipher (javax.crypto.Cipher)33 PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)33