Example 16 with DigestInfo
use of com.github.zhenwei.core.asn1.x509.DigestInfo in project robovm by robovm.
the class PKCS12KeyStoreSpi method engineLoad.
public void engineLoad(InputStream stream, char[] password) throws IOException {
if (// just initialising
stream == null) {
return;
}
if (password == null) {
throw new NullPointerException("No password supplied for PKCS#12 KeyStore.");
}
BufferedInputStream bufIn = new BufferedInputStream(stream);
bufIn.mark(10);
int head = bufIn.read();
if (head != 0x30) {
throw new IOException("stream does not represent a PKCS12 key store");
}
bufIn.reset();
ASN1InputStream bIn = new ASN1InputStream(bufIn);
ASN1Sequence obj = (ASN1Sequence) bIn.readObject();
Pfx bag = Pfx.getInstance(obj);
ContentInfo info = bag.getAuthSafe();
Vector chain = new Vector();
boolean unmarkedKey = false;
boolean wrongPKCS12Zero = false;
if (// check the mac code
bag.getMacData() != null) {
MacData mData = bag.getMacData();
DigestInfo dInfo = mData.getMac();
AlgorithmIdentifier algId = dInfo.getAlgorithmId();
byte[] salt = mData.getSalt();
int itCount = mData.getIterationCount().intValue();
byte[] data = ((ASN1OctetString) info.getContent()).getOctets();
try {
byte[] res = calculatePbeMac(algId.getAlgorithm(), salt, itCount, password, false, data);
byte[] dig = dInfo.getDigest();
if (!Arrays.constantTimeAreEqual(res, dig)) {
if (password.length > 0) {
throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file.");
}
// Try with incorrect zero length password
res = calculatePbeMac(algId.getAlgorithm(), salt, itCount, password, true, data);
if (!Arrays.constantTimeAreEqual(res, dig)) {
throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file.");
}
wrongPKCS12Zero = true;
}
} catch (IOException e) {
throw e;
} catch (Exception e) {
throw new IOException("error constructing MAC: " + e.toString());
}
}
keys = new IgnoresCaseHashtable();
localIds = new Hashtable();
if (info.getContentType().equals(data)) {
bIn = new ASN1InputStream(((ASN1OctetString) info.getContent()).getOctets());
AuthenticatedSafe authSafe = AuthenticatedSafe.getInstance(bIn.readObject());
ContentInfo[] c = authSafe.getContentInfo();
for (int i = 0; i != c.length; i++) {
if (c[i].getContentType().equals(data)) {
ASN1InputStream dIn = new ASN1InputStream(((ASN1OctetString) c[i].getContent()).getOctets());
ASN1Sequence seq = (ASN1Sequence) dIn.readObject();
for (int j = 0; j != seq.size(); j++) {
SafeBag b = SafeBag.getInstance(seq.getObjectAt(j));
if (b.getBagId().equals(pkcs8ShroudedKeyBag)) {
org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo.getInstance(b.getBagValue());
PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero);
//
// set the attributes on the key
//
PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) privKey;
String alias = null;
ASN1OctetString localId = null;
if (b.getBagAttributes() != null) {
Enumeration e = b.getBagAttributes().getObjects();
while (e.hasMoreElements()) {
ASN1Sequence sq = (ASN1Sequence) e.nextElement();
ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier) sq.getObjectAt(0);
ASN1Set attrSet = (ASN1Set) sq.getObjectAt(1);
ASN1Primitive attr = null;
if (attrSet.size() > 0) {
attr = (ASN1Primitive) attrSet.getObjectAt(0);
ASN1Encodable existing = bagAttr.getBagAttribute(aOid);
if (existing != null) {
// OK, but the value has to be the same
if (!existing.toASN1Primitive().equals(attr)) {
throw new IOException("attempt to add existing attribute with different value");
}
} else {
bagAttr.setBagAttribute(aOid, attr);
}
}
if (aOid.equals(pkcs_9_at_friendlyName)) {
alias = ((DERBMPString) attr).getString();
keys.put(alias, privKey);
} else if (aOid.equals(pkcs_9_at_localKeyId)) {
localId = (ASN1OctetString) attr;
}
}
}
if (localId != null) {
String name = new String(Hex.encode(localId.getOctets()));
if (alias == null) {
keys.put(name, privKey);
} else {
localIds.put(alias, name);
}
} else {
unmarkedKey = true;
keys.put("unmarked", privKey);
}
} else if (b.getBagId().equals(certBag)) {
chain.addElement(b);
} else {
System.out.println("extra in data " + b.getBagId());
System.out.println(ASN1Dump.dumpAsString(b));
}
}
} else if (c[i].getContentType().equals(encryptedData)) {
EncryptedData d = EncryptedData.getInstance(c[i].getContent());
byte[] octets = cryptData(false, d.getEncryptionAlgorithm(), password, wrongPKCS12Zero, d.getContent().getOctets());
ASN1Sequence seq = (ASN1Sequence) ASN1Primitive.fromByteArray(octets);
for (int j = 0; j != seq.size(); j++) {
SafeBag b = SafeBag.getInstance(seq.getObjectAt(j));
if (b.getBagId().equals(certBag)) {
chain.addElement(b);
} else if (b.getBagId().equals(pkcs8ShroudedKeyBag)) {
org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo.getInstance(b.getBagValue());
PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero);
//
// set the attributes on the key
//
PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) privKey;
String alias = null;
ASN1OctetString localId = null;
Enumeration e = b.getBagAttributes().getObjects();
while (e.hasMoreElements()) {
ASN1Sequence sq = (ASN1Sequence) e.nextElement();
ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier) sq.getObjectAt(0);
ASN1Set attrSet = (ASN1Set) sq.getObjectAt(1);
ASN1Primitive attr = null;
if (attrSet.size() > 0) {
attr = (ASN1Primitive) attrSet.getObjectAt(0);
ASN1Encodable existing = bagAttr.getBagAttribute(aOid);
if (existing != null) {
// OK, but the value has to be the same
if (!existing.toASN1Primitive().equals(attr)) {
throw new IOException("attempt to add existing attribute with different value");
}
} else {
bagAttr.setBagAttribute(aOid, attr);
}
}
if (aOid.equals(pkcs_9_at_friendlyName)) {
alias = ((DERBMPString) attr).getString();
keys.put(alias, privKey);
} else if (aOid.equals(pkcs_9_at_localKeyId)) {
localId = (ASN1OctetString) attr;
}
}
String name = new String(Hex.encode(localId.getOctets()));
if (alias == null) {
keys.put(name, privKey);
} else {
localIds.put(alias, name);
}
} else if (b.getBagId().equals(keyBag)) {
org.bouncycastle.asn1.pkcs.PrivateKeyInfo kInfo = org.bouncycastle.asn1.pkcs.PrivateKeyInfo.getInstance(b.getBagValue());
PrivateKey privKey = BouncyCastleProvider.getPrivateKey(kInfo);
//
// set the attributes on the key
//
PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) privKey;
String alias = null;
ASN1OctetString localId = null;
Enumeration e = b.getBagAttributes().getObjects();
while (e.hasMoreElements()) {
ASN1Sequence sq = (ASN1Sequence) e.nextElement();
ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier) sq.getObjectAt(0);
ASN1Set attrSet = (ASN1Set) sq.getObjectAt(1);
ASN1Primitive attr = null;
if (attrSet.size() > 0) {
attr = (ASN1Primitive) attrSet.getObjectAt(0);
ASN1Encodable existing = bagAttr.getBagAttribute(aOid);
if (existing != null) {
// OK, but the value has to be the same
if (!existing.toASN1Primitive().equals(attr)) {
throw new IOException("attempt to add existing attribute with different value");
}
} else {
bagAttr.setBagAttribute(aOid, attr);
}
}
if (aOid.equals(pkcs_9_at_friendlyName)) {
alias = ((DERBMPString) attr).getString();
keys.put(alias, privKey);
} else if (aOid.equals(pkcs_9_at_localKeyId)) {
localId = (ASN1OctetString) attr;
}
}
String name = new String(Hex.encode(localId.getOctets()));
if (alias == null) {
keys.put(name, privKey);
} else {
localIds.put(alias, name);
}
} else {
System.out.println("extra in encryptedData " + b.getBagId());
System.out.println(ASN1Dump.dumpAsString(b));
}
}
} else {
System.out.println("extra " + c[i].getContentType().getId());
System.out.println("extra " + ASN1Dump.dumpAsString(c[i].getContent()));
}
}
}
certs = new IgnoresCaseHashtable();
chainCerts = new Hashtable();
keyCerts = new Hashtable();
for (int i = 0; i != chain.size(); i++) {
SafeBag b = (SafeBag) chain.elementAt(i);
CertBag cb = CertBag.getInstance(b.getBagValue());
if (!cb.getCertId().equals(x509Certificate)) {
throw new RuntimeException("Unsupported certificate type: " + cb.getCertId());
}
Certificate cert;
try {
ByteArrayInputStream cIn = new ByteArrayInputStream(((ASN1OctetString) cb.getCertValue()).getOctets());
cert = certFact.generateCertificate(cIn);
} catch (Exception e) {
throw new RuntimeException(e.toString());
}
//
// set the attributes
//
ASN1OctetString localId = null;
String alias = null;
if (b.getBagAttributes() != null) {
Enumeration e = b.getBagAttributes().getObjects();
while (e.hasMoreElements()) {
ASN1Sequence sq = (ASN1Sequence) e.nextElement();
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) sq.getObjectAt(0);
ASN1Primitive attr = (ASN1Primitive) ((ASN1Set) sq.getObjectAt(1)).getObjectAt(0);
PKCS12BagAttributeCarrier bagAttr = null;
if (cert instanceof PKCS12BagAttributeCarrier) {
bagAttr = (PKCS12BagAttributeCarrier) cert;
ASN1Encodable existing = bagAttr.getBagAttribute(oid);
if (existing != null) {
// OK, but the value has to be the same
if (!existing.toASN1Primitive().equals(attr)) {
throw new IOException("attempt to add existing attribute with different value");
}
} else {
bagAttr.setBagAttribute(oid, attr);
}
}
if (oid.equals(pkcs_9_at_friendlyName)) {
alias = ((DERBMPString) attr).getString();
} else if (oid.equals(pkcs_9_at_localKeyId)) {
localId = (ASN1OctetString) attr;
}
}
}
chainCerts.put(new CertId(cert.getPublicKey()), cert);
if (unmarkedKey) {
if (keyCerts.isEmpty()) {
String name = new String(Hex.encode(createSubjectKeyId(cert.getPublicKey()).getKeyIdentifier()));
keyCerts.put(name, cert);
keys.put(name, keys.remove("unmarked"));
}
} else {
//
if (localId != null) {
String name = new String(Hex.encode(localId.getOctets()));
keyCerts.put(name, cert);
}
if (alias != null) {
certs.put(alias, cert);
}
}
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
PrivateKey(java.security.PrivateKey)
AuthenticatedSafe(org.bouncycastle.asn1.pkcs.AuthenticatedSafe)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
BEROctetString(org.bouncycastle.asn1.BEROctetString)
PKCS12BagAttributeCarrier(org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
BufferedInputStream(java.io.BufferedInputStream)
ContentInfo(org.bouncycastle.asn1.pkcs.ContentInfo)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
EncryptedData(org.bouncycastle.asn1.pkcs.EncryptedData)
Vector(java.util.Vector)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
MacData(org.bouncycastle.asn1.pkcs.MacData)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
Pfx(org.bouncycastle.asn1.pkcs.Pfx)
Enumeration(java.util.Enumeration)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
Hashtable(java.util.Hashtable)
IOException(java.io.IOException)
SafeBag(org.bouncycastle.asn1.pkcs.SafeBag)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
CertBag(org.bouncycastle.asn1.pkcs.CertBag)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DigestInfo(org.bouncycastle.asn1.x509.DigestInfo)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 17 with DigestInfo
use of com.github.zhenwei.core.asn1.x509.DigestInfo in project BiglyBT by BiglySoftware.
the class JDKDigestSignature method derDecode.
private DigestInfo derDecode(byte[] encoding) throws IOException {
ByteArrayInputStream bIn = new ByteArrayInputStream(encoding);
DERInputStream dIn = new DERInputStream(bIn);
return new DigestInfo((ASN1Sequence) dIn.readObject());
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
DigestInfo(org.gudy.bouncycastle.asn1.x509.DigestInfo)
DERInputStream(org.gudy.bouncycastle.asn1.DERInputStream)
Example 18 with DigestInfo
use of com.github.zhenwei.core.asn1.x509.DigestInfo in project LinLong-Java by zhenwei1108.
the class MessageImprintBuilder method build.
public MessageImprint build(byte[] message) throws DVCSException {
try {
OutputStream dOut = digestCalculator.getOutputStream();
dOut.write(message);
dOut.close();
return new MessageImprint(new DigestInfo(digestCalculator.getAlgorithmIdentifier(), digestCalculator.getDigest()));
} catch (Exception e) {
throw new DVCSException("unable to build MessageImprint: " + e.getMessage(), e);
}
}
Also used :
DigestInfo(com.github.zhenwei.core.asn1.x509.DigestInfo)
OutputStream(java.io.OutputStream)
Example 19 with DigestInfo
use of com.github.zhenwei.core.asn1.x509.DigestInfo in project LinLong-Java by zhenwei1108.
the class MacDataGenerator method build.
public MacData build(char[] password, byte[] data) throws PKCSException {
MacCalculator macCalculator;
try {
macCalculator = builder.build(password);
OutputStream out = macCalculator.getOutputStream();
out.write(data);
out.close();
} catch (Exception e) {
throw new PKCSException("unable to process data: " + e.getMessage(), e);
}
AlgorithmIdentifier algId = macCalculator.getAlgorithmIdentifier();
DigestInfo dInfo = new DigestInfo(builder.getDigestAlgorithmIdentifier(), macCalculator.getMac());
PKCS12PBEParams params = PKCS12PBEParams.getInstance(algId.getParameters());
return new MacData(dInfo, params.getIV(), params.getIterations().intValue());
}
Also used :
MacData(com.github.zhenwei.core.asn1.pkcs.MacData)
DigestInfo(com.github.zhenwei.core.asn1.x509.DigestInfo)
PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)
OutputStream(java.io.OutputStream)
MacCalculator(com.github.zhenwei.pkix.operator.MacCalculator)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
Example 20 with DigestInfo
use of com.github.zhenwei.core.asn1.x509.DigestInfo in project LinLong-Java by zhenwei1108.
the class Pkcs1PaddingBuilder method encodePkcs1Padding.
/**
* 若为私钥,标志位01,中间填充FF,保证每次填充一致,签名结果的一致 若为公钥,标志位02,则中间填充使用随机数 00 01/02 || PS(随机数/OxFF) || 00 ||
* T(数据摘要)
*/
public static byte[] encodePkcs1Padding(byte[] data, boolean isPrivate, int modulusLength, DigestAlgEnum digestAlg) throws WeGooCryptoException {
try {
if (modulusLength % 1024 == 0) {
modulusLength = modulusLength / 8;
}
if (modulusLength % 128 != 0) {
throw new WeGooCryptoException(CryptoExceptionMassageEnum.params_err);
}
ASN1ObjectIdentifier hashOid = digestAlg.getOid();
// 组装摘要值
MessageDigest digest = MessageDigest.getInstance(digestAlg.name());
digest.update(data);
byte[] hash = digest.digest();
int T = hash.length;
int emLen = modulusLength - 1;
if (emLen < (T + 10)) {
/*intended encoded message length too short*/
throw new WeGooCryptoException(CryptoExceptionMassageEnum.params_short_err);
}
int psLength = Math.max(emLen - T - 2, 8);
AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(hashOid, DERNull.INSTANCE);
DigestInfo dInfo = new DigestInfo(algorithmIdentifier, hash);
byte[] in = dInfo.getEncoded(ASN1Encoding.DER);
SecureRandom random = CryptoServicesRegistrar.getSecureRandom();
byte[] block = new byte[3 + psLength + T];
int i;
int inLen = in.length;
if (isPrivate) {
block[1] = 1;
for (i = 2; i != block.length - inLen; ++i) {
block[i] = -1;
}
} else {
random.nextBytes(block);
block[0] = 0;
block[1] = 2;
for (i = 2; i != block.length - inLen; ++i) {
while (block[i] == 0) {
block[i] = (byte) random.nextInt();
}
}
}
block[block.length - inLen - 1] = 0;
System.arraycopy(in, 0, block, block.length - inLen, inLen);
return block;
} catch (Exception e) {
throw new WeGooCryptoException(e);
}
}
Also used :
WeGooCryptoException(com.github.zhenwei.core.exception.WeGooCryptoException)
DigestInfo(com.github.zhenwei.core.asn1.x509.DigestInfo)
SecureRandom(java.security.SecureRandom)
MessageDigest(java.security.MessageDigest)
ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)
WeGooCryptoException(com.github.zhenwei.core.exception.WeGooCryptoException)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
Aggregations
IOException (java.io.IOException)13
DigestInfo (com.github.zhenwei.core.asn1.x509.DigestInfo)7
KeyStoreException (java.security.KeyStoreException)6
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)6
PrivateKey (java.security.PrivateKey)6
UnrecoverableKeyException (java.security.UnrecoverableKeyException)6
Certificate (java.security.cert.Certificate)6
CertificateEncodingException (java.security.cert.CertificateEncodingException)6
CertificateException (java.security.cert.CertificateException)6
X509Certificate (java.security.cert.X509Certificate)6
Enumeration (java.util.Enumeration)6
Hashtable (java.util.Hashtable)6
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)6
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)6
DigestInfo (org.bouncycastle.asn1.x509.DigestInfo)6
AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)5
OutputStream (java.io.OutputStream)5
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)5
ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)4
DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)4
