Examples with OperatorCreationException com.github.zhenwei.pkix.operator.OperatorCreationException used on opensource projects

Search in sources :

Example 1 with OperatorCreationException

use of com.github.zhenwei.pkix.operator.OperatorCreationException in project LinLong-Java by zhenwei1108.

the class ParentCertIssuedValidation method validate.

public void validate(CertPathValidationContext context, X509CertificateHolder certificate) throws CertPathValidationException {
    if (workingIssuerName != null) {
        if (!workingIssuerName.equals(certificate.getIssuer())) {
            throw new CertPathValidationException("Certificate issue does not match parent");
        }
    }
    if (workingPublicKey != null) {
        try {
            SubjectPublicKeyInfo validatingKeyInfo;
            if (workingPublicKey.getAlgorithm().equals(workingAlgId)) {
                validatingKeyInfo = workingPublicKey;
            } else {
                validatingKeyInfo = new SubjectPublicKeyInfo(workingAlgId, workingPublicKey.parsePublicKey());
            }
            if (!certificate.isSignatureValid(contentVerifierProvider.build(validatingKeyInfo))) {
                throw new CertPathValidationException("Certificate signature not for public key in parent");
            }
        } catch (OperatorCreationException e) {
            throw new CertPathValidationException("Unable to create verifier: " + e.getMessage(), e);
        } catch (CertException e) {
            throw new CertPathValidationException("Unable to validate signature: " + e.getMessage(), e);
        } catch (IOException e) {
            throw new CertPathValidationException("Unable to build public key: " + e.getMessage(), e);
        }
    }
    workingIssuerName = certificate.getSubject();
    workingPublicKey = certificate.getSubjectPublicKeyInfo();
    if (workingAlgId != null) {
        // check for inherited parameters
        if (workingPublicKey.getAlgorithm().getAlgorithm().equals(workingAlgId.getAlgorithm())) {
            if (!isNull(workingPublicKey.getAlgorithm().getParameters())) {
                workingAlgId = workingPublicKey.getAlgorithm();
            }
        } else {
            workingAlgId = workingPublicKey.getAlgorithm();
        }
    } else {
        workingAlgId = workingPublicKey.getAlgorithm();
    }
}
Also used : CertPathValidationException(com.github.zhenwei.pkix.cert.path.CertPathValidationException) CertException(com.github.zhenwei.pkix.cert.CertException) IOException(java.io.IOException) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) SubjectPublicKeyInfo(com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo)

Example 2 with OperatorCreationException

use of com.github.zhenwei.pkix.operator.OperatorCreationException in project LinLong-Java by zhenwei1108.

the class JceOpenSSLPKCS8EncryptorBuilder method build.

public OutputEncryptor build() throws OperatorCreationException {
    final AlgorithmIdentifier algID;
    if (random == null) {
        random = new SecureRandom();
    }
    try {
        this.cipher = helper.createCipher(algOID.getId());
        if (PEMUtilities.isPKCS5Scheme2(algOID)) {
            this.paramGen = helper.createAlgorithmParameterGenerator(algOID.getId());
        }
    } catch (GeneralSecurityException e) {
        throw new OperatorCreationException(algOID + " not available: " + e.getMessage(), e);
    }
    if (PEMUtilities.isPKCS5Scheme2(algOID)) {
        salt = new byte[PEMUtilities.getSaltSize(prf.getAlgorithm())];
        random.nextBytes(salt);
        params = paramGen.generateParameters();
        try {
            EncryptionScheme scheme = new EncryptionScheme(algOID, ASN1Primitive.fromByteArray(params.getEncoded()));
            KeyDerivationFunc func = new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, iterationCount, prf));
            ASN1EncodableVector v = new ASN1EncodableVector();
            v.add(func);
            v.add(scheme);
            algID = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBES2, PBES2Parameters.getInstance(new DERSequence(v)));
        } catch (IOException e) {
            throw new OperatorCreationException(e.getMessage(), e);
        }
        try {
            if (PEMUtilities.isHmacSHA1(prf)) {
                key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(helper, algOID.getId(), password, salt, iterationCount);
            } else {
                key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(helper, algOID.getId(), password, salt, iterationCount, prf);
            }
            cipher.init(Cipher.ENCRYPT_MODE, key, params);
        } catch (GeneralSecurityException e) {
            throw new OperatorCreationException(e.getMessage(), e);
        }
    } else if (PEMUtilities.isPKCS12(algOID)) {
        ASN1EncodableVector v = new ASN1EncodableVector();
        salt = new byte[20];
        random.nextBytes(salt);
        v.add(new DEROctetString(salt));
        v.add(new ASN1Integer(iterationCount));
        algID = new AlgorithmIdentifier(algOID, PKCS12PBEParams.getInstance(new DERSequence(v)));
        try {
            cipher.init(Cipher.ENCRYPT_MODE, new PKCS12KeyWithParameters(password, salt, iterationCount));
        } catch (GeneralSecurityException e) {
            throw new OperatorCreationException(e.getMessage(), e);
        }
    } else {
        throw new OperatorCreationException("unknown algorithm: " + algOID, null);
    }
    return new OutputEncryptor() {

        public AlgorithmIdentifier getAlgorithmIdentifier() {
            return algID;
        }

        public OutputStream getOutputStream(OutputStream encOut) {
            return new CipherOutputStream(encOut, cipher);
        }

        public GenericKey getKey() {
            return new JceGenericKey(algID, key);
        }
    };
}
Also used : EncryptionScheme(com.github.zhenwei.core.asn1.pkcs.EncryptionScheme) CipherOutputStream(com.github.zhenwei.provider.jcajce.io.CipherOutputStream) GeneralSecurityException(java.security.GeneralSecurityException) OutputStream(java.io.OutputStream) CipherOutputStream(com.github.zhenwei.provider.jcajce.io.CipherOutputStream) SecureRandom(java.security.SecureRandom) IOException(java.io.IOException) ASN1Integer(com.github.zhenwei.core.asn1.ASN1Integer) DEROctetString(com.github.zhenwei.core.asn1.DEROctetString) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) DERSequence(com.github.zhenwei.core.asn1.DERSequence) JceGenericKey(com.github.zhenwei.pkix.operator.jcajce.JceGenericKey) KeyDerivationFunc(com.github.zhenwei.core.asn1.pkcs.KeyDerivationFunc) PBKDF2Params(com.github.zhenwei.core.asn1.pkcs.PBKDF2Params) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) PKCS12KeyWithParameters(com.github.zhenwei.provider.jcajce.PKCS12KeyWithParameters) OutputEncryptor(com.github.zhenwei.pkix.operator.OutputEncryptor)

Example 3 with OperatorCreationException

use of com.github.zhenwei.pkix.operator.OperatorCreationException in project LinLong-Java by zhenwei1108.

the class BcITSContentVerifierProvider method get.

public ContentVerifier get(final int verifierAlgorithmIdentifier) throws OperatorCreationException {
    if (sigChoice != verifierAlgorithmIdentifier) {
        throw new OperatorCreationException("wrong verifier for algorithm: " + verifierAlgorithmIdentifier);
    }
    final Digest digest = BcDefaultDigestProvider.INSTANCE.get(digestAlgo);
    final byte[] parentDigest = new byte[digest.getDigestSize()];
    digest.update(parentData, 0, parentData.length);
    digest.doFinal(parentDigest, 0);
    final byte[] parentTBSDigest = issuer.getIssuer().isSelf() ? new byte[digest.getDigestSize()] : null;
    if (parentTBSDigest != null) {
        byte[] enc = OEREncoder.toByteArray(issuer.toASN1Structure().getCertificateBase().getToBeSignedCertificate(), IEEE1609dot2.tbsCertificate);
        digest.update(enc, 0, enc.length);
        digest.doFinal(parentTBSDigest, 0);
    }
    final OutputStream os = new OutputStream() {

        public void write(int b) throws IOException {
            digest.update((byte) b);
        }

        public void write(byte[] b) throws IOException {
            digest.update(b, 0, b.length);
        }

        public void write(byte[] b, int off, int len) throws IOException {
            digest.update(b, off, len);
        }
    };
    return new ContentVerifier() {

        final DSADigestSigner signer = new DSADigestSigner(new ECDSASigner(), BcDefaultDigestProvider.INSTANCE.get(digestAlgo));

        public AlgorithmIdentifier getAlgorithmIdentifier() {
            return null;
        }

        public OutputStream getOutputStream() {
            return os;
        }

        public boolean verify(byte[] expected) {
            byte[] clientCertDigest = new byte[digest.getDigestSize()];
            digest.doFinal(clientCertDigest, 0);
            // System.out.println("Verify: "+ Hex.toHexString(clientCertDigest));
            signer.init(false, pubParams);
            signer.update(clientCertDigest, 0, clientCertDigest.length);
            // 
            if (parentTBSDigest != null && Arrays.areEqual(clientCertDigest, parentTBSDigest)) {
                byte[] empty = new byte[digest.getDigestSize()];
                digest.doFinal(empty, 0);
                // System.out.println("Empty: "+Hex.toHexString(empty));
                signer.update(empty, 0, empty.length);
            } else {
                signer.update(parentDigest, 0, parentDigest.length);
            }
            return signer.verifySignature(expected);
        }
    };
}
Also used : DSADigestSigner(com.github.zhenwei.core.crypto.signers.DSADigestSigner) Digest(com.github.zhenwei.core.crypto.Digest) ECDSASigner(com.github.zhenwei.core.crypto.signers.ECDSASigner) OutputStream(java.io.OutputStream) ContentVerifier(com.github.zhenwei.pkix.operator.ContentVerifier) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)

Example 4 with OperatorCreationException

use of com.github.zhenwei.pkix.operator.OperatorCreationException in project LinLong-Java by zhenwei1108.

the class CertificateConfirmationContentBuilder method build.

public CertificateConfirmationContent build(DigestCalculatorProvider digesterProvider) throws CMPException {
    ASN1EncodableVector v = new ASN1EncodableVector();
    for (int i = 0; i != acceptedCerts.size(); i++) {
        X509CertificateHolder certHolder = (X509CertificateHolder) acceptedCerts.get(i);
        BigInteger reqID = (BigInteger) acceptedReqIds.get(i);
        AlgorithmIdentifier digAlg = digestAlgFinder.find(certHolder.toASN1Structure().getSignatureAlgorithm());
        if (digAlg == null) {
            throw new CMPException("cannot find algorithm for digest from signature");
        }
        DigestCalculator digester;
        try {
            digester = digesterProvider.get(digAlg);
        } catch (OperatorCreationException e) {
            throw new CMPException("unable to create digest: " + e.getMessage(), e);
        }
        CMPUtil.derEncodeToStream(certHolder.toASN1Structure(), digester.getOutputStream());
        v.add(new CertStatus(digester.getDigest(), reqID));
    }
    return new CertificateConfirmationContent(CertConfirmContent.getInstance(new DERSequence(v)), digestAlgFinder);
}
Also used : DERSequence(com.github.zhenwei.core.asn1.DERSequence) CertStatus(com.github.zhenwei.pkix.util.asn1.cmp.CertStatus) X509CertificateHolder(com.github.zhenwei.pkix.cert.X509CertificateHolder) DigestCalculator(com.github.zhenwei.pkix.operator.DigestCalculator) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) BigInteger(java.math.BigInteger) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)

Example 5 with OperatorCreationException

use of com.github.zhenwei.pkix.operator.OperatorCreationException in project LinLong-Java by zhenwei1108.

the class CertificateStatus method isVerified.

public boolean isVerified(X509CertificateHolder certHolder, DigestCalculatorProvider digesterProvider) throws CMPException {
    AlgorithmIdentifier digAlg = digestAlgFinder.find(certHolder.toASN1Structure().getSignatureAlgorithm());
    if (digAlg == null) {
        throw new CMPException("cannot find algorithm for digest from signature");
    }
    DigestCalculator digester;
    try {
        digester = digesterProvider.get(digAlg);
    } catch (OperatorCreationException e) {
        throw new CMPException("unable to create digester: " + e.getMessage(), e);
    }
    CMPUtil.derEncodeToStream(certHolder.toASN1Structure(), digester.getOutputStream());
    return Arrays.areEqual(certStatus.getCertHash().getOctets(), digester.getDigest());
}
Also used : DigestCalculator(com.github.zhenwei.pkix.operator.DigestCalculator) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)

Aggregations

OperatorCreationException (com.github.zhenwei.pkix.operator.OperatorCreationException)30 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)18 IOException (java.io.IOException)14 DigestCalculator (com.github.zhenwei.pkix.operator.DigestCalculator)12 OutputStream (java.io.OutputStream)11 Signature (java.security.Signature)9 GeneralSecurityException (java.security.GeneralSecurityException)8 SecretKey (javax.crypto.SecretKey)6 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)5 PKCS12PBEParams (com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)5 RuntimeOperatorException (com.github.zhenwei.pkix.operator.RuntimeOperatorException)5 SignatureException (java.security.SignatureException)5 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)4 ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)4 PBKDF2Params (com.github.zhenwei.core.asn1.pkcs.PBKDF2Params)4 TeeOutputStream (com.github.zhenwei.core.util.io.TeeOutputStream)4 CMSException (com.github.zhenwei.pkix.cms.CMSException)4 PKCS12KeyWithParameters (com.github.zhenwei.provider.jcajce.PKCS12KeyWithParameters)4 ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)3 DERSequence (com.github.zhenwei.core.asn1.DERSequence)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial