Example 91 with AlgorithmParameterSpec
use of java.security.spec.AlgorithmParameterSpec in project symmetric-ds by JumpMind.
the class SecurityService method initializeCipher.
protected void initializeCipher(Cipher cipher, int mode) throws Exception {
AlgorithmParameterSpec paramSpec = Cipher.getMaxAllowedParameterSpec(cipher.getAlgorithm());
if (paramSpec instanceof PBEParameterSpec || (paramSpec == null && cipher.getAlgorithm().startsWith("PBE"))) {
paramSpec = new PBEParameterSpec(SecurityConstants.SALT, SecurityConstants.ITERATION_COUNT);
cipher.init(mode, secretKey, paramSpec);
} else if (paramSpec instanceof IvParameterSpec) {
paramSpec = new IvParameterSpec(SecurityConstants.SALT);
cipher.init(mode, secretKey, paramSpec);
} else {
cipher.init(mode, secretKey, (AlgorithmParameterSpec) null);
}
}
Also used :
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
Example 92 with AlgorithmParameterSpec
use of java.security.spec.AlgorithmParameterSpec in project walle by Meituan-Dianping.
the class V2SchemeVerifier method parseSigner.
/**
* Parses the provided signer block and populates the {@code result}.
*
* <p>This verifies signatures over {@code signed-data} contained in this block but does not
* verify the integrity of the rest of the APK. Rather, this method adds to the
* {@code contentDigestsToVerify}.
*/
private static void parseSigner(ByteBuffer signerBlock, CertificateFactory certFactory, Result.SignerInfo result, Set<ContentDigestAlgorithm> contentDigestsToVerify) throws IOException {
ByteBuffer signedData = getLengthPrefixedSlice(signerBlock);
byte[] signedDataBytes = new byte[signedData.remaining()];
signedData.get(signedDataBytes);
signedData.flip();
result.signedData = signedDataBytes;
ByteBuffer signatures = getLengthPrefixedSlice(signerBlock);
byte[] publicKeyBytes = readLengthPrefixedByteArray(signerBlock);
// Parse the signatures block and identify supported signatures
int signatureCount = 0;
List<SupportedSignature> supportedSignatures = new ArrayList<>(1);
while (signatures.hasRemaining()) {
signatureCount++;
try {
ByteBuffer signature = getLengthPrefixedSlice(signatures);
int sigAlgorithmId = signature.getInt();
byte[] sigBytes = readLengthPrefixedByteArray(signature);
result.signatures.add(new Result.SignerInfo.Signature(sigAlgorithmId, sigBytes));
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.findById(sigAlgorithmId);
if (signatureAlgorithm == null) {
result.addWarning(Issue.V2_SIG_UNKNOWN_SIG_ALGORITHM, sigAlgorithmId);
continue;
}
supportedSignatures.add(new SupportedSignature(signatureAlgorithm, sigBytes));
} catch (IOException | BufferUnderflowException e) {
result.addError(Issue.V2_SIG_MALFORMED_SIGNATURE, signatureCount);
return;
}
}
if (result.signatures.isEmpty()) {
result.addError(Issue.V2_SIG_NO_SIGNATURES);
return;
}
// Verify signatures over signed-data block using the public key
List<SupportedSignature> signaturesToVerify = getSignaturesToVerify(supportedSignatures);
if (signaturesToVerify.isEmpty()) {
result.addError(Issue.V2_SIG_NO_SUPPORTED_SIGNATURES);
return;
}
for (SupportedSignature signature : signaturesToVerify) {
SignatureAlgorithm signatureAlgorithm = signature.algorithm;
String jcaSignatureAlgorithm = signatureAlgorithm.getJcaSignatureAlgorithmAndParams().getFirst();
AlgorithmParameterSpec jcaSignatureAlgorithmParams = signatureAlgorithm.getJcaSignatureAlgorithmAndParams().getSecond();
String keyAlgorithm = signatureAlgorithm.getJcaKeyAlgorithm();
PublicKey publicKey;
try {
publicKey = KeyFactory.getInstance(keyAlgorithm).generatePublic(new X509EncodedKeySpec(publicKeyBytes));
} catch (Exception e) {
result.addError(Issue.V2_SIG_MALFORMED_PUBLIC_KEY, e);
return;
}
try {
Signature sig = Signature.getInstance(jcaSignatureAlgorithm);
sig.initVerify(publicKey);
if (jcaSignatureAlgorithmParams != null) {
sig.setParameter(jcaSignatureAlgorithmParams);
}
signedData.position(0);
sig.update(signedData);
byte[] sigBytes = signature.signature;
if (!sig.verify(sigBytes)) {
result.addError(Issue.V2_SIG_DID_NOT_VERIFY, signatureAlgorithm);
return;
}
result.verifiedSignatures.put(signatureAlgorithm, sigBytes);
contentDigestsToVerify.add(signatureAlgorithm.getContentDigestAlgorithm());
} catch (Exception e) {
result.addError(Issue.V2_SIG_VERIFY_EXCEPTION, signatureAlgorithm, e);
return;
}
}
// At least one signature over signedData has verified. We can now parse signed-data.
signedData.position(0);
ByteBuffer digests = getLengthPrefixedSlice(signedData);
ByteBuffer certificates = getLengthPrefixedSlice(signedData);
ByteBuffer additionalAttributes = getLengthPrefixedSlice(signedData);
// Parse the certificates block
int certificateIndex = -1;
while (certificates.hasRemaining()) {
certificateIndex++;
byte[] encodedCert = readLengthPrefixedByteArray(certificates);
X509Certificate certificate;
try {
certificate = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(encodedCert));
} catch (CertificateException e) {
result.addError(Issue.V2_SIG_MALFORMED_CERTIFICATE, certificateIndex, certificateIndex + 1, e);
return;
}
// Wrap the cert so that the result's getEncoded returns exactly the original encoded
// form. Without this, getEncoded may return a different form from what was stored in
// the signature. This is becase some X509Certificate(Factory) implementations re-encode
// certificates.
certificate = new GuaranteedEncodedFormX509Certificate(certificate, encodedCert);
result.certs.add(certificate);
}
if (result.certs.isEmpty()) {
result.addError(Issue.V2_SIG_NO_CERTIFICATES);
return;
}
X509Certificate mainCertificate = result.certs.get(0);
byte[] certificatePublicKeyBytes = mainCertificate.getPublicKey().getEncoded();
if (!Arrays.equals(publicKeyBytes, certificatePublicKeyBytes)) {
result.addError(Issue.V2_SIG_PUBLIC_KEY_MISMATCH_BETWEEN_CERTIFICATE_AND_SIGNATURES_RECORD, toHex(certificatePublicKeyBytes), toHex(publicKeyBytes));
return;
}
// Parse the digests block
int digestCount = 0;
while (digests.hasRemaining()) {
digestCount++;
try {
ByteBuffer digest = getLengthPrefixedSlice(digests);
int sigAlgorithmId = digest.getInt();
byte[] digestBytes = readLengthPrefixedByteArray(digest);
result.contentDigests.add(new Result.SignerInfo.ContentDigest(sigAlgorithmId, digestBytes));
} catch (IOException | BufferUnderflowException e) {
result.addError(Issue.V2_SIG_MALFORMED_DIGEST, digestCount);
return;
}
}
List<Integer> sigAlgsFromSignaturesRecord = new ArrayList<>(result.signatures.size());
for (Result.SignerInfo.Signature signature : result.signatures) {
sigAlgsFromSignaturesRecord.add(signature.getAlgorithmId());
}
List<Integer> sigAlgsFromDigestsRecord = new ArrayList<>(result.contentDigests.size());
for (Result.SignerInfo.ContentDigest digest : result.contentDigests) {
sigAlgsFromDigestsRecord.add(digest.getSignatureAlgorithmId());
}
if (!sigAlgsFromSignaturesRecord.equals(sigAlgsFromDigestsRecord)) {
result.addError(Issue.V2_SIG_SIG_ALG_MISMATCH_BETWEEN_SIGNATURES_AND_DIGESTS_RECORDS, sigAlgsFromSignaturesRecord, sigAlgsFromDigestsRecord);
return;
}
// Parse the additional attributes block.
int additionalAttributeCount = 0;
while (additionalAttributes.hasRemaining()) {
additionalAttributeCount++;
try {
ByteBuffer attribute = getLengthPrefixedSlice(additionalAttributes);
int id = attribute.getInt();
byte[] value = readLengthPrefixedByteArray(attribute);
result.additionalAttributes.add(new Result.SignerInfo.AdditionalAttribute(id, value));
result.addWarning(Issue.V2_SIG_UNKNOWN_ADDITIONAL_ATTRIBUTE, id);
} catch (IOException | BufferUnderflowException e) {
result.addError(Issue.V2_SIG_MALFORMED_ADDITIONAL_ATTRIBUTE, additionalAttributeCount);
return;
}
}
}
Also used :
ArrayList(java.util.ArrayList)
CertificateException(java.security.cert.CertificateException)
BufferUnderflowException(java.nio.BufferUnderflowException)
PublicKey(java.security.PublicKey)
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
IOException(java.io.IOException)
ByteBuffer(java.nio.ByteBuffer)
DigestException(java.security.DigestException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
BufferUnderflowException(java.nio.BufferUnderflowException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X509Certificate(java.security.cert.X509Certificate)
DelegatingX509Certificate(com.android.apksigner.core.internal.util.DelegatingX509Certificate)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Signature(java.security.Signature)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
Example 93 with AlgorithmParameterSpec
use of java.security.spec.AlgorithmParameterSpec in project j2objc by google.
the class KeyPairGeneratorSpiTest method testKeyPairGeneratorSpi01.
/**
* Test for <code>KeyPairGeneratorSpi</code> constructor
* Assertion: constructs KeyPairGeneratorSpi
*/
public void testKeyPairGeneratorSpi01() throws InvalidAlgorithmParameterException, InvalidParameterException {
KeyPairGeneratorSpi keyPairGen = new MyKeyPairGeneratorSpi();
AlgorithmParameterSpec pp = null;
try {
keyPairGen.initialize(pp, null);
fail("UnsupportedOperationException must be thrown");
} catch (UnsupportedOperationException e) {
}
keyPairGen.initialize(pp, new SecureRandom());
keyPairGen.initialize(1024, new SecureRandom());
try {
keyPairGen.initialize(-1024, new SecureRandom());
fail("IllegalArgumentException must be thrown for incorrect keysize");
} catch (IllegalArgumentException e) {
}
try {
keyPairGen.initialize(1024, null);
fail("IllegalArgumentException must be thrown");
} catch (IllegalArgumentException e) {
assertEquals("Incorrect exception", e.getMessage(), "Invalid random");
}
KeyPair kp = keyPairGen.generateKeyPair();
assertNull("Not null KeyPair", kp);
}
Also used :
KeyPair(java.security.KeyPair)
MyKeyPairGeneratorSpi(org.apache.harmony.security.tests.support.MyKeyPairGeneratorSpi)
SecureRandom(java.security.SecureRandom)
MyKeyPairGeneratorSpi(org.apache.harmony.security.tests.support.MyKeyPairGeneratorSpi)
KeyPairGeneratorSpi(java.security.KeyPairGeneratorSpi)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
Example 94 with AlgorithmParameterSpec
use of java.security.spec.AlgorithmParameterSpec in project j2objc by google.
the class AlgorithmParameterGeneratorSpiTest method testAlgorithmParameterGeneratorSpi01.
/**
* Test for <code>AlgorithmParameterGeneratorSpi</code> constructor
* Assertion: constructs AlgorithmParameterGeneratorSpi
*/
public void testAlgorithmParameterGeneratorSpi01() throws InvalidAlgorithmParameterException {
MyAlgorithmParameterGeneratorSpi algParGen = new MyAlgorithmParameterGeneratorSpi();
AlgorithmParameters param = algParGen.engineGenerateParameters();
assertNull("Not null parameters", param);
AlgorithmParameterSpec pp = null;
algParGen.engineInit(pp, new SecureRandom());
try {
algParGen.engineInit(pp, null);
fail("IllegalArgumentException must be thrown");
} catch (IllegalArgumentException e) {
}
algParGen.engineInit(0, null);
algParGen.engineInit(0, new SecureRandom());
try {
algParGen.engineInit(-10, null);
fail("IllegalArgumentException must be thrown");
} catch (IllegalArgumentException e) {
}
try {
algParGen.engineInit(-10, new SecureRandom());
fail("IllegalArgumentException must be thrown");
} catch (IllegalArgumentException e) {
}
}
Also used :
MyAlgorithmParameterGeneratorSpi(org.apache.harmony.security.tests.support.MyAlgorithmParameterGeneratorSpi)
SecureRandom(java.security.SecureRandom)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
AlgorithmParameters(java.security.AlgorithmParameters)
Example 95 with AlgorithmParameterSpec
use of java.security.spec.AlgorithmParameterSpec in project j2objc by google.
the class SignatureTest method testSetParameterAlgorithmParameterSpec.
/*
* Class under test for void setParameter(AlgorithmParameterSpec)
*/
public void testSetParameterAlgorithmParameterSpec() throws InvalidAlgorithmParameterException {
MySignature1 s = new MySignature1("ABC");
try {
s.setParameter((java.security.spec.AlgorithmParameterSpec) null);
fail("No expected UnsupportedOperationException");
} catch (UnsupportedOperationException e) {
}
try {
Signature sig = getTestSignature();
sig.setParameter(new AlgorithmParameterSpec() {
});
} catch (InvalidAlgorithmParameterException e) {
fail("unexpected: " + e);
} catch (NoSuchAlgorithmException e) {
fail("unexpected: " + e);
}
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
Signature(java.security.Signature)
MySignature1(org.apache.harmony.security.tests.support.MySignature1)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
Aggregations
AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)173
IvParameterSpec (javax.crypto.spec.IvParameterSpec)56
Cipher (javax.crypto.Cipher)55
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)49
InvalidKeyException (java.security.InvalidKeyException)42
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)37
SecretKey (javax.crypto.SecretKey)27
SecureRandom (java.security.SecureRandom)24
IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)24
BadPaddingException (javax.crypto.BadPaddingException)21
NoSuchPaddingException (javax.crypto.NoSuchPaddingException)20
BigInteger (java.math.BigInteger)19
RSAKeyGenParameterSpec (java.security.spec.RSAKeyGenParameterSpec)19
ShortBufferException (javax.crypto.ShortBufferException)19
Key (java.security.Key)18
SecretKeySpec (javax.crypto.spec.SecretKeySpec)18
AlgorithmParameters (java.security.AlgorithmParameters)16
KeyGenerator (javax.crypto.KeyGenerator)16
IOException (java.io.IOException)14
MyCipher (org.apache.harmony.crypto.tests.support.MyCipher)14
