Search in sources :

Example 16 with PSource

use of javax.crypto.spec.PSource in project j2objc by google.

the class OAEPParameterSpecTest method testGetDigestAlgorithm.

/**
 * getDigestAlgorithm() method testing.
 */
public void testGetDigestAlgorithm() {
    String mdName = "SHA-1";
    String mgfName = "MGF1";
    AlgorithmParameterSpec mgfSpec = MGF1ParameterSpec.SHA1;
    PSource pSrc = PSource.PSpecified.DEFAULT;
    OAEPParameterSpec ps = new OAEPParameterSpec(mdName, mgfName, mgfSpec, pSrc);
    assertTrue("The returned value does not equal to the " + "value specified in the constructor.", ps.getDigestAlgorithm().equals(mdName));
}
Also used : PSource(javax.crypto.spec.PSource) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec)

Example 17 with PSource

use of javax.crypto.spec.PSource in project j2objc by google.

the class OAEPParameterSpecTest method testGetPSource.

/**
 * getPSource() method testing.
 */
public void testGetPSource() {
    String mdName = "SHA-1";
    String mgfName = "MGF1";
    AlgorithmParameterSpec mgfSpec = MGF1ParameterSpec.SHA1;
    PSource pSrc = PSource.PSpecified.DEFAULT;
    OAEPParameterSpec ps = new OAEPParameterSpec(mdName, mgfName, mgfSpec, pSrc);
    assertTrue("The returned value does not equal to the " + "value specified in the constructor.", ps.getPSource() == pSrc);
}
Also used : PSource(javax.crypto.spec.PSource) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec)

Example 18 with PSource

use of javax.crypto.spec.PSource in project j2objc by google.

the class OAEPParameterSpecTest method testGetMGFAlgorithm.

/**
 * getMGFAlgorithm() method testing.
 */
public void testGetMGFAlgorithm() {
    String mdName = "SHA-1";
    String mgfName = "MGF1";
    AlgorithmParameterSpec mgfSpec = MGF1ParameterSpec.SHA1;
    PSource pSrc = PSource.PSpecified.DEFAULT;
    OAEPParameterSpec ps = new OAEPParameterSpec(mdName, mgfName, mgfSpec, pSrc);
    assertTrue("The returned value does not equal to the " + "value specified in the constructor.", ps.getMGFAlgorithm().equals(mgfName));
}
Also used : PSource(javax.crypto.spec.PSource) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec)

Example 19 with PSource

use of javax.crypto.spec.PSource in project santuario-java by apache.

the class XMLEncryptOutputProcessor method createInternalEncryptionOutputProcessor.

/**
 * Override this method to return a different AbstractInternalEncryptionOutputProcessor instance
 * which will write out the KeyInfo contents in the EncryptedData.
 */
protected AbstractInternalEncryptionOutputProcessor createInternalEncryptionOutputProcessor(EncryptionPartDef encryptionPartDef, XMLSecStartElement startElement, String encoding, final OutboundSecurityToken keyWrappingToken) throws XMLStreamException, XMLSecurityException {
    final AbstractInternalEncryptionOutputProcessor processor = new AbstractInternalEncryptionOutputProcessor(encryptionPartDef, startElement, encoding) {

        @Override
        protected void createKeyInfoStructure(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
            if (keyWrappingToken == null) {
                // Do not write out a KeyInfo element
                return;
            }
            final String encryptionKeyTransportAlgorithm = getSecurityProperties().getEncryptionKeyTransportAlgorithm();
            PublicKey pubKey = keyWrappingToken.getPublicKey();
            Key secretKey = keyWrappingToken.getSecretKey(encryptionKeyTransportAlgorithm);
            if (pubKey == null && secretKey == null) {
                // Do not write out a KeyInfo element
                return;
            }
            createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo, true, null);
            List<XMLSecAttribute> attributes = new ArrayList<>(1);
            String keyId = IDGenerator.generateID("EK");
            attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Id, keyId));
            createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptedKey, true, attributes);
            attributes = new ArrayList<>(1);
            attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, encryptionKeyTransportAlgorithm));
            createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptionMethod, false, attributes);
            final String encryptionKeyTransportDigestAlgorithm = getSecurityProperties().getEncryptionKeyTransportDigestAlgorithm();
            final String encryptionKeyTransportMGFAlgorithm = getSecurityProperties().getEncryptionKeyTransportMGFAlgorithm();
            if (XMLSecurityConstants.NS_XENC11_RSAOAEP.equals(encryptionKeyTransportAlgorithm) || XMLSecurityConstants.NS_XENC_RSAOAEPMGF1P.equals(encryptionKeyTransportAlgorithm)) {
                byte[] oaepParams = getSecurityProperties().getEncryptionKeyTransportOAEPParams();
                if (oaepParams != null) {
                    createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_OAEPparams, false, null);
                    createCharactersAndOutputAsEvent(outputProcessorChain, Base64.getMimeEncoder().encodeToString(oaepParams));
                    createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_OAEPparams);
                }
                if (encryptionKeyTransportDigestAlgorithm != null) {
                    attributes = new ArrayList<>(1);
                    attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, encryptionKeyTransportDigestAlgorithm));
                    createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_DigestMethod, true, attributes);
                    createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_DigestMethod);
                }
                if (encryptionKeyTransportMGFAlgorithm != null) {
                    attributes = new ArrayList<>(1);
                    attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, encryptionKeyTransportMGFAlgorithm));
                    createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc11_MGF, true, attributes);
                    createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc11_MGF);
                }
            }
            createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptionMethod);
            createKeyInfoStructureForEncryptedKey(outputProcessorChain, keyWrappingToken);
            createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherData, false, null);
            createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherValue, false, null);
            // encrypt the symmetric session key with the public key from the receiver:
            String jceid = JCEAlgorithmMapper.translateURItoJCEID(encryptionKeyTransportAlgorithm);
            if (jceid == null) {
                throw new XMLSecurityException("algorithms.NoSuchMap", new Object[] { encryptionKeyTransportAlgorithm });
            }
            try {
                Cipher cipher = Cipher.getInstance(jceid);
                AlgorithmParameterSpec algorithmParameterSpec = null;
                if (XMLSecurityConstants.NS_XENC11_RSAOAEP.equals(encryptionKeyTransportAlgorithm) || XMLSecurityConstants.NS_XENC_RSAOAEPMGF1P.equals(encryptionKeyTransportAlgorithm)) {
                    String jceDigestAlgorithm = "SHA-1";
                    if (encryptionKeyTransportDigestAlgorithm != null) {
                        jceDigestAlgorithm = JCEAlgorithmMapper.translateURItoJCEID(encryptionKeyTransportDigestAlgorithm);
                    }
                    PSource.PSpecified pSource = PSource.PSpecified.DEFAULT;
                    byte[] oaepParams = getSecurityProperties().getEncryptionKeyTransportOAEPParams();
                    if (oaepParams != null) {
                        pSource = new PSource.PSpecified(oaepParams);
                    }
                    MGF1ParameterSpec mgfParameterSpec = new MGF1ParameterSpec("SHA-1");
                    if (encryptionKeyTransportMGFAlgorithm != null) {
                        String jceMGFAlgorithm = JCEAlgorithmMapper.translateURItoJCEID(encryptionKeyTransportMGFAlgorithm);
                        mgfParameterSpec = new MGF1ParameterSpec(jceMGFAlgorithm);
                    }
                    algorithmParameterSpec = new OAEPParameterSpec(jceDigestAlgorithm, "MGF1", mgfParameterSpec, pSource);
                }
                if (pubKey != null) {
                    cipher.init(Cipher.WRAP_MODE, pubKey, algorithmParameterSpec);
                } else {
                    cipher.init(Cipher.WRAP_MODE, secretKey, algorithmParameterSpec);
                }
                String tokenId = outputProcessorChain.getSecurityContext().get(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);
                SecurityTokenProvider<OutboundSecurityToken> securityTokenProvider = outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
                final OutboundSecurityToken securityToken = securityTokenProvider.getSecurityToken();
                Key sessionKey = securityToken.getSecretKey(getSecurityProperties().getEncryptionSymAlgorithm());
                if (pubKey != null) {
                    int blockSize = cipher.getBlockSize();
                    if (blockSize > 0 && blockSize < sessionKey.getEncoded().length) {
                        throw new XMLSecurityException("stax.unsupportedKeyTransp");
                    }
                }
                byte[] encryptedEphemeralKey = cipher.wrap(sessionKey);
                createCharactersAndOutputAsEvent(outputProcessorChain, Base64.getMimeEncoder().encodeToString(encryptedEphemeralKey));
            } catch (NoSuchPaddingException e) {
                throw new XMLSecurityException(e);
            } catch (NoSuchAlgorithmException e) {
                throw new XMLSecurityException(e);
            } catch (InvalidKeyException e) {
                throw new XMLSecurityException(e);
            } catch (IllegalBlockSizeException e) {
                throw new XMLSecurityException(e);
            } catch (InvalidAlgorithmParameterException e) {
                throw new XMLSecurityException(e);
            }
            createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherValue);
            createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherData);
            createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptedKey);
            createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo);
        }

        protected void createKeyInfoStructureForEncryptedKey(OutputProcessorChain outputProcessorChain, OutboundSecurityToken securityToken) throws XMLStreamException, XMLSecurityException {
            SecurityTokenConstants.KeyIdentifier keyIdentifier = getSecurityProperties().getEncryptionKeyIdentifier();
            X509Certificate[] x509Certificates = securityToken.getX509Certificates();
            if (x509Certificates == null) {
                if (securityToken.getPublicKey() != null && SecurityTokenConstants.KeyIdentifier_KeyValue.equals(keyIdentifier)) {
                    createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo, true, null);
                    XMLSecurityUtils.createKeyValueTokenStructure(this, outputProcessorChain, securityToken.getPublicKey());
                    createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo);
                }
                return;
            }
            if (!SecurityTokenConstants.KeyIdentifier_NoKeyInfo.equals(keyIdentifier)) {
                createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo, true, null);
                if (keyIdentifier == null || SecurityTokenConstants.KeyIdentifier_IssuerSerial.equals(keyIdentifier)) {
                    XMLSecurityUtils.createX509IssuerSerialStructure(this, outputProcessorChain, x509Certificates);
                } else if (SecurityTokenConstants.KeyIdentifier_KeyValue.equals(keyIdentifier)) {
                    XMLSecurityUtils.createKeyValueTokenStructure(this, outputProcessorChain, x509Certificates);
                } else if (SecurityTokenConstants.KeyIdentifier_SkiKeyIdentifier.equals(keyIdentifier)) {
                    XMLSecurityUtils.createX509SubjectKeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
                } else if (SecurityTokenConstants.KeyIdentifier_X509KeyIdentifier.equals(keyIdentifier)) {
                    XMLSecurityUtils.createX509CertificateStructure(this, outputProcessorChain, x509Certificates);
                } else if (SecurityTokenConstants.KeyIdentifier_X509SubjectName.equals(keyIdentifier)) {
                    XMLSecurityUtils.createX509SubjectNameStructure(this, outputProcessorChain, x509Certificates);
                } else if (SecurityTokenConstants.KeyIdentifier_KeyName.equals(keyIdentifier)) {
                    String keyName = getSecurityProperties().getEncryptionKeyName();
                    XMLSecurityUtils.createKeyNameTokenStructure(this, outputProcessorChain, keyName);
                } else {
                    throw new XMLSecurityException("stax.unsupportedToken", new Object[] { keyIdentifier });
                }
                createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo);
            }
        }
    };
    processor.getAfterProcessors().add(XMLEncryptOutputProcessor.class.getName());
    return processor;
}
Also used : ArrayList(java.util.ArrayList) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) OutboundSecurityToken(org.apache.xml.security.stax.securityToken.OutboundSecurityToken) XMLSecAttribute(org.apache.xml.security.stax.ext.stax.XMLSecAttribute) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) SecurityTokenConstants(org.apache.xml.security.stax.securityToken.SecurityTokenConstants) PSource(javax.crypto.spec.PSource) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) X509Certificate(java.security.cert.X509Certificate) OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec) Cipher(javax.crypto.Cipher) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) MGF1ParameterSpec(java.security.spec.MGF1ParameterSpec)

Example 20 with PSource

use of javax.crypto.spec.PSource in project wycheproof by google.

the class RsaOaepTest method getOaepParameters.

protected static OAEPParameterSpec getOaepParameters(JsonObject group, JsonObject test) throws Exception {
    String sha = getString(group, "sha");
    String mgf = getString(group, "mgf");
    String mgfSha = getString(group, "mgfSha");
    PSource p = PSource.PSpecified.DEFAULT;
    if (test.has("label")) {
        p = new PSource.PSpecified(getBytes(test, "label"));
    }
    return new OAEPParameterSpec(sha, mgf, new MGF1ParameterSpec(mgfSha), p);
}
Also used : PSource(javax.crypto.spec.PSource) OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec) MGF1ParameterSpec(java.security.spec.MGF1ParameterSpec)

Aggregations

PSource (javax.crypto.spec.PSource)20 OAEPParameterSpec (javax.crypto.spec.OAEPParameterSpec)17 AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)13 MGF1ParameterSpec (java.security.spec.MGF1ParameterSpec)7 InvalidParameterSpecException (java.security.spec.InvalidParameterSpecException)2 X509Certificate (java.security.cert.X509Certificate)1 ArrayList (java.util.ArrayList)1 Cipher (javax.crypto.Cipher)1 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)1 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)1 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)1 XMLSecAttribute (org.apache.xml.security.stax.ext.stax.XMLSecAttribute)1 OutboundSecurityToken (org.apache.xml.security.stax.securityToken.OutboundSecurityToken)1 SecurityTokenConstants (org.apache.xml.security.stax.securityToken.SecurityTokenConstants)1