Search in sources :

Example 86 with AlgorithmIdentifier

use of org.apache.harmony.security.x509.AlgorithmIdentifier in project jmulticard by ctt-gob-es.

the class SignerInformation method doVerify.

private boolean doVerify(SignerInformationVerifier verifier) throws CMSException {
    String encName = CMSSignedHelper.INSTANCE.getEncryptionAlgName(this.getEncryptionAlgOID());
    ContentVerifier contentVerifier;
    try {
        contentVerifier = verifier.getContentVerifier(encryptionAlgorithm, info.getDigestAlgorithm());
    } catch (OperatorCreationException e) {
        throw new CMSException("can't create content verifier: " + e.getMessage(), e);
    }
    try {
        OutputStream sigOut = contentVerifier.getOutputStream();
        if (resultDigest == null) {
            DigestCalculator calc = verifier.getDigestCalculator(this.getDigestAlgorithmID());
            if (content != null) {
                OutputStream digOut = calc.getOutputStream();
                if (signedAttributeSet == null) {
                    if (contentVerifier instanceof RawContentVerifier) {
                        content.write(digOut);
                    } else {
                        OutputStream cOut = new TeeOutputStream(digOut, sigOut);
                        content.write(cOut);
                        cOut.close();
                    }
                } else {
                    content.write(digOut);
                    sigOut.write(this.getEncodedSignedAttributes());
                }
                digOut.close();
            } else if (signedAttributeSet != null) {
                sigOut.write(this.getEncodedSignedAttributes());
            } else {
                // TODO Get rid of this exception and just treat content==null as empty not missing?
                throw new CMSException("data not encapsulated in signature - use detached constructor.");
            }
            resultDigest = calc.getDigest();
        } else {
            if (signedAttributeSet == null) {
                if (content != null) {
                    content.write(sigOut);
                }
            } else {
                sigOut.write(this.getEncodedSignedAttributes());
            }
        }
        sigOut.close();
    } catch (IOException e) {
        throw new CMSException("can't process mime object to create signature.", e);
    } catch (OperatorCreationException e) {
        throw new CMSException("can't create digest calculator: " + e.getMessage(), e);
    }
    // RFC 3852 11.1 Check the content-type attribute is correct
    verifyContentTypeAttributeValue();
    AttributeTable signedAttrTable = this.getSignedAttributes();
    // RFC 6211 Validate Algorithm Identifier protection attribute if present
    verifyAlgorithmIdentifierProtectionAttribute(signedAttrTable);
    // RFC 3852 11.2 Check the message-digest attribute is correct
    verifyMessageDigestAttribute();
    // RFC 3852 11.4 Validate countersignature attribute(s)
    verifyCounterSignatureAttribute(signedAttrTable);
    try {
        if (signedAttributeSet == null && resultDigest != null) {
            if (contentVerifier instanceof RawContentVerifier) {
                RawContentVerifier rawVerifier = (RawContentVerifier) contentVerifier;
                if (encName.equals("RSA")) {
                    DigestInfo digInfo = new DigestInfo(new AlgorithmIdentifier(digestAlgorithm.getAlgorithm(), DERNull.INSTANCE), resultDigest);
                    return rawVerifier.verify(digInfo.getEncoded(ASN1Encoding.DER), this.getSignature());
                }
                return rawVerifier.verify(resultDigest, this.getSignature());
            }
        }
        return contentVerifier.verify(this.getSignature());
    } catch (IOException e) {
        throw new CMSException("can't process mime object to create signature.", e);
    }
}
Also used : TeeOutputStream(org.bouncycastle.util.io.TeeOutputStream) DigestInfo(org.bouncycastle.asn1.x509.DigestInfo) ContentVerifier(org.bouncycastle.operator.ContentVerifier) RawContentVerifier(org.bouncycastle.operator.RawContentVerifier) OutputStream(java.io.OutputStream) TeeOutputStream(org.bouncycastle.util.io.TeeOutputStream) DigestCalculator(org.bouncycastle.operator.DigestCalculator) AttributeTable(org.bouncycastle.asn1.cms.AttributeTable) RawContentVerifier(org.bouncycastle.operator.RawContentVerifier) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) IOException(java.io.IOException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 87 with AlgorithmIdentifier

use of org.apache.harmony.security.x509.AlgorithmIdentifier in project jmulticard by ctt-gob-es.

the class SignerInformationVerifier method getContentVerifier.

public ContentVerifier getContentVerifier(AlgorithmIdentifier signingAlgorithm, AlgorithmIdentifier digestAlgorithm) throws OperatorCreationException {
    String signatureName = sigNameGenerator.getSignatureName(digestAlgorithm, signingAlgorithm);
    AlgorithmIdentifier baseAlgID = sigAlgorithmFinder.find(signatureName);
    return verifierProvider.get(new AlgorithmIdentifier(baseAlgID.getAlgorithm(), signingAlgorithm.getParameters()));
}
Also used : AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 88 with AlgorithmIdentifier

use of org.apache.harmony.security.x509.AlgorithmIdentifier in project jmulticard by ctt-gob-es.

the class BCECPublicKey method getEncoded.

public byte[] getEncoded() {
    boolean pcSet = Properties.isOverrideSet("org.bouncycastle.ec.enable_pc");
    if (encoding == null || oldPcSet != pcSet) {
        boolean compress = withCompression || pcSet;
        AlgorithmIdentifier algId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, ECUtils.getDomainParametersFromName(ecSpec, compress));
        byte[] pubKeyOctets = ecPublicKey.getQ().getEncoded(compress);
        // stored curve is null if ImplicitlyCa
        encoding = KeyUtil.getEncodedSubjectPublicKeyInfo(algId, pubKeyOctets);
        oldPcSet = pcSet;
    }
    return Arrays.clone(encoding);
}
Also used : AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 89 with AlgorithmIdentifier

use of org.apache.harmony.security.x509.AlgorithmIdentifier in project jmulticard by ctt-gob-es.

the class BCMcElieceCCA2PrivateKey method getEncoded.

/**
 * Return the keyData to encode in the SubjectPublicKeyInfo structure.
 * <p>
 * The ASN.1 definition of the key structure is
 * <pre>
 *   McEliecePrivateKey ::= SEQUENCE {
 *     m             INTEGER                  -- extension degree of the field
 *     k             INTEGER                  -- dimension of the code
 *     field         OCTET STRING             -- field polynomial
 *     goppaPoly     OCTET STRING             -- irreducible Goppa polynomial
 *     p             OCTET STRING             -- permutation vector
 *     matrixH       OCTET STRING             -- canonical check matrix
 *     sqRootMatrix  SEQUENCE OF OCTET STRING -- square root matrix
 *   }
 * </pre>
 * @return the keyData to encode in the SubjectPublicKeyInfo structure
 */
public byte[] getEncoded() {
    PrivateKeyInfo pki;
    try {
        McElieceCCA2PrivateKey privateKey = new McElieceCCA2PrivateKey(getN(), getK(), getField(), getGoppaPoly(), getP(), MessageDigestUtils.getDigestAlgID(params.getDigest()));
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PQCObjectIdentifiers.mcElieceCca2);
        pki = new PrivateKeyInfo(algorithmIdentifier, privateKey);
        return pki.getEncoded();
    } catch (IOException e) {
        return null;
    }
}
Also used : McElieceCCA2PrivateKey(org.bouncycastle.pqc.asn1.McElieceCCA2PrivateKey) IOException(java.io.IOException) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 90 with AlgorithmIdentifier

use of org.apache.harmony.security.x509.AlgorithmIdentifier in project jmulticard by ctt-gob-es.

the class BCMcEliecePrivateKey method getEncoded.

/**
 * Return the key data to encode in the SubjectPublicKeyInfo structure.
 * <p>
 * The ASN.1 definition of the key structure is
 * </p>
 * <pre>
 *   McEliecePrivateKey ::= SEQUENCE {
 *     n          INTEGER                   -- length of the code
 *     k          INTEGER                   -- dimension of the code
 *     fieldPoly  OCTET STRING              -- field polynomial defining GF(2&circ;m)
 *     getGoppaPoly()  OCTET STRING              -- irreducible Goppa polynomial
 *     sInv       OCTET STRING              -- matrix S&circ;-1
 *     p1         OCTET STRING              -- permutation P1
 *     p2         OCTET STRING              -- permutation P2
 *     h          OCTET STRING              -- canonical check matrix
 *     qInv       SEQUENCE OF OCTET STRING  -- matrix used to compute square roots
 *   }
 * </pre>
 *
 * @return the key data to encode in the SubjectPublicKeyInfo structure
 */
public byte[] getEncoded() {
    McEliecePrivateKey privateKey = new McEliecePrivateKey(params.getN(), params.getK(), params.getField(), params.getGoppaPoly(), params.getP1(), params.getP2(), params.getSInv());
    PrivateKeyInfo pki;
    try {
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PQCObjectIdentifiers.mcEliece);
        pki = new PrivateKeyInfo(algorithmIdentifier, privateKey);
    } catch (IOException e) {
        return null;
    }
    try {
        byte[] encoded = pki.getEncoded();
        return encoded;
    } catch (IOException e) {
        return null;
    }
}
Also used : IOException(java.io.IOException) McEliecePrivateKey(org.bouncycastle.pqc.asn1.McEliecePrivateKey) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Aggregations

AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)249 IOException (java.io.IOException)144 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)140 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)75 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)71 BigInteger (java.math.BigInteger)60 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)55 X500Name (org.bouncycastle.asn1.x500.X500Name)50 X509Certificate (java.security.cert.X509Certificate)43 Date (java.util.Date)43 ContentSigner (org.bouncycastle.operator.ContentSigner)39 DEROctetString (org.bouncycastle.asn1.DEROctetString)38 OutputStream (java.io.OutputStream)37 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)36 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)34 PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)33 BcRSAContentSignerBuilder (org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)33 DefaultDigestAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)31 DefaultSignatureAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)31 DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)28