use of org.bouncycastle.crypto.Digest in project XobotOS by xamarin.
the class SubjectKeyIdentifier method getDigest.
private static byte[] getDigest(SubjectPublicKeyInfo spki) {
Digest digest = new SHA1Digest();
byte[] resBuf = new byte[digest.getDigestSize()];
byte[] bytes = spki.getPublicKeyData().getBytes();
digest.update(bytes, 0, bytes.length);
digest.doFinal(resBuf, 0);
return resBuf;
}
use of org.bouncycastle.crypto.Digest in project robovm by robovm.
the class CertBlacklist method isPublicKeyBlackListed.
public boolean isPublicKeyBlackListed(PublicKey publicKey) {
byte[] encoded = publicKey.getEncoded();
Digest digest = AndroidDigestFactory.getSHA1();
digest.update(encoded, 0, encoded.length);
byte[] out = new byte[digest.getDigestSize()];
digest.doFinal(out, 0);
for (byte[] blacklisted : pubkeyBlacklist) {
if (Arrays.equals(blacklisted, Hex.encode(out))) {
return true;
}
}
return false;
}
use of org.bouncycastle.crypto.Digest in project xipki by xipki.
the class P11RSAPSSSignatureSpi method engineSetParameter.
@Override
protected void engineSetParameter(AlgorithmParameterSpec params) throws InvalidParameterException {
if (params instanceof PSSParameterSpec) {
PSSParameterSpec newParamSpec = (PSSParameterSpec) params;
if (originalSpec != null) {
if (!DigestFactory.isSameDigest(originalSpec.getDigestAlgorithm(), newParamSpec.getDigestAlgorithm())) {
throw new InvalidParameterException("parameter must be using " + originalSpec.getDigestAlgorithm());
}
}
if (!newParamSpec.getMGFAlgorithm().equalsIgnoreCase("MGF1") && !newParamSpec.getMGFAlgorithm().equals(PKCSObjectIdentifiers.id_mgf1.getId())) {
throw new InvalidParameterException("unknown mask generation function specified");
}
if (!(newParamSpec.getMGFParameters() instanceof MGF1ParameterSpec)) {
throw new InvalidParameterException("unkown MGF parameters");
}
MGF1ParameterSpec mgfParams = (MGF1ParameterSpec) newParamSpec.getMGFParameters();
if (!DigestFactory.isSameDigest(mgfParams.getDigestAlgorithm(), newParamSpec.getDigestAlgorithm())) {
throw new InvalidParameterException("digest algorithm for MGF should be the same as for PSS parameters.");
}
Digest newDigest = DigestFactory.getDigest(mgfParams.getDigestAlgorithm());
if (newDigest == null) {
throw new InvalidParameterException("no match on MGF digest algorithm: " + mgfParams.getDigestAlgorithm());
}
this.engineParams = null;
this.paramSpec = newParamSpec;
this.mgfDigest = newDigest;
this.saltLength = paramSpec.getSaltLength();
this.trailer = getTrailer(paramSpec.getTrailerField());
setupContentDigest();
} else {
throw new InvalidParameterException("only PSSParameterSpec supported");
}
}
use of org.bouncycastle.crypto.Digest in project xipki by xipki.
the class SignerUtil method createPSSRSASigner.
// CHECKSTYLE:SKIP
public static PSSSigner createPSSRSASigner(AlgorithmIdentifier sigAlgId, AsymmetricBlockCipher cipher) throws XiSecurityException {
ParamUtil.requireNonNull("sigAlgId", sigAlgId);
if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(sigAlgId.getAlgorithm())) {
throw new XiSecurityException("signature algorithm " + sigAlgId.getAlgorithm() + " is not allowed");
}
AlgorithmIdentifier digAlgId;
try {
digAlgId = AlgorithmUtil.extractDigesetAlgFromSigAlg(sigAlgId);
} catch (NoSuchAlgorithmException ex) {
throw new XiSecurityException(ex.getMessage(), ex);
}
RSASSAPSSparams param = RSASSAPSSparams.getInstance(sigAlgId.getParameters());
AlgorithmIdentifier mfgDigAlgId = AlgorithmIdentifier.getInstance(param.getMaskGenAlgorithm().getParameters());
Digest dig = getDigest(digAlgId);
Digest mfgDig = getDigest(mfgDigAlgId);
int saltSize = param.getSaltLength().intValue();
int trailerField = param.getTrailerField().intValue();
AsymmetricBlockCipher tmpCipher = (cipher == null) ? new RSABlindedEngine() : cipher;
return new PSSSigner(tmpCipher, dig, mfgDig, saltSize, getTrailer(trailerField));
}
use of org.bouncycastle.crypto.Digest in project fabric-sdk-java by hyperledger.
the class Endpoint method getClientTLSCertificateDigest.
byte[] getClientTLSCertificateDigest() {
if (tlsClientCertificatePEMBytes != null && clientTLSCertificateDigest == null) {
String pemCert = new String(tlsClientCertificatePEMBytes, UTF_8);
byte[] derBytes = Base64.getDecoder().decode(pemCert.replaceAll("-+[ \t]*(BEGIN|END)[ \t]+CERTIFICATE[ \t]*-+", "").replaceAll("\\s", "").trim());
Digest digest = new SHA256Digest();
clientTLSCertificateDigest = new byte[digest.getDigestSize()];
digest.update(derBytes, 0, derBytes.length);
digest.doFinal(clientTLSCertificateDigest, 0);
}
return clientTLSCertificateDigest;
}
Aggregations