Search in sources :

Example 1 with BcDSAContentVerifierProviderBuilder

use of org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder in project xipki by xipki.

the class CmpCaClient method getContentVerifierProvider.

// method verifyProtection
public static ContentVerifierProvider getContentVerifierProvider(PublicKey publicKey) throws InvalidKeyException {
    SdkUtil.requireNonNull("publicKey", publicKey);
    String keyAlg = publicKey.getAlgorithm().toUpperCase();
    DigestAlgorithmIdentifierFinder digAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
    BcContentVerifierProviderBuilder builder;
    if ("RSA".equals(keyAlg)) {
        builder = new BcRSAContentVerifierProviderBuilder(digAlgFinder);
    } else if ("DSA".equals(keyAlg)) {
        builder = new BcDSAContentVerifierProviderBuilder(digAlgFinder);
    } else if ("EC".equals(keyAlg) || "ECDSA".equals(keyAlg)) {
        builder = new BcECContentVerifierProviderBuilder(digAlgFinder);
    } else {
        throw new InvalidKeyException("unknown key algorithm of the public key " + keyAlg);
    }
    AsymmetricKeyParameter keyParam;
    if (publicKey instanceof RSAPublicKey) {
        RSAPublicKey rsaKey = (RSAPublicKey) publicKey;
        keyParam = new RSAKeyParameters(false, rsaKey.getModulus(), rsaKey.getPublicExponent());
    } else if (publicKey instanceof ECPublicKey) {
        keyParam = ECUtil.generatePublicKeyParameter(publicKey);
    } else if (publicKey instanceof DSAPublicKey) {
        keyParam = DSAUtil.generatePublicKeyParameter(publicKey);
    } else {
        throw new InvalidKeyException("unknown key " + publicKey.getClass().getName());
    }
    try {
        return builder.build(keyParam);
    } catch (OperatorCreationException ex) {
        throw new InvalidKeyException("could not build ContentVerifierProvider: " + ex.getMessage(), ex);
    }
}
Also used : BcRSAContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DigestAlgorithmIdentifierFinder) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) InvalidKeyException(java.security.InvalidKeyException) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) RSAKeyParameters(org.bouncycastle.crypto.params.RSAKeyParameters) DSAPublicKey(java.security.interfaces.DSAPublicKey) BcContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcContentVerifierProviderBuilder) AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter) RSAPublicKey(java.security.interfaces.RSAPublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) BcDSAContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) BcECContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcECContentVerifierProviderBuilder)

Example 2 with BcDSAContentVerifierProviderBuilder

use of org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder in project xipki by xipki.

the class CaEmulator method getContentVerifierProvider.

public ContentVerifierProvider getContentVerifierProvider(PublicKey publicKey) throws InvalidKeyException {
    ScepUtil.requireNonNull("publicKey", publicKey);
    String keyAlg = publicKey.getAlgorithm().toUpperCase();
    if ("EC".equals(keyAlg)) {
        keyAlg = "ECDSA";
    }
    BcContentVerifierProviderBuilder builder = VERIFIER_PROVIDER_BUILDER.get(keyAlg);
    if (builder == null) {
        if ("RSA".equals(keyAlg)) {
            builder = new BcRSAContentVerifierProviderBuilder(DFLT_DIGESTALG_IDENTIFIER_FINDER);
        } else if ("DSA".equals(keyAlg)) {
            builder = new BcDSAContentVerifierProviderBuilder(DFLT_DIGESTALG_IDENTIFIER_FINDER);
        } else if ("ECDSA".equals(keyAlg)) {
            builder = new BcECContentVerifierProviderBuilder(DFLT_DIGESTALG_IDENTIFIER_FINDER);
        } else {
            throw new InvalidKeyException("unknown key algorithm of the public key " + keyAlg);
        }
        VERIFIER_PROVIDER_BUILDER.put(keyAlg, builder);
    }
    AsymmetricKeyParameter keyParam = generatePublicKeyParameter(publicKey);
    try {
        return builder.build(keyParam);
    } catch (OperatorCreationException ex) {
        throw new InvalidKeyException("could not build ContentVerifierProvider: " + ex.getMessage(), ex);
    }
}
Also used : BcContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcContentVerifierProviderBuilder) AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter) BcRSAContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder) BcDSAContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder) InvalidKeyException(java.security.InvalidKeyException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) BcECContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcECContentVerifierProviderBuilder)

Example 3 with BcDSAContentVerifierProviderBuilder

use of org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder in project xipki by xipki.

the class SecurityFactoryImpl method getContentVerifierProvider.

@Override
public ContentVerifierProvider getContentVerifierProvider(PublicKey publicKey) throws InvalidKeyException {
    ParamUtil.requireNonNull("publicKey", publicKey);
    String keyAlg = publicKey.getAlgorithm().toUpperCase();
    BcContentVerifierProviderBuilder builder = VERIFIER_PROVIDER_BUILDER.get(keyAlg);
    if (builder == null) {
        if ("RSA".equals(keyAlg)) {
            builder = new XiRSAContentVerifierProviderBuilder(DIGESTALG_IDENTIFIER_FINDER);
        } else if ("DSA".equals(keyAlg)) {
            builder = new BcDSAContentVerifierProviderBuilder(DIGESTALG_IDENTIFIER_FINDER);
        } else if ("EC".equals(keyAlg) || "ECDSA".equals(keyAlg)) {
            builder = new XiECContentVerifierProviderBuilder(DIGESTALG_IDENTIFIER_FINDER);
        } else {
            throw new InvalidKeyException("unknown key algorithm of the public key " + keyAlg);
        }
        VERIFIER_PROVIDER_BUILDER.put(keyAlg, builder);
    }
    AsymmetricKeyParameter keyParam = KeyUtil.generatePublicKeyParameter(publicKey);
    try {
        return builder.build(keyParam);
    } catch (OperatorCreationException ex) {
        throw new InvalidKeyException("could not build ContentVerifierProvider: " + ex.getMessage(), ex);
    }
}
Also used : XiRSAContentVerifierProviderBuilder(org.xipki.security.bc.XiRSAContentVerifierProviderBuilder) BcContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcContentVerifierProviderBuilder) AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter) XiECContentVerifierProviderBuilder(org.xipki.security.bc.XiECContentVerifierProviderBuilder) BcDSAContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder) InvalidKeyException(java.security.InvalidKeyException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)

Example 4 with BcDSAContentVerifierProviderBuilder

use of org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder in project jruby-openssl by jruby.

the class SecurityHelper method verify.

static boolean verify(final X509CRL crl, final PublicKey publicKey, final boolean silent) throws NoSuchAlgorithmException, CRLException, InvalidKeyException, SignatureException {
    if (crl instanceof X509CRLObject) {
        final CertificateList crlList = (CertificateList) getCertificateList(crl);
        final AlgorithmIdentifier tbsSignatureId = crlList.getTBSCertList().getSignature();
        if (!crlList.getSignatureAlgorithm().equals(tbsSignatureId)) {
            if (silent)
                return false;
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }
        final Signature signature = getSignature(crl.getSigAlgName(), securityProvider);
        signature.initVerify(publicKey);
        signature.update(crl.getTBSCertList());
        if (!signature.verify(crl.getSignature())) {
            if (silent)
                return false;
            throw new SignatureException("CRL does not verify with supplied public key.");
        }
        return true;
    } else {
        try {
            final DigestAlgorithmIdentifierFinder digestAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
            final ContentVerifierProvider verifierProvider;
            if ("DSA".equalsIgnoreCase(publicKey.getAlgorithm())) {
                BigInteger y = ((DSAPublicKey) publicKey).getY();
                DSAParams params = ((DSAPublicKey) publicKey).getParams();
                DSAParameters parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
                AsymmetricKeyParameter dsaKey = new DSAPublicKeyParameters(y, parameters);
                verifierProvider = new BcDSAContentVerifierProviderBuilder(digestAlgFinder).build(dsaKey);
            } else {
                BigInteger mod = ((RSAPublicKey) publicKey).getModulus();
                BigInteger exp = ((RSAPublicKey) publicKey).getPublicExponent();
                AsymmetricKeyParameter rsaKey = new RSAKeyParameters(false, mod, exp);
                verifierProvider = new BcRSAContentVerifierProviderBuilder(digestAlgFinder).build(rsaKey);
            }
            return new X509CRLHolder(crl.getEncoded()).isSignatureValid(verifierProvider);
        } catch (OperatorException e) {
            throw new SignatureException(e);
        } catch (CertException e) {
            throw new SignatureException(e);
        }// can happen if the input is DER but does not match expected strucure
         catch (ClassCastException e) {
            throw new SignatureException(e);
        } catch (IOException e) {
            throw new SignatureException(e);
        }
    }
}
Also used : DSAPublicKeyParameters(org.bouncycastle.crypto.params.DSAPublicKeyParameters) X509CRLObject(org.bouncycastle.jce.provider.X509CRLObject) BcRSAContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder) CertificateList(org.bouncycastle.asn1.x509.CertificateList) CertException(org.bouncycastle.cert.CertException) SignatureException(java.security.SignatureException) DSAParams(java.security.interfaces.DSAParams) IOException(java.io.IOException) DigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DigestAlgorithmIdentifierFinder) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) RSAKeyParameters(org.bouncycastle.crypto.params.RSAKeyParameters) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) DSAPublicKey(java.security.interfaces.DSAPublicKey) AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter) RSAPublicKey(java.security.interfaces.RSAPublicKey) Signature(java.security.Signature) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) BcDSAContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder) CRLException(java.security.cert.CRLException) DSAParameters(org.bouncycastle.crypto.params.DSAParameters) OperatorException(org.bouncycastle.operator.OperatorException) ContentVerifierProvider(org.bouncycastle.operator.ContentVerifierProvider)

Aggregations

AsymmetricKeyParameter (org.bouncycastle.crypto.params.AsymmetricKeyParameter)4 BcDSAContentVerifierProviderBuilder (org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder)4 InvalidKeyException (java.security.InvalidKeyException)3 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)3 BcContentVerifierProviderBuilder (org.bouncycastle.operator.bc.BcContentVerifierProviderBuilder)3 BcRSAContentVerifierProviderBuilder (org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder)3 DSAPublicKey (java.security.interfaces.DSAPublicKey)2 RSAPublicKey (java.security.interfaces.RSAPublicKey)2 RSAKeyParameters (org.bouncycastle.crypto.params.RSAKeyParameters)2 DefaultDigestAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)2 DigestAlgorithmIdentifierFinder (org.bouncycastle.operator.DigestAlgorithmIdentifierFinder)2 BcECContentVerifierProviderBuilder (org.bouncycastle.operator.bc.BcECContentVerifierProviderBuilder)2 IOException (java.io.IOException)1 BigInteger (java.math.BigInteger)1 Signature (java.security.Signature)1 SignatureException (java.security.SignatureException)1 CRLException (java.security.cert.CRLException)1 DSAParams (java.security.interfaces.DSAParams)1 ECPublicKey (java.security.interfaces.ECPublicKey)1 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)1