Search in sources :

Example 1 with ASN1Encodable

use of org.openecard.bouncycastle.asn1.ASN1Encodable in project OpenAttestation by OpenAttestation.

the class X509AttributeCertificate method valueOf.

/**
     *
     * @param encodedCertificate
     * @return
     */
@JsonCreator
public static X509AttributeCertificate valueOf(@JsonProperty("encoded") byte[] encodedCertificate) {
    X509AttributeCertificate result = new X509AttributeCertificate(encodedCertificate);
    X509AttributeCertificateHolder cert;
    try {
        cert = new X509AttributeCertificateHolder(encodedCertificate);
    } catch (IOException e) {
        throw new IllegalArgumentException(e);
    }
    // calls toString() on each X500Name so we get the default representation; we can do it ourselves for custom display;  output example: CN=Attr CA,OU=CPG,OU=DCSG,O=Intel,ST=CA,C=US
    log.debug("issuer: {}", StringUtils.join(cert.getIssuer().getNames(), "; "));
    // but expected to be only one
    result.issuer = StringUtils.join(cert.getIssuer().getNames(), "; ");
    // output example:   1
    log.debug("serial number: {}", cert.getSerialNumber().toString());
    result.serialNumber = cert.getSerialNumber();
    // output example:  2.25=#041092a71a228c174522a18bfd3ed3d00b39
    log.debug("holder: {}", StringUtils.join(cert.getHolder().getEntityNames(), ", "));
    // now let's get the UUID specifically out of this
    log.debug("holder has {} entity names", cert.getHolder().getEntityNames().length);
    for (X500Name entityName : cert.getHolder().getEntityNames()) {
        log.debug("holder entity name has {} rdns", entityName.getRDNs().length);
        for (RDN rdn : entityName.getRDNs()) {
            log.debug("entity rdn is multivalued? {}", rdn.isMultiValued());
            AttributeTypeAndValue attr = rdn.getFirst();
            if (attr.getType().toString().equals(OID.HOST_UUID)) {
                UUID uuid = UUID.valueOf(DEROctetString.getInstance(attr.getValue()).getOctets());
                log.debug("holder uuid: {}", uuid);
                // example: 33766a63-5c55-4461-8a84-5936577df450
                result.subject = uuid.toString();
            }
        }
    }
    // if we ddin't identify the UUID,  just display the subject same way we did the issuer... concat all the entity names. example: 2.25=#041033766a635c5544618a845936577df450  (notice that in the value, there's a #0410 prepended to the uuid 33766a635c5544618a845936577df450)
    if (result.subject == null) {
        result.subject = StringUtils.join(cert.getHolder().getEntityNames(), "; ");
    }
    // output example: Thu Aug 08 15:21:13 PDT 2013
    log.debug("not before: {}", cert.getNotBefore());
    // output example: Sun Sep 08 15:21:13 PDT 2013
    log.debug("not after: {}", cert.getNotAfter());
    result.notBefore = cert.getNotBefore();
    result.notAfter = cert.getNotAfter();
    Attribute[] attributes = cert.getAttributes();
    result.tags1 = new ArrayList<UTF8NameValueMicroformat>();
    result.tags2 = new ArrayList<UTF8NameValueSequence>();
    result.tagsOther = new ArrayList<ASN1Encodable>();
    for (Attribute attr : attributes) {
        log.debug("attr {} is {}", attr.hashCode(), attr.toString());
        result.attributes.add(attr);
        for (ASN1Encodable value : attr.getAttributeValues()) {
            //                result.tags.add(new AttributeOidAndValue(attr.getAttrType().toString(), DERUTF8String.getInstance(value).getString()));
            if (attr.getAttrType().toString().equals(UTF8NameValueMicroformat.OID)) {
                // our values are just UTF-8 strings  but if you use new String(value.getEncoded())  you will get two extra spaces at the beginning of the string                    
                log.debug("name-value microformat attribute: {}", DERUTF8String.getInstance(value).getString());
                UTF8NameValueMicroformat microformat = new UTF8NameValueMicroformat(DERUTF8String.getInstance(value));
                log.debug("name-value microformat attribute (2)  name {} value {}", microformat.getName(), microformat.getValue());
                result.tags1.add(microformat);
            } else if (attr.getAttrType().toString().equals(UTF8NameValueSequence.OID)) {
                UTF8NameValueSequence sequence = new UTF8NameValueSequence(ASN1Sequence.getInstance(value));
                String name = sequence.getName();
                List<String> values = sequence.getValues();
                log.debug("name-values asn.1 attribute {} values {}", name, values);
                result.tags2.add(sequence);
            } else {
                log.debug("unrecognzied attribute type {}", attr.getAttrType().toString());
                result.tagsOther.add(value);
            }
        /*
                 * output examples:
                 * attribute: 1.3.6.1.4.1.99999.1.1.1.1 is US
                 * attribute: 1.3.6.1.4.1.99999.2.2.2.2 is CA
                 * attribute: 1.3.6.1.4.1.99999.3.3.3.3 is Folsom
                 */
        }
    }
    log.debug("valueOf ok");
    return result;
}
Also used : Attribute(org.bouncycastle.asn1.x509.Attribute) X509AttributeCertificateHolder(org.bouncycastle.cert.X509AttributeCertificateHolder) IOException(java.io.IOException) X500Name(org.bouncycastle.asn1.x500.X500Name) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue) ArrayList(java.util.ArrayList) List(java.util.List) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) UUID(com.intel.mtwilson.util.io.UUID) RDN(org.bouncycastle.asn1.x500.RDN) JsonCreator(org.codehaus.jackson.annotate.JsonCreator)

Example 2 with ASN1Encodable

use of org.openecard.bouncycastle.asn1.ASN1Encodable in project OpenAttestation by OpenAttestation.

the class CertificateRepository method create.

@Override
public //    @RequiresPermissions("tag_certificates:create") 
void create(Certificate item) {
    log.debug("Certificate:Create - Got request to create a new Certificate {}.", item.getId().toString());
    CertificateLocator locator = new CertificateLocator();
    locator.id = item.getId();
    try (CertificateDAO dao = TagJdbi.certificateDao()) {
        Certificate newCert = dao.findById(item.getId());
        if (newCert == null) {
            newCert = Certificate.valueOf(item.getCertificate());
            dao.insert(item.getId(), newCert.getCertificate(), newCert.getSha1().toHexString(), newCert.getSha256().toHexString(), newCert.getSubject(), newCert.getIssuer(), newCert.getNotBefore(), newCert.getNotAfter());
            log.debug("Certificate:Create - Created the Certificate {} successfully.", item.getId().toString());
        } else {
            log.error("Certificate:Create - Certificate {} will not be created since a duplicate Certificate already exists.", item.getId().toString());
            throw new RepositoryCreateConflictException(locator);
        }
    } catch (RepositoryException re) {
        throw re;
    } catch (Exception ex) {
        log.error("Certificate:Create - Error during certificate creation.", ex);
        throw new RepositoryCreateException(ex, locator);
    }
    //Store tag values from Certificate
    try {
        log.info("Tags from certificate will now be stored");
        KvAttributeRepository repository = new KvAttributeRepository();
        KvAttribute kvAttrib = new KvAttribute();
        if (kvAttrib == null || repository == null)
            log.debug("kvAttrib or repository Obj is null, unable to store certificate tags");
        else {
            List<Attribute> certAttributes = X509AttributeCertificate.valueOf(item.getCertificate()).getAttribute();
            for (Attribute attr : certAttributes) {
                for (ASN1Encodable value : attr.getAttributeValues()) {
                    if (attr.getAttrType().toString().equals(UTF8NameValueMicroformat.OID)) {
                        UTF8NameValueMicroformat microformat = new UTF8NameValueMicroformat(DERUTF8String.getInstance(value));
                        // Check if that tag with same value already exists
                        KvAttributeFilterCriteria criteria = new KvAttributeFilterCriteria();
                        criteria.nameEqualTo = microformat.getName();
                        criteria.valueEqualTo = microformat.getValue();
                        KvAttributeCollection results = repository.search(criteria);
                        if (results.getDocuments().isEmpty()) {
                            kvAttrib.setId(new UUID());
                            kvAttrib.setName(microformat.getName());
                            kvAttrib.setValue(microformat.getValue());
                            repository.create(kvAttrib);
                        } else
                            log.debug("Tag with Name:{} & Value:{} is already stored.", microformat.getName(), microformat.getValue());
                    }
                }
            }
        }
    } catch (Exception e) {
        log.error("Certificate:Create - Error during attribute scan", e);
    }
}
Also used : CertificateLocator(com.intel.mtwilson.datatypes.CertificateLocator) CertificateDAO(com.intel.mtwilson.tag.dao.jdbi.CertificateDAO) KvAttribute(com.intel.mtwilson.datatypes.KvAttribute) Attribute(org.bouncycastle.asn1.x509.Attribute) KvAttribute(com.intel.mtwilson.datatypes.KvAttribute) RepositoryException(com.intel.mtwilson.tag.repository.RepositoryException) RepositoryCreateConflictException(com.intel.mtwilson.tag.repository.RepositoryCreateConflictException) RepositoryCreateException(com.intel.mtwilson.tag.repository.RepositoryCreateException) RepositoryDeleteException(com.intel.mtwilson.tag.repository.RepositoryDeleteException) RepositoryStoreException(com.intel.mtwilson.tag.repository.RepositoryStoreException) RepositoryStoreConflictException(com.intel.mtwilson.tag.repository.RepositoryStoreConflictException) RepositoryRetrieveException(com.intel.mtwilson.tag.repository.RepositoryRetrieveException) RepositoryException(com.intel.mtwilson.tag.repository.RepositoryException) RepositorySearchException(com.intel.mtwilson.tag.repository.RepositorySearchException) RepositoryCreateConflictException(com.intel.mtwilson.tag.repository.RepositoryCreateConflictException) KvAttributeCollection(com.intel.mtwilson.datatypes.KvAttributeCollection) KvAttributeRepository(com.intel.mtwilson.tag.repository.KvAttributeRepository) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) KvAttributeFilterCriteria(com.intel.mtwilson.datatypes.KvAttributeFilterCriteria) UUID(com.intel.mtwilson.util.io.UUID) UTF8NameValueMicroformat(com.intel.mtwilson.datatypes.UTF8NameValueMicroformat) Certificate(com.intel.mtwilson.datatypes.Certificate) X509AttributeCertificate(com.intel.mtwilson.datatypes.X509AttributeCertificate) RepositoryCreateException(com.intel.mtwilson.tag.repository.RepositoryCreateException)

Example 3 with ASN1Encodable

use of org.openecard.bouncycastle.asn1.ASN1Encodable in project XobotOS by xamarin.

the class JCEECPublicKey method getEncoded.

public byte[] getEncoded() {
    ASN1Encodable params;
    SubjectPublicKeyInfo info;
    // BEGIN android-removed
    // if (algorithm.equals("ECGOST3410"))
    // {
    //     if (gostParams != null)
    //     {
    //         params = gostParams;
    //     }
    //     else
    //     {
    //         if (ecSpec instanceof ECNamedCurveSpec)
    //         {
    //             params = new GOST3410PublicKeyAlgParameters(
    //                            ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()),
    //                            CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet);
    //         }
    //         else
    //         {   // strictly speaking this may not be applicable...
    //             ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
    //
    //             X9ECParameters ecP = new X9ECParameters(
    //                 curve,
    //                 EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression),
    //                 ecSpec.getOrder(),
    //                 BigInteger.valueOf(ecSpec.getCofactor()),
    //                 ecSpec.getCurve().getSeed());
    //
    //             params = new X962Parameters(ecP);
    //         }
    //     }
    //
    //     BigInteger      bX = this.q.getX().toBigInteger();
    //     BigInteger      bY = this.q.getY().toBigInteger();
    //     byte[]          encKey = new byte[64];
    //
    //     extractBytes(encKey, 0, bX);
    //     extractBytes(encKey, 32, bY);
    //
    //     info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.getDERObject()), new DEROctetString(encKey));
    // }
    // else
    // END android-removed
    {
        if (ecSpec instanceof ECNamedCurveSpec) {
            DERObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec) ecSpec).getName());
            if (curveOid == null) {
                curveOid = new DERObjectIdentifier(((ECNamedCurveSpec) ecSpec).getName());
            }
            params = new X962Parameters(curveOid);
        } else if (ecSpec == null) {
            params = new X962Parameters(DERNull.INSTANCE);
        } else {
            ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
            X9ECParameters ecP = new X9ECParameters(curve, EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), ecSpec.getOrder(), BigInteger.valueOf(ecSpec.getCofactor()), ecSpec.getCurve().getSeed());
            params = new X962Parameters(ecP);
        }
        ECCurve curve = this.engineGetQ().getCurve();
        ASN1OctetString p = (ASN1OctetString) new X9ECPoint(curve.createPoint(this.getQ().getX().toBigInteger(), this.getQ().getY().toBigInteger(), withCompression)).getDERObject();
        info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), p.getOctets());
    }
    return info.getDEREncoded();
}
Also used : X962Parameters(org.bouncycastle.asn1.x9.X962Parameters) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters) X9ECPoint(org.bouncycastle.asn1.x9.X9ECPoint) ECCurve(org.bouncycastle.math.ec.ECCurve) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) ECNamedCurveSpec(org.bouncycastle.jce.spec.ECNamedCurveSpec) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 4 with ASN1Encodable

use of org.openecard.bouncycastle.asn1.ASN1Encodable in project android_frameworks_base by ResurrectionRemix.

the class ESTHandler method buildCSR.

private byte[] buildCSR(ByteBuffer octetBuffer, OMADMAdapter omadmAdapter, HTTPHandler httpHandler) throws IOException, GeneralSecurityException {
    //Security.addProvider(new BouncyCastleProvider());
    Log.d(TAG, "/csrattrs:");
    /*
        byte[] octets = new byte[octetBuffer.remaining()];
        octetBuffer.duplicate().get(octets);
        for (byte b : octets) {
            System.out.printf("%02x ", b & 0xff);
        }
        */
    Collection<Asn1Object> csrs = Asn1Decoder.decode(octetBuffer);
    for (Asn1Object asn1Object : csrs) {
        Log.d(TAG, asn1Object.toString());
    }
    if (csrs.size() != 1) {
        throw new IOException("Unexpected object count in CSR attributes response: " + csrs.size());
    }
    Asn1Object sequence = csrs.iterator().next();
    if (sequence.getClass() != Asn1Constructed.class) {
        throw new IOException("Unexpected CSR attribute container: " + sequence);
    }
    String keyAlgo = null;
    Asn1Oid keyAlgoOID = null;
    String sigAlgo = null;
    String curveName = null;
    Asn1Oid pubCrypto = null;
    int keySize = -1;
    Map<Asn1Oid, ASN1Encodable> idAttributes = new HashMap<>();
    for (Asn1Object child : sequence.getChildren()) {
        if (child.getTag() == Asn1Decoder.TAG_OID) {
            Asn1Oid oid = (Asn1Oid) child;
            OidMappings.SigEntry sigEntry = OidMappings.getSigEntry(oid);
            if (sigEntry != null) {
                sigAlgo = sigEntry.getSigAlgo();
                keyAlgoOID = sigEntry.getKeyAlgo();
                keyAlgo = OidMappings.getJCEName(keyAlgoOID);
            } else if (oid.equals(OidMappings.sPkcs9AtChallengePassword)) {
                byte[] tlsUnique = httpHandler.getTLSUnique();
                if (tlsUnique != null) {
                    idAttributes.put(oid, new DERPrintableString(Base64.encodeToString(tlsUnique, Base64.DEFAULT)));
                } else {
                    Log.w(TAG, "Cannot retrieve TLS unique channel binding");
                }
            }
        } else if (child.getTag() == Asn1Decoder.TAG_SEQ) {
            Asn1Oid oid = null;
            Set<Asn1Oid> oidValues = new HashSet<>();
            List<Asn1Object> values = new ArrayList<>();
            for (Asn1Object attributeSeq : child.getChildren()) {
                if (attributeSeq.getTag() == Asn1Decoder.TAG_OID) {
                    oid = (Asn1Oid) attributeSeq;
                } else if (attributeSeq.getTag() == Asn1Decoder.TAG_SET) {
                    for (Asn1Object value : attributeSeq.getChildren()) {
                        if (value.getTag() == Asn1Decoder.TAG_OID) {
                            oidValues.add((Asn1Oid) value);
                        } else {
                            values.add(value);
                        }
                    }
                }
            }
            if (oid == null) {
                throw new IOException("Invalid attribute, no OID");
            }
            if (oid.equals(OidMappings.sExtensionRequest)) {
                for (Asn1Oid subOid : oidValues) {
                    if (OidMappings.isIDAttribute(subOid)) {
                        if (subOid.equals(OidMappings.sMAC)) {
                            idAttributes.put(subOid, new DERIA5String(omadmAdapter.getMAC()));
                        } else if (subOid.equals(OidMappings.sIMEI)) {
                            idAttributes.put(subOid, new DERIA5String(omadmAdapter.getImei()));
                        } else if (subOid.equals(OidMappings.sMEID)) {
                            idAttributes.put(subOid, new DERBitString(omadmAdapter.getMeid()));
                        } else if (subOid.equals(OidMappings.sDevID)) {
                            idAttributes.put(subOid, new DERPrintableString(omadmAdapter.getDevID()));
                        }
                    }
                }
            } else if (OidMappings.getCryptoID(oid) != null) {
                pubCrypto = oid;
                if (!values.isEmpty()) {
                    for (Asn1Object value : values) {
                        if (value.getTag() == Asn1Decoder.TAG_INTEGER) {
                            keySize = (int) ((Asn1Integer) value).getValue();
                        }
                    }
                }
                if (oid.equals(OidMappings.sAlgo_EC)) {
                    if (oidValues.isEmpty()) {
                        throw new IOException("No ECC curve name provided");
                    }
                    for (Asn1Oid value : oidValues) {
                        curveName = OidMappings.getJCEName(value);
                        if (curveName != null) {
                            break;
                        }
                    }
                    if (curveName == null) {
                        throw new IOException("Found no ECC curve for " + oidValues);
                    }
                }
            }
        }
    }
    if (keyAlgoOID == null) {
        throw new IOException("No public key algorithm specified");
    }
    if (pubCrypto != null && !pubCrypto.equals(keyAlgoOID)) {
        throw new IOException("Mismatching key algorithms");
    }
    if (keyAlgoOID.equals(OidMappings.sAlgo_RSA)) {
        if (keySize < MinRSAKeySize) {
            if (keySize >= 0) {
                Log.i(TAG, "Upgrading suggested RSA key size from " + keySize + " to " + MinRSAKeySize);
            }
            keySize = MinRSAKeySize;
        }
    }
    Log.d(TAG, String.format("pub key '%s', signature '%s', ECC curve '%s', id-atts %s", keyAlgo, sigAlgo, curveName, idAttributes));
    /*
          Ruckus:
            SEQUENCE:
              OID=1.2.840.113549.1.1.11 (algo_id_sha256WithRSAEncryption)

          RFC-7030:
            SEQUENCE:
              OID=1.2.840.113549.1.9.7 (challengePassword)
              SEQUENCE:
                OID=1.2.840.10045.2.1 (algo_id_ecPublicKey)
                SET:
                  OID=1.3.132.0.34 (secp384r1)
              SEQUENCE:
                OID=1.2.840.113549.1.9.14 (extensionRequest)
                SET:
                  OID=1.3.6.1.1.1.1.22 (mac-address)
              OID=1.2.840.10045.4.3.3 (eccdaWithSHA384)

              1L, 3L, 6L, 1L, 1L, 1L, 1L, 22
         */
    // ECC Does not appear to be supported currently
    KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgo);
    if (curveName != null) {
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(keyAlgo);
        algorithmParameters.init(new ECNamedCurveGenParameterSpec(curveName));
        kpg.initialize(algorithmParameters.getParameterSpec(ECNamedCurveGenParameterSpec.class));
    } else {
        kpg.initialize(keySize);
    }
    KeyPair kp = kpg.generateKeyPair();
    X500Principal subject = new X500Principal("CN=Android, O=Google, C=US");
    mClientKey = kp.getPrivate();
    // !!! Map the idAttributes into an ASN1Set of values to pass to
    // the PKCS10CertificationRequest - this code is using outdated BC classes and
    // has *not* been tested.
    ASN1Set attributes;
    if (!idAttributes.isEmpty()) {
        ASN1EncodableVector payload = new DEREncodableVector();
        for (Map.Entry<Asn1Oid, ASN1Encodable> entry : idAttributes.entrySet()) {
            DERObjectIdentifier type = new DERObjectIdentifier(entry.getKey().toOIDString());
            ASN1Set values = new DERSet(entry.getValue());
            Attribute attribute = new Attribute(type, values);
            payload.add(attribute);
        }
        attributes = new DERSet(payload);
    } else {
        attributes = null;
    }
    return new PKCS10CertificationRequest(sigAlgo, subject, kp.getPublic(), attributes, mClientKey).getEncoded();
}
Also used : DERSet(com.android.org.bouncycastle.asn1.DERSet) ASN1Set(com.android.org.bouncycastle.asn1.ASN1Set) Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) Attribute(com.android.org.bouncycastle.asn1.x509.Attribute) DERBitString(com.android.org.bouncycastle.asn1.DERBitString) DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString) DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String) DERSet(com.android.org.bouncycastle.asn1.DERSet) DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String) Asn1Integer(com.android.hotspot2.asn1.Asn1Integer) DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString) ASN1EncodableVector(com.android.org.bouncycastle.asn1.ASN1EncodableVector) List(java.util.List) ArrayList(java.util.ArrayList) ASN1Encodable(com.android.org.bouncycastle.asn1.ASN1Encodable) PKCS10CertificationRequest(com.android.org.bouncycastle.jce.PKCS10CertificationRequest) Asn1Oid(com.android.hotspot2.asn1.Asn1Oid) KeyPair(java.security.KeyPair) ECNamedCurveGenParameterSpec(com.android.org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec) DEREncodableVector(com.android.org.bouncycastle.asn1.DEREncodableVector) DERBitString(com.android.org.bouncycastle.asn1.DERBitString) IOException(java.io.IOException) KeyPairGenerator(java.security.KeyPairGenerator) DERObjectIdentifier(com.android.org.bouncycastle.asn1.DERObjectIdentifier) Asn1Object(com.android.hotspot2.asn1.Asn1Object) OidMappings(com.android.hotspot2.asn1.OidMappings) ASN1Set(com.android.org.bouncycastle.asn1.ASN1Set) X500Principal(javax.security.auth.x500.X500Principal) Map(java.util.Map) HashMap(java.util.HashMap) AlgorithmParameters(java.security.AlgorithmParameters)

Example 5 with ASN1Encodable

use of org.openecard.bouncycastle.asn1.ASN1Encodable in project robovm by robovm.

the class PrivateKeyFactory method createKey.

/**
     * Create a private key parameter from the passed in PKCS8 PrivateKeyInfo object.
     * 
     * @param keyInfo the PrivateKeyInfo object containing the key material
     * @return a suitable private key parameter
     * @throws IOException on an error decoding the key
     */
public static AsymmetricKeyParameter createKey(PrivateKeyInfo keyInfo) throws IOException {
    AlgorithmIdentifier algId = keyInfo.getPrivateKeyAlgorithm();
    if (algId.getAlgorithm().equals(PKCSObjectIdentifiers.rsaEncryption)) {
        RSAPrivateKey keyStructure = RSAPrivateKey.getInstance(keyInfo.parsePrivateKey());
        return new RSAPrivateCrtKeyParameters(keyStructure.getModulus(), keyStructure.getPublicExponent(), keyStructure.getPrivateExponent(), keyStructure.getPrime1(), keyStructure.getPrime2(), keyStructure.getExponent1(), keyStructure.getExponent2(), keyStructure.getCoefficient());
    } else //      else if (algId.getObjectId().equals(X9ObjectIdentifiers.dhpublicnumber))
    if (algId.getAlgorithm().equals(PKCSObjectIdentifiers.dhKeyAgreement)) {
        DHParameter params = DHParameter.getInstance(algId.getParameters());
        ASN1Integer derX = (ASN1Integer) keyInfo.parsePrivateKey();
        BigInteger lVal = params.getL();
        int l = lVal == null ? 0 : lVal.intValue();
        DHParameters dhParams = new DHParameters(params.getP(), params.getG(), null, l);
        return new DHPrivateKeyParameters(derX.getValue(), dhParams);
    } else // END android-removed
    if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa)) {
        ASN1Integer derX = (ASN1Integer) keyInfo.parsePrivateKey();
        ASN1Encodable de = algId.getParameters();
        DSAParameters parameters = null;
        if (de != null) {
            DSAParameter params = DSAParameter.getInstance(de.toASN1Primitive());
            parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
        }
        return new DSAPrivateKeyParameters(derX.getValue(), parameters);
    } else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_ecPublicKey)) {
        X962Parameters params = new X962Parameters((ASN1Primitive) algId.getParameters());
        X9ECParameters x9;
        if (params.isNamedCurve()) {
            ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters());
            x9 = X962NamedCurves.getByOID(oid);
            if (x9 == null) {
                x9 = SECNamedCurves.getByOID(oid);
                if (x9 == null) {
                    x9 = NISTNamedCurves.getByOID(oid);
                // BEGIN android-removed
                // if (x9 == null)
                // {
                //     x9 = TeleTrusTNamedCurves.getByOID(oid);
                // }
                // END android-removed
                }
            }
        } else {
            x9 = X9ECParameters.getInstance(params.getParameters());
        }
        ECPrivateKey ec = ECPrivateKey.getInstance(keyInfo.parsePrivateKey());
        BigInteger d = ec.getKey();
        // TODO We lose any named parameters here
        ECDomainParameters dParams = new ECDomainParameters(x9.getCurve(), x9.getG(), x9.getN(), x9.getH(), x9.getSeed());
        return new ECPrivateKeyParameters(d, dParams);
    } else {
        throw new RuntimeException("algorithm identifier in key not recognised");
    }
}
Also used : ECPrivateKey(org.bouncycastle.asn1.sec.ECPrivateKey) ECDomainParameters(org.bouncycastle.crypto.params.ECDomainParameters) DHParameters(org.bouncycastle.crypto.params.DHParameters) DHPrivateKeyParameters(org.bouncycastle.crypto.params.DHPrivateKeyParameters) X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) X962Parameters(org.bouncycastle.asn1.x9.X962Parameters) ECPrivateKeyParameters(org.bouncycastle.crypto.params.ECPrivateKeyParameters) DSAPrivateKeyParameters(org.bouncycastle.crypto.params.DSAPrivateKeyParameters) BigInteger(java.math.BigInteger) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) DSAParameter(org.bouncycastle.asn1.x509.DSAParameter) RSAPrivateKey(org.bouncycastle.asn1.pkcs.RSAPrivateKey) DHParameter(org.bouncycastle.asn1.pkcs.DHParameter) DSAParameters(org.bouncycastle.crypto.params.DSAParameters) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) RSAPrivateCrtKeyParameters(org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters)

Aggregations

ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)129 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)71 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)56 IOException (java.io.IOException)32 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)31 DEROctetString (org.bouncycastle.asn1.DEROctetString)29 DERIA5String (org.bouncycastle.asn1.DERIA5String)25 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)23 DERSequence (org.bouncycastle.asn1.DERSequence)22 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)21 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)21 ArrayList (java.util.ArrayList)20 GeneralName (org.bouncycastle.asn1.x509.GeneralName)19 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)17 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)17 X509Certificate (java.security.cert.X509Certificate)15 HashSet (java.util.HashSet)15 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)15 DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)15 DERBMPString (org.bouncycastle.asn1.DERBMPString)14