Search in sources :

Example 41 with AlgorithmIdentifier

use of org.openecard.bouncycastle.asn1.x509.AlgorithmIdentifier in project xipki by xipki.

the class AlgorithmUtil method getMacAlgId.

public static AlgorithmIdentifier getMacAlgId(String macAlgName) throws NoSuchAlgorithmException {
    ParamUtil.requireNonNull("macAlgName", macAlgName);
    String algoS = macAlgName.toUpperCase();
    algoS = canonicalizeAlgoText(algoS);
    ASN1ObjectIdentifier oid = macAlgNameToOidMap.get(algoS);
    if (oid == null) {
        throw new NoSuchAlgorithmException("unsupported signature algorithm " + algoS);
    }
    return new AlgorithmIdentifier(oid, DERNull.INSTANCE);
}
Also used : NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 42 with AlgorithmIdentifier

use of org.openecard.bouncycastle.asn1.x509.AlgorithmIdentifier in project xipki by xipki.

the class AlgorithmUtil method getRSASigAlgId.

// CHECKSTYLE:SKIP
private static AlgorithmIdentifier getRSASigAlgId(HashAlgo hashAlgo, boolean mgf1) throws NoSuchAlgorithmException {
    ParamUtil.requireNonNull("hashAlgo", hashAlgo);
    if (mgf1) {
        return buildRSAPSSAlgId(hashAlgo);
    }
    ASN1ObjectIdentifier sigAlgOid = digestToRSASigAlgMap.get(hashAlgo);
    if (sigAlgOid == null) {
        throw new NoSuchAlgorithmException("unsupported hash " + hashAlgo + " for RSA key");
    }
    return new AlgorithmIdentifier(sigAlgOid, DERNull.INSTANCE);
}
Also used : NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 43 with AlgorithmIdentifier

use of org.openecard.bouncycastle.asn1.x509.AlgorithmIdentifier in project xipki by xipki.

the class KeyUtil method createECPublicKey.

// CHECKSTYLE:SKIP
public static ECPublicKey createECPublicKey(byte[] encodedAlgorithmIdParameters, byte[] encodedPoint) throws InvalidKeySpecException {
    ParamUtil.requireNonNull("encodedAlgorithmIdParameters", encodedAlgorithmIdParameters);
    ParamUtil.requireNonNull("encodedPoint", encodedPoint);
    ASN1Encodable algParams;
    if (encodedAlgorithmIdParameters[0] == 6) {
        algParams = ASN1ObjectIdentifier.getInstance(encodedAlgorithmIdParameters);
    } else {
        algParams = X962Parameters.getInstance(encodedAlgorithmIdParameters);
    }
    AlgorithmIdentifier algId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, algParams);
    SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo(algId, encodedPoint);
    X509EncodedKeySpec keySpec;
    try {
        keySpec = new X509EncodedKeySpec(spki.getEncoded());
    } catch (IOException ex) {
        throw new InvalidKeySpecException(ex.getMessage(), ex);
    }
    KeyFactory kf;
    try {
        kf = KeyFactory.getInstance("EC", "BC");
    } catch (NoSuchAlgorithmException | NoSuchProviderException ex) {
        throw new InvalidKeySpecException(ex.getMessage(), ex);
    }
    return (ECPublicKey) kf.generatePublic(keySpec);
}
Also used : ECPublicKey(java.security.interfaces.ECPublicKey) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) IOException(java.io.IOException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) NoSuchProviderException(java.security.NoSuchProviderException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) KeyFactory(java.security.KeyFactory) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 44 with AlgorithmIdentifier

use of org.openecard.bouncycastle.asn1.x509.AlgorithmIdentifier in project xipki by xipki.

the class SignerUtil method createPSSRSASigner.

// CHECKSTYLE:SKIP
public static PSSSigner createPSSRSASigner(AlgorithmIdentifier sigAlgId, AsymmetricBlockCipher cipher) throws XiSecurityException {
    ParamUtil.requireNonNull("sigAlgId", sigAlgId);
    if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(sigAlgId.getAlgorithm())) {
        throw new XiSecurityException("signature algorithm " + sigAlgId.getAlgorithm() + " is not allowed");
    }
    AlgorithmIdentifier digAlgId;
    try {
        digAlgId = AlgorithmUtil.extractDigesetAlgFromSigAlg(sigAlgId);
    } catch (NoSuchAlgorithmException ex) {
        throw new XiSecurityException(ex.getMessage(), ex);
    }
    RSASSAPSSparams param = RSASSAPSSparams.getInstance(sigAlgId.getParameters());
    AlgorithmIdentifier mfgDigAlgId = AlgorithmIdentifier.getInstance(param.getMaskGenAlgorithm().getParameters());
    Digest dig = getDigest(digAlgId);
    Digest mfgDig = getDigest(mfgDigAlgId);
    int saltSize = param.getSaltLength().intValue();
    int trailerField = param.getTrailerField().intValue();
    AsymmetricBlockCipher tmpCipher = (cipher == null) ? new RSABlindedEngine() : cipher;
    return new PSSSigner(tmpCipher, dig, mfgDig, saltSize, getTrailer(trailerField));
}
Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) Digest(org.bouncycastle.crypto.Digest) RSABlindedEngine(org.bouncycastle.crypto.engines.RSABlindedEngine) RSASSAPSSparams(org.bouncycastle.asn1.pkcs.RSASSAPSSparams) PSSSigner(org.bouncycastle.crypto.signers.PSSSigner) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) AsymmetricBlockCipher(org.bouncycastle.crypto.AsymmetricBlockCipher)

Example 45 with AlgorithmIdentifier

use of org.openecard.bouncycastle.asn1.x509.AlgorithmIdentifier in project xipki by xipki.

the class CaClientExample method generateEcKeypair.

protected static MyKeypair generateEcKeypair() throws GeneralSecurityException {
    KeyPairGenerator kpGen = KeyPairGenerator.getInstance("EC");
    ECGenParameterSpec spec = new ECGenParameterSpec("secp256r1");
    kpGen.initialize(spec);
    KeyPair kp = kpGen.generateKeyPair();
    ECPublicKey pub = (ECPublicKey) kp.getPublic();
    byte[] keyData = new byte[65];
    keyData[0] = 4;
    copyArray(pub.getW().getAffineX().toByteArray(), keyData, 1, 32);
    copyArray(pub.getW().getAffineY().toByteArray(), keyData, 33, 32);
    AlgorithmIdentifier algId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, SECObjectIdentifiers.secp256r1);
    SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algId, keyData);
    return new MyKeypair(kp.getPrivate(), subjectPublicKeyInfo);
}
Also used : KeyPair(java.security.KeyPair) ECPublicKey(java.security.interfaces.ECPublicKey) ECGenParameterSpec(java.security.spec.ECGenParameterSpec) KeyPairGenerator(java.security.KeyPairGenerator) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Aggregations

AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)111 IOException (java.io.IOException)47 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)35 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)35 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)32 BigInteger (java.math.BigInteger)29 X509Certificate (java.security.cert.X509Certificate)27 X500Name (org.bouncycastle.asn1.x500.X500Name)27 DEROctetString (org.bouncycastle.asn1.DEROctetString)21 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)20 KeyPair (java.security.KeyPair)19 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)19 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)19 Date (java.util.Date)18 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)18 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)17 DERSequence (org.bouncycastle.asn1.DERSequence)16 KeyPairGenerator (java.security.KeyPairGenerator)15 PublicKey (java.security.PublicKey)14 InvalidKeyException (java.security.InvalidKeyException)13