Examples with KeyParametersOption org.xipki.ca.api.profile.KeyParametersOption used on opensource projects

Search in sources :

Example 1 with KeyParametersOption

use of org.xipki.ca.api.profile.KeyParametersOption in project xipki by xipki.

the class XmlX509CertprofileUtil method convertKeyParametersOption.

private static KeyParametersOption convertKeyParametersOption(AlgorithmType type) throws CertprofileException {
    ParamUtil.requireNonNull("type", type);
    if (type.getParameters() == null || type.getParameters().getAny() == null) {
        return KeyParametersOption.ALLOW_ALL;
    }
    Object paramsObj = type.getParameters().getAny();
    if (paramsObj instanceof ECParameters) {
        ECParameters params = (ECParameters) paramsObj;
        KeyParametersOption.ECParamatersOption option = new KeyParametersOption.ECParamatersOption();
        if (params.getCurves() != null) {
            Curves curves = params.getCurves();
            Set<ASN1ObjectIdentifier> curveOids = toOidSet(curves.getCurve());
            option.setCurveOids(curveOids);
        }
        if (params.getPointEncodings() != null) {
            List<Byte> bytes = params.getPointEncodings().getPointEncoding();
            Set<Byte> pointEncodings = new HashSet<>(bytes);
            option.setPointEncodings(pointEncodings);
        }
        return option;
    } else if (paramsObj instanceof RSAParameters) {
        RSAParameters params = (RSAParameters) paramsObj;
        KeyParametersOption.RSAParametersOption option = new KeyParametersOption.RSAParametersOption();
        Set<Range> modulusLengths = buildParametersMap(params.getModulusLength());
        option.setModulusLengths(modulusLengths);
        return option;
    } else if (paramsObj instanceof RSAPSSParameters) {
        RSAPSSParameters params = (RSAPSSParameters) paramsObj;
        KeyParametersOption.RSAPSSParametersOption option = new KeyParametersOption.RSAPSSParametersOption();
        Set<Range> modulusLengths = buildParametersMap(params.getModulusLength());
        option.setModulusLengths(modulusLengths);
        return option;
    } else if (paramsObj instanceof DSAParameters) {
        DSAParameters params = (DSAParameters) paramsObj;
        KeyParametersOption.DSAParametersOption option = new KeyParametersOption.DSAParametersOption();
        Set<Range> plengths = buildParametersMap(params.getPLength());
        option.setPlengths(plengths);
        Set<Range> qlengths = buildParametersMap(params.getQLength());
        option.setQlengths(qlengths);
        return option;
    } else if (paramsObj instanceof DHParameters) {
        DHParameters params = (DHParameters) paramsObj;
        KeyParametersOption.DHParametersOption option = new KeyParametersOption.DHParametersOption();
        Set<Range> plengths = buildParametersMap(params.getPLength());
        option.setPlengths(plengths);
        Set<Range> qlengths = buildParametersMap(params.getQLength());
        option.setQlengths(qlengths);
        return option;
    } else if (paramsObj instanceof GostParameters) {
        GostParameters params = (GostParameters) paramsObj;
        KeyParametersOption.GostParametersOption option = new KeyParametersOption.GostParametersOption();
        Set<ASN1ObjectIdentifier> set = toOidSet(params.getPublicKeyParamSet());
        option.setPublicKeyParamSets(set);
        set = toOidSet(params.getDigestParamSet());
        option.setDigestParamSets(set);
        set = toOidSet(params.getEncryptionParamSet());
        option.setEncryptionParamSets(set);
        return option;
    } else {
        throw new CertprofileException("unknown public key parameters type " + paramsObj.getClass().getName());
    }
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) ECParameters(org.xipki.ca.certprofile.x509.jaxb.ECParameters) CertprofileException(org.xipki.ca.api.profile.CertprofileException) GostParameters(org.xipki.ca.certprofile.x509.jaxb.GostParameters) RSAPSSParameters(org.xipki.ca.certprofile.x509.jaxb.RSAPSSParameters) HashSet(java.util.HashSet) RSAParameters(org.xipki.ca.certprofile.x509.jaxb.RSAParameters) DHParameters(org.xipki.ca.certprofile.x509.jaxb.DHParameters) Range(org.xipki.ca.api.profile.Range) KeyParametersOption(org.xipki.ca.api.profile.KeyParametersOption) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) DSAParameters(org.xipki.ca.certprofile.x509.jaxb.DSAParameters) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) Curves(org.xipki.ca.certprofile.x509.jaxb.ECParameters.Curves)

Example 2 with KeyParametersOption

use of org.xipki.ca.api.profile.KeyParametersOption in project xipki by xipki.

the class XmlX509CertprofileUtil method buildKeyAlgorithms.

public static Map<ASN1ObjectIdentifier, KeyParametersOption> buildKeyAlgorithms(KeyAlgorithms keyAlgos) throws CertprofileException {
    ParamUtil.requireNonNull("keyAlgos", keyAlgos);
    Map<ASN1ObjectIdentifier, KeyParametersOption> keyAlgorithms = new HashMap<>();
    for (AlgorithmType type : keyAlgos.getAlgorithm()) {
        List<OidWithDescType> algIds = type.getAlgorithm();
        List<ASN1ObjectIdentifier> oids = new ArrayList<>(algIds.size());
        for (OidWithDescType algId : algIds) {
            ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(algId.getValue());
            if (keyAlgorithms.containsKey(oid)) {
                throw new CertprofileException("duplicate definition of keyAlgorithm " + oid.getId());
            }
            oids.add(oid);
        }
        KeyParametersOption keyParamsOption = convertKeyParametersOption(type);
        for (ASN1ObjectIdentifier oid : oids) {
            keyAlgorithms.put(oid, keyParamsOption);
        }
    }
    return CollectionUtil.unmodifiableMap(keyAlgorithms);
}
Also used : OidWithDescType(org.xipki.ca.certprofile.x509.jaxb.OidWithDescType) AlgorithmType(org.xipki.ca.certprofile.x509.jaxb.AlgorithmType) KeyParametersOption(org.xipki.ca.api.profile.KeyParametersOption) HashMap(java.util.HashMap) CertprofileException(org.xipki.ca.api.profile.CertprofileException) ArrayList(java.util.ArrayList) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 3 with KeyParametersOption

use of org.xipki.ca.api.profile.KeyParametersOption in project xipki by xipki.

the class BaseX509Certprofile method checkPublicKey.

@Override
public SubjectPublicKeyInfo checkPublicKey(SubjectPublicKeyInfo publicKey) throws BadCertTemplateException {
    ParamUtil.requireNonNull("publicKey", publicKey);
    Map<ASN1ObjectIdentifier, KeyParametersOption> keyAlgorithms = getKeyAlgorithms();
    if (CollectionUtil.isEmpty(keyAlgorithms)) {
        return publicKey;
    }
    ASN1ObjectIdentifier keyType = publicKey.getAlgorithm().getAlgorithm();
    if (!keyAlgorithms.containsKey(keyType)) {
        throw new BadCertTemplateException("key type " + keyType.getId() + " is not permitted");
    }
    KeyParametersOption keyParamsOption = keyAlgorithms.get(keyType);
    if (keyParamsOption instanceof AllowAllParametersOption) {
        return publicKey;
    } else if (keyParamsOption instanceof ECParamatersOption) {
        ECParamatersOption ecOption = (ECParamatersOption) keyParamsOption;
        // parameters
        ASN1Encodable algParam = publicKey.getAlgorithm().getParameters();
        ASN1ObjectIdentifier curveOid;
        if (algParam instanceof ASN1ObjectIdentifier) {
            curveOid = (ASN1ObjectIdentifier) algParam;
            if (!ecOption.allowsCurve(curveOid)) {
                throw new BadCertTemplateException(String.format("EC curve %s (OID: %s) is not allowed", AlgorithmUtil.getCurveName(curveOid), curveOid.getId()));
            }
        } else {
            throw new BadCertTemplateException("only namedCurve EC public key is supported");
        }
        // point encoding
        if (ecOption.pointEncodings() != null) {
            byte[] keyData = publicKey.getPublicKeyData().getBytes();
            if (keyData.length < 1) {
                throw new BadCertTemplateException("invalid publicKeyData");
            }
            byte pointEncoding = keyData[0];
            if (!ecOption.pointEncodings().contains(pointEncoding)) {
                throw new BadCertTemplateException(String.format("not accepted EC point encoding '%s'", pointEncoding));
            }
        }
        byte[] keyData = publicKey.getPublicKeyData().getBytes();
        try {
            checkEcSubjectPublicKeyInfo(curveOid, keyData);
        } catch (BadCertTemplateException ex) {
            throw ex;
        } catch (Exception ex) {
            LogUtil.warn(LOG, ex, "checkEcSubjectPublicKeyInfo");
            throw new BadCertTemplateException(String.format("invalid public key: %s", ex.getMessage()));
        }
        return publicKey;
    } else if (keyParamsOption instanceof RSAParametersOption) {
        RSAParametersOption rsaOption = (RSAParametersOption) keyParamsOption;
        ASN1Integer modulus;
        try {
            ASN1Sequence seq = ASN1Sequence.getInstance(publicKey.getPublicKeyData().getBytes());
            modulus = ASN1Integer.getInstance(seq.getObjectAt(0));
        } catch (IllegalArgumentException ex) {
            throw new BadCertTemplateException("invalid publicKeyData");
        }
        int modulusLength = modulus.getPositiveValue().bitLength();
        if ((rsaOption.allowsModulusLength(modulusLength))) {
            return publicKey;
        }
    } else if (keyParamsOption instanceof DSAParametersOption) {
        DSAParametersOption dsaOption = (DSAParametersOption) keyParamsOption;
        ASN1Encodable params = publicKey.getAlgorithm().getParameters();
        if (params == null) {
            throw new BadCertTemplateException("null Dss-Parms is not permitted");
        }
        int plength;
        int qlength;
        try {
            ASN1Sequence seq = ASN1Sequence.getInstance(params);
            ASN1Integer rsaP = ASN1Integer.getInstance(seq.getObjectAt(0));
            ASN1Integer rsaQ = ASN1Integer.getInstance(seq.getObjectAt(1));
            plength = rsaP.getPositiveValue().bitLength();
            qlength = rsaQ.getPositiveValue().bitLength();
        } catch (IllegalArgumentException | ArrayIndexOutOfBoundsException ex) {
            throw new BadCertTemplateException("illegal Dss-Parms");
        }
        boolean match = dsaOption.allowsPlength(plength);
        if (match) {
            match = dsaOption.allowsQlength(qlength);
        }
        if (match) {
            return publicKey;
        }
    } else {
        throw new RuntimeException(String.format("should not reach here, unknown KeyParametersOption %s", keyParamsOption));
    }
    throw new BadCertTemplateException("the given publicKey is not permitted");
}
Also used : ECParamatersOption(org.xipki.ca.api.profile.KeyParametersOption.ECParamatersOption) DSAParametersOption(org.xipki.ca.api.profile.KeyParametersOption.DSAParametersOption) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) CertprofileException(org.xipki.ca.api.profile.CertprofileException) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) KeyParametersOption(org.xipki.ca.api.profile.KeyParametersOption) RSAParametersOption(org.xipki.ca.api.profile.KeyParametersOption.RSAParametersOption) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) AllowAllParametersOption(org.xipki.ca.api.profile.KeyParametersOption.AllowAllParametersOption) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)3 CertprofileException (org.xipki.ca.api.profile.CertprofileException)3 KeyParametersOption (org.xipki.ca.api.profile.KeyParametersOption)3 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 Set (java.util.Set)1 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)1 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)1 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)1 DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)1 BadCertTemplateException (org.xipki.ca.api.BadCertTemplateException)1 AllowAllParametersOption (org.xipki.ca.api.profile.KeyParametersOption.AllowAllParametersOption)1 DSAParametersOption (org.xipki.ca.api.profile.KeyParametersOption.DSAParametersOption)1 ECParamatersOption (org.xipki.ca.api.profile.KeyParametersOption.ECParamatersOption)1 RSAParametersOption (org.xipki.ca.api.profile.KeyParametersOption.RSAParametersOption)1 Range (org.xipki.ca.api.profile.Range)1 AlgorithmType (org.xipki.ca.certprofile.x509.jaxb.AlgorithmType)1 DHParameters (org.xipki.ca.certprofile.x509.jaxb.DHParameters)1 DSAParameters (org.xipki.ca.certprofile.x509.jaxb.DSAParameters)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial