Search in sources :

Example 1 with HashAlgo

use of org.xipki.security.HashAlgo in project xipki by xipki.

the class ProfileConfCreatorDemo method createBiometricInfo.

// method createQcStatements
private static ExtensionValueType createBiometricInfo() {
    BiometricInfo extValue = new BiometricInfo();
    // type
    // predefined image (0)
    BiometricTypeType type = new BiometricTypeType();
    extValue.getType().add(type);
    IntWithDescType predefined = new IntWithDescType();
    predefined.setValue(0);
    predefined.setDescription("image");
    type.setPredefined(predefined);
    // predefined handwritten-signature(1)
    type = new BiometricTypeType();
    predefined = new IntWithDescType();
    predefined.setValue(1);
    predefined.setDescription("handwritten-signature");
    type.setPredefined(predefined);
    extValue.getType().add(type);
    // OID
    type = new BiometricTypeType();
    type.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5.6"), "dummy biometric type"));
    extValue.getType().add(type);
    // hash algorithm
    HashAlgo[] hashAlgos = new HashAlgo[] { HashAlgo.SHA256, HashAlgo.SHA384 };
    for (HashAlgo hashAlgo : hashAlgos) {
        extValue.getHashAlgorithm().add(createOidType(hashAlgo.getOid(), hashAlgo.getName()));
    }
    extValue.setIncludeSourceDataUri(TripleState.REQUIRED);
    return createExtensionValueType(extValue);
}
Also used : BiometricInfo(org.xipki.ca.certprofile.x509.jaxb.BiometricInfo) BiometricTypeType(org.xipki.ca.certprofile.x509.jaxb.BiometricTypeType) HashAlgo(org.xipki.security.HashAlgo) IntWithDescType(org.xipki.ca.certprofile.x509.jaxb.IntWithDescType) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 2 with HashAlgo

use of org.xipki.security.HashAlgo in project xipki by xipki.

the class P12KeyGenerator method getContentSigner.

// method generateIdentity
private static ContentSigner getContentSigner(PrivateKey key) throws Exception {
    BcContentSignerBuilder builder;
    if (key instanceof RSAPrivateKey) {
        ASN1ObjectIdentifier hashOid = X509ObjectIdentifiers.id_SHA1;
        ASN1ObjectIdentifier sigOid = PKCSObjectIdentifiers.sha1WithRSAEncryption;
        builder = new BcRSAContentSignerBuilder(buildAlgId(sigOid), buildAlgId(hashOid));
    } else if (key instanceof DSAPrivateKey) {
        ASN1ObjectIdentifier hashOid = X509ObjectIdentifiers.id_SHA1;
        AlgorithmIdentifier sigId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa_with_sha1);
        builder = new BcDSAContentSignerBuilder(sigId, buildAlgId(hashOid));
    } else if (key instanceof ECPrivateKey) {
        HashAlgo hashAlgo;
        ASN1ObjectIdentifier sigOid;
        int keysize = ((ECPrivateKey) key).getParams().getOrder().bitLength();
        if (keysize > 384) {
            hashAlgo = HashAlgo.SHA512;
            sigOid = X9ObjectIdentifiers.ecdsa_with_SHA512;
        } else if (keysize > 256) {
            hashAlgo = HashAlgo.SHA384;
            sigOid = X9ObjectIdentifiers.ecdsa_with_SHA384;
        } else if (keysize > 224) {
            hashAlgo = HashAlgo.SHA224;
            sigOid = X9ObjectIdentifiers.ecdsa_with_SHA224;
        } else if (keysize > 160) {
            hashAlgo = HashAlgo.SHA256;
            sigOid = X9ObjectIdentifiers.ecdsa_with_SHA256;
        } else {
            hashAlgo = HashAlgo.SHA1;
            sigOid = X9ObjectIdentifiers.ecdsa_with_SHA1;
        }
        builder = new BcECContentSignerBuilder(new AlgorithmIdentifier(sigOid), buildAlgId(hashAlgo.getOid()));
    } else {
        throw new IllegalArgumentException("unknown type of key " + key.getClass().getName());
    }
    return builder.build(KeyUtil.generatePrivateKeyParameter(key));
}
Also used : BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder) ECPrivateKey(java.security.interfaces.ECPrivateKey) HashAlgo(org.xipki.security.HashAlgo) DSAPrivateKey(java.security.interfaces.DSAPrivateKey) BcDSAContentSignerBuilder(org.bouncycastle.operator.bc.BcDSAContentSignerBuilder) BcECContentSignerBuilder(org.bouncycastle.operator.bc.BcECContentSignerBuilder) BcContentSignerBuilder(org.bouncycastle.operator.bc.BcContentSignerBuilder) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 3 with HashAlgo

use of org.xipki.security.HashAlgo in project xipki by xipki.

the class AlgorithmUtil method extractDigesetAlgFromSigAlg.

public static AlgorithmIdentifier extractDigesetAlgFromSigAlg(AlgorithmIdentifier sigAlgId) throws NoSuchAlgorithmException {
    ASN1ObjectIdentifier algOid = sigAlgId.getAlgorithm();
    ASN1ObjectIdentifier digestAlgOid;
    if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algOid)) {
        ASN1Encodable asn1Encodable = sigAlgId.getParameters();
        RSASSAPSSparams param = RSASSAPSSparams.getInstance(asn1Encodable);
        digestAlgOid = param.getHashAlgorithm().getAlgorithm();
    } else {
        HashAlgo digestAlg = sigAlgOidToDigestMap.get(algOid);
        if (digestAlg == null) {
            throw new NoSuchAlgorithmException("unknown signature algorithm " + algOid.getId());
        }
        digestAlgOid = digestAlg.getOid();
    }
    return new AlgorithmIdentifier(digestAlgOid, DERNull.INSTANCE);
}
Also used : HashAlgo(org.xipki.security.HashAlgo) RSASSAPSSparams(org.bouncycastle.asn1.pkcs.RSASSAPSSparams) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 4 with HashAlgo

use of org.xipki.security.HashAlgo in project xipki by xipki.

the class AlgorithmUtil method getSigAlgId.

// method getSigAlgId
public static AlgorithmIdentifier getSigAlgId(PublicKey pubKey, SignerConf signerConf) throws NoSuchAlgorithmException {
    ParamUtil.requireNonNull("signerConf", signerConf);
    if (signerConf.getHashAlgo() == null) {
        return getSigAlgId(signerConf.getConfValue("algo"));
    } else {
        SignatureAlgoControl algoControl = signerConf.getSignatureAlgoControl();
        HashAlgo hashAlgo = signerConf.getHashAlgo();
        if (pubKey instanceof RSAPublicKey) {
            boolean rsaMgf1 = (algoControl == null) ? false : algoControl.isRsaMgf1();
            return getRSASigAlgId(hashAlgo, rsaMgf1);
        } else if (pubKey instanceof ECPublicKey) {
            boolean dsaPlain = (algoControl == null) ? false : algoControl.isDsaPlain();
            boolean gm = (algoControl == null) ? false : algoControl.isGm();
            return getECSigAlgId(hashAlgo, dsaPlain, gm);
        } else if (pubKey instanceof DSAPublicKey) {
            return getDSASigAlgId(hashAlgo);
        } else {
            throw new NoSuchAlgorithmException("Unknown public key '" + pubKey.getClass().getName());
        }
    }
}
Also used : RSAPublicKey(java.security.interfaces.RSAPublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) HashAlgo(org.xipki.security.HashAlgo) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SignatureAlgoControl(org.xipki.security.SignatureAlgoControl) DSAPublicKey(java.security.interfaces.DSAPublicKey)

Example 5 with HashAlgo

use of org.xipki.security.HashAlgo in project xipki by xipki.

the class AlgorithmUtil method getSigAlgId.

// method getMacAlgId
public static AlgorithmIdentifier getSigAlgId(String sigAlgName) throws NoSuchAlgorithmException {
    ParamUtil.requireNonNull("sigAlgName", sigAlgName);
    String algoS = sigAlgName.toUpperCase();
    algoS = canonicalizeAlgoText(algoS);
    AlgorithmIdentifier signatureAlgId;
    if (algoS.contains("MGF1")) {
        HashAlgo ha = mgf1SigNameToDigestOidMap.get(algoS);
        if (ha == null) {
            throw new NoSuchAlgorithmException("unknown algorithm " + algoS);
        }
        signatureAlgId = buildRSAPSSAlgId(ha);
    } else {
        ASN1ObjectIdentifier algOid = sigAlgNameToOidMap.get(algoS);
        if (algOid == null) {
            throw new NoSuchAlgorithmException("unknown algorithm " + algoS);
        }
        boolean withNullParam = algoS.contains("RSA");
        signatureAlgId = withNullParam ? new AlgorithmIdentifier(algOid, DERNull.INSTANCE) : new AlgorithmIdentifier(algOid);
    }
    return signatureAlgId;
}
Also used : HashAlgo(org.xipki.security.HashAlgo) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Aggregations

HashAlgo (org.xipki.security.HashAlgo)17 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)7 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)7 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)6 IOException (java.io.IOException)4 BigInteger (java.math.BigInteger)4 X509Certificate (java.security.cert.X509Certificate)4 Date (java.util.Date)4 LinkedList (java.util.LinkedList)4 Extension (org.bouncycastle.asn1.x509.Extension)4 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)3 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)3 MessageDigest (java.security.MessageDigest)2 CertificateEncodingException (java.security.cert.CertificateEncodingException)2 CertificateException (java.security.cert.CertificateException)2 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)2 DEROctetString (org.bouncycastle.asn1.DEROctetString)2 DERSequence (org.bouncycastle.asn1.DERSequence)2 CertHash (org.bouncycastle.asn1.isismtt.ocsp.CertHash)2 CertificateID (org.bouncycastle.cert.ocsp.CertificateID)2