Examples with AlgorithmId sun.security.x509.AlgorithmId used on opensource projects

Example 26 with AlgorithmId

use of sun.security.x509.AlgorithmId in project jdk8u_jdk by JetBrains.

the class MacData method getEncoded.

/**
     * Returns the ASN.1 encoding of this object.
     * @return the ASN.1 encoding.
     * @exception IOException if error occurs when constructing its
     * ASN.1 encoding.
     */
public byte[] getEncoded() throws NoSuchAlgorithmException, IOException {
    if (this.encoded != null)
        return this.encoded.clone();
    DerOutputStream out = new DerOutputStream();
    DerOutputStream tmp = new DerOutputStream();
    DerOutputStream tmp2 = new DerOutputStream();
    // encode encryption algorithm
    AlgorithmId algid = AlgorithmId.get(digestAlgorithmName);
    algid.encode(tmp2);
    // encode digest data
    tmp2.putOctetString(digest);
    tmp.write(DerValue.tag_Sequence, tmp2);
    // encode salt
    tmp.putOctetString(macSalt);
    // encode iterations
    tmp.putInteger(iterations);
    // wrap everything into a SEQUENCE
    out.write(DerValue.tag_Sequence, tmp);
    this.encoded = out.toByteArray();
    return this.encoded.clone();
}

Example 27 with AlgorithmId

use of sun.security.x509.AlgorithmId in project jdk8u_jdk by JetBrains.

the class PKCS12KeyStore method encryptContent.

/*
     * Encrypt the contents using Password-based (PBE) encryption
     * as defined in PKCS #5.
     *
     * NOTE: Currently pbeWithSHAAnd40BiteRC2-CBC algorithmID is used
     *       to derive the key and IV.
     *
     * @return encrypted contents encoded as EncryptedContentInfo
     */
private byte[] encryptContent(byte[] data, char[] password) throws IOException {
    byte[] encryptedData = null;
    // create AlgorithmParameters
    AlgorithmParameters algParams = getAlgorithmParameters("PBEWithSHA1AndRC2_40");
    DerOutputStream bytes = new DerOutputStream();
    AlgorithmId algId = new AlgorithmId(pbeWithSHAAnd40BitRC2CBC_OID, algParams);
    algId.encode(bytes);
    byte[] encodedAlgId = bytes.toByteArray();
    try {
        // Use JCE
        SecretKey skey = getPBEKey(password);
        Cipher cipher = Cipher.getInstance("PBEWithSHA1AndRC2_40");
        cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);
        encryptedData = cipher.doFinal(data);
        if (debug != null) {
            debug.println("  (Cipher algorithm: " + cipher.getAlgorithm() + ")");
        }
    } catch (Exception e) {
        throw new IOException("Failed to encrypt" + " safe contents entry: " + e, e);
    }
    // create EncryptedContentInfo
    DerOutputStream bytes2 = new DerOutputStream();
    bytes2.putOID(ContentInfo.DATA_OID);
    bytes2.write(encodedAlgId);
    // Wrap encrypted data in a context-specific tag.
    DerOutputStream tmpout2 = new DerOutputStream();
    tmpout2.putOctetString(encryptedData);
    bytes2.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, false, (byte) 0), tmpout2);
    // wrap EncryptedContentInfo in a Sequence
    DerOutputStream out = new DerOutputStream();
    out.write(DerValue.tag_Sequence, bytes2);
    return out.toByteArray();
}

Example 28 with AlgorithmId

use of sun.security.x509.AlgorithmId in project jdk8u_jdk by JetBrains.

the class PKCS10 method encodeAndSign.

/**
     * Create the signed certificate request.  This will later be
     * retrieved in either string or binary format.
     *
     * @param subject identifies the signer (by X.500 name).
     * @param signature private key and signing algorithm to use.
     * @exception IOException on errors.
     * @exception CertificateException on certificate handling errors.
     * @exception SignatureException on signature handling errors.
     */
public void encodeAndSign(X500Name subject, Signature signature) throws CertificateException, IOException, SignatureException {
    DerOutputStream out, scratch;
    byte[] certificateRequestInfo;
    byte[] sig;
    if (encoded != null)
        throw new SignatureException("request is already signed");
    this.subject = subject;
    /*
         * Encode cert request info, wrap in a sequence for signing
         */
    scratch = new DerOutputStream();
    // PKCS #10 v1.0
    scratch.putInteger(BigInteger.ZERO);
    // X.500 name
    subject.encode(scratch);
    // public key
    scratch.write(subjectPublicKeyInfo.getEncoded());
    attributeSet.encode(scratch);
    out = new DerOutputStream();
    // wrap it!
    out.write(DerValue.tag_Sequence, scratch);
    certificateRequestInfo = out.toByteArray();
    scratch = out;
    /*
         * Sign it ...
         */
    signature.update(certificateRequestInfo, 0, certificateRequestInfo.length);
    sig = signature.sign();
    /*
         * Build guts of SIGNED macro
         */
    AlgorithmId algId = null;
    try {
        algId = AlgorithmId.get(signature.getAlgorithm());
    } catch (NoSuchAlgorithmException nsae) {
        throw new SignatureException(nsae);
    }
    // sig algorithm
    algId.encode(scratch);
    // sig
    scratch.putBitString(sig);
    /*
         * Wrap those guts in a sequence
         */
    out = new DerOutputStream();
    out.write(DerValue.tag_Sequence, scratch);
    encoded = out.toByteArray();
}

Example 29 with AlgorithmId

use of sun.security.x509.AlgorithmId in project jdk8u_jdk by JetBrains.

the class PKCS12SameKeyId method main.

public static void main(String[] args) throws Exception {
    // Prepare a JKS keystore with many entries
    new File(JKSFILE).delete();
    for (int i = 0; i < SIZE; i++) {
        System.err.print(".");
        String cmd = "-keystore " + JKSFILE + " -storepass changeit -keypass changeit -keyalg rsa " + "-genkeypair -alias p" + i + " -dname CN=" + i;
        sun.security.tools.keytool.Main.main(cmd.split(" "));
    }
    // Prepare EncryptedPrivateKeyInfo parameters, copied from various
    // places in PKCS12KeyStore.java
    AlgorithmParameters algParams = AlgorithmParameters.getInstance("PBEWithSHA1AndDESede");
    algParams.init(new PBEParameterSpec("12345678".getBytes(), 1024));
    AlgorithmId algid = new AlgorithmId(new ObjectIdentifier("1.2.840.113549.1.12.1.3"), algParams);
    PBEKeySpec keySpec = new PBEKeySpec(PASSWORD);
    SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
    SecretKey skey = skFac.generateSecret(keySpec);
    Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede");
    cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);
    // Pre-calculated keys and certs and aliases
    byte[][] keys = new byte[SIZE][];
    Certificate[][] certChains = new Certificate[SIZE][];
    String[] aliases = new String[SIZE];
    // Reads from JKS keystore and pre-calculate
    KeyStore ks = KeyStore.getInstance("jks");
    try (FileInputStream fis = new FileInputStream(JKSFILE)) {
        ks.load(fis, PASSWORD);
    }
    for (int i = 0; i < SIZE; i++) {
        aliases[i] = "p" + i;
        byte[] enckey = cipher.doFinal(ks.getKey(aliases[i], PASSWORD).getEncoded());
        keys[i] = new EncryptedPrivateKeyInfo(algid, enckey).getEncoded();
        certChains[i] = ks.getCertificateChain(aliases[i]);
    }
    // Write into PKCS12 keystore. Use this overloaded version of
    // setKeyEntry() to be as fast as possible, so that they would
    // have same localKeyId.
    KeyStore p12 = KeyStore.getInstance("pkcs12");
    p12.load(null, PASSWORD);
    for (int i = 0; i < SIZE; i++) {
        p12.setKeyEntry(aliases[i], keys[i], certChains[i]);
    }
    try (FileOutputStream fos = new FileOutputStream(P12FILE)) {
        p12.store(fos, PASSWORD);
    }
    // Check private keys still match certs
    p12 = KeyStore.getInstance("pkcs12");
    try (FileInputStream fis = new FileInputStream(P12FILE)) {
        p12.load(fis, PASSWORD);
    }
    for (int i = 0; i < SIZE; i++) {
        String a = "p" + i;
        X509Certificate x = (X509Certificate) p12.getCertificate(a);
        X500Name name = (X500Name) x.getSubjectDN();
        if (!name.getCommonName().equals("" + i)) {
            throw new Exception(a + "'s cert is " + name);
        }
    }
}

Example 30 with AlgorithmId

use of sun.security.x509.AlgorithmId in project jdk8u_jdk by JetBrains.

the class SimpleSigner method main.

public static void main(String[] argv) throws Exception {
    SignerInfo[] signerInfos = new SignerInfo[9];
    SimpleSigner signer1 = new SimpleSigner(null, null, null, null);
    signerInfos[8] = signer1.genSignerInfo(data1);
    signerInfos[7] = signer1.genSignerInfo(new byte[] {});
    signerInfos[6] = signer1.genSignerInfo(data2);
    SimpleSigner signer2 = new SimpleSigner(null, null, null, null);
    signerInfos[5] = signer2.genSignerInfo(data1);
    signerInfos[4] = signer2.genSignerInfo(new byte[] {});
    signerInfos[3] = signer2.genSignerInfo(data2);
    SimpleSigner signer3 = new SimpleSigner(null, null, null, null);
    signerInfos[2] = signer3.genSignerInfo(data1);
    signerInfos[1] = signer3.genSignerInfo(new byte[] {});
    signerInfos[0] = signer3.genSignerInfo(data2);
    ContentInfo contentInfo = new ContentInfo(data1);
    AlgorithmId[] algIds = { new AlgorithmId(AlgorithmId.SHA256_oid) };
    X509Certificate[] certs = { signer3.getCert(), signer2.getCert(), signer1.getCert() };
    PKCS7 pkcs71 = new PKCS7(algIds, contentInfo, certs, signerInfos);
    System.out.println("SignerInfos in original.");
    printSignerInfos(pkcs71.getSignerInfos());
    DerOutputStream out = new DerOutputStream();
    pkcs71.encodeSignedData(out);
    PKCS7 pkcs72 = new PKCS7(out.toByteArray());
    System.out.println("\nSignerInfos read back in:");
    printSignerInfos(pkcs72.getSignerInfos());
    System.out.println("Verified signers of original:");
    SignerInfo[] verifs1 = pkcs71.verify();
    System.out.println("Verified signers of after read-in:");
    SignerInfo[] verifs2 = pkcs72.verify();
    if (verifs1.length != verifs2.length) {
        throw new RuntimeException("Length or Original vs read-in " + "should be same");
    }
}