Java Code Examples for org.bouncycastle.asn1.x509.SubjectPublicKeyInfo#getAlgorithm()
The following examples show how to use
org.bouncycastle.asn1.x509.SubjectPublicKeyInfo#getAlgorithm() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: cryptoCommon.java From fido2 with GNU Lesser General Public License v2.1 | 5 votes |
|
/**
* Method to verify attestation certificate
*
* @param attestationCertificate - the attestation cert to be verified
* @return - boolean, based on the result of verification
*/
public static boolean verifyU2FAttestationCertificate(X509Certificate attestationCertificate) {
PublicKey attcertPublicKey = attestationCertificate.getPublicKey();
byte[] attPublicKey = attcertPublicKey.getEncoded();
SubjectPublicKeyInfo spki = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(attPublicKey));
spki.getAlgorithm();
// get algorithm from the AlgorithmIdentifier refer to RFC 5480
AlgorithmIdentifier sigAlgId = spki.getAlgorithm();
ASN1ObjectIdentifier asoi = sigAlgId.getAlgorithm();
if (!(asoi.getId().equals("1.2.840.10045.2.1"))) {
//not an EC Public Key
logp(Level.SEVERE, classname, "verifyAttestationCertificate", "FIDO-ERR-5008", "Only Elliptic-Curve (EC) keys are allowed, the public key in this certificate not an EC public key");
return false;
}
// Get parameters from AlgorithmIdentifier, parameters field is optional RFC 5480,
ASN1Encodable asne = sigAlgId.getParameters();
if (asne == null) {
logp(Level.WARNING, classname, "verifyAttestationCertificate", "FIDO-WARN-5001", "");
} else {
if (!(asne.toString().equals("1.2.840.10045.3.1.7"))) { //key not generated using curve secp256r1
logp(Level.SEVERE, classname, "verifyAttestationCertificate", "FIDO-ERR-5009", "");
return false;
}
}
logp(Level.FINE, classname, "verifyAttestationCertificate", "FIDO-MSG-5025", "");
return true;
}
Example 2
| Source File: NewCertificateContract.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
private int getKeySize(SubjectPublicKeyInfo subjectPKInfo) {
try {
X509EncodedKeySpec xspec = new X509EncodedKeySpec((new DERBitString(subjectPKInfo.getEncoded())).getBytes());
AlgorithmIdentifier keyAlg = subjectPKInfo.getAlgorithm();
PublicKey publicKey = KeyFactory.getInstance(keyAlg.getAlgorithm().getId()).generatePublic(xspec);
String algorithm = publicKey.getAlgorithm();
KeyFactory keyFact = KeyFactory.getInstance(algorithm);
RSAPublicKeySpec keySpec = (RSAPublicKeySpec)keyFact.getKeySpec(publicKey, RSAPublicKeySpec.class);
BigInteger modulus = keySpec.getModulus();
return modulus.toString(2).length();
} catch (Exception var9) {
throw new IllegalArgumentException(var9);
}
}
Example 3
| Source File: NewCertificateContract.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
private int getKeySize(SubjectPublicKeyInfo subjectPKInfo) {
try {
X509EncodedKeySpec xspec = new X509EncodedKeySpec((new DERBitString(subjectPKInfo.getEncoded())).getBytes());
AlgorithmIdentifier keyAlg = subjectPKInfo.getAlgorithm();
PublicKey publicKey = KeyFactory.getInstance(keyAlg.getAlgorithm().getId()).generatePublic(xspec);
String algorithm = publicKey.getAlgorithm();
KeyFactory keyFact = KeyFactory.getInstance(algorithm);
RSAPublicKeySpec keySpec = (RSAPublicKeySpec)keyFact.getKeySpec(publicKey, RSAPublicKeySpec.class);
BigInteger modulus = keySpec.getModulus();
return modulus.toString(2).length();
} catch (Exception var9) {
throw new IllegalArgumentException(var9);
}
}
Example 4
| Source File: NewCertificateContract.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
private static int getKeySize(SubjectPublicKeyInfo subjectPKInfo) {
try {
X509EncodedKeySpec xspec = new X509EncodedKeySpec((new DERBitString(subjectPKInfo.getEncoded())).getBytes());
AlgorithmIdentifier keyAlg = subjectPKInfo.getAlgorithm();
PublicKey publicKey = KeyFactory.getInstance(keyAlg.getAlgorithm().getId()).generatePublic(xspec);
String algorithm = publicKey.getAlgorithm();
KeyFactory keyFact = KeyFactory.getInstance(algorithm);
RSAPublicKeySpec keySpec = (RSAPublicKeySpec)keyFact.getKeySpec(publicKey, RSAPublicKeySpec.class);
BigInteger modulus = keySpec.getModulus();
return modulus.toString(2).length();
} catch (Exception var8) {
throw new IllegalArgumentException(var8);
}
}
Example 5
| Source File: NewCertificateContract.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
private static int getKeySize(SubjectPublicKeyInfo subjectPKInfo) {
try {
X509EncodedKeySpec xspec = new X509EncodedKeySpec((new DERBitString(subjectPKInfo.getEncoded())).getBytes());
AlgorithmIdentifier keyAlg = subjectPKInfo.getAlgorithm();
PublicKey publicKey = KeyFactory.getInstance(keyAlg.getAlgorithm().getId()).generatePublic(xspec);
String algorithm = publicKey.getAlgorithm();
KeyFactory keyFact = KeyFactory.getInstance(algorithm);
RSAPublicKeySpec keySpec = (RSAPublicKeySpec)keyFact.getKeySpec(publicKey, RSAPublicKeySpec.class);
BigInteger modulus = keySpec.getModulus();
return modulus.toString(2).length();
} catch (Exception var8) {
throw new IllegalArgumentException(var8);
}
}
Example 6
| Source File: NewCertificateContract.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
private int getKeySize(SubjectPublicKeyInfo subjectPKInfo) {
try {
X509EncodedKeySpec xspec = new X509EncodedKeySpec((new DERBitString(subjectPKInfo.getEncoded())).getBytes());
AlgorithmIdentifier keyAlg = subjectPKInfo.getAlgorithm();
PublicKey publicKey = KeyFactory.getInstance(keyAlg.getAlgorithm().getId()).generatePublic(xspec);
String algorithm = publicKey.getAlgorithm();
KeyFactory keyFact = KeyFactory.getInstance(algorithm);
RSAPublicKeySpec keySpec = (RSAPublicKeySpec)keyFact.getKeySpec(publicKey, RSAPublicKeySpec.class);
BigInteger modulus = keySpec.getModulus();
return modulus.toString(2).length();
} catch (Exception var9) {
throw new IllegalArgumentException(var9);
}
}
Example 7
| Source File: verifyFido2RegistrationPolicy.java From fido2 with GNU Lesser General Public License v2.1 | 4 votes |
|
private void verifyCryptographyOptions(CryptographyPolicyOptions cryptoOp, JsonObject clientJson,
FIDO2AttestationObject attObject, Integer version) throws SKFEException {
ArrayList<String> allowedRSASignatures = cryptoOp.getAllowedRSASignatures();
ArrayList<String> allowedECSignatures = cryptoOp.getAllowedECSignatures();
ArrayList<String> supportedCurves = cryptoOp.getSupportedEllipticCurves();
ArrayList<String> allowedAttestationFormats = cryptoOp.getAllowedAttestationFormats();
ArrayList<String> allowedAttestationTypes = cryptoOp.getAllowedAttestationTypes();
//Verify attestation key
ArrayList certificateChain = attObject.getAttStmt().getX5c();
if(certificateChain != null){
X509Certificate attestationCert = cryptoCommon.generateX509FromBytes((byte[]) certificateChain.get(0));
if(attestationCert == null){
throw new SKFEException("Failed to parse X509Certificate. Check logs for details");
}
PublicKey attestationKey = attestationCert.getPublicKey();
String attestationAlgType = attestationKey.getAlgorithm();
if(!attestationAlgType.equalsIgnoreCase("RSA") && !attestationAlgType.equalsIgnoreCase("EC")){
throw new SKFEException("Unknown key algorithm (Attestation)");
}
if((allowedRSASignatures == null
|| !allowedRSASignatures.contains(skfsCommon.getPolicyAlgFromAlg(attestationCert.getSigAlgName())))
&& (allowedECSignatures == null
|| !allowedECSignatures.contains(skfsCommon.getPolicyAlgFromAlg(attestationCert.getSigAlgName())))){
throw new SKFEException("Signature Algorithm not supported by policy (Attestation): " + attestationCert.getSigAlgName());
}
//Verify that the curve used by the attestation key is approved
if(attestationAlgType.equalsIgnoreCase("EC")){
byte[] enc = attestationKey.getEncoded();
SubjectPublicKeyInfo spki = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(enc));
AlgorithmIdentifier algid = spki.getAlgorithm();
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) algid.getParameters();
if(!supportedCurves.contains(skfsCommon.getPolicyCurveFromOID(oid))){
throw new SKFEException("EC Curve not supported by policy (Attestation)");
}
}
}
//Verify signing key
PublicKey signingKey = attObject.getAuthData().getAttCredData().getPublicKey();
String signingAlgType = signingKey.getAlgorithm();
if(!signingAlgType.equalsIgnoreCase("RSA") && !signingAlgType.equalsIgnoreCase("EC")){
throw new SKFEException("Unknown attestation key algorithm (Signing)");
}
if((allowedRSASignatures == null
|| !allowedRSASignatures.contains(skfsCommon.getPolicyAlgFromIANACOSEAlg(attObject.getAuthData().getAttCredData().getFko().getAlg())))
&& (allowedECSignatures == null
||!allowedECSignatures.contains(skfsCommon.getPolicyAlgFromIANACOSEAlg(attObject.getAuthData().getAttCredData().getFko().getAlg())))){
throw new SKFEException("Rejected key algorithm (Signing): " +
skfsCommon.getPolicyAlgFromIANACOSEAlg(attObject.getAuthData().getAttCredData().getFko().getAlg()));
}
if(signingAlgType.equalsIgnoreCase("EC")){
ECKeyObject eckey = (ECKeyObject) attObject.getAuthData().getAttCredData().getFko();
if(!supportedCurves.contains(skfsCommon.getPolicyCurveFromFIDOECCCurveID(eckey.getCrv()))){
throw new SKFEException("EC Curve not supported by policy (Signing)");
}
}
//Verify allowed AttestationFormat
if(!allowedAttestationFormats.contains(attObject.getAttFormat())){
throw new SKFEException("Attestation format not supported by policy: " + attObject.getAttFormat());
}
//Verify allowed AttestationType
if (!allowedAttestationTypes.contains(attObject.getAttStmt().getAttestationType())) {
throw new SKFEException("Attestation type not supported by policy: " + attObject.getAttStmt().getAttestationType());
}
}
