Java Code Examples for org.bouncycastle.asn1.nist.NISTObjectIdentifiers#id_sha256()

The following examples show how to use org.bouncycastle.asn1.nist.NISTObjectIdentifiers#id_sha256() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SigningCertificateV2.java    From signer with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
	public Attribute getValue() throws SignerException {
		try {
			X509Certificate cert = (X509Certificate) certificates[0];
			X509Certificate issuerCert = (X509Certificate) certificates[1];
			Digest digest = DigestFactory.getInstance().factoryDefault();
			digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
			byte[] certHash = digest.digest(cert.getEncoded());
			X500Name dirName = new X500Name(issuerCert.getSubjectX500Principal().getName());
			GeneralName name = new GeneralName(dirName);
			GeneralNames issuer = new GeneralNames(name);
			ASN1Integer serialNumber = new ASN1Integer(cert.getSerialNumber());
			IssuerSerial issuerSerial = new IssuerSerial(issuer, serialNumber);
			AlgorithmIdentifier algId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256);// SHA-256
			ESSCertIDv2 essCertIDv2 = new ESSCertIDv2(algId, certHash, issuerSerial);
//			return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(essCertIDv2)));
			return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(
					new ASN1Encodable[] { new DERSequence(essCertIDv2) })));
		} catch (CertificateEncodingException ex) {
			throw new SignerException(ex.getMessage());
		}
	}
 
Example 2
Source File: SignInSteps.java    From testarea-itext5 with GNU Affero General Public License v3.0 5 votes vote down vote up
/**
 * <a href="http://stackoverflow.com/questions/33305800/difference-between-sha256withrsa-and-sha256-then-rsa">
 * Difference between SHA256withRSA and SHA256 then RSA
 * </a>
 * <p>
 * This method is the updated code provided by the OP. As expected it shows two equal signatures.
 * The OP's observations seem to differ, though.
 * </p>
 */
public void testAsGreenhandUpdated(PrivateKey privateKey) throws GeneralSecurityException, IOException
{
    System.out.println("\nGreenhandUpdated:");

    String s = "1234";
    MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
    messageDigest.update(s.getBytes());
    byte[] outputDigest = messageDigest.digest();

    AlgorithmIdentifier sha256Aid = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE);
    DigestInfo di = new DigestInfo(sha256Aid, outputDigest);
    //sign SHA256 with RSA
    Signature rsaSignature = Signature.getInstance("RSA");
    rsaSignature.initSign(privateKey);
    byte[] encodedDigestInfo = di.toASN1Primitive().getEncoded();
    rsaSignature.update(encodedDigestInfo);
    byte[] signed = rsaSignature.sign();
    System.out.println("method 1: "+bytesToHex(signed));
    System.out.println("    hash: " + bytesToHex(outputDigest));
    System.out.println("    algo: " + sha256Aid.getAlgorithm());
    System.out.println("    info: " + bytesToHex(encodedDigestInfo));

    //compute SHA256withRSA as a single step
    Signature rsaSha256Signature = Signature.getInstance("SHA256withRSA");
    rsaSha256Signature.initSign(privateKey);
    rsaSha256Signature.update(s.getBytes());
    byte[] signed2 = rsaSha256Signature.sign();
    System.out.println("method 2: "+bytesToHex(signed2));
}
 
Example 3
Source File: RevocationRefs.java    From signer with GNU Lesser General Public License v3.0 5 votes vote down vote up
/**
 * 
 * 
 * @param extract
 *            CrlValidatedID from X509CRL
 * @return a CrlValidatedID
 * @throws NoSuchAlgorithmException
 * @throws CRLException
 */

private CrlValidatedID makeCrlValidatedID(X509CRL crl)
		throws NoSuchAlgorithmException, CRLException {

	Digest digest = DigestFactory.getInstance().factoryDefault();
	digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
	
	OtherHashAlgAndValue otherHashAlgAndValue = new OtherHashAlgAndValue(
				new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256), new DEROctetString(digest.digest(crl.getEncoded())));
	
	OtherHash hash = new OtherHash(otherHashAlgAndValue);

	BigInteger crlnumber;
	CrlIdentifier crlid;
	if (crl.getExtensionValue("2.5.29.20") != null) {
		ASN1Integer varASN1Integer = new ASN1Integer(crl.getExtensionValue("2.5.29.20"));
		crlnumber = varASN1Integer.getPositiveValue();

		crlid = new CrlIdentifier(new X500Name(crl.getIssuerX500Principal()
				.getName()), new DERUTCTime(crl.getThisUpdate()), crlnumber);
	} else {
		crlid = new CrlIdentifier(new X500Name(crl.getIssuerX500Principal()
				.getName()), new DERUTCTime(crl.getThisUpdate()));
	}

	CrlValidatedID crlvid = new CrlValidatedID(hash, crlid);

	return crlvid;
}
 
Example 4
Source File: ScepUtil.java    From xipki with Apache License 2.0 5 votes vote down vote up
public static ASN1ObjectIdentifier extractDigesetAlgorithmIdentifier(String sigOid,
    byte[] sigParams) throws NoSuchAlgorithmException {
  Args.notBlank(sigOid, "sigOid");

  ASN1ObjectIdentifier algOid = new ASN1ObjectIdentifier(sigOid);

  ASN1ObjectIdentifier digestAlgOid;
  if (PKCSObjectIdentifiers.md5WithRSAEncryption.equals(algOid)) {
    digestAlgOid = PKCSObjectIdentifiers.md5;
  } else if (PKCSObjectIdentifiers.sha1WithRSAEncryption.equals(algOid)) {
    digestAlgOid = X509ObjectIdentifiers.id_SHA1;
  } else if (PKCSObjectIdentifiers.sha224WithRSAEncryption.equals(algOid)) {
    digestAlgOid = NISTObjectIdentifiers.id_sha224;
  } else if (PKCSObjectIdentifiers.sha256WithRSAEncryption.equals(algOid)) {
    digestAlgOid = NISTObjectIdentifiers.id_sha256;
  } else if (PKCSObjectIdentifiers.sha384WithRSAEncryption.equals(algOid)) {
    digestAlgOid = NISTObjectIdentifiers.id_sha384;
  } else if (PKCSObjectIdentifiers.sha512WithRSAEncryption.equals(algOid)) {
    digestAlgOid = NISTObjectIdentifiers.id_sha512;
  } else if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algOid)) {
    RSASSAPSSparams param = RSASSAPSSparams.getInstance(sigParams);
    digestAlgOid = param.getHashAlgorithm().getAlgorithm();
  } else {
    throw new NoSuchAlgorithmException("unknown signature algorithm" + algOid.getId());
  }

  return digestAlgOid;
}
 
Example 5
Source File: RequestOptions.java    From xipki with Apache License 2.0 4 votes vote down vote up
private static AlgorithmIdentifier createAlgId(String algoName) {
  algoName = algoName.toUpperCase();
  ASN1ObjectIdentifier algOid = null;
  if ("SHA1WITHRSA".equals(algoName)) {
    algOid = PKCSObjectIdentifiers.sha1WithRSAEncryption;
  } else if ("SHA256WITHRSA".equals(algoName)) {
    algOid = PKCSObjectIdentifiers.sha256WithRSAEncryption;
  } else if ("SHA384WITHRSA".equals(algoName)) {
    algOid = PKCSObjectIdentifiers.sha384WithRSAEncryption;
  } else if ("SHA512WITHRSA".equals(algoName)) {
    algOid = PKCSObjectIdentifiers.sha512WithRSAEncryption;
  } else if ("SHA1WITHECDSA".equals(algoName)) {
    algOid = X9ObjectIdentifiers.ecdsa_with_SHA1;
  } else if ("SHA256WITHECDSA".equals(algoName)) {
    algOid = X9ObjectIdentifiers.ecdsa_with_SHA256;
  } else if ("SHA384WITHECDSA".equals(algoName)) {
    algOid = X9ObjectIdentifiers.ecdsa_with_SHA384;
  } else if ("SHA512WITHECDSA".equals(algoName)) {
    algOid = X9ObjectIdentifiers.ecdsa_with_SHA512;
  } else if ("SHA1WITHRSAANDMGF1".equals(algoName) || "SHA256WITHRSAANDMGF1".equals(algoName)
      || "SHA384WITHRSAANDMGF1".equals(algoName) || "SHA512WITHRSAANDMGF1".equals(algoName)) {
    algOid = PKCSObjectIdentifiers.id_RSASSA_PSS;
  } else {
    throw new IllegalStateException("Unsupported algorithm " + algoName); // should not happen
  }

  ASN1Encodable params;
  if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algOid)) {
    ASN1ObjectIdentifier digestAlgOid = null;
    if ("SHA1WITHRSAANDMGF1".equals(algoName)) {
      digestAlgOid = X509ObjectIdentifiers.id_SHA1;
    } else if ("SHA256WITHRSAANDMGF1".equals(algoName)) {
      digestAlgOid = NISTObjectIdentifiers.id_sha256;
    } else if ("SHA384WITHRSAANDMGF1".equals(algoName)) {
      digestAlgOid = NISTObjectIdentifiers.id_sha384;
    } else { // if ("SHA512WITHRSAANDMGF1".equals(algoName))
      digestAlgOid = NISTObjectIdentifiers.id_sha512;
    }
    params = createPSSRSAParams(digestAlgOid);
  } else {
    params = DERNull.INSTANCE;
  }

  return new AlgorithmIdentifier(algOid, params);
}