Java Code Examples for org.bouncycastle.asn1.x509.AlgorithmIdentifier#getAlgorithm()
The following examples show how to use
org.bouncycastle.asn1.x509.AlgorithmIdentifier#getAlgorithm() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: XiXDHContentVerifierProvider.java From xipki with Apache License 2.0 | 6 votes |
@Override public ContentVerifier get(AlgorithmIdentifier verifierAlgorithmIdentifier) throws OperatorCreationException { ASN1ObjectIdentifier oid = verifierAlgorithmIdentifier.getAlgorithm(); if (!this.sigAlgOid.equals(oid)) { throw new OperatorCreationException( "given public key is not suitable for the alogithm " + oid.getId()); } Mac hmac; try { hmac = Mac.getInstance(hmacAlgoithm); } catch (NoSuchAlgorithmException ex) { throw new OperatorCreationException(ex.getMessage()); } return new XDHContentVerifier(verifierAlgorithmIdentifier, hmac, hmacKey); }
Example 2
Source File: AlgorithmUtil.java From xipki with Apache License 2.0 | 6 votes |
public static AlgorithmCode getSigOrMacAlgoCode(AlgorithmIdentifier algId) throws NoSuchAlgorithmException { ASN1ObjectIdentifier oid = algId.getAlgorithm(); AlgorithmCode code = algOidToCodeMap.get(oid); if (code != null) { return code; } if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(oid)) { RSASSAPSSparams param = RSASSAPSSparams.getInstance(algId.getParameters()); ASN1ObjectIdentifier digestAlgOid = param.getHashAlgorithm().getAlgorithm(); code = digestToMgf1AlgCodeMap.get(digestAlgOid); if (code == null) { throw new NoSuchAlgorithmException("unsupported digest algorithm " + digestAlgOid); } return code; } else { throw new NoSuchAlgorithmException("unsupported signature algorithm " + oid.getId()); } }
Example 3
Source File: AlgorithmUtil.java From xipki with Apache License 2.0 | 6 votes |
public static AlgorithmIdentifier extractDigesetAlgFromSigAlg(AlgorithmIdentifier sigAlgId) throws NoSuchAlgorithmException { ASN1ObjectIdentifier algOid = sigAlgId.getAlgorithm(); ASN1ObjectIdentifier digestAlgOid; if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algOid)) { ASN1Encodable asn1Encodable = sigAlgId.getParameters(); RSASSAPSSparams param = RSASSAPSSparams.getInstance(asn1Encodable); digestAlgOid = param.getHashAlgorithm().getAlgorithm(); } else { HashAlgo digestAlg = sigAlgOidToDigestMap.get(algOid); if (digestAlg == null) { throw new NoSuchAlgorithmException("unknown signature algorithm " + algOid.getId()); } digestAlgOid = digestAlg.getOid(); } return new AlgorithmIdentifier(digestAlgOid, DERNull.INSTANCE); }
Example 4
Source File: P11ContentSigner.java From xipki with Apache License 2.0 | 6 votes |
EdDSA(P11CryptService cryptService, P11IdentityId identityId, AlgorithmIdentifier signatureAlgId) throws XiSecurityException, P11TokenException { super(cryptService, identityId, signatureAlgId); ASN1ObjectIdentifier algOid = signatureAlgId.getAlgorithm(); if (!EdECConstants.id_ED25519.equals(algOid)) { throw new XiSecurityException("unsupproted signature algorithm " + algOid.getId()); } mechanism = PKCS11Constants.CKM_EDDSA; P11Slot slot = cryptService.getSlot(identityId.getSlotId()); if (slot.supportsMechanism(mechanism)) { throw new XiSecurityException("unsupported signature algorithm " + algOid.getId()); } this.outputStream = new ByteArrayOutputStream(); }
Example 5
Source File: P11ContentSigner.java From xipki with Apache License 2.0 | 5 votes |
Mac(P11CryptService cryptService, P11IdentityId identityId, AlgorithmIdentifier macAlgId) throws XiSecurityException, P11TokenException { super(cryptService, identityId, macAlgId); ASN1ObjectIdentifier oid = macAlgId.getAlgorithm(); if (PKCSObjectIdentifiers.id_hmacWithSHA1.equals(oid)) { mechanism = PKCS11Constants.CKM_SHA_1_HMAC; } else if (PKCSObjectIdentifiers.id_hmacWithSHA224.equals(oid)) { mechanism = PKCS11Constants.CKM_SHA224_HMAC; } else if (PKCSObjectIdentifiers.id_hmacWithSHA256.equals(oid)) { mechanism = PKCS11Constants.CKM_SHA256_HMAC; } else if (PKCSObjectIdentifiers.id_hmacWithSHA384.equals(oid)) { mechanism = PKCS11Constants.CKM_SHA384_HMAC; } else if (PKCSObjectIdentifiers.id_hmacWithSHA512.equals(oid)) { mechanism = PKCS11Constants.CKM_SHA512_HMAC; } else if (NISTObjectIdentifiers.id_hmacWithSHA3_224.equals(oid)) { mechanism = PKCS11Constants.CKM_SHA3_224_HMAC; } else if (NISTObjectIdentifiers.id_hmacWithSHA3_256.equals(oid)) { mechanism = PKCS11Constants.CKM_SHA3_256_HMAC; } else if (NISTObjectIdentifiers.id_hmacWithSHA3_384.equals(oid)) { mechanism = PKCS11Constants.CKM_SHA3_384_HMAC; } else if (NISTObjectIdentifiers.id_hmacWithSHA3_512.equals(oid)) { mechanism = PKCS11Constants.CKM_SHA3_512_HMAC; } else { throw new IllegalArgumentException("unknown algorithm identifier " + oid.getId()); } P11Slot slot = cryptService.getSlot(identityId.getSlotId()); if (slot.supportsMechanism(mechanism)) { throw new XiSecurityException("unsupported MAC algorithm " + oid.getId()); } this.outputStream = new ByteArrayOutputStream(); }
Example 6
Source File: Responder.java From xipki with Apache License 2.0 | 5 votes |
public boolean isPbmMacPermitted(AlgorithmIdentifier pbmMac) { ASN1ObjectIdentifier macOid = pbmMac.getAlgorithm(); for (ASN1ObjectIdentifier oid : macAlgos) { if (oid.equals(macOid)) { return true; } } return false; }
Example 7
Source File: Responder.java From xipki with Apache License 2.0 | 5 votes |
public boolean isPbmOwfPermitted(AlgorithmIdentifier pbmOwf) { ASN1ObjectIdentifier owfOid = pbmOwf.getAlgorithm(); for (ASN1ObjectIdentifier oid : owfAlgos) { if (oid.equals(owfOid)) { return true; } } return false; }
Example 8
Source File: ResponseSigner.java From xipki with Apache License 2.0 | 5 votes |
private static String getSignatureAlgorithmName(AlgorithmIdentifier sigAlgId) { ASN1ObjectIdentifier algOid = sigAlgId.getAlgorithm(); if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algOid)) { return algOid.getId(); } ASN1Encodable asn1Encodable = sigAlgId.getParameters(); RSASSAPSSparams param = RSASSAPSSparams.getInstance(asn1Encodable); ASN1ObjectIdentifier digestAlgOid = param.getHashAlgorithm().getAlgorithm(); return digestAlgOid.getId() + "WITHRSAANDMGF1"; }
Example 9
Source File: CmpControl.java From xipki with Apache License 2.0 | 5 votes |
public boolean isRequestPbmMacPermitted(AlgorithmIdentifier pbmMac) { ASN1ObjectIdentifier macOid = pbmMac.getAlgorithm(); for (ASN1ObjectIdentifier oid : requestPbmMacs) { if (oid.equals(macOid)) { return true; } } return false; }
Example 10
Source File: CmpControl.java From xipki with Apache License 2.0 | 5 votes |
public boolean isRequestPbmOwfPermitted(AlgorithmIdentifier pbmOwf) { ASN1ObjectIdentifier owfOid = pbmOwf.getAlgorithm(); for (ASN1ObjectIdentifier oid : requestPbmOwfs) { if (oid.equals(owfOid)) { return true; } } return false; }
Example 11
Source File: P12MacContentSignerBuilder.java From xipki with Apache License 2.0 | 5 votes |
public ConcurrentContentSigner createSigner(AlgorithmIdentifier signatureAlgId, int parallelism, SecureRandom random) throws XiSecurityException { Args.notNull(signatureAlgId, "signatureAlgId"); Args.positive(parallelism, "parallelism"); List<XiContentSigner> signers = new ArrayList<>(parallelism); boolean gmac = false; ASN1ObjectIdentifier oid = signatureAlgId.getAlgorithm(); if (oid.equals(NISTObjectIdentifiers.id_aes128_GCM) || oid.equals(NISTObjectIdentifiers.id_aes192_GCM) || oid.equals(NISTObjectIdentifiers.id_aes256_GCM)) { gmac = true; } for (int i = 0; i < parallelism; i++) { XiContentSigner signer; if (gmac) { signer = new AESGmacContentSigner(oid, key); } else { signer = new HmacContentSigner(signatureAlgId, key); } signers.add(signer); } final boolean mac = true; DfltConcurrentContentSigner concurrentSigner; try { concurrentSigner = new DfltConcurrentContentSigner(mac, signers, key); } catch (NoSuchAlgorithmException ex) { throw new XiSecurityException(ex.getMessage(), ex); } concurrentSigner.setSha1DigestOfMacKey(HashAlgo.SHA1.hash(key.getEncoded())); return concurrentSigner; }
Example 12
Source File: P11ContentSigner.java From xipki with Apache License 2.0 | 5 votes |
RSA(P11CryptService cryptService, P11IdentityId identityId, AlgorithmIdentifier signatureAlgId) throws XiSecurityException, P11TokenException { super(cryptService, identityId, signatureAlgId); ASN1ObjectIdentifier algOid = signatureAlgId.getAlgorithm(); HashAlgo hashAlgo = sigAlgHashAlgMap.get(algOid); if (hashAlgo == null) { throw new XiSecurityException("unsupported signature algorithm " + algOid.getId()); } P11SlotIdentifier slotId = identityId.getSlotId(); P11Slot slot = cryptService.getSlot(slotId); long mech = hashAlgMechMap.get(hashAlgo).longValue(); if (slot.supportsMechanism(mech)) { mechanism = mech; } else if (slot.supportsMechanism(PKCS11Constants.CKM_RSA_PKCS)) { mechanism = PKCS11Constants.CKM_RSA_PKCS; } else if (slot.supportsMechanism(PKCS11Constants.CKM_RSA_X_509)) { mechanism = PKCS11Constants.CKM_RSA_X_509; } else { throw new XiSecurityException("unsupported signature algorithm " + algOid.getId()); } if (mechanism == PKCS11Constants.CKM_RSA_PKCS || mechanism == PKCS11Constants.CKM_RSA_X_509) { this.digestPkcsPrefix = SignerUtil.getDigestPkcsPrefix(hashAlgo); this.outputStream = new DigestOutputStream(hashAlgo.createDigest()); } else { this.digestPkcsPrefix = null; this.outputStream = new ByteArrayOutputStream(); } RSAPublicKey rsaPubKey = (RSAPublicKey) cryptService.getIdentity(identityId).getPublicKey(); this.modulusBitLen = rsaPubKey.getModulus().bitLength(); }
Example 13
Source File: cryptoCommon.java From fido2 with GNU Lesser General Public License v2.1 | 5 votes |
/** * Method to verify attestation certificate * * @param attestationCertificate - the attestation cert to be verified * @return - boolean, based on the result of verification */ public static boolean verifyU2FAttestationCertificate(X509Certificate attestationCertificate) { PublicKey attcertPublicKey = attestationCertificate.getPublicKey(); byte[] attPublicKey = attcertPublicKey.getEncoded(); SubjectPublicKeyInfo spki = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(attPublicKey)); spki.getAlgorithm(); // get algorithm from the AlgorithmIdentifier refer to RFC 5480 AlgorithmIdentifier sigAlgId = spki.getAlgorithm(); ASN1ObjectIdentifier asoi = sigAlgId.getAlgorithm(); if (!(asoi.getId().equals("1.2.840.10045.2.1"))) { //not an EC Public Key logp(Level.SEVERE, classname, "verifyAttestationCertificate", "FIDO-ERR-5008", "Only Elliptic-Curve (EC) keys are allowed, the public key in this certificate not an EC public key"); return false; } // Get parameters from AlgorithmIdentifier, parameters field is optional RFC 5480, ASN1Encodable asne = sigAlgId.getParameters(); if (asne == null) { logp(Level.WARNING, classname, "verifyAttestationCertificate", "FIDO-WARN-5001", ""); } else { if (!(asne.toString().equals("1.2.840.10045.3.1.7"))) { //key not generated using curve secp256r1 logp(Level.SEVERE, classname, "verifyAttestationCertificate", "FIDO-ERR-5009", ""); return false; } } logp(Level.FINE, classname, "verifyAttestationCertificate", "FIDO-MSG-5025", ""); return true; }
Example 14
Source File: SignerUtil.java From xipki with Apache License 2.0 | 5 votes |
public static PSSSigner createPSSRSASigner(AlgorithmIdentifier sigAlgId, AsymmetricBlockCipher cipher) throws XiSecurityException { Args.notNull(sigAlgId, "sigAlgId"); if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(sigAlgId.getAlgorithm())) { throw new XiSecurityException("signature algorithm " + sigAlgId.getAlgorithm() + " is not allowed"); } AlgorithmIdentifier digAlgId; try { digAlgId = AlgorithmUtil.extractDigesetAlgFromSigAlg(sigAlgId); } catch (NoSuchAlgorithmException ex) { throw new XiSecurityException(ex.getMessage(), ex); } RSASSAPSSparams param = RSASSAPSSparams.getInstance(sigAlgId.getParameters()); AlgorithmIdentifier mfgDigAlgId = AlgorithmIdentifier.getInstance( param.getMaskGenAlgorithm().getParameters()); Digest dig = getDigest(digAlgId); Digest mfgDig = getDigest(mfgDigAlgId); int saltSize = param.getSaltLength().intValue(); int trailerField = param.getTrailerField().intValue(); AsymmetricBlockCipher tmpCipher = (cipher == null) ? new RSABlindedEngine() : cipher; return new PSSSigner(tmpCipher, dig, mfgDig, saltSize, getTrailer(trailerField)); }
Example 15
Source File: AlgorithmUtil.java From xipki with Apache License 2.0 | 5 votes |
public static HashAlgo extractHashAlgoFromMacAlg(AlgorithmIdentifier macAlg) { ASN1ObjectIdentifier oid = macAlg.getAlgorithm(); HashAlgo hashAlgo = macAlgOidToDigestMap.get(oid); if (hashAlgo == null) { throw new IllegalArgumentException("unknown algorithm identifier " + oid.getId()); } return hashAlgo; }
Example 16
Source File: PrecomputedDigestCalculatorProvider.java From dss with GNU Lesser General Public License v2.1 | 5 votes |
@Override public DigestCalculator get(final AlgorithmIdentifier digestAlgorithmIdentifier) throws OperatorCreationException { ASN1ObjectIdentifier algorithmOid = digestAlgorithmIdentifier.getAlgorithm(); final String digestBase64 = digestDocument.getDigest(DigestAlgorithm.forOID(algorithmOid.getId())); return new DigestCalculator() { @Override public OutputStream getOutputStream() { OutputStream os = new ByteArrayOutputStream(); try { Utils.write(getDigest(), os); } catch (IOException e) { throw new DSSException("Unable to get outputstream", e); } return os; } @Override public byte[] getDigest() { return Utils.fromBase64(digestBase64); } @Override public AlgorithmIdentifier getAlgorithmIdentifier() { return digestAlgorithmIdentifier; } }; }
Example 17
Source File: V1SchemeSigner.java From walle with Apache License 2.0 | 5 votes |
@Override public AlgorithmIdentifier findEncryptionAlgorithm(AlgorithmIdentifier id) { // Use the default chooser, but replace dsaWithSha1 with dsa. This is because "dsa" is // accepted by any Android platform whereas "dsaWithSha1" is accepted only since // API Level 9. id = mDefault.findEncryptionAlgorithm(id); if (id != null) { ASN1ObjectIdentifier oid = id.getAlgorithm(); if (X9ObjectIdentifiers.id_dsa_with_sha1.equals(oid)) { return DSA; } } return id; }
Example 18
Source File: P11ContentSigner.java From xipki with Apache License 2.0 | 4 votes |
RSAPSS(P11CryptService cryptService, P11IdentityId identityId, AlgorithmIdentifier signatureAlgId, SecureRandom random) throws XiSecurityException, P11TokenException { super(cryptService, identityId, signatureAlgId); Args.notNull(random, "random"); ASN1ObjectIdentifier sigOid = signatureAlgId.getAlgorithm(); if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(sigOid)) { throw new XiSecurityException("unsupported signature algorithm " + signatureAlgId.getAlgorithm()); } RSASSAPSSparams asn1Params = RSASSAPSSparams.getInstance(signatureAlgId.getParameters()); ASN1ObjectIdentifier digestAlgOid = asn1Params.getHashAlgorithm().getAlgorithm(); HashAlgo hashAlgo = HashAlgo.getInstance(digestAlgOid); if (hashAlgo == null) { throw new XiSecurityException("unsupported hash algorithm " + digestAlgOid.getId()); } P11SlotIdentifier slotId = identityId.getSlotId(); P11Slot slot = cryptService.getSlot(slotId); long mech = hashAlgMechMap.get(hashAlgo).longValue(); if (slot.supportsMechanism(mech)) { this.mechanism = mech; this.parameters = new P11Params.P11RSAPkcsPssParams(asn1Params); this.outputStream = new ByteArrayOutputStream(); } else if (slot.supportsMechanism(PKCS11Constants.CKM_RSA_PKCS_PSS)) { this.mechanism = PKCS11Constants.CKM_RSA_PKCS_PSS; this.parameters = new P11Params.P11RSAPkcsPssParams(asn1Params); this.outputStream = new DigestOutputStream(hashAlgo.createDigest()); } else if (slot.supportsMechanism(PKCS11Constants.CKM_RSA_X_509)) { this.mechanism = PKCS11Constants.CKM_RSA_X_509; this.parameters = null; AsymmetricBlockCipher cipher = new P11PlainRSASigner(); P11RSAKeyParameter keyParam; try { keyParam = P11RSAKeyParameter.getInstance(cryptService, identityId); } catch (InvalidKeyException ex) { throw new XiSecurityException(ex.getMessage(), ex); } PSSSigner pssSigner = SignerUtil.createPSSRSASigner(signatureAlgId, cipher); pssSigner.init(true, new ParametersWithRandom(keyParam, random)); this.outputStream = new PSSSignerOutputStream(pssSigner); } else { throw new XiSecurityException("unsupported signature algorithm " + sigOid.getId() + " with " + hashAlgo); } }
Example 19
Source File: P11Params.java From xipki with Apache License 2.0 | 4 votes |
public P11RSAPkcsPssParams(RSASSAPSSparams asn1Params) { ASN1ObjectIdentifier asn1Oid = asn1Params.getHashAlgorithm().getAlgorithm(); HashAlgo contentHashAlgo = HashAlgo.getInstance(asn1Oid); if (contentHashAlgo == null) { throw new IllegalArgumentException("unsupported hash algorithm " + asn1Oid.getId()); } AlgorithmIdentifier mga = asn1Params.getMaskGenAlgorithm(); asn1Oid = mga.getAlgorithm(); if (!PKCSObjectIdentifiers.id_mgf1.equals(asn1Oid)) { throw new IllegalArgumentException("unsupported MGF algorithm " + asn1Oid.getId()); } asn1Oid = AlgorithmIdentifier.getInstance(mga.getParameters()).getAlgorithm(); HashAlgo mgfHashAlgo = HashAlgo.getInstance(asn1Oid); if (mgfHashAlgo == null) { throw new IllegalArgumentException("unsupported MGF hash algorithm " + asn1Oid.getId()); } this.saltLength = asn1Params.getSaltLength().longValue(); BigInteger trailerField = asn1Params.getTrailerField(); if (!RSASSAPSSparams.DEFAULT_TRAILER_FIELD.getValue().equals(trailerField)) { throw new IllegalArgumentException("unsupported trailerField " + trailerField); } switch (contentHashAlgo) { case SHA1: this.hashAlgorithm = PKCS11Constants.CKM_SHA_1; break; case SHA224: this.hashAlgorithm = PKCS11Constants.CKM_SHA224; break; case SHA256: this.hashAlgorithm = PKCS11Constants.CKM_SHA256; break; case SHA384: this.hashAlgorithm = PKCS11Constants.CKM_SHA384; break; case SHA512: this.hashAlgorithm = PKCS11Constants.CKM_SHA512; break; case SHA3_224: this.hashAlgorithm = PKCS11Constants.CKM_SHA3_224; break; case SHA3_256: this.hashAlgorithm = PKCS11Constants.CKM_SHA3_256; break; case SHA3_384: this.hashAlgorithm = PKCS11Constants.CKM_SHA3_384; break; case SHA3_512: this.hashAlgorithm = PKCS11Constants.CKM_SHA3_512; break; default: throw new IllegalStateException("should not reach here"); } switch (mgfHashAlgo) { case SHA1: this.maskGenerationFunction = PKCS11Constants.CKG_MGF1_SHA1; break; case SHA224: this.maskGenerationFunction = PKCS11Constants.CKG_MGF1_SHA224; break; case SHA256: this.maskGenerationFunction = PKCS11Constants.CKG_MGF1_SHA256; break; case SHA384: this.maskGenerationFunction = PKCS11Constants.CKG_MGF1_SHA384; break; case SHA512: this.maskGenerationFunction = PKCS11Constants.CKG_MGF1_SHA512; break; case SHA3_224: this.maskGenerationFunction = PKCS11Constants.CKG_MGF1_SHA3_224; break; case SHA3_256: this.maskGenerationFunction = PKCS11Constants.CKG_MGF1_SHA3_256; break; case SHA3_384: this.maskGenerationFunction = PKCS11Constants.CKG_MGF1_SHA3_384; break; case SHA3_512: this.maskGenerationFunction = PKCS11Constants.CKG_MGF1_SHA3_512; break; default: throw new IllegalStateException("should not reach here"); } }