org.bouncycastle.asn1.x9.X9ObjectIdentifiers Java Examples
The following examples show how to use
org.bouncycastle.asn1.x9.X9ObjectIdentifiers.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SignatureCmpCaClient.java From xipki with Apache License 2.0 | 6 votes |
|
public SignatureCmpCaClient(String caUri, X509Certificate caCert, PrivateKey requestorKey,
X509Certificate requestorCert, X509Certificate responderCert, String hashAlgo)
throws Exception {
super(caUri, caCert,
X500Name.getInstance(requestorCert.getSubjectX500Principal().getEncoded()),
X500Name.getInstance(responderCert.getSubjectX500Principal().getEncoded()),
hashAlgo);
this.requestorKey = SdkUtil.requireNonNull("requestorKey", requestorKey);
SdkUtil.requireNonNull("requestorCert", requestorCert);
this.responderCert = SdkUtil.requireNonNull("responderCert", responderCert);
this.requestorSigner = buildSigner(requestorKey);
ASN1ObjectIdentifier[] oids = {PKCSObjectIdentifiers.sha256WithRSAEncryption,
PKCSObjectIdentifiers.sha384WithRSAEncryption, PKCSObjectIdentifiers.sha512WithRSAEncryption,
X9ObjectIdentifiers.ecdsa_with_SHA256, X9ObjectIdentifiers.ecdsa_with_SHA384,
X9ObjectIdentifiers.ecdsa_with_SHA512, NISTObjectIdentifiers.dsa_with_sha256,
NISTObjectIdentifiers.dsa_with_sha384, NISTObjectIdentifiers.dsa_with_sha512};
for (ASN1ObjectIdentifier oid : oids) {
trustedProtectionAlgOids.add(oid.getId());
}
}
Example #2
| Source File: CaClientExample.java From xipki with Apache License 2.0 | 6 votes |
|
protected static MyKeypair generateDsaKeypair() throws Exception {
// plen: 2048, qlen: 256
DSAParameterSpec spec = new DSAParameterSpec(P2048_Q256_P, P2048_Q256_Q, P2048_Q256_G);
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("DSA");
kpGen.initialize(spec);
KeyPair kp = kpGen.generateKeyPair();
DSAPublicKey dsaPubKey = (DSAPublicKey) kp.getPublic();
ASN1EncodableVector vec = new ASN1EncodableVector();
vec.add(new ASN1Integer(dsaPubKey.getParams().getP()));
vec.add(new ASN1Integer(dsaPubKey.getParams().getQ()));
vec.add(new ASN1Integer(dsaPubKey.getParams().getG()));
ASN1Sequence dssParams = new DERSequence(vec);
SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(
new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, dssParams),
new ASN1Integer(dsaPubKey.getY()));
return new MyKeypair(kp.getPrivate(), subjectPublicKeyInfo);
}
Example #3
| Source File: CaClientExample.java From xipki with Apache License 2.0 | 6 votes |
|
protected static MyKeypair generateEcKeypair() throws GeneralSecurityException {
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("EC");
ECGenParameterSpec spec = new ECGenParameterSpec("secp256r1");
kpGen.initialize(spec);
KeyPair kp = kpGen.generateKeyPair();
ECPublicKey pub = (ECPublicKey) kp.getPublic();
byte[] keyData = new byte[65];
keyData[0] = 4;
copyArray(pub.getW().getAffineX().toByteArray(), keyData, 1, 32);
copyArray(pub.getW().getAffineY().toByteArray(), keyData, 33, 32);
AlgorithmIdentifier algId = new AlgorithmIdentifier(
X9ObjectIdentifiers.id_ecPublicKey, SECObjectIdentifiers.secp256r1);
SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algId, keyData);
return new MyKeypair(kp.getPrivate(), subjectPublicKeyInfo);
}
Example #4
| Source File: CaClientExample.java From xipki with Apache License 2.0 | 6 votes |
|
protected static MyKeypair generateDsaKeypair() throws Exception {
// plen: 2048, qlen: 256
DSAParameterSpec spec = new DSAParameterSpec(P2048_Q256_P, P2048_Q256_Q, P2048_Q256_G);
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("DSA");
kpGen.initialize(spec);
KeyPair kp = kpGen.generateKeyPair();
DSAPublicKey dsaPubKey = (DSAPublicKey) kp.getPublic();
ASN1EncodableVector vec = new ASN1EncodableVector();
vec.add(new ASN1Integer(dsaPubKey.getParams().getP()));
vec.add(new ASN1Integer(dsaPubKey.getParams().getQ()));
vec.add(new ASN1Integer(dsaPubKey.getParams().getG()));
ASN1Sequence dssParams = new DERSequence(vec);
SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(
new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, dssParams),
new ASN1Integer(dsaPubKey.getY()));
return new MyKeypair(kp.getPrivate(), subjectPublicKeyInfo);
}
Example #5
| Source File: AlgorithmUtil.java From xipki with Apache License 2.0 | 6 votes |
|
private static boolean isECDSASigAlg(AlgorithmIdentifier algId) {
ASN1ObjectIdentifier oid = Args.notNull(algId, "algId").getAlgorithm();
if (X9ObjectIdentifiers.ecdsa_with_SHA1.equals(oid)
|| X9ObjectIdentifiers.ecdsa_with_SHA224.equals(oid)
|| X9ObjectIdentifiers.ecdsa_with_SHA256.equals(oid)
|| X9ObjectIdentifiers.ecdsa_with_SHA384.equals(oid)
|| X9ObjectIdentifiers.ecdsa_with_SHA512.equals(oid)
|| NISTObjectIdentifiers.id_ecdsa_with_sha3_224.equals(oid)
|| NISTObjectIdentifiers.id_ecdsa_with_sha3_256.equals(oid)
|| NISTObjectIdentifiers.id_ecdsa_with_sha3_384.equals(oid)
|| NISTObjectIdentifiers.id_ecdsa_with_sha3_512.equals(oid)) {
return true;
}
return false;
}
Example #6
| Source File: AlgorithmUtil.java From xipki with Apache License 2.0 | 6 votes |
|
public static boolean isDSASigAlg(AlgorithmIdentifier algId) {
ASN1ObjectIdentifier oid = Args.notNull(algId, "algId").getAlgorithm();
if (X9ObjectIdentifiers.id_dsa_with_sha1.equals(oid)
|| NISTObjectIdentifiers.dsa_with_sha224.equals(oid)
|| NISTObjectIdentifiers.dsa_with_sha256.equals(oid)
|| NISTObjectIdentifiers.dsa_with_sha384.equals(oid)
|| NISTObjectIdentifiers.dsa_with_sha512.equals(oid)
|| NISTObjectIdentifiers.id_dsa_with_sha3_224.equals(oid)
|| NISTObjectIdentifiers.id_dsa_with_sha3_256.equals(oid)
|| NISTObjectIdentifiers.id_dsa_with_sha3_384.equals(oid)
|| NISTObjectIdentifiers.id_dsa_with_sha3_512.equals(oid)) {
return true;
}
return false;
}
Example #7
| Source File: CaClientExample.java From xipki with Apache License 2.0 | 6 votes |
|
protected static MyKeypair generateEcKeypair() throws GeneralSecurityException {
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("EC");
ECGenParameterSpec spec = new ECGenParameterSpec("secp256r1");
kpGen.initialize(spec);
KeyPair kp = kpGen.generateKeyPair();
ECPublicKey pub = (ECPublicKey) kp.getPublic();
byte[] keyData = new byte[65];
keyData[0] = 4;
copyArray(pub.getW().getAffineX().toByteArray(), keyData, 1, 32);
copyArray(pub.getW().getAffineY().toByteArray(), keyData, 33, 32);
AlgorithmIdentifier algId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey,
SECObjectIdentifiers.secp256r1);
SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algId, keyData);
return new MyKeypair(kp.getPrivate(), subjectPublicKeyInfo);
}
Example #8
| Source File: KeypairGenControl.java From xipki with Apache License 2.0 | 6 votes |
|
public DSAKeypairGenControl(int pLength, int qLength, ASN1ObjectIdentifier keyAlgorithmOid) {
if (pLength < 1024 | pLength % 1024 != 0) {
throw new IllegalArgumentException("invalid pLength " + pLength);
}
if (qLength == 0) {
if (pLength < 2048) {
qLength = 160;
} else if (pLength < 3072) {
qLength = 224;
} else {
qLength = 256;
}
}
this.parameterSpec = DSAParameterCache.getDSAParameterSpec(pLength, qLength, null);
this.keyAlgorithm = new AlgorithmIdentifier(
(keyAlgorithmOid != null) ? keyAlgorithmOid : X9ObjectIdentifiers.id_dsa,
new DSAParameter(parameterSpec.getP(), parameterSpec.getQ(), parameterSpec.getG()));
}
Example #9
| Source File: SM2PublicKey.java From gmhelper with Apache License 2.0 | 5 votes |
|
@Override
public byte[] getEncoded() {
ASN1OctetString p = ASN1OctetString.getInstance(
new X9ECPoint(getQ(), withCompression).toASN1Primitive());
// stored curve is null if ImplicitlyCa
SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, ID_SM2_PUBKEY_PARAM),
p.getOctets());
return KeyUtil.getEncodedSubjectPublicKeyInfo(info);
}
Example #10
| Source File: CaEnrollBenchKeyEntry.java From xipki with Apache License 2.0 | 5 votes |
|
private void init(BigInteger p, BigInteger q, BigInteger g, BigInteger y) throws IOException {
ASN1EncodableVector vec = new ASN1EncodableVector();
vec.add(new ASN1Integer(p));
vec.add(new ASN1Integer(q));
vec.add(new ASN1Integer(g));
ASN1Sequence dssParams = new DERSequence(vec);
AlgorithmIdentifier algId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, dssParams);
this.spki = new SubjectPublicKeyInfo(algId, new ASN1Integer(y));
}
Example #11
| Source File: KeypairGenControl.java From xipki with Apache License 2.0 | 5 votes |
|
public DSAKeypairGenControl(BigInteger p, BigInteger q, BigInteger g,
ASN1ObjectIdentifier keyAlgorithmOid) {
this.parameterSpec = new DSAParameterSpec(p, q, g);
this.keyAlgorithm = new AlgorithmIdentifier(
(keyAlgorithmOid != null) ? keyAlgorithmOid : X9ObjectIdentifiers.id_dsa,
new DSAParameter(p, q, g));
}
Example #12
| Source File: KeypairGenControl.java From xipki with Apache License 2.0 | 5 votes |
|
public ECKeypairGenControl(ASN1ObjectIdentifier curveOid,
ASN1ObjectIdentifier keyAlgorithmOid) {
this.curveOid = Args.notNull(curveOid, "curveOid");
this.keyAlgorithm = new AlgorithmIdentifier(
(keyAlgorithmOid != null) ? keyAlgorithmOid : X9ObjectIdentifiers.id_ecPublicKey,
curveOid);
}
Example #13
| Source File: P12KeyGenerator.java From xipki with Apache License 2.0 | 5 votes |
|
public P12KeyGenerationResult generateECKeypair(ASN1ObjectIdentifier curveOid,
KeystoreGenerationParameters params, String selfSignedCertSubject) throws Exception {
Args.notNull(curveOid, "curveOid");
KeyPair keypair = KeyUtil.generateECKeypair(curveOid, params.getRandom());
AlgorithmIdentifier algId = new AlgorithmIdentifier(
X9ObjectIdentifiers.id_ecPublicKey, curveOid);
ECPublicKey pub = (ECPublicKey) keypair.getPublic();
int orderBitLength = pub.getParams().getOrder().bitLength();
byte[] keyData = KeyUtil.getUncompressedEncodedECPoint(pub.getW(), orderBitLength);
SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algId, keyData);
return generateIdentity(new KeyPairWithSubjectPublicKeyInfo(keypair, subjectPublicKeyInfo),
params, selfSignedCertSubject);
}
Example #14
| Source File: BCECUtil.java From jiguang-java-client-common with MIT License | 5 votes |
|
/**
* 将SEC1标准的私钥字节流恢复为PKCS8标准的字节流
*
* @param sec1Key
* @return
* @throws IOException
*/
public static byte[] convertECPrivateKeySEC1ToPKCS8(byte[] sec1Key) throws IOException {
/**
* 参考org.bouncycastle.asn1.pkcs.PrivateKeyInfo和
* org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey,逆向拼装
*/
X962Parameters params = getDomainParametersFromName(SM2Util.JDK_EC_SPEC, false);
ASN1OctetString privKey = new DEROctetString(sec1Key);
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new ASN1Integer(0)); //版本号
v.add(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params)); //算法标识
v.add(privKey);
DERSequence ds = new DERSequence(v);
return ds.getEncoded(ASN1Encoding.DER);
}
Example #15
| Source File: KeyUtils.java From vespa with Apache License 2.0 | 5 votes |
|
private static KeyFactory createKeyFactory(AlgorithmIdentifier algorithm) throws NoSuchAlgorithmException {
if (X9ObjectIdentifiers.id_ecPublicKey.equals(algorithm.getAlgorithm())) {
return createKeyFactory(KeyAlgorithm.EC);
} else if (PKCSObjectIdentifiers.rsaEncryption.equals(algorithm.getAlgorithm())) {
return createKeyFactory(KeyAlgorithm.RSA);
} else {
throw new IllegalArgumentException("Unknown key algorithm: " + algorithm);
}
}
Example #16
| Source File: CryptoDataLoader.java From certificate-transparency-java with Apache License 2.0 | 5 votes |
|
/**
* Parses the beginning of a key, and determines the key algorithm (RSA or EC) based on the OID
*/
private static String determineKeyAlg(byte[] keyBytes) {
ASN1Sequence seq = ASN1Sequence.getInstance(keyBytes);
DLSequence seq1 = (DLSequence) seq.getObjects().nextElement();
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) seq1.getObjects().nextElement();
if (PKCSObjectIdentifiers.rsaEncryption.equals(oid)) {
return "RSA";
} else if (X9ObjectIdentifiers.id_ecPublicKey.equals(oid)) {
return "EC";
} else {
throw new IllegalArgumentException("Unsupported key type: " + oid);
}
}
Example #17
| Source File: V1SchemeSigner.java From walle with Apache License 2.0 | 5 votes |
|
@Override
public AlgorithmIdentifier findEncryptionAlgorithm(AlgorithmIdentifier id) {
// Use the default chooser, but replace dsaWithSha1 with dsa. This is because "dsa" is
// accepted by any Android platform whereas "dsaWithSha1" is accepted only since
// API Level 9.
id = mDefault.findEncryptionAlgorithm(id);
if (id != null) {
ASN1ObjectIdentifier oid = id.getAlgorithm();
if (X9ObjectIdentifiers.id_dsa_with_sha1.equals(oid)) {
return DSA;
}
}
return id;
}
Example #18
| Source File: BCECUtil.java From gmhelper with Apache License 2.0 | 5 votes |
|
/**
* 将SEC1标准的私钥字节流恢复为PKCS8标准的字节流
*
* @param sec1Key
* @return
* @throws IOException
*/
public static byte[] convertECPrivateKeySEC1ToPKCS8(byte[] sec1Key) throws IOException {
/**
* 参考org.bouncycastle.asn1.pkcs.PrivateKeyInfo和
* org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey,逆向拼装
*/
X962Parameters params = getDomainParametersFromName(SM2Util.JDK_EC_SPEC, false);
ASN1OctetString privKey = new DEROctetString(sec1Key);
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new ASN1Integer(0)); //版本号
v.add(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params)); //算法标识
v.add(privKey);
DERSequence ds = new DERSequence(v);
return ds.getEncoded(ASN1Encoding.DER);
}
Example #19
| Source File: ProfileConfCreatorDemo.java From xipki with Apache License 2.0 | 4 votes |
|
private static List<AlgorithmType> createCabKeyAlgorithms() {
List<AlgorithmType> list = new LinkedList<>();
// RSA
list.addAll(createRSAKeyAlgorithms());
// DSA
list.add(new AlgorithmType());
last(list).getAlgorithms().add(createOidType(X9ObjectIdentifiers.id_dsa, "DSA"));
last(list).setParameters(new KeyParametersType());
DsaParametersType dsaParams = new DsaParametersType();
last(list).getParameters().setDsa(dsaParams);
List<Range> plengths = new LinkedList<>();
dsaParams.setPlengths(plengths);
plengths.add(createRange(2048));
plengths.add(createRange(3072));
List<Range> qlengths = new LinkedList<>();
dsaParams.setQlengths(qlengths);
qlengths.add(createRange(224));
qlengths.add(createRange(256));
// EC
list.add(new AlgorithmType());
last(list).getAlgorithms().add(createOidType(X9ObjectIdentifiers.id_ecPublicKey, "EC"));
last(list).setParameters(new KeyParametersType());
EcParametersType ecParams = new EcParametersType();
last(list).getParameters().setEc(ecParams);
ASN1ObjectIdentifier[] curveIds = new ASN1ObjectIdentifier[] {SECObjectIdentifiers.secp256r1,
SECObjectIdentifiers.secp384r1, SECObjectIdentifiers.secp521r1};
List<DescribableOid> curves = new LinkedList<>();
ecParams.setCurves(curves);
for (ASN1ObjectIdentifier curveId : curveIds) {
String name = AlgorithmUtil.getCurveName(curveId);
curves.add(createOidType(curveId, name));
}
ecParams.setPointEncodings(Arrays.asList(((byte) 4)));
return list;
}
Example #20
| Source File: ProfileConfCreatorDemo.java From xipki with Apache License 2.0 | 4 votes |
|
private static List<AlgorithmType> createKeyAlgorithms(
ASN1ObjectIdentifier[] curveIds, CertLevel certLevel) {
List<AlgorithmType> list = new LinkedList<>();
// RSA
list.addAll(createRSAKeyAlgorithms());
// DSA
list.add(new AlgorithmType());
last(list).getAlgorithms().add(createOidType(X9ObjectIdentifiers.id_dsa, "DSA"));
last(list).setParameters(new KeyParametersType());
DsaParametersType dsaParams = new DsaParametersType();
last(list).getParameters().setDsa(dsaParams);
List<Range> plengths = new LinkedList<>();
dsaParams.setPlengths(plengths);
plengths.add(createRange(1024));
plengths.add(createRange(2048));
plengths.add(createRange(3072));
List<Range> qlengths = new LinkedList<>();
dsaParams.setQlengths(qlengths);
qlengths.add(createRange(160));
qlengths.add(createRange(224));
qlengths.add(createRange(256));
// EC
list.add(new AlgorithmType());
last(list).getAlgorithms().add(createOidType(X9ObjectIdentifiers.id_ecPublicKey, "EC"));
last(list).setParameters(new KeyParametersType());
EcParametersType ecParams = new EcParametersType();
last(list).getParameters().setEc(ecParams);
if (curveIds != null && curveIds.length > 0) {
List<DescribableOid> curves = new LinkedList<>();
ecParams.setCurves(curves);
for (ASN1ObjectIdentifier curveId : curveIds) {
String name = AlgorithmUtil.getCurveName(curveId);
curves.add(createOidType(curveId, name));
}
}
ecParams.setPointEncodings(Arrays.asList(((byte) 4)));
// EdDSA
if (certLevel == CertLevel.RootCA || certLevel == CertLevel.SubCA) {
list.addAll(createEdwardsOrMontgomeryKeyAlgorithms(true, false, true, true));
}
return list;
}
Example #21
| Source File: RequestOptions.java From xipki with Apache License 2.0 | 4 votes |
|
private static AlgorithmIdentifier createAlgId(String algoName) {
algoName = algoName.toUpperCase();
ASN1ObjectIdentifier algOid = null;
if ("SHA1WITHRSA".equals(algoName)) {
algOid = PKCSObjectIdentifiers.sha1WithRSAEncryption;
} else if ("SHA256WITHRSA".equals(algoName)) {
algOid = PKCSObjectIdentifiers.sha256WithRSAEncryption;
} else if ("SHA384WITHRSA".equals(algoName)) {
algOid = PKCSObjectIdentifiers.sha384WithRSAEncryption;
} else if ("SHA512WITHRSA".equals(algoName)) {
algOid = PKCSObjectIdentifiers.sha512WithRSAEncryption;
} else if ("SHA1WITHECDSA".equals(algoName)) {
algOid = X9ObjectIdentifiers.ecdsa_with_SHA1;
} else if ("SHA256WITHECDSA".equals(algoName)) {
algOid = X9ObjectIdentifiers.ecdsa_with_SHA256;
} else if ("SHA384WITHECDSA".equals(algoName)) {
algOid = X9ObjectIdentifiers.ecdsa_with_SHA384;
} else if ("SHA512WITHECDSA".equals(algoName)) {
algOid = X9ObjectIdentifiers.ecdsa_with_SHA512;
} else if ("SHA1WITHRSAANDMGF1".equals(algoName) || "SHA256WITHRSAANDMGF1".equals(algoName)
|| "SHA384WITHRSAANDMGF1".equals(algoName) || "SHA512WITHRSAANDMGF1".equals(algoName)) {
algOid = PKCSObjectIdentifiers.id_RSASSA_PSS;
} else {
throw new IllegalStateException("Unsupported algorithm " + algoName); // should not happen
}
ASN1Encodable params;
if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algOid)) {
ASN1ObjectIdentifier digestAlgOid = null;
if ("SHA1WITHRSAANDMGF1".equals(algoName)) {
digestAlgOid = X509ObjectIdentifiers.id_SHA1;
} else if ("SHA256WITHRSAANDMGF1".equals(algoName)) {
digestAlgOid = NISTObjectIdentifiers.id_sha256;
} else if ("SHA384WITHRSAANDMGF1".equals(algoName)) {
digestAlgOid = NISTObjectIdentifiers.id_sha384;
} else { // if ("SHA512WITHRSAANDMGF1".equals(algoName))
digestAlgOid = NISTObjectIdentifiers.id_sha512;
}
params = createPSSRSAParams(digestAlgOid);
} else {
params = DERNull.INSTANCE;
}
return new AlgorithmIdentifier(algOid, params);
}
