org.bouncycastle.asn1.x9.X9ObjectIdentifiers Java Examples

The following examples show how to use org.bouncycastle.asn1.x9.X9ObjectIdentifiers. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SignatureCmpCaClient.java    From xipki with Apache License 2.0 6 votes vote down vote up
public SignatureCmpCaClient(String caUri, X509Certificate caCert, PrivateKey requestorKey,
    X509Certificate requestorCert, X509Certificate responderCert, String hashAlgo)
    throws Exception {
  super(caUri, caCert,
      X500Name.getInstance(requestorCert.getSubjectX500Principal().getEncoded()),
      X500Name.getInstance(responderCert.getSubjectX500Principal().getEncoded()),
      hashAlgo);

  this.requestorKey = SdkUtil.requireNonNull("requestorKey", requestorKey);
  SdkUtil.requireNonNull("requestorCert", requestorCert);

  this.responderCert = SdkUtil.requireNonNull("responderCert", responderCert);
  this.requestorSigner = buildSigner(requestorKey);

  ASN1ObjectIdentifier[] oids = {PKCSObjectIdentifiers.sha256WithRSAEncryption,
    PKCSObjectIdentifiers.sha384WithRSAEncryption, PKCSObjectIdentifiers.sha512WithRSAEncryption,
    X9ObjectIdentifiers.ecdsa_with_SHA256, X9ObjectIdentifiers.ecdsa_with_SHA384,
    X9ObjectIdentifiers.ecdsa_with_SHA512, NISTObjectIdentifiers.dsa_with_sha256,
    NISTObjectIdentifiers.dsa_with_sha384, NISTObjectIdentifiers.dsa_with_sha512};
  for (ASN1ObjectIdentifier oid : oids) {
    trustedProtectionAlgOids.add(oid.getId());
  }
}
 
Example #2
Source File: CaClientExample.java    From xipki with Apache License 2.0 6 votes vote down vote up
protected static MyKeypair generateDsaKeypair() throws Exception {
  // plen: 2048, qlen: 256
  DSAParameterSpec spec = new DSAParameterSpec(P2048_Q256_P, P2048_Q256_Q, P2048_Q256_G);
  KeyPairGenerator kpGen = KeyPairGenerator.getInstance("DSA");
  kpGen.initialize(spec);
  KeyPair kp = kpGen.generateKeyPair();

  DSAPublicKey dsaPubKey = (DSAPublicKey) kp.getPublic();
  ASN1EncodableVector vec = new ASN1EncodableVector();
  vec.add(new ASN1Integer(dsaPubKey.getParams().getP()));
  vec.add(new ASN1Integer(dsaPubKey.getParams().getQ()));
  vec.add(new ASN1Integer(dsaPubKey.getParams().getG()));
  ASN1Sequence dssParams = new DERSequence(vec);

  SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(
      new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, dssParams),
      new ASN1Integer(dsaPubKey.getY()));

  return new MyKeypair(kp.getPrivate(), subjectPublicKeyInfo);
}
 
Example #3
Source File: CaClientExample.java    From xipki with Apache License 2.0 6 votes vote down vote up
protected static MyKeypair generateEcKeypair() throws GeneralSecurityException {
  KeyPairGenerator kpGen = KeyPairGenerator.getInstance("EC");
  ECGenParameterSpec spec = new ECGenParameterSpec("secp256r1");
  kpGen.initialize(spec);
  KeyPair kp = kpGen.generateKeyPair();

  ECPublicKey pub = (ECPublicKey) kp.getPublic();
  byte[] keyData = new byte[65];
  keyData[0] = 4;
  copyArray(pub.getW().getAffineX().toByteArray(), keyData, 1, 32);
  copyArray(pub.getW().getAffineY().toByteArray(), keyData, 33, 32);

  AlgorithmIdentifier algId = new AlgorithmIdentifier(
      X9ObjectIdentifiers.id_ecPublicKey, SECObjectIdentifiers.secp256r1);
  SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algId, keyData);
  return new MyKeypair(kp.getPrivate(), subjectPublicKeyInfo);
}
 
Example #4
Source File: CaClientExample.java    From xipki with Apache License 2.0 6 votes vote down vote up
protected static MyKeypair generateDsaKeypair() throws Exception {
  // plen: 2048, qlen: 256
  DSAParameterSpec spec = new DSAParameterSpec(P2048_Q256_P, P2048_Q256_Q, P2048_Q256_G);
  KeyPairGenerator kpGen = KeyPairGenerator.getInstance("DSA");
  kpGen.initialize(spec);
  KeyPair kp = kpGen.generateKeyPair();

  DSAPublicKey dsaPubKey = (DSAPublicKey) kp.getPublic();
  ASN1EncodableVector vec = new ASN1EncodableVector();
  vec.add(new ASN1Integer(dsaPubKey.getParams().getP()));
  vec.add(new ASN1Integer(dsaPubKey.getParams().getQ()));
  vec.add(new ASN1Integer(dsaPubKey.getParams().getG()));
  ASN1Sequence dssParams = new DERSequence(vec);

  SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(
      new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, dssParams),
      new ASN1Integer(dsaPubKey.getY()));

  return new MyKeypair(kp.getPrivate(), subjectPublicKeyInfo);
}
 
Example #5
Source File: AlgorithmUtil.java    From xipki with Apache License 2.0 6 votes vote down vote up
private static boolean isECDSASigAlg(AlgorithmIdentifier algId) {
  ASN1ObjectIdentifier oid = Args.notNull(algId, "algId").getAlgorithm();
  if (X9ObjectIdentifiers.ecdsa_with_SHA1.equals(oid)
      || X9ObjectIdentifiers.ecdsa_with_SHA224.equals(oid)
      || X9ObjectIdentifiers.ecdsa_with_SHA256.equals(oid)
      || X9ObjectIdentifiers.ecdsa_with_SHA384.equals(oid)
      || X9ObjectIdentifiers.ecdsa_with_SHA512.equals(oid)
      || NISTObjectIdentifiers.id_ecdsa_with_sha3_224.equals(oid)
      || NISTObjectIdentifiers.id_ecdsa_with_sha3_256.equals(oid)
      || NISTObjectIdentifiers.id_ecdsa_with_sha3_384.equals(oid)
      || NISTObjectIdentifiers.id_ecdsa_with_sha3_512.equals(oid)) {
    return true;
  }

  return false;
}
 
Example #6
Source File: AlgorithmUtil.java    From xipki with Apache License 2.0 6 votes vote down vote up
public static boolean isDSASigAlg(AlgorithmIdentifier algId) {
  ASN1ObjectIdentifier oid = Args.notNull(algId, "algId").getAlgorithm();
  if (X9ObjectIdentifiers.id_dsa_with_sha1.equals(oid)
      || NISTObjectIdentifiers.dsa_with_sha224.equals(oid)
      || NISTObjectIdentifiers.dsa_with_sha256.equals(oid)
      || NISTObjectIdentifiers.dsa_with_sha384.equals(oid)
      || NISTObjectIdentifiers.dsa_with_sha512.equals(oid)
      || NISTObjectIdentifiers.id_dsa_with_sha3_224.equals(oid)
      || NISTObjectIdentifiers.id_dsa_with_sha3_256.equals(oid)
      || NISTObjectIdentifiers.id_dsa_with_sha3_384.equals(oid)
      || NISTObjectIdentifiers.id_dsa_with_sha3_512.equals(oid)) {
    return true;
  }

  return false;
}
 
Example #7
Source File: CaClientExample.java    From xipki with Apache License 2.0 6 votes vote down vote up
protected static MyKeypair generateEcKeypair() throws GeneralSecurityException {
  KeyPairGenerator kpGen = KeyPairGenerator.getInstance("EC");
  ECGenParameterSpec spec = new ECGenParameterSpec("secp256r1");
  kpGen.initialize(spec);
  KeyPair kp = kpGen.generateKeyPair();

  ECPublicKey pub = (ECPublicKey) kp.getPublic();
  byte[] keyData = new byte[65];
  keyData[0] = 4;
  copyArray(pub.getW().getAffineX().toByteArray(), keyData, 1, 32);
  copyArray(pub.getW().getAffineY().toByteArray(), keyData, 33, 32);

  AlgorithmIdentifier algId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey,
      SECObjectIdentifiers.secp256r1);
  SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algId, keyData);
  return new MyKeypair(kp.getPrivate(), subjectPublicKeyInfo);
}
 
Example #8
Source File: KeypairGenControl.java    From xipki with Apache License 2.0 6 votes vote down vote up
public DSAKeypairGenControl(int pLength, int qLength, ASN1ObjectIdentifier keyAlgorithmOid) {
  if (pLength < 1024 | pLength % 1024 != 0) {
    throw new IllegalArgumentException("invalid pLength " + pLength);
  }

  if (qLength == 0) {
    if (pLength < 2048) {
      qLength = 160;
    } else if (pLength < 3072) {
      qLength = 224;
    } else {
      qLength = 256;
    }
  }

  this.parameterSpec = DSAParameterCache.getDSAParameterSpec(pLength, qLength, null);
  this.keyAlgorithm = new AlgorithmIdentifier(
      (keyAlgorithmOid != null) ? keyAlgorithmOid : X9ObjectIdentifiers.id_dsa,
      new DSAParameter(parameterSpec.getP(), parameterSpec.getQ(), parameterSpec.getG()));
}
 
Example #9
Source File: SM2PublicKey.java    From gmhelper with Apache License 2.0 5 votes vote down vote up
@Override
public byte[] getEncoded() {
    ASN1OctetString p = ASN1OctetString.getInstance(
        new X9ECPoint(getQ(), withCompression).toASN1Primitive());

    // stored curve is null if ImplicitlyCa
    SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
        new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, ID_SM2_PUBKEY_PARAM),
        p.getOctets());

    return KeyUtil.getEncodedSubjectPublicKeyInfo(info);
}
 
Example #10
Source File: CaEnrollBenchKeyEntry.java    From xipki with Apache License 2.0 5 votes vote down vote up
private void init(BigInteger p, BigInteger q, BigInteger g, BigInteger y) throws IOException {
  ASN1EncodableVector vec = new ASN1EncodableVector();
  vec.add(new ASN1Integer(p));
  vec.add(new ASN1Integer(q));
  vec.add(new ASN1Integer(g));
  ASN1Sequence dssParams = new DERSequence(vec);
  AlgorithmIdentifier algId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, dssParams);
  this.spki = new SubjectPublicKeyInfo(algId, new ASN1Integer(y));
}
 
Example #11
Source File: KeypairGenControl.java    From xipki with Apache License 2.0 5 votes vote down vote up
public DSAKeypairGenControl(BigInteger p, BigInteger q, BigInteger g,
    ASN1ObjectIdentifier keyAlgorithmOid) {
  this.parameterSpec = new DSAParameterSpec(p, q, g);

  this.keyAlgorithm = new AlgorithmIdentifier(
      (keyAlgorithmOid != null) ? keyAlgorithmOid : X9ObjectIdentifiers.id_dsa,
      new DSAParameter(p, q, g));
}
 
Example #12
Source File: KeypairGenControl.java    From xipki with Apache License 2.0 5 votes vote down vote up
public ECKeypairGenControl(ASN1ObjectIdentifier curveOid,
    ASN1ObjectIdentifier keyAlgorithmOid) {
  this.curveOid = Args.notNull(curveOid, "curveOid");
  this.keyAlgorithm = new AlgorithmIdentifier(
      (keyAlgorithmOid != null) ? keyAlgorithmOid : X9ObjectIdentifiers.id_ecPublicKey,
       curveOid);
}
 
Example #13
Source File: P12KeyGenerator.java    From xipki with Apache License 2.0 5 votes vote down vote up
public P12KeyGenerationResult generateECKeypair(ASN1ObjectIdentifier curveOid,
    KeystoreGenerationParameters params, String selfSignedCertSubject) throws Exception {
  Args.notNull(curveOid, "curveOid");
  KeyPair keypair = KeyUtil.generateECKeypair(curveOid, params.getRandom());
  AlgorithmIdentifier algId = new AlgorithmIdentifier(
      X9ObjectIdentifiers.id_ecPublicKey, curveOid);

  ECPublicKey pub = (ECPublicKey) keypair.getPublic();
  int orderBitLength = pub.getParams().getOrder().bitLength();
  byte[] keyData = KeyUtil.getUncompressedEncodedECPoint(pub.getW(), orderBitLength);
  SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algId, keyData);

  return generateIdentity(new KeyPairWithSubjectPublicKeyInfo(keypair, subjectPublicKeyInfo),
      params, selfSignedCertSubject);
}
 
Example #14
Source File: BCECUtil.java    From jiguang-java-client-common with MIT License 5 votes vote down vote up
/**
 * 将SEC1标准的私钥字节流恢复为PKCS8标准的字节流
 *
 * @param sec1Key
 * @return
 * @throws IOException
 */
public static byte[] convertECPrivateKeySEC1ToPKCS8(byte[] sec1Key) throws IOException {
    /**
     * 参考org.bouncycastle.asn1.pkcs.PrivateKeyInfo和
     * org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey,逆向拼装
     */
    X962Parameters params = getDomainParametersFromName(SM2Util.JDK_EC_SPEC, false);
    ASN1OctetString privKey = new DEROctetString(sec1Key);
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(new ASN1Integer(0)); //版本号
    v.add(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params)); //算法标识
    v.add(privKey);
    DERSequence ds = new DERSequence(v);
    return ds.getEncoded(ASN1Encoding.DER);
}
 
Example #15
Source File: KeyUtils.java    From vespa with Apache License 2.0 5 votes vote down vote up
private static KeyFactory createKeyFactory(AlgorithmIdentifier algorithm) throws NoSuchAlgorithmException {
    if (X9ObjectIdentifiers.id_ecPublicKey.equals(algorithm.getAlgorithm())) {
        return createKeyFactory(KeyAlgorithm.EC);
    } else if (PKCSObjectIdentifiers.rsaEncryption.equals(algorithm.getAlgorithm())) {
        return createKeyFactory(KeyAlgorithm.RSA);
    } else {
        throw new IllegalArgumentException("Unknown key algorithm: " + algorithm);
    }
}
 
Example #16
Source File: CryptoDataLoader.java    From certificate-transparency-java with Apache License 2.0 5 votes vote down vote up
/**
 * Parses the beginning of a key, and determines the key algorithm (RSA or EC) based on the OID
 */
private static String determineKeyAlg(byte[] keyBytes) {
  ASN1Sequence seq = ASN1Sequence.getInstance(keyBytes);
  DLSequence seq1 = (DLSequence) seq.getObjects().nextElement();
  ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) seq1.getObjects().nextElement();
  if (PKCSObjectIdentifiers.rsaEncryption.equals(oid)) {
    return "RSA";
  } else if (X9ObjectIdentifiers.id_ecPublicKey.equals(oid)) {
    return "EC";
  } else {
    throw new IllegalArgumentException("Unsupported key type: " + oid);
  }
}
 
Example #17
Source File: V1SchemeSigner.java    From walle with Apache License 2.0 5 votes vote down vote up
@Override
public AlgorithmIdentifier findEncryptionAlgorithm(AlgorithmIdentifier id) {
    // Use the default chooser, but replace dsaWithSha1 with dsa. This is because "dsa" is
    // accepted by any Android platform whereas "dsaWithSha1" is accepted only since
    // API Level 9.
    id = mDefault.findEncryptionAlgorithm(id);
    if (id != null) {
        ASN1ObjectIdentifier oid = id.getAlgorithm();
        if (X9ObjectIdentifiers.id_dsa_with_sha1.equals(oid)) {
            return DSA;
        }
    }

    return id;
}
 
Example #18
Source File: BCECUtil.java    From gmhelper with Apache License 2.0 5 votes vote down vote up
/**
 * 将SEC1标准的私钥字节流恢复为PKCS8标准的字节流
 *
 * @param sec1Key
 * @return
 * @throws IOException
 */
public static byte[] convertECPrivateKeySEC1ToPKCS8(byte[] sec1Key) throws IOException {
    /**
     * 参考org.bouncycastle.asn1.pkcs.PrivateKeyInfo和
     * org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey,逆向拼装
     */
    X962Parameters params = getDomainParametersFromName(SM2Util.JDK_EC_SPEC, false);
    ASN1OctetString privKey = new DEROctetString(sec1Key);
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(new ASN1Integer(0)); //版本号
    v.add(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params)); //算法标识
    v.add(privKey);
    DERSequence ds = new DERSequence(v);
    return ds.getEncoded(ASN1Encoding.DER);
}
 
Example #19
Source File: ProfileConfCreatorDemo.java    From xipki with Apache License 2.0 4 votes vote down vote up
private static List<AlgorithmType> createCabKeyAlgorithms() {
  List<AlgorithmType> list = new LinkedList<>();

  // RSA
  list.addAll(createRSAKeyAlgorithms());

  // DSA
  list.add(new AlgorithmType());
  last(list).getAlgorithms().add(createOidType(X9ObjectIdentifiers.id_dsa, "DSA"));
  last(list).setParameters(new KeyParametersType());

  DsaParametersType dsaParams = new DsaParametersType();
  last(list).getParameters().setDsa(dsaParams);

  List<Range> plengths = new LinkedList<>();
  dsaParams.setPlengths(plengths);

  plengths.add(createRange(2048));
  plengths.add(createRange(3072));

  List<Range> qlengths = new LinkedList<>();
  dsaParams.setQlengths(qlengths);
  qlengths.add(createRange(224));
  qlengths.add(createRange(256));

  // EC
  list.add(new AlgorithmType());

  last(list).getAlgorithms().add(createOidType(X9ObjectIdentifiers.id_ecPublicKey, "EC"));
  last(list).setParameters(new KeyParametersType());

  EcParametersType ecParams = new EcParametersType();
  last(list).getParameters().setEc(ecParams);

  ASN1ObjectIdentifier[] curveIds = new ASN1ObjectIdentifier[] {SECObjectIdentifiers.secp256r1,
      SECObjectIdentifiers.secp384r1, SECObjectIdentifiers.secp521r1};
  List<DescribableOid> curves = new LinkedList<>();
  ecParams.setCurves(curves);

  for (ASN1ObjectIdentifier curveId : curveIds) {
    String name = AlgorithmUtil.getCurveName(curveId);
    curves.add(createOidType(curveId, name));
  }

  ecParams.setPointEncodings(Arrays.asList(((byte) 4)));

  return list;
}
 
Example #20
Source File: ProfileConfCreatorDemo.java    From xipki with Apache License 2.0 4 votes vote down vote up
private static List<AlgorithmType> createKeyAlgorithms(
    ASN1ObjectIdentifier[] curveIds, CertLevel certLevel) {
  List<AlgorithmType> list = new LinkedList<>();

  // RSA
  list.addAll(createRSAKeyAlgorithms());

  // DSA
  list.add(new AlgorithmType());
  last(list).getAlgorithms().add(createOidType(X9ObjectIdentifiers.id_dsa, "DSA"));
  last(list).setParameters(new KeyParametersType());

  DsaParametersType dsaParams = new DsaParametersType();
  last(list).getParameters().setDsa(dsaParams);

  List<Range> plengths = new LinkedList<>();
  dsaParams.setPlengths(plengths);

  plengths.add(createRange(1024));
  plengths.add(createRange(2048));
  plengths.add(createRange(3072));

  List<Range> qlengths = new LinkedList<>();
  dsaParams.setQlengths(qlengths);
  qlengths.add(createRange(160));
  qlengths.add(createRange(224));
  qlengths.add(createRange(256));

  // EC
  list.add(new AlgorithmType());

  last(list).getAlgorithms().add(createOidType(X9ObjectIdentifiers.id_ecPublicKey, "EC"));
  last(list).setParameters(new KeyParametersType());

  EcParametersType ecParams = new EcParametersType();
  last(list).getParameters().setEc(ecParams);

  if (curveIds != null && curveIds.length > 0) {
    List<DescribableOid> curves = new LinkedList<>();
    ecParams.setCurves(curves);

    for (ASN1ObjectIdentifier curveId : curveIds) {
      String name = AlgorithmUtil.getCurveName(curveId);
      curves.add(createOidType(curveId, name));
    }
  }

  ecParams.setPointEncodings(Arrays.asList(((byte) 4)));

  // EdDSA
  if (certLevel == CertLevel.RootCA || certLevel == CertLevel.SubCA) {
    list.addAll(createEdwardsOrMontgomeryKeyAlgorithms(true, false, true, true));
  }

  return list;
}
 
Example #21
Source File: RequestOptions.java    From xipki with Apache License 2.0 4 votes vote down vote up
private static AlgorithmIdentifier createAlgId(String algoName) {
  algoName = algoName.toUpperCase();
  ASN1ObjectIdentifier algOid = null;
  if ("SHA1WITHRSA".equals(algoName)) {
    algOid = PKCSObjectIdentifiers.sha1WithRSAEncryption;
  } else if ("SHA256WITHRSA".equals(algoName)) {
    algOid = PKCSObjectIdentifiers.sha256WithRSAEncryption;
  } else if ("SHA384WITHRSA".equals(algoName)) {
    algOid = PKCSObjectIdentifiers.sha384WithRSAEncryption;
  } else if ("SHA512WITHRSA".equals(algoName)) {
    algOid = PKCSObjectIdentifiers.sha512WithRSAEncryption;
  } else if ("SHA1WITHECDSA".equals(algoName)) {
    algOid = X9ObjectIdentifiers.ecdsa_with_SHA1;
  } else if ("SHA256WITHECDSA".equals(algoName)) {
    algOid = X9ObjectIdentifiers.ecdsa_with_SHA256;
  } else if ("SHA384WITHECDSA".equals(algoName)) {
    algOid = X9ObjectIdentifiers.ecdsa_with_SHA384;
  } else if ("SHA512WITHECDSA".equals(algoName)) {
    algOid = X9ObjectIdentifiers.ecdsa_with_SHA512;
  } else if ("SHA1WITHRSAANDMGF1".equals(algoName) || "SHA256WITHRSAANDMGF1".equals(algoName)
      || "SHA384WITHRSAANDMGF1".equals(algoName) || "SHA512WITHRSAANDMGF1".equals(algoName)) {
    algOid = PKCSObjectIdentifiers.id_RSASSA_PSS;
  } else {
    throw new IllegalStateException("Unsupported algorithm " + algoName); // should not happen
  }

  ASN1Encodable params;
  if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algOid)) {
    ASN1ObjectIdentifier digestAlgOid = null;
    if ("SHA1WITHRSAANDMGF1".equals(algoName)) {
      digestAlgOid = X509ObjectIdentifiers.id_SHA1;
    } else if ("SHA256WITHRSAANDMGF1".equals(algoName)) {
      digestAlgOid = NISTObjectIdentifiers.id_sha256;
    } else if ("SHA384WITHRSAANDMGF1".equals(algoName)) {
      digestAlgOid = NISTObjectIdentifiers.id_sha384;
    } else { // if ("SHA512WITHRSAANDMGF1".equals(algoName))
      digestAlgOid = NISTObjectIdentifiers.id_sha512;
    }
    params = createPSSRSAParams(digestAlgOid);
  } else {
    params = DERNull.INSTANCE;
  }

  return new AlgorithmIdentifier(algOid, params);
}