public CryptEngineImpl(Context ctx) throws Exception {
// Получаем действующее хранилище
IKeyStorage storage = KeyStorageFactory.getKeyStorage(ctx);
Log.v("TFORWARD.CryptEngineImpl", "Decoding public key...");
byte[] publicKey = Base64.decode(storage.getKey(IKeyStorage.PUBLIC_KEY_TYPE), Base64.DEFAULT);
Log.v("TFORWARD.CryptEngineImpl", "Decoding ASN1 Structure");
ASN1InputStream asnStream = new ASN1InputStream(publicKey);
ASN1Sequence sequence = null;
try {
Log.v("TFORWARD.CryptEngineImpl", "Reading ASN1 Sequence");
sequence = (ASN1Sequence) asnStream.readObject();
} finally {
asnStream.close();
}
Log.v("TFORWARD.CryptEngineImpl", "Creating certificate. " + sequence.size());
Certificate certificate = Certificate.getInstance(sequence);
SubjectPublicKeyInfo publicKeyInfo = certificate.getSubjectPublicKeyInfo();
RSAPublicKey publicKeyStructure = RSAPublicKey.getInstance(publicKeyInfo.parsePublicKey());
BigInteger mod = publicKeyStructure.getModulus();
BigInteger pubExp = publicKeyStructure.getPublicExponent();
publicRsaKey = new RSAKeyParameters(false, mod, pubExp);
// ------------------------ PRIVATE KEY --------------------------------
byte[] privateKeyData =
Base64.decode(storage.getKey(IKeyStorage.SECRET_KEY_TYPE), Base64.DEFAULT);
asnStream = new ASN1InputStream(privateKeyData);
ASN1Sequence asnSequence = null;
try {
asnSequence = (ASN1Sequence) asnStream.readObject();
} finally {
asnStream.close();
}
RSAPrivateKey privateKey = RSAPrivateKey.getInstance(asnSequence);
privateRsaKey =
new RSAPrivateCrtKeyParameters(
privateKey.getModulus(),
privateKey.getPublicExponent(),
privateKey.getPrivateExponent(),
privateKey.getPrime1(),
privateKey.getPrime2(),
privateKey.getExponent1(),
privateKey.getExponent2(),
privateKey.getCoefficient());
RSAEngine engine = new RSAEngine();
digest = new MD5Digest();
cipher = new PKCS1Encoding(engine);
}
public void fromAsn1(byte[] data, int defaultCAKeyID) throws IOException, EIDException {
try {
ASN1InputStream ais = new ASN1InputStream(data);
try {
ASN1Sequence seq = (ASN1Sequence) ais.readObject();
ContentInfo ci = ContentInfo.getInstance(seq);
if (!ci.getContentType().equals(CMSObjectIdentifiers.signedData))
throw new EIDException("wrong content type in CardSecurity");
SignedData sd = SignedData.getInstance((ASN1Sequence) ci.getContent());
ContentInfo eci = sd.getEncapContentInfo();
if (!eci.getContentType().equals(EAC2ObjectIdentifiers.id_SecurityObject))
throw new EIDException("CardSecurity does not encapsulate SecurityInfos");
SecurityInfos si = new SecurityInfos();
si.fromAsn1(((ASN1OctetString) eci.getContent()).getOctets(), defaultCAKeyID);
securityInfos = si;
} finally {
ais.close();
}
} catch (Exception e) {
throw new EIDException(e);
}
}
private String generateSubjectKeyIdentifier(Certificate certificate) throws IOException {
String subjectKeyIdentifier;
ASN1InputStream is;
SubjectPublicKeyInfo spki;
SubjectKeyIdentifier ski;
subjectKeyIdentifier = null;
is = null;
spki = null;
ski = null;
try {
is = new ASN1InputStream(certificate.getPublicKey().getEncoded());
spki = new SubjectPublicKeyInfo((ASN1Sequence) is.readObject());
ski = new SubjectKeyIdentifier(spki);
} finally {
if (is != null) {
is.close();
}
}
subjectKeyIdentifier = new String(Hex.encode(ski.getKeyIdentifier()));
return subjectKeyIdentifier;
}
/** @return the first object found when treating the provided byte array as an ASN1InputStream */
@SuppressWarnings("unchecked")
private static <T> T getAsn1ObjectFromBytes(final byte[] bytes, final Class<T> clazz) {
T ret = null;
ASN1InputStream asn1InputStream = null;
try {
if (bytes != null) {
asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(bytes));
ret = (T) asn1InputStream.readObject();
}
} catch (ClassCastException e) {
// Ignore
log.info("Failed to extract expected ASN1 object from bytes array.", e);
} catch (IOException e) {
// Ignore
log.info("Failed to extract ASN1 object from bytes array.", e);
} finally {
if (asn1InputStream != null) {
try {
asn1InputStream.close();
} catch (IOException e) {
log.info("Failed to extract expected ASN1 object from bytes array.", e);
}
}
}
return ret;
}
public static OtherStatusInfo getInstance(Object obj) {
if (obj instanceof OtherStatusInfo) {
return (OtherStatusInfo) obj;
}
if (obj instanceof ASN1Encodable) {
ASN1Encodable asn1Value = ((ASN1Encodable) obj).toASN1Primitive();
if (asn1Value instanceof ASN1Integer) // CMCFail info is an asn1 integer.
{
return new OtherStatusInfo(CMCFailInfo.getInstance(asn1Value));
} else if (asn1Value instanceof ASN1Sequence) // PendInfo is a sequence.
{
if (((ASN1Sequence) asn1Value).getObjectAt(0) instanceof ASN1ObjectIdentifier) {
return new OtherStatusInfo(ExtendedFailInfo.getInstance(asn1Value));
}
return new OtherStatusInfo(PendInfo.getInstance(asn1Value));
}
} else if (obj instanceof byte[]) {
ASN1InputStream ain = new ASN1InputStream(new ByteArrayInputStream((byte[]) obj));
try {
return getInstance(ain.readObject());
} catch (Exception e) {
throw new IllegalArgumentException(e.getMessage(), e);
} finally {
try {
ain.close();
} catch (IOException e) {
throw new IllegalArgumentException(e.getMessage(), e);
}
}
}
throw new IllegalArgumentException(
"unknown object in getInstance(): " + obj.getClass().getName());
}
/**
* Sets the values of the certificate (body and signature).
*
* @param appSpe is a ASN1ApplicationSpecific object containing body and signature.
* @throws IOException if tags or value are incorrect.
*/
private void setPrivateData(ASN1ApplicationSpecific appSpe) throws IOException {
valid = 0;
if (appSpe.getApplicationTag() == EACTags.CARDHOLDER_CERTIFICATE) {
ASN1InputStream content = new ASN1InputStream(appSpe.getContents());
ASN1Primitive tmpObj;
while ((tmpObj = content.readObject()) != null) {
DERApplicationSpecific aSpe;
if (tmpObj instanceof DERApplicationSpecific) {
aSpe = (DERApplicationSpecific) tmpObj;
switch (aSpe.getApplicationTag()) {
case EACTags.CERTIFICATE_CONTENT_TEMPLATE:
certificateBody = CertificateBody.getInstance(aSpe);
valid |= bodyValid;
break;
case EACTags.STATIC_INTERNAL_AUTHENTIFICATION_ONE_STEP:
signature = aSpe.getContents();
valid |= signValid;
break;
default:
throw new IOException(
"Invalid tag, not an Iso7816CertificateStructure :" + aSpe.getApplicationTag());
}
} else {
throw new IOException("Invalid Object, not an Iso7816CertificateStructure");
}
}
content.close();
} else {
throw new IOException("not a CARDHOLDER_CERTIFICATE :" + appSpe.getApplicationTag());
}
if (valid != (signValid | bodyValid)) {
throw new IOException("invalid CARDHOLDER_CERTIFICATE :" + appSpe.getApplicationTag());
}
}
public void fromByteArray(byte[] encodedData) {
ASN1InputStream asn1in = new ASN1InputStream(encodedData);
try {
to = (DERTaggedObject) asn1in.readObject();
asn1in.close();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
DEROctetString ocs = (DEROctetString) to.getObject();
data = ocs.getOctets();
}
/**
* This method returns the {@code ASN1Sequence} encapsulated in {@code DEROctetString}. The {@code
* DEROctetString} is represented as {@code byte} array.
*
* @param bytes {@code byte} representation of {@code DEROctetString}
* @return encapsulated {@code ASN1Sequence}
* @throws DSSException in case of a decoding problem
*/
public static ASN1Sequence getAsn1SequenceFromDerOctetString(byte[] bytes) throws DSSException {
ASN1InputStream input = null;
try {
input = new ASN1InputStream(bytes);
final DEROctetString s = (DEROctetString) input.readObject();
final byte[] content = s.getOctets();
input.close();
input = new ASN1InputStream(content);
final ASN1Sequence seq = (ASN1Sequence) input.readObject();
return seq;
} catch (IOException e) {
throw new DSSException("Error when converting byte array to ASN1Sequence!", e);
} finally {
DSSUtils.closeQuietly(input);
}
}
protected static DataBuffer convertToPlainBC(byte[] sign) {
ASN1InputStream dIn = new ASN1InputStream(sign);
ASN1Primitive obj;
try {
obj = dIn.readObject();
if (obj instanceof ASN1Sequence) {
ASN1Sequence seq = (ASN1Sequence) obj;
if (seq.size() == 2) {
ASN1Integer r = (ASN1Integer) seq.getObjectAt(0);
ASN1Integer s = (ASN1Integer) seq.getObjectAt(1);
byte[] res;
byte[] byteR = makeUnsigned(r.getValue());
byte[] byteS = makeUnsigned(s.getValue());
if (byteR.length > byteS.length) {
res = new byte[byteR.length * 2];
} else {
res = new byte[byteS.length * 2];
}
System.arraycopy(byteR, 0, res, res.length / 2 - byteR.length, byteR.length);
System.arraycopy(byteS, 0, res, res.length - byteS.length, byteS.length);
return new DataBuffer(res);
}
}
} catch (Exception e) {
} finally {
try {
dIn.close();
} catch (Exception e) {
// ???
}
}
return new DataBuffer(sign);
}
public static String getStringOid(DataBuffer buffer) {
// terrible code, due to changes in BC's API
// buffer should only contain an OID value, i.e. 0x06 tag and length
// field are missing
byte[] tagBuf = {(byte) 0x06};
byte[] sizeBuf = new byte[] {(byte) buffer.size()};
DataBuffer tmp = concat(tagBuf, sizeBuf, buffer.toByteArray());
ASN1InputStream aIn = new ASN1InputStream(tmp.toByteArray());
ASN1ObjectIdentifier o = null;
try {
o = (ASN1ObjectIdentifier) aIn.readObject();
} catch (IOException e) {
} finally {
try {
aIn.close();
} catch (Exception e) {
// ???
}
}
return o.getId();
}
