String getBaseCipherName(ASN1ObjectIdentifier algorithm) {
String name = (String) BASE_CIPHER_NAMES.get(algorithm);
if (name == null) {
return algorithm.getId();
}
return name;
}
AlgorithmParameters createAlgorithmParameters(ASN1ObjectIdentifier algorithm)
throws NoSuchAlgorithmException, NoSuchProviderException {
String algorithmName = (String) BASE_CIPHER_NAMES.get(algorithm);
if (algorithmName != null) {
try {
// this is reversed as the Sun policy files now allow unlimited strength RSA
return helper.createAlgorithmParameters(algorithmName);
} catch (NoSuchAlgorithmException e) {
// Ignore
}
}
return helper.createAlgorithmParameters(algorithm.getId());
}
public GOST3410ParameterSpec(
String keyParamSetID, String digestParamSetOID, String encryptionParamSetOID) {
GOST3410ParamSetParameters ecP = null;
try {
ecP = GOST3410NamedParameters.getByOID(new ASN1ObjectIdentifier(keyParamSetID));
} catch (IllegalArgumentException e) {
ASN1ObjectIdentifier oid = GOST3410NamedParameters.getOID(keyParamSetID);
if (oid != null) {
keyParamSetID = oid.getId();
ecP = GOST3410NamedParameters.getByOID(oid);
}
}
if (ecP == null) {
throw new IllegalArgumentException("no key parameter set for passed in name/OID.");
}
this.keyParameters = new GOST3410PublicKeyParameterSetSpec(ecP.getP(), ecP.getQ(), ecP.getA());
this.keyParamSetOID = keyParamSetID;
this.digestParamSetOID = digestParamSetOID;
this.encryptionParamSetOID = encryptionParamSetOID;
}
public KeyFactory createKeyFactory(ASN1ObjectIdentifier algorithm) throws CMSException {
try {
String cipherName = (String) BASE_CIPHER_NAMES.get(algorithm);
if (cipherName != null) {
try {
// this is reversed as the Sun policy files now allow unlimited strength RSA
return helper.createKeyFactory(cipherName);
} catch (NoSuchAlgorithmException e) {
// Ignore
}
}
return helper.createKeyFactory(algorithm.getId());
} catch (GeneralSecurityException e) {
throw new CMSException("cannot create key factory: " + e.getMessage(), e);
}
}
Mac createMac(ASN1ObjectIdentifier algorithm) throws CMSException {
try {
String macName = (String) MAC_ALG_NAMES.get(algorithm);
if (macName != null) {
try {
// this is reversed as the Sun policy files now allow unlimited strength RSA
return helper.createMac(macName);
} catch (NoSuchAlgorithmException e) {
// Ignore
}
}
return helper.createMac(algorithm.getId());
} catch (GeneralSecurityException e) {
throw new CMSException("cannot create mac: " + e.getMessage(), e);
}
}
AlgorithmParameters generateParameters(
ASN1ObjectIdentifier encryptionOID, SecretKey encKey, SecureRandom rand) throws CMSException {
try {
AlgorithmParameterGenerator pGen = createAlgorithmParameterGenerator(encryptionOID);
if (encryptionOID.equals(CMSAlgorithm.RC2_CBC)) {
byte[] iv = new byte[8];
rand.nextBytes(iv);
try {
pGen.init(new RC2ParameterSpec(encKey.getEncoded().length * 8, iv), rand);
} catch (InvalidAlgorithmParameterException e) {
throw new CMSException("parameters generation error: " + e, e);
}
}
return pGen.generateParameters();
} catch (NoSuchAlgorithmException e) {
return null;
} catch (GeneralSecurityException e) {
throw new CMSException("exception creating algorithm parameter generator: " + e, e);
}
}
public OutputEncryptor build() throws OperatorCreationException {
final AlgorithmIdentifier algID;
salt = new byte[20];
if (random == null) {
random = new SecureRandom();
}
random.nextBytes(salt);
try {
this.cipher = helper.createCipher(algOID.getId());
if (PEMUtilities.isPKCS5Scheme2(algOID)) {
this.paramGen = helper.createAlgorithmParameterGenerator(algOID.getId());
} else {
this.secKeyFact = helper.createSecretKeyFactory(algOID.getId());
}
} catch (GeneralSecurityException e) {
throw new OperatorCreationException(algOID + " not available: " + e.getMessage(), e);
}
if (PEMUtilities.isPKCS5Scheme2(algOID)) {
params = paramGen.generateParameters();
try {
KeyDerivationFunc scheme =
new KeyDerivationFunc(algOID, ASN1Primitive.fromByteArray(params.getEncoded()));
KeyDerivationFunc func =
new KeyDerivationFunc(
PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, iterationCount));
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(func);
v.add(scheme);
algID =
new AlgorithmIdentifier(
PKCSObjectIdentifiers.id_PBES2, PBES2Parameters.getInstance(new DERSequence(v)));
} catch (IOException e) {
throw new OperatorCreationException(e.getMessage(), e);
}
key =
PEMUtilities.generateSecretKeyForPKCS5Scheme2(
algOID.getId(), password, salt, iterationCount);
try {
cipher.init(Cipher.ENCRYPT_MODE, key, params);
} catch (GeneralSecurityException e) {
throw new OperatorCreationException(e.getMessage(), e);
}
} else if (PEMUtilities.isPKCS12(algOID)) {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new DEROctetString(salt));
v.add(new ASN1Integer(iterationCount));
algID = new AlgorithmIdentifier(algOID, PKCS12PBEParams.getInstance(new DERSequence(v)));
try {
PBEKeySpec pbeSpec = new PBEKeySpec(password);
PBEParameterSpec defParams = new PBEParameterSpec(salt, iterationCount);
key = secKeyFact.generateSecret(pbeSpec);
cipher.init(Cipher.ENCRYPT_MODE, key, defParams);
} catch (GeneralSecurityException e) {
throw new OperatorCreationException(e.getMessage(), e);
}
} else {
throw new OperatorCreationException("unknown algorithm: " + algOID, null);
}
return new OutputEncryptor() {
public AlgorithmIdentifier getAlgorithmIdentifier() {
return algID;
}
public OutputStream getOutputStream(OutputStream encOut) {
return new CipherOutputStream(encOut, cipher);
}
public GenericKey getKey() {
return new JceGenericKey(algID, key);
}
};
}
