Cipher createAsymmetricWrapper(ASN1ObjectIdentifier algorithm, Map extraAlgNames)
throws OperatorCreationException {
try {
String cipherName = null;
if (!extraAlgNames.isEmpty()) {
cipherName = (String) extraAlgNames.get(algorithm);
}
if (cipherName == null) {
cipherName = (String) asymmetricWrapperAlgNames.get(algorithm);
}
if (cipherName != null) {
try {
// this is reversed as the Sun policy files now allow unlimited strength RSA
return helper.createCipher(cipherName);
} catch (NoSuchAlgorithmException e) {
// try alternate for RSA
if (cipherName.equals("RSA/ECB/PKCS1Padding")) {
try {
return helper.createCipher("RSA/NONE/PKCS1Padding");
} catch (NoSuchAlgorithmException ex) {
// Ignore
}
}
// Ignore
}
}
return helper.createCipher(algorithm.getId());
} catch (GeneralSecurityException e) {
throw new OperatorCreationException("cannot create cipher: " + e.getMessage(), e);
}
}
public Signature createRawSignature(AlgorithmIdentifier algorithm) {
Signature sig;
try {
String algName = getSignatureName(algorithm);
algName = "NONE" + algName.substring(algName.indexOf("WITH"));
sig = helper.createSignature(algName);
// RFC 4056
// When the id-RSASSA-PSS algorithm identifier is used for a signature,
// the AlgorithmIdentifier parameters field MUST contain RSASSA-PSS-params.
/*
Can;t do this pre-jdk1.4
if (algorithm.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
{
AlgorithmParameters params = helper.createAlgorithmParameters(algName);
params.init(algorithm.getParameters().toASN1Primitive().getEncoded(), "ASN.1");
PSSParameterSpec spec = (PSSParameterSpec)params.getParameterSpec(PSSParameterSpec.class);
sig.setParameter(spec);
}
*/
} catch (Exception e) {
return null;
}
return sig;
}
Cipher createSymmetricWrapper(ASN1ObjectIdentifier algorithm) throws OperatorCreationException {
try {
String cipherName = (String) symmetricWrapperAlgNames.get(algorithm);
if (cipherName != null) {
try {
// this is reversed as the Sun policy files now allow unlimited strength RSA
return helper.createCipher(cipherName);
} catch (NoSuchAlgorithmException e) {
// Ignore
}
}
return helper.createCipher(algorithm.getId());
} catch (GeneralSecurityException e) {
throw new OperatorCreationException("cannot create cipher: " + e.getMessage(), e);
}
}
Signature createSignature(AlgorithmIdentifier sigAlgId) throws GeneralSecurityException {
Signature sig;
try {
sig = helper.createSignature(getSignatureName(sigAlgId));
} catch (NoSuchAlgorithmException e) {
//
// try an alternate
//
if (oids.get(sigAlgId.getAlgorithm()) != null) {
String signatureAlgorithm = (String) oids.get(sigAlgId.getAlgorithm());
sig = helper.createSignature(signatureAlgorithm);
} else {
throw e;
}
}
return sig;
}
MessageDigest createDigest(AlgorithmIdentifier digAlgId) throws GeneralSecurityException {
MessageDigest dig;
try {
dig = helper.createDigest(getDigestAlgName(digAlgId.getAlgorithm()));
} catch (NoSuchAlgorithmException e) {
//
// try an alternate
//
if (oids.get(digAlgId.getAlgorithm()) != null) {
String digestAlgorithm = (String) oids.get(digAlgId.getAlgorithm());
dig = helper.createDigest(digestAlgorithm);
} else {
throw e;
}
}
return dig;
}
public X509Certificate convertCertificate(X509CertificateHolder certHolder)
throws CertificateException {
try {
CertificateFactory certFact = helper.createCertificateFactory("X.509");
return (X509Certificate)
certFact.generateCertificate(new ByteArrayInputStream(certHolder.getEncoded()));
} catch (IOException e) {
throw new OpCertificateException(
"cannot get encoded form of certificate: " + e.getMessage(), e);
} catch (NoSuchAlgorithmException e) {
throw new OpCertificateException("cannot create certificate factory: " + e.getMessage(), e);
} catch (NoSuchProviderException e) {
throw new OpCertificateException("cannot find factory provider: " + e.getMessage(), e);
}
}
public OutputEncryptor build() throws OperatorCreationException {
final AlgorithmIdentifier algID;
salt = new byte[20];
if (random == null) {
random = new SecureRandom();
}
random.nextBytes(salt);
try {
this.cipher = helper.createCipher(algOID.getId());
if (PEMUtilities.isPKCS5Scheme2(algOID)) {
this.paramGen = helper.createAlgorithmParameterGenerator(algOID.getId());
} else {
this.secKeyFact = helper.createSecretKeyFactory(algOID.getId());
}
} catch (GeneralSecurityException e) {
throw new OperatorCreationException(algOID + " not available: " + e.getMessage(), e);
}
if (PEMUtilities.isPKCS5Scheme2(algOID)) {
params = paramGen.generateParameters();
try {
KeyDerivationFunc scheme =
new KeyDerivationFunc(algOID, ASN1Primitive.fromByteArray(params.getEncoded()));
KeyDerivationFunc func =
new KeyDerivationFunc(
PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, iterationCount));
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(func);
v.add(scheme);
algID =
new AlgorithmIdentifier(
PKCSObjectIdentifiers.id_PBES2, PBES2Parameters.getInstance(new DERSequence(v)));
} catch (IOException e) {
throw new OperatorCreationException(e.getMessage(), e);
}
key =
PEMUtilities.generateSecretKeyForPKCS5Scheme2(
algOID.getId(), password, salt, iterationCount);
try {
cipher.init(Cipher.ENCRYPT_MODE, key, params);
} catch (GeneralSecurityException e) {
throw new OperatorCreationException(e.getMessage(), e);
}
} else if (PEMUtilities.isPKCS12(algOID)) {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new DEROctetString(salt));
v.add(new ASN1Integer(iterationCount));
algID = new AlgorithmIdentifier(algOID, PKCS12PBEParams.getInstance(new DERSequence(v)));
try {
PBEKeySpec pbeSpec = new PBEKeySpec(password);
PBEParameterSpec defParams = new PBEParameterSpec(salt, iterationCount);
key = secKeyFact.generateSecret(pbeSpec);
cipher.init(Cipher.ENCRYPT_MODE, key, defParams);
} catch (GeneralSecurityException e) {
throw new OperatorCreationException(e.getMessage(), e);
}
} else {
throw new OperatorCreationException("unknown algorithm: " + algOID, null);
}
return new OutputEncryptor() {
public AlgorithmIdentifier getAlgorithmIdentifier() {
return algID;
}
public OutputStream getOutputStream(OutputStream encOut) {
return new CipherOutputStream(encOut, cipher);
}
public GenericKey getKey() {
return new JceGenericKey(algID, key);
}
};
}
