public ASN1Sequence generateRecipientEncryptedKeys( AlgorithmIdentifier keyAgreeAlgorithm, AlgorithmIdentifier keyEncryptionAlgorithm, GenericKey contentEncryptionKey) throws CMSException { init(keyAgreeAlgorithm.getAlgorithm()); PrivateKey senderPrivateKey = this.senderPrivateKey; ASN1ObjectIdentifier keyAgreementOID = keyAgreeAlgorithm.getAlgorithm(); if (keyAgreementOID.getId().equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF)) { senderPrivateKey = new MQVPrivateKeySpec( senderPrivateKey, ephemeralKP.getPrivate(), ephemeralKP.getPublic()); } ASN1EncodableVector recipientEncryptedKeys = new ASN1EncodableVector(); for (int i = 0; i != recipientIDs.size(); i++) { PublicKey recipientPublicKey = (PublicKey) recipientKeys.get(i); KeyAgreeRecipientIdentifier karId = (KeyAgreeRecipientIdentifier) recipientIDs.get(i); if (keyAgreementOID.getId().equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF)) { recipientPublicKey = new MQVPublicKeySpec(recipientPublicKey, recipientPublicKey); } try { // Use key agreement to choose a wrap key for this recipient KeyAgreement keyAgreement = helper.createKeyAgreement(keyAgreementOID); keyAgreement.init(senderPrivateKey, random); keyAgreement.doPhase(recipientPublicKey, true); SecretKey keyEncryptionKey = keyAgreement.generateSecret(keyEncryptionAlgorithm.getAlgorithm().getId()); // Wrap the content encryption key with the agreement key Cipher keyEncryptionCipher = helper.createCipher(keyEncryptionAlgorithm.getAlgorithm()); keyEncryptionCipher.init(Cipher.WRAP_MODE, keyEncryptionKey, random); byte[] encryptedKeyBytes = keyEncryptionCipher.wrap(helper.getJceKey(contentEncryptionKey)); ASN1OctetString encryptedKey = new DEROctetString(encryptedKeyBytes); recipientEncryptedKeys.add(new RecipientEncryptedKey(karId, encryptedKey)); } catch (GeneralSecurityException e) { throw new CMSException("cannot perform agreement step: " + e.getMessage(), e); } } return new DERSequence(recipientEncryptedKeys); }
private void rawModeTest( String sigName, ASN1ObjectIdentifier digestOID, PrivateKey privKey, PublicKey pubKey, SecureRandom random) throws Exception { byte[] sampleMessage = new byte[1000 + random.nextInt(100)]; random.nextBytes(sampleMessage); Signature normalSig = Signature.getInstance(sigName, "BC"); normalSig.initSign(privKey); normalSig.update(sampleMessage); byte[] normalResult = normalSig.sign(); MessageDigest digest = MessageDigest.getInstance(digestOID.getId(), "BC"); byte[] hash = digest.digest(sampleMessage); byte[] digInfo = derEncode(digestOID, hash); Signature rawSig = Signature.getInstance("RSA", "BC"); rawSig.initSign(privKey); rawSig.update(digInfo); byte[] rawResult = rawSig.sign(); if (!Arrays.areEqual(normalResult, rawResult)) { fail("raw mode signature differs from normal one"); } rawSig.initVerify(pubKey); rawSig.update(digInfo); if (!rawSig.verify(rawResult)) { fail("raw mode signature verification failed"); } }
public String toString() { StringBuffer buf = new StringBuffer(); String nl = System.getProperty("line.separator"); buf.append(" userCertificate: ").append(this.getSerialNumber()).append(nl); buf.append(" revocationDate: ").append(this.getRevocationDate()).append(nl); buf.append(" certificateIssuer: ").append(this.getCertificateIssuer()).append(nl); Extensions extensions = c.getExtensions(); if (extensions != null) { Enumeration e = extensions.oids(); if (e.hasMoreElements()) { buf.append(" crlEntryExtensions:").append(nl); while (e.hasMoreElements()) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement(); Extension ext = extensions.getExtension(oid); if (ext.getExtnValue() != null) { byte[] octs = ext.getExtnValue().getOctets(); ASN1InputStream dIn = new ASN1InputStream(octs); buf.append(" critical(").append(ext.isCritical()).append(") "); try { if (oid.equals(X509Extension.reasonCode)) { buf.append(CRLReason.getInstance(ASN1Enumerated.getInstance(dIn.readObject()))) .append(nl); } else if (oid.equals(X509Extension.certificateIssuer)) { buf.append("Certificate issuer: ") .append(GeneralNames.getInstance(dIn.readObject())) .append(nl); } else { buf.append(oid.getId()); buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl); } } catch (Exception ex) { buf.append(oid.getId()); buf.append(" value = ").append("*****").append(nl); } } else { buf.append(nl); } } } } return buf.toString(); }
private Set getExtensionOIDs(boolean critical) { Extensions extensions = c.getExtensions(); if (extensions != null) { Set set = new HashSet(); Enumeration e = extensions.oids(); while (e.hasMoreElements()) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement(); Extension ext = extensions.getExtension(oid); if (critical == ext.isCritical()) { set.add(oid.getId()); } } return set; } return null; }
ECDSAPublicKey(ASN1Sequence seq) throws IllegalArgumentException { Enumeration en = seq.getObjects(); this.usage = ASN1ObjectIdentifier.getInstance(en.nextElement()); options = 0; while (en.hasMoreElements()) { Object obj = en.nextElement(); if (obj instanceof ASN1TaggedObject) { ASN1TaggedObject to = (ASN1TaggedObject) obj; switch (to.getTagNo()) { case 0x1: setPrimeModulusP(UnsignedInteger.getInstance(to).getValue()); break; case 0x2: setFirstCoefA(UnsignedInteger.getInstance(to).getValue()); break; case 0x3: setSecondCoefB(UnsignedInteger.getInstance(to).getValue()); break; case 0x4: setBasePointG(ASN1OctetString.getInstance(to, false)); break; case 0x5: setOrderOfBasePointR(UnsignedInteger.getInstance(to).getValue()); break; case 0x6: setPublicPointY(ASN1OctetString.getInstance(to, false)); break; case 0x7: setCofactorF(UnsignedInteger.getInstance(to).getValue()); break; default: options = 0; throw new IllegalArgumentException("Unknown Object Identifier!"); } } else { throw new IllegalArgumentException("Unknown Object Identifier!"); } } if (options != 0x20 && options != 0x7F) { throw new IllegalArgumentException("All options must be either present or absent!"); } }
private void init(ASN1ObjectIdentifier keyAgreementOID) throws CMSException { if (random == null) { random = new SecureRandom(); } if (keyAgreementOID.equals(CMSAlgorithm.ECMQV_SHA1KDF)) { if (ephemeralKP == null) { try { ECParameterSpec ecParamSpec = ((ECPublicKey) senderPublicKey).getParams(); KeyPairGenerator ephemKPG = helper.createKeyPairGenerator(keyAgreementOID); ephemKPG.initialize(ecParamSpec, random); ephemeralKP = ephemKPG.generateKeyPair(); } catch (InvalidAlgorithmParameterException e) { throw new CMSException( "cannot determine MQV ephemeral key pair parameters from public key: " + e); } } } }