Cipher createAsymmetricWrapper(ASN1ObjectIdentifier algorithm, Map extraAlgNames)
throws OperatorCreationException {
try {
String cipherName = null;
if (!extraAlgNames.isEmpty()) {
cipherName = (String) extraAlgNames.get(algorithm);
}
if (cipherName == null) {
cipherName = (String) asymmetricWrapperAlgNames.get(algorithm);
}
if (cipherName != null) {
try {
// this is reversed as the Sun policy files now allow unlimited strength RSA
return helper.createCipher(cipherName);
} catch (NoSuchAlgorithmException e) {
// try alternate for RSA
if (cipherName.equals("RSA/ECB/PKCS1Padding")) {
try {
return helper.createCipher("RSA/NONE/PKCS1Padding");
} catch (NoSuchAlgorithmException ex) {
// Ignore
}
}
// Ignore
}
}
return helper.createCipher(algorithm.getId());
} catch (GeneralSecurityException e) {
throw new OperatorCreationException("cannot create cipher: " + e.getMessage(), e);
}
}
Cipher createSymmetricWrapper(ASN1ObjectIdentifier algorithm) throws OperatorCreationException {
try {
String cipherName = (String) symmetricWrapperAlgNames.get(algorithm);
if (cipherName != null) {
try {
// this is reversed as the Sun policy files now allow unlimited strength RSA
return helper.createCipher(cipherName);
} catch (NoSuchAlgorithmException e) {
// Ignore
}
}
return helper.createCipher(algorithm.getId());
} catch (GeneralSecurityException e) {
throw new OperatorCreationException("cannot create cipher: " + e.getMessage(), e);
}
}
public OutputEncryptor build() throws OperatorCreationException {
final AlgorithmIdentifier algID;
salt = new byte[20];
if (random == null) {
random = new SecureRandom();
}
random.nextBytes(salt);
try {
this.cipher = helper.createCipher(algOID.getId());
if (PEMUtilities.isPKCS5Scheme2(algOID)) {
this.paramGen = helper.createAlgorithmParameterGenerator(algOID.getId());
} else {
this.secKeyFact = helper.createSecretKeyFactory(algOID.getId());
}
} catch (GeneralSecurityException e) {
throw new OperatorCreationException(algOID + " not available: " + e.getMessage(), e);
}
if (PEMUtilities.isPKCS5Scheme2(algOID)) {
params = paramGen.generateParameters();
try {
KeyDerivationFunc scheme =
new KeyDerivationFunc(algOID, ASN1Primitive.fromByteArray(params.getEncoded()));
KeyDerivationFunc func =
new KeyDerivationFunc(
PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, iterationCount));
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(func);
v.add(scheme);
algID =
new AlgorithmIdentifier(
PKCSObjectIdentifiers.id_PBES2, PBES2Parameters.getInstance(new DERSequence(v)));
} catch (IOException e) {
throw new OperatorCreationException(e.getMessage(), e);
}
key =
PEMUtilities.generateSecretKeyForPKCS5Scheme2(
algOID.getId(), password, salt, iterationCount);
try {
cipher.init(Cipher.ENCRYPT_MODE, key, params);
} catch (GeneralSecurityException e) {
throw new OperatorCreationException(e.getMessage(), e);
}
} else if (PEMUtilities.isPKCS12(algOID)) {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new DEROctetString(salt));
v.add(new ASN1Integer(iterationCount));
algID = new AlgorithmIdentifier(algOID, PKCS12PBEParams.getInstance(new DERSequence(v)));
try {
PBEKeySpec pbeSpec = new PBEKeySpec(password);
PBEParameterSpec defParams = new PBEParameterSpec(salt, iterationCount);
key = secKeyFact.generateSecret(pbeSpec);
cipher.init(Cipher.ENCRYPT_MODE, key, defParams);
} catch (GeneralSecurityException e) {
throw new OperatorCreationException(e.getMessage(), e);
}
} else {
throw new OperatorCreationException("unknown algorithm: " + algOID, null);
}
return new OutputEncryptor() {
public AlgorithmIdentifier getAlgorithmIdentifier() {
return algID;
}
public OutputStream getOutputStream(OutputStream encOut) {
return new CipherOutputStream(encOut, cipher);
}
public GenericKey getKey() {
return new JceGenericKey(algID, key);
}
};
}