List of usage examples for org.bouncycastle.asn1.pkcs PKCSObjectIdentifiers id_RSASSA_PSS
ASN1ObjectIdentifier id_RSASSA_PSS
To view the source code for org.bouncycastle.asn1.pkcs PKCSObjectIdentifiers id_RSASSA_PSS.
Click Source Link
From source file:org.xipki.commons.security.util.AlgorithmUtil.java
License:Open Source License
public static AlgorithmIdentifier buildRSAPSSAlgId(final HashAlgoType digestAlg) throws NoSuchAlgorithmException { RSASSAPSSparams params = createPSSRSAParams(digestAlg); return new AlgorithmIdentifier(PKCSObjectIdentifiers.id_RSASSA_PSS, params); }
From source file:org.xipki.commons.security.util.SignerUtil.java
License:Open Source License
public static PSSSigner createPSSRSASigner(final AlgorithmIdentifier sigAlgId, final AsymmetricBlockCipher cipher) throws XiSecurityException { ParamUtil.requireNonNull("sigAlgId", sigAlgId); if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(sigAlgId.getAlgorithm())) { throw new XiSecurityException("signature algorithm " + sigAlgId.getAlgorithm() + " is not allowed"); }/*w w w. ja v a 2 s . c o m*/ AlgorithmIdentifier digAlgId; try { digAlgId = AlgorithmUtil.extractDigesetAlgId(sigAlgId); } catch (NoSuchAlgorithmException ex) { throw new XiSecurityException(ex.getMessage(), ex); } RSASSAPSSparams param = RSASSAPSSparams.getInstance(sigAlgId.getParameters()); AlgorithmIdentifier mfgDigAlgId = AlgorithmIdentifier .getInstance(param.getMaskGenAlgorithm().getParameters()); Digest dig = getDigest(digAlgId); Digest mfgDig = getDigest(mfgDigAlgId); int saltSize = param.getSaltLength().intValue(); int trailerField = param.getTrailerField().intValue(); AsymmetricBlockCipher tmpCipher = (cipher == null) ? new RSABlindedEngine() : cipher; return new PSSSigner(tmpCipher, dig, mfgDig, saltSize, getTrailer(trailerField)); }
From source file:org.xipki.ocsp.client.api.RequestOptions.java
License:Open Source License
private static AlgorithmIdentifier createAlgId(final String algoName) { ASN1ObjectIdentifier algOid = null;/* w w w. java 2 s . c o m*/ if ("SHA1withRSA".equalsIgnoreCase(algoName)) { algOid = PKCSObjectIdentifiers.sha1WithRSAEncryption; } else if ("SHA256withRSA".equalsIgnoreCase(algoName)) { algOid = PKCSObjectIdentifiers.sha256WithRSAEncryption; } else if ("SHA384withRSA".equalsIgnoreCase(algoName)) { algOid = PKCSObjectIdentifiers.sha384WithRSAEncryption; } else if ("SHA512withRSA".equalsIgnoreCase(algoName)) { algOid = PKCSObjectIdentifiers.sha512WithRSAEncryption; } else if ("SHA1withECDSA".equalsIgnoreCase(algoName)) { algOid = X9ObjectIdentifiers.ecdsa_with_SHA1; } else if ("SHA256withECDSA".equalsIgnoreCase(algoName)) { algOid = X9ObjectIdentifiers.ecdsa_with_SHA256; } else if ("SHA384withECDSA".equalsIgnoreCase(algoName)) { algOid = X9ObjectIdentifiers.ecdsa_with_SHA384; } else if ("SHA512withECDSA".equalsIgnoreCase(algoName)) { algOid = X9ObjectIdentifiers.ecdsa_with_SHA512; } else if ("SHA1withRSAandMGF1".equalsIgnoreCase(algoName) || "SHA256withRSAandMGF1".equalsIgnoreCase(algoName) || "SHA384withRSAandMGF1".equalsIgnoreCase(algoName) || "SHA512withRSAandMGF1".equalsIgnoreCase(algoName)) { algOid = PKCSObjectIdentifiers.id_RSASSA_PSS; } else { throw new RuntimeException("Unsupported algorithm " + algoName); // should not happen } ASN1Encodable params; if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algOid)) { ASN1ObjectIdentifier digestAlgOid = null; if ("SHA1withRSAandMGF1".equalsIgnoreCase(algoName)) { digestAlgOid = X509ObjectIdentifiers.id_SHA1; } else if ("SHA256withRSAandMGF1".equalsIgnoreCase(algoName)) { digestAlgOid = NISTObjectIdentifiers.id_sha256; } else if ("SHA384withRSAandMGF1".equalsIgnoreCase(algoName)) { digestAlgOid = NISTObjectIdentifiers.id_sha384; } else // if("SHA512withRSAandMGF1".equalsIgnoreCase(algoName)) { digestAlgOid = NISTObjectIdentifiers.id_sha512; } params = createPSSRSAParams(digestAlgOid); } else { params = DERNull.INSTANCE; } return new AlgorithmIdentifier(algOid, params); }
From source file:org.xipki.ocsp.server.impl.ResponderSigner.java
License:Open Source License
private static String getSignatureAlgorithmName(final AlgorithmIdentifier sigAlgId) { ASN1ObjectIdentifier algOid = sigAlgId.getAlgorithm(); if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algOid) == false) { return algOid.getId(); }/*from w w w . j a v a2 s. co m*/ ASN1Encodable asn1Encodable = sigAlgId.getParameters(); RSASSAPSSparams param = RSASSAPSSparams.getInstance(asn1Encodable); ASN1ObjectIdentifier digestAlgOid = param.getHashAlgorithm().getAlgorithm(); return digestAlgOid.getId() + "WITHRSAANDMGF1"; }
From source file:org.xipki.pki.ocsp.client.api.RequestOptions.java
License:Open Source License
private static AlgorithmIdentifier createAlgId(final String algoName) { ASN1ObjectIdentifier algOid = null;/*from w w w. j a v a2 s .c o m*/ if ("SHA1withRSA".equalsIgnoreCase(algoName)) { algOid = PKCSObjectIdentifiers.sha1WithRSAEncryption; } else if ("SHA256withRSA".equalsIgnoreCase(algoName)) { algOid = PKCSObjectIdentifiers.sha256WithRSAEncryption; } else if ("SHA384withRSA".equalsIgnoreCase(algoName)) { algOid = PKCSObjectIdentifiers.sha384WithRSAEncryption; } else if ("SHA512withRSA".equalsIgnoreCase(algoName)) { algOid = PKCSObjectIdentifiers.sha512WithRSAEncryption; } else if ("SHA1withECDSA".equalsIgnoreCase(algoName)) { algOid = X9ObjectIdentifiers.ecdsa_with_SHA1; } else if ("SHA256withECDSA".equalsIgnoreCase(algoName)) { algOid = X9ObjectIdentifiers.ecdsa_with_SHA256; } else if ("SHA384withECDSA".equalsIgnoreCase(algoName)) { algOid = X9ObjectIdentifiers.ecdsa_with_SHA384; } else if ("SHA512withECDSA".equalsIgnoreCase(algoName)) { algOid = X9ObjectIdentifiers.ecdsa_with_SHA512; } else if ("SHA1withRSAandMGF1".equalsIgnoreCase(algoName) || "SHA256withRSAandMGF1".equalsIgnoreCase(algoName) || "SHA384withRSAandMGF1".equalsIgnoreCase(algoName) || "SHA512withRSAandMGF1".equalsIgnoreCase(algoName)) { algOid = PKCSObjectIdentifiers.id_RSASSA_PSS; } else { throw new RuntimeException("Unsupported algorithm " + algoName); // should not happen } ASN1Encodable params; if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algOid)) { ASN1ObjectIdentifier digestAlgOid = null; if ("SHA1withRSAandMGF1".equalsIgnoreCase(algoName)) { digestAlgOid = X509ObjectIdentifiers.id_SHA1; } else if ("SHA256withRSAandMGF1".equalsIgnoreCase(algoName)) { digestAlgOid = NISTObjectIdentifiers.id_sha256; } else if ("SHA384withRSAandMGF1".equalsIgnoreCase(algoName)) { digestAlgOid = NISTObjectIdentifiers.id_sha384; } else { // if ("SHA512withRSAandMGF1".equalsIgnoreCase(algoName)) digestAlgOid = NISTObjectIdentifiers.id_sha512; } params = createPSSRSAParams(digestAlgOid); } else { params = DERNull.INSTANCE; } return new AlgorithmIdentifier(algOid, params); }
From source file:org.xipki.pki.ocsp.server.impl.ResponderSigner.java
License:Open Source License
private static String getSignatureAlgorithmName(final AlgorithmIdentifier sigAlgId) { ASN1ObjectIdentifier algOid = sigAlgId.getAlgorithm(); if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algOid)) { return algOid.getId(); }/*from w ww . j av a2 s.co m*/ ASN1Encodable asn1Encodable = sigAlgId.getParameters(); RSASSAPSSparams param = RSASSAPSSparams.getInstance(asn1Encodable); ASN1ObjectIdentifier digestAlgOid = param.getHashAlgorithm().getAlgorithm(); return digestAlgOid.getId() + "WITHRSAANDMGF1"; }
From source file:org.xipki.pki.scep.util.ScepUtil.java
License:Open Source License
public static ASN1ObjectIdentifier extractDigesetAlgorithmIdentifier(final String sigOid, final byte[] sigParams) throws NoSuchAlgorithmException { ParamUtil.requireNonBlank("sigOid", sigOid); ASN1ObjectIdentifier algOid = new ASN1ObjectIdentifier(sigOid); ASN1ObjectIdentifier digestAlgOid;//ww w . j a va2 s . co m if (PKCSObjectIdentifiers.md5WithRSAEncryption.equals(algOid)) { digestAlgOid = PKCSObjectIdentifiers.md5; } else if (PKCSObjectIdentifiers.sha1WithRSAEncryption.equals(algOid)) { digestAlgOid = X509ObjectIdentifiers.id_SHA1; } else if (PKCSObjectIdentifiers.sha224WithRSAEncryption.equals(algOid)) { digestAlgOid = NISTObjectIdentifiers.id_sha224; } else if (PKCSObjectIdentifiers.sha256WithRSAEncryption.equals(algOid)) { digestAlgOid = NISTObjectIdentifiers.id_sha256; } else if (PKCSObjectIdentifiers.sha384WithRSAEncryption.equals(algOid)) { digestAlgOid = NISTObjectIdentifiers.id_sha384; } else if (PKCSObjectIdentifiers.sha512WithRSAEncryption.equals(algOid)) { digestAlgOid = NISTObjectIdentifiers.id_sha512; } else if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algOid)) { RSASSAPSSparams param = RSASSAPSSparams.getInstance(sigParams); digestAlgOid = param.getHashAlgorithm().getAlgorithm(); } else { throw new NoSuchAlgorithmException("unknown signature algorithm" + algOid.getId()); } return digestAlgOid; }
From source file:org.xipki.security.bcext.BcRSAContentVerifierProviderBuilder.java
License:Open Source License
protected Signer createSigner(final AlgorithmIdentifier sigAlgId) throws OperatorCreationException { AlgorithmIdentifier digAlgId = digestAlgorithmFinder.find(sigAlgId); Digest dig = digestProvider.get(digAlgId); if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(sigAlgId.getAlgorithm())) { return SignerUtil.createPSSRSASigner(sigAlgId); } else {/*ww w . ja v a2s . c o m*/ return new RSADigestSigner(dig); } }
From source file:org.xipki.security.p11.P11ContentSignerBuilder.java
License:Open Source License
public ConcurrentContentSigner createSigner(final AlgorithmIdentifier signatureAlgId, final int parallelism) throws OperatorCreationException, NoSuchPaddingException { if (parallelism < 1) { throw new IllegalArgumentException("non-positive parallelism is not allowed: " + parallelism); }/*from w w w . j a v a2s .c o m*/ List<ContentSigner> signers = new ArrayList<>(parallelism); PublicKey publicKey = certificateChain[0].getPublicKey(); try { for (int i = 0; i < parallelism; i++) { ContentSigner signer; if (publicKey instanceof RSAPublicKey) { if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(signatureAlgId.getAlgorithm())) { signer = new P11RSAPSSContentSigner(cryptService, slot, keyId, signatureAlgId); } else { signer = new P11RSAContentSigner(cryptService, slot, keyId, signatureAlgId); } } else if (publicKey instanceof ECPublicKey) { if (AlgorithmUtil.isDSAPlainSigAlg(signatureAlgId)) { signer = new P11ECDSAPlainContentSigner(cryptService, slot, keyId, signatureAlgId); } else { signer = new P11ECDSAX962ContentSigner(cryptService, slot, keyId, signatureAlgId); } } else if (publicKey instanceof DSAPublicKey) { if (AlgorithmUtil.isDSAPlainSigAlg(signatureAlgId)) { signer = new P11DSAPlainContentSigner(cryptService, slot, keyId, signatureAlgId); } else { signer = new P11DSAX962ContentSigner(cryptService, slot, keyId, signatureAlgId); } } else { throw new OperatorCreationException("unsupported key " + publicKey.getClass().getName()); } signers.add(signer); } } catch (NoSuchAlgorithmException e) { throw new OperatorCreationException("no such algorithm", e); } PrivateKey privateKey; try { privateKey = new P11PrivateKey(cryptService, slot, keyId); } catch (InvalidKeyException e) { throw new OperatorCreationException("could not construct P11PrivateKey: " + e.getMessage(), e); } DefaultConcurrentContentSigner concurrentSigner = new DefaultConcurrentContentSigner(signers, privateKey); concurrentSigner.setCertificateChain(certificateChain); return concurrentSigner; }
From source file:org.xipki.security.p11.P11RSAContentSigner.java
License:Open Source License
public P11RSAContentSigner(final P11CryptService cryptService, final P11SlotIdentifier slot, final P11KeyIdentifier keyId, final AlgorithmIdentifier signatureAlgId) throws NoSuchAlgorithmException, NoSuchPaddingException, OperatorCreationException { ParamChecker.assertNotNull("slot", slot); ParamChecker.assertNotNull("cryptService", cryptService); ParamChecker.assertNotNull("keyId", keyId); ParamChecker.assertNotNull("signatureAlgId", signatureAlgId); if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(signatureAlgId.getAlgorithm())) { throw new IllegalArgumentException("unsupported signature algorithm " + signatureAlgId.getAlgorithm()); }//from w ww. ja va 2 s. c o m this.slot = slot; this.algorithmIdentifier = signatureAlgId; this.keyId = keyId; this.digAlgId = AlgorithmUtil.extractDigesetAlgorithmIdentifier(signatureAlgId); Digest digest = BcDefaultDigestProvider.INSTANCE.get(digAlgId); this.cryptService = cryptService; this.outputStream = new DigestOutputStream(digest); }