List of usage examples for org.bouncycastle.asn1.pkcs PKCSObjectIdentifiers id_RSASSA_PSS
ASN1ObjectIdentifier id_RSASSA_PSS
To view the source code for org.bouncycastle.asn1.pkcs PKCSObjectIdentifiers id_RSASSA_PSS.
Click Source Link
From source file:org.xipki.security.p11.P11RSAPSSContentSigner.java
License:Open Source License
public P11RSAPSSContentSigner(final P11CryptService cryptService, final P11SlotIdentifier slot, final P11KeyIdentifier keyId, final AlgorithmIdentifier signatureAlgId) throws NoSuchAlgorithmException, NoSuchPaddingException, OperatorCreationException { ParamChecker.assertNotNull("slot", slot); ParamChecker.assertNotNull("cryptService", cryptService); ParamChecker.assertNotNull("signatureAlgId", signatureAlgId); ParamChecker.assertNotNull("keyId", keyId); if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(signatureAlgId.getAlgorithm()) == false) { throw new IllegalArgumentException("unsupported signature algorithm " + signatureAlgId.getAlgorithm()); }/*from w w w . j av a 2s .c o m*/ this.algorithmIdentifier = signatureAlgId; AsymmetricBlockCipher cipher = new P11PlainRSASigner(); P11RSAKeyParameter keyParam; try { keyParam = P11RSAKeyParameter.getInstance(cryptService, slot, keyId); } catch (InvalidKeyException e) { throw new OperatorCreationException(e.getMessage(), e); } this.pssSigner = SignerUtil.createPSSRSASigner(signatureAlgId, cipher); this.pssSigner.init(true, keyParam); this.outputStream = new PSSSignerOutputStream(); }
From source file:org.xipki.security.SignerUtil.java
License:Open Source License
static public PSSSigner createPSSRSASigner(final AlgorithmIdentifier sigAlgId, AsymmetricBlockCipher cipher) throws OperatorCreationException { if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(sigAlgId.getAlgorithm()) == false) { throw new OperatorCreationException( "signature algorithm " + sigAlgId.getAlgorithm() + " is not allowed"); }/*from www.j a v a2s . c o m*/ BcDigestProvider digestProvider = BcDefaultDigestProvider.INSTANCE; AlgorithmIdentifier digAlgId; try { digAlgId = AlgorithmUtil.extractDigesetAlgorithmIdentifier(sigAlgId); } catch (NoSuchAlgorithmException e) { throw new OperatorCreationException(e.getMessage(), e); } Digest dig = digestProvider.get(digAlgId); if (cipher == null) { cipher = new RSABlindedEngine(); } RSASSAPSSparams param = RSASSAPSSparams.getInstance(sigAlgId.getParameters()); AlgorithmIdentifier mfgDigAlgId = AlgorithmIdentifier .getInstance(param.getMaskGenAlgorithm().getParameters()); Digest mfgDig = digestProvider.get(mfgDigAlgId); int saltSize = param.getSaltLength().intValue(); int trailerField = param.getTrailerField().intValue(); return new PSSSigner(cipher, dig, mfgDig, saltSize, getTrailer(trailerField)); }
From source file:org.xipki.security.SoftTokenContentSignerBuilder.java
License:Open Source License
public ConcurrentContentSigner createSigner(final AlgorithmIdentifier signatureAlgId, final int parallelism) throws OperatorCreationException, NoSuchPaddingException { if (parallelism < 1) { throw new IllegalArgumentException("non-positive parallelism is not allowed: " + parallelism); }//from ww w .j a v a 2 s.co m List<ContentSigner> signers = new ArrayList<>(parallelism); ASN1ObjectIdentifier algOid = signatureAlgId.getAlgorithm(); if (Security.getProvider(PROVIDER_XIPKI_NSS) != null && algOid.equals(PKCSObjectIdentifiers.id_RSASSA_PSS) == false && key instanceof ECPrivateKey == false) { String algoName; try { algoName = AlgorithmUtil.getSignatureAlgoName(signatureAlgId); } catch (NoSuchAlgorithmException e) { throw new OperatorCreationException(e.getMessage()); } boolean useGivenProvider = true; for (int i = 0; i < parallelism; i++) { try { Signature signature = Signature.getInstance(algoName, PROVIDER_XIPKI_NSS); signature.initSign(key); if (i == 0) { signature.update(new byte[] { 1, 2, 3, 4 }); signature.sign(); } ContentSigner signer = new SignatureSigner(signatureAlgId, signature, key); signers.add(signer); } catch (Exception e) { useGivenProvider = false; signers.clear(); break; } } if (useGivenProvider) { LOG.info("use {} to sign {} signature", PROVIDER_XIPKI_NSS, algoName); } else { LOG.info("could not use {} to sign {} signature", PROVIDER_XIPKI_NSS, algoName); } } if (CollectionUtil.isEmpty(signers)) { BcContentSignerBuilder signerBuilder; AsymmetricKeyParameter keyparam; try { if (key instanceof RSAPrivateKey) { keyparam = SignerUtil.generateRSAPrivateKeyParameter((RSAPrivateKey) key); signerBuilder = new RSAContentSignerBuilder(signatureAlgId); } else if (key instanceof DSAPrivateKey) { keyparam = DSAUtil.generatePrivateKeyParameter(key); signerBuilder = new DSAContentSignerBuilder(signatureAlgId, AlgorithmUtil.isDSAPlainSigAlg(signatureAlgId)); } else if (key instanceof ECPrivateKey) { keyparam = ECUtil.generatePrivateKeyParameter(key); signerBuilder = new ECDSAContentSignerBuilder(signatureAlgId, AlgorithmUtil.isDSAPlainSigAlg(signatureAlgId)); } else { throw new OperatorCreationException("unsupported key " + key.getClass().getName()); } } catch (InvalidKeyException e) { throw new OperatorCreationException("invalid key", e); } catch (NoSuchAlgorithmException e) { throw new OperatorCreationException("no such algorithm", e); } for (int i = 0; i < parallelism; i++) { ContentSigner signer = signerBuilder.build(keyparam); signers.add(signer); } } ConcurrentContentSigner concurrentSigner = new DefaultConcurrentContentSigner(signers, key); if (certificateChain != null) { concurrentSigner.setCertificateChain(certificateChain); } return concurrentSigner; }
From source file:org.xwiki.crypto.signer.internal.factory.BcRsaSsaPssSignerFactory.java
License:Open Source License
@Override protected AlgorithmIdentifier getSignerAlgorithmIdentifier(AsymmetricCipherParameters parameters) { if (parameters instanceof AsymmetricKeyParameters) { AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(X509ObjectIdentifiers.id_SHA1); return new AlgorithmIdentifier(PKCSObjectIdentifiers.id_RSASSA_PSS, DERNull.INSTANCE); } else if (parameters instanceof PssSignerParameters) { PssParameters pssParams = ((PssSignerParameters) parameters).getPssParameters(); BcDigestFactory factory = getDigestFactory(pssParams.getHashAlgorithm()); return new AlgorithmIdentifier(PKCSObjectIdentifiers.id_RSASSA_PSS, new RSASSAPSSparams( factory.getAlgorithmIdentifier(), new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, getDigestFactory(pssParams.getMaskGenAlgorithm()).getAlgorithmIdentifier()), new ASN1Integer( pssParams.getSaltLength() >= 0 ? pssParams.getSaltLength() : factory.getDigestSize()), new ASN1Integer(pssParams.getTrailerField()))); }/*from w w w. j a v a2 s .c o m*/ throw new UnsupportedOperationException(PSS_PARAMS_ERROR + parameters.getClass().getName()); }