List of usage examples for org.bouncycastle.asn1.x9 X9ObjectIdentifiers ecdsa_with_SHA1
ASN1ObjectIdentifier ecdsa_with_SHA1
To view the source code for org.bouncycastle.asn1.x9 X9ObjectIdentifiers ecdsa_with_SHA1.
Click Source Link
From source file:org.cesecore.certificates.util.AlgorithmTools.java
License:Open Source License
/** * Get the digest algorithm corresponding to the signature algorithm. This is used for the creation of * PKCS7 file. SHA1 shall always be used, but it is not working with GOST which needs GOST3411 digest. * //from w w w. ja va 2 s . c o m */ public static String getDigestFromSigAlg(String sigAlg) { if (sigAlg.toUpperCase().contains("GOST") || sigAlg.toUpperCase().contains("DSTU")) { return CMSSignedGenerator.DIGEST_GOST3411; } else { if (sigAlg.equals(X9ObjectIdentifiers.ecdsa_with_SHA1.getId()) || sigAlg.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId())) { return CMSSignedGenerator.DIGEST_SHA1; } else if (sigAlg.equals(X9ObjectIdentifiers.ecdsa_with_SHA224.getId()) || sigAlg.equals(PKCSObjectIdentifiers.sha224WithRSAEncryption.getId())) { return CMSSignedGenerator.DIGEST_SHA224; } else if (sigAlg.equals(X9ObjectIdentifiers.ecdsa_with_SHA256.getId()) || sigAlg.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId())) { return CMSSignedGenerator.DIGEST_SHA256; } else if (sigAlg.equals(X9ObjectIdentifiers.ecdsa_with_SHA384.getId()) || sigAlg.equals(PKCSObjectIdentifiers.sha384WithRSAEncryption.getId())) { return CMSSignedGenerator.DIGEST_SHA384; } else if (sigAlg.equals(X9ObjectIdentifiers.ecdsa_with_SHA512.getId()) || sigAlg.equals(PKCSObjectIdentifiers.sha512WithRSAEncryption.getId())) { return CMSSignedGenerator.DIGEST_SHA512; } else if (sigAlg.equals(PKCSObjectIdentifiers.md5WithRSAEncryption.getId())) { return CMSSignedGenerator.DIGEST_MD5; } else if (sigAlg.equals(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001.getId())) { return CMSSignedGenerator.DIGEST_GOST3411; } } return CMSSignedGenerator.DIGEST_SHA1; }
From source file:org.cesecore.certificates.util.AlgorithmTools.java
License:Open Source License
/** Calculates which signature algorithm to use given a key type and a digest algorithm * /* w ww. j a va 2s. c o m*/ * @param digestAlg objectId of a digest algorithm, CMSSignedGenerator.DIGEST_SHA256 etc * @param keyAlg RSA, EC, DSA * @return ASN1ObjectIdentifier with the id of PKCSObjectIdentifiers.sha1WithRSAEncryption, X9ObjectIdentifiers.ecdsa_with_SHA1, X9ObjectIdentifiers.id_dsa_with_sha1, etc */ public static ASN1ObjectIdentifier getSignAlgOidFromDigestAndKey(final String digestAlg, final String keyAlg) { if (log.isTraceEnabled()) { log.trace(">getSignAlg(" + digestAlg + "," + keyAlg + ")"); } // Default to SHA1WithRSA if everything else fails ASN1ObjectIdentifier oid = PKCSObjectIdentifiers.sha1WithRSAEncryption; if (keyAlg.equals(AlgorithmConstants.KEYALGORITHM_EC) || keyAlg.equals(AlgorithmConstants.KEYALGORITHM_ECDSA)) { oid = X9ObjectIdentifiers.ecdsa_with_SHA1; } else if (keyAlg.equals(AlgorithmConstants.KEYALGORITHM_DSA)) { oid = X9ObjectIdentifiers.id_dsa_with_sha1; } else if (keyAlg.equals(AlgorithmConstants.KEYALGORITHM_ECGOST3410)) { oid = CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001; } else if (keyAlg.equals(AlgorithmConstants.KEYALGORITHM_DSTU4145)) { oid = new ASN1ObjectIdentifier(CesecoreConfiguration.getOidDstu4145()); } if (digestAlg != null) { if (digestAlg.equals(CMSSignedGenerator.DIGEST_SHA256) && keyAlg.equals(AlgorithmConstants.KEYALGORITHM_RSA)) { oid = PKCSObjectIdentifiers.sha256WithRSAEncryption; } else if (digestAlg.equals(CMSSignedGenerator.DIGEST_SHA512) && keyAlg.equals(AlgorithmConstants.KEYALGORITHM_RSA)) { oid = PKCSObjectIdentifiers.sha512WithRSAEncryption; } else if (digestAlg.equals(CMSSignedGenerator.DIGEST_MD5) && keyAlg.equals(AlgorithmConstants.KEYALGORITHM_RSA)) { oid = PKCSObjectIdentifiers.md5WithRSAEncryption; } else if (digestAlg.equals(CMSSignedGenerator.DIGEST_SHA256) && (keyAlg.equals(AlgorithmConstants.KEYALGORITHM_ECDSA) || keyAlg.equals(AlgorithmConstants.KEYALGORITHM_EC))) { oid = X9ObjectIdentifiers.ecdsa_with_SHA256; } else if (digestAlg.equals(CMSSignedGenerator.DIGEST_SHA224) && (keyAlg.equals(AlgorithmConstants.KEYALGORITHM_ECDSA) || keyAlg.equals(AlgorithmConstants.KEYALGORITHM_EC))) { oid = X9ObjectIdentifiers.ecdsa_with_SHA224; } else if (digestAlg.equals(CMSSignedGenerator.DIGEST_SHA384) && (keyAlg.equals(AlgorithmConstants.KEYALGORITHM_ECDSA) || keyAlg.equals(AlgorithmConstants.KEYALGORITHM_EC))) { oid = X9ObjectIdentifiers.ecdsa_with_SHA384; } else if (digestAlg.equals(CMSSignedGenerator.DIGEST_SHA512) && (keyAlg.equals(AlgorithmConstants.KEYALGORITHM_ECDSA) || keyAlg.equals(AlgorithmConstants.KEYALGORITHM_EC))) { oid = X9ObjectIdentifiers.ecdsa_with_SHA512; } else if (digestAlg.equals(CMSSignedGenerator.DIGEST_SHA256) && keyAlg.equals(AlgorithmConstants.KEYALGORITHM_DSA)) { oid = NISTObjectIdentifiers.dsa_with_sha256; } else if (digestAlg.equals(CMSSignedGenerator.DIGEST_SHA512) && keyAlg.equals(AlgorithmConstants.KEYALGORITHM_DSA)) { oid = NISTObjectIdentifiers.dsa_with_sha512; } } if (log.isDebugEnabled()) { log.debug("getSignAlgOidFromDigestAndKey: " + oid.getId()); } return oid; }
From source file:org.cesecore.certificates.util.AlgorithmTools.java
License:Open Source License
/** * Returns the name of the algorithm corresponding to the specified OID * @param sigAlgOid/*from w ww .j ava 2 s . c o m*/ * @return The name of the algorithm corresponding sigAlgOid or null if the algorithm is not recognized. */ public static String getAlgorithmNameFromOID(ASN1ObjectIdentifier sigAlgOid) { if (sigAlgOid.equals(PKCSObjectIdentifiers.md5WithRSAEncryption)) { return AlgorithmConstants.SIGALG_MD5_WITH_RSA; } if (sigAlgOid.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption)) { return AlgorithmConstants.SIGALG_SHA1_WITH_RSA; } if (sigAlgOid.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption)) { return AlgorithmConstants.SIGALG_SHA256_WITH_RSA; } if (sigAlgOid.equals(PKCSObjectIdentifiers.sha384WithRSAEncryption)) { return AlgorithmConstants.SIGALG_SHA384_WITH_RSA; } if (sigAlgOid.equals(PKCSObjectIdentifiers.sha512WithRSAEncryption)) { return AlgorithmConstants.SIGALG_SHA512_WITH_RSA; } if (sigAlgOid.equals(X9ObjectIdentifiers.ecdsa_with_SHA1)) { return AlgorithmConstants.SIGALG_SHA1_WITH_ECDSA; } if (sigAlgOid.equals(X9ObjectIdentifiers.ecdsa_with_SHA224)) { return AlgorithmConstants.SIGALG_SHA224_WITH_ECDSA; } if (sigAlgOid.equals(X9ObjectIdentifiers.ecdsa_with_SHA256)) { return AlgorithmConstants.SIGALG_SHA256_WITH_ECDSA; } if (sigAlgOid.equals(X9ObjectIdentifiers.ecdsa_with_SHA384)) { return AlgorithmConstants.SIGALG_SHA384_WITH_ECDSA; } if (sigAlgOid.equals(X9ObjectIdentifiers.ecdsa_with_SHA512)) { return AlgorithmConstants.SIGALG_SHA512_WITH_ECDSA; } // GOST3410 if (isGost3410Enabled() && sigAlgOid.getId().equalsIgnoreCase(CesecoreConfiguration.getOidGost3410())) { return AlgorithmConstants.SIGALG_GOST3411_WITH_ECGOST3410; } // DSTU4145 if (isDstu4145Enabled() && sigAlgOid.getId().startsWith(CesecoreConfiguration.getOidDstu4145() + ".")) { return AlgorithmConstants.SIGALG_GOST3411_WITH_DSTU4145; } return null; }
From source file:org.ejbca.core.protocol.cmp.AuthenticationModulesTest.java
License:Open Source License
/** * Tests the possibility to use different signature algorithms in CMP requests and responses if protection algorithm * is specified.//w w w. ja v a 2 s . c om * * A CMP request is sent to a CA that uses ECDSA with SHA256 as signature and encryption algorithms: * * 1. Send a CRMF request signed using ECDSA with SHA256 algorithm and expects a response signed by the same algorithm * 2. Send a CMP Confirm message without protection. The response is expected to be signed using ECDSA (because that's the CA's key algorithm) * and SHA1 (because that's the default digest algorithm) * 3. Sends a CMP Revocation request signed using ECDSA with SHA256 and expects a response signed by the same algorithm. * * @throws Exception */ @Test public void test22EECAuthWithSHA256AndECDSA() throws Exception { log.trace(">test22EECAuthWithSHA256AndECDSA()"); //-------------- Set the necessary configurations this.cmpConfiguration.setRAEEProfile(ALIAS, "ECDSAEEP"); this.cmpConfiguration.setRACertProfile(ALIAS, "ECDSACP"); this.cmpConfiguration.setCMPDefaultCA(ALIAS, "CmpECDSATestCA"); this.cmpConfiguration.setRACAName(ALIAS, "CmpECDSATestCA"); this.cmpConfiguration.setRAMode(ALIAS, true); this.cmpConfiguration.setRANameGenScheme(ALIAS, "DN"); this.cmpConfiguration.setRANameGenParams(ALIAS, "CN"); this.cmpConfiguration.setAuthenticationModule(ALIAS, CmpConfiguration.AUTHMODULE_ENDENTITY_CERTIFICATE); this.cmpConfiguration.setAuthenticationParameters(ALIAS, "CmpECDSATestCA"); this.globalConfigurationSession.saveConfiguration(ADMIN, this.cmpConfiguration); removeTestCA("CmpECDSATestCA"); try { final CryptoTokenManagementSessionRemote cryptoTokenManagementSession = EjbRemoteHelper.INSTANCE .getRemoteSession(CryptoTokenManagementSessionRemote.class); final int cryptoTokenId = cryptoTokenManagementSession.getIdFromName("CmpECDSATestCA").intValue(); CryptoTokenTestUtils.removeCryptoToken(ADMIN, cryptoTokenId); } catch (Exception e) {/* do nothing */ } //---------------------- Create the test CA // Create catoken String ecdsaCADN = "CN=CmpECDSATestCA"; String keyspec = "prime256v1"; int cryptoTokenId = CryptoTokenTestUtils.createCryptoTokenForCA(null, "foo123".toCharArray(), true, false, ecdsaCADN, keyspec); final CAToken catoken = CaTestUtils.createCaToken(cryptoTokenId, AlgorithmConstants.SIGALG_SHA256_WITH_ECDSA, AlgorithmConstants.SIGALG_SHA256_WITH_ECDSA); final List<ExtendedCAServiceInfo> extendedCaServices = new ArrayList<ExtendedCAServiceInfo>(2); extendedCaServices.add(new KeyRecoveryCAServiceInfo(ExtendedCAServiceInfo.STATUS_ACTIVE)); String caname = CertTools.getPartFromDN(ecdsaCADN, "CN"); X509CAInfo ecdsaCaInfo = new X509CAInfo(ecdsaCADN, caname, CAConstants.CA_ACTIVE, CertificateProfileConstants.CERTPROFILE_FIXED_ROOTCA, 3650, CAInfo.SELFSIGNED, null, catoken); ecdsaCaInfo.setExtendedCAServiceInfos(extendedCaServices); X509CA ecdsaCA = new X509CA(ecdsaCaInfo); ecdsaCA.setCAToken(catoken); // A CA certificate Collection<Certificate> cachain = new ArrayList<Certificate>(); final PublicKey publicKey = this.cryptoTokenManagementProxySession .getPublicKey(cryptoTokenId, catoken.getAliasFromPurpose(CATokenConstants.CAKEYPURPOSE_CERTSIGN)) .getPublicKey(); //final String keyalg = AlgorithmTools.getKeyAlgorithm(publicKey); String sigalg = AlgorithmConstants.SIGALG_SHA256_WITH_ECDSA; final PrivateKey privateKey = this.cryptoTokenManagementProxySession.getPrivateKey(cryptoTokenId, catoken.getAliasFromPurpose(CATokenConstants.CAKEYPURPOSE_CERTSIGN)); int keyusage = X509KeyUsage.digitalSignature + X509KeyUsage.keyCertSign + X509KeyUsage.cRLSign; X509Certificate ecdsaCaCert = CertTools.genSelfCertForPurpose(ecdsaCADN, 10L, "1.1.1.1", privateKey, publicKey, sigalg, true, keyusage, true); assertNotNull(ecdsaCaCert); cachain.add(ecdsaCaCert); ecdsaCA.setCertificateChain(cachain); this.caSession.addCA(ADMIN, ecdsaCA); //-------------- Create the EndEntityProfile and the CertificateProfile List<Integer> availableCAs = new ArrayList<Integer>(); availableCAs.add(Integer.valueOf(ecdsaCA.getCAId())); CertificateProfile cp = new CertificateProfile(CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER); cp.setSignatureAlgorithm(AlgorithmConstants.SIGALG_SHA256_WITH_ECDSA); cp.setAvailableCAs(availableCAs); cp.setAllowDNOverride(true); try { this.certProfileSession.addCertificateProfile(ADMIN, "ECDSACP", cp); } catch (CertificateProfileExistsException e) {// do nothing } int cpId = this.certProfileSession.getCertificateProfileId("ECDSACP"); // Configure an EndEntity profile (CmpRA) with allow CN, O, C in DN // and rfc822Name (uncheck 'Use entity e-mail field' and check // 'Modifyable'), MS UPN in altNames in the end entity profile. EndEntityProfile eep = new EndEntityProfile(true); eep.setValue(EndEntityProfile.DEFAULTCERTPROFILE, 0, "" + cpId); eep.setValue(EndEntityProfile.AVAILCERTPROFILES, 0, "" + cpId); eep.setValue(EndEntityProfile.DEFAULTCA, 0, "" + ecdsaCA.getCAId()); eep.setValue(EndEntityProfile.AVAILCAS, 0, "" + ecdsaCA.getCAId()); eep.setModifyable(DnComponents.RFC822NAME, 0, true); eep.setUse(DnComponents.RFC822NAME, 0, false); // Don't use field // from "email" data try { this.endEntityProfileSession.addEndEntityProfile(ADMIN, "ECDSAEEP", eep); } catch (EndEntityProfileExistsException e) {// do nothing } int eepId = this.endEntityProfileSession.getEndEntityProfileId("ECDSAEEP"); //---------------- Send a CMP initialization request AuthenticationToken admToken = null; final String testAdminDN = "CN=cmptestadmin,C=SE"; final String testAdminName = "cmptestadmin"; X509Certificate admCert = null; String fp = null, fp2 = null; try { KeyPair keys = KeyTools.genKeys(keyspec, AlgorithmConstants.KEYALGORITHM_ECDSA); final X500Name userDN = new X500Name("CN=cmpecdsauser"); final byte[] _nonce = CmpMessageHelper.createSenderNonce(); final byte[] _transid = CmpMessageHelper.createSenderNonce(); final AlgorithmIdentifier pAlg = new AlgorithmIdentifier(X9ObjectIdentifiers.ecdsa_with_SHA256); PKIMessage req = genCertReq(ecdsaCaInfo.getSubjectDN(), userDN, keys, ecdsaCaCert, _nonce, _transid, false, null, null, null, null, pAlg, null); createUser(testAdminName, testAdminDN, "foo123", true, ecdsaCaInfo.getCAId(), eepId, cpId); KeyPair admkeys = KeyTools.genKeys(keyspec, AlgorithmConstants.KEYALGORITHM_ECDSA); admToken = createAdminToken(admkeys, testAdminName, testAdminDN, ecdsaCA.getCAId(), eepId, cpId); admCert = getCertFromCredentials(admToken); fp = CertTools.getFingerprintAsString(admCert); CMPCertificate[] extraCert = getCMPCert(admCert); req = CmpMessageHelper.buildCertBasedPKIProtection(req, extraCert, admkeys.getPrivate(), AlgorithmTools.getDigestFromSigAlg(pAlg.getAlgorithm().getId()), "BC");//CMSSignedGenerator.DIGEST_SHA256 assertNotNull(req); CertReqMessages ir = (CertReqMessages) req.getBody().getContent(); int reqId = ir.toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().intValue(); ByteArrayOutputStream bao = new ByteArrayOutputStream(); DEROutputStream out = new DEROutputStream(bao); out.writeObject(req); byte[] ba = bao.toByteArray(); // Send request and receive response byte[] resp = sendCmpHttp(ba, 200, ALIAS); checkCmpResponseGeneral(resp, ecdsaCaInfo.getSubjectDN(), userDN, ecdsaCaCert, _nonce, _transid, true, null, X9ObjectIdentifiers.ecdsa_with_SHA256.getId()); X509Certificate cert = checkCmpCertRepMessage(userDN, ecdsaCaCert, resp, reqId); fp2 = CertTools.getFingerprintAsString(cert); // ------------------- Send a CMP confirm message String hash = "foo123"; PKIMessage confirm = genCertConfirm(userDN, ecdsaCaCert, _nonce, _transid, hash, reqId); assertNotNull(confirm); bao = new ByteArrayOutputStream(); out = new DEROutputStream(bao); out.writeObject(confirm); ba = bao.toByteArray(); // Send request and receive response resp = sendCmpHttp(ba, 200, ALIAS); //Since pAlg was not set in the ConfirmationRequest, the default DigestAlgorithm (SHA1) will be used checkCmpResponseGeneral(resp, ecdsaCaInfo.getSubjectDN(), userDN, ecdsaCaCert, _nonce, _transid, true, null, X9ObjectIdentifiers.ecdsa_with_SHA1.getId()); checkCmpPKIConfirmMessage(userDN, ecdsaCaCert, resp); //------------------------- Send a CMP revocation request PKIMessage rev = genRevReq(ecdsaCaInfo.getSubjectDN(), userDN, cert.getSerialNumber(), ecdsaCaCert, _nonce, _transid, true, pAlg, null); assertNotNull(rev); rev = CmpMessageHelper.buildCertBasedPKIProtection(rev, extraCert, admkeys.getPrivate(), AlgorithmTools.getDigestFromSigAlg(pAlg.getAlgorithm().getId()), "BC"); assertNotNull(rev); ByteArrayOutputStream baorev = new ByteArrayOutputStream(); DEROutputStream outrev = new DEROutputStream(baorev); outrev.writeObject(rev); byte[] barev = baorev.toByteArray(); // Send request and receive response resp = sendCmpHttp(barev, 200, ALIAS); checkCmpResponseGeneral(resp, ecdsaCaInfo.getSubjectDN(), userDN, ecdsaCaCert, _nonce, _transid, true, null, X9ObjectIdentifiers.ecdsa_with_SHA256.getId()); int revStatus = checkRevokeStatus(ecdsaCaInfo.getSubjectDN(), CertTools.getSerialNumber(cert)); assertNotEquals("Revocation request failed to revoke the certificate", RevokedCertInfo.NOT_REVOKED, revStatus); } finally { try { removeAuthenticationToken(admToken, admCert, testAdminName); } catch (Exception e) { //NOPMD: Ignore } try { this.endEntityManagementSession.revokeAndDeleteUser(ADMIN, "cmpecdsauser", ReasonFlags.unused); } catch (Exception e) { //NOPMD: Ignore } this.internalCertStoreSession.removeCertificate(fp); this.internalCertStoreSession.removeCertificate(fp2); this.endEntityProfileSession.removeEndEntityProfile(ADMIN, "ECDSAEEP"); this.certProfileSession.removeCertificateProfile(ADMIN, "ECDSACP"); removeTestCA("CmpECDSATestCA"); } log.trace("<test22EECAuthWithSHA256AndECDSA()"); }
From source file:org.ejbca.core.protocol.cmp.AuthenticationModulesTest.java
License:Open Source License
/** * Tests the possibility to use different signature algorithms in CMP requests and responses. * /*from w ww . ja v a2s. co m*/ * A CRMF request, signed using ECDSA with SHA1, is sent to a CA that uses RSA with SHA256 as signature algorithm. * The expected response is signed by RSA with SHA1. * * @throws Exception */ @Test public void test23EECAuthWithRSAandECDSA() throws Exception { log.trace(">test23EECAuthWithRSAandECDSA()"); //-------------- Set the necessary configurations this.cmpConfiguration.setRAMode(ALIAS, true); this.cmpConfiguration.setRANameGenScheme(ALIAS, "DN"); this.cmpConfiguration.setRANameGenParams(ALIAS, "CN"); this.cmpConfiguration.setAuthenticationModule(ALIAS, CmpConfiguration.AUTHMODULE_ENDENTITY_CERTIFICATE); this.cmpConfiguration.setAuthenticationParameters(ALIAS, "TestCA"); this.globalConfigurationSession.saveConfiguration(ADMIN, this.cmpConfiguration); //---------------- Send a CMP initialization request AuthenticationToken admToken = null; final String testAdminDN = "CN=cmptestadmin,C=SE"; final String testAdminName = "cmptestadmin"; X509Certificate admCert = null; String fp = null, fp2 = null; try { KeyPair keys = KeyTools.genKeys("prime192v1", AlgorithmConstants.KEYALGORITHM_ECDSA); final X500Name userDN = new X500Name("CN=cmpmixuser"); final byte[] _nonce = CmpMessageHelper.createSenderNonce(); final byte[] _transid = CmpMessageHelper.createSenderNonce(); final AlgorithmIdentifier pAlg = new AlgorithmIdentifier(X9ObjectIdentifiers.ecdsa_with_SHA1); PKIMessage req = genCertReq(issuerDN, userDN, keys, this.cacert, _nonce, _transid, false, null, null, null, null, pAlg, null); createUser(testAdminName, testAdminDN, "foo123", true, this.caid, SecConst.EMPTY_ENDENTITYPROFILE, CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER); KeyPair admkeys = KeyTools.genKeys("prime192v1", AlgorithmConstants.KEYALGORITHM_ECDSA); admToken = createAdminToken(admkeys, testAdminName, testAdminDN, this.caid, SecConst.EMPTY_ENDENTITYPROFILE, CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER); admCert = getCertFromCredentials(admToken); fp = CertTools.getFingerprintAsString(admCert); CMPCertificate[] extraCert = getCMPCert(admCert); req = CmpMessageHelper.buildCertBasedPKIProtection(req, extraCert, admkeys.getPrivate(), CMSSignedGenerator.DIGEST_SHA1, "BC"); assertNotNull(req); CertReqMessages ir = (CertReqMessages) req.getBody().getContent(); int reqId = ir.toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().intValue(); ByteArrayOutputStream bao = new ByteArrayOutputStream(); DEROutputStream out = new DEROutputStream(bao); out.writeObject(req); byte[] ba = bao.toByteArray(); // Send request and receive response byte[] resp = sendCmpHttp(ba, 200, ALIAS); checkCmpResponseGeneral(resp, issuerDN, userDN, this.cacert, _nonce, _transid, true, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); X509Certificate cert = checkCmpCertRepMessage(userDN, this.cacert, resp, reqId); fp2 = CertTools.getFingerprintAsString(cert); } finally { removeAuthenticationToken(admToken, admCert, testAdminName); this.endEntityManagementSession.revokeAndDeleteUser(ADMIN, "cmpmixuser", ReasonFlags.unused); this.internalCertStoreSession.removeCertificate(fp); this.internalCertStoreSession.removeCertificate(fp2); } log.trace("<test23EECAuthWithRSAandECDSA()"); }
From source file:org.ejbca.core.protocol.cmp.CrmfRARequestTest.java
License:Open Source License
@Test public void test06CrmfEcdsaCA() throws Exception { try {//from w w w . j a v a 2 s. c o m createEllipticCurveDsaCa(); CAInfo caInfo = this.caSession.getCAInfo(ADMIN, "TESTECDSA"); this.cmpConfiguration.setRACAName(cmpAlias, "TESTECDSA"); this.globalConfSession.saveConfiguration(ADMIN, this.cmpConfiguration); final String issuerDN = caInfo.getSubjectDN(); // Make sure this CA is used for the test final X509Certificate caCert = (X509Certificate) caInfo.getCertificateChain().iterator().next(); final KeyPair key1 = KeyTools.genKeys("secp256r1", AlgorithmConstants.KEYALGORITHM_ECDSA); final String userName1 = "cmptestecdsa1"; final X500Name userDN1 = new X500Name("C=SE,O=PrimeKey,CN=" + userName1); try { // check that we can get a certificate from this ECDSA CA. X509Certificate cert = crmfHttpUserTest(userDN1, key1, null, null, X9ObjectIdentifiers.ecdsa_with_SHA1.getId(), caCert, issuerDN); assertNotNull(cert); // Check that this was really signed using SHA256WithECDSA and that the users key algo is in there assertEquals(AlgorithmConstants.SIGALG_SHA256_WITH_ECDSA, AlgorithmTools.getSignatureAlgorithm(cert)); // Keyspec we get back from AlgorithmTools.getKeySpecification seems to differ between OracleJDK and OpenJDK so we only check key type assertEquals(AlgorithmConstants.KEYALGORITHM_ECDSA, AlgorithmTools.getKeyAlgorithm(cert.getPublicKey())); } finally { try { this.endEntityManagementSession.deleteUser(ADMIN, userName1); } catch (NotFoundException e) {// Do nothing } } } finally { // Reset this test class as it was before this test this.cmpConfiguration.setRACAName(cmpAlias, "TestCA"); this.globalConfSession.saveConfiguration(ADMIN, this.cmpConfiguration); removeTestCA("TESTECDSA"); } }
From source file:org.xipki.common.util.AlgorithmUtil.java
License:Open Source License
static public String getSignatureAlgoName(final AlgorithmIdentifier sigAlgId) throws NoSuchAlgorithmException { ASN1ObjectIdentifier algOid = sigAlgId.getAlgorithm(); if (X9ObjectIdentifiers.ecdsa_with_SHA1.equals(algOid)) { return "SHA1withECDSA"; } else if (X9ObjectIdentifiers.ecdsa_with_SHA224.equals(algOid)) { return "SHA224withECDSA"; } else if (X9ObjectIdentifiers.ecdsa_with_SHA256.equals(algOid)) { return "SHA256withECDSA"; } else if (X9ObjectIdentifiers.ecdsa_with_SHA384.equals(algOid)) { return "SHA384withECDSA"; } else if (X9ObjectIdentifiers.ecdsa_with_SHA512.equals(algOid)) { return "SHA512WITHECDSA"; } else if (BSIObjectIdentifiers.ecdsa_plain_SHA1.equals(algOid)) { return "SHA1WITHPLAIN-ECDSA"; } else if (BSIObjectIdentifiers.ecdsa_plain_SHA224.equals(algOid)) { return "SHA224WITHPLAIN-ECDSA"; } else if (BSIObjectIdentifiers.ecdsa_plain_SHA256.equals(algOid)) { return "SHA256WITHPLAIN-ECDSA"; } else if (BSIObjectIdentifiers.ecdsa_plain_SHA384.equals(algOid)) { return "SHA384WITHPLAIN-ECDSA"; } else if (BSIObjectIdentifiers.ecdsa_plain_SHA512.equals(algOid)) { return "SHA512WITHPLAIN-ECDSA"; } else if (X9ObjectIdentifiers.id_dsa_with_sha1.equals(algOid)) { return "SHA1withDSA"; } else if (X9ObjectIdentifiers.id_dsa_with_sha1.equals(algOid)) { return "SHA1withDSA"; } else if (NISTObjectIdentifiers.dsa_with_sha224.equals(algOid)) { return "SHA224withDSA"; } else if (NISTObjectIdentifiers.dsa_with_sha256.equals(algOid)) { return "SHA256withDSA"; } else if (NISTObjectIdentifiers.dsa_with_sha384.equals(algOid)) { return "SHA384withDSA"; } else if (NISTObjectIdentifiers.dsa_with_sha512.equals(algOid)) { return "SHA512withDSA"; } else if (PKCSObjectIdentifiers.sha1WithRSAEncryption.equals(algOid)) { return "SHA1withRSA"; } else if (PKCSObjectIdentifiers.sha224WithRSAEncryption.equals(algOid)) { return "SHA224withRSA"; } else if (PKCSObjectIdentifiers.sha256WithRSAEncryption.equals(algOid)) { return "SHA256withRSA"; } else if (PKCSObjectIdentifiers.sha384WithRSAEncryption.equals(algOid)) { return "SHA384withRSA"; } else if (PKCSObjectIdentifiers.sha512WithRSAEncryption.equals(algOid)) { return "SHA512withRSA"; } else if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algOid)) { RSASSAPSSparams param = RSASSAPSSparams.getInstance(sigAlgId.getParameters()); ASN1ObjectIdentifier digestAlgOid = param.getHashAlgorithm().getAlgorithm(); if (X509ObjectIdentifiers.id_SHA1.equals(digestAlgOid)) { return "SHA1withRSAandMGF1"; } else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOid)) { return "SHA256withRSAandMGF1"; } else if (NISTObjectIdentifiers.id_sha384.equals(digestAlgOid)) { return "SHA384withRSAandMGF1"; } else if (NISTObjectIdentifiers.id_sha512.equals(digestAlgOid)) { return "SHA512withRSAandMGF1"; } else {// w ww . j ava2s .c om throw new NoSuchAlgorithmException("unsupported digest algorithm " + digestAlgOid.getId()); } } else { throw new NoSuchAlgorithmException("unsupported signature algorithm " + algOid.getId()); } }
From source file:org.xipki.common.util.AlgorithmUtil.java
License:Open Source License
static public AlgorithmIdentifier getSignatureAlgoId(final String signatureAlgoName) throws NoSuchAlgorithmException { String algoS = signatureAlgoName.replaceAll("-", ""); AlgorithmIdentifier signatureAlgId;//from ww w . java 2 s . c o m if ("SHA1withRSAandMGF1".equalsIgnoreCase(algoS) || "SHA224withRSAandMGF1".equalsIgnoreCase(algoS) || "SHA256withRSAandMGF1".equalsIgnoreCase(algoS) || "SHA384withRSAandMGF1".equalsIgnoreCase(algoS) || "SHA512withRSAandMGF1".equalsIgnoreCase(algoS)) { ASN1ObjectIdentifier hashAlgo; if ("SHA1withRSAandMGF1".equalsIgnoreCase(algoS)) { hashAlgo = X509ObjectIdentifiers.id_SHA1; } else if ("SHA224withRSAandMGF1".equalsIgnoreCase(algoS)) { hashAlgo = NISTObjectIdentifiers.id_sha224; } else if ("SHA256withRSAandMGF1".equalsIgnoreCase(algoS)) { hashAlgo = NISTObjectIdentifiers.id_sha256; } else if ("SHA384withRSAandMGF1".equalsIgnoreCase(algoS)) { hashAlgo = NISTObjectIdentifiers.id_sha384; } else if ("SHA512withRSAandMGF1".equalsIgnoreCase(algoS)) { hashAlgo = NISTObjectIdentifiers.id_sha512; } else { throw new NoSuchAlgorithmException("should not reach here, unknown algorithm " + algoS); } signatureAlgId = AlgorithmUtil.buildRSAPSSAlgorithmIdentifier(hashAlgo); } else { boolean withNullParam = false; ASN1ObjectIdentifier algOid; if ("SHA1withRSA".equalsIgnoreCase(algoS) || "RSAwithSHA1".equalsIgnoreCase(algoS) || PKCSObjectIdentifiers.sha1WithRSAEncryption.getId().equals(algoS)) { algOid = PKCSObjectIdentifiers.sha1WithRSAEncryption; withNullParam = true; } else if ("SHA224withRSA".equalsIgnoreCase(algoS) || "RSAwithSHA224".equalsIgnoreCase(algoS) || PKCSObjectIdentifiers.sha224WithRSAEncryption.getId().equals(algoS)) { algOid = PKCSObjectIdentifiers.sha224WithRSAEncryption; withNullParam = true; } else if ("SHA256withRSA".equalsIgnoreCase(algoS) || "RSAwithSHA256".equalsIgnoreCase(algoS) || PKCSObjectIdentifiers.sha256WithRSAEncryption.getId().equals(algoS)) { algOid = PKCSObjectIdentifiers.sha256WithRSAEncryption; withNullParam = true; } else if ("SHA384withRSA".equalsIgnoreCase(algoS) || "RSAwithSHA384".equalsIgnoreCase(algoS) || PKCSObjectIdentifiers.sha384WithRSAEncryption.getId().equals(algoS)) { algOid = PKCSObjectIdentifiers.sha384WithRSAEncryption; withNullParam = true; } else if ("SHA512withRSA".equalsIgnoreCase(algoS) || "RSAwithSHA512".equalsIgnoreCase(algoS) || PKCSObjectIdentifiers.sha512WithRSAEncryption.getId().equals(algoS)) { algOid = PKCSObjectIdentifiers.sha512WithRSAEncryption; withNullParam = true; } else if ("SHA1withECDSA".equalsIgnoreCase(algoS) || "ECDSAwithSHA1".equalsIgnoreCase(algoS) || X9ObjectIdentifiers.ecdsa_with_SHA1.getId().equals(algoS)) { algOid = X9ObjectIdentifiers.ecdsa_with_SHA1; } else if ("SHA224withECDSA".equalsIgnoreCase(algoS) || "ECDSAwithSHA224".equalsIgnoreCase(algoS) || X9ObjectIdentifiers.ecdsa_with_SHA224.getId().equals(algoS)) { algOid = X9ObjectIdentifiers.ecdsa_with_SHA224; } else if ("SHA256withECDSA".equalsIgnoreCase(algoS) || "ECDSAwithSHA256".equalsIgnoreCase(algoS) || X9ObjectIdentifiers.ecdsa_with_SHA256.getId().equals(algoS)) { algOid = X9ObjectIdentifiers.ecdsa_with_SHA256; } else if ("SHA384withECDSA".equalsIgnoreCase(algoS) || "ECDSAwithSHA384".equalsIgnoreCase(algoS) || X9ObjectIdentifiers.ecdsa_with_SHA384.getId().equals(algoS)) { algOid = X9ObjectIdentifiers.ecdsa_with_SHA384; } else if ("SHA512withECDSA".equalsIgnoreCase(algoS) || "ECDSAwithSHA512".equalsIgnoreCase(algoS) || X9ObjectIdentifiers.ecdsa_with_SHA512.getId().equals(algoS)) { algOid = X9ObjectIdentifiers.ecdsa_with_SHA512; } else if ("SHA1withPlainECDSA".equalsIgnoreCase(algoS) || "PlainECDSAwithSHA1".equalsIgnoreCase(algoS) || BSIObjectIdentifiers.ecdsa_plain_SHA1.getId().equals(algoS)) { algOid = BSIObjectIdentifiers.ecdsa_plain_SHA1; } else if ("SHA224withPlainECDSA".equalsIgnoreCase(algoS) || "PlainECDSAwithSHA224".equalsIgnoreCase(algoS) || BSIObjectIdentifiers.ecdsa_plain_SHA224.getId().equals(algoS)) { algOid = BSIObjectIdentifiers.ecdsa_plain_SHA224; } else if ("SHA256withPlainECDSA".equalsIgnoreCase(algoS) || "PlainECDSAwithSHA256".equalsIgnoreCase(algoS) || BSIObjectIdentifiers.ecdsa_plain_SHA256.getId().equals(algoS)) { algOid = BSIObjectIdentifiers.ecdsa_plain_SHA256; } else if ("SHA384withPlainECDSA".equalsIgnoreCase(algoS) || "PlainECDSAwithSHA384".equalsIgnoreCase(algoS) || BSIObjectIdentifiers.ecdsa_plain_SHA384.getId().equals(algoS)) { algOid = BSIObjectIdentifiers.ecdsa_plain_SHA384; } else if ("SHA512withPlainECDSA".equalsIgnoreCase(algoS) || "PlainECDSAwithSHA512".equalsIgnoreCase(algoS) || BSIObjectIdentifiers.ecdsa_plain_SHA512.getId().equals(algoS)) { algOid = BSIObjectIdentifiers.ecdsa_plain_SHA512; } else if ("SHA1withDSA".equalsIgnoreCase(algoS) || "DSAwithSHA1".equalsIgnoreCase(algoS) || X9ObjectIdentifiers.id_dsa_with_sha1.getId().equals(algoS)) { algOid = X9ObjectIdentifiers.id_dsa_with_sha1; } else if ("SHA224withDSA".equalsIgnoreCase(algoS) || "DSAwithSHA224".equalsIgnoreCase(algoS) || NISTObjectIdentifiers.dsa_with_sha224.getId().equals(algoS)) { algOid = NISTObjectIdentifiers.dsa_with_sha224; } else if ("SHA256withDSA".equalsIgnoreCase(algoS) || "DSAwithSHA256".equalsIgnoreCase(algoS) || NISTObjectIdentifiers.dsa_with_sha256.getId().equals(algoS)) { algOid = NISTObjectIdentifiers.dsa_with_sha256; } else if ("SHA384withDSA".equalsIgnoreCase(algoS) || "DSAwithSHA384".equalsIgnoreCase(algoS) || NISTObjectIdentifiers.dsa_with_sha384.getId().equals(algoS)) { algOid = NISTObjectIdentifiers.dsa_with_sha384; } else if ("SHA512withDSA".equalsIgnoreCase(algoS) || "DSAwithSHA512".equalsIgnoreCase(algoS) || NISTObjectIdentifiers.dsa_with_sha512.getId().equals(algoS)) { algOid = NISTObjectIdentifiers.dsa_with_sha512; } else { throw new NoSuchAlgorithmException("unsupported signature algorithm " + algoS); } signatureAlgId = withNullParam ? new AlgorithmIdentifier(algOid, DERNull.INSTANCE) : new AlgorithmIdentifier(algOid); } return signatureAlgId; }
From source file:org.xipki.common.util.AlgorithmUtil.java
License:Open Source License
static public AlgorithmIdentifier getECDSASignatureAlgoId(final String hashAlgo, final boolean plainSignature) throws NoSuchAlgorithmException { ASN1ObjectIdentifier sigAlgoOid;//from w ww . ja va 2 s . c o m if ("SHA1".equalsIgnoreCase(hashAlgo)) { sigAlgoOid = plainSignature ? BSIObjectIdentifiers.ecdsa_plain_SHA1 : X9ObjectIdentifiers.ecdsa_with_SHA1; } else if ("SHA224".equalsIgnoreCase(hashAlgo)) { sigAlgoOid = plainSignature ? BSIObjectIdentifiers.ecdsa_plain_SHA224 : X9ObjectIdentifiers.ecdsa_with_SHA224; } else if ("SHA256".equalsIgnoreCase(hashAlgo)) { sigAlgoOid = plainSignature ? BSIObjectIdentifiers.ecdsa_plain_SHA256 : X9ObjectIdentifiers.ecdsa_with_SHA256; } else if ("SHA384".equalsIgnoreCase(hashAlgo)) { sigAlgoOid = plainSignature ? BSIObjectIdentifiers.ecdsa_plain_SHA384 : X9ObjectIdentifiers.ecdsa_with_SHA384; } else if ("SHA512".equalsIgnoreCase(hashAlgo)) { sigAlgoOid = plainSignature ? BSIObjectIdentifiers.ecdsa_plain_SHA512 : X9ObjectIdentifiers.ecdsa_with_SHA512; } else { throw new NoSuchAlgorithmException("unsupported hash algorithm " + hashAlgo); } return new AlgorithmIdentifier(sigAlgoOid); }
From source file:org.xipki.common.util.AlgorithmUtil.java
License:Open Source License
static public AlgorithmIdentifier extractDigesetAlgorithmIdentifier(final AlgorithmIdentifier sigAlgId) throws NoSuchAlgorithmException { ASN1ObjectIdentifier algOid = sigAlgId.getAlgorithm(); ASN1ObjectIdentifier digestAlgOid;//from www . ja va 2s. co m if (X9ObjectIdentifiers.ecdsa_with_SHA1.equals(algOid)) { digestAlgOid = X509ObjectIdentifiers.id_SHA1; } else if (X9ObjectIdentifiers.ecdsa_with_SHA224.equals(algOid)) { digestAlgOid = NISTObjectIdentifiers.id_sha224; } else if (X9ObjectIdentifiers.ecdsa_with_SHA256.equals(algOid)) { digestAlgOid = NISTObjectIdentifiers.id_sha256; } else if (X9ObjectIdentifiers.ecdsa_with_SHA384.equals(algOid)) { digestAlgOid = NISTObjectIdentifiers.id_sha384; } else if (X9ObjectIdentifiers.ecdsa_with_SHA512.equals(algOid)) { digestAlgOid = NISTObjectIdentifiers.id_sha512; } else if (BSIObjectIdentifiers.ecdsa_plain_SHA1.equals(algOid)) { digestAlgOid = X509ObjectIdentifiers.id_SHA1; } else if (BSIObjectIdentifiers.ecdsa_plain_SHA224.equals(algOid)) { digestAlgOid = NISTObjectIdentifiers.id_sha224; } else if (BSIObjectIdentifiers.ecdsa_plain_SHA256.equals(algOid)) { digestAlgOid = NISTObjectIdentifiers.id_sha256; } else if (BSIObjectIdentifiers.ecdsa_plain_SHA384.equals(algOid)) { digestAlgOid = NISTObjectIdentifiers.id_sha384; } else if (BSIObjectIdentifiers.ecdsa_plain_SHA512.equals(algOid)) { digestAlgOid = NISTObjectIdentifiers.id_sha512; } else if (X9ObjectIdentifiers.id_dsa_with_sha1.equals(algOid)) { digestAlgOid = X509ObjectIdentifiers.id_SHA1; } else if (NISTObjectIdentifiers.dsa_with_sha224.equals(algOid)) { digestAlgOid = NISTObjectIdentifiers.id_sha224; } else if (NISTObjectIdentifiers.dsa_with_sha256.equals(algOid)) { digestAlgOid = NISTObjectIdentifiers.id_sha256; } else if (NISTObjectIdentifiers.dsa_with_sha384.equals(algOid)) { digestAlgOid = NISTObjectIdentifiers.id_sha384; } else if (NISTObjectIdentifiers.dsa_with_sha512.equals(algOid)) { digestAlgOid = NISTObjectIdentifiers.id_sha512; } else if (PKCSObjectIdentifiers.sha1WithRSAEncryption.equals(algOid)) { digestAlgOid = X509ObjectIdentifiers.id_SHA1; } else if (PKCSObjectIdentifiers.sha224WithRSAEncryption.equals(algOid)) { digestAlgOid = NISTObjectIdentifiers.id_sha224; } else if (PKCSObjectIdentifiers.sha256WithRSAEncryption.equals(algOid)) { digestAlgOid = NISTObjectIdentifiers.id_sha256; } else if (PKCSObjectIdentifiers.sha384WithRSAEncryption.equals(algOid)) { digestAlgOid = NISTObjectIdentifiers.id_sha384; } else if (PKCSObjectIdentifiers.sha512WithRSAEncryption.equals(algOid)) { digestAlgOid = NISTObjectIdentifiers.id_sha512; } else if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algOid)) { ASN1Encodable asn1Encodable = sigAlgId.getParameters(); RSASSAPSSparams param = RSASSAPSSparams.getInstance(asn1Encodable); digestAlgOid = param.getHashAlgorithm().getAlgorithm(); } else { throw new NoSuchAlgorithmException("unknown signature algorithm" + algOid.getId()); } return new AlgorithmIdentifier(digestAlgOid, DERNull.INSTANCE); }