List of usage examples for org.bouncycastle.crypto.digests SHA256Digest SHA256Digest
public SHA256Digest()
From source file:TxOutput.java
License:Open Source License
public String getAddress() { // P2PKH Address if (script[0] == 0x76) { byte[] hash160 = Arrays.copyOfRange(script, 3, 23); return Utils.base58Encode((byte) 0x00, hash160); }/*from ww w. j a va 2 s . c o m*/ // P2SH Address else if (Utils.getUnsignedByte(script[0]) == 0xa9) { byte[] hash160 = Arrays.copyOfRange(script, 2, 22); return Utils.base58Encode((byte) 0x05, hash160); } // P2PK Address Uncompressed else if (Utils.getUnsignedByte(script[0]) == 0x41 && Utils.getUnsignedByte(script[1]) == 0x04 && Utils.getUnsignedByte(script[script.length - 1]) == 0xac) { byte[] pk = Arrays.copyOfRange(script, 1, 66); SHA256Digest sha256 = new SHA256Digest(); sha256.update(pk, 0, pk.length); byte[] sha256out = new byte[32]; sha256.doFinal(sha256out, 0); RIPEMD160Digest ripemd160 = new RIPEMD160Digest(); ripemd160.update(sha256out, 0, sha256out.length); byte[] ripemd160out = new byte[20]; ripemd160.doFinal(ripemd160out, 0); return Utils.base58Encode((byte) 0x00, ripemd160out); } // P2PK Address Compressed else if ((Utils.getUnsignedByte(script[1]) == 0x03 || Utils.getUnsignedByte(script[1]) == 0x02) && Utils.getUnsignedByte(script[0]) == 21 && Utils.getUnsignedByte(script[script.length - 1]) == 0xac) { byte[] pk = Arrays.copyOfRange(script, 1, 34); SHA256Digest sha256 = new SHA256Digest(); sha256.update(pk, 0, pk.length); byte[] sha256out = new byte[32]; sha256.doFinal(sha256out, 0); RIPEMD160Digest ripemd160 = new RIPEMD160Digest(); ripemd160.update(sha256out, 0, sha256out.length); byte[] ripemd160out = new byte[20]; ripemd160.doFinal(ripemd160out, 0); return Utils.base58Encode((byte) 0x00, ripemd160out); } // Nonstandard else { return "Non Standard Output"; } }
From source file:aff4.commonobjects.WarrantReader.java
License:Open Source License
public boolean isValid() throws IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, TooManyValuesException, ParseException { Resource warrantURN = URN;// w w w.j a v a2 s .c om Resource authority = (Resource) QueryTools.queryValue(volume, Node.ANY, warrantURN, AFF4.authority); boolean verified = false; Resource warrantGraph = volume.query(Node.ANY, warrantURN, AFF4.type, AFF4.Warrant).get(0).getGraph(); QuadList signedStatements = volume.query(warrantGraph, Node.ANY, Node.ANY, Node.ANY); GraphCanonicalizer standardiser = new GraphCanonicalizer(signedStatements); String canonicalData = standardiser.getCanonicalString(); byte[] bytes = canonicalData.getBytes("UTF-8"); AuthorityReader authorityReader = new AuthorityReader(volume, authority); Signature signature = Signature.getInstance("SHA256withRSA", new BouncyCastleProvider()); signature.initVerify(authorityReader.publicKey); signature.update(bytes); String sig = ((Literal) QueryTools.queryValue(volume, Node.ANY, warrantGraph, AFF4.signature)).asString(); byte[] signatureBytes = Base64.decode(sig); if (!signature.verify(signatureBytes)) { return false; } HashDigestAdapter hasher = new HashDigestAdapter(new SHA256Digest()); QuadList graphs = volume.query(Node.ANY, Node.ANY, AFF4.assertedBy, warrantURN); for (Quad graph : graphs) { Resource subjectGraph = graph.getSubject(); if (!subjectGraph.equals(warrantGraph)) { //String digestMethod = ((Literal)QueryTools.queryValue(volume, Node.ANY, subjectGraph, AFF4.digestMethod)).asString(); String digest = ((Literal) QueryTools.queryValue(volume, Node.ANY, subjectGraph, AFF4.hash)) .asString(); QuadList statements = volume.query(subjectGraph, null, null, null); standardiser = new GraphCanonicalizer(statements); hasher.reset(); hasher.update(standardiser.getCanonicalString()); hasher.doFinal(); String calculatedHash = hasher.getStringValue(); if (!calculatedHash.equals(digest)) { return false; } else { assertions.add(subjectGraph); } } } return true; }
From source file:aff4.commonobjects.WarrantWriter.java
License:Open Source License
static String digest(String data) throws UnsupportedEncodingException { Security.addProvider(new BouncyCastleProvider()); HashDigestAdapter digest = new HashDigestAdapter(new SHA256Digest()); digest.update(data);/*www.j av a 2 s .co m*/ digest.doFinal(); return digest.getStringValue(); }
From source file:bluecrystal.service.service.SignVerifyService.java
License:Open Source License
private Digest getHashById(int hashId) { Digest ret = null;//from w w w.j a v a 2 s. co m switch (hashId) { case DerEncoder.NDX_SHA1: ret = new SHA1Digest(); break; case DerEncoder.NDX_SHA224: ret = new SHA224Digest(); break; case DerEncoder.NDX_SHA256: ret = new SHA256Digest(); break; case DerEncoder.NDX_SHA384: ret = new SHA384Digest(); break; case DerEncoder.NDX_SHA512: ret = new SHA512Digest(); break; default: break; } return ret; }
From source file:co.rsk.mine.MinerServerImpl.java
License:Open Source License
public static byte[] compressCoinbase(byte[] bitcoinMergedMiningCoinbaseTransactionSerialized, boolean lastOccurrence) { List<Byte> coinBaseTransactionSerializedAsList = java.util.Arrays .asList(ArrayUtils.toObject(bitcoinMergedMiningCoinbaseTransactionSerialized)); List<Byte> tagAsList = java.util.Arrays.asList(ArrayUtils.toObject(RskMiningConstants.RSK_TAG)); int rskTagPosition; if (lastOccurrence) { rskTagPosition = Collections.lastIndexOfSubList(coinBaseTransactionSerializedAsList, tagAsList); } else {/*from ww w . ja v a2 s . com*/ rskTagPosition = Collections.indexOfSubList(coinBaseTransactionSerializedAsList, tagAsList); } int remainingByteCount = bitcoinMergedMiningCoinbaseTransactionSerialized.length - rskTagPosition - RskMiningConstants.RSK_TAG.length - RskMiningConstants.BLOCK_HEADER_HASH_SIZE; if (remainingByteCount > RskMiningConstants.MAX_BYTES_AFTER_MERGED_MINING_HASH) { throw new IllegalArgumentException("More than 128 bytes after RSK tag"); } int sha256Blocks = rskTagPosition / 64; int bytesToHash = sha256Blocks * 64; SHA256Digest digest = new SHA256Digest(); digest.update(bitcoinMergedMiningCoinbaseTransactionSerialized, 0, bytesToHash); byte[] hashedContent = digest.getEncodedState(); byte[] trimmedHashedContent = new byte[RskMiningConstants.MIDSTATE_SIZE_TRIMMED]; System.arraycopy(hashedContent, 8, trimmedHashedContent, 0, RskMiningConstants.MIDSTATE_SIZE_TRIMMED); byte[] unHashedContent = new byte[bitcoinMergedMiningCoinbaseTransactionSerialized.length - bytesToHash]; System.arraycopy(bitcoinMergedMiningCoinbaseTransactionSerialized, bytesToHash, unHashedContent, 0, unHashedContent.length); return Arrays.concatenate(trimmedHashedContent, unHashedContent); }
From source file:com.aelitis.azureus.core.pairing.impl.PairingManagerTunnelHandler.java
License:Open Source License
public void setSRPPassword(char[] password) { if (password == null || password.length == 0) { SRP_SALT = null;/*from www .j av a 2 s . c o m*/ SRP_VERIFIER = null; CryptoManagerFactory.getSingleton().setSRPParameters(null, null); } else { start(); try { byte[] I = DEFAULT_IDENTITY.getBytes("UTF-8"); byte[] P = new String(password).getBytes("UTF-8"); byte[] salt = new byte[16]; RandomUtils.nextSecureBytes(salt); SRP6VerifierGenerator gen = new SRP6VerifierGenerator(); gen.init(N_3072, G_3072, new SHA256Digest()); BigInteger verifier = gen.generateVerifier(salt, I, P); CryptoManagerFactory.getSingleton().setSRPParameters(salt, verifier); SRP_SALT = salt; SRP_VERIFIER = verifier; } catch (Throwable e) { Debug.out(e); } } updateActive(); }
From source file:com.aelitis.azureus.core.pairing.impl.PairingManagerTunnelHandler.java
License:Open Source License
private void start() { synchronized (this) { if (started) { return; }/* w w w. j a v a 2s . c o m*/ started = true; } N_3072 = fromHex("FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08" + "8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD EF9519B3 CD3A431B" + "302B0A6D F25F1437 4FE1356D 6D51C245 E485B576 625E7EC6 F44C42E9" + "A637ED6B 0BFF5CB6 F406B7ED EE386BFB 5A899FA5 AE9F2411 7C4B1FE6" + "49286651 ECE45B3D C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8" + "FD24CF5F 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D" + "670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B E39E772C" + "180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 DE2BCBF6 95581718" + "3995497C EA956AE5 15D22618 98FA0510 15728E5A 8AAAC42D AD33170D" + "04507A33 A85521AB DF1CBA64 ECFB8504 58DBEF0A 8AEA7157 5D060C7D" + "B3970F85 A6E1E4C7 ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226" + "1AD2EE6B F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C" + "BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31 43DB5BFC" + "E0FD108E 4B82D120 A93AD2CA FFFFFFFF FFFFFFFF"); G_3072 = BigInteger.valueOf(5); try { PluginInterface dht_pi = core.getPluginManager().getPluginInterfaceByClass(DHTPlugin.class); if (dht_pi == null) { throw (new Exception("DHT Plugin not found")); } DHTPlugin dht_plugin = (DHTPlugin) dht_pi.getPlugin(); if (!dht_plugin.isEnabled()) { throw (new Exception("DHT Plugin is disabled")); } DHT[] dhts = dht_plugin.getDHTs(); List<DHTNATPuncher> punchers = new ArrayList<DHTNATPuncher>(); for (DHT dht : dhts) { int net = dht.getTransport().getNetwork(); if (net == DHT.NW_MAIN) { DHTNATPuncher primary_puncher = dht.getNATPuncher(); if (primary_puncher != null) { punchers.add(primary_puncher); nat_punchers_ipv4.add(primary_puncher); for (int i = 1; i <= 2; i++) { DHTNATPuncher puncher = primary_puncher.getSecondaryPuncher(); punchers.add(puncher); nat_punchers_ipv4.add(puncher); } } } else if (net == DHT.NW_MAIN_V6) { /* * no point in this atm as we don't support v6 tunnels DHTNATPuncher puncher = dht.getNATPuncher(); if ( puncher != null ){ punchers.add( puncher ); nat_punchers_ipv6.add( puncher ); puncher = puncher.getSecondaryPuncher(); punchers.add( puncher ); nat_punchers_ipv6.add( puncher ); } */ } } if (punchers.size() == 0) { throw (new Exception("No suitable DHT instances available")); } for (DHTNATPuncher p : punchers) { p.forceActive(true); p.addListener(new DHTNATPuncherListener() { public void rendezvousChanged(DHTTransportContact rendezvous) { System.out.println("active: " + rendezvous.getString()); synchronized (PairingManagerTunnelHandler.this) { if (update_event == null) { update_event = SimpleTimer.addEvent("PMT:defer", SystemTime.getOffsetTime(15 * 1000), new TimerEventPerformer() { public void perform(TimerEvent event) { synchronized (PairingManagerTunnelHandler.this) { update_event = null; } System.out.println(" updating"); manager.updateNeeded(); }; }); } } } }); } core.getNATTraverser().registerHandler(new NATTraversalHandler() { private Map<Long, Object[]> server_map = new LinkedHashMap<Long, Object[]>(10, 0.75f, true) { protected boolean removeEldestEntry(Map.Entry<Long, Object[]> eldest) { return size() > 10; } }; public int getType() { return (NATTraverser.TRAVERSE_REASON_PAIR_TUNNEL); } public String getName() { return ("Pairing Tunnel"); } public Map process(InetSocketAddress originator, Map data) { if (SRP_VERIFIER == null || !active) { return (null); } boolean good_request = false; try { Map result = new HashMap(); Long session = (Long) data.get("sid"); if (session == null) { return (null); } InetAddress tunnel_originator; try { tunnel_originator = InetAddress.getByAddress((byte[]) data.get("origin")); } catch (Throwable e) { Debug.out("originator decode failed: " + data); return (null); } System.out.println("PairManagerTunnelHander: incoming message - session=" + session + ", payload=" + data + " from " + tunnel_originator + " via " + originator); SRP6Server server; BigInteger B; synchronized (server_map) { Object[] entry = server_map.get(session); if (entry == null) { long diff = SystemTime.getMonotonousTime() - last_server_create_time; if (diff < 5000) { try { long sleep = 5000 - diff; System.out.println("Sleeping for " + sleep + " before starting srp"); Thread.sleep(sleep); } catch (Throwable e) { } } server = new SRP6Server(); server.init(N_3072, G_3072, SRP_VERIFIER, new SHA256Digest(), RandomUtils.SECURE_RANDOM); B = server.generateServerCredentials(); server_map.put(session, new Object[] { server, B }); last_server_create_time = SystemTime.getMonotonousTime(); total_servers++; } else { server = (SRP6Server) entry[0]; B = (BigInteger) entry[1]; } } Long op = (Long) data.get("op"); if (op == 1) { result.put("op", 2); result.put("s", SRP_SALT); result.put("b", B.toByteArray()); good_request = true; if (data.containsKey("test")) { manager.recordRequest("SRP Test", originator.getAddress().getHostAddress(), true); } } else if (op == 3) { boolean log_error = true; try { long diff = SystemTime.getMonotonousTime() - last_server_agree_time; if (diff < 5000) { try { long sleep = 5000 - diff; System.out.println("Sleeping for " + sleep + " before completing srp"); Thread.sleep(sleep); } catch (Throwable e) { } } BigInteger A = new BigInteger((byte[]) data.get("a")); BigInteger serverS = server.calculateSecret(A); byte[] shared_secret = serverS.toByteArray(); Cipher decipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); byte[] key = new byte[16]; System.arraycopy(shared_secret, 0, key, 0, 16); SecretKeySpec secret = new SecretKeySpec(key, "AES"); decipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec((byte[]) data.get("enc_iv"))); byte[] dec = decipher.doFinal((byte[]) data.get("enc_data")); String json_str = new String(dec, "UTF-8"); if (!json_str.startsWith("{")) { log_error = false; throw (new Exception("decode failed")); } JSONObject dec_json = (JSONObject) JSONUtils.decodeJSON(json_str); String tunnel_url = (String) dec_json.get("url"); String service_id = new String((byte[]) data.get("service"), "UTF-8"); String endpoint_url = (String) dec_json.get("endpoint"); boolean ok = createTunnel(tunnel_originator, session, service_id, secret, tunnel_url, endpoint_url); result.put("op", 4); result.put("status", ok ? "ok" : "failed"); good_request = true; } catch (Throwable e) { result.put("op", 4); result.put("status", "failed"); // filter usual errors on bad agreement if (e instanceof BadPaddingException || e instanceof IllegalBlockSizeException) { log_error = false; } if (log_error) { e.printStackTrace(); } } finally { last_server_agree_time = SystemTime.getMonotonousTime(); } } return (result); } finally { if (!good_request) { manager.recordRequest("SRP", originator.getAddress().getHostAddress(), false); } } } }); SimpleTimer.addPeriodicEvent("pm:tunnel:stats", 30 * 1000, new TimerEventPerformer() { public void perform(TimerEvent event) { synchronized (tunnels) { if (tunnels.size() > 0) { System.out.println("PairTunnels: " + tunnels.size()); for (PairManagerTunnel t : tunnels.values()) { System.out.println("\t" + t.getString()); } } } } }); } catch (Throwable e) { Debug.out(e); init_fail = Debug.getNestedExceptionMessage(e); manager.updateSRPState(); } }
From source file:com.aelitis.azureus.core.pairing.impl.PairingManagerTunnelHandler.java
License:Open Source License
protected boolean handleLocalTunnel(TrackerWebPageRequest request, TrackerWebPageResponse response) throws IOException { start();/* w w w .java 2 s. co m*/ if (SRP_VERIFIER == null || !active) { throw (new IOException("Secure pairing is not enabled")); } boolean good_request = false; try { // remove /pairing/tunnel/ String url = request.getURL().substring(16); int q_pos = url.indexOf('?'); Map<String, String> args = new HashMap<String, String>(); if (q_pos != -1) { String args_str = url.substring(q_pos + 1); String[] bits = args_str.split("&"); for (String arg : bits) { String[] x = arg.split("="); if (x.length == 2) { args.put(x[0].toLowerCase(), x[1]); } } url = url.substring(0, q_pos); } if (url.startsWith("create")) { String ac = args.get("ac"); String sid = args.get("sid"); if (ac == null || sid == null) { throw (new IOException("Access code or service id missing")); } if (!ac.equals(manager.peekAccessCode())) { throw (new IOException("Invalid access code")); } PairedServiceImpl ps = manager.getService(sid); if (ps == null) { good_request = true; throw (new IOException("Service '" + sid + "' not registered")); } PairedServiceRequestHandler handler = ps.getHandler(); if (handler == null) { good_request = true; throw (new IOException("Service '" + sid + "' has no handler registered")); } JSONObject json = new JSONObject(); JSONObject result = new JSONObject(); json.put("result", result); byte[] ss = new byte[] { SRP_SALT[0], SRP_SALT[1], SRP_SALT[2], SRP_SALT[3] }; long tunnel_id = RandomUtils.nextSecureAbsoluteLong(); String tunnel_name = Base32.encode(ss) + "_" + tunnel_id; synchronized (local_server_map) { long diff = SystemTime.getMonotonousTime() - last_local_server_create_time; if (diff < 5000) { try { long sleep = 5000 - diff; System.out.println("Sleeping for " + sleep + " before starting srp"); Thread.sleep(sleep); } catch (Throwable e) { } } SRP6Server server = new SRP6Server(); server.init(N_3072, G_3072, SRP_VERIFIER, new SHA256Digest(), RandomUtils.SECURE_RANDOM); BigInteger B = server.generateServerCredentials(); local_server_map.put(tunnel_name, new Object[] { server, handler, null, null }); last_local_server_create_time = SystemTime.getMonotonousTime(); total_local_servers++; result.put("srp_salt", Base32.encode(SRP_SALT)); result.put("srp_b", Base32.encode(B.toByteArray())); Map<String, String> headers = request.getHeaders(); String host = headers.get("host"); // remove port number int pos = host.lastIndexOf("]"); if (pos != -1) { // ipv6 literal host = host.substring(0, pos + 1); } else { pos = host.indexOf(':'); if (pos != -1) { host = host.substring(0, pos); } } String abs_url = request.getAbsoluteURL().toString(); // unfortunately there is some nasty code that uses a configured tracker // address as the default host abs_url = UrlUtils.setHost(new URL(abs_url), host).toExternalForm(); pos = abs_url.indexOf("/create"); String tunnel_url = abs_url.substring(0, pos) + "/id/" + tunnel_name; result.put("url", tunnel_url); } response.getOutputStream().write(JSONUtils.encodeToJSON(json).getBytes("UTF-8")); response.setContentType("application/json; charset=UTF-8"); response.setGZIP(true); good_request = true; return (true); } else if (url.startsWith("id/")) { String tunnel_name = url.substring(3); Object[] entry; synchronized (local_server_map) { entry = local_server_map.get(tunnel_name); if (entry == null) { good_request = true; throw (new IOException("Unknown tunnel id")); } } String srp_a = args.get("srp_a"); String enc_data = args.get("enc_data"); String enc_iv = args.get("enc_iv"); if (srp_a != null && enc_data != null && enc_iv != null) { try { synchronized (local_server_map) { long diff = SystemTime.getMonotonousTime() - last_local_server_agree_time; if (diff < 5000) { try { long sleep = 5000 - diff; System.out.println("Sleeping for " + sleep + " before completing srp"); Thread.sleep(sleep); } catch (Throwable e) { } } } JSONObject json = new JSONObject(); JSONObject result = new JSONObject(); json.put("result", result); SRP6Server server = (SRP6Server) entry[0]; BigInteger A = new BigInteger(Base32.decode(srp_a)); BigInteger serverS = server.calculateSecret(A); byte[] shared_secret = serverS.toByteArray(); Cipher decipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); byte[] key = new byte[16]; System.arraycopy(shared_secret, 0, key, 0, 16); SecretKeySpec secret = new SecretKeySpec(key, "AES"); decipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(Base32.decode(enc_iv))); byte[] dec = decipher.doFinal(Base32.decode(enc_data)); JSONObject dec_json = (JSONObject) JSONUtils.decodeJSON(new String(dec, "UTF-8")); String tunnel_url = (String) dec_json.get("url"); if (!tunnel_url.contains(tunnel_name)) { throw (new IOException("Invalid tunnel url")); } String endpoint_url = (String) dec_json.get("endpoint"); entry[2] = secret; entry[3] = endpoint_url; result.put("state", "activated"); response.getOutputStream().write(JSONUtils.encodeToJSON(json).getBytes("UTF-8")); response.setContentType("application/json; charset=UTF-8"); response.setGZIP(true); good_request = true; return (true); } catch (Throwable e) { throw (new IOException(Debug.getNestedExceptionMessage(e))); } finally { last_local_server_agree_time = SystemTime.getMonotonousTime(); } } else if (args.containsKey("close")) { synchronized (local_server_map) { local_server_map.remove(tunnel_name); } good_request = true; return (true); } else { PairedServiceRequestHandler request_handler = (PairedServiceRequestHandler) entry[1]; SecretKeySpec secret = (SecretKeySpec) entry[2]; String endpoint_url = (String) entry[3]; if (secret == null) { throw (new IOException("auth not completed")); } byte[] request_data = FileUtil.readInputStreamAsByteArray(request.getInputStream()); try { byte[] decrypted; { byte[] IV = new byte[16]; System.arraycopy(request_data, 0, IV, 0, IV.length); Cipher decipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); decipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(IV)); decrypted = decipher.doFinal(request_data, 16, request_data.length - 16); } byte[] reply_bytes = request_handler.handleRequest(request.getClientAddress2().getAddress(), endpoint_url, decrypted); { Cipher encipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); encipher.init(Cipher.ENCRYPT_MODE, secret); AlgorithmParameters params = encipher.getParameters(); byte[] IV = params.getParameterSpec(IvParameterSpec.class).getIV(); byte[] enc = encipher.doFinal(reply_bytes); byte[] rep_bytes = new byte[IV.length + enc.length]; System.arraycopy(IV, 0, rep_bytes, 0, IV.length); System.arraycopy(enc, 0, rep_bytes, IV.length, enc.length); response.getOutputStream().write(rep_bytes); response.setContentType("application/octet-stream"); good_request = true; return (true); } } catch (Throwable e) { throw (new IOException(Debug.getNestedExceptionMessage(e))); } } } throw (new IOException("Unknown tunnel operation")); } finally { if (!good_request) { manager.recordRequest("SRP", request.getClientAddress2().getAddress().getHostAddress(), false); } } }
From source file:com.amazonaws.encryptionsdk.CryptoAlgorithm.java
License:Open Source License
public SecretKey getEncryptionKeyFromDataKey(final SecretKey dataKey, final CiphertextHeaders headers) throws InvalidKeyException { if (!dataKey.getAlgorithm().equalsIgnoreCase(getDataKeyAlgo())) { throw new InvalidKeyException("DataKey of incorrect algorithm. Expected " + getDataKeyAlgo() + " but was " + dataKey.getAlgorithm()); }//from ww w. j a v a 2s.c o m final Digest dgst; switch (this) { case ALG_AES_128_GCM_IV12_TAG16_NO_KDF: case ALG_AES_192_GCM_IV12_TAG16_NO_KDF: case ALG_AES_256_GCM_IV12_TAG16_NO_KDF: return dataKey; case ALG_AES_128_GCM_IV12_TAG16_HKDF_SHA256: case ALG_AES_192_GCM_IV12_TAG16_HKDF_SHA256: case ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA256: case ALG_AES_128_GCM_IV12_TAG16_HKDF_SHA256_ECDSA_P256: dgst = new SHA256Digest(); break; case ALG_AES_192_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384: case ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384: dgst = new SHA384Digest(); break; default: throw new UnsupportedOperationException("Support for " + this + " not yet built."); } if (!dataKey.getFormat().equalsIgnoreCase("RAW")) { throw new InvalidKeyException( "Currently only RAW format keys are supported for HKDF algorithms. Actual format was " + dataKey.getFormat()); } final byte[] messageId = headers.getMessageId(); final ByteBuffer info = ByteBuffer.allocate(messageId.length + 2); info.order(ByteOrder.BIG_ENDIAN); info.putShort(getValue()); info.put(messageId); final byte[] rawDataKey = dataKey.getEncoded(); if (rawDataKey.length != getDataKeyLength()) { throw new InvalidKeyException("DataKey of incorrect length. Expected " + getDataKeyLength() + " but was " + rawDataKey.length); } final byte[] rawEncKey = new byte[getKeyLength()]; final HKDFBytesGenerator hkdf = new HKDFBytesGenerator(dgst); hkdf.init(new HKDFParameters(rawDataKey, null, info.array())); hkdf.generateBytes(rawEncKey, 0, getKeyLength()); return new SecretKeySpec(rawEncKey, getKeyAlgo()); }
From source file:com.codename1.payments.GooglePlayValidator.java
/** * Create JWT token. See https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority * @param payload// w w w . j av a2 s .com * @return */ private String createJWT(String payload) { try { Map header = new HashMap(); header.put("alg", "RS256"); header.put("typ", "JWT"); Map claims = new HashMap(); claims.put("iss", getGoogleClientId()); claims.put("scope", "https://www.googleapis.com/auth/androidpublisher"); claims.put("aud", "https://www.googleapis.com/oauth2/v4/token"); claims.put("exp", String.valueOf(System.currentTimeMillis() / 1000l + 1800)); claims.put("iat", String.valueOf(System.currentTimeMillis() / 1000l)); String headerEnc = Base64.encodeNoNewline(Result.fromContent(header).toString().getBytes("UTF-8")) .replace('+', '-').replace('/', '_').replace("=", " "); String claimsEnc = Base64.encodeNoNewline(Result.fromContent(claims).toString().getBytes("UTF-8")) .replace('+', '-').replace('/', '_').replace("=", " "); ; String sigContent = headerEnc + "." + claimsEnc; Digest digest = new SHA256Digest(); Signer signer = new RSADigestSigner(digest); String pkey = getGooglePrivateKey(); RSAPrivateKey rpkey = getRSAPrivateKey(pkey); signer.init(true, new RSAKeyParameters(true, rpkey.getModulus(), rpkey.getPrivateExponent())); byte[] sigBytes = sigContent.getBytes("UTF-8"); signer.update(sigBytes, 0, sigBytes.length); byte[] sig = signer.generateSignature(); RSAKeyParameters kp = new RSAKeyParameters(false, rpkey.getModulus(), rpkey.getPublicExponent()); signer.init(false, kp); signer.update(sigBytes, 0, sigBytes.length); boolean res = signer.verifySignature(sig); if (!res) { throw new RuntimeException("Failed to verify signature after creating it"); } String jwt = headerEnc + "." + claimsEnc + "." + Base64.encodeNoNewline(sig).replace('+', '-').replace('/', '_').replace("=", " "); ; return jwt; } catch (Exception ex) { throw new RuntimeException(ex); } }