List of usage examples for org.bouncycastle.operator.bc BcDefaultDigestProvider INSTANCE
BcDigestProvider INSTANCE
To view the source code for org.bouncycastle.operator.bc BcDefaultDigestProvider INSTANCE.
Click Source Link
From source file:com.aqnote.shared.cryptology.cert.io.PKCSReader.java
License:Open Source License
public static PKCS12PfxPdu readPKCS12(InputStream istream, final char[] pwd) { if (istream == null || pwd == null) return null; try {/*from w ww . ja v a2s. c om*/ PKCS12PfxPdu pfx = new PKCS12PfxPdu(Streams.readAll(istream)); if (!pfx.isMacValid(new BcPKCS12MacCalculatorBuilderProvider(BcDefaultDigestProvider.INSTANCE), pwd)) { logger.error(MSG(R.F, "readPKCS12", "PKCS#12 MAC test failed!")); return null; } return pfx; } catch (Throwable t) { logger.error(MSG(R.F, "readPKCS12", t.getMessage()), t); } return null; }
From source file:eu.betaas.taas.securitymanager.common.certificate.utils.PKCS12Utils.java
License:Apache License
/** * A method to load BcCredential (consists of certificate chain, end entity * alias and private key of end entity credential) from the PKCS12 file * @param pkcs12FileName: the PKCS12 file name * @param keyPasswd: the password of the key credential * @return// www. j a v a2 s . c om * @throws Exception */ public static BcCredential loadPKCS12Credential(String pkcs12FileName, char[] keyPasswd, int certType) { PKCS12PfxPdu pfxPdu = null; // if(certType == APPS_CERT){ // log.info("Reading AppStoreCertInter.p12 file"); // InputStream is = PKCS12Utils.class.getResourceAsStream(pkcs12FileName); // log.info("AppStoreCertInter.p12 file has been converted to InputStream"); // pfxPdu = new PKCS12PfxPdu(Streams.readAll(is)); // log.info("Read the PKCS12PfxPdu..."); // } // else if(certType == GW_CERT){ // Try to put the AppStoreCertInter.p12 in the karaf, so no need to read // from the resource, e.g. getResourceAsStream log.debug("will start loading PKCS12 file..."); try { pfxPdu = new PKCS12PfxPdu(Streams.readAll(new FileInputStream(pkcs12FileName))); } catch (FileNotFoundException e) { // TODO Auto-generated catch block log.error("PKCS12 file: " + pkcs12FileName + " is not found!!"); e.printStackTrace(); } catch (IOException e) { // TODO Auto-generated catch block log.error("IOException in initializing PKCS12PfxPdu..."); e.printStackTrace(); } log.debug("Loading PKCS12 successfully..."); // } try { if (!pfxPdu.isMacValid(new BcPKCS12MacCalculatorBuilderProvider(BcDefaultDigestProvider.INSTANCE), keyPasswd)) { log.error("PKCS#12 MAC test failed!"); return null; } } catch (PKCSException e) { // TODO Auto-generated catch block e.printStackTrace(); } ContentInfo[] infos = pfxPdu.getContentInfos(); InputDecryptorProvider inputDecryptorProvider = new BcPKCS12PBEInputDecryptorProviderBuilder() .build(keyPasswd); String eeAlias = null; AsymmetricKeyParameter privCred = null; List<X509CertificateHolder> chainList = new ArrayList<X509CertificateHolder>(); // log.info("Start iterating over the ContentInfo..."); for (int i = 0; i != infos.length; i++) { if (infos[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData)) { PKCS12SafeBagFactory dataFact = null; try { dataFact = new PKCS12SafeBagFactory(infos[i], inputDecryptorProvider); } catch (PKCSException e) { // TODO Auto-generated catch block log.error("Error in initiating PKCS12SafeBagFactory..."); e.printStackTrace(); } PKCS12SafeBag[] bags = dataFact.getSafeBags(); for (int b = 0; b != bags.length; b++) { PKCS12SafeBag bag = bags[b]; X509CertificateHolder certHldr = (X509CertificateHolder) bag.getBagValue(); chainList.add(certHldr); log.debug("Found a certificate and add it to certificate chain..."); } } else { PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i]); PKCS12SafeBag[] bags = dataFact.getSafeBags(); PKCS8EncryptedPrivateKeyInfo encInfo = (PKCS8EncryptedPrivateKeyInfo) bags[0].getBagValue(); PrivateKeyInfo info; AsymmetricKeyParameter privKey = null; try { info = encInfo.decryptPrivateKeyInfo(inputDecryptorProvider); privKey = PrivateKeyFactory.createKey(info); } catch (PKCSException e) { // TODO Auto-generated catch block log.error("Error in getting the decrypt private key info..."); e.printStackTrace(); } catch (IOException e) { // TODO Auto-generated catch block log.error("Error in loading private key..."); e.printStackTrace(); } Attribute[] attributes = bags[0].getAttributes(); for (int a = 0; a != attributes.length; a++) { Attribute attr = attributes[a]; if (attr.getAttrType().equals(PKCS12SafeBag.friendlyNameAttribute)) { eeAlias = ((DERBMPString) attr.getAttributeValues()[0]).getString(); privCred = privKey; log.debug("Get end entity alias"); log.debug("Priv. credential D: " + ((ECPrivateKeyParameters) privCred).getD().toString()); } } } } X509CertificateHolder[] chain = new X509CertificateHolder[chainList.size()]; chain = (X509CertificateHolder[]) chainList.toArray(chain); BcCredential cred = new BcCredential(eeAlias, privCred, chain); log.debug("Credential has been loaded!!"); return cred; }
From source file:eu.betaas.taas.securitymanager.common.certificate.utils.PKCS12Utils.java
License:Apache License
/** * A method to load BcCredential (consists of certificate chain, end entity * alias and private key of end entity credential) from the PKCS12 file * @param pfx: the PKCS#12 file in byte/* w ww. j av a 2s . c o m*/ * @param keyPasswd: the password of the key credential * @return * @throws Exception */ public static BcCredential loadPKCS12Credential(byte[] pfx, char[] keyPasswd) throws Exception { PKCS12PfxPdu pfxPdu = new PKCS12PfxPdu(pfx); if (!pfxPdu.isMacValid(new BcPKCS12MacCalculatorBuilderProvider(BcDefaultDigestProvider.INSTANCE), keyPasswd)) { log.error("PKCS#12 MAC test failed!"); return null; } ContentInfo[] infos = pfxPdu.getContentInfos(); InputDecryptorProvider inputDecryptorProvider = new BcPKCS12PBEInputDecryptorProviderBuilder() .build(keyPasswd); String eeAlias = null; AsymmetricKeyParameter privCred = null; List<X509CertificateHolder> chainList = new ArrayList<X509CertificateHolder>(); // log.debug("Start iterating over the ContentInfo..."); for (int i = 0; i != infos.length; i++) { if (infos[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData)) { PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i], inputDecryptorProvider); PKCS12SafeBag[] bags = dataFact.getSafeBags(); for (int b = 0; b != bags.length; b++) { PKCS12SafeBag bag = bags[b]; X509CertificateHolder certHldr = (X509CertificateHolder) bag.getBagValue(); chainList.add(certHldr); log.debug("Found a certificate and add it to certificate chain..."); } } else { PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i]); PKCS12SafeBag[] bags = dataFact.getSafeBags(); PKCS8EncryptedPrivateKeyInfo encInfo = (PKCS8EncryptedPrivateKeyInfo) bags[0].getBagValue(); PrivateKeyInfo info = encInfo.decryptPrivateKeyInfo(inputDecryptorProvider); AsymmetricKeyParameter privKey = PrivateKeyFactory.createKey(info); Attribute[] attributes = bags[0].getAttributes(); for (int a = 0; a != attributes.length; a++) { Attribute attr = attributes[a]; if (attr.getAttrType().equals(PKCS12SafeBag.friendlyNameAttribute)) { eeAlias = ((DERBMPString) attr.getAttributeValues()[0]).getString(); privCred = privKey; log.debug("Get end entity alias"); log.debug("Priv. credential D: " + ((ECPrivateKeyParameters) privCred).getD().toString()); } } } } X509CertificateHolder[] chain = new X509CertificateHolder[chainList.size()]; chain = (X509CertificateHolder[]) chainList.toArray(chain); BcCredential cred = new BcCredential(eeAlias, privCred, chain); return cred; }
From source file:org.jitsi.impl.neomedia.transform.dtls.DtlsControlImpl.java
License:LGPL
/** * Computes the fingerprint of a specific certificate using a specific * hash function.//from w w w. j av a2s . c o m * * @param certificate the certificate the fingerprint of which is to be * computed * @param hashFunction the hash function to be used in order to compute the * fingerprint of the specified <tt>certificate</tt> * @return the fingerprint of the specified <tt>certificate</tt> computed * using the specified <tt>hashFunction</tt> */ private static final String computeFingerprint(org.bouncycastle.asn1.x509.Certificate certificate, String hashFunction) { try { AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder() .find(hashFunction.toUpperCase()); Digest digest = BcDefaultDigestProvider.INSTANCE.get(digAlgId); byte[] in = certificate.getEncoded(ASN1Encoding.DER); byte[] out = new byte[digest.getDigestSize()]; digest.update(in, 0, in.length); digest.doFinal(out, 0); return toHex(out); } catch (Throwable t) { if (t instanceof ThreadDeath) { throw (ThreadDeath) t; } else { logger.error("Failed to generate certificate fingerprint!", t); if (t instanceof RuntimeException) throw (RuntimeException) t; else throw new RuntimeException(t); } } }
From source file:org.jitsi.impl.neomedia.transform.dtls.DtlsControlImpl.java
License:LGPL
/** * Determines the hash function i.e. the digest algorithm of the signature * algorithm of a specific certificate./*from w w w.j a va 2 s .co m*/ * * @param certificate the certificate the hash function of which is to be * determined * @return the hash function of the specified <tt>certificate</tt> */ private static String findHashFunction(org.bouncycastle.asn1.x509.Certificate certificate) { try { AlgorithmIdentifier sigAlgId = certificate.getSignatureAlgorithm(); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); return BcDefaultDigestProvider.INSTANCE.get(digAlgId).getAlgorithmName().toLowerCase(); } catch (Throwable t) { if (t instanceof ThreadDeath) { throw (ThreadDeath) t; } else { logger.warn("Failed to find the hash function of the signature" + " algorithm of a certificate!", t); if (t instanceof RuntimeException) throw (RuntimeException) t; else throw new RuntimeException(t); } } }
From source file:org.xipki.security.p11.AbstractP11DSAContentSigner.java
License:Open Source License
protected AbstractP11DSAContentSigner(final P11CryptService cryptService, final P11SlotIdentifier slot, final P11KeyIdentifier keyId, final AlgorithmIdentifier signatureAlgId) throws NoSuchAlgorithmException, OperatorCreationException { ParamChecker.assertNotNull("slot", slot); ParamChecker.assertNotNull("cryptService", cryptService); ParamChecker.assertNotNull("keyId", keyId); ParamChecker.assertNotNull("signatureAlgId", signatureAlgId); this.slot = slot; this.algorithmIdentifier = signatureAlgId; this.keyId = keyId; this.cryptService = cryptService; AlgorithmIdentifier digAlgId = AlgorithmUtil.extractDigesetAlgorithmIdentifier(signatureAlgId); Digest digest = BcDefaultDigestProvider.INSTANCE.get(digAlgId); this.outputStream = new DigestOutputStream(digest); }
From source file:org.xipki.security.p11.P11RSAContentSigner.java
License:Open Source License
public P11RSAContentSigner(final P11CryptService cryptService, final P11SlotIdentifier slot, final P11KeyIdentifier keyId, final AlgorithmIdentifier signatureAlgId) throws NoSuchAlgorithmException, NoSuchPaddingException, OperatorCreationException { ParamChecker.assertNotNull("slot", slot); ParamChecker.assertNotNull("cryptService", cryptService); ParamChecker.assertNotNull("keyId", keyId); ParamChecker.assertNotNull("signatureAlgId", signatureAlgId); if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(signatureAlgId.getAlgorithm())) { throw new IllegalArgumentException("unsupported signature algorithm " + signatureAlgId.getAlgorithm()); }/* ww w . j a va2s .c o m*/ this.slot = slot; this.algorithmIdentifier = signatureAlgId; this.keyId = keyId; this.digAlgId = AlgorithmUtil.extractDigesetAlgorithmIdentifier(signatureAlgId); Digest digest = BcDefaultDigestProvider.INSTANCE.get(digAlgId); this.cryptService = cryptService; this.outputStream = new DigestOutputStream(digest); }
From source file:org.xipki.security.SignerUtil.java
License:Open Source License
static public PSSSigner createPSSRSASigner(final AlgorithmIdentifier sigAlgId, AsymmetricBlockCipher cipher) throws OperatorCreationException { if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(sigAlgId.getAlgorithm()) == false) { throw new OperatorCreationException( "signature algorithm " + sigAlgId.getAlgorithm() + " is not allowed"); }//from w ww .j av a 2s . c o m BcDigestProvider digestProvider = BcDefaultDigestProvider.INSTANCE; AlgorithmIdentifier digAlgId; try { digAlgId = AlgorithmUtil.extractDigesetAlgorithmIdentifier(sigAlgId); } catch (NoSuchAlgorithmException e) { throw new OperatorCreationException(e.getMessage(), e); } Digest dig = digestProvider.get(digAlgId); if (cipher == null) { cipher = new RSABlindedEngine(); } RSASSAPSSparams param = RSASSAPSSparams.getInstance(sigAlgId.getParameters()); AlgorithmIdentifier mfgDigAlgId = AlgorithmIdentifier .getInstance(param.getMaskGenAlgorithm().getParameters()); Digest mfgDig = digestProvider.get(mfgDigAlgId); int saltSize = param.getSaltLength().intValue(); int trailerField = param.getTrailerField().intValue(); return new PSSSigner(cipher, dig, mfgDig, saltSize, getTrailer(trailerField)); }