1b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallampackage org.bouncycastle.jce; 2b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 36e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport java.io.IOException; 46e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport java.security.AlgorithmParameters; 56e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport java.security.GeneralSecurityException; 66e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport java.security.InvalidKeyException; 76e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport java.security.KeyFactory; 86e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport java.security.NoSuchAlgorithmException; 96e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport java.security.NoSuchProviderException; 106e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport java.security.PrivateKey; 116e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport java.security.PublicKey; 126e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport java.security.Signature; 136e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport java.security.SignatureException; 146e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport java.security.spec.InvalidKeySpecException; 156e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport java.security.spec.PSSParameterSpec; 166e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport java.security.spec.X509EncodedKeySpec; 176e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport java.util.HashSet; 186e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport java.util.Hashtable; 196e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport java.util.Set; 206e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom 216e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport javax.security.auth.x500.X500Principal; 226e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom 23c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport org.bouncycastle.asn1.ASN1Encodable; 24b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallamimport org.bouncycastle.asn1.ASN1InputStream; 25c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport org.bouncycastle.asn1.ASN1Object; 26b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallamimport org.bouncycastle.asn1.ASN1Sequence; 27b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallamimport org.bouncycastle.asn1.ASN1Set; 28b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallamimport org.bouncycastle.asn1.DERBitString; 29c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport org.bouncycastle.asn1.DEREncodable; 30c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport org.bouncycastle.asn1.DERInteger; 31c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport org.bouncycastle.asn1.DERNull; 32b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallamimport org.bouncycastle.asn1.DERObjectIdentifier; 33b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallamimport org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; 34c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport org.bouncycastle.asn1.nist.NISTObjectIdentifiers; 35b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallamimport org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; 36b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallamimport org.bouncycastle.asn1.pkcs.CertificationRequest; 37b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallamimport org.bouncycastle.asn1.pkcs.CertificationRequestInfo; 38c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 39c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport org.bouncycastle.asn1.pkcs.RSASSAPSSparams; 40c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; 41b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallamimport org.bouncycastle.asn1.x509.AlgorithmIdentifier; 42b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallamimport org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; 43b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallamimport org.bouncycastle.asn1.x509.X509Name; 44b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallamimport org.bouncycastle.asn1.x9.X9ObjectIdentifiers; 456e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport org.bouncycastle.jce.provider.BouncyCastleProvider; 46b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallamimport org.bouncycastle.util.Strings; 47b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 48b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam/** 49b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * A class for verifying and creating PKCS10 Certification requests. 50b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * <pre> 51b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * CertificationRequest ::= SEQUENCE { 52b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * certificationRequestInfo CertificationRequestInfo, 53b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }}, 54b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * signature BIT STRING 55b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * } 56b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * 57b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * CertificationRequestInfo ::= SEQUENCE { 58b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * version INTEGER { v1(0) } (v1,...), 59b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * subject Name, 60b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, 61b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * attributes [0] Attributes{{ CRIAttributes }} 62b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * } 63b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * 64b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }} 65b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * 66b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE { 67b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * type ATTRIBUTE.&id({IOSet}), 68b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type}) 69b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * } 70b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * </pre> 71b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam */ 72b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallampublic class PKCS10CertificationRequest 73b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam extends CertificationRequest 74b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam{ 75b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam private static Hashtable algorithms = new Hashtable(); 76c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private static Hashtable params = new Hashtable(); 77b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam private static Hashtable keyAlgorithms = new Hashtable(); 78b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam private static Hashtable oids = new Hashtable(); 79b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam private static Set noParams = new HashSet(); 80b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 81b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam static 82b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 83b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // BEGIN android-removed 84b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // Dropping MD2 85b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2")); 86b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2")); 87b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // END android-removed 88b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4")); 89b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4")); 90b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam algorithms.put("RSAWITHMD5", new DERObjectIdentifier("1.2.840.113549.1.1.4")); 91b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5")); 92b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5")); 936e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // BEGIN android-removed 946e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption); 956e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption); 966e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // END android-removed 97b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption); 98b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption); 99b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption); 100b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam algorithms.put("SHA384WITHRSA", PKCSObjectIdentifiers.sha384WithRSAEncryption); 101b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption); 102b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption); 103c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); 1046e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // BEGIN android-removed 1056e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); 1066e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // END android-removed 107c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); 108c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); 109c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); 110b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam algorithms.put("RSAWITHSHA1", new DERObjectIdentifier("1.2.840.113549.1.1.5")); 1116e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // BEGIN android-removed 1126e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); 1136e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); 1146e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); 1156e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); 1166e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); 1176e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); 1186e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // END android-removed 119b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3")); 120b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3")); 1216e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // BEGIN android-removed 1226e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224); 1236e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // END android-removed 124b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256); 1256e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384); 1266e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512); 127b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1); 1286e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // BEGIN android-removed 1296e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224); 1306e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // END android-removed 131b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256); 132b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384); 133b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512); 134b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1); 1356e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // BEGIN android-removed 1366e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); 1376e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); 1386e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 1396e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 1406e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 1416e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // END android-removed 142b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 143b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // 144b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // reverse mappings 145b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // 146b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA"); 1476e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // BEGIN android-removed 1486e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA"); 1496e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // END android-removed 150b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA"); 151b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA"); 152b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA"); 1536e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // BEGIN android-removed 1546e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410"); 1556e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410"); 1566e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // END android-removed 157b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 158b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA"); 159b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // BEGIN android-removed 160b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // Dropping MD2 161b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA"); 162b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // END android-removed 163b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam oids.put(new DERObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA"); 164b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA"); 1656e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // BEGIN android-removed 1666e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA"); 1676e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // END android-removed 168b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA"); 169b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384WITHECDSA"); 170b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512WITHECDSA"); 171b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam oids.put(OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA"); 172b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam oids.put(OIWObjectIdentifiers.dsaWithSHA1, "SHA1WITHDSA"); 1736e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // BEGIN android-removed 1746e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA"); 1756e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // END android-removed 176b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA"); 177b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 178b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // 179b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // key types 180b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // 181b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam keyAlgorithms.put(PKCSObjectIdentifiers.rsaEncryption, "RSA"); 182b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam keyAlgorithms.put(X9ObjectIdentifiers.id_dsa, "DSA"); 183b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 184b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // 185b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. 186b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // The parameters field SHALL be NULL for RSA based signature algorithms. 187b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // 188b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1); 1896e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // BEGIN android-removed 1906e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224); 1916e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // END android-removed 192b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256); 193b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384); 194b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512); 195b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1); 1966e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // BEGIN android-removed 1976e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // noParams.add(NISTObjectIdentifiers.dsa_with_sha224); 1986e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // END android-removed 199b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam noParams.add(NISTObjectIdentifiers.dsa_with_sha256); 200c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 201c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom // 202c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom // RFC 4491 203c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom // 2046e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // BEGIN android-removed 2056e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); 2066e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 2076e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // END android-removed 208c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom // 209c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom // explicit params 210c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom // 211c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom // BEGIN android-changed 212c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE); 213c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom // END android-changed 214c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20)); 215c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 2166e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // BEGIN android-removed 2176e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // // BEGIN android-changed 2186e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE); 2196e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // // END android-changed 2206e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28)); 2216e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // END android-removed 222c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 223c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom // BEGIN android-changed 224c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE); 225c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom // END android-changed 226c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom params.put("SHA256WITHRSAANDMGF1", creatPSSParams(sha256AlgId, 32)); 227c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 228c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom // BEGIN android-changed 229c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha384, DERNull.INSTANCE); 230c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom // END android-changed 231c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom params.put("SHA384WITHRSAANDMGF1", creatPSSParams(sha384AlgId, 48)); 232c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 233c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom // BEGIN android-changed 234c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512, DERNull.INSTANCE); 235c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom // END android-changed 236c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom params.put("SHA512WITHRSAANDMGF1", creatPSSParams(sha512AlgId, 64)); 237c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 238c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 239c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private static RSASSAPSSparams creatPSSParams(AlgorithmIdentifier hashAlgId, int saltSize) 240c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 241c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return new RSASSAPSSparams( 242c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom hashAlgId, 243c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, hashAlgId), 244c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom new DERInteger(saltSize), 245c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom new DERInteger(1)); 246b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 247b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 248b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam private static ASN1Sequence toDERSequence( 249b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam byte[] bytes) 250b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 251b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam try 252b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 253c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom ASN1InputStream dIn = new ASN1InputStream(bytes); 254b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 255b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam return (ASN1Sequence)dIn.readObject(); 256b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 257b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam catch (Exception e) 258b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 259b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam throw new IllegalArgumentException("badly encoded request"); 260b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 261b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 262b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 263b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam /** 264b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * construct a PKCS10 certification request from a DER encoded 265b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * byte stream. 266b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam */ 267b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam public PKCS10CertificationRequest( 268b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam byte[] bytes) 269b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 270b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam super(toDERSequence(bytes)); 271b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 272b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 273b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam public PKCS10CertificationRequest( 274b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam ASN1Sequence sequence) 275b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 276b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam super(sequence); 277b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 278b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 279b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam /** 280b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * create a PKCS10 certfication request using the BC provider. 281b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam */ 282b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam public PKCS10CertificationRequest( 283b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam String signatureAlgorithm, 284b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam X509Name subject, 285b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam PublicKey key, 286b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam ASN1Set attributes, 287b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam PrivateKey signingKey) 288b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam throws NoSuchAlgorithmException, NoSuchProviderException, 289b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam InvalidKeyException, SignatureException 290b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 2916e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom this(signatureAlgorithm, subject, key, attributes, signingKey, BouncyCastleProvider.PROVIDER_NAME); 292b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 293b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 294b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam private static X509Name convertName( 295b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam X500Principal name) 296b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 297b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam try 298b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 299b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam return new X509Principal(name.getEncoded()); 300b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 301b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam catch (IOException e) 302b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 303b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam throw new IllegalArgumentException("can't convert name"); 304b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 305b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 306b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 307b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam /** 308b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * create a PKCS10 certfication request using the BC provider. 309b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam */ 310b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam public PKCS10CertificationRequest( 311b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam String signatureAlgorithm, 312b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam X500Principal subject, 313b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam PublicKey key, 314b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam ASN1Set attributes, 315b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam PrivateKey signingKey) 316b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam throws NoSuchAlgorithmException, NoSuchProviderException, 317b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam InvalidKeyException, SignatureException 318b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 3196e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom this(signatureAlgorithm, convertName(subject), key, attributes, signingKey, BouncyCastleProvider.PROVIDER_NAME); 320b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 321b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 322b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam /** 323b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * create a PKCS10 certfication request using the named provider. 324b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam */ 325b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam public PKCS10CertificationRequest( 326b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam String signatureAlgorithm, 327b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam X500Principal subject, 328b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam PublicKey key, 329b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam ASN1Set attributes, 330b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam PrivateKey signingKey, 331b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam String provider) 332b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam throws NoSuchAlgorithmException, NoSuchProviderException, 333b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam InvalidKeyException, SignatureException 334b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 335b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam this(signatureAlgorithm, convertName(subject), key, attributes, signingKey, provider); 336b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 337b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 338b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam /** 339b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * create a PKCS10 certfication request using the named provider. 340b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam */ 341b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam public PKCS10CertificationRequest( 342b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam String signatureAlgorithm, 343b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam X509Name subject, 344b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam PublicKey key, 345b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam ASN1Set attributes, 346b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam PrivateKey signingKey, 347b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam String provider) 348b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam throws NoSuchAlgorithmException, NoSuchProviderException, 349b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam InvalidKeyException, SignatureException 350b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 351c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom String algorithmName = Strings.toUpperCase(signatureAlgorithm); 352c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom DERObjectIdentifier sigOID = (DERObjectIdentifier)algorithms.get(algorithmName); 353b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 354b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam if (sigOID == null) 355b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 3566e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom try 3576e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom { 3586e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom sigOID = new DERObjectIdentifier(algorithmName); 3596e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom } 3606e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom catch (Exception e) 3616e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom { 3626e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom throw new IllegalArgumentException("Unknown signature type requested"); 3636e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom } 364b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 365b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 366b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam if (subject == null) 367b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 368b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam throw new IllegalArgumentException("subject must not be null"); 369b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 370b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 371b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam if (key == null) 372b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 373b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam throw new IllegalArgumentException("public key must not be null"); 374b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 375b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 376b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam if (noParams.contains(sigOID)) 377b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 378b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam this.sigAlgId = new AlgorithmIdentifier(sigOID); 379b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 380c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom else if (params.containsKey(algorithmName)) 381c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 382c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.sigAlgId = new AlgorithmIdentifier(sigOID, (DEREncodable)params.get(algorithmName)); 383c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 384b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam else 385b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 3866e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom this.sigAlgId = new AlgorithmIdentifier(sigOID, DERNull.INSTANCE); 387b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 388b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 389b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam try 390b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 391c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom ASN1Sequence seq = (ASN1Sequence)ASN1Object.fromByteArray(key.getEncoded()); 392c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.reqInfo = new CertificationRequestInfo(subject, new SubjectPublicKeyInfo(seq), attributes); 393b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 394b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam catch (IOException e) 395b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 396b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam throw new IllegalArgumentException("can't encode public key"); 397b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 398b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 399c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom Signature sig; 400c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (provider == null) 401b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 402c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom sig = Signature.getInstance(signatureAlgorithm); 403b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 404c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom else 405b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 406b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam sig = Signature.getInstance(signatureAlgorithm, provider); 407b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 408b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 409b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam sig.initSign(signingKey); 410b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 411b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam try 412b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 413c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom sig.update(reqInfo.getEncoded(ASN1Encodable.DER)); 414b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 415b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam catch (Exception e) 416b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 417c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throw new IllegalArgumentException("exception encoding TBS cert request - " + e); 418b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 419b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 420b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam this.sigBits = new DERBitString(sig.sign()); 421b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 422b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 423b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam /** 424b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * return the public key associated with the certification request - 425b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * the public key is created using the BC provider. 426b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam */ 427b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam public PublicKey getPublicKey() 428b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException 429b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 4306e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom return getPublicKey(BouncyCastleProvider.PROVIDER_NAME); 431b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 432b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 433b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam public PublicKey getPublicKey( 434b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam String provider) 435b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam throws NoSuchAlgorithmException, NoSuchProviderException, 436b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam InvalidKeyException 437b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 438b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam SubjectPublicKeyInfo subjectPKInfo = reqInfo.getSubjectPublicKeyInfo(); 439b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString(subjectPKInfo).getBytes()); 440b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam AlgorithmIdentifier keyAlg = subjectPKInfo.getAlgorithmId(); 441b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 442b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam try 443b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 444b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam try 445b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 446c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (provider == null) 447c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 448c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return KeyFactory.getInstance(keyAlg.getObjectId().getId()).generatePublic(xspec); 449c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 450c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom else 451c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 452c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return KeyFactory.getInstance(keyAlg.getObjectId().getId(), provider).generatePublic(xspec); 453c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 454b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 455b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam catch (NoSuchAlgorithmException e) 456b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 457b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // 458b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // try an alternate 459b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // 460b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam if (keyAlgorithms.get(keyAlg.getObjectId()) != null) 461b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 462b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam String keyAlgorithm = (String)keyAlgorithms.get(keyAlg.getObjectId()); 463b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 464c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (provider == null) 465c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 466c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return KeyFactory.getInstance(keyAlgorithm).generatePublic(xspec); 467c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 468c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom else 469c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 470c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return KeyFactory.getInstance(keyAlgorithm, provider).generatePublic(xspec); 471c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 472b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 473b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 474b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam throw e; 475b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 476b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 477b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam catch (InvalidKeySpecException e) 478b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 479b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam throw new InvalidKeyException("error decoding public key"); 480b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 481b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 482b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 483b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam /** 484b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * verify the request using the BC provider. 485b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam */ 486b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam public boolean verify() 487b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam throws NoSuchAlgorithmException, NoSuchProviderException, 488b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam InvalidKeyException, SignatureException 489b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 4906e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom return verify(BouncyCastleProvider.PROVIDER_NAME); 491b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 492b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 493c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 494c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * verify the request using the passed in provider. 495c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 496c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public boolean verify( 497c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom String provider) 498c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throws NoSuchAlgorithmException, NoSuchProviderException, 499c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom InvalidKeyException, SignatureException 500c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 501c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return verify(this.getPublicKey(provider), provider); 502c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 503c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 504c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 505c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * verify the request using the passed in public key and the provider.. 506c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 507b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam public boolean verify( 508c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom PublicKey pubKey, 509b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam String provider) 510b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam throws NoSuchAlgorithmException, NoSuchProviderException, 511b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam InvalidKeyException, SignatureException 512b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 513c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom Signature sig; 514b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 515b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam try 516b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 517c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (provider == null) 518c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 519c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom sig = Signature.getInstance(getSignatureName(sigAlgId)); 520c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 521c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom else 522c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 523c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom sig = Signature.getInstance(getSignatureName(sigAlgId), provider); 524c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 525b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 526b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam catch (NoSuchAlgorithmException e) 527b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 528b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // 529b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // try an alternate 530b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam // 531b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam if (oids.get(sigAlgId.getObjectId()) != null) 532b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 533b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam String signatureAlgorithm = (String)oids.get(sigAlgId.getObjectId()); 534b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 535c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (provider == null) 536c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 537c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom sig = Signature.getInstance(signatureAlgorithm); 538c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 539c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom else 540c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 541c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom sig = Signature.getInstance(signatureAlgorithm, provider); 542c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 543b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 544b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam else 545b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 546b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam throw e; 547b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 548b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 549b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 550c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setSignatureParameters(sig, sigAlgId.getParameters()); 551c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 552c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom sig.initVerify(pubKey); 553b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 554b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam try 555b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 556c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom sig.update(reqInfo.getEncoded(ASN1Encodable.DER)); 557b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 558b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam catch (Exception e) 559b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 560c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throw new SignatureException("exception encoding TBS cert request - " + e); 561b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 562b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 563b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam return sig.verify(sigBits.getBytes()); 564b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 565b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 566b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam /** 567b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * return a DER encoded byte array representing this object 568b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam */ 569b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam public byte[] getEncoded() 570b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 571b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam try 572b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 573c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return this.getEncoded(ASN1Encodable.DER); 574b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 575b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam catch (IOException e) 576b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam { 577b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam throw new RuntimeException(e.toString()); 578b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 579c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 580c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 581c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private void setSignatureParameters( 582c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom Signature signature, 583c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom DEREncodable params) 584c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throws NoSuchAlgorithmException, SignatureException, InvalidKeyException 585c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 586c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (params != null && !DERNull.INSTANCE.equals(params)) 587c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 588c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom AlgorithmParameters sigParams = AlgorithmParameters.getInstance(signature.getAlgorithm(), signature.getProvider()); 589c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 590c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom try 591c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 592c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom sigParams.init(params.getDERObject().getDEREncoded()); 593c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 594c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom catch (IOException e) 595c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 596c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throw new SignatureException("IOException decoding parameters: " + e.getMessage()); 597c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 598c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 599c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (signature.getAlgorithm().endsWith("MGF1")) 600c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 601c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom try 602c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 603c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom signature.setParameter(sigParams.getParameterSpec(PSSParameterSpec.class)); 604c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 605c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom catch (GeneralSecurityException e) 606c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 607c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throw new SignatureException("Exception extracting parameters: " + e.getMessage()); 608c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 609c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 610c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 611c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 612b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam 613c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom static String getSignatureName( 614c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom AlgorithmIdentifier sigAlgId) 615c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 616c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom DEREncodable params = sigAlgId.getParameters(); 617c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 618c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (params != null && !DERNull.INSTANCE.equals(params)) 619c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 620c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (sigAlgId.getObjectId().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) 621c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 622c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); 623c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return getDigestAlgName(rsaParams.getHashAlgorithm().getObjectId()) + "withRSAandMGF1"; 624c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 625c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 626c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 627c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return sigAlgId.getObjectId().getId(); 628c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 629c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 630c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private static String getDigestAlgName( 631c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom DERObjectIdentifier digestAlgOID) 632c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 633c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (PKCSObjectIdentifiers.md5.equals(digestAlgOID)) 634c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 635c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return "MD5"; 636c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 637c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom else if (OIWObjectIdentifiers.idSHA1.equals(digestAlgOID)) 638c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 639c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return "SHA1"; 640c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 6416e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // BEGIN android-removed 6426e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID)) 6436e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // { 6446e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // return "SHA224"; 6456e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // } 6466e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // END android-removed 647c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID)) 648c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 649c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return "SHA256"; 650c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 651c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom else if (NISTObjectIdentifiers.id_sha384.equals(digestAlgOID)) 652c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 653c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return "SHA384"; 654c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 655c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom else if (NISTObjectIdentifiers.id_sha512.equals(digestAlgOID)) 656c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 657c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return "SHA512"; 658c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 6596e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // BEGIN android-removed 6606e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) 6616e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // { 6626e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // return "RIPEMD128"; 6636e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // } 6646e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) 6656e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // { 6666e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // return "RIPEMD160"; 6676e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // } 6686e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) 6696e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // { 6706e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // return "RIPEMD256"; 6716e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // } 6726e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) 6736e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // { 6746e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // return "GOST3411"; 6756e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // } 6766e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom // END android-removed 677c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom else 678c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 679c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return digestAlgOID.getId(); 680c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 681b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam } 682b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam} 683