PKCS10CertificationRequest.java revision e1142c149e244797ce73b0e7fad40816e447a817
1package org.bouncycastle.jce; 2 3import java.io.IOException; 4import java.security.AlgorithmParameters; 5import java.security.GeneralSecurityException; 6import java.security.InvalidKeyException; 7import java.security.KeyFactory; 8import java.security.NoSuchAlgorithmException; 9import java.security.NoSuchProviderException; 10import java.security.PrivateKey; 11import java.security.PublicKey; 12import java.security.Signature; 13import java.security.SignatureException; 14import java.security.spec.InvalidKeySpecException; 15import java.security.spec.PSSParameterSpec; 16import java.security.spec.X509EncodedKeySpec; 17import java.util.HashSet; 18import java.util.Hashtable; 19import java.util.Set; 20 21import javax.security.auth.x500.X500Principal; 22 23import org.bouncycastle.asn1.ASN1Encodable; 24import org.bouncycastle.asn1.ASN1Encoding; 25import org.bouncycastle.asn1.ASN1InputStream; 26import org.bouncycastle.asn1.ASN1Integer; 27import org.bouncycastle.asn1.ASN1Primitive; 28import org.bouncycastle.asn1.ASN1Sequence; 29import org.bouncycastle.asn1.ASN1Set; 30import org.bouncycastle.asn1.DERBitString; 31import org.bouncycastle.asn1.DERNull; 32import org.bouncycastle.asn1.DERObjectIdentifier; 33// BEGIN android-removed 34// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; 35// END android-removed 36import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; 37import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; 38import org.bouncycastle.asn1.pkcs.CertificationRequest; 39import org.bouncycastle.asn1.pkcs.CertificationRequestInfo; 40import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 41import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; 42// BEGIN android-removed 43// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; 44// END android-removed 45import org.bouncycastle.asn1.x509.AlgorithmIdentifier; 46import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; 47import org.bouncycastle.asn1.x509.X509Name; 48import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; 49import org.bouncycastle.jce.provider.BouncyCastleProvider; 50import org.bouncycastle.util.Strings; 51 52/** 53 * A class for verifying and creating PKCS10 Certification requests. 54 * <pre> 55 * CertificationRequest ::= SEQUENCE { 56 * certificationRequestInfo CertificationRequestInfo, 57 * signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }}, 58 * signature BIT STRING 59 * } 60 * 61 * CertificationRequestInfo ::= SEQUENCE { 62 * version INTEGER { v1(0) } (v1,...), 63 * subject Name, 64 * subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, 65 * attributes [0] Attributes{{ CRIAttributes }} 66 * } 67 * 68 * Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }} 69 * 70 * Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE { 71 * type ATTRIBUTE.&id({IOSet}), 72 * values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type}) 73 * } 74 * </pre> 75 * @deprecated use classes in org.bouncycastle.pkcs. 76 */ 77public class PKCS10CertificationRequest 78 extends CertificationRequest 79{ 80 private static Hashtable algorithms = new Hashtable(); 81 private static Hashtable params = new Hashtable(); 82 private static Hashtable keyAlgorithms = new Hashtable(); 83 private static Hashtable oids = new Hashtable(); 84 private static Set noParams = new HashSet(); 85 86 static 87 { 88 // BEGIN android-removed 89 // Dropping MD2 90 // algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2")); 91 // algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2")); 92 // END android-removed 93 algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4")); 94 algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4")); 95 algorithms.put("RSAWITHMD5", new DERObjectIdentifier("1.2.840.113549.1.1.4")); 96 algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5")); 97 algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5")); 98 // BEGIN android-removed 99 // algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption); 100 // algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption); 101 // END android-removed 102 algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption); 103 algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption); 104 algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption); 105 algorithms.put("SHA384WITHRSA", PKCSObjectIdentifiers.sha384WithRSAEncryption); 106 algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption); 107 algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption); 108 algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); 109 // BEGIN android-removed 110 // algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); 111 // END android-removed 112 algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); 113 algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); 114 algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); 115 algorithms.put("RSAWITHSHA1", new DERObjectIdentifier("1.2.840.113549.1.1.5")); 116 // BEGIN android-removed 117 // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); 118 // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); 119 // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); 120 // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); 121 // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); 122 // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); 123 // END android-removed 124 algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3")); 125 algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3")); 126 // BEGIN android-removed 127 // algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224); 128 // END android-removed 129 algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256); 130 algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384); 131 algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512); 132 algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1); 133 // BEGIN android-removed 134 // algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224); 135 // END android-removed 136 algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256); 137 algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384); 138 algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512); 139 algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1); 140 // BEGIN android-removed 141 // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); 142 // algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); 143 // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 144 // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 145 // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 146 // END android-removed 147 148 // 149 // reverse mappings 150 // 151 oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA"); 152 // BEGIN android-removed 153 // oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA"); 154 // END android-removed 155 oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA"); 156 oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA"); 157 oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA"); 158 // BEGIN android-removed 159 // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410"); 160 // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410"); 161 // END android-removed 162 163 oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA"); 164 // BEGIN android-removed 165 // Dropping MD2 166 // oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA"); 167 // END android-removed 168 oids.put(new DERObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA"); 169 oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA"); 170 // BEGIN android-removed 171 // oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA"); 172 // END android-removed 173 oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA"); 174 oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384WITHECDSA"); 175 oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512WITHECDSA"); 176 oids.put(OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA"); 177 oids.put(OIWObjectIdentifiers.dsaWithSHA1, "SHA1WITHDSA"); 178 // BEGIN android-removed 179 // oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA"); 180 // END android-removed 181 oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA"); 182 183 // 184 // key types 185 // 186 keyAlgorithms.put(PKCSObjectIdentifiers.rsaEncryption, "RSA"); 187 keyAlgorithms.put(X9ObjectIdentifiers.id_dsa, "DSA"); 188 189 // 190 // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. 191 // The parameters field SHALL be NULL for RSA based signature algorithms. 192 // 193 noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1); 194 // BEGIN android-removed 195 // noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224); 196 // END android-removed 197 noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256); 198 noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384); 199 noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512); 200 noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1); 201 // BEGIN android-removed 202 // noParams.add(NISTObjectIdentifiers.dsa_with_sha224); 203 // END android-removed 204 noParams.add(NISTObjectIdentifiers.dsa_with_sha256); 205 206 // 207 // RFC 4491 208 // 209 // BEGIN android-removed 210 // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); 211 // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 212 // END android-removed 213 // 214 // explicit params 215 // 216 AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE); 217 params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20)); 218 219 // BEGIN android-removed 220 // AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE); 221 // params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28)); 222 // END android-removed 223 224 AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE); 225 params.put("SHA256WITHRSAANDMGF1", creatPSSParams(sha256AlgId, 32)); 226 227 AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha384, DERNull.INSTANCE); 228 params.put("SHA384WITHRSAANDMGF1", creatPSSParams(sha384AlgId, 48)); 229 230 AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512, DERNull.INSTANCE); 231 params.put("SHA512WITHRSAANDMGF1", creatPSSParams(sha512AlgId, 64)); 232 } 233 234 private static RSASSAPSSparams creatPSSParams(AlgorithmIdentifier hashAlgId, int saltSize) 235 { 236 return new RSASSAPSSparams( 237 hashAlgId, 238 new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, hashAlgId), 239 new ASN1Integer(saltSize), 240 new ASN1Integer(1)); 241 } 242 243 private static ASN1Sequence toDERSequence( 244 byte[] bytes) 245 { 246 try 247 { 248 ASN1InputStream dIn = new ASN1InputStream(bytes); 249 250 return (ASN1Sequence)dIn.readObject(); 251 } 252 catch (Exception e) 253 { 254 throw new IllegalArgumentException("badly encoded request"); 255 } 256 } 257 258 /** 259 * construct a PKCS10 certification request from a DER encoded 260 * byte stream. 261 */ 262 public PKCS10CertificationRequest( 263 byte[] bytes) 264 { 265 super(toDERSequence(bytes)); 266 } 267 268 public PKCS10CertificationRequest( 269 ASN1Sequence sequence) 270 { 271 super(sequence); 272 } 273 274 /** 275 * create a PKCS10 certfication request using the BC provider. 276 */ 277 public PKCS10CertificationRequest( 278 String signatureAlgorithm, 279 X509Name subject, 280 PublicKey key, 281 ASN1Set attributes, 282 PrivateKey signingKey) 283 throws NoSuchAlgorithmException, NoSuchProviderException, 284 InvalidKeyException, SignatureException 285 { 286 this(signatureAlgorithm, subject, key, attributes, signingKey, BouncyCastleProvider.PROVIDER_NAME); 287 } 288 289 private static X509Name convertName( 290 X500Principal name) 291 { 292 try 293 { 294 return new X509Principal(name.getEncoded()); 295 } 296 catch (IOException e) 297 { 298 throw new IllegalArgumentException("can't convert name"); 299 } 300 } 301 302 /** 303 * create a PKCS10 certfication request using the BC provider. 304 */ 305 public PKCS10CertificationRequest( 306 String signatureAlgorithm, 307 X500Principal subject, 308 PublicKey key, 309 ASN1Set attributes, 310 PrivateKey signingKey) 311 throws NoSuchAlgorithmException, NoSuchProviderException, 312 InvalidKeyException, SignatureException 313 { 314 this(signatureAlgorithm, convertName(subject), key, attributes, signingKey, BouncyCastleProvider.PROVIDER_NAME); 315 } 316 317 /** 318 * create a PKCS10 certfication request using the named provider. 319 */ 320 public PKCS10CertificationRequest( 321 String signatureAlgorithm, 322 X500Principal subject, 323 PublicKey key, 324 ASN1Set attributes, 325 PrivateKey signingKey, 326 String provider) 327 throws NoSuchAlgorithmException, NoSuchProviderException, 328 InvalidKeyException, SignatureException 329 { 330 this(signatureAlgorithm, convertName(subject), key, attributes, signingKey, provider); 331 } 332 333 /** 334 * create a PKCS10 certfication request using the named provider. 335 */ 336 public PKCS10CertificationRequest( 337 String signatureAlgorithm, 338 X509Name subject, 339 PublicKey key, 340 ASN1Set attributes, 341 PrivateKey signingKey, 342 String provider) 343 throws NoSuchAlgorithmException, NoSuchProviderException, 344 InvalidKeyException, SignatureException 345 { 346 String algorithmName = Strings.toUpperCase(signatureAlgorithm); 347 DERObjectIdentifier sigOID = (DERObjectIdentifier)algorithms.get(algorithmName); 348 349 if (sigOID == null) 350 { 351 try 352 { 353 sigOID = new DERObjectIdentifier(algorithmName); 354 } 355 catch (Exception e) 356 { 357 throw new IllegalArgumentException("Unknown signature type requested"); 358 } 359 } 360 361 if (subject == null) 362 { 363 throw new IllegalArgumentException("subject must not be null"); 364 } 365 366 if (key == null) 367 { 368 throw new IllegalArgumentException("public key must not be null"); 369 } 370 371 if (noParams.contains(sigOID)) 372 { 373 this.sigAlgId = new AlgorithmIdentifier(sigOID); 374 } 375 else if (params.containsKey(algorithmName)) 376 { 377 this.sigAlgId = new AlgorithmIdentifier(sigOID, (ASN1Encodable)params.get(algorithmName)); 378 } 379 else 380 { 381 this.sigAlgId = new AlgorithmIdentifier(sigOID, DERNull.INSTANCE); 382 } 383 384 try 385 { 386 ASN1Sequence seq = (ASN1Sequence)ASN1Primitive.fromByteArray(key.getEncoded()); 387 this.reqInfo = new CertificationRequestInfo(subject, new SubjectPublicKeyInfo(seq), attributes); 388 } 389 catch (IOException e) 390 { 391 throw new IllegalArgumentException("can't encode public key"); 392 } 393 394 Signature sig; 395 if (provider == null) 396 { 397 sig = Signature.getInstance(signatureAlgorithm); 398 } 399 else 400 { 401 sig = Signature.getInstance(signatureAlgorithm, provider); 402 } 403 404 sig.initSign(signingKey); 405 406 try 407 { 408 sig.update(reqInfo.getEncoded(ASN1Encoding.DER)); 409 } 410 catch (Exception e) 411 { 412 throw new IllegalArgumentException("exception encoding TBS cert request - " + e); 413 } 414 415 this.sigBits = new DERBitString(sig.sign()); 416 } 417 418 /** 419 * return the public key associated with the certification request - 420 * the public key is created using the BC provider. 421 */ 422 public PublicKey getPublicKey() 423 throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException 424 { 425 return getPublicKey(BouncyCastleProvider.PROVIDER_NAME); 426 } 427 428 public PublicKey getPublicKey( 429 String provider) 430 throws NoSuchAlgorithmException, NoSuchProviderException, 431 InvalidKeyException 432 { 433 SubjectPublicKeyInfo subjectPKInfo = reqInfo.getSubjectPublicKeyInfo(); 434 435 436 try 437 { 438 X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString(subjectPKInfo).getBytes()); 439 AlgorithmIdentifier keyAlg = subjectPKInfo.getAlgorithm(); 440 try 441 { 442 if (provider == null) 443 { 444 return KeyFactory.getInstance(keyAlg.getAlgorithm().getId()).generatePublic(xspec); 445 } 446 else 447 { 448 return KeyFactory.getInstance(keyAlg.getAlgorithm().getId(), provider).generatePublic(xspec); 449 } 450 } 451 catch (NoSuchAlgorithmException e) 452 { 453 // 454 // try an alternate 455 // 456 if (keyAlgorithms.get(keyAlg.getObjectId()) != null) 457 { 458 String keyAlgorithm = (String)keyAlgorithms.get(keyAlg.getObjectId()); 459 460 if (provider == null) 461 { 462 return KeyFactory.getInstance(keyAlgorithm).generatePublic(xspec); 463 } 464 else 465 { 466 return KeyFactory.getInstance(keyAlgorithm, provider).generatePublic(xspec); 467 } 468 } 469 470 throw e; 471 } 472 } 473 catch (InvalidKeySpecException e) 474 { 475 throw new InvalidKeyException("error decoding public key"); 476 } 477 catch (IOException e) 478 { 479 throw new InvalidKeyException("error decoding public key"); 480 } 481 } 482 483 /** 484 * verify the request using the BC provider. 485 */ 486 public boolean verify() 487 throws NoSuchAlgorithmException, NoSuchProviderException, 488 InvalidKeyException, SignatureException 489 { 490 return verify(BouncyCastleProvider.PROVIDER_NAME); 491 } 492 493 /** 494 * verify the request using the passed in provider. 495 */ 496 public boolean verify( 497 String provider) 498 throws NoSuchAlgorithmException, NoSuchProviderException, 499 InvalidKeyException, SignatureException 500 { 501 return verify(this.getPublicKey(provider), provider); 502 } 503 504 /** 505 * verify the request using the passed in public key and the provider.. 506 */ 507 public boolean verify( 508 PublicKey pubKey, 509 String provider) 510 throws NoSuchAlgorithmException, NoSuchProviderException, 511 InvalidKeyException, SignatureException 512 { 513 Signature sig; 514 515 try 516 { 517 if (provider == null) 518 { 519 sig = Signature.getInstance(getSignatureName(sigAlgId)); 520 } 521 else 522 { 523 sig = Signature.getInstance(getSignatureName(sigAlgId), provider); 524 } 525 } 526 catch (NoSuchAlgorithmException e) 527 { 528 // 529 // try an alternate 530 // 531 if (oids.get(sigAlgId.getObjectId()) != null) 532 { 533 String signatureAlgorithm = (String)oids.get(sigAlgId.getObjectId()); 534 535 if (provider == null) 536 { 537 sig = Signature.getInstance(signatureAlgorithm); 538 } 539 else 540 { 541 sig = Signature.getInstance(signatureAlgorithm, provider); 542 } 543 } 544 else 545 { 546 throw e; 547 } 548 } 549 550 setSignatureParameters(sig, sigAlgId.getParameters()); 551 552 sig.initVerify(pubKey); 553 554 try 555 { 556 sig.update(reqInfo.getEncoded(ASN1Encoding.DER)); 557 } 558 catch (Exception e) 559 { 560 throw new SignatureException("exception encoding TBS cert request - " + e); 561 } 562 563 return sig.verify(sigBits.getBytes()); 564 } 565 566 /** 567 * return a DER encoded byte array representing this object 568 */ 569 public byte[] getEncoded() 570 { 571 try 572 { 573 return this.getEncoded(ASN1Encoding.DER); 574 } 575 catch (IOException e) 576 { 577 throw new RuntimeException(e.toString()); 578 } 579 } 580 581 private void setSignatureParameters( 582 Signature signature, 583 ASN1Encodable params) 584 throws NoSuchAlgorithmException, SignatureException, InvalidKeyException 585 { 586 if (params != null && !DERNull.INSTANCE.equals(params)) 587 { 588 AlgorithmParameters sigParams = AlgorithmParameters.getInstance(signature.getAlgorithm(), signature.getProvider()); 589 590 try 591 { 592 sigParams.init(params.toASN1Primitive().getEncoded(ASN1Encoding.DER)); 593 } 594 catch (IOException e) 595 { 596 throw new SignatureException("IOException decoding parameters: " + e.getMessage()); 597 } 598 599 if (signature.getAlgorithm().endsWith("MGF1")) 600 { 601 try 602 { 603 signature.setParameter(sigParams.getParameterSpec(PSSParameterSpec.class)); 604 } 605 catch (GeneralSecurityException e) 606 { 607 throw new SignatureException("Exception extracting parameters: " + e.getMessage()); 608 } 609 } 610 } 611 } 612 613 static String getSignatureName( 614 AlgorithmIdentifier sigAlgId) 615 { 616 ASN1Encodable params = sigAlgId.getParameters(); 617 618 if (params != null && !DERNull.INSTANCE.equals(params)) 619 { 620 if (sigAlgId.getObjectId().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) 621 { 622 RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); 623 return getDigestAlgName(rsaParams.getHashAlgorithm().getObjectId()) + "withRSAandMGF1"; 624 } 625 } 626 627 return sigAlgId.getObjectId().getId(); 628 } 629 630 private static String getDigestAlgName( 631 DERObjectIdentifier digestAlgOID) 632 { 633 if (PKCSObjectIdentifiers.md5.equals(digestAlgOID)) 634 { 635 return "MD5"; 636 } 637 else if (OIWObjectIdentifiers.idSHA1.equals(digestAlgOID)) 638 { 639 return "SHA1"; 640 } 641 // BEGIN android-removed 642 // else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID)) 643 // { 644 // return "SHA224"; 645 // } 646 // END android-removed 647 else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID)) 648 { 649 return "SHA256"; 650 } 651 else if (NISTObjectIdentifiers.id_sha384.equals(digestAlgOID)) 652 { 653 return "SHA384"; 654 } 655 else if (NISTObjectIdentifiers.id_sha512.equals(digestAlgOID)) 656 { 657 return "SHA512"; 658 } 659 // BEGIN android-removed 660 // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) 661 // { 662 // return "RIPEMD128"; 663 // } 664 // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) 665 // { 666 // return "RIPEMD160"; 667 // } 668 // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) 669 // { 670 // return "RIPEMD256"; 671 // } 672 // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) 673 // { 674 // return "GOST3411"; 675 // } 676 // END android-removed 677 else 678 { 679 return digestAlgOID.getId(); 680 } 681 } 682} 683