public RequestIssuer(byte[] data, int from, int len) { this.data = data; this.from = from; this.len = len; this.hashAlgo = HashAlgoType.getInstanceForEncoded(data, from + 2, 2 + data[from + 3]); int hashAlgoFieldLen = 0xFF & data[from + 1]; this.nameHashFrom = from + 2 + hashAlgoFieldLen; }
/** * mask generator function, as described in PKCS1v2. */ private static byte[] maskGeneratorFunction1(final HashAlgoType mgfDigest, final byte[] Z, // CHECKSTYLE:SKIP final int length) { int mgfhLen = mgfDigest.length(); byte[] mask = new byte[length]; int counter = 0; byte[] all = new byte[Z.length + 4]; System.arraycopy(Z, 0, all, 0, Z.length); while (counter < (length / mgfhLen)) { ItoOSP(counter, all, Z.length); byte[] hashBuf = mgfDigest.hash(all); System.arraycopy(hashBuf, 0, mask, counter * mgfhLen, mgfhLen); counter++; } if ((counter * mgfhLen) < length) { ItoOSP(counter, all, Z.length); byte[] hashBuf = mgfDigest.hash(all); int offset = counter * mgfhLen; System.arraycopy(hashBuf, 0, mask, offset, mask.length - offset); } return mask; }
public static ASN1ObjectIdentifier getHashAlg(final String hashAlgName) throws NoSuchAlgorithmException { ParamUtil.requireNonNull("hashAlgName", hashAlgName); HashAlgoType hashAlgo = HashAlgoType.getHashAlgoType(hashAlgName); if (hashAlgo == null) { throw new NoSuchAlgorithmException("Unsupported hash algorithm " + hashAlgName); } return hashAlgo.oid(); } // method getHashAlg
protected P11RSADigestSignatureSpi(final HashAlgoType digestAlg) { this.digestAlgId = digestAlg.algorithmIdentifier(); this.digest = digestAlg.createDigest(); }
public RequestIssuer(HashAlgoType hashAlgo, byte[] hashData) { int algIdLen = 2 + hashAlgo.encodedLength() + 2; data = new byte[algIdLen + hashData.length]; int offset = 0; data[offset++] = 0x30; data[offset++] = (byte) (hashAlgo.encodedLength() + 2); offset += hashAlgo.write(data, offset); data[offset++] = 0x05; data[offset++] = 0x00; this.nameHashFrom = offset; offset += ASN1Type.arraycopy(hashData, data, offset); this.from = 0; this.len = offset; this.hashAlgo = hashAlgo; }
private static void formatString(final Integer index, final boolean verbose, final StringBuilder sb, final X509Certificate cert) { String subject = X509Util.getRfc4519Name(cert.getSubjectX500Principal()); sb.append("\t\tCertificate"); if (index != null) { sb.append("[").append(index).append("]"); } sb.append(": "); if (!verbose) { sb.append(subject).append("\n"); return; } else { sb.append("\n"); } sb.append("\t\t\tSubject: ").append(subject).append("\n"); String issuer = X509Util.getRfc4519Name(cert.getIssuerX500Principal()); sb.append("\t\t\tIssuer: ").append(issuer).append("\n"); sb.append("\t\t\tSerial: ").append(LogUtil.formatCsn(cert.getSerialNumber())).append("\n"); sb.append("\t\t\tStart time: ").append(cert.getNotBefore()).append("\n"); sb.append("\t\t\tEnd time: ").append(cert.getNotAfter()).append("\n"); sb.append("\t\t\tSHA1 Sum: "); try { sb.append(HashAlgoType.SHA1.hexHash(cert.getEncoded())); } catch (CertificateEncodingException ex) { sb.append("ERROR"); } sb.append("\n"); }
HashAlgoType contentHash = HashAlgoType.getInstanceForPkcs11HashMech( pssParam.hashAlgorithm()); if (contentHash == null) { HashAlgoType mgfHash = HashAlgoType.getInstanceForPkcs11MgfMech( pssParam.maskGenerationFunction()); if (mgfHash == null) { byte[] hashValue = (hashAlgo == null) ? contentToSign : hashAlgo.hash(contentToSign); byte[] encodedHashValue; try {
private void checkExtensionSubjectKeyIdentifier(final StringBuilder failureMsg, final byte[] extensionValue, final SubjectPublicKeyInfo subjectPublicKeyInfo) { // subjectKeyIdentifier SubjectKeyIdentifier asn1 = SubjectKeyIdentifier.getInstance(extensionValue); byte[] ski = asn1.getKeyIdentifier(); byte[] pkData = subjectPublicKeyInfo.getPublicKeyData().getBytes(); byte[] expectedSki = HashAlgoType.SHA1.hash(pkData); if (!Arrays.equals(expectedSki, ski)) { addViolation(failureMsg, "SKI", hex(ski), hex(expectedSki)); } } // method checkExtensionSubjectKeyIdentifier
@Override protected byte[] digestSecretKey0(long mechanism) throws P11TokenException { if (!(signingKey instanceof SecretKey)) { throw new P11TokenException("digestSecretKey could not be applied to non-SecretKey"); } HashAlgoType hashAlgo = HashAlgoType.getInstanceForPkcs11HashMech(mechanism); if (hashAlgo == null) { throw new P11TokenException( "unknown mechanism " + Functions.mechanismCodeToString(mechanism)); } return hashAlgo.hash(((SecretKey) signingKey).getEncoded()); }
public String hashAlgorithmOID() { if (hashAlgo != null) { return hashAlgo.oid().getId(); } else { final int start = from + 2; byte[] bytes = Arrays.copyOfRange(data, start, start + 2 + (0xFF & data[from + 3])); return ASN1ObjectIdentifier.getInstance(bytes).getId(); } }
public static RSASSAPSSparams createPSSRSAParams(final HashAlgoType digestAlg) throws NoSuchAlgorithmException { ParamUtil.requireNonNull("digestAlg", digestAlg); int saltSize = digestAlg.length(); AlgorithmIdentifier digAlgId = new AlgorithmIdentifier(digestAlg.oid(), DERNull.INSTANCE); return new RSASSAPSSparams(digAlgId, new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, digAlgId), new ASN1Integer(saltSize), RSASSAPSSparams.DEFAULT_TRAILER_FIELD); } // method createPSSRSAParams
protected String sha256(final byte[] data) { return HashAlgoType.SHA256.base64Hash(data); }
public static Digest getDigest(final HashAlgoType hashAlgo) throws XiSecurityException { return hashAlgo.createDigest(); }
public static int getHashOutputSizeInOctets(final ASN1ObjectIdentifier hashAlgo) throws NoSuchAlgorithmException { ParamUtil.requireNonNull("hashAlgo", hashAlgo); HashAlgoType hashAlgoType = HashAlgoType.getHashAlgoType(hashAlgo); if (hashAlgoType == null) { throw new NoSuchAlgorithmException("Unsupported hash algorithm " + hashAlgo.getId()); } return hashAlgoType.length(); } // method getHashOutputSizeInOctets
public static Digest getDigest(final AlgorithmIdentifier hashAlgo) throws XiSecurityException { HashAlgoType hat = HashAlgoType.getHashAlgoType(hashAlgo.getAlgorithm()); if (hat != null) { return hat.createDigest(); } else { throw new XiSecurityException( "could not get digest for " + hashAlgo.getAlgorithm().getId()); } }
public static HashAlgoType getNonNullHashAlgoType(final String nameOrOid) { HashAlgoType type = getHashAlgoType(nameOrOid); if (type == null) { throw new IllegalArgumentException("Unknown HashAlgo OID/name '" + nameOrOid + "'"); } return type; }
private static void savePkcs11Entry(final File dir, final byte[] id, final String label, final byte[] value) throws P11TokenException { ParamUtil.requireNonNull("dir", dir); ParamUtil.requireNonNull("id", id); ParamUtil.requireNonBlank("label", label); ParamUtil.requireNonNull("value", value); String hexId = Hex.toHexString(id).toLowerCase(); StringBuilder sb = new StringBuilder(200); sb.append(PROP_ID).append('=').append(hexId).append('\n'); sb.append(PROP_LABEL).append('=').append(label).append('\n'); sb.append(PROP_SHA1SUM).append('=').append(HashAlgoType.SHA1.hexHash(value)).append('\n'); try { IoUtil.save(new File(dir, hexId + INFO_FILE_SUFFIX), sb.toString().getBytes()); IoUtil.save(new File(dir, hexId + VALUE_FILE_SUFFIX), value); } catch (IOException ex) { throw new P11TokenException("could not save certificate"); } }
throw new XiSecurityException(ex.getMessage(), ex); concurrentSigner.setSha1DigestOfMacKey(HashAlgoType.SHA1.hash(key.getEncoded()));
buildAlgId(hashAlgo.oid())); } else { throw new IllegalArgumentException("unknown type of key " + key.getClass().getName());
protected String sha224(final byte[] data) { return HashAlgoType.SHA224.base64Hash(data); }