@Override public SecureRandom getRandom4Key() { return getSecureRandom(strongRandom4KeyEnabled); }
private void initSecurityFactory() throws IOException, InvalidConfException { securityFactory = new SecurityFactoryImpl(); Properties props = loadProperties(securityCfg, DFLT_SECURITY_CFG); securityFactory.setStrongRandom4SignEnabled( getBoolean(props, "sign.strongrandom.enabled", false)); securityFactory.setStrongRandom4KeyEnabled( getBoolean(props, "key.strongrandom.enabled", false)); securityFactory.setDefaultSignerParallelism( getInt(props, "defaultSignerParallelism", 32)); securityFactory.setSignerFactoryRegister(signerFactoryRegister); securityFactory.setPasswordResolver(passwordResolver);
@Override public boolean verifyPopo(CertificationRequest csr, AlgorithmValidator algoValidator) { return verifyPopo(new PKCS10CertificationRequest(csr), algoValidator); }
@Override public ConcurrentContentSigner createSigner(String type, SignerConf conf, X509Certificate[] certificateChain) throws ObjectCreationException { ConcurrentContentSigner signer = signerFactoryRegister.newSigner(this, type, conf, certificateChain); if (!signer.isMac()) { validateSigner(signer, type, conf); } return signer; }
@Override public boolean verifyPopo(PKCS10CertificationRequest csr, AlgorithmValidator algoValidator) { if (algoValidator != null) { AlgorithmIdentifier algId = csr.getSignatureAlgorithm(); if (!algoValidator.isAlgorithmPermitted(algId)) { String algoName; try { algoName = AlgorithmUtil.getSignatureAlgoName(algId); } catch (NoSuchAlgorithmException ex) { algoName = algId.getAlgorithm().getId(); } LOG.error("POPO signature algorithm {} not permitted", algoName); return false; } } try { SubjectPublicKeyInfo pkInfo = csr.getSubjectPublicKeyInfo(); PublicKey pk = KeyUtil.generatePublicKey(pkInfo); ContentVerifierProvider cvp = getContentVerifierProvider(pk); return csr.isSignatureValid(cvp); } catch (InvalidKeyException | PKCSException | NoSuchAlgorithmException | InvalidKeySpecException ex) { LogUtil.error(LOG, ex, "could not validate POPO of CSR"); return false; } }
@Override public boolean verifyPopo(final CertificationRequest csr, final AlgorithmValidator algoValidator) { return verifyPopo(new PKCS10CertificationRequest(csr), algoValidator); }
@Override public ConcurrentContentSigner createSigner(final String type, final SignerConf conf, final X509Certificate[] certificateChain) throws ObjectCreationException { ConcurrentContentSigner signer = signerFactoryRegister.newSigner(this, type, conf, certificateChain); if (!signer.isMac()) { validateSigner(signer, type, conf); } return signer; }
@Override public boolean verifyPopo(final PKCS10CertificationRequest csr, final AlgorithmValidator algoValidator) { if (algoValidator != null) { AlgorithmIdentifier algId = csr.getSignatureAlgorithm(); if (!algoValidator.isAlgorithmPermitted(algId)) { String algoName; try { algoName = AlgorithmUtil.getSignatureAlgoName(algId); } catch (NoSuchAlgorithmException ex) { algoName = algId.getAlgorithm().getId(); } LOG.error("POPO signature algorithm {} not permitted", algoName); return false; } } try { SubjectPublicKeyInfo pkInfo = csr.getSubjectPublicKeyInfo(); PublicKey pk = KeyUtil.generatePublicKey(pkInfo); ContentVerifierProvider cvp = getContentVerifierProvider(pk); return csr.isSignatureValid(cvp); } catch (InvalidKeyException | PKCSException | NoSuchAlgorithmException | InvalidKeySpecException ex) { LogUtil.error(LOG, ex, "could not validate POPO of CSR"); return false; } }
@Override public SecureRandom getRandom4Sign() { return getSecureRandom(strongRandom4SignEnabled); }
@Override public SecureRandom getRandom4Key() { return getSecureRandom(strongRandom4KeyEnabled); }
@Override public SecureRandom getRandom4Sign() { return getSecureRandom(strongRandom4SignEnabled); }