org.spongycastle.eac.operator.jcajce.JcaEACSignerBuilder Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pkix Show documentation
Show all versions of pkix Show documentation
Spongy Castle is a package-rename (org.bouncycastle.* to org.spongycastle.*) of Bouncy Castle
intended for the Android platform. Android unfortunately ships with a stripped-down version of
Bouncy Castle, which prevents easy upgrades - Spongy Castle overcomes this and provides a full,
up-to-date version of the Bouncy Castle cryptographic libs.
package org.spongycastle.eac.operator.jcajce;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Arrays;
import java.util.Hashtable;
import org.spongycastle.asn1.ASN1Integer;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.eac.EACObjectIdentifiers;
import org.spongycastle.eac.operator.EACSigner;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.OperatorStreamException;
import org.spongycastle.operator.RuntimeOperatorException;
public class JcaEACSignerBuilder
{
private static final Hashtable sigNames = new Hashtable();
static
{
sigNames.put("SHA1withRSA", EACObjectIdentifiers.id_TA_RSA_v1_5_SHA_1);
sigNames.put("SHA256withRSA", EACObjectIdentifiers.id_TA_RSA_v1_5_SHA_256);
sigNames.put("SHA1withRSAandMGF1", EACObjectIdentifiers.id_TA_RSA_PSS_SHA_1);
sigNames.put("SHA256withRSAandMGF1", EACObjectIdentifiers.id_TA_RSA_PSS_SHA_256);
sigNames.put("SHA512withRSA", EACObjectIdentifiers.id_TA_RSA_v1_5_SHA_512);
sigNames.put("SHA512withRSAandMGF1", EACObjectIdentifiers.id_TA_RSA_PSS_SHA_512);
sigNames.put("SHA1withECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
sigNames.put("SHA224withECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
sigNames.put("SHA256withECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
sigNames.put("SHA384withECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_384);
sigNames.put("SHA512withECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_512);
}
private EACHelper helper = new DefaultEACHelper();
public JcaEACSignerBuilder setProvider(String providerName)
{
this.helper = new NamedEACHelper(providerName);
return this;
}
public JcaEACSignerBuilder setProvider(Provider provider)
{
this.helper = new ProviderEACHelper(provider);
return this;
}
public EACSigner build(String algorithm, PrivateKey privKey)
throws OperatorCreationException
{
return build((ASN1ObjectIdentifier)sigNames.get(algorithm), privKey);
}
public EACSigner build(final ASN1ObjectIdentifier usageOid, PrivateKey privKey)
throws OperatorCreationException
{
Signature sig;
try
{
sig = helper.getSignature(usageOid);
sig.initSign(privKey);
}
catch (NoSuchAlgorithmException e)
{
throw new OperatorCreationException("unable to find algorithm: " + e.getMessage(), e);
}
catch (NoSuchProviderException e)
{
throw new OperatorCreationException("unable to find provider: " + e.getMessage(), e);
}
catch (InvalidKeyException e)
{
throw new OperatorCreationException("invalid key: " + e.getMessage(), e);
}
final SignatureOutputStream sigStream = new SignatureOutputStream(sig);
return new EACSigner()
{
public ASN1ObjectIdentifier getUsageIdentifier()
{
return usageOid;
}
public OutputStream getOutputStream()
{
return sigStream;
}
public byte[] getSignature()
{
try
{
byte[] signature = sigStream.getSignature();
if (usageOid.on(EACObjectIdentifiers.id_TA_ECDSA))
{
return reencode(signature);
}
return signature;
}
catch (SignatureException e)
{
throw new RuntimeOperatorException("exception obtaining signature: " + e.getMessage(), e);
}
}
};
}
public static int max(int el1, int el2)
{
return el1 > el2 ? el1 : el2;
}
private static byte[] reencode(byte[] rawSign)
{
ASN1Sequence sData = ASN1Sequence.getInstance(rawSign);
BigInteger r = ASN1Integer.getInstance(sData.getObjectAt(0)).getValue();
BigInteger s = ASN1Integer.getInstance(sData.getObjectAt(1)).getValue();
byte[] rB = r.toByteArray();
byte[] sB = s.toByteArray();
int rLen = unsignedIntLength(rB);
int sLen = unsignedIntLength(sB);
byte[] ret;
int len = max(rLen, sLen);
ret = new byte[len * 2];
Arrays.fill(ret, (byte)0);
copyUnsignedInt(rB, ret, len - rLen);
copyUnsignedInt(sB, ret, 2 * len - sLen);
return ret;
}
private static int unsignedIntLength(byte[] i)
{
int len = i.length;
if (i[0] == 0)
{
len--;
}
return len;
}
private static void copyUnsignedInt(byte[] src, byte[] dst, int offset)
{
int len = src.length;
int readoffset = 0;
if (src[0] == 0)
{
len--;
readoffset = 1;
}
System.arraycopy(src, readoffset, dst, offset, len);
}
private class SignatureOutputStream
extends OutputStream
{
private Signature sig;
SignatureOutputStream(Signature sig)
{
this.sig = sig;
}
public void write(byte[] bytes, int off, int len)
throws IOException
{
try
{
sig.update(bytes, off, len);
}
catch (SignatureException e)
{
throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e);
}
}
public void write(byte[] bytes)
throws IOException
{
try
{
sig.update(bytes);
}
catch (SignatureException e)
{
throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e);
}
}
public void write(int b)
throws IOException
{
try
{
sig.update((byte)b);
}
catch (SignatureException e)
{
throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e);
}
}
byte[] getSignature()
throws SignatureException
{
return sig.sign();
}
}
}