1 package org.bouncycastle.operator.jcajce; 2 3 import java.io.ByteArrayInputStream; 4 import java.io.IOException; 5 import java.security.AlgorithmParameters; 6 import java.security.GeneralSecurityException; 7 import java.security.KeyFactory; 8 import java.security.MessageDigest; 9 import java.security.NoSuchAlgorithmException; 10 import java.security.NoSuchProviderException; 11 import java.security.PublicKey; 12 import java.security.Signature; 13 import java.security.cert.CertificateException; 14 import java.security.cert.CertificateFactory; 15 import java.security.cert.X509Certificate; 16 import java.security.spec.InvalidKeySpecException; 17 import java.security.spec.X509EncodedKeySpec; 18 import java.util.HashMap; 19 import java.util.Map; 20 21 import javax.crypto.Cipher; 22 23 import org.bouncycastle.asn1.ASN1Encodable; 24 import org.bouncycastle.asn1.ASN1ObjectIdentifier; 25 import org.bouncycastle.asn1.DERNull; 26 import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers; 27 import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; 28 import org.bouncycastle.asn1.eac.EACObjectIdentifiers; 29 import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers; 30 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; 31 import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers; 32 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; 33 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 34 import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; 35 import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; 36 import org.bouncycastle.asn1.x509.AlgorithmIdentifier; 37 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; 38 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; 39 import org.bouncycastle.cert.X509CertificateHolder; 40 import org.bouncycastle.jcajce.util.AlgorithmParametersUtils; 41 import org.bouncycastle.jcajce.util.JcaJceHelper; 42 import org.bouncycastle.jcajce.util.MessageDigestUtils; 43 import org.bouncycastle.operator.OperatorCreationException; 44 import org.bouncycastle.util.Integers; 45 46 class OperatorHelper 47 { 48 private static final Map oids = new HashMap(); 49 private static final Map asymmetricWrapperAlgNames = new HashMap(); 50 private static final Map symmetricWrapperAlgNames = new HashMap(); 51 private static final Map symmetricKeyAlgNames = new HashMap(); 52 private static final Map symmetricWrapperKeySizes = new HashMap(); 53 54 static 55 { 56 // 57 // reverse mappings 58 // oids.put(new ASN1ObjectIdentifier(R), R)59 oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA"); oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, R)60 oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA"); oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, R)61 oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA"); oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, R)62 oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA"); oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, R)63 oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA"); oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, R)64 oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410"); oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, R)65 oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410"); oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA1, R)66 oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA1, "SHA1WITHPLAIN-ECDSA"); oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA224, R)67 oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA224, "SHA224WITHPLAIN-ECDSA"); oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA256, R)68 oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA256, "SHA256WITHPLAIN-ECDSA"); oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA384, R)69 oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA384, "SHA384WITHPLAIN-ECDSA"); oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA512, R)70 oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA512, "SHA512WITHPLAIN-ECDSA"); oids.put(BSIObjectIdentifiers.ecdsa_plain_RIPEMD160, R)71 oids.put(BSIObjectIdentifiers.ecdsa_plain_RIPEMD160, "RIPEMD160WITHPLAIN-ECDSA"); oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_1, R)72 oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_1, "SHA1WITHCVC-ECDSA"); oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_224, R)73 oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_224, "SHA224WITHCVC-ECDSA"); oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_256, R)74 oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_256, "SHA256WITHCVC-ECDSA"); oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_384, R)75 oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_384, "SHA384WITHCVC-ECDSA"); oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_512, R)76 oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_512, "SHA512WITHCVC-ECDSA"); 77 oids.put(new ASN1ObjectIdentifier(R), R)78 oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA"); oids.put(new ASN1ObjectIdentifier(R), R)79 oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA"); oids.put(new ASN1ObjectIdentifier(R), R)80 oids.put(new ASN1ObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA"); oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, R)81 oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA"); oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, R)82 oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA"); oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, R)83 oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA"); oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, R)84 oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384WITHECDSA"); oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, R)85 oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512WITHECDSA"); oids.put(OIWObjectIdentifiers.sha1WithRSA, R)86 oids.put(OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA"); oids.put(OIWObjectIdentifiers.dsaWithSHA1, R)87 oids.put(OIWObjectIdentifiers.dsaWithSHA1, "SHA1WITHDSA"); oids.put(NISTObjectIdentifiers.dsa_with_sha224, R)88 oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA"); oids.put(NISTObjectIdentifiers.dsa_with_sha256, R)89 oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA"); 90 oids.put(OIWObjectIdentifiers.idSHA1, R)91 oids.put(OIWObjectIdentifiers.idSHA1, "SHA-1"); oids.put(NISTObjectIdentifiers.id_sha224, R)92 oids.put(NISTObjectIdentifiers.id_sha224, "SHA-224"); oids.put(NISTObjectIdentifiers.id_sha256, R)93 oids.put(NISTObjectIdentifiers.id_sha256, "SHA-256"); oids.put(NISTObjectIdentifiers.id_sha384, R)94 oids.put(NISTObjectIdentifiers.id_sha384, "SHA-384"); oids.put(NISTObjectIdentifiers.id_sha512, R)95 oids.put(NISTObjectIdentifiers.id_sha512, "SHA-512"); oids.put(TeleTrusTObjectIdentifiers.ripemd128, R)96 oids.put(TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD128"); oids.put(TeleTrusTObjectIdentifiers.ripemd160, R)97 oids.put(TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD160"); oids.put(TeleTrusTObjectIdentifiers.ripemd256, R)98 oids.put(TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD256"); 99 asymmetricWrapperAlgNames.put(PKCSObjectIdentifiers.rsaEncryption, R)100 asymmetricWrapperAlgNames.put(PKCSObjectIdentifiers.rsaEncryption, "RSA/ECB/PKCS1Padding"); 101 symmetricWrapperAlgNames.put(PKCSObjectIdentifiers.id_alg_CMS3DESwrap, R)102 symmetricWrapperAlgNames.put(PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWrap"); symmetricWrapperAlgNames.put(PKCSObjectIdentifiers.id_alg_CMSRC2wrap, R)103 symmetricWrapperAlgNames.put(PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2Wrap"); symmetricWrapperAlgNames.put(NISTObjectIdentifiers.id_aes128_wrap, R)104 symmetricWrapperAlgNames.put(NISTObjectIdentifiers.id_aes128_wrap, "AESWrap"); symmetricWrapperAlgNames.put(NISTObjectIdentifiers.id_aes192_wrap, R)105 symmetricWrapperAlgNames.put(NISTObjectIdentifiers.id_aes192_wrap, "AESWrap"); symmetricWrapperAlgNames.put(NISTObjectIdentifiers.id_aes256_wrap, R)106 symmetricWrapperAlgNames.put(NISTObjectIdentifiers.id_aes256_wrap, "AESWrap"); symmetricWrapperAlgNames.put(NTTObjectIdentifiers.id_camellia128_wrap, R)107 symmetricWrapperAlgNames.put(NTTObjectIdentifiers.id_camellia128_wrap, "CamelliaWrap"); symmetricWrapperAlgNames.put(NTTObjectIdentifiers.id_camellia192_wrap, R)108 symmetricWrapperAlgNames.put(NTTObjectIdentifiers.id_camellia192_wrap, "CamelliaWrap"); symmetricWrapperAlgNames.put(NTTObjectIdentifiers.id_camellia256_wrap, R)109 symmetricWrapperAlgNames.put(NTTObjectIdentifiers.id_camellia256_wrap, "CamelliaWrap"); symmetricWrapperAlgNames.put(KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap, R)110 symmetricWrapperAlgNames.put(KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap, "SEEDWrap"); symmetricWrapperAlgNames.put(PKCSObjectIdentifiers.des_EDE3_CBC, R)111 symmetricWrapperAlgNames.put(PKCSObjectIdentifiers.des_EDE3_CBC, "DESede"); 112 symmetricWrapperKeySizes.put(PKCSObjectIdentifiers.id_alg_CMS3DESwrap, Integers.valueOf(192))113 symmetricWrapperKeySizes.put(PKCSObjectIdentifiers.id_alg_CMS3DESwrap, Integers.valueOf(192)); symmetricWrapperKeySizes.put(NISTObjectIdentifiers.id_aes128_wrap, Integers.valueOf(128))114 symmetricWrapperKeySizes.put(NISTObjectIdentifiers.id_aes128_wrap, Integers.valueOf(128)); symmetricWrapperKeySizes.put(NISTObjectIdentifiers.id_aes192_wrap, Integers.valueOf(192))115 symmetricWrapperKeySizes.put(NISTObjectIdentifiers.id_aes192_wrap, Integers.valueOf(192)); symmetricWrapperKeySizes.put(NISTObjectIdentifiers.id_aes256_wrap, Integers.valueOf(256))116 symmetricWrapperKeySizes.put(NISTObjectIdentifiers.id_aes256_wrap, Integers.valueOf(256)); symmetricWrapperKeySizes.put(NTTObjectIdentifiers.id_camellia128_wrap, Integers.valueOf(128))117 symmetricWrapperKeySizes.put(NTTObjectIdentifiers.id_camellia128_wrap, Integers.valueOf(128)); symmetricWrapperKeySizes.put(NTTObjectIdentifiers.id_camellia192_wrap, Integers.valueOf(192))118 symmetricWrapperKeySizes.put(NTTObjectIdentifiers.id_camellia192_wrap, Integers.valueOf(192)); symmetricWrapperKeySizes.put(NTTObjectIdentifiers.id_camellia256_wrap, Integers.valueOf(256))119 symmetricWrapperKeySizes.put(NTTObjectIdentifiers.id_camellia256_wrap, Integers.valueOf(256)); symmetricWrapperKeySizes.put(KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap, Integers.valueOf(128))120 symmetricWrapperKeySizes.put(KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap, Integers.valueOf(128)); symmetricWrapperKeySizes.put(PKCSObjectIdentifiers.des_EDE3_CBC, Integers.valueOf(192))121 symmetricWrapperKeySizes.put(PKCSObjectIdentifiers.des_EDE3_CBC, Integers.valueOf(192)); 122 symmetricKeyAlgNames.put(NISTObjectIdentifiers.aes, R)123 symmetricKeyAlgNames.put(NISTObjectIdentifiers.aes, "AES"); symmetricKeyAlgNames.put(NISTObjectIdentifiers.id_aes128_CBC, R)124 symmetricKeyAlgNames.put(NISTObjectIdentifiers.id_aes128_CBC, "AES"); symmetricKeyAlgNames.put(NISTObjectIdentifiers.id_aes192_CBC, R)125 symmetricKeyAlgNames.put(NISTObjectIdentifiers.id_aes192_CBC, "AES"); symmetricKeyAlgNames.put(NISTObjectIdentifiers.id_aes256_CBC, R)126 symmetricKeyAlgNames.put(NISTObjectIdentifiers.id_aes256_CBC, "AES"); symmetricKeyAlgNames.put(PKCSObjectIdentifiers.des_EDE3_CBC, R)127 symmetricKeyAlgNames.put(PKCSObjectIdentifiers.des_EDE3_CBC, "DESede"); symmetricKeyAlgNames.put(PKCSObjectIdentifiers.RC2_CBC, R)128 symmetricKeyAlgNames.put(PKCSObjectIdentifiers.RC2_CBC, "RC2"); 129 } 130 131 private JcaJceHelper helper; 132 OperatorHelper(JcaJceHelper helper)133 OperatorHelper(JcaJceHelper helper) 134 { 135 this.helper = helper; 136 } 137 getWrappingAlgorithmName(ASN1ObjectIdentifier algOid)138 String getWrappingAlgorithmName(ASN1ObjectIdentifier algOid) 139 { 140 return (String)symmetricWrapperAlgNames.get(algOid); 141 } 142 getKeySizeInBits(ASN1ObjectIdentifier algOid)143 int getKeySizeInBits(ASN1ObjectIdentifier algOid) 144 { 145 return ((Integer)symmetricWrapperKeySizes.get(algOid)).intValue(); 146 } 147 createAsymmetricWrapper(ASN1ObjectIdentifier algorithm, Map extraAlgNames)148 Cipher createAsymmetricWrapper(ASN1ObjectIdentifier algorithm, Map extraAlgNames) 149 throws OperatorCreationException 150 { 151 try 152 { 153 String cipherName = null; 154 155 if (!extraAlgNames.isEmpty()) 156 { 157 cipherName = (String)extraAlgNames.get(algorithm); 158 } 159 160 if (cipherName == null) 161 { 162 cipherName = (String)asymmetricWrapperAlgNames.get(algorithm); 163 } 164 165 if (cipherName != null) 166 { 167 try 168 { 169 // this is reversed as the Sun policy files now allow unlimited strength RSA 170 return helper.createCipher(cipherName); 171 } 172 catch (NoSuchAlgorithmException e) 173 { 174 // try alternate for RSA 175 if (cipherName.equals("RSA/ECB/PKCS1Padding")) 176 { 177 try 178 { 179 return helper.createCipher("RSA/NONE/PKCS1Padding"); 180 } 181 catch (NoSuchAlgorithmException ex) 182 { 183 // Ignore 184 } 185 } 186 // Ignore 187 } 188 } 189 190 return helper.createCipher(algorithm.getId()); 191 } 192 catch (Exception e) 193 { 194 throw new OperatorCreationException("cannot create cipher: " + e.getMessage(), e); 195 } 196 } 197 createSymmetricWrapper(ASN1ObjectIdentifier algorithm)198 Cipher createSymmetricWrapper(ASN1ObjectIdentifier algorithm) 199 throws OperatorCreationException 200 { 201 try 202 { 203 String cipherName = (String)symmetricWrapperAlgNames.get(algorithm); 204 205 if (cipherName != null) 206 { 207 try 208 { 209 // this is reversed as the Sun policy files now allow unlimited strength RSA 210 return helper.createCipher(cipherName); 211 } 212 catch (NoSuchAlgorithmException e) 213 { 214 // Ignore 215 } 216 } 217 return helper.createCipher(algorithm.getId()); 218 } 219 catch (Exception e) 220 { 221 throw new OperatorCreationException("cannot create cipher: " + e.getMessage(), e); 222 } 223 } 224 createAlgorithmParameters(AlgorithmIdentifier cipherAlgId)225 AlgorithmParameters createAlgorithmParameters(AlgorithmIdentifier cipherAlgId) 226 throws OperatorCreationException 227 { 228 AlgorithmParameters parameters; 229 230 if (cipherAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.rsaEncryption)) 231 { 232 return null; 233 } 234 235 try 236 { 237 parameters = helper.createAlgorithmParameters(cipherAlgId.getAlgorithm().getId()); 238 } 239 catch (NoSuchAlgorithmException e) 240 { 241 return null; // There's a good chance there aren't any! 242 } 243 catch (NoSuchProviderException e) 244 { 245 throw new OperatorCreationException("cannot create algorithm parameters: " + e.getMessage(), e); 246 } 247 248 try 249 { 250 parameters.init(cipherAlgId.getParameters().toASN1Primitive().getEncoded()); 251 } 252 catch (IOException e) 253 { 254 throw new OperatorCreationException("cannot initialise algorithm parameters: " + e.getMessage(), e); 255 } 256 257 return parameters; 258 } 259 createDigest(AlgorithmIdentifier digAlgId)260 MessageDigest createDigest(AlgorithmIdentifier digAlgId) 261 throws GeneralSecurityException 262 { 263 MessageDigest dig; 264 265 try 266 { 267 try 268 { 269 dig = helper.createDigest(MessageDigestUtils.getDigestName(digAlgId.getAlgorithm())); 270 } 271 catch (NoSuchAlgorithmException e) 272 { 273 // 274 // try an alternate 275 // 276 if (oids.get(digAlgId.getAlgorithm()) != null) 277 { 278 String digestAlgorithm = (String)oids.get(digAlgId.getAlgorithm()); 279 280 dig = helper.createDigest(digestAlgorithm); 281 } 282 else 283 { 284 throw e; 285 } 286 } 287 } 288 catch (Exception e) 289 { 290 throw new GeneralSecurityException(e.toString()); 291 } 292 293 return dig; 294 } 295 createSignature(AlgorithmIdentifier sigAlgId)296 Signature createSignature(AlgorithmIdentifier sigAlgId) 297 throws GeneralSecurityException 298 { 299 Signature sig; 300 301 try 302 { 303 try 304 { 305 sig = helper.createSignature(getSignatureName(sigAlgId)); 306 } 307 catch (NoSuchAlgorithmException e) 308 { 309 // 310 // try an alternate 311 // 312 if (oids.get(sigAlgId.getAlgorithm()) != null) 313 { 314 String signatureAlgorithm = (String)oids.get(sigAlgId.getAlgorithm()); 315 316 sig = helper.createSignature(signatureAlgorithm); 317 } 318 else 319 { 320 throw e; 321 } 322 } 323 } 324 catch (Exception e) 325 { 326 throw new GeneralSecurityException(e.toString()); 327 } 328 329 return sig; 330 } 331 createRawSignature(AlgorithmIdentifier algorithm)332 public Signature createRawSignature(AlgorithmIdentifier algorithm) 333 { 334 Signature sig; 335 336 try 337 { 338 String algName = getSignatureName(algorithm); 339 340 algName = "NONE" + algName.substring(algName.indexOf("WITH")); 341 342 sig = helper.createSignature(algName); 343 344 // RFC 4056 345 // When the id-RSASSA-PSS algorithm identifier is used for a signature, 346 // the AlgorithmIdentifier parameters field MUST contain RSASSA-PSS-params. 347 /* 348 if (algorithm.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) 349 { 350 AlgorithmParameters params = helper.createAlgorithmParameters(algName); 351 352 AlgorithmParametersUtils.loadParameters(params, algorithm.getParameters()); 353 354 PSSParameterSpec spec = (PSSParameterSpec)params.getParameterSpec(PSSParameterSpec.class); 355 sig.setParameter(spec); 356 } 357 */ 358 } 359 catch (Exception e) 360 { 361 return null; 362 } 363 364 return sig; 365 } 366 getSignatureName( AlgorithmIdentifier sigAlgId)367 private static String getSignatureName( 368 AlgorithmIdentifier sigAlgId) 369 { 370 ASN1Encodable params = sigAlgId.getParameters(); 371 372 if (params != null && !DERNull.INSTANCE.equals(params)) 373 { 374 if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) 375 { 376 RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); 377 return getDigestName(rsaParams.getHashAlgorithm().getAlgorithm()) + "WITHRSAANDMGF1"; 378 } 379 } 380 381 if (oids.containsKey(sigAlgId.getAlgorithm())) 382 { 383 return (String)oids.get(sigAlgId.getAlgorithm()); 384 } 385 386 return sigAlgId.getAlgorithm().getId(); 387 } 388 389 // we need to remove the - to create a correct signature name getDigestName(ASN1ObjectIdentifier oid)390 private static String getDigestName(ASN1ObjectIdentifier oid) 391 { 392 String name = MessageDigestUtils.getDigestName(oid); 393 394 int dIndex = name.indexOf('-'); 395 if (dIndex > 0) 396 { 397 return name.substring(0, dIndex) + name.substring(dIndex + 1); 398 } 399 400 return MessageDigestUtils.getDigestName(oid); 401 } 402 convertCertificate(X509CertificateHolder certHolder)403 public X509Certificate convertCertificate(X509CertificateHolder certHolder) 404 throws CertificateException 405 { 406 407 try 408 { 409 CertificateFactory certFact = helper.createCertificateFactory("X.509"); 410 411 return (X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(certHolder.getEncoded())); 412 } 413 catch (IOException e) 414 { 415 throw new OpCertificateException("cannot get encoded form of certificate: " + e.getMessage(), e); 416 } 417 catch (NoSuchProviderException e) 418 { 419 throw new OpCertificateException("cannot find factory provider: " + e.getMessage(), e); 420 } 421 } 422 convertPublicKey(SubjectPublicKeyInfo publicKeyInfo)423 public PublicKey convertPublicKey(SubjectPublicKeyInfo publicKeyInfo) 424 throws OperatorCreationException 425 { 426 try 427 { 428 KeyFactory keyFact = helper.createKeyFactory(publicKeyInfo.getAlgorithm().getAlgorithm().getId()); 429 430 return keyFact.generatePublic(new X509EncodedKeySpec(publicKeyInfo.getEncoded())); 431 } 432 catch (IOException e) 433 { 434 throw new OperatorCreationException("cannot get encoded form of key: " + e.getMessage(), e); 435 } 436 catch (NoSuchAlgorithmException e) 437 { 438 throw new OperatorCreationException("cannot create key factory: " + e.getMessage(), e); 439 } 440 catch (NoSuchProviderException e) 441 { 442 throw new OperatorCreationException("cannot find factory provider: " + e.getMessage(), e); 443 } 444 catch (InvalidKeySpecException e) 445 { 446 throw new OperatorCreationException("cannot create key factory: " + e.getMessage(), e); 447 } 448 } 449 450 // TODO: put somewhere public so cause easily accessed 451 private static class OpCertificateException 452 extends CertificateException 453 { 454 private Throwable cause; 455 OpCertificateException(String msg, Throwable cause)456 public OpCertificateException(String msg, Throwable cause) 457 { 458 super(msg); 459 460 this.cause = cause; 461 } 462 getCause()463 public Throwable getCause() 464 { 465 return cause; 466 } 467 } 468 getKeyAlgorithmName(ASN1ObjectIdentifier oid)469 String getKeyAlgorithmName(ASN1ObjectIdentifier oid) 470 { 471 472 String name = (String)symmetricKeyAlgNames.get(oid); 473 474 if (name != null) 475 { 476 return name; 477 } 478 479 return oid.getId(); 480 } 481 } 482