1 package org.bouncycastle.operator.jcajce;
2 
3 import java.io.ByteArrayInputStream;
4 import java.io.IOException;
5 import java.security.AlgorithmParameters;
6 import java.security.GeneralSecurityException;
7 import java.security.KeyFactory;
8 import java.security.MessageDigest;
9 import java.security.NoSuchAlgorithmException;
10 import java.security.NoSuchProviderException;
11 import java.security.PublicKey;
12 import java.security.Signature;
13 import java.security.cert.CertificateException;
14 import java.security.cert.CertificateFactory;
15 import java.security.cert.X509Certificate;
16 import java.security.spec.InvalidKeySpecException;
17 import java.security.spec.X509EncodedKeySpec;
18 import java.util.HashMap;
19 import java.util.Map;
20 
21 import javax.crypto.Cipher;
22 
23 import org.bouncycastle.asn1.ASN1Encodable;
24 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
25 import org.bouncycastle.asn1.DERNull;
26 import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
27 import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
28 import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
29 import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
30 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
31 import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
32 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
33 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
34 import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
35 import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
36 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
37 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
38 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
39 import org.bouncycastle.cert.X509CertificateHolder;
40 import org.bouncycastle.jcajce.util.AlgorithmParametersUtils;
41 import org.bouncycastle.jcajce.util.JcaJceHelper;
42 import org.bouncycastle.jcajce.util.MessageDigestUtils;
43 import org.bouncycastle.operator.OperatorCreationException;
44 import org.bouncycastle.util.Integers;
45 
46 class OperatorHelper
47 {
48     private static final Map oids = new HashMap();
49     private static final Map asymmetricWrapperAlgNames = new HashMap();
50     private static final Map symmetricWrapperAlgNames = new HashMap();
51     private static final Map symmetricKeyAlgNames = new HashMap();
52     private static final Map symmetricWrapperKeySizes = new HashMap();
53 
54     static
55     {
56         //
57         // reverse mappings
58         //
oids.put(new ASN1ObjectIdentifier(R), R)59         oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, R)60         oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA");
oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, R)61         oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA");
oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, R)62         oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA");
oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, R)63         oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA");
oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, R)64         oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, R)65         oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA1, R)66         oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA1, "SHA1WITHPLAIN-ECDSA");
oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA224, R)67         oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA224, "SHA224WITHPLAIN-ECDSA");
oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA256, R)68         oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA256, "SHA256WITHPLAIN-ECDSA");
oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA384, R)69         oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA384, "SHA384WITHPLAIN-ECDSA");
oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA512, R)70         oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA512, "SHA512WITHPLAIN-ECDSA");
oids.put(BSIObjectIdentifiers.ecdsa_plain_RIPEMD160, R)71         oids.put(BSIObjectIdentifiers.ecdsa_plain_RIPEMD160, "RIPEMD160WITHPLAIN-ECDSA");
oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_1, R)72         oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_1, "SHA1WITHCVC-ECDSA");
oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_224, R)73         oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_224, "SHA224WITHCVC-ECDSA");
oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_256, R)74         oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_256, "SHA256WITHCVC-ECDSA");
oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_384, R)75         oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_384, "SHA384WITHCVC-ECDSA");
oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_512, R)76         oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_512, "SHA512WITHCVC-ECDSA");
77 
oids.put(new ASN1ObjectIdentifier(R), R)78         oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
oids.put(new ASN1ObjectIdentifier(R), R)79         oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
oids.put(new ASN1ObjectIdentifier(R), R)80         oids.put(new ASN1ObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, R)81         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA");
oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, R)82         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, R)83         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA");
oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, R)84         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384WITHECDSA");
oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, R)85         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512WITHECDSA");
oids.put(OIWObjectIdentifiers.sha1WithRSA, R)86         oids.put(OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
oids.put(OIWObjectIdentifiers.dsaWithSHA1, R)87         oids.put(OIWObjectIdentifiers.dsaWithSHA1, "SHA1WITHDSA");
oids.put(NISTObjectIdentifiers.dsa_with_sha224, R)88         oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA");
oids.put(NISTObjectIdentifiers.dsa_with_sha256, R)89         oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA");
90 
oids.put(OIWObjectIdentifiers.idSHA1, R)91         oids.put(OIWObjectIdentifiers.idSHA1, "SHA-1");
oids.put(NISTObjectIdentifiers.id_sha224, R)92         oids.put(NISTObjectIdentifiers.id_sha224, "SHA-224");
oids.put(NISTObjectIdentifiers.id_sha256, R)93         oids.put(NISTObjectIdentifiers.id_sha256, "SHA-256");
oids.put(NISTObjectIdentifiers.id_sha384, R)94         oids.put(NISTObjectIdentifiers.id_sha384, "SHA-384");
oids.put(NISTObjectIdentifiers.id_sha512, R)95         oids.put(NISTObjectIdentifiers.id_sha512, "SHA-512");
oids.put(TeleTrusTObjectIdentifiers.ripemd128, R)96         oids.put(TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD128");
oids.put(TeleTrusTObjectIdentifiers.ripemd160, R)97         oids.put(TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD160");
oids.put(TeleTrusTObjectIdentifiers.ripemd256, R)98         oids.put(TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD256");
99 
asymmetricWrapperAlgNames.put(PKCSObjectIdentifiers.rsaEncryption, R)100         asymmetricWrapperAlgNames.put(PKCSObjectIdentifiers.rsaEncryption, "RSA/ECB/PKCS1Padding");
101 
symmetricWrapperAlgNames.put(PKCSObjectIdentifiers.id_alg_CMS3DESwrap, R)102         symmetricWrapperAlgNames.put(PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWrap");
symmetricWrapperAlgNames.put(PKCSObjectIdentifiers.id_alg_CMSRC2wrap, R)103         symmetricWrapperAlgNames.put(PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2Wrap");
symmetricWrapperAlgNames.put(NISTObjectIdentifiers.id_aes128_wrap, R)104         symmetricWrapperAlgNames.put(NISTObjectIdentifiers.id_aes128_wrap, "AESWrap");
symmetricWrapperAlgNames.put(NISTObjectIdentifiers.id_aes192_wrap, R)105         symmetricWrapperAlgNames.put(NISTObjectIdentifiers.id_aes192_wrap, "AESWrap");
symmetricWrapperAlgNames.put(NISTObjectIdentifiers.id_aes256_wrap, R)106         symmetricWrapperAlgNames.put(NISTObjectIdentifiers.id_aes256_wrap, "AESWrap");
symmetricWrapperAlgNames.put(NTTObjectIdentifiers.id_camellia128_wrap, R)107         symmetricWrapperAlgNames.put(NTTObjectIdentifiers.id_camellia128_wrap, "CamelliaWrap");
symmetricWrapperAlgNames.put(NTTObjectIdentifiers.id_camellia192_wrap, R)108         symmetricWrapperAlgNames.put(NTTObjectIdentifiers.id_camellia192_wrap, "CamelliaWrap");
symmetricWrapperAlgNames.put(NTTObjectIdentifiers.id_camellia256_wrap, R)109         symmetricWrapperAlgNames.put(NTTObjectIdentifiers.id_camellia256_wrap, "CamelliaWrap");
symmetricWrapperAlgNames.put(KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap, R)110         symmetricWrapperAlgNames.put(KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap, "SEEDWrap");
symmetricWrapperAlgNames.put(PKCSObjectIdentifiers.des_EDE3_CBC, R)111         symmetricWrapperAlgNames.put(PKCSObjectIdentifiers.des_EDE3_CBC, "DESede");
112 
symmetricWrapperKeySizes.put(PKCSObjectIdentifiers.id_alg_CMS3DESwrap, Integers.valueOf(192))113         symmetricWrapperKeySizes.put(PKCSObjectIdentifiers.id_alg_CMS3DESwrap, Integers.valueOf(192));
symmetricWrapperKeySizes.put(NISTObjectIdentifiers.id_aes128_wrap, Integers.valueOf(128))114         symmetricWrapperKeySizes.put(NISTObjectIdentifiers.id_aes128_wrap, Integers.valueOf(128));
symmetricWrapperKeySizes.put(NISTObjectIdentifiers.id_aes192_wrap, Integers.valueOf(192))115         symmetricWrapperKeySizes.put(NISTObjectIdentifiers.id_aes192_wrap, Integers.valueOf(192));
symmetricWrapperKeySizes.put(NISTObjectIdentifiers.id_aes256_wrap, Integers.valueOf(256))116         symmetricWrapperKeySizes.put(NISTObjectIdentifiers.id_aes256_wrap, Integers.valueOf(256));
symmetricWrapperKeySizes.put(NTTObjectIdentifiers.id_camellia128_wrap, Integers.valueOf(128))117         symmetricWrapperKeySizes.put(NTTObjectIdentifiers.id_camellia128_wrap, Integers.valueOf(128));
symmetricWrapperKeySizes.put(NTTObjectIdentifiers.id_camellia192_wrap, Integers.valueOf(192))118         symmetricWrapperKeySizes.put(NTTObjectIdentifiers.id_camellia192_wrap, Integers.valueOf(192));
symmetricWrapperKeySizes.put(NTTObjectIdentifiers.id_camellia256_wrap, Integers.valueOf(256))119         symmetricWrapperKeySizes.put(NTTObjectIdentifiers.id_camellia256_wrap, Integers.valueOf(256));
symmetricWrapperKeySizes.put(KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap, Integers.valueOf(128))120         symmetricWrapperKeySizes.put(KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap, Integers.valueOf(128));
symmetricWrapperKeySizes.put(PKCSObjectIdentifiers.des_EDE3_CBC, Integers.valueOf(192))121         symmetricWrapperKeySizes.put(PKCSObjectIdentifiers.des_EDE3_CBC, Integers.valueOf(192));
122 
symmetricKeyAlgNames.put(NISTObjectIdentifiers.aes, R)123         symmetricKeyAlgNames.put(NISTObjectIdentifiers.aes, "AES");
symmetricKeyAlgNames.put(NISTObjectIdentifiers.id_aes128_CBC, R)124         symmetricKeyAlgNames.put(NISTObjectIdentifiers.id_aes128_CBC, "AES");
symmetricKeyAlgNames.put(NISTObjectIdentifiers.id_aes192_CBC, R)125         symmetricKeyAlgNames.put(NISTObjectIdentifiers.id_aes192_CBC, "AES");
symmetricKeyAlgNames.put(NISTObjectIdentifiers.id_aes256_CBC, R)126         symmetricKeyAlgNames.put(NISTObjectIdentifiers.id_aes256_CBC, "AES");
symmetricKeyAlgNames.put(PKCSObjectIdentifiers.des_EDE3_CBC, R)127         symmetricKeyAlgNames.put(PKCSObjectIdentifiers.des_EDE3_CBC, "DESede");
symmetricKeyAlgNames.put(PKCSObjectIdentifiers.RC2_CBC, R)128         symmetricKeyAlgNames.put(PKCSObjectIdentifiers.RC2_CBC, "RC2");
129     }
130 
131     private JcaJceHelper helper;
132 
OperatorHelper(JcaJceHelper helper)133     OperatorHelper(JcaJceHelper helper)
134     {
135         this.helper = helper;
136     }
137 
getWrappingAlgorithmName(ASN1ObjectIdentifier algOid)138     String getWrappingAlgorithmName(ASN1ObjectIdentifier algOid)
139     {
140         return (String)symmetricWrapperAlgNames.get(algOid);
141     }
142 
getKeySizeInBits(ASN1ObjectIdentifier algOid)143     int getKeySizeInBits(ASN1ObjectIdentifier algOid)
144     {
145         return ((Integer)symmetricWrapperKeySizes.get(algOid)).intValue();
146     }
147 
createAsymmetricWrapper(ASN1ObjectIdentifier algorithm, Map extraAlgNames)148     Cipher createAsymmetricWrapper(ASN1ObjectIdentifier algorithm, Map extraAlgNames)
149         throws OperatorCreationException
150     {
151         try
152         {
153             String cipherName = null;
154 
155             if (!extraAlgNames.isEmpty())
156             {
157                 cipherName = (String)extraAlgNames.get(algorithm);
158             }
159 
160             if (cipherName == null)
161             {
162                 cipherName = (String)asymmetricWrapperAlgNames.get(algorithm);
163             }
164 
165             if (cipherName != null)
166             {
167                 try
168                 {
169                     // this is reversed as the Sun policy files now allow unlimited strength RSA
170                     return helper.createCipher(cipherName);
171                 }
172                 catch (NoSuchAlgorithmException e)
173                 {
174                     // try alternate for RSA
175                     if (cipherName.equals("RSA/ECB/PKCS1Padding"))
176                     {
177                         try
178                         {
179                             return helper.createCipher("RSA/NONE/PKCS1Padding");
180                         }
181                         catch (NoSuchAlgorithmException ex)
182                         {
183                             // Ignore
184                         }
185                     }
186                     // Ignore
187                 }
188             }
189 
190             return helper.createCipher(algorithm.getId());
191         }
192         catch (Exception e)
193         {
194             throw new OperatorCreationException("cannot create cipher: " + e.getMessage(), e);
195         }
196     }
197 
createSymmetricWrapper(ASN1ObjectIdentifier algorithm)198     Cipher createSymmetricWrapper(ASN1ObjectIdentifier algorithm)
199         throws OperatorCreationException
200     {
201         try
202         {
203             String cipherName = (String)symmetricWrapperAlgNames.get(algorithm);
204 
205             if (cipherName != null)
206             {
207                 try
208                 {
209                     // this is reversed as the Sun policy files now allow unlimited strength RSA
210                     return helper.createCipher(cipherName);
211                 }
212                 catch (NoSuchAlgorithmException e)
213                 {
214                     // Ignore
215                 }
216             }
217             return helper.createCipher(algorithm.getId());
218         }
219         catch (Exception e)
220         {
221             throw new OperatorCreationException("cannot create cipher: " + e.getMessage(), e);
222         }
223     }
224 
createAlgorithmParameters(AlgorithmIdentifier cipherAlgId)225     AlgorithmParameters createAlgorithmParameters(AlgorithmIdentifier cipherAlgId)
226         throws OperatorCreationException
227     {
228         AlgorithmParameters parameters;
229 
230         if (cipherAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.rsaEncryption))
231         {
232             return null;
233         }
234 
235         try
236         {
237             parameters = helper.createAlgorithmParameters(cipherAlgId.getAlgorithm().getId());
238         }
239         catch (NoSuchAlgorithmException e)
240         {
241             return null;   // There's a good chance there aren't any!
242         }
243         catch (NoSuchProviderException e)
244         {
245             throw new OperatorCreationException("cannot create algorithm parameters: " + e.getMessage(), e);
246         }
247 
248         try
249         {
250             parameters.init(cipherAlgId.getParameters().toASN1Primitive().getEncoded());
251         }
252         catch (IOException e)
253         {
254             throw new OperatorCreationException("cannot initialise algorithm parameters: " + e.getMessage(), e);
255         }
256 
257         return parameters;
258     }
259 
createDigest(AlgorithmIdentifier digAlgId)260     MessageDigest createDigest(AlgorithmIdentifier digAlgId)
261         throws GeneralSecurityException
262     {
263         MessageDigest dig;
264 
265         try
266         {
267         try
268         {
269             dig = helper.createDigest(MessageDigestUtils.getDigestName(digAlgId.getAlgorithm()));
270         }
271         catch (NoSuchAlgorithmException e)
272         {
273             //
274             // try an alternate
275             //
276             if (oids.get(digAlgId.getAlgorithm()) != null)
277             {
278                 String  digestAlgorithm = (String)oids.get(digAlgId.getAlgorithm());
279 
280                 dig = helper.createDigest(digestAlgorithm);
281             }
282             else
283             {
284                 throw e;
285             }
286         }
287         }
288         catch (Exception e)
289         {
290             throw new GeneralSecurityException(e.toString());
291         }
292 
293         return dig;
294     }
295 
createSignature(AlgorithmIdentifier sigAlgId)296     Signature createSignature(AlgorithmIdentifier sigAlgId)
297         throws GeneralSecurityException
298     {
299         Signature   sig;
300 
301         try
302         {
303         try
304         {
305             sig = helper.createSignature(getSignatureName(sigAlgId));
306         }
307         catch (NoSuchAlgorithmException e)
308         {
309             //
310             // try an alternate
311             //
312             if (oids.get(sigAlgId.getAlgorithm()) != null)
313             {
314                 String  signatureAlgorithm = (String)oids.get(sigAlgId.getAlgorithm());
315 
316                 sig = helper.createSignature(signatureAlgorithm);
317             }
318             else
319             {
320                 throw e;
321             }
322         }
323         }
324         catch (Exception e)
325         {
326             throw new GeneralSecurityException(e.toString());
327         }
328 
329         return sig;
330     }
331 
createRawSignature(AlgorithmIdentifier algorithm)332     public Signature createRawSignature(AlgorithmIdentifier algorithm)
333     {
334         Signature   sig;
335 
336         try
337         {
338             String algName = getSignatureName(algorithm);
339 
340             algName = "NONE" + algName.substring(algName.indexOf("WITH"));
341 
342             sig = helper.createSignature(algName);
343 
344             // RFC 4056
345             // When the id-RSASSA-PSS algorithm identifier is used for a signature,
346             // the AlgorithmIdentifier parameters field MUST contain RSASSA-PSS-params.
347 /*
348             if (algorithm.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
349             {
350                 AlgorithmParameters params = helper.createAlgorithmParameters(algName);
351 
352                 AlgorithmParametersUtils.loadParameters(params, algorithm.getParameters());
353 
354                 PSSParameterSpec spec = (PSSParameterSpec)params.getParameterSpec(PSSParameterSpec.class);
355                 sig.setParameter(spec);
356             }
357 */
358         }
359         catch (Exception e)
360         {
361             return null;
362         }
363 
364         return sig;
365     }
366 
getSignatureName( AlgorithmIdentifier sigAlgId)367     private static String getSignatureName(
368         AlgorithmIdentifier sigAlgId)
369     {
370         ASN1Encodable params = sigAlgId.getParameters();
371 
372         if (params != null && !DERNull.INSTANCE.equals(params))
373         {
374             if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
375             {
376                 RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params);
377                 return getDigestName(rsaParams.getHashAlgorithm().getAlgorithm()) + "WITHRSAANDMGF1";
378             }
379         }
380 
381         if (oids.containsKey(sigAlgId.getAlgorithm()))
382         {
383             return (String)oids.get(sigAlgId.getAlgorithm());
384         }
385 
386         return sigAlgId.getAlgorithm().getId();
387     }
388 
389     // we need to remove the - to create a correct signature name
getDigestName(ASN1ObjectIdentifier oid)390     private static String getDigestName(ASN1ObjectIdentifier oid)
391     {
392         String name = MessageDigestUtils.getDigestName(oid);
393 
394         int dIndex = name.indexOf('-');
395         if (dIndex > 0)
396         {
397             return name.substring(0, dIndex) + name.substring(dIndex + 1);
398         }
399 
400         return MessageDigestUtils.getDigestName(oid);
401     }
402 
convertCertificate(X509CertificateHolder certHolder)403     public X509Certificate convertCertificate(X509CertificateHolder certHolder)
404         throws CertificateException
405     {
406 
407         try
408         {
409             CertificateFactory certFact = helper.createCertificateFactory("X.509");
410 
411             return (X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(certHolder.getEncoded()));
412         }
413         catch (IOException e)
414         {
415             throw new OpCertificateException("cannot get encoded form of certificate: " + e.getMessage(), e);
416         }
417         catch (NoSuchProviderException e)
418         {
419             throw new OpCertificateException("cannot find factory provider: " + e.getMessage(), e);
420         }
421     }
422 
convertPublicKey(SubjectPublicKeyInfo publicKeyInfo)423     public PublicKey convertPublicKey(SubjectPublicKeyInfo publicKeyInfo)
424         throws OperatorCreationException
425     {
426         try
427         {
428             KeyFactory keyFact = helper.createKeyFactory(publicKeyInfo.getAlgorithm().getAlgorithm().getId());
429 
430             return keyFact.generatePublic(new X509EncodedKeySpec(publicKeyInfo.getEncoded()));
431         }
432         catch (IOException e)
433         {
434             throw new OperatorCreationException("cannot get encoded form of key: " + e.getMessage(), e);
435         }
436         catch (NoSuchAlgorithmException e)
437         {
438             throw new OperatorCreationException("cannot create key factory: " + e.getMessage(), e);
439         }
440         catch (NoSuchProviderException e)
441         {
442             throw new OperatorCreationException("cannot find factory provider: " + e.getMessage(), e);
443         }
444         catch (InvalidKeySpecException e)
445         {
446             throw new OperatorCreationException("cannot create key factory: " + e.getMessage(), e);
447         }
448     }
449 
450     // TODO: put somewhere public so cause easily accessed
451     private static class OpCertificateException
452         extends CertificateException
453     {
454         private Throwable cause;
455 
OpCertificateException(String msg, Throwable cause)456         public OpCertificateException(String msg, Throwable cause)
457         {
458             super(msg);
459 
460             this.cause = cause;
461         }
462 
getCause()463         public Throwable getCause()
464         {
465             return cause;
466         }
467     }
468 
getKeyAlgorithmName(ASN1ObjectIdentifier oid)469     String getKeyAlgorithmName(ASN1ObjectIdentifier oid)
470     {
471 
472         String name = (String)symmetricKeyAlgNames.get(oid);
473 
474         if (name != null)
475         {
476             return name;
477         }
478 
479         return oid.getId();
480     }
481 }
482