/** * Change the CMS message type to oid * @param cmsMsgType The CMS message type * @return oid */ public static String pkinitType2OID(CmsMessageType cmsMsgType) { switch (cmsMsgType) { case UNKNOWN: return null; case CMS_SIGN_CLIENT: return PkinitPlgCryptoContext.getIdPkinitAuthDataOID(); case CMS_SIGN_SERVER: return PkinitPlgCryptoContext.getIdPkinitDHKeyDataOID(); case CMS_ENVEL_SERVER: return PkinitPlgCryptoContext.getIdPkinitRkeyDataOID(); default: return null; } }
public DHParameterSpec createDHParameterSpec(int dhSize) throws KrbException { BigInteger g = BigInteger.valueOf(2); BigInteger p = null; switch (dhSize) { case 1024: p = getPkinit1024Prime(); break; case 2048: p = getPkinit2048Prime(); break; case 4096: p = getPkinit4096Prime(); break; default: throw new KrbException("Unsupported dh size:" + dhSize); } return new DHParameterSpec(p, g); }
private byte[] signAuthPack(AuthPack authPack) throws KrbException { String oid = PkinitPlgCryptoContext.getIdPkinitAuthDataOID(); byte[] signedDataBytes = PkinitCrypto.eContentInfoCreate( KrbCodec.encode(authPack), oid); return signedDataBytes; }
String oid = PkinitPlgCryptoContext.getIdPkinitDHKeyDataOID(); signedDataBytes = PkinitCrypto.cmsSignedDataCreate(KrbCodec.encode(kdcDhKeyInfo), oid, 3, null, certificateSet, null, null);
/** * Check DH wellknown * @param cryptoctx The PkinitPlgCryptoContext * @param dhParameter The DhParameter * @param dhPrimeBits The dh prime bits * @return boolean * @throws KrbException e */ public static boolean checkDHWellknown(PkinitPlgCryptoContext cryptoctx, DhParameter dhParameter, int dhPrimeBits) throws KrbException { boolean valid = false; switch (dhPrimeBits) { case 1024: /* Oakley MODP group 2 */ case 2048: /* Oakley MODP group 14 */ case 4096: /* Oakley MODP group 16 */ valid = pkinitCheckDhParams(cryptoctx.createDHParameterSpec(dhPrimeBits), dhParameter); break; default: break; } return valid; }
private byte[] signAuthPack(AuthPack authPack) throws KrbException { String oid = PkinitPlgCryptoContext.getIdPkinitAuthDataOID(); byte[] signedDataBytes = PkinitCrypto.eContentInfoCreate( KrbCodec.encode(authPack), oid); return signedDataBytes; }
String oid = PkinitPlgCryptoContext.getIdPkinitDHKeyDataOID(); signedDataBytes = PkinitCrypto.cmsSignedDataCreate(KrbCodec.encode(kdcDhKeyInfo), oid, 3, null, certificateSet, null, null);
/** * Check DH wellknown * @param cryptoctx The PkinitPlgCryptoContext * @param dhParameter The DhParameter * @param dhPrimeBits The dh prime bits * @return boolean * @throws KrbException e */ public static boolean checkDHWellknown(PkinitPlgCryptoContext cryptoctx, DhParameter dhParameter, int dhPrimeBits) throws KrbException { boolean valid = false; switch (dhPrimeBits) { case 1024: /* Oakley MODP group 2 */ case 2048: /* Oakley MODP group 14 */ case 4096: /* Oakley MODP group 16 */ valid = pkinitCheckDhParams(cryptoctx.createDHParameterSpec(dhPrimeBits), dhParameter); break; default: break; } return valid; }
/** * Change the CMS message type to oid * @param cmsMsgType The CMS message type * @return oid */ public static String pkinitType2OID(CmsMessageType cmsMsgType) { switch (cmsMsgType) { case UNKNOWN: return null; case CMS_SIGN_CLIENT: return PkinitPlgCryptoContext.getIdPkinitAuthDataOID(); case CMS_SIGN_SERVER: return PkinitPlgCryptoContext.getIdPkinitDHKeyDataOID(); case CMS_ENVEL_SERVER: return PkinitPlgCryptoContext.getIdPkinitRkeyDataOID(); default: return null; } }
public DHParameterSpec createDHParameterSpec(int dhSize) throws KrbException { BigInteger g = BigInteger.valueOf(2); BigInteger p = null; switch (dhSize) { case 1024: p = getPkinit1024Prime(); break; case 2048: p = getPkinit2048Prime(); break; case 4096: p = getPkinit4096Prime(); break; default: throw new KrbException("Unsupported dh size:" + dhSize); } return new DHParameterSpec(p, g); }