public static boolean hasRSAParameters(Certificate cert) { if (cert.isEmpty()) { return false; } PublicKey key = parsePublicKey(cert); return key != null && key instanceof RSAPublicKey; }
public static boolean hasDsaParameters(Certificate cert) { if (cert.isEmpty()) { return false; } PublicKey key = parsePublicKey(cert); return key != null && key instanceof DSAPublicKey; }
public static BigInteger extractRSAModulus(Certificate cert) throws IOException { if (hasRSAParameters(cert)) { if (cert.isEmpty()) { return null; } RSAPublicKey rsaPubKey = (RSAPublicKey) parsePublicKey(cert); return rsaPubKey.getModulus(); } else { return null; } }
public static DHPublicKeyParameters extractDHPublicKeyParameters(Certificate cert) throws IOException { if (hasDHParameters(cert)) { if (cert.isEmpty()) { return null; } SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); return (DHPublicKeyParameters) PublicKeyFactory.createKey(keyInfo); } else { return null; } }
public static ECPublicKeyParameters extractECPublicKeyParameters(Certificate cert) throws IOException { if (hasECParameters(cert)) { if (cert.isEmpty()) { return null; } SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); if (keyInfo == null) { return null; } return (ECPublicKeyParameters) PublicKeyFactory.createKey(keyInfo); } else { return null; } }
public static boolean hasDHParameters(Certificate cert) { if (cert.isEmpty()) { return false; } SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); return keyInfo.getAlgorithm().getAlgorithm().equals(X9ObjectIdentifiers.dhpublicnumber); }
public static boolean hasECParameters(Certificate cert) { if (cert.isEmpty()) { return false; } SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); if (keyInfo == null) { return false; } return keyInfo.getAlgorithm().getAlgorithm().equals(X9ObjectIdentifiers.id_ecPublicKey); }
public static boolean hasGOSTParameters(Certificate cert) { if (cert.isEmpty()) { return false; } SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); return keyInfo.getAlgorithm().getAlgorithm().equals(CryptoProObjectIdentifiers.gostR3410_94); }
public static boolean hasGost01EcParameters(Certificate cert) { if (cert.isEmpty()) { return false; } SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); ASN1ObjectIdentifier alg = keyInfo.getAlgorithm().getAlgorithm(); return alg.equals(CryptoProObjectIdentifiers.gostR3410_2001); }
private CertificateKeyType getPublicKeyType(Certificate cert) { if (cert.isEmpty()) { throw new IllegalArgumentException("Empty CertChain provided!"); } AlgorithmIdentifier algorithm = cert.getCertificateAt(0).getSubjectPublicKeyInfo().getAlgorithm(); switch (algorithm.getAlgorithm().getId()) { case "1.2.840.113549.1.1.1": return CertificateKeyType.RSA; case "1.2.840.10045.2.1": return CertificateKeyType.ECDSA; case "1.2.840.113549.1.3.1": return CertificateKeyType.DH; case "1.2.840.10040.4.1": return CertificateKeyType.DSS; case "1.2.643.2.2.19": return CertificateKeyType.GOST01; case "1.2.643.7.1.1.1.1": case "1.2.643.7.1.1.1.2": return CertificateKeyType.GOST12; default: LOGGER.warn("Unknown algorithm ID: " + algorithm.getAlgorithm().getId() + " using \"NONE\""); return CertificateKeyType.NONE; } }
public static boolean hasGost12EcParameters(Certificate cert) { if (cert.isEmpty()) { return false; } SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); ASN1ObjectIdentifier alg = keyInfo.getAlgorithm().getAlgorithm(); return alg.equals(RosstandartObjectIdentifiers.id_tc26_gost_3410_12_256) || alg.equals(RosstandartObjectIdentifiers.id_tc26_gost_3410_12_512); }
private NamedGroup getPublicNamedGroup(Certificate cert) { if (cert.isEmpty()) { throw new IllegalArgumentException("Empty CertChain provided!"); } if (!(publicKey instanceof CustomEcPublicKey)) { return null; } try { X509CertificateObject obj = new X509CertificateObject(cert.getCertificateAt(0)); if (obj.getPublicKey() instanceof BCECGOST3410PublicKey) { return NamedGroup.GOST3410; } if (obj.getPublicKey() instanceof BCECGOST3410_2012PublicKey) { return NamedGroup.GOST3410_2012; } BCECPublicKey ecKey = (BCECPublicKey) obj.getPublicKey(); ECNamedCurveSpec spec = (ECNamedCurveSpec) ecKey.getParams(); return NamedGroup.fromJavaName(spec.getName()); } catch (Exception ex) { LOGGER.warn("Could not determine EC public key group", ex); return null; } }
private GOSTCurve getGostCurve(Certificate cert) { if (cert.isEmpty()) { throw new IllegalArgumentException("Empty CertChain provided!"); } switch (((ASN1ObjectIdentifier) ((ASN1Sequence) cert.getCertificateAt(0).getSubjectPublicKeyInfo() .getAlgorithm().getParameters()).getObjectAt(0)).getId()) { case "1.2.643.2.2.35.1": return GOSTCurve.GostR3410_2001_CryptoPro_A; case "1.2.643.2.2.35.2": return GOSTCurve.GostR3410_2001_CryptoPro_B; case "1.2.643.2.2.35.3": return GOSTCurve.GostR3410_2001_CryptoPro_C; case "1.2.643.2.2.36.0": return GOSTCurve.GostR3410_2001_CryptoPro_XchA; case "1.2.643.2.2.36.1": return GOSTCurve.GostR3410_2001_CryptoPro_XchB; case "1.2.643.7.1.1.1.2": return GOSTCurve.Tc26_Gost_3410_12_256_paramSetA; case "1.2.643.7.1.2.1.2.1": return GOSTCurve.Tc26_Gost_3410_12_512_paramSetA; case "1.2.643.7.1.2.1.2.2": return GOSTCurve.Tc26_Gost_3410_12_512_paramSetB; case "1.2.643.7.1.1.1.5": return GOSTCurve.Tc26_Gost_3410_12_512_paramSetC; } return null; }
protected void sendCertificateMessage(Certificate certificate) throws IOException { if (certificate == null) { certificate = Certificate.EMPTY_CHAIN; } if (certificate.isEmpty()) { TlsContext context = getContext(); if (!context.isServer()) { ProtocolVersion serverVersion = getContext().getServerVersion(); if (serverVersion.isSSL()) { String errorMessage = serverVersion.toString() + " client didn't provide credentials"; raiseAlertWarning(AlertDescription.no_certificate, errorMessage); return; } } } HandshakeMessage message = new HandshakeMessage(HandshakeType.certificate); certificate.encode(message); message.writeToRecordStream(); }
protected void sendCertificateMessage(Certificate certificate) throws IOException { if (certificate == null) { certificate = Certificate.EMPTY_CHAIN; } if (certificate.isEmpty()) { TlsContext context = getContext(); if (!context.isServer()) { ProtocolVersion serverVersion = getContext().getServerVersion(); if (serverVersion.isSSL()) { String errorMessage = serverVersion.toString() + " client didn't provide credentials"; raiseWarning(AlertDescription.no_certificate, errorMessage); return; } } } HandshakeMessage message = new HandshakeMessage(HandshakeType.certificate); certificate.encode(message); message.writeToRecordStream(); }
public void processServerCertificate(Certificate serverCertificate) throws IOException { if (tlsSigner == null) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } if (serverCertificate.isEmpty()) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } org.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); try { this.serverPublicKey = PublicKeyFactory.createKey(keyInfo); } catch (RuntimeException e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } if (!tlsSigner.isValidPublicKey(this.serverPublicKey)) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } TlsUtils.validateKeyUsage(x509Cert, KeyUsage.digitalSignature); super.processServerCertificate(serverCertificate); }
public void processServerCertificate(Certificate serverCertificate) throws IOException { if (tlsSigner == null) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } if (serverCertificate.isEmpty()) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } org.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); try { this.serverPublicKey = PublicKeyFactory.createKey(keyInfo); } catch (RuntimeException e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } if (!tlsSigner.isValidPublicKey(this.serverPublicKey)) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } TlsUtils.validateKeyUsage(x509Cert, KeyUsage.digitalSignature); super.processServerCertificate(serverCertificate); }
public void processServerCertificate(Certificate serverCertificate) throws IOException { if (serverCertificate.isEmpty()) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } org.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); try { this.serverPublicKey = PublicKeyFactory.createKey(keyInfo); } catch (RuntimeException e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } // Sanity check the PublicKeyFactory if (this.serverPublicKey.isPrivate()) { throw new TlsFatalAlert(AlertDescription.internal_error); } this.rsaServerPublicKey = validateRSAPublicKey((RSAKeyParameters)this.serverPublicKey); TlsUtils.validateKeyUsage(x509Cert, KeyUsage.keyEncipherment); super.processServerCertificate(serverCertificate); }
public void processServerCertificate(Certificate serverCertificate) throws IOException { if (serverCertificate.isEmpty()) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } org.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); try { this.serverPublicKey = PublicKeyFactory.createKey(keyInfo); } catch (RuntimeException e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } // Sanity check the PublicKeyFactory if (this.serverPublicKey.isPrivate()) { throw new TlsFatalAlert(AlertDescription.internal_error); } this.rsaServerPublicKey = validateRSAPublicKey((RSAKeyParameters)this.serverPublicKey); TlsUtils.validateKeyUsage(x509Cert, KeyUsage.keyEncipherment); super.processServerCertificate(serverCertificate); }
public void processServerCertificate(Certificate serverCertificate) throws IOException { if (keyExchange != KeyExchangeAlgorithm.RSA_PSK) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } if (serverCertificate.isEmpty()) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } org.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); try { this.serverPublicKey = PublicKeyFactory.createKey(keyInfo); } catch (RuntimeException e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } // Sanity check the PublicKeyFactory if (this.serverPublicKey.isPrivate()) { throw new TlsFatalAlert(AlertDescription.internal_error); } this.rsaServerPublicKey = validateRSAPublicKey((RSAKeyParameters)this.serverPublicKey); TlsUtils.validateKeyUsage(x509Cert, KeyUsage.keyEncipherment); super.processServerCertificate(serverCertificate); }