blob: 3b975e4fa5e307429aa3df67f111d1f174d78f33 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
package org.spongycastle.operator.bc;
import java.io.IOException;
import java.io.OutputStream;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.crypto.Signer;
import org.spongycastle.crypto.params.AsymmetricKeyParameter;
import org.spongycastle.operator.ContentVerifier;
import org.spongycastle.operator.ContentVerifierProvider;
import org.spongycastle.operator.OperatorCreationException;
public abstract class BcContentVerifierProviderBuilder
{
protected BcDigestProvider digestProvider;
public BcContentVerifierProviderBuilder()
{
this.digestProvider = BcDefaultDigestProvider.INSTANCE;
}
public ContentVerifierProvider build(final X509CertificateHolder certHolder)
throws OperatorCreationException
{
return new ContentVerifierProvider()
{
public boolean hasAssociatedCertificate()
{
return true;
}
public X509CertificateHolder getAssociatedCertificate()
{
return certHolder;
}
public ContentVerifier get(AlgorithmIdentifier algorithm)
throws OperatorCreationException
{
try
{
AsymmetricKeyParameter publicKey = extractKeyParameters(certHolder.getSubjectPublicKeyInfo());
BcSignerOutputStream stream = createSignatureStream(algorithm, publicKey);
return new SigVerifier(algorithm, stream);
}
catch (IOException e)
{
throw new OperatorCreationException("exception on setup: " + e, e);
}
}
};
}
public ContentVerifierProvider build(final AsymmetricKeyParameter publicKey)
throws OperatorCreationException
{
return new ContentVerifierProvider()
{
public boolean hasAssociatedCertificate()
{
return false;
}
public X509CertificateHolder getAssociatedCertificate()
{
return null;
}
public ContentVerifier get(AlgorithmIdentifier algorithm)
throws OperatorCreationException
{
BcSignerOutputStream stream = createSignatureStream(algorithm, publicKey);
return new SigVerifier(algorithm, stream);
}
};
}
private BcSignerOutputStream createSignatureStream(AlgorithmIdentifier algorithm, AsymmetricKeyParameter publicKey)
throws OperatorCreationException
{
Signer sig = createSigner(algorithm);
sig.init(false, publicKey);
return new BcSignerOutputStream(sig);
}
/**
* Extract an AsymmetricKeyParameter from the passed in SubjectPublicKeyInfo structure.
*
* @param publicKeyInfo a publicKeyInfo structure describing the public key required.
* @return an AsymmetricKeyParameter object containing the appropriate public key.
* @throws IOException if the publicKeyInfo data cannot be parsed,
*/
protected abstract AsymmetricKeyParameter extractKeyParameters(SubjectPublicKeyInfo publicKeyInfo)
throws IOException;
/**
* Create the correct signer for the algorithm identifier sigAlgId.
*
* @param sigAlgId the algorithm details for the signature we want to verify.
* @return a Signer object.
* @throws OperatorCreationException if the Signer cannot be constructed.
*/
protected abstract Signer createSigner(AlgorithmIdentifier sigAlgId)
throws OperatorCreationException;
private class SigVerifier
implements ContentVerifier
{
private BcSignerOutputStream stream;
private AlgorithmIdentifier algorithm;
SigVerifier(AlgorithmIdentifier algorithm, BcSignerOutputStream stream)
{
this.algorithm = algorithm;
this.stream = stream;
}
public AlgorithmIdentifier getAlgorithmIdentifier()
{
return algorithm;
}
public OutputStream getOutputStream()
{
if (stream == null)
{
throw new IllegalStateException("verifier not initialised");
}
return stream;
}
public boolean verify(byte[] expected)
{
return stream.verify(expected);
}
}
}
|
