1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
package org.spongycastle.mozilla;
import java.io.ByteArrayInputStream;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.X509EncodedKeySpec;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1Object;
import org.spongycastle.asn1.ASN1Primitive;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.DERBitString;
import org.spongycastle.asn1.mozilla.PublicKeyAndChallenge;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
/**
* This is designed to parse the SignedPublicKeyAndChallenge created by the
* KEYGEN tag included by Mozilla based browsers.
* <pre>
* PublicKeyAndChallenge ::= SEQUENCE {
* spki SubjectPublicKeyInfo,
* challenge IA5STRING
* }
*
* SignedPublicKeyAndChallenge ::= SEQUENCE {
* publicKeyAndChallenge PublicKeyAndChallenge,
* signatureAlgorithm AlgorithmIdentifier,
* signature BIT STRING
* }
* </pre>
*/
public class SignedPublicKeyAndChallenge
extends ASN1Object
{
private static ASN1Sequence toDERSequence(byte[] bytes)
{
try
{
ByteArrayInputStream bIn = new ByteArrayInputStream(bytes);
ASN1InputStream aIn = new ASN1InputStream(bIn);
return (ASN1Sequence)aIn.readObject();
}
catch (Exception e)
{
throw new IllegalArgumentException("badly encoded request");
}
}
private ASN1Sequence spkacSeq;
private PublicKeyAndChallenge pkac;
private AlgorithmIdentifier signatureAlgorithm;
private DERBitString signature;
public SignedPublicKeyAndChallenge(byte[] bytes)
{
spkacSeq = toDERSequence(bytes);
pkac = PublicKeyAndChallenge.getInstance(spkacSeq.getObjectAt(0));
signatureAlgorithm =
AlgorithmIdentifier.getInstance(spkacSeq.getObjectAt(1));
signature = (DERBitString)spkacSeq.getObjectAt(2);
}
public ASN1Primitive toASN1Primitive()
{
return spkacSeq;
}
public PublicKeyAndChallenge getPublicKeyAndChallenge()
{
return pkac;
}
public boolean verify()
throws NoSuchAlgorithmException, SignatureException,
NoSuchProviderException, InvalidKeyException
{
return verify(null);
}
public boolean verify(String provider)
throws NoSuchAlgorithmException, SignatureException,
NoSuchProviderException, InvalidKeyException
{
Signature sig = null;
if (provider == null)
{
sig = Signature.getInstance(signatureAlgorithm.getAlgorithm().getId());
}
else
{
sig = Signature.getInstance(signatureAlgorithm.getAlgorithm().getId(), provider);
}
PublicKey pubKey = this.getPublicKey(provider);
sig.initVerify(pubKey);
try
{
DERBitString pkBytes = new DERBitString(pkac);
sig.update(pkBytes.getBytes());
return sig.verify(signature.getBytes());
}
catch (Exception e)
{
throw new InvalidKeyException("error encoding public key");
}
}
public PublicKey getPublicKey(String provider)
throws NoSuchAlgorithmException, NoSuchProviderException,
InvalidKeyException
{
SubjectPublicKeyInfo subjectPKInfo = pkac.getSubjectPublicKeyInfo();
try
{
DERBitString bStr = new DERBitString(subjectPKInfo);
X509EncodedKeySpec xspec = new X509EncodedKeySpec(bStr.getBytes());
AlgorithmIdentifier keyAlg = subjectPKInfo.getAlgorithm();
KeyFactory factory =
KeyFactory.getInstance(keyAlg.getAlgorithm().getId(),provider);
return factory.generatePublic(xspec);
}
catch (Exception e)
{
throw new InvalidKeyException("error encoding public key");
}
}
}
|
