1. Project Clover database Tue Dec 20 2016 21:24:09 CET
  2. Package org.xwiki.crypto.pkix.internal

File BcUtils.java

 

Coverage histogram

../../../../../img/srcFileCovDistChart6.png
69% of files have more coverage

Code metrics

20
45
10
1
245
132
24
0.53
4.5
10
2.4

Classes

Class Line # Actions
BcUtils 55 45 0% 24 30
0.660%
 

Contributing tests

This file is covered by 23 tests. .

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package org.xwiki.crypto.pkix.internal;
21   
22    import java.io.IOException;
23    import java.io.OutputStream;
24   
25    import org.bouncycastle.asn1.ASN1Encodable;
26    import org.bouncycastle.asn1.ASN1EncodableVector;
27    import org.bouncycastle.asn1.DERBitString;
28    import org.bouncycastle.asn1.DERNull;
29    import org.bouncycastle.asn1.DEROutputStream;
30    import org.bouncycastle.asn1.DERSequence;
31    import org.bouncycastle.asn1.x500.X500Name;
32    import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
33    import org.bouncycastle.asn1.x509.Certificate;
34    import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
35    import org.bouncycastle.asn1.x509.TBSCertificate;
36    import org.bouncycastle.cert.X509CertificateHolder;
37    import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
38    import org.bouncycastle.crypto.util.PublicKeyFactory;
39    import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory;
40    import org.bouncycastle.operator.ContentSigner;
41    import org.xwiki.crypto.internal.asymmetric.BcAsymmetricKeyParameters;
42    import org.xwiki.crypto.internal.asymmetric.BcPublicKeyParameters;
43    import org.xwiki.crypto.params.cipher.asymmetric.PublicKeyParameters;
44    import org.xwiki.crypto.pkix.CertificateFactory;
45    import org.xwiki.crypto.pkix.params.CertifiedPublicKey;
46    import org.xwiki.crypto.pkix.params.PrincipalIndentifier;
47    import org.xwiki.crypto.signer.Signer;
48   
49    /**
50    * Utility class for converting values from/into Bouncy Castle equivalents.
51    *
52    * @version $Id: fb48d8d8ea48903a00d354fb9e0d472700b03839 $
53    * @since 5.4
54    */
 
55    public final class BcUtils
56    {
 
57  0 toggle private BcUtils()
58    {
59    // Utility class.
60    }
61   
62    /**
63    * Convert certified public key to certificate holder.
64    *
65    * @param cert the certified public key.
66    * @return a certificate holder.
67    */
 
68  51 toggle public static X509CertificateHolder getX509CertificateHolder(CertifiedPublicKey cert)
69    {
70  51 if (cert instanceof BcX509CertifiedPublicKey) {
71  51 return ((BcX509CertifiedPublicKey) cert).getX509CertificateHolder();
72    } else {
73  0 try {
74  0 return new X509CertificateHolder(cert.getEncoded());
75    } catch (IOException e) {
76    // Very unlikely
77  0 throw new IllegalArgumentException("Invalid certified public key, unable to encode.");
78    }
79    }
80   
81    }
82   
83    /**
84    * Convert public key parameters to asymmetric key parameter.
85    *
86    * @param publicKey the public key parameter to convert.
87    * @return an asymmetric key parameter.
88    */
 
89  0 toggle public static AsymmetricKeyParameter getAsymmetricKeyParameter(PublicKeyParameters publicKey)
90    {
91  0 if (publicKey instanceof BcAsymmetricKeyParameters) {
92  0 return ((BcAsymmetricKeyParameters) publicKey).getParameters();
93    } else {
94  0 try {
95  0 return PublicKeyFactory.createKey(publicKey.getEncoded());
96    } catch (IOException e) {
97    // Very unlikely
98  0 throw new IllegalArgumentException("Invalid public key, unable to encode.");
99    }
100    }
101   
102    }
103   
104    /**
105    * Convert public key parameter to subject public key info.
106    *
107    * @param publicKey the public key to convert.
108    * @return a subject public key info.
109    */
 
110  19 toggle public static SubjectPublicKeyInfo getSubjectPublicKeyInfo(PublicKeyParameters publicKey)
111    {
112  19 try {
113  19 if (publicKey instanceof BcPublicKeyParameters) {
114  19 return ((BcPublicKeyParameters) publicKey).getSubjectPublicKeyInfo();
115    } else {
116  0 return SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(getAsymmetricKeyParameter(publicKey));
117    }
118    } catch (IOException e) {
119    // Very unlikely
120  0 throw new IllegalArgumentException("Invalid public key, unable to get subject info.");
121    }
122    }
123   
124    /**
125    * Build the structure of an X.509 certificate.
126    *
127    * @param tbsCert the to be signed structure
128    * @param signature the signature
129    * @return a X.509 certificate holder.
130    */
 
131  10 toggle public static X509CertificateHolder getX509CertificateHolder(TBSCertificate tbsCert, byte[] signature)
132    {
133  10 ASN1EncodableVector v = new ASN1EncodableVector();
134   
135  10 v.add(tbsCert);
136  10 v.add(tbsCert.getSignature());
137  10 v.add(new DERBitString(signature));
138   
139  10 return new X509CertificateHolder(Certificate.getInstance(new DERSequence(v)));
140    }
141   
142    /**
143    * Compare two algorithm identifier.
144    *
145    * @param id1 an algorithm identifier.
146    * @param id2 another algorithm identifier.
147    * @return true if both algorithm identifier are equals, false otherwise.
148    */
 
149  38 toggle public static boolean isAlgorithlIdentifierEqual(AlgorithmIdentifier id1, AlgorithmIdentifier id2)
150    {
151  38 if (!id1.getAlgorithm().equals(id2.getAlgorithm()))
152    {
153  0 return false;
154    }
155   
156  38 if (id1.getParameters() == null)
157    {
158  0 return !(id2.getParameters() != null && !id2.getParameters().equals(DERNull.INSTANCE));
159    }
160   
161  38 if (id2.getParameters() == null)
162    {
163  0 return !(id1.getParameters() != null && !id1.getParameters().equals(DERNull.INSTANCE));
164    }
165   
166  38 return id1.getParameters().equals(id2.getParameters());
167    }
168   
169    /**
170    * DER encode an ASN.1 object into the given signer and return the signer.
171    *
172    * @param signer a signer.
173    * @param tbsObj the object to sign.
174    * @return a the signer for chaining.
175    * @throws java.io.IOException on encoding error.
176    */
 
177  48 toggle public static Signer updateDEREncodedObject(Signer signer, ASN1Encodable tbsObj)
178    throws IOException
179    {
180  48 OutputStream sOut = signer.getOutputStream();
181  48 DEROutputStream dOut = new DEROutputStream(sOut);
182   
183  48 dOut.writeObject(tbsObj);
184   
185  48 sOut.close();
186   
187  48 return signer;
188    }
189   
190    /**
191    * Convert principal identifier to X.500 name.
192    *
193    * @param principal principal identifier to convert.
194    * @return an X.500 name.
195    */
 
196  34 toggle public static X500Name getX500Name(PrincipalIndentifier principal)
197    {
198  34 if (principal instanceof BcPrincipalIdentifier) {
199  34 return ((BcPrincipalIdentifier) principal).getX500Name();
200    } else {
201  0 return new X500Name(principal.getName());
202    }
203    }
204   
205    /**
206    * Get the algorithm identifier of a signer.
207    *
208    * @param signer the signer.
209    * @return an algorithm identifier.
210    */
 
211  35 toggle public static AlgorithmIdentifier getSignerAlgoritmIdentifier(Signer signer)
212    {
213  35 if (signer instanceof ContentSigner) {
214  35 return ((ContentSigner) signer).getAlgorithmIdentifier();
215    } else {
216  0 return AlgorithmIdentifier.getInstance(signer.getEncoded());
217    }
218    }
219   
220    /**
221    * Convert a Bouncy Castle certificate holder into a certified public key.
222    *
223    * @param certFactory the certificate factory to be used for conversion.
224    * @param cert the certificate to convert.
225    * @return a certified public key wrapping equivalent to the provided holder.
226    * @since 6.0M1
227    */
 
228  61 toggle public static CertifiedPublicKey convertCertificate(CertificateFactory certFactory, X509CertificateHolder cert)
229    {
230  61 if (cert == null) {
231  19 return null;
232    }
233   
234  42 if (certFactory instanceof BcX509CertificateFactory) {
235  42 return ((BcX509CertificateFactory) certFactory).convert(cert);
236    } else {
237  0 try {
238  0 return certFactory.decode(cert.getEncoded());
239    } catch (IOException e) {
240    // Very unlikely
241  0 throw new IllegalArgumentException("Invalid Certificate, unable to encode", e);
242    }
243    }
244    }
245    }