protected void receiveCertificateVerifyMessage(ByteArrayInputStream buf) throws IOException { byte[] clientCertificateSignature = TlsUtils.readOpaque16(buf); assertEmpty(buf); // Verify the CertificateVerify message contains a correct signature. try { TlsSigner tlsSigner = TlsUtils.createTlsSigner(this.clientCertificateType); tlsSigner.init(getContext()); org.bouncycastle.asn1.x509.Certificate x509Cert = this.clientCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); AsymmetricKeyParameter publicKey = PublicKeyFactory.createKey(keyInfo); tlsSigner.verifyRawSignature(clientCertificateSignature, publicKey, this.certificateVerifyHash); } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.decrypt_error); } }
public PublicKey getPublicKey() { try { SubjectPublicKeyInfo subjectPublicKeyInfo = getCertificate().getSubjectPublicKeyInfo(); RSAKeyParameters rsa = (RSAKeyParameters) PublicKeyFactory.createKey(subjectPublicKeyInfo); RSAPublicKeySpec rsaSpec = new RSAPublicKeySpec(rsa.getModulus(), rsa.getExponent()); KeyFactory kf = KeyFactory.getInstance(DEFAULT_KEY_ALG); PublicKey rsaPub = kf.generatePublic(rsaSpec); return rsaPub; } catch (Exception e) { throw new RuntimeException("Error while getting Public Key: " + e.getMessage(), e); } }
@Test public void testSampleWitnesses() throws Exception { ECPublicKeyParameters pubKey = (ECPublicKeyParameters)PublicKeyFactory.createKey(encKey); ECShuffledTranscriptVerifier verifier = new ECShuffledTranscriptVerifier(pubKey, new ByteArrayInputStream(getSequence(witnessTranscript, new MessageChooser() { @Override public boolean chooseMessage(int index) { if (index % 2 == 0) { return false; } return true; } })), new ByteArrayInputStream(initialTranscript), new ByteArrayInputStream(finalTranscript)); verifier.verify(); }
@Test public void testCorruptWitnesses() throws Exception { ECPublicKeyParameters pubKey = (ECPublicKeyParameters)PublicKeyFactory.createKey(encKey); try { ECShuffledTranscriptVerifier verifier = new ECShuffledTranscriptVerifier(pubKey, new ByteArrayInputStream(initialTranscript), new ByteArrayInputStream(initialTranscript), new ByteArrayInputStream(finalTranscript)); verifier.verify(); TestCase.fail("corrupt messages not noticed"); } catch (TranscriptVerificationException e) { TestCase.assertEquals("illegal object in getInstance: org.bouncycastle.asn1.DLSequence", e.getCause().getMessage()); } }
protected void processCertificateVerify(ServerHandshakeState state, byte[] body, byte[] certificateVerifyHash) throws IOException { ByteArrayInputStream buf = new ByteArrayInputStream(body); DigitallySigned clientCertificateVerify = DigitallySigned.parse(state.serverContext, buf); TlsProtocol.assertEmpty(buf); // Verify the CertificateVerify message contains a correct signature. try { org.bouncycastle.asn1.x509.Certificate x509Cert = state.clientCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); AsymmetricKeyParameter publicKey = PublicKeyFactory.createKey(keyInfo); TlsSigner tlsSigner = TlsUtils.createTlsSigner(state.clientCertificateType); tlsSigner.init(state.serverContext); tlsSigner.verifyRawSignature(clientCertificateVerify.getAlgorithm(), clientCertificateVerify.getSignature(), publicKey, certificateVerifyHash); } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.decrypt_error); } }
protected void receiveCertificateVerifyMessage(ByteArrayInputStream buf) throws IOException { DigitallySigned clientCertificateVerify = DigitallySigned.parse(getContext(), buf); assertEmpty(buf); // Verify the CertificateVerify message contains a correct signature. try { org.bouncycastle.asn1.x509.Certificate x509Cert = this.peerCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); AsymmetricKeyParameter publicKey = PublicKeyFactory.createKey(keyInfo); TlsSigner tlsSigner = TlsUtils.createTlsSigner(this.clientCertificateType); tlsSigner.init(getContext()); tlsSigner.verifyRawSignature(clientCertificateVerify.getAlgorithm(), clientCertificateVerify.getSignature(), publicKey, this.certificateVerifyHash); } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.decrypt_error); } }
public AsymmetricKeyParameter getPublicKey() throws PKCSException { try { return PublicKeyFactory.createKey(this.getSubjectPublicKeyInfo()); } catch (IOException e) { throw new PKCSException("error extracting key encoding: " + e.getMessage(), e); } }
public void processServerCertificate(Certificate serverCertificate) throws IOException { if (serverCertificate.isEmpty()) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } org.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); try { this.serverPublicKey = PublicKeyFactory.createKey(keyInfo); } catch (RuntimeException e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate); } // Sanity check the PublicKeyFactory if (this.serverPublicKey.isPrivate()) { throw new TlsFatalAlert(AlertDescription.internal_error); } this.rsaServerPublicKey = validateRSAPublicKey((RSAKeyParameters)this.serverPublicKey); TlsUtils.validateKeyUsage(x509Cert, KeyUsage.keyEncipherment); super.processServerCertificate(serverCertificate); }
public void processServerCertificate(Certificate serverCertificate) throws IOException { if (keyExchange != KeyExchangeAlgorithm.RSA_PSK) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } if (serverCertificate.isEmpty()) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } org.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); try { this.serverPublicKey = PublicKeyFactory.createKey(keyInfo); } catch (RuntimeException e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate); } // Sanity check the PublicKeyFactory if (this.serverPublicKey.isPrivate()) { throw new TlsFatalAlert(AlertDescription.internal_error); } this.rsaServerPublicKey = validateRSAPublicKey((RSAKeyParameters)this.serverPublicKey); TlsUtils.validateKeyUsage(x509Cert, KeyUsage.keyEncipherment); super.processServerCertificate(serverCertificate); }
protected void processCertificateVerify(ServerHandshakeState state, byte[] body, byte[] certificateVerifyHash) throws IOException { ByteArrayInputStream buf = new ByteArrayInputStream(body); byte[] clientCertificateSignature = TlsUtils.readOpaque16(buf); TlsProtocol.assertEmpty(buf); // Verify the CertificateVerify message contains a correct signature. try { TlsSigner tlsSigner = TlsUtils.createTlsSigner(state.clientCertificateType); tlsSigner.init(state.serverContext); org.bouncycastle.asn1.x509.Certificate x509Cert = state.clientCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); AsymmetricKeyParameter publicKey = PublicKeyFactory.createKey(keyInfo); tlsSigner.verifyRawSignature(clientCertificateSignature, publicKey, certificateVerifyHash); } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.decrypt_error); } }
public void processServerCertificate(Certificate serverCertificate) throws IOException { if (tlsSigner == null) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } if (serverCertificate.isEmpty()) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } org.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); try { this.serverPublicKey = PublicKeyFactory.createKey(keyInfo); } catch (RuntimeException e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate); } if (!tlsSigner.isValidPublicKey(this.serverPublicKey)) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } TlsUtils.validateKeyUsage(x509Cert, KeyUsage.digitalSignature); super.processServerCertificate(serverCertificate); }
public static DHPublicKeyParameters extractDHPublicKeyParameters(Certificate cert) throws IOException { if (hasDHParameters(cert)) { SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); return (DHPublicKeyParameters) PublicKeyFactory.createKey(keyInfo); } else { throw new IOException(); } }
public static ECPublicKeyParameters extractECPublicKeyParameters(Certificate cert) throws IOException { if (hasECParameters(cert)) { SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); return (ECPublicKeyParameters) PublicKeyFactory.createKey(keyInfo); } else { throw new IOException(); } }
public void processServerCertificate(Certificate serverCertificate) throws IOException { if (serverCertificate.isEmpty()) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } org.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); try { this.serverPublicKey = PublicKeyFactory.createKey(keyInfo); } catch (RuntimeException e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } // Sanity check the PublicKeyFactory if (this.serverPublicKey.isPrivate()) { throw new TlsFatalAlert(AlertDescription.internal_error); } this.rsaServerPublicKey = validateRSAPublicKey((RSAKeyParameters)this.serverPublicKey); TlsUtils.validateKeyUsage(x509Cert, KeyUsage.keyEncipherment); super.processServerCertificate(serverCertificate); }
public void processServerCertificate(Certificate serverCertificate) throws IOException { if (keyExchange != KeyExchangeAlgorithm.RSA_PSK) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } if (serverCertificate.isEmpty()) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } org.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); try { this.serverPublicKey = PublicKeyFactory.createKey(keyInfo); } catch (RuntimeException e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } // Sanity check the PublicKeyFactory if (this.serverPublicKey.isPrivate()) { throw new TlsFatalAlert(AlertDescription.internal_error); } this.rsaServerPublicKey = validateRSAPublicKey((RSAKeyParameters)this.serverPublicKey); TlsUtils.validateKeyUsage(x509Cert, KeyUsage.keyEncipherment); super.processServerCertificate(serverCertificate); }
public void processServerCertificate(Certificate serverCertificate) throws IOException { if (tlsSigner == null) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } if (serverCertificate.isEmpty()) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } org.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); try { this.serverPublicKey = PublicKeyFactory.createKey(keyInfo); } catch (RuntimeException e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } if (!tlsSigner.isValidPublicKey(this.serverPublicKey)) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } TlsUtils.validateKeyUsage(x509Cert, KeyUsage.digitalSignature); super.processServerCertificate(serverCertificate); }
public static void main( String[] args ) throws InvalidKeySpecException, InvalidKeyException, IOException { ECPublicKey clientKey = (ECPublicKey) ECDH_KEY_FACTORY.generatePublic( new X509EncodedKeySpec( Base64.getDecoder().decode( "MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEDEKneqEvcqUqqFMM1HM1A4zWjJC+I8Y+aKzG5dl+6wNOHHQ4NmG2PEXRJYhujyodFH+wO0dEr4GM1WoaWog8xsYQ6mQJAC0eVpBM96spUB1eMN56+BwlJ4H3Qx4TAvAs" ) ) ); ECPrivateKey privateKey = (ECPrivateKey) ECDH_KEY_FACTORY.generatePrivate( new PKCS8EncodedKeySpec( Base64.getDecoder().decode( "MB8CAQAwEAYHKoZIzj0CAQYFK4EEACIECDAGAgEBBAEB" ) ) ); ECDHBasicAgreement agreement = new ECDHBasicAgreement(); agreement.init( PrivateKeyFactory.createKey( privateKey.getEncoded() ) ); byte[] secret = agreement.calculateAgreement( PublicKeyFactory.createKey( clientKey.getEncoded() ) ).toByteArray(); System.out.println( Util.toHexString( secret ) ); System.out.println( Util.toHexString( Base64.getDecoder().decode( "DEKneqEvcqUqqFMM1HM1A4zWjJC+I8Y+aKzG5dl+6wNOHHQ4NmG2PEXRJYhujyod" ) ) ); }
private RSAKeyParameters parseKey(String key) { try (InputStreamReader reader = new InputStreamReader(a(inputStream().withString(key)))) { PEMParser parser = new PEMParser(reader); return (RSAKeyParameters) PublicKeyFactory.createKey((SubjectPublicKeyInfo)parser.readObject()); } catch (Throwable e) { throw new InternalServerError("Failed to parse public key for Google Play verification.", e); } }
private RSAKeyParameters parseKey(String key) { try (InputStreamReader reader = new InputStreamReader(a(inputStream().withString(key)))) { PEMParser parser = new PEMParser(reader); return (RSAKeyParameters)PublicKeyFactory.createKey((SubjectPublicKeyInfo)parser.readObject()); } catch (Throwable e) { throw new InternalServerError("Failed to parse public key for content verification.", e); } }
protected void receiveCertificateVerifyMessage(ByteArrayInputStream buf) throws IOException { DigitallySigned clientCertificateVerify = DigitallySigned.parse(getContext(), buf); assertEmpty(buf); // Verify the CertificateVerify message contains a correct signature. try { byte[] hash; if (TlsUtils.isTLSv12(getContext())) { hash = prepareFinishHash.getFinalHash(clientCertificateVerify.getAlgorithm().getHash()); } else { hash = securityParameters.getSessionHash(); } org.bouncycastle.asn1.x509.Certificate x509Cert = peerCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); AsymmetricKeyParameter publicKey = PublicKeyFactory.createKey(keyInfo); TlsSigner tlsSigner = TlsUtils.createTlsSigner(clientCertificateType); tlsSigner.init(getContext()); if (!tlsSigner.verifyRawSignature(clientCertificateVerify.getAlgorithm(), clientCertificateVerify.getSignature(), publicKey, hash)) { throw new TlsFatalAlert(AlertDescription.decrypt_error); } } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.decrypt_error, e); } }
protected void processCertificateVerify(ServerHandshakeState state, byte[] body, TlsHandshakeHash prepareFinishHash) throws IOException { ByteArrayInputStream buf = new ByteArrayInputStream(body); DigitallySigned clientCertificateVerify = DigitallySigned.parse(state.serverContext, buf); TlsProtocol.assertEmpty(buf); // Verify the CertificateVerify message contains a correct signature. try { // TODO For TLS 1.2, this needs to be the hash specified in the DigitallySigned byte[] certificateVerifyHash = TlsProtocol.getCurrentPRFHash(state.serverContext, prepareFinishHash, null); org.bouncycastle.asn1.x509.Certificate x509Cert = state.clientCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); AsymmetricKeyParameter publicKey = PublicKeyFactory.createKey(keyInfo); TlsSigner tlsSigner = TlsUtils.createTlsSigner(state.clientCertificateType); tlsSigner.init(state.serverContext); tlsSigner.verifyRawSignature(clientCertificateVerify.getAlgorithm(), clientCertificateVerify.getSignature(), publicKey, certificateVerifyHash); } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.decrypt_error); } }
protected void receiveCertificateVerifyMessage(ByteArrayInputStream buf) throws IOException { DigitallySigned clientCertificateVerify = DigitallySigned.parse(getContext(), buf); assertEmpty(buf); // Verify the CertificateVerify message contains a correct signature. try { // TODO For TLS 1.2, this needs to be the hash specified in the DigitallySigned byte[] certificateVerifyHash = getCurrentPRFHash(getContext(), prepareFinishHash, null); org.bouncycastle.asn1.x509.Certificate x509Cert = this.peerCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); AsymmetricKeyParameter publicKey = PublicKeyFactory.createKey(keyInfo); TlsSigner tlsSigner = TlsUtils.createTlsSigner(this.clientCertificateType); tlsSigner.init(getContext()); tlsSigner.verifyRawSignature(clientCertificateVerify.getAlgorithm(), clientCertificateVerify.getSignature(), publicKey, certificateVerifyHash); } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.decrypt_error); } }
private Map<String, AsymmetricKeyParameter> buildPublicKeyMap(String[] nodes, String keyID) throws ServiceConnectionException { Map<String, AsymmetricKeyParameter> keyMap = new HashMap<>(); for (String node : nodes) { MessageReply reply = connection.sendMessage(node, CommandMessage.Type.FETCH_PARTIAL_PUBLIC_KEY, new FetchPartialPublicKeyMessage(node, keyID)); if (reply.getType() != MessageReply.Type.OKAY) { eventNotifier.notify(EventNotifier.Level.WARN, "Unable to get partial public key from " + node + ":" + reply.interpretPayloadAsError()); } try { PartialPublicKeyInfo partialPublicKeyInfo = PartialPublicKeyInfo.getInstance(reply.getPayload()); keyMap.put(node, PublicKeyFactory.createKey(partialPublicKeyInfo.getPartialKeyInfo())); } catch (Exception e) { eventNotifier.notify(EventNotifier.Level.WARN, "Unable to get partial public key from " + node + ": " + e.getMessage(), e); } } return keyMap; }
@Test public void testBasicVerification() throws Exception { ECPublicKeyParameters pubKey = (ECPublicKeyParameters)PublicKeyFactory.createKey(encKey); ECShuffledTranscriptVerifier verifier = new ECShuffledTranscriptVerifier(pubKey, new ByteArrayInputStream(witnessTranscript), new ByteArrayInputStream(initialTranscript), new ByteArrayInputStream(finalTranscript)); verifier.verify(); }
@Test public void testInsufficientInitial() throws Exception { ECPublicKeyParameters pubKey = (ECPublicKeyParameters)PublicKeyFactory.createKey(encKey); ECShuffledTranscriptVerifier verifier = new ECShuffledTranscriptVerifier(pubKey, new ByteArrayInputStream(witnessTranscript), new ByteArrayInputStream(getSequence(initialTranscript, new MessageChooser() { @Override public boolean chooseMessage(int index) { if (index % 2 == 0) { return false; } return true; } })), new ByteArrayInputStream(finalTranscript)); try { verifier.verify(); TestCase.fail("missing final messages not noticed"); } catch (TranscriptVerificationException e) { TestCase.assertEquals("Initial transcript incomplete 26 messages missing.", e.getMessage()); } }
@Test public void testInsufficientFinall() throws Exception { ECPublicKeyParameters pubKey = (ECPublicKeyParameters)PublicKeyFactory.createKey(encKey); ECShuffledTranscriptVerifier verifier = new ECShuffledTranscriptVerifier(pubKey, new ByteArrayInputStream(witnessTranscript), new ByteArrayInputStream(initialTranscript), new ByteArrayInputStream(getSequence(finalTranscript, new MessageChooser() { @Override public boolean chooseMessage(int index) { if (index % 2 == 0) { return false; } return true; } }))); try { verifier.verify(); TestCase.fail("missing final messages not noticed"); } catch (TranscriptVerificationException e) { TestCase.assertEquals("Final transcript incomplete 24 messages missing.", e.getMessage()); } }
private ChallengeLogMessage(ASN1Sequence seq) { this.index = ASN1Integer.getInstance(seq.getObjectAt(0)).getValue().intValue(); this.sequenceNo = ASN1Integer.getInstance(seq.getObjectAt(1)).getValue().intValue(); this.hasPassed = ASN1Boolean.getInstance(seq.getObjectAt(2)).isTrue(); this.keyInfo = SubjectPublicKeyInfo.getInstance(seq.getObjectAt(3)); ECPublicKeyParameters ecKey; try { ecKey = (ECPublicKeyParameters)PublicKeyFactory.createKey(keyInfo); } catch (IOException e) { throw new IllegalArgumentException("Unable to create EC key from keyInfo in sequence."); } ECCurve curve = ecKey.getParameters().getCurve(); this.sourceMessage = PointSequence.getInstance(curve, ASN1Sequence.getInstance(seq.getObjectAt(4))).getECPoints(); ASN1Sequence proofS = ASN1Sequence.getInstance(seq.getObjectAt(5)); decryptionProofs = new ECDecryptionProof[proofS.size()]; for (int i = 0; i != decryptionProofs.length; i++) { ASN1Sequence proof = ASN1Sequence.getInstance(proofS.getObjectAt(i)); decryptionProofs[i] = new ECDecryptionProof(curve.decodePoint(ASN1OctetString.getInstance(proof.getObjectAt(0)).getOctets()), curve.decodePoint(ASN1OctetString.getInstance(proof.getObjectAt(1)).getOctets()), ASN1Integer.getInstance(proof.getObjectAt(2)).getValue()); } }
