blob: 15bf4a40f0557b024ef544cde5f81a7c7584baa5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
package org.bouncycastle.crypto.tls;
import java.io.IOException;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
public class DefaultTlsSignerCredentials
extends AbstractTlsSignerCredentials
{
protected TlsContext context;
protected Certificate certificate;
protected AsymmetricKeyParameter privateKey;
protected SignatureAndHashAlgorithm signatureAndHashAlgorithm;
protected TlsSigner signer;
public DefaultTlsSignerCredentials(TlsContext context, Certificate certificate, AsymmetricKeyParameter privateKey)
{
this(context, certificate, privateKey, null);
}
public DefaultTlsSignerCredentials(TlsContext context, Certificate certificate, AsymmetricKeyParameter privateKey,
SignatureAndHashAlgorithm signatureAndHashAlgorithm)
{
if (certificate == null)
{
throw new IllegalArgumentException("'certificate' cannot be null");
}
if (certificate.isEmpty())
{
throw new IllegalArgumentException("'certificate' cannot be empty");
}
if (privateKey == null)
{
throw new IllegalArgumentException("'privateKey' cannot be null");
}
if (!privateKey.isPrivate())
{
throw new IllegalArgumentException("'privateKey' must be private");
}
if (TlsUtils.isTLSv12(context) && signatureAndHashAlgorithm == null)
{
throw new IllegalArgumentException("'signatureAndHashAlgorithm' cannot be null for (D)TLS 1.2+");
}
if (privateKey instanceof RSAKeyParameters)
{
this.signer = new TlsRSASigner();
}
else if (privateKey instanceof DSAPrivateKeyParameters)
{
this.signer = new TlsDSSSigner();
}
else if (privateKey instanceof ECPrivateKeyParameters)
{
this.signer = new TlsECDSASigner();
}
else
{
throw new IllegalArgumentException("'privateKey' type not supported: " + privateKey.getClass().getName());
}
this.signer.init(context);
this.context = context;
this.certificate = certificate;
this.privateKey = privateKey;
this.signatureAndHashAlgorithm = signatureAndHashAlgorithm;
}
public Certificate getCertificate()
{
return certificate;
}
public byte[] generateCertificateSignature(byte[] hash)
throws IOException
{
try
{
if (TlsUtils.isTLSv12(context))
{
return signer.generateRawSignature(signatureAndHashAlgorithm, privateKey, hash);
}
else
{
return signer.generateRawSignature(privateKey, hash);
}
}
catch (CryptoException e)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
}
public SignatureAndHashAlgorithm getSignatureAndHashAlgorithm()
{
return signatureAndHashAlgorithm;
}
}
|