Changeset fea5bd4 for core/java


Ignore:
Timestamp:
Mar 23, 2019 2:26:29 PM (16 months ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
ce043943
Parents:
00d4525
Message:

SelfSignedGenerator?:

  • Fix generation with Ed25519ph keys (ticket #2465)
  • Increase serial number from 63 to 71 bits
File:
1 edited

Legend:

Unmodified
Added
Removed
  • core/java/src/net/i2p/crypto/SelfSignedGenerator.java

    r00d4525 rfea5bd4  
    1515import java.security.cert.X509Certificate;
    1616import java.security.cert.X509CRL;
     17import java.security.spec.InvalidKeySpecException;
    1718import java.security.spec.X509EncodedKeySpec;
    1819import java.text.SimpleDateFormat;
     
    3334
    3435import static net.i2p.crypto.SigUtil.intToASN1;
     36import net.i2p.crypto.eddsa.EdDSAPublicKey;
    3537import net.i2p.data.DataHelper;
    3638import net.i2p.data.Signature;
     
    246248        PublicKey cpub = cert.getPublicKey();
    247249        cert.verify(cpub);
    248         if (!cpub.equals(jpub))
    249             throw new GeneralSecurityException("pubkey mismatch");
     250        if (!cpub.equals(jpub)) {
     251            boolean ok = false;
     252            if (cpub.getClass().getName().equals("sun.security.x509.X509Key")) {
     253                // X509Certificate will sometimes contain an X509Key rather than the EdDSAPublicKey itself; the contained
     254                // key is valid but needs to be instanced as an EdDSAPublicKey before it can be used.
     255                try {
     256                    cpub = new EdDSAPublicKey(new X509EncodedKeySpec(cpub.getEncoded()));
     257                    ok = cpub.equals(jpub);
     258                } catch (InvalidKeySpecException ex) {}
     259            }
     260            if (!ok)
     261                throw new GeneralSecurityException("pubkey mismatch, in: " + jpub.getClass() + " cert: " + cpub.getClass());
     262        }
    250263        // todo crl tests
    251264
     
    363376
    364377        // positive serial number (long)
    365         byte[] serial = new byte[10];
     378        byte[] serial = new byte[11];
    366379        serial[0] = 2;
    367         serial[1] = 8;
    368         RandomSource.getInstance().nextBytes(serial, 2, 8);
     380        serial[1] = 9;
     381        RandomSource.getInstance().nextBytes(serial, 2, 9);
    369382        serial[2] &= 0x7f;
    370383
Note: See TracChangeset for help on using the changeset viewer.