null objects.
23 | */
24 | public class CBORNull extends CBORObject {
25 |
26 | static final byte[] NULL_TAG = {(byte)MT_NULL};
27 |
28 | /**
29 | * Creates a CBOR null.
30 | */
31 | public CBORNull() {}
32 |
33 | @Override
34 | byte[] internalEncode() {
35 | return NULL_TAG;
36 | }
37 |
38 | @Override
39 | void internalToString(CborPrinter cborPrinter) {
40 | cborPrinter.append("null");
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/gradle.properties:
--------------------------------------------------------------------------------
1 | # Project-wide Gradle settings.
2 | # IDE (e.g. Android Studio) users:
3 | # Gradle settings configured through the IDE *will override*
4 | # any settings specified in this file.
5 | # For more details on how to configure your build environment visit
6 | # http://www.gradle.org/docs/current/userguide/build_environment.html
7 | # Specifies the JVM arguments used for the daemon process.
8 | # The setting is particularly useful for tweaking memory settings.
9 | org.gradle.jvmargs=-Xmx2048m -Dfile.encoding=UTF-8
10 | # When configured, Gradle will run in incubating parallel mode.
11 | # This option should only be used with decoupled projects. For more details, visit
12 | # https://developer.android.com/r/tools/gradle-multi-project-decoupled-projects
13 | # org.gradle.parallel=true
14 | # AndroidX package structure to make it clearer which packages are bundled with the
15 | # Android operating system, and which are packaged with your app's APK
16 | # https://developer.android.com/topic/libraries/support-library/androidx-rn
17 | android.useAndroidX=true
18 | # Kotlin code style for this project: "official" or "obsolete":
19 | kotlin.code.style=official
20 | # Enables namespacing of each library's R class so that its R class includes only the
21 | # resources declared in the library itself and none from the library's dependencies,
22 | # thereby reducing the size of the R class for that library
23 | android.nonTransitiveRClass=true
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/cbor/CBORException.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.cbor;
18 |
19 | /**
20 | * Wrapper for making the WebPKI CBOR library only throw unchecked exceptions.
21 | */
22 | public class CBORException extends RuntimeException {
23 |
24 | private static final long serialVersionUID = 1L;
25 |
26 | /**
27 | * Constructor for rethrowing checked exceptions.
28 | *
29 | * @param sourceException
30 | */
31 | public CBORException(Exception sourceException) {
32 | super(sourceException);
33 | }
34 |
35 | /**
36 | * Constructor for original exceptions.
37 | *
38 | * @param message
39 | */
40 | public CBORException(String message) {
41 | super(message);
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/crypto/CryptoException.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.crypto;
18 |
19 | /**
20 | * Wrapper for making the WebPKI crypto library only throw unchecked exceptions.
21 | */
22 | public class CryptoException extends RuntimeException {
23 |
24 | private static final long serialVersionUID = 1L;
25 |
26 | /**
27 | * Constructor for rethrowing checked exceptions.
28 | *
29 | * @param sourceException
30 | */
31 | public CryptoException(Exception sourceException) {
32 | super(sourceException);
33 | }
34 |
35 | /**
36 | * Constructor for original exceptions.
37 | *
38 | * @param message
39 | */
40 | public CryptoException(String message) {
41 | super(message);
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/gradle/libs.versions.toml:
--------------------------------------------------------------------------------
1 | [versions]
2 | agp = "8.13.0"
3 | kotlin = "2.2.20"
4 | coreKtx = "1.17.0"
5 | junit = "4.13.2"
6 | junitVersion = "1.3.0"
7 | espressoCore = "3.7.0"
8 | appcompat = "1.7.1"
9 | material = "1.13.0"
10 | activity = "1.11.0"
11 | constraintlayout = "2.2.1"
12 | webkit = "1.14.0"
13 |
14 | [libraries]
15 | androidx-core-ktx = { group = "androidx.core", name = "core-ktx", version.ref = "coreKtx" }
16 | junit = { group = "junit", name = "junit", version.ref = "junit" }
17 | androidx-junit = { group = "androidx.test.ext", name = "junit", version.ref = "junitVersion" }
18 | androidx-espresso-core = { group = "androidx.test.espresso", name = "espresso-core", version.ref = "espressoCore" }
19 | androidx-appcompat = { group = "androidx.appcompat", name = "appcompat", version.ref = "appcompat" }
20 | material = { group = "com.google.android.material", name = "material", version.ref = "material" }
21 | androidx-activity = { group = "androidx.activity", name = "activity", version.ref = "activity" }
22 | androidx-constraintlayout = { group = "androidx.constraintlayout", name = "constraintlayout", version.ref = "constraintlayout" }
23 | androidx-webkit = { group = "androidx.webkit", name = "webkit", version.ref = "webkit" }
24 |
25 | [plugins]
26 | android-application = { id = "com.android.application", version.ref = "agp" }
27 | kotlin-android = { id = "org.jetbrains.kotlin.android", version.ref = "kotlin" }
28 | android-library = { id = "com.android.library", version.ref = "agp" }
29 |
30 |
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/crypto/KeyTypes.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.crypto;
18 |
19 | /**
20 | * Basic key types.
21 | */
22 | public enum KeyTypes {
23 | RSA ("RSA"),
24 | EC ("EC"),
25 | EDDSA ("OKP"),
26 | XEC ("OKP"),
27 | SYM ("Sym");
28 |
29 | String joseKty;
30 |
31 | KeyTypes(String joseKty) {
32 | this.joseKty = joseKty;
33 | }
34 |
35 | public static KeyTypes getKeyTypeFromKty(String joseKty) {
36 | for (KeyTypes keyType : KeyTypes.values()) {
37 | if (keyType.joseKty.equals(joseKty)) {
38 | return keyType;
39 | }
40 | }
41 | throw new IllegalArgumentException("Unknown kty: " + joseKty);
42 | }
43 |
44 | public String getJoseKty() {
45 | return joseKty;
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/cbor/CBORBoolean.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.cbor;
18 |
19 | import static org.webpki.cbor.CBORInternal.*;
20 |
21 | /**
22 | * Class for holding CBOR bool objects.
23 | */
24 | public class CBORBoolean extends CBORObject {
25 |
26 | static final byte[] TRUE = {(byte)MT_TRUE};
27 | static final byte[] FALSE = {(byte)MT_FALSE};
28 |
29 | boolean value;
30 |
31 | /**
32 | * Creates a CBOR bool/code>.
33 | *
34 | * @param value true or false
35 | */
36 | public CBORBoolean(boolean value) {
37 | this.value = value;
38 | }
39 |
40 | @Override
41 | byte[] internalEncode() {
42 | return value ? TRUE : FALSE;
43 | }
44 |
45 | @Override
46 | void internalToString(CborPrinter cborPrinter) {
47 | cborPrinter.append(String.valueOf(value));
48 | }
49 | }
50 |
--------------------------------------------------------------------------------
/app/build.gradle.kts:
--------------------------------------------------------------------------------
1 | plugins {
2 | alias(libs.plugins.android.application)
3 | alias(libs.plugins.kotlin.android)
4 | }
5 |
6 | android {
7 | namespace = "org.webpki.androidcbordemo"
8 | compileSdk = 36
9 |
10 | defaultConfig {
11 | applicationId = "org.webpki.androidcbordemo"
12 | minSdk = 29
13 | targetSdk = 36
14 | versionCode = 1
15 | versionName = "1.0.1"
16 |
17 | testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"
18 | }
19 |
20 | buildTypes {
21 | release {
22 | isMinifyEnabled = false
23 | proguardFiles(
24 | getDefaultProguardFile("proguard-android-optimize.txt"),
25 | "proguard-rules.pro"
26 | )
27 | signingConfig = signingConfigs.getByName("debug")
28 | }
29 | }
30 | compileOptions {
31 | sourceCompatibility = JavaVersion.VERSION_21
32 | targetCompatibility = JavaVersion.VERSION_21
33 | }
34 | }
35 |
36 | dependencies {
37 |
38 | implementation(libs.androidx.core.ktx)
39 | implementation(libs.androidx.appcompat)
40 | implementation(libs.material)
41 | implementation(libs.androidx.activity)
42 | implementation(libs.androidx.constraintlayout)
43 | implementation(project(":jlibcbor"))
44 | implementation(libs.androidx.webkit)
45 | // implementation(files("libs/org.webpki-jlibcbor-1.1.3.aar"))
46 | testImplementation(libs.junit)
47 | androidTestImplementation(libs.androidx.junit)
48 | androidTestImplementation(libs.androidx.espresso.core)
49 | }
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/crypto/CryptoAlgorithms.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.crypto;
18 |
19 | /**
20 | * Crypto algorithm base interface.
21 | */
22 | public interface CryptoAlgorithms {
23 |
24 | boolean isMandatorySksAlgorithm();
25 |
26 | String getAlgorithmId(AlgorithmPreferences algorithmPreferences)
27 | throws IllegalArgumentException;
28 |
29 | default String getJoseAlgorithmId() {
30 | return getAlgorithmId(AlgorithmPreferences.JOSE);
31 | }
32 |
33 |
34 | default int getCoseAlgorithmId() {
35 | throw new IllegalArgumentException("COSE algorithm not defined for " + getJceName());
36 | }
37 |
38 | String getOid();
39 |
40 | String getJceName();
41 |
42 | KeyTypes getKeyType();
43 |
44 | default boolean isSymmetric() {
45 | return getKeyType() == KeyTypes.SYM;
46 | }
47 |
48 | boolean isDeprecated();
49 |
50 | }
51 |
--------------------------------------------------------------------------------
/app/src/main/res/drawable/drawing.xml:
--------------------------------------------------------------------------------
1 |
6 |
19 |
--------------------------------------------------------------------------------
/distribution/apidoc/legal/ASSEMBLY_EXCEPTION:
--------------------------------------------------------------------------------
1 |
2 | OPENJDK ASSEMBLY EXCEPTION
3 |
4 | The OpenJDK source code made available by Oracle America, Inc. (Oracle) at
5 | openjdk.org ("OpenJDK Code") is distributed under the terms of the GNU
6 | General Public License version 2
7 | only ("GPL2"), with the following clarification and special exception.
8 |
9 | Linking this OpenJDK Code statically or dynamically with other code
10 | is making a combined work based on this library. Thus, the terms
11 | and conditions of GPL2 cover the whole combination.
12 |
13 | As a special exception, Oracle gives you permission to link this
14 | OpenJDK Code with certain code licensed by Oracle as indicated at
15 | https://openjdk.org/legal/exception-modules-2007-05-08.html
16 | ("Designated Exception Modules") to produce an executable,
17 | regardless of the license terms of the Designated Exception Modules,
18 | and to copy and distribute the resulting executable under GPL2,
19 | provided that the Designated Exception Modules continue to be
20 | governed by the licenses under which they were offered by Oracle.
21 |
22 | As such, it allows licensees and sublicensees of Oracle's GPL2 OpenJDK Code
23 | to build an executable that includes those portions of necessary code that
24 | Oracle could not provide under GPL2 (or that Oracle has provided under GPL2
25 | with the Classpath exception). If you modify or add to the OpenJDK code,
26 | that new GPL2 code may still be combined with Designated Exception Modules
27 | if the new code is made subject to this exception by its copyright holder.
28 |
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/cbor/CBORSymKeyEncrypter.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.cbor;
18 |
19 | import org.webpki.crypto.ContentEncryptionAlgorithms;
20 |
21 | /**
22 | * Class for symmetric key encryption.
23 | */
24 | public class CBORSymKeyEncrypter extends CBOREncrypter {
25 |
26 | private byte[] contentEncryptionKey;
27 |
28 | /**
29 | * Creates an encrypter object with a secret key.
30 | *
31 | * @param secretKey Encryption key
32 | * @param algorithm Encryption algorithm
33 | */
34 | public CBORSymKeyEncrypter(byte[] secretKey, ContentEncryptionAlgorithms algorithm) {
35 | super(algorithm);
36 | contentEncryptionKey = secretKey;
37 | }
38 |
39 | @Override
40 | byte[] getContentEncryptionKey(CBORMap encryptionObject) {
41 | return contentEncryptionKey;
42 | }
43 |
44 | @Override
45 | CBORSymKeyEncrypter getThis() {
46 | return this;
47 | }
48 | }
49 |
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/cbor/CBORBytes.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.cbor;
18 |
19 | import org.webpki.util.HexaDecimal;
20 |
21 | import static org.webpki.cbor.CBORInternal.*;
22 |
23 | /**
24 | * Class for holding CBOR bstr objects.
25 | */
26 | public class CBORBytes extends CBORObject {
27 |
28 | byte[] byteString;
29 |
30 | /**
31 | * Creates a CBOR bstr object.
32 | *
33 | * @param byteString The bytes constituting the string
34 | */
35 | public CBORBytes(byte[] byteString) {
36 | this.byteString = byteString;
37 | nullCheck(byteString);
38 | }
39 |
40 | @Override
41 | byte[] internalEncode() {
42 | return CBORUtil.concatByteArrays(encodeTagAndN(MT_BYTES, byteString.length), byteString);
43 | }
44 |
45 | @Override
46 | void internalToString(CborPrinter cborPrinter) {
47 | cborPrinter.append("h'").append(HexaDecimal.encode(byteString)).append('\'');
48 | }
49 | }
50 |
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/crypto/CryptoRandom.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.crypto;
18 |
19 | import java.security.SecureRandom;
20 |
21 | import org.webpki.util.Base64URL;
22 |
23 | /**
24 | * Support class to {@link SecureRandom}.
25 | *
26 | */
27 | public class CryptoRandom {
28 |
29 | private CryptoRandom() { }
30 |
31 | /**
32 | * Generates byte array with random data.
33 | *
34 | * @param length Number of bytes
35 | * @return byteArray
36 | */
37 | public static byte[] generateRandom(int length) {
38 | byte[] random = new byte[length];
39 | new SecureRandom().nextBytes(random);
40 | return random;
41 | }
42 |
43 | /**
44 | * Generates a URL friendly encoded nonce.
45 | *
46 | * Note: although the characters are derived from Bas64URL,
47 | * the string is NOT intended to be decoded!
48 | *
49 | * @param length Number of characters
50 | * @return Encoded nonce
51 | */
52 | public static String generateURLFriendlyRandom(int length) {
53 | return Base64URL.encode(generateRandom(length)).substring(0, length);
54 | }
55 | }
56 |
--------------------------------------------------------------------------------
/distribution/apidoc/copy.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
27 |
28 |
34 |
--------------------------------------------------------------------------------
/distribution/apidoc/link.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
27 |
28 |
32 |
--------------------------------------------------------------------------------
/distribution/apidoc/resources/fonts/dejavu.css:
--------------------------------------------------------------------------------
1 | @font-face {
2 | font-family: 'DejaVu Sans Mono';
3 | src: url('DejaVuLGCSansMono.woff2') format('woff2');
4 | font-weight: normal;
5 | font-style: normal;
6 | }
7 | @font-face {
8 | font-family: 'DejaVu Sans Mono';
9 | src: url('DejaVuLGCSansMono-Oblique.woff2') format('woff2');
10 | font-weight: normal;
11 | font-style: italic;
12 | }
13 | @font-face {
14 | font-family: 'DejaVu Sans Mono';
15 | src: url('DejaVuLGCSansMono-Bold.woff2') format('woff2');
16 | font-weight: bold;
17 | font-style: normal;
18 | }
19 | @font-face {
20 | font-family: 'DejaVu Sans Mono';
21 | src: url('DejaVuLGCSansMono-BoldOblique.woff2') format('woff2');
22 | font-weight: bold;
23 | font-style: italic;
24 | }
25 |
26 | @font-face {
27 | font-family: 'DejaVu Sans';
28 | src: url('DejaVuLGCSans.woff2') format('woff2');
29 | font-weight: normal;
30 | font-style: normal;
31 | }
32 | @font-face {
33 | font-family: 'DejaVu Sans';
34 | src: url('DejaVuLGCSans-Oblique.woff2') format('woff2');
35 | font-weight: normal;
36 | font-style: italic;
37 | }
38 | @font-face {
39 | font-family: 'DejaVu Sans';
40 | src: url('DejaVuLGCSans-Bold.woff2') format('woff2');
41 | font-weight: bold;
42 | font-style: normal;
43 | }
44 | @font-face {
45 | font-family: 'DejaVu Sans';
46 | src: url('DejaVuLGCSans-BoldOblique.woff2') format('woff2');
47 | font-weight: bold;
48 | font-style: italic;
49 | }
50 |
51 | @font-face {
52 | font-family: 'DejaVu Serif';
53 | src: url('DejaVuLGCSerif.woff2') format('woff2');
54 | font-weight: normal;
55 | font-style: normal;
56 | }
57 | @font-face {
58 | font-family: 'DejaVu Serif';
59 | src: url('DejaVuLGCSerif-Italic.woff2') format('woff2');
60 | font-weight: normal;
61 | font-style: italic;
62 | }
63 | @font-face {
64 | font-family: 'DejaVu Serif';
65 | src: url('DejaVuLGCSerif-Bold.woff2') format('woff2');
66 | font-weight: bold;
67 | font-style: normal;
68 | }
69 | @font-face {
70 | font-family: 'DejaVu Serif';
71 | src: url('DejaVuLGCSerif-BoldItalic.woff2') format('woff2');
72 | font-weight: bold;
73 | font-style: italic;
74 | }
75 |
--------------------------------------------------------------------------------
/RELEASE-NOTES.txt:
--------------------------------------------------------------------------------
1 | Android CBOR - Relese Notes
2 |
3 | 1.0.1:
4 | - X25519 now works on Android 13. Static ECDH may use AndroidKeystore.
5 | See distribution/apidoc/org/webpki/crypto/EncryptionCore.html for details.
6 |
7 | - Bug fix: RSA-OAEP generated incorrect code for the default (OpenSSL) provider.
8 |
9 | - InstrumentedTest updated with tests to verify the state of the Android platform.
10 |
11 | - Major refactoring: the API now uses "unchecked" exceptions which reduce
12 | code clutter. This is the method used by the spring framework.
13 |
14 | 1.0.2:
15 | - Updated JavaDoc
16 |
17 | - Removed int53 support
18 |
19 | - Added to CBORObject:
20 | clone()
21 | getUnsignedInt()
22 | getShort()
23 | getUnsignedShort()
24 | getByte()
25 | getUnsignedByte()
26 |
27 | 1.0.3
28 | - Updated JavaDoc
29 |
30 | - Changed get[integer] methods to follow Java rules + making unsigned return unsigned
31 |
32 | - hashCode() added making CBORObject useful as "key"
33 |
34 | 1.0.4
35 | - Name refactoring of basic CBOR types
36 |
37 | 1.0.5
38 | - Added toDiagnosticNotation(prettyPrint) option
39 |
40 | - Minor restructuring to get a better JavaDoc
41 |
42 | 1.0.6
43 | - Refactoring CBORBoolean
44 | - Refactoring CBORTag
45 | - Removing constrained key option
46 |
47 | 1.0.7
48 | - Diagnostic notation: '#' is now the only way to specify a single line comment
49 |
50 | 1.0.8
51 | - Improved map through binary search and insertion
52 | - Added CBORMap.setSortingMode() method
53 |
54 | 1.0.9
55 | - Refactored for 2023.1 version of Android Studio
56 |
57 | 1.1.0
58 | - Refactored integer and float access methods
59 | - Added CBORDecoder class
60 | - Added support for java.lang.Comparable
61 | - Improved documentation
62 |
63 | 1.1.1
64 | - Refactored the CBORDecoder option scheme
65 |
66 | 1.1.2
67 | - Removed CBORTypes
68 | - CBORDecoder.setNaNSupport() => setFloatSupport()
69 | - CBORTag.getTaggedObject() => get()
70 | - update() method to CBORMap, CBORArray, and CBORTag
71 | - Added CBORMap.merge()
72 | - Document update CBOR Signatures and Encryption
73 |
74 | 1.1.3
75 | - simple(99) replaced signature label
76 | - Multiple signature support
77 | - CBORArray.encodeAsSequence()
78 |
--------------------------------------------------------------------------------
/distribution/apidoc/legal/ADDITIONAL_LICENSE_INFO:
--------------------------------------------------------------------------------
1 | ADDITIONAL INFORMATION ABOUT LICENSING
2 |
3 | Certain files distributed by Oracle America, Inc. and/or its affiliates are
4 | subject to the following clarification and special exception to the GPLv2,
5 | based on the GNU Project exception for its Classpath libraries, known as the
6 | GNU Classpath Exception.
7 |
8 | Note that Oracle includes multiple, independent programs in this software
9 | package. Some of those programs are provided under licenses deemed
10 | incompatible with the GPLv2 by the Free Software Foundation and others.
11 | For example, the package includes programs licensed under the Apache
12 | License, Version 2.0 and may include FreeType. Such programs are licensed
13 | to you under their original licenses.
14 |
15 | Oracle facilitates your further distribution of this package by adding the
16 | Classpath Exception to the necessary parts of its GPLv2 code, which permits
17 | you to use that code in combination with other independent modules not
18 | licensed under the GPLv2. However, note that this would not permit you to
19 | commingle code under an incompatible license with Oracle's GPLv2 licensed
20 | code by, for example, cutting and pasting such code into a file also
21 | containing Oracle's GPLv2 licensed code and then distributing the result.
22 |
23 | Additionally, if you were to remove the Classpath Exception from any of the
24 | files to which it applies and distribute the result, you would likely be
25 | required to license some or all of the other code in that distribution under
26 | the GPLv2 as well, and since the GPLv2 is incompatible with the license terms
27 | of some items included in the distribution by Oracle, removing the Classpath
28 | Exception could therefore effectively compromise your ability to further
29 | distribute the package.
30 |
31 | Failing to distribute notices associated with some files may also create
32 | unexpected legal consequences.
33 |
34 | Proceed with caution and we recommend that you obtain the advice of a lawyer
35 | skilled in open source matters before removing the Classpath Exception or
36 | making modifications to this package which may subsequently be redistributed
37 | and/or involve the use of third party software.
38 |
--------------------------------------------------------------------------------
/app/src/main/res/raw/rsaprivatekey_cbor_txt:
--------------------------------------------------------------------------------
1 | {
2 | 1: 3,
3 | -1: h'a6d299c853d2b6f98e95bd168a13818651d4afac050c70beb56ee1240b9d7d3439987650a41f0fa0ccf4eee75903e746f1d85420f9265e5a754e04447984c7761c61b9fd32fc685ba59bf924f607c77c1ab4ef8758edaa6248d130472b5a13cc75a5644bf5defe589a31ca30e2362859a166f15a1b798b32543d9b5967729788e84c41139b5678ed19e77d1d79915855b9d56b0f310598ce275d5ffa766220d7ce11244e21b6dc0117147ca990900b04e2266b28c89c5f511d06b3878f29ce6c0743539261597399254128ad77aed1267da57616ea13b1290e5e17948b7e5322c99b582e08196d89af008247bb757ba1a41ee143a2c9c18e048f3b61909f083f',
4 | -2: h'010001',
5 | -3: h'293e8a4cd00499be6b7533f1bda382f37d89d300f9a290c165c40b1fc94b5fa828d13bf7460c73e5b2a69fe64cc8bd467a069d0e25eb498a9dd3f31426e32019607cfce9cfd03dd0e2ca04381227ec370fb74a3d314c5942c1740eb699ce4474d96551bdc20526e72b00425801a5982648d455b98c6f696dc10c163b6d6b14719ba44ef79ec7ebfe8016b1912f2ac419a189b87e1e63548e7ec0ac919ca68dd6ea8070d823ef971dcb0087055c2011e7c480e3ccefb083307d3e26e9928ab42205f477e7e1d64701f0a66d3dc08e80aadbe0cb96f3c6f2c30d182b857e0b08fb541c6ad45cd24744a6221d05fa3fa6c856e06b1d5e95169c92fb9c1ebb4c3a91',
6 | -4: h'd0a3841e2ed3bb4b7287f142f7957e25847d4aeff43df6e0479af2d77620e41e32db05b87425fac7807b672bd6ef2761af55cc2123d7d388ed69d68e513398db895512092f75b0b7133c5bfc5fcdec1310599ebbe54a56ffbdafb8c96f8bcefafa6620e5658b1544dbcd007513a231d108e1f63f8797d7eaa5e4fe0531d7ef49',
7 | -5: h'ccb10e0b069c630fd29d0f3273c3d6b4c5b2f8ed074279906a354cba32fc0b134f8ab05fa9aefa2280d642693709d857e83f1a44dffa3403f6f2093b8391f75daddfe17003b481dd51f426090d725f9c86d97e17949875bb4a16d7caa869a902958f31fe8e72ea5636c60fab73ddd37e03036050b0ffbefc173364d6a6ef5347',
8 | -6: h'690f3dd3190f634bcda368b8a9056d1d2547163a184a2f8ba662ff0fc21b33e38506472e27c68c2e73a33043a21a91411e525cd4ff4089f374618c39e3e7d07c13fe73738ea37bd5e468cb851d150b605a2656c914dfc74946523b01ac1ac1a21dfed967ca272c119d80f04f0410f376e83b288dbb109a183d6b3f028ca3c889',
9 | -7: h'3c878f138b9ceb5e5e75bb6cbbf709a2e3638d60ea68a9f21eb62c3e539d5cd915087a278fd2027df9836298228272cb6c0e5d02490980203c024ee09e83a796b838203e339a495cdd43498c1bc1daac3ae44df94323e28cc3d8057014654a694d38cf1beb9be7d81ed26b07d477a076ff051c92400520c1034b5b626e730f39',
10 | -8: h'3dff42ad58a14c845defd352f9e005c5e5bd7946ba0185901fcc8d54d303cee09e93cfed4aaa6b6bc074c13c8dfa9f321322194c85ca13b0c44c827bf4347cf195c410980cb77e814114ec875ea97784fb566c45620798d0b3870fe6db35a22bd586b12daeb139d531b857f11f7c3d492a21e5ecc102604332073df53ec442bb'
11 | }
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/cbor/CBORSimple.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.cbor;
18 |
19 | import static org.webpki.cbor.CBORInternal.*;
20 |
21 | /**
22 | * Class for holding CBOR #7.n (simple) objects.
23 | *
24 | * A primary use case for simple types in the range of 0-19 and 32-255,
25 | * is serving as a limited set of unique and reserved labels (keys) in CBOR maps.
26 | * The simple(99) label featured in
27 | * Embedded Signatures
28 | * shows a representative example.
29 | *
30 | */
31 | public class CBORSimple extends CBORObject {
32 |
33 | int value;
34 |
35 | /**
36 | * Creates a CBOR #7.n (simple) object.
37 | *
38 | * Simple values are limited to:
39 | * 0-23 and 32-255.
40 | *
41 | * @param value Value/type of simple
42 | * @throws CBORException
43 | * @see CBORObject#getSimple()
44 | */
45 | public CBORSimple(int value) {
46 | this.value = value;
47 | if (value < 0 || value > 255 || (value > 23 && value < 32)) {
48 | cborError(STDERR_SIMPLE_VALUE_OUT_OF_RANGE + value);
49 | }
50 | }
51 |
52 | @Override
53 | byte[] internalEncode() {
54 | return encodeTagAndN(MT_SIMPLE, value);
55 | }
56 |
57 | @Override
58 | void internalToString(CborPrinter cborPrinter) {
59 | cborPrinter.append("simple(")
60 | .append(String.valueOf(value))
61 | .append(')');
62 | }
63 |
64 | static final String STDERR_SIMPLE_VALUE_OUT_OF_RANGE =
65 | "Simple value out of range: " ;
66 |
67 | }
68 |
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/cbor/CBORHmacSigner.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.cbor;
18 |
19 | import org.webpki.crypto.HmacAlgorithms;
20 | import org.webpki.crypto.HmacSignerInterface;
21 | import org.webpki.crypto.SignatureAlgorithms;
22 |
23 | /**
24 | * Class for creating CBOR HMAC signatures.
25 | *
26 | * Also see {@link CBORSigner}.
27 | *
28 | */
29 | public class CBORHmacSigner extends CBORSigner {
30 |
31 | HmacSignerInterface signer;
32 |
33 | /**
34 | * Creates a signer object with a secret key.
35 | *
36 | * @param secretKey Signature key
37 | * @param algorithm HMAC algorithm
38 | */
39 | public CBORHmacSigner(byte[] secretKey, HmacAlgorithms algorithm) {
40 |
41 | this.signer = new HmacSignerInterface() {
42 |
43 | @Override
44 | public byte[] signData(byte[] data) {
45 | return algorithm.digest(secretKey, data);
46 | }
47 |
48 | @Override
49 | public HmacAlgorithms getAlgorithm() {
50 | return algorithm;
51 | }
52 |
53 | };
54 | }
55 |
56 | /**
57 | * Creates a signer object with an external interface.
58 | *
59 | * @param signer The external signer
60 | */
61 | public CBORHmacSigner(HmacSignerInterface signer) {
62 | this.signer = signer;
63 | }
64 |
65 | @Override
66 | byte[] coreSigner(byte[] dataToBeSigned) {
67 | return signer.signData(dataToBeSigned);
68 | }
69 |
70 | @Override
71 | void additionalItems(CBORMap signatureObject) {
72 | // No additional items needed.
73 | }
74 |
75 | @Override
76 | SignatureAlgorithms getAlgorithm() {
77 | return signer.getAlgorithm();
78 | }
79 |
80 | @Override
81 | CBORHmacSigner getThis() {
82 | return this;
83 | }
84 | }
85 |
--------------------------------------------------------------------------------
/app/src/main/java/org/webpki/androidcbordemo/RawReader.java:
--------------------------------------------------------------------------------
1 | package org.webpki.androidcbordemo;
2 |
3 | import android.content.Context;
4 |
5 | import org.webpki.cbor.CBORCryptoUtils;
6 | import org.webpki.cbor.CBORDecoder;
7 | import org.webpki.cbor.CBORDiagnosticNotation;
8 | import org.webpki.cbor.CBORKeyPair;
9 | import org.webpki.cbor.CBORObject;
10 |
11 | import org.webpki.util.HexaDecimal;
12 | import org.webpki.util.IO;
13 | import org.webpki.util.UTF8;
14 |
15 | import java.security.KeyPair;
16 |
17 | import java.security.cert.X509Certificate;
18 |
19 | public class RawReader {
20 |
21 | static Context appContext;
22 |
23 | public static byte[] dataToBeEncrypted;
24 |
25 | public static String rsaKeyId;
26 | public static String ecKeyId;
27 |
28 | public static KeyPair rsaKeyPair;
29 | public static KeyPair ecKeyPair;
30 |
31 | public static X509Certificate[] ecCertPath;
32 | public static X509Certificate[] ed25519CertPath;
33 |
34 | public static byte[] secretKey;
35 | public static String secretKeyId;
36 |
37 | static byte[] getRawResource(int resource) {
38 | return IO.getByteArrayFromInputStream(appContext.getResources()
39 | .openRawResource(resource));
40 | }
41 |
42 | static String getStringResource(int resource) {
43 | return UTF8.decode(getRawResource(resource));
44 | }
45 |
46 | static CBORObject getCBORResource(int resource) {
47 | return CBORDiagnosticNotation.convert(getStringResource(resource));
48 | }
49 |
50 | static String getCBORText(int resource) {
51 | return CBORDecoder.decode(getRawResource(resource)).toString();
52 | }
53 |
54 | static KeyPair getKeyPair(int resource) {
55 | return CBORKeyPair.convert(getCBORResource(resource));
56 | }
57 |
58 | RawReader(Context appContext) {
59 | this.appContext = appContext;
60 | ecKeyId = "example.com:p256";
61 | ecKeyPair = getKeyPair(R.raw.ecprivatekey_cbor_txt);
62 | rsaKeyId = "example.com:r2048";
63 | rsaKeyPair = getKeyPair(R.raw.rsaprivatekey_cbor_txt);
64 | dataToBeEncrypted = getRawResource(R.raw.data2beencrypted_txt);
65 | ecCertPath = CBORCryptoUtils.decodeCertificateArray(
66 | getCBORResource(R.raw.ec_certpath_cbor_txt).getArray());
67 | ed25519CertPath = CBORCryptoUtils.decodeCertificateArray(
68 | getCBORResource(R.raw.ed25519_certpath_cbor_txt).getArray());
69 | secretKey = HexaDecimal.decode(getStringResource(R.raw.secretkey_hex));
70 | secretKeyId = getStringResource(R.raw.secret_key_id_txt);
71 | }
72 | }
73 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | ## CBOR for Android
2 | This repository contains a CBOR AAR library and an Android application.
3 | The latter is only intended for testing and demonstrating the cryptographic functions of the CBOR library.
4 |
5 | Note that this document as well as the on-line API reference, mirror the "trunk".
6 | Releases come with release specific information which may differ considerably between versions.
7 |
8 | ### Core Features
9 | - [Deterministic encoding](https://cyberphone.github.io/android-cbor/distribution/apidoc/org/webpki/cbor/package-summary.html#deterministic-encoding) support
10 | - [Diagnostic notation](https://cyberphone.github.io/android-cbor/distribution/apidoc/org/webpki/cbor/package-summary.html#diagnostic-notation) support including decoder
11 | - [Enveloped signature](https://cyberphone.github.io/android-cbor/distribution/apidoc/org/webpki/cbor/doc-files/signatures.html) support
12 | - [Encryption](https://cyberphone.github.io/android-cbor/distribution/apidoc/org/webpki/cbor/doc-files/encryption.html) support
13 | - [checkForUnread()](https://cyberphone.github.io/android-cbor/distribution/apidoc/org/webpki/cbor/CBORObject.html#checkForUnread()) for catching possible misunderstandings regarding protocol contracts
14 | - [URL-based object Id tag](https://cyberphone.github.io/android-cbor/distribution/apidoc/org/webpki/cbor/doc-files/typed-objects.html)
15 |
16 | The CBOR library API is described in:
17 | https://cyberphone.github.io/android-cbor/distribution/apidoc/org/webpki/cbor/package-summary.html.
18 | Note that Ed25519 only works on Android 13+ and that Ed25519 signatures
19 | cannot be validated, only generated. This is due to limitations in Android
20 | and will presumably be fixed in Android 15.
21 |
22 | The rest of the library has been verified to work from Android 7 (API 24) and up.
23 |
24 | ### Usage in Applications
25 | To use the precompiled module, copy the AAR file located in
26 | https://github.com/cyberphone/android-cbor/tree/main/distribution
27 | to a ```libs``` folder in the application and then add the line
28 | ```code
29 | implementation files('libs/org.webpki-jlibcbor-1.1.3.aar')
30 | ```
31 | to the ```dependencies``` section of the Gradle file.
32 |
33 | ### Source Code
34 | The library source code is available in:
35 | https://github.com/cyberphone/android-cbor/tree/main/jlibcbor.
36 |
37 | ### CBOR Playground
38 | A feature-wise identical implementation can be tested on-line at:
39 | https://test.webpki.org/csf-lab/home.
40 |
41 | ### Updates
42 | See https://github.com/cyberphone/android-cbor/tree/main/RELEASE-NOTES.txt.
43 |
44 | Version 1.1.3, 2025-06-25
45 |
--------------------------------------------------------------------------------
/app/src/main/res/raw/ed25519_certpath_cbor_txt:
--------------------------------------------------------------------------------
1 | [
2 | h'308201b630820118a00302010202060174393d3d0b300a06082a8648ce3d0403043016311430120603550403130b5465737420537562204341301e170d3138303130313030303030305a170d3330313233313233353935395a303a313830360603550403132f54657374206365727469666963617465206d61746368696e672065643235353139707269766174656b65792e70656d302a300506032b6570032100fe49acf5b92b6e923594f2e83368f680ac924be93cf533aecaf802e37757f8c9a35d305b30090603551d1304023000300e0603551d0f0101ff0404030203f8301d0603551d0e04160414121776cc72b564077b072faf8d550ba8c6146f0a301f0603551d23041830168014a31165cf5dc050a74be519e1767b549ab74f978a300a06082a8648ce3d04030403818b003081870242010b3ee92a02db5a6acf936f6a59ce0c62f5fac01e7b006151e581403ca676b6dfa602c845281bbebe5ffc5e2c850d5e8492ef5ad67921077627e7e35b80f189a85c02410d939657ff5046781c3ddc4802cf0cb6ec1b7ab0c4467e7148f2c19e7646054bf4fa75ab0aabb9cdb0fdeb3766b75793b0211ed3df936bd7a9626707af8f8a3211',
3 | h'308203833082016ba003020102020103300d06092a864886f70d01010d05003017311530130603550403130c5465737420526f6f74204341301e170d3136303731303130303030305a170d3339303731303039353935395a3016311430120603550403130b546573742053756220434130819b301006072a8648ce3d020106052b81040023038186000400f73858eed1563379f0d0b31dfcf9c83aeb97fba55a1c9875880fcfed776d1dea882d1382eb9744ded87bd717c433f07d93623ee8b98c4cef8e490415e15161cff600c825ed63a8f495908dfd11417331aa59f08d46b95282acb7d35938f9feb5372aea4d6791ddcb64a44b7cb66ae6a1969b999058b7fbdd61c57b510b112e683b565ca3633061300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a31165cf5dc050a74be519e1767b549ab74f978a301f0603551d23041830168014408e74a3b2c933395ef0306eee53a86d417521ca300d06092a864886f70d01010d050003820201001d9af4cf0b91a4d08798995bcfafa6415d8aee6c15c39458ac6d159ec5226b8530f9096d48470406239d25e22dbd12caa5b08784253b6a92a46ab1123a6e1ad6a6fa668ab2f2b130bc326cf82fd7cf9bb1b98ced98c11bb310628c793fb8c56190785382373e7d2440ae8176bd7c51af043fc6244cac894ba1a6a2197a893b5db2039d2791078f30b41a1cf0891de95ca0d7e382ced1a2ba9444565f7b8e02a65acc1f8af2a8459e1d4c03afe9faad7355c108b8f71f2a68bef3004e8ea1e16a8f1386607c69fa689567c5ac4c76ddee726d47b814f006321ff99513f4a40ef21dd7ad864dc9e4a292726062a050e6d1df0dc65a238cc5ca1c87b487025007a6098c43e5170d7e5346b897821b1c4148cb0b939913f4fa009e8b39e71e483de89bc9443890b7cb23d8339a0a2efce0795b550410cd305df152680894601bd082857a9c667e53fb04e11af8ae3334441e9b5e48213603267eeff96868ab1657fae24eabfb1a019552791ef29d17363b733330fe88954dbcb28d869b78c3ce23075d531aa9efb89de2ef77be860f7ac992130213205125e99ff719b423e5de81eeec28e9bbbf2fcae03441ab5808404f3009547d0b3e7b103c9e4578d2088205cde6b8ea6c4e3256d7ebd0af1a451a45ef2b8b3dc2ecea56badb5d118d60d0a23ba66b103249dff32cdb86c4e0927fb8f9e1cbb2eab66b941217b7cf76754b1ec8'
4 | ]
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/util/IO.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.util;
18 |
19 | import java.io.IOException;
20 | import java.io.InputStream;
21 | import java.io.UncheckedIOException;
22 | import java.io.FileInputStream;
23 | import java.io.FileOutputStream;
24 | import java.io.ByteArrayOutputStream;
25 |
26 | /**
27 | * Collection of file I/O functions.
28 | *
29 | * Unlike java.io and java.nio classes, the methods declared here,
30 | * throw {@link UncheckedIOException}.
31 | * The intended use cases include client applications and test programs.
32 | * Server applications should probably stick to the standard java API.
33 | *
34 | */
35 | public class IO {
36 |
37 | private IO() {
38 | } // No instantiation please
39 |
40 | public static byte[] readFile(String fileName) {
41 | try {
42 | return getByteArrayFromInputStream(new FileInputStream(fileName));
43 | } catch (IOException e) {
44 | throw new UncheckedIOException(e);
45 | }
46 | }
47 |
48 | public static void writeFile(String fileName, byte[] bytes) {
49 | try (FileOutputStream fos = new FileOutputStream(fileName)) {
50 | fos.write(bytes);
51 | } catch (IOException e) {
52 | throw new UncheckedIOException(e);
53 | }
54 | }
55 |
56 | public static void writeFile(String fileName, String text) {
57 | writeFile(fileName, UTF8.encode(text));
58 | }
59 |
60 | public static byte[] getByteArrayFromInputStream(InputStream inputStream) {
61 | ByteArrayOutputStream baos = new ByteArrayOutputStream(10000);
62 | byte[] buffer = new byte[10000];
63 | int bytes;
64 | try {
65 | while ((bytes = inputStream.read(buffer)) != -1) {
66 | baos.write(buffer, 0, bytes);
67 | }
68 | inputStream.close();
69 | } catch (IOException e) {
70 | throw new UncheckedIOException(e);
71 | }
72 | return baos.toByteArray();
73 | }
74 | }
75 |
--------------------------------------------------------------------------------
/app/src/main/res/raw/ec_certpath_cbor_txt:
--------------------------------------------------------------------------------
1 | [
2 | h'308201e330820144a003020102020601742f4a996e300a06082a8648ce3d0403043016311430120603550403130b5465737420537562204341301e170d3138303130313030303030305a170d3330313233313233353935395a3037313530330603550403132c54657374206365727469666963617465206d61746368696e672070323536707269766174656b65792e70656d3059301306072a8648ce3d020106082a8648ce3d03010703420004e812b1a6dcbc708f9ec43cc2921fa0a14e9d5eadcc6dc63471dd4b680c6236b59826dcbd4ce6e388f72edd9be413f2425a10f75b5fd83d95fa0cde53159a51d8a35d305b30090603551d1304023000300e0603551d0f0101ff0404030203f8301d0603551d0e0416041403b33793e2af59b5fa768086b448aeca69899ac0301f0603551d23041830168014a31165cf5dc050a74be519e1767b549ab74f978a300a06082a8648ce3d04030403818c0030818802420190e73da689b4886e032b86f1aba6031c838ecd77f3ae05c04250b5dddd72feb81dafcbb977358fc3318ee18952519c61ec6e0e59d9f9b5d2e5b6e77af598d75bfa024201795777ded6c9a363cba3dd77accf70ce6eed9113f7ff06a6a8b5fffb1f4b00fb3eedd27253a3a31e88356c2e6c7845ef6afcfc691f6a0837ed3597f4836c60037d',
3 | h'308203833082016ba003020102020103300d06092a864886f70d01010d05003017311530130603550403130c5465737420526f6f74204341301e170d3136303731303130303030305a170d3339303731303039353935395a3016311430120603550403130b546573742053756220434130819b301006072a8648ce3d020106052b81040023038186000400f73858eed1563379f0d0b31dfcf9c83aeb97fba55a1c9875880fcfed776d1dea882d1382eb9744ded87bd717c433f07d93623ee8b98c4cef8e490415e15161cff600c825ed63a8f495908dfd11417331aa59f08d46b95282acb7d35938f9feb5372aea4d6791ddcb64a44b7cb66ae6a1969b999058b7fbdd61c57b510b112e683b565ca3633061300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a31165cf5dc050a74be519e1767b549ab74f978a301f0603551d23041830168014408e74a3b2c933395ef0306eee53a86d417521ca300d06092a864886f70d01010d050003820201001d9af4cf0b91a4d08798995bcfafa6415d8aee6c15c39458ac6d159ec5226b8530f9096d48470406239d25e22dbd12caa5b08784253b6a92a46ab1123a6e1ad6a6fa668ab2f2b130bc326cf82fd7cf9bb1b98ced98c11bb310628c793fb8c56190785382373e7d2440ae8176bd7c51af043fc6244cac894ba1a6a2197a893b5db2039d2791078f30b41a1cf0891de95ca0d7e382ced1a2ba9444565f7b8e02a65acc1f8af2a8459e1d4c03afe9faad7355c108b8f71f2a68bef3004e8ea1e16a8f1386607c69fa689567c5ac4c76ddee726d47b814f006321ff99513f4a40ef21dd7ad864dc9e4a292726062a050e6d1df0dc65a238cc5ca1c87b487025007a6098c43e5170d7e5346b897821b1c4148cb0b939913f4fa009e8b39e71e483de89bc9443890b7cb23d8339a0a2efce0795b550410cd305df152680894601bd082857a9c667e53fb04e11af8ae3334441e9b5e48213603267eeff96868ab1657fae24eabfb1a019552791ef29d17363b733330fe88954dbcb28d869b78c3ce23075d531aa9efb89de2ef77be860f7ac992130213205125e99ff719b423e5de81eeec28e9bbbf2fcae03441ab5808404f3009547d0b3e7b103c9e4578d2088205cde6b8ea6c4e3256d7ebd0af1a451a45ef2b8b3dc2ecea56badb5d118d60d0a23ba66b103249dff32cdb86c4e0927fb8f9e1cbb2eab66b941217b7cf76754b1ec8'
4 | ]
--------------------------------------------------------------------------------
/distribution/apidoc/org/webpki/cbor/doc-files/cbor-crypto.svg:
--------------------------------------------------------------------------------
1 |
2 |
43 |
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/cbor/CBORX509Encrypter.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.cbor;
18 |
19 | import java.security.cert.X509Certificate;
20 |
21 | import org.webpki.crypto.ContentEncryptionAlgorithms;
22 | import org.webpki.crypto.KeyEncryptionAlgorithms;
23 |
24 | import static org.webpki.cbor.CBORCryptoConstants.*;
25 |
26 | /**
27 | * Class for X.509 encryption.
28 | */
29 | public class CBORX509Encrypter extends CBOREncrypter {
30 |
31 | KeyEncryptionAlgorithms keyEncryptionAlgorithm;
32 |
33 | X509Certificate[] certificatePath;
34 |
35 | /**
36 | * Creates an encrypter object.
37 | *
38 | * @param certificatePath Encryption certificate path
39 | * @param keyEncryptionAlgorithm Key encryption algorithm
40 | * @param contentEncryptionAlgorithm Content encryption algorithm
41 | */
42 | public CBORX509Encrypter(X509Certificate[] certificatePath,
43 | KeyEncryptionAlgorithms keyEncryptionAlgorithm,
44 | ContentEncryptionAlgorithms contentEncryptionAlgorithm) {
45 | super(contentEncryptionAlgorithm);
46 | this.certificatePath = certificatePath;
47 | this.keyEncryptionAlgorithm = keyEncryptionAlgorithm;
48 | }
49 |
50 | @Override
51 | byte[] getContentEncryptionKey(CBORMap keyEncryption) {
52 |
53 | // X.509 encryptions mandate a certificate path.
54 | keyEncryption.set(CXF_CERT_PATH_LBL,
55 | CBORCryptoUtils.encodeCertificateArray(certificatePath));
56 |
57 | // Key IDs are not permitted.
58 | CBORCryptoUtils.rejectPossibleKeyId(optionalKeyId);
59 |
60 | // Create common key encryption data and return content encryption key.
61 | return CBORCryptoUtils.commonKeyEncryption(certificatePath[0].getPublicKey(),
62 | keyEncryption,
63 | keyEncryptionAlgorithm,
64 | contentEncryptionAlgorithm);
65 | }
66 |
67 | @Override
68 | CBORX509Encrypter getThis() {
69 | return this;
70 | }
71 | }
72 |
--------------------------------------------------------------------------------
/app/src/main/res/drawable/cbor.xml:
--------------------------------------------------------------------------------
1 |
6 |
27 |
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/cbor/CBORSymKeyDecrypter.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.cbor;
18 |
19 | import org.webpki.crypto.ContentEncryptionAlgorithms;
20 |
21 | /**
22 | * Class for symmetric key decryption.
23 | */
24 | public class CBORSymKeyDecrypter extends CBORDecrypter {
25 |
26 | /**
27 | * Interface for dynamic key retrieval.
28 | */
29 | public interface KeyLocator {
30 |
31 | /**
32 | * Lookup of secret decryption key.
33 | *
34 | * An implementation is supposed to throw an exception if it
35 | * does not find a matching key or if the supplied algorithm does
36 | * not meet the policy.
37 | *
38 | *
39 | * @param optionalKeyId Optional key Id found in the encryption object
40 | * @param contentEncryptionAlgorithm The requested content encryption algorithm
41 | * @return Decryption key
42 | */
43 | byte[] locate(CBORObject optionalKeyId,
44 | ContentEncryptionAlgorithms contentEncryptionAlgorithm);
45 | }
46 |
47 | KeyLocator keyLocator;
48 |
49 | /**
50 | * Creates a decrypter object with a secret key.
51 | *
52 | * This constructor presumes that the decryption key is given by the context.
53 | *
54 | *
55 | * @param secretKey Decryption key
56 | */
57 | public CBORSymKeyDecrypter(byte[] secretKey) {
58 | this((optionalKeyId, contentEncryptionAlgorithm) -> secretKey);
59 | }
60 |
61 | /**
62 | * Creates a decrypter object with a key locator.
63 | *
64 | * @param keyLocator DecrypterImpl implementation
65 | */
66 | public CBORSymKeyDecrypter(KeyLocator keyLocator) {
67 | this.keyLocator = keyLocator;
68 | }
69 |
70 | @Override
71 | byte[] getContentEncryptionKey(CBORMap innerObject,
72 | ContentEncryptionAlgorithms contentEncryptionAlgorithm,
73 | CBORObject optionalKeyId) {
74 | return keyLocator.locate(optionalKeyId, contentEncryptionAlgorithm);
75 | }
76 |
77 | @Override
78 | CBORSymKeyDecrypter getThis() {
79 | return this;
80 | }
81 | }
82 |
--------------------------------------------------------------------------------
/artwork/cbor.svg:
--------------------------------------------------------------------------------
1 |
2 |
18 |
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/cbor/CBORBigInt.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.cbor;
18 |
19 | import java.math.BigInteger;
20 |
21 | import java.util.Arrays;
22 |
23 | import static org.webpki.cbor.CBORInternal.*;
24 |
25 | /**
26 | * Class for holding CBOR integer objects.
27 | *
28 | * Note that the encoder is adaptive, selecting the proper CBOR
29 | * representation in order to produce a fully deterministic result.
30 | *
31 | * See also {@link CBORInt}.
32 | */
33 | public class CBORBigInt extends CBORObject {
34 |
35 | static final byte[] UNSIGNED_BIGNUM_TAG = {(byte)MT_BIG_UNSIGNED};
36 | static final byte[] NEGATIVE_BIGNUM_TAG = {(byte)MT_BIG_NEGATIVE};
37 |
38 | BigInteger value;
39 |
40 | /**
41 | * Creates a CBOR integer value of any size.
42 | *
43 | * Also see {@link CBORInt#CBORInt(long)} and
44 | * {@link CBORObject#getBigInteger()}.
45 | *
46 | *
47 | * Note: if value is within the CBOR int range,
48 | * int encoding will be used, otherwise value
49 | * will be encoded as a CBOR bigint.
50 | *
51 | *
52 | * @param value Integer in BigInteger format
53 | */
54 | public CBORBigInt(BigInteger value) {
55 | this.value = value;
56 | nullCheck(value);
57 | }
58 |
59 | @Override
60 | byte[] internalEncode() {
61 | boolean unsigned = value.compareTo(BigInteger.ZERO) >= 0;
62 | BigInteger cborAdjusted = unsigned ? value : value.not();
63 | byte[] encoded = cborAdjusted.toByteArray();
64 | if (encoded[0] == 0) {
65 | // Remove leading zero which may be present due to two-complement encoding.
66 | encoded = Arrays.copyOfRange(encoded, 1, encoded.length);
67 | }
68 | if (encoded.length <= 8) {
69 | // Fits "int" encoding.
70 | return encodeTagAndN(unsigned ? MT_UNSIGNED : MT_NEGATIVE, cborAdjusted.longValue());
71 | }
72 | // Needs "bigint" encoding.
73 | return CBORUtil.concatByteArrays(unsigned ? UNSIGNED_BIGNUM_TAG : NEGATIVE_BIGNUM_TAG,
74 | new CBORBytes(encoded).encode());
75 | }
76 |
77 | @Override
78 | void internalToString(CborPrinter cborPrinter) {
79 | cborPrinter.append(value.toString());
80 | }
81 | }
82 |
--------------------------------------------------------------------------------
/gradlew.bat:
--------------------------------------------------------------------------------
1 | @rem
2 | @rem Copyright 2015 the original author or authors.
3 | @rem
4 | @rem Licensed under the Apache License, Version 2.0 (the "License");
5 | @rem you may not use this file except in compliance with the License.
6 | @rem You may obtain a copy of the License at
7 | @rem
8 | @rem https://www.apache.org/licenses/LICENSE-2.0
9 | @rem
10 | @rem Unless required by applicable law or agreed to in writing, software
11 | @rem distributed under the License is distributed on an "AS IS" BASIS,
12 | @rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | @rem See the License for the specific language governing permissions and
14 | @rem limitations under the License.
15 | @rem
16 |
17 | @if "%DEBUG%" == "" @echo off
18 | @rem ##########################################################################
19 | @rem
20 | @rem Gradle startup script for Windows
21 | @rem
22 | @rem ##########################################################################
23 |
24 | @rem Set local scope for the variables with windows NT shell
25 | if "%OS%"=="Windows_NT" setlocal
26 |
27 | set DIRNAME=%~dp0
28 | if "%DIRNAME%" == "" set DIRNAME=.
29 | set APP_BASE_NAME=%~n0
30 | set APP_HOME=%DIRNAME%
31 |
32 | @rem Resolve any "." and ".." in APP_HOME to make it shorter.
33 | for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
34 |
35 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
36 | set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
37 |
38 | @rem Find java.exe
39 | if defined JAVA_HOME goto findJavaFromJavaHome
40 |
41 | set JAVA_EXE=java.exe
42 | %JAVA_EXE% -version >NUL 2>&1
43 | if "%ERRORLEVEL%" == "0" goto execute
44 |
45 | echo.
46 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
47 | echo.
48 | echo Please set the JAVA_HOME variable in your environment to match the
49 | echo location of your Java installation.
50 |
51 | goto fail
52 |
53 | :findJavaFromJavaHome
54 | set JAVA_HOME=%JAVA_HOME:"=%
55 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe
56 |
57 | if exist "%JAVA_EXE%" goto execute
58 |
59 | echo.
60 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
61 | echo.
62 | echo Please set the JAVA_HOME variable in your environment to match the
63 | echo location of your Java installation.
64 |
65 | goto fail
66 |
67 | :execute
68 | @rem Setup the command line
69 |
70 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
71 |
72 |
73 | @rem Execute Gradle
74 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
75 |
76 | :end
77 | @rem End local scope for the variables with windows NT shell
78 | if "%ERRORLEVEL%"=="0" goto mainEnd
79 |
80 | :fail
81 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
82 | rem the _cmd.exe /c_ return code!
83 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
84 | exit /b 1
85 |
86 | :mainEnd
87 | if "%OS%"=="Windows_NT" endlocal
88 |
89 | :omega
90 |
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/crypto/KeyEncryptionAlgorithms.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.crypto;
18 |
19 | /**
20 | * JWE and COSE key encryption algorithms.
21 | *
22 | * Note that JOSE and COSE use different KDFs.
23 | */
24 | public enum KeyEncryptionAlgorithms {
25 |
26 | // ECDH
27 | ECDH_ES ("ECDH-ES", -25, false, false, -1),
28 | ECDH_ES_A128KW ("ECDH-ES+A128KW", -29, false, true, 16),
29 | ECDH_ES_A192KW ("ECDH-ES+A192KW", -30, false, true, 24),
30 | ECDH_ES_A256KW ("ECDH-ES+A256KW", -31, false, true, 32),
31 |
32 | // RSA
33 | RSA_OAEP ("RSA-OAEP", -40, true, true, -1),
34 | RSA_OAEP_256 ("RSA-OAEP-256", -41, true, true, -1);
35 |
36 | String joseId;
37 | int coseId;
38 | boolean rsa;
39 | boolean keyWrap;
40 | int keyEncryptionKeyLength;
41 |
42 | KeyEncryptionAlgorithms(String joseId,
43 | int coseId,
44 | boolean rsa,
45 | boolean keyWrap,
46 | int keyEncryptionKeyLength) {
47 | this.joseId = joseId;
48 | this.coseId = coseId;
49 | this.rsa = rsa;
50 | this.keyWrap = keyWrap;
51 | this.keyEncryptionKeyLength = keyEncryptionKeyLength;
52 | }
53 |
54 | public boolean isRsa() {
55 | return rsa;
56 | }
57 |
58 | public boolean isKeyWrap() {
59 | return keyWrap;
60 | }
61 |
62 | public String getJoseAlgorithmId() {
63 | return joseId;
64 | }
65 |
66 | public int getCoseAlgorithmId() {
67 | return coseId;
68 | }
69 |
70 | public static KeyEncryptionAlgorithms getAlgorithmFromId(String joseAlgorithmId) {
71 | for (KeyEncryptionAlgorithms algorithm : KeyEncryptionAlgorithms.values()) {
72 | if (joseAlgorithmId.equals(algorithm.joseId)) {
73 | return algorithm;
74 | }
75 | }
76 | throw new IllegalArgumentException("Unexpected algorithm: " + joseAlgorithmId);
77 | }
78 |
79 | public static KeyEncryptionAlgorithms getAlgorithmFromId(int coseAlgorithmId) {
80 | for (KeyEncryptionAlgorithms algorithm : KeyEncryptionAlgorithms.values()) {
81 | if (coseAlgorithmId == algorithm.coseId) {
82 | return algorithm;
83 | }
84 | }
85 | throw new IllegalArgumentException("Unexpected algorithm: " + coseAlgorithmId);
86 | }
87 | }
88 |
--------------------------------------------------------------------------------
/app/src/main/res/drawable/ic_launcher_foreground.xml:
--------------------------------------------------------------------------------
1 |
6 |
10 |
31 |
32 |
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/cbor/CBORString.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.cbor;
18 |
19 | import org.webpki.util.UTF8;
20 |
21 | import static org.webpki.cbor.CBORInternal.*;
22 |
23 | /**
24 | * Class for holding CBOR tstr objects.
25 | */
26 | public class CBORString extends CBORObject {
27 |
28 | String textString;
29 |
30 | /**
31 | * Creates a CBOR tstr object.
32 | *
33 | * Note that textString must be valid UTF-16.
34 | *
35 | *
36 | * See also {@link CBORObject#getString()}.
37 | *
38 | */
39 | public CBORString(String textString) {
40 | this.textString = textString;
41 | nullCheck(textString);
42 | }
43 |
44 | @Override
45 | byte[] internalEncode() {
46 | byte[] utf8Bytes = UTF8.encode(textString);
47 | return CBORUtil.concatByteArrays(encodeTagAndN(MT_STRING, utf8Bytes.length), utf8Bytes);
48 | }
49 |
50 | // JavaScript/JSON compatible escape character support
51 | static final char[] ESCAPE_CHARACTERS = {
52 | // 0 1 2 3 4 5 6 7 8 9 A B C D E F
53 | 1 , 1 , 1 , 1 , 1 , 1 , 1 , 1 , 'b', 't', 'n', 1 , 'f', 'r', 1 , 1 ,
54 | 1 , 1 , 1 , 1 , 1 , 1 , 1 , 1 , 1 , 1 , 1 , 1 , 1 , 1 , 1 , 1 ,
55 | 0 , 0 , '"', 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 ,
56 | 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 ,
57 | 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 ,
58 | 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , '\\'};
59 |
60 | @Override
61 | void internalToString(CborPrinter cborPrinter) {
62 | cborPrinter.append('"');
63 | for (char c : textString.toCharArray()) {
64 | if (c <= '\\') {
65 | char convertedCharacter;
66 | if ((convertedCharacter = ESCAPE_CHARACTERS[c]) != 0) {
67 | cborPrinter.append('\\');
68 | if (convertedCharacter == 1) {
69 | cborPrinter.append(String.format("u%04x", (int)c));
70 | continue;
71 | }
72 | c = convertedCharacter;
73 | }
74 | }
75 | cborPrinter.append(c);
76 | }
77 | cborPrinter.append('"');
78 | }
79 | }
80 |
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/util/Base64URL.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.util;
18 |
19 | // Source configured for Android.
20 |
21 | /**
22 | * Encodes/decodes base64URL data.
23 | * See RFC 4648 Table 2.
24 | */
25 | public class Base64URL {
26 |
27 | private Base64URL() {} // No instantiation please
28 |
29 | /**
30 | * Decode base64url string.
31 | *
32 | * This method does not accept padding or line wraps.
33 | *
34 | *
35 | * @param base64Url Encoded data in base64url format
36 | * @return Decoded data as a byte array
37 | * @throws IllegalArgumentException
38 | */
39 | public static byte[] decode(String base64Url) {
40 | if (base64Url.contains("=")) {
41 | throw new IllegalArgumentException("Padding not allowed");
42 | }
43 | // Flaky decoder fix :(
44 | return decodePadded(base64Url);
45 | }
46 |
47 | /**
48 | * Decode base64url string.
49 | *
50 | * This method accepts optional padding.
51 | *
52 | *
53 | * Note that line wraps are not permitted.
54 | *
55 | *
56 | * @param base64Url Encoded data in base64url format
57 | * @return Decoded data as a byte array
58 | * @throws IllegalArgumentException
59 | */
60 | public static byte[] decodePadded(String base64Url) {
61 | byte[] bytes = android.util.Base64.decode(base64Url, android.util.Base64.URL_SAFE);
62 | // Flaky decoder fix :(
63 | final String reencoded = encode(bytes);
64 | int last = reencoded.length() - 1;
65 | if (last >= 0 && reencoded.charAt(last) != base64Url.charAt(last)) {
66 | throw new IllegalArgumentException("Invalid base64 termination character");
67 | }
68 | return bytes;
69 | }
70 |
71 | /**
72 | * Encode byte array.
73 | *
74 | * This method adds no padding or line wraps.
75 | *
76 | *
77 | * @param byteArray Binary data
78 | * @return Encoded data as a base64url string
79 | */
80 | public static String encode(byte[] byteArray) {
81 | return android.util.Base64.encodeToString(byteArray,
82 | android.util.Base64.URL_SAFE |
83 | android.util.Base64.NO_PADDING |
84 | android.util.Base64.NO_WRAP);
85 | }
86 | }
87 |
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/cbor/CBORAsymKeyEncrypter.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.cbor;
18 |
19 | import java.security.PublicKey;
20 |
21 | import org.webpki.crypto.ContentEncryptionAlgorithms;
22 | import org.webpki.crypto.KeyEncryptionAlgorithms;
23 |
24 | import static org.webpki.cbor.CBORCryptoConstants.*;
25 |
26 | /**
27 | * Class for asymmetric key encryption.
28 | */
29 | public class CBORAsymKeyEncrypter extends CBOREncrypter {
30 |
31 | KeyEncryptionAlgorithms keyEncryptionAlgorithm;
32 |
33 | boolean wantPublicKey;
34 | PublicKey publicKey;
35 |
36 | /**
37 | * Creates an encrypter object.
38 | *
39 | * @param publicKey Encryption key
40 | * @param keyEncryptionAlgorithm Key encryption algorithm
41 | * @param contentEncryptionAlgorithm Content encryption algorithm
42 | */
43 | public CBORAsymKeyEncrypter(PublicKey publicKey,
44 | KeyEncryptionAlgorithms keyEncryptionAlgorithm,
45 | ContentEncryptionAlgorithms contentEncryptionAlgorithm) {
46 | super(contentEncryptionAlgorithm);
47 | this.publicKey = publicKey;
48 | this.keyEncryptionAlgorithm = keyEncryptionAlgorithm;
49 | }
50 |
51 | /**
52 | * Define if public key should be included.
53 | *
54 | * @param wantPublicKey Flag. Default: false.
55 | * @return this
56 | */
57 | public CBORAsymKeyEncrypter setPublicKeyOption(boolean wantPublicKey) {
58 | this.wantPublicKey = wantPublicKey;
59 | return this;
60 | }
61 |
62 | @Override
63 | byte[] getContentEncryptionKey(CBORMap keyEncryption) {
64 |
65 | // We may want to include the public key as well
66 | if (wantPublicKey) {
67 | keyEncryption.set(CXF_PUBLIC_KEY_LBL, CBORPublicKey.convert(publicKey));
68 | // Which does not go together with a keyId
69 | CBORCryptoUtils.rejectPossibleKeyId(optionalKeyId);
70 | }
71 |
72 | // Create common key encryption data and return content encryption key.
73 | return CBORCryptoUtils.commonKeyEncryption(publicKey,
74 | keyEncryption,
75 | keyEncryptionAlgorithm,
76 | contentEncryptionAlgorithm);
77 | }
78 |
79 | @Override
80 | CBORAsymKeyEncrypter getThis() {
81 | return this;
82 | }
83 | }
84 |
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/cbor/CBORHmacValidator.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.cbor;
18 |
19 | import java.util.Arrays;
20 |
21 | import org.webpki.crypto.CryptoException;
22 | import org.webpki.crypto.HmacAlgorithms;
23 | import org.webpki.crypto.HmacVerifierInterface;
24 |
25 | /**
26 | * Class for CBOR HMAC signature validation.
27 | *
28 | * Also see {@link CBORValidator}.
29 | *
30 | */
31 | public class CBORHmacValidator extends CBORValidator {
32 |
33 | HmacVerifierInterface verifier;
34 |
35 | CBORHmacValidator(HmacVerifierInterface verifier, boolean externalInterface) {
36 | super(externalInterface);
37 | this.verifier = verifier;
38 | }
39 |
40 | /**
41 | * Creates a validator object with a secret key.
42 | *
43 | * This constructor presumes that the validation key is given by the context
44 | * and that the supplied algorithm meets the policy. The optional CSF
45 | * keyId is ignored.
46 | *
47 | *
48 | * @param secretKey Validation key
49 | */
50 | public CBORHmacValidator(byte[] secretKey) {
51 | this((data, digest, algorithm, keyId) ->
52 | Arrays.equals(algorithm.digest(secretKey, data), digest), false);
53 | }
54 |
55 | /**
56 | * Creates a validator object with an external implementation.
57 | *
58 | * This constructor provides full control for the verifier
59 | * HMAC algorithms and cryptographic providers. Note that an optional CSF
60 | * keyId must be a CBOR string.
61 | *
62 | *
63 | * @param verifier Verifier implementation
64 | */
65 | public CBORHmacValidator(HmacVerifierInterface verifier) {
66 | this(verifier, true);
67 | }
68 |
69 | @Override
70 | void coreValidation(CBORMap csfContainer,
71 | int coseAlgorithmId,
72 | CBORObject optionalKeyId,
73 | byte[] signatureValue,
74 | byte[] signedData) {
75 | if (!verifier.verify(signedData,
76 | signatureValue,
77 | HmacAlgorithms.getAlgorithmFromId(coseAlgorithmId),
78 | optionalKeyId == null ? null : optionalKeyId.getString())) {
79 | throw new CryptoException("HMAC signature validation error");
80 | }
81 | }
82 |
83 | @Override
84 | CBORHmacValidator getThis() {
85 | return this;
86 | }
87 | }
88 |
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/cbor/CBORTypedObjectDecoder.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.cbor;
18 |
19 | /**
20 | * Base class for typed objects decoders.
21 | *
22 | * Base class for CBOR object decoders that can be instantiated
23 | * through a {@link CBORTypedObjectDecoderCache}.
24 | * The system relies on that CBOR data is prepended by a mandatory COTX tag.
25 | *
26 | *
27 | * See also Typed Objects for an example.
28 | *
29 | */
30 | public abstract class CBORTypedObjectDecoder {
31 |
32 | /**
33 | * Constructor.
34 | *
35 | * Note: implementations must have a public
36 | * constructor (which they get by default if no
37 | * other constructor is defined).
38 | *
39 | */
40 | public CBORTypedObjectDecoder() {
41 |
42 | }
43 |
44 | CBORObject root; // Of decoded CBOR
45 |
46 | /**
47 | * IMPLEMENTER USE ONLY.
48 | *
49 | * Implementations must decode all elements
50 | * associated with the specific object decoder.
51 | *
52 | *
53 | * Note that "checked" exceptions must be wrapped in
54 | * suitable unchecked exceptions like {@link RuntimeException},
55 | * {@link CBORException}, or {@link org.webpki.crypto.CryptoException}.
56 | *
57 | *
58 | * @param cborBody COTX argument of {@link CBORTypedObjectDecoder} instance
59 | */
60 | protected abstract void decode(CBORObject cborBody);
61 |
62 | /**
63 | * IMPLEMENTER USE ONLY.
64 | *
65 | * After {@link #decode(CBORObject)} has been called,
66 | * the {@link CBORTypedObjectDecoderCache} will by default call
67 | * {@link CBORObject#checkForUnread()}. By overriding
68 | * {@link #enableCheckForUnread()} and returning false,
69 | * a decoder implementation can disable this check.
70 | *
71 | */
72 | protected boolean enableCheckForUnread() {
73 | return true;
74 | }
75 |
76 | /**
77 | * Get typed object identifier.
78 | *
79 | * @return Object Id (COTX)
80 | */
81 | public abstract String getObjectId();
82 |
83 |
84 | /**
85 | * Get root of decoded CBOR.
86 | *
87 | * Note: the root points to the entire object, including the COTX tag.
88 | *
89 | *
90 | * @return CBORObject
91 | */
92 | public CBORObject getRoot() {
93 | return root;
94 | }
95 | }
96 |
--------------------------------------------------------------------------------
/distribution/apidoc/org/webpki/util/package-tree.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | org.webpki.util Class Hierarchy (WebPKI.org Support)
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
18 |
19 |
20 |
37 |
38 |
39 |
40 |
41 | Hierarchy For Package org.webpki.util
42 |
43 | Package Hierarchies:
44 |
45 | - All Packages
46 |
47 |
48 | Class Hierarchy
49 |
50 | - java.lang.Object
51 |
52 | - org.webpki.util.Base64URL
53 | - org.webpki.util.Float64Stringifier
54 | - org.webpki.util.HexaDecimal
55 | - org.webpki.util.IO
56 | - org.webpki.util.UTF8
57 |
58 |
59 |
60 |
61 |
62 |
66 |
67 |
68 |
69 |
70 |
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/cbor/CBORTypedObjectDecoderCache.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.cbor;
18 |
19 | import java.lang.reflect.InvocationTargetException;
20 |
21 | import java.util.Hashtable;
22 |
23 | /**
24 | * Cache for typed object decoders.
25 | *
26 | * Stores {@link CBORTypedObjectDecoder} classes for automatic instantiation during decoding.
27 | *
28 | *
29 | * See also Typed Objects for an example.
30 | *
31 | */
32 | public class CBORTypedObjectDecoderCache {
33 |
34 | private final Hashtable> classMap = new Hashtable<>();
36 |
37 | private CBORTypedObjectDecoder getInstance(
38 | Class decoderClass) {
39 | try {
40 | return decoderClass.getDeclaredConstructor().newInstance();
41 | } catch (InstantiationException | InvocationTargetException |
42 | NoSuchMethodException | IllegalAccessException e) {
43 | throw new CBORException(e);
44 | }
45 | }
46 |
47 | /**
48 | * Creates empty typed object decoder cache.
49 | */
50 | public CBORTypedObjectDecoderCache() {
51 |
52 | }
53 |
54 | /**
55 | * Decode and instantiate typed object decoder.
56 | *
57 | * @param typedObject Typed object to be decoded
58 | * @return Instantiated {@link CBORTypedObjectDecoder}
59 | */
60 | public CBORTypedObjectDecoder decode(CBORObject typedObject) {
61 | CBORTag.COTXObject cotxObject = typedObject.getTag().getCOTXObject();
62 | Class schemaClass = classMap.get(cotxObject.objectId);
63 | if (schemaClass == null) {
64 | throw new CBORException("Unknown ObjectId: " + cotxObject.objectId);
65 | }
66 | CBORTypedObjectDecoder decoder = getInstance(schemaClass);
67 | decoder.root = typedObject;
68 | decoder.decode(cotxObject.object);
69 | if (decoder.enableCheckForUnread()) {
70 | typedObject.checkForUnread();
71 | }
72 | return decoder;
73 |
74 | }
75 |
76 | /**
77 | * Add typed object decoder class to cache.
78 | *
79 | * @param decoderClass Typed decoder class
80 | * @return {@link CBORTypedObjectDecoderCache}
81 | */
82 | public CBORTypedObjectDecoderCache addToCache(
83 | Class decoderClass) {
84 | CBORTypedObjectDecoder schemaObject = getInstance(decoderClass);
85 | String objectId = schemaObject.getObjectId();
86 | if (classMap.put(objectId, schemaObject.getClass()) != null) {
87 | throw new RuntimeException("ObjectId already defined: " + objectId);
88 | }
89 | return this;
90 | }
91 | }
92 |
93 |
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/util/UTF8.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.util;
18 |
19 | import java.nio.ByteBuffer;
20 | import java.nio.CharBuffer;
21 | import java.nio.charset.CharacterCodingException;
22 | import java.nio.charset.Charset;
23 | import java.nio.charset.CharsetDecoder;
24 | import java.nio.charset.CharsetEncoder;
25 | import java.nio.charset.CodingErrorAction;
26 |
27 | /**
28 | * Encodes/decodes UTF-8 data.
29 | */
30 | public class UTF8 {
31 |
32 | private UTF8() {} // No instantiation please
33 |
34 | static final CharsetDecoder Utf8Decoder;
35 |
36 | static {
37 | try {
38 | Utf8Decoder = Charset.forName("utf-8").newDecoder()
39 | .onMalformedInput(CodingErrorAction.REPORT)
40 | .onUnmappableCharacter(CodingErrorAction.REPORT);
41 | } catch (Exception e) {
42 | throw new RuntimeException(e);
43 | }
44 | }
45 |
46 | static final CharsetEncoder Utf8Encoder;
47 |
48 | static {
49 | try {
50 | Utf8Encoder = Charset.forName("utf-8").newEncoder()
51 | .onMalformedInput(CodingErrorAction.REPORT)
52 | .onUnmappableCharacter(CodingErrorAction.REPORT);
53 | } catch (Exception e) {
54 | throw new RuntimeException(e);
55 | }
56 | }
57 |
58 | /**
59 | * Encodes Java (UTF-16) String to UTF-8.
60 | *
61 | * This method was added because String.getBytes("utf-8") does
62 | * not flag invalid UTF-16.
63 | *
64 | *
65 | * @param utf16String String presumably holding valid UTF-16
66 | * @return UTF-8 byte array
67 | * @throws IllegalArgumentException
68 | */
69 | public static byte[] encode(String utf16String) {
70 | try {
71 | ByteBuffer byteBuffer = Utf8Encoder.encode(CharBuffer.wrap(utf16String));
72 | byte[] utf8Bytes = new byte[byteBuffer.limit()];
73 | System.arraycopy(byteBuffer.array(), 0, utf8Bytes, 0, byteBuffer.limit());
74 | return utf8Bytes;
75 | } catch (CharacterCodingException e) {
76 | throw new IllegalArgumentException(e);
77 | }
78 | }
79 |
80 | /**
81 | * Decodes a UTF-8 byte array into a String.
82 | *
83 | * This method was added because new String(byteArray, "utf-8") does
84 | * not flag invalid UTF-8.
85 | *
86 | *
87 | * @param utf8Bytes Binary data presumably holding valid UTF-8
88 | * @return Java (UTF-16) String
89 | * @throws IllegalArgumentException
90 | */
91 | public static String decode(byte[] utf8Bytes) {
92 | try {
93 | return Utf8Decoder.decode(ByteBuffer.wrap(utf8Bytes)).toString();
94 | } catch (CharacterCodingException e) {
95 | throw new IllegalArgumentException(e);
96 | }
97 | }
98 | }
99 |
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/crypto/CertificateUtil.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.crypto;
18 |
19 | import java.io.ByteArrayInputStream;
20 |
21 | import java.util.ArrayList;
22 | import java.util.List;
23 | import java.util.HashSet;
24 |
25 | import java.security.cert.X509Certificate;
26 | import java.security.cert.CertificateFactory;
27 |
28 | import java.security.GeneralSecurityException;
29 |
30 | // Source configured for the free-standing Android CBOR/JSON libraries.
31 |
32 | /**
33 | * X509 certificate related operations.
34 | */
35 | public class CertificateUtil {
36 |
37 | private CertificateUtil() {} // No instantiation please
38 |
39 | static boolean verifyCertificate(X509Certificate child, X509Certificate parent) {
40 | try {
41 | child.verify(parent.getPublicKey());
42 | return true;
43 | } catch (GeneralSecurityException e) {
44 | return false;
45 | }
46 | }
47 |
48 | public static byte[] getBlobFromCertificate(X509Certificate certificate) {
49 | try {
50 | return certificate.getEncoded();
51 | } catch (GeneralSecurityException e) {
52 | throw new CryptoException(e);
53 | }
54 | }
55 |
56 | public static X509Certificate[] checkCertificatePath(X509Certificate[] certificatePath) {
57 | X509Certificate signedCertificate = certificatePath[0];
58 | int i = 0;
59 | while (++i < certificatePath.length) {
60 | X509Certificate signerCertificate = certificatePath[i];
61 | String issuer = signedCertificate.getIssuerX500Principal().getName();
62 | String subject = signerCertificate.getSubjectX500Principal().getName();
63 | if (!issuer.equals(subject) ||
64 | !verifyCertificate(signedCertificate, signerCertificate)) {
65 | throw new CryptoException("Path issuer order error, '" +
66 | issuer + "' versus '" + subject + "'");
67 | }
68 | signedCertificate = signerCertificate;
69 | }
70 | return certificatePath;
71 | }
72 |
73 | public static X509Certificate getCertificateFromBlob(byte[] encoded) {
74 | try {
75 | CertificateFactory cf = CertificateFactory.getInstance("X.509");
76 | return (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(encoded));
77 | } catch (GeneralSecurityException e) {
78 | throw new CryptoException(e);
79 | }
80 | }
81 |
82 | public static X509Certificate[] makeCertificatePath(List certificateBlobs) {
83 | ArrayList certificates = new ArrayList<>();
84 | for (byte[] certificateBlob : certificateBlobs) {
85 | certificates.add(getCertificateFromBlob(certificateBlob));
86 | }
87 | return checkCertificatePath(certificates.toArray(new X509Certificate[0]));
88 | }
89 | }
90 |
--------------------------------------------------------------------------------
/jlibcbor/src/main/java/org/webpki/cbor/CBORInt.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org).
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 | package org.webpki.cbor;
18 |
19 | import java.math.BigInteger;
20 |
21 | import static org.webpki.cbor.CBORInternal.*;
22 |
23 | /**
24 | * Class for holding CBOR int objects.
25 | *
-263). 29 | * In the unlikely case there is a need to explicitly deal with such integers, 30 | * using {@link CBORBigInt} is the supported workaround. 31 | */ 32 | public class CBORInt extends CBORObject { 33 | 34 | static final BigInteger MAX_INT_MAGNITUDE = new BigInteger("ffffffffffffffff", 16); 35 | static final BigInteger MIN_INT_VALUE = new BigInteger("-10000000000000000", 16); 36 | 37 | long value; 38 | boolean unsigned; 39 | 40 | /** 41 | * Creates a CBOR unsigned or negativeintobject. 42 | *43 | * Unsigned integers range from
48 | *0to 44 | *264-1, 45 | * while valid negative integers range from-1to 46 | *-263. 47 | *49 | * See also {@link CBORBigInt#CBORBigInt(BigInteger)} and 50 | * {@link CBORObject#getBigInteger()}. 51 | *
52 | * 53 | * @param value long value 54 | * @param unsignedtrueif value should be considered as unsigned 55 | * @throws CBORException 56 | */ 57 | public CBORInt(long value, boolean unsigned) { 58 | this.value = value; 59 | this.unsigned = unsigned; 60 | if (!unsigned && value >= 0) { 61 | cborError(STDERR_INT_VALUE_OUT_OF_RANGE + 62 | MIN_INT_VALUE.add(BigInteger.valueOf(value)).toString()); 63 | } 64 | } 65 | 66 | /** 67 | * Creates a CBOR signedintobject. 68 | *69 | * This constructor is equivalent to 70 | * {@link CBORInt(long,boolean)
72 | * 73 | * @param value Java (signed) long type 74 | */ 75 | public CBORInt(long value) { 76 | this(value, value >= 0); 77 | } 78 | 79 | @Override 80 | byte[] internalEncode() { 81 | return encodeTagAndN(unsigned ? MT_UNSIGNED : MT_NEGATIVE, unsigned ? value : ~value); 82 | } 83 | 84 | BigInteger toBigInteger() { 85 | BigInteger bigInteger = BigInteger.valueOf(value); 86 | return unsigned ? bigInteger.and(MAX_INT_MAGNITUDE) : bigInteger; 87 | } 88 | 89 | @Override 90 | void internalToString(CborPrinter cborPrinter) { 91 | cborPrinter.append(unsigned ? Long.toUnsignedString(value) : Long.toString(value)); 92 | } 93 | 94 | static final String STDERR_INT_VALUE_OUT_OF_RANGE = 95 | "Long out of range: "; 96 | 97 | } 98 | -------------------------------------------------------------------------------- /jlibcbor/src/main/java/org/webpki/cbor/CBORX509Validator.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org). 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * https://apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | */ 17 | package org.webpki.cbor; 18 | 19 | import java.security.cert.X509Certificate; 20 | 21 | import org.webpki.crypto.AsymSignatureAlgorithms; 22 | import org.webpki.crypto.SignatureWrapper; 23 | 24 | import static org.webpki.cbor.CBORCryptoConstants.*; 25 | 26 | /** 27 | * Class for validating X.509 signatures. 28 | *CBORInt(value, value >= 0)}. 71 | *29 | * Also see {@link CBORValidator}. 30 | *
31 | *32 | * Note that X.509 signatures do not permit the use of a keyId. 33 | *
34 | */ 35 | public class CBORX509Validator extends CBORValidator45 | * A relying party is supposed to verify that the 46 | * certificate(path) is trusted and that the supplied 47 | * algorithm meets their policy requirements. 48 | * Deviations should force the implementation to throw an exception. 49 | *
50 | * 51 | * @param certificatePath Path to be verified 52 | * @param algorithm Signature algorithm 53 | */ 54 | void verify(X509Certificate[] certificatePath, AsymSignatureAlgorithms algorithm); 55 | } 56 | 57 | Parameters parameters; 58 | 59 | /** 60 | * Creates X.509 validator object with a parameter verifier. 61 | * 62 | * @param parameters Parameters implementation 63 | */ 64 | public CBORX509Validator(Parameters parameters) { 65 | super(true); 66 | this.parameters = parameters; 67 | } 68 | 69 | @Override 70 | void coreValidation(CBORMap csfContainer, 71 | int coseAlgorithmId, 72 | CBORObject optionalKeyId, 73 | byte[] signatureValue, 74 | byte[] signedData) { 75 | 76 | // keyId and certificates? Never! 77 | CBORCryptoUtils.rejectPossibleKeyId(optionalKeyId); 78 | 79 | // Get signature algorithm. 80 | AsymSignatureAlgorithms algorithm = 81 | AsymSignatureAlgorithms.getAlgorithmFromId(coseAlgorithmId); 82 | 83 | // Fetch certificate(path). 84 | X509Certificate[] certificatePath = CBORCryptoUtils.decodeCertificateArray( 85 | csfContainer.get(CXF_CERT_PATH_LBL).getArray()); 86 | 87 | // Now we have everything needed for validating the signature. 88 | SignatureWrapper.validate(certificatePath[0].getPublicKey(), 89 | algorithm, 90 | signedData, 91 | signatureValue, 92 | null); 93 | 94 | // Finally, check certificate(path) and signature algorithm. 95 | parameters.verify(certificatePath, algorithm); 96 | } 97 | 98 | @Override 99 | CBORX509Validator getThis() { 100 | return this; 101 | } 102 | } 103 | -------------------------------------------------------------------------------- /jlibcbor/src/main/java/org/webpki/cbor/CBORInternal.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org). 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * https://apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | */ 17 | package org.webpki.cbor; 18 | 19 | /** 20 | * CBOR internals. 21 | */ 22 | class CBORInternal { 23 | 24 | // Supported CBOR types 25 | static final int MT_UNSIGNED = 0x00; 26 | static final int MT_NEGATIVE = 0x20; 27 | static final int MT_BYTES = 0x40; 28 | static final int MT_STRING = 0x60; 29 | static final int MT_ARRAY = 0x80; 30 | static final int MT_MAP = 0xa0; 31 | static final int MT_TAG = 0xc0; 32 | static final int MT_BIG_UNSIGNED = 0xc2; 33 | static final int MT_BIG_NEGATIVE = 0xc3; 34 | static final int MT_SIMPLE = 0xe0; 35 | static final int MT_FALSE = 0xf4; 36 | static final int MT_TRUE = 0xf5; 37 | static final int MT_NULL = 0xf6; 38 | static final int MT_FLOAT16 = 0xf9; 39 | static final int MT_FLOAT32 = 0xfa; 40 | static final int MT_FLOAT64 = 0xfb; 41 | 42 | static final int FLOAT16_SIGNIFICAND_SIZE = 10; 43 | static final int FLOAT32_SIGNIFICAND_SIZE = 23; 44 | static final int FLOAT64_SIGNIFICAND_SIZE = 52; 45 | 46 | static final int FLOAT16_EXPONENT_SIZE = 5; 47 | static final int FLOAT32_EXPONENT_SIZE = 8; 48 | static final int FLOAT64_EXPONENT_SIZE = 11; 49 | 50 | static final int FLOAT16_EXPONENT_BIAS = 15; 51 | static final int FLOAT32_EXPONENT_BIAS = 127; 52 | static final int FLOAT64_EXPONENT_BIAS = 1023; 53 | 54 | static final long FLOAT16_NOT_A_NUMBER = 0x0000000000007e00L; 55 | static final long FLOAT16_POS_INFINITY = 0x0000000000007c00L; 56 | static final long FLOAT16_NEG_INFINITY = 0x000000000000fc00L; 57 | static final long FLOAT16_POS_ZERO = 0x0000000000000000L; 58 | static final long FLOAT16_NEG_ZERO = 0x0000000000008000L; 59 | 60 | static final long FLOAT32_POS_INFINITY = 0x000000007f800000L; 61 | static final long FLOAT32_NEG_ZERO = 0x0000000080000000L; 62 | 63 | static final long FLOAT64_NOT_A_NUMBER = 0x7ff8000000000000L; 64 | static final long FLOAT64_POS_INFINITY = 0x7ff0000000000000L; 65 | static final long FLOAT64_NEG_INFINITY = 0xfff0000000000000L; 66 | static final long FLOAT64_POS_ZERO = 0x0000000000000000L; 67 | static final long FLOAT64_NEG_ZERO = 0x8000000000000000L; 68 | 69 | static final long MASK_LOWER_32 = 0x00000000ffffffffL; 70 | 71 | static final long UINT32_MASK = 0xffffffff00000000L; 72 | static final long UINT16_MASK = 0xffffffffffff0000L; 73 | static final long UINT8_MASK = 0xffffffffffffff00L; 74 | 75 | static final long MAX_SAFE_JS_INTEGER = 9007199254740991L; 76 | static final long MIN_SAFE_JS_INTEGER = -MAX_SAFE_JS_INTEGER; 77 | 78 | static final long MAX_INSTANT_IN_MILLIS = 253402300799000L; // 9999-12-31T23:59:59Z 79 | static final long MIN_INSTANT_IN_MILLIS = -62167219200000L; // 0000-01-01T00:00:00Z; 80 | 81 | static final int MAX_ERROR_MESSAGE = 100; 82 | 83 | static void cborError(String error) { 84 | if (error.length() > MAX_ERROR_MESSAGE) { 85 | error = error.substring(0, MAX_ERROR_MESSAGE - 3) + " ..."; 86 | } 87 | throw new CBORException(error); 88 | } 89 | } 90 | -------------------------------------------------------------------------------- /jlibcbor/src/main/java/org/webpki/crypto/ContentEncryptionAlgorithms.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org). 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * https://apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | */ 17 | package org.webpki.crypto; 18 | 19 | /** 20 | * JWE and COSE content encryption algorithms. 21 | */ 22 | public enum ContentEncryptionAlgorithms { 23 | 24 | // Currently only defined by JOSE 25 | A128CBC_HS256 ("A128CBC-HS256", 200, 32, EncryptionCore.AES_CBC_IV_LENGTH, 26 | 16, "HMACSHA256", false), 27 | A192CBC_HS384 ("A192CBC-HS384", 201, 48, EncryptionCore.AES_CBC_IV_LENGTH, 28 | 24, "HMACSHA384", false), 29 | A256CBC_HS512 ("A256CBC-HS512", 202, 64, EncryptionCore.AES_CBC_IV_LENGTH, 30 | 32, "HMACSHA512", false), 31 | 32 | // JOSE + COSE 33 | A128GCM ("A128GCM", 1, 16, EncryptionCore.AES_GCM_IV_LENGTH, 34 | EncryptionCore.AES_GCM_TAG_LENGTH, null, true), 35 | A192GCM ("A192GCM", 2, 24, EncryptionCore.AES_GCM_IV_LENGTH, 36 | EncryptionCore.AES_GCM_TAG_LENGTH, null, true), 37 | A256GCM ("A256GCM", 3, 32, EncryptionCore.AES_GCM_IV_LENGTH, 38 | EncryptionCore.AES_GCM_TAG_LENGTH, null, true); 39 | 40 | String joseId; 41 | int coseId; 42 | int keyLength; 43 | int ivLength; 44 | int tagLength; 45 | String jceNameOfTagHmac; 46 | boolean gcm; 47 | 48 | ContentEncryptionAlgorithms(String joseId, 49 | int coseId, 50 | int keyLength, 51 | int ivLength, 52 | int tagLength, 53 | String jceNameOfTagHmac, 54 | boolean gcm) { 55 | this.joseId = joseId; 56 | this.coseId = coseId; 57 | this.keyLength = keyLength; 58 | this.ivLength = ivLength; 59 | this.tagLength = tagLength; 60 | this.jceNameOfTagHmac = jceNameOfTagHmac; 61 | this.gcm = gcm; 62 | } 63 | 64 | public int getKeyLength() { 65 | return keyLength; 66 | } 67 | 68 | public int getIvLength() { 69 | return ivLength; 70 | } 71 | 72 | public int getTagLength() { 73 | return tagLength; 74 | } 75 | 76 | public String getJoseAlgorithmId() { 77 | return joseId; 78 | } 79 | 80 | public int getCoseAlgorithmId() { 81 | return coseId; 82 | } 83 | 84 | public static ContentEncryptionAlgorithms getAlgorithmFromId(String joseAlgorithmId) { 85 | for (ContentEncryptionAlgorithms algorithm : ContentEncryptionAlgorithms.values()) { 86 | if (joseAlgorithmId.equals(algorithm.joseId)) { 87 | return algorithm; 88 | } 89 | } 90 | throw new IllegalArgumentException("Unexpected algorithm: " + joseAlgorithmId); 91 | } 92 | 93 | public static ContentEncryptionAlgorithms getAlgorithmFromId(int coseAlgorithmId) { 94 | for (ContentEncryptionAlgorithms algorithm : ContentEncryptionAlgorithms.values()) { 95 | if (coseAlgorithmId == algorithm.coseId) { 96 | return algorithm; 97 | } 98 | } 99 | throw new IllegalArgumentException("Unexpected algorithm: " + coseAlgorithmId); 100 | } 101 | } 102 | 103 | -------------------------------------------------------------------------------- /distribution/apidoc/serialized-form.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 |Serialized Form
42 |44 |-
45 |
46 |
60 |
61 | -
62 |
63 |
77 |
78 |
79 |Package org.webpki.cbor
47 |48 |-
49 |
50 | class CBORException extends RuntimeException implements Serializable
52 |
57 |
58 |
59 |Exception Class org.webpki.cbor.CBORException
51 |53 |- serialVersionUID:
54 | - 1L
55 |
56 |Package org.webpki.crypto
64 |65 |-
66 |
67 | class CryptoException extends RuntimeException implements Serializable
69 |
74 |
75 |
76 |Exception Class org.webpki.crypto.CryptoException
68 |70 |- serialVersionUID:
71 | - 1L
72 |
73 |34 | * Also see {@link CBORSigner}. 35 | *
36 | *37 | * Note that X.509 signatures do not permit the use of a
39 | */ 40 | public class CBORX509Signer extends CBORSignerkeyId. 38 | *47 | * Note that external signers must verify algorithm/key compatibility. 48 | *
49 | * 50 | * @param signer Custom signer 51 | */ 52 | public CBORX509Signer(X509SignerInterface signer) { 53 | this.signer = signer; 54 | } 55 | 56 | /** 57 | * Creates an X.509 signer object with a private key. 58 | *59 | * The signature algorithm to use is based on the recommendations 60 | * in RFC 7518. 61 | *
62 | * @param privateKey Signature key 63 | * @param certificatePath A matching non-null certificate path 64 | */ 65 | public CBORX509Signer(PrivateKey privateKey, X509Certificate[] certificatePath) { 66 | this(privateKey, 67 | certificatePath, 68 | KeyAlgorithms.getKeyAlgorithm(privateKey).getRecommendedSignatureAlgorithm()); 69 | } 70 | 71 | /** 72 | * Creates an X.509 signer object with a private key. 73 | * 74 | * @param privateKey Signature key 75 | * @param certificatePath A matching non-null certificate path 76 | * @param algorithm Signature algorithm 77 | */ 78 | public CBORX509Signer(PrivateKey privateKey, 79 | X509Certificate[] certificatePath, 80 | AsymSignatureAlgorithms algorithm) { 81 | signer = new X509SignerInterface() { 82 | 83 | @Override 84 | public byte[] signData(byte[] data) { 85 | return SignatureWrapper.sign(privateKey, algorithm, data, provider); 86 | } 87 | 88 | @Override 89 | public X509Certificate[] getCertificatePath() { 90 | return certificatePath; 91 | } 92 | 93 | @Override 94 | public AsymSignatureAlgorithms getAlgorithm() { 95 | return algorithm; 96 | } 97 | 98 | }; 99 | } 100 | 101 | @Override 102 | byte[] coreSigner(byte[] dataToBeSigned) { 103 | return signer.signData(dataToBeSigned); 104 | } 105 | 106 | @Override 107 | void additionalItems(CBORMap signatureObject) { 108 | // X.509 signatures mandate a certificate path. 109 | signatureObject.set(CXF_CERT_PATH_LBL, 110 | CBORCryptoUtils.encodeCertificateArray(signer.getCertificatePath())); 111 | // Key IDs are always rejected. 112 | CBORCryptoUtils.rejectPossibleKeyId(optionalKeyId); 113 | } 114 | 115 | @Override 116 | SignatureAlgorithms getAlgorithm() { 117 | return signer.getAlgorithm(); 118 | } 119 | 120 | @Override 121 | CBORX509Signer getThis() { 122 | return this; 123 | } 124 | } 125 | -------------------------------------------------------------------------------- /jlibcbor/src/main/java/org/webpki/cbor/CBORAsymKeySigner.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org). 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * https://apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | */ 17 | package org.webpki.cbor; 18 | 19 | import java.security.PrivateKey; 20 | import java.security.PublicKey; 21 | 22 | import org.webpki.crypto.AsymKeySignerInterface; 23 | import org.webpki.crypto.AsymSignatureAlgorithms; 24 | import org.webpki.crypto.KeyAlgorithms; 25 | import org.webpki.crypto.SignatureAlgorithms; 26 | import org.webpki.crypto.SignatureWrapper; 27 | 28 | import static org.webpki.cbor.CBORCryptoConstants.*; 29 | 30 | /** 31 | * Class for creating CBOR asymmetric key signatures. 32 | *33 | * Also see {@link CBORSigner}. 34 | *
35 | *36 | * Note that asymmetric key signatures do not permit using 37 | * both a
40 | */ 41 | public class CBORAsymKeySigner extends CBORSignerkeyIdand an in-line public key. 38 | * Also see {@link CBORSigner#setKeyId(CBORObject)} and {@link #setPublicKey(PublicKey)}. 39 | *50 | * Note that external signers must verify algorithm/key compatibility. 51 | *
52 | * 53 | * @param signer Custom signer 54 | */ 55 | public CBORAsymKeySigner(AsymKeySignerInterface signer) { 56 | this.signer = signer; 57 | } 58 | 59 | /** 60 | * Creates a signer object with a private key. 61 | *62 | * The default signature algorithm to use is based on the recommendations 63 | * in RFC 7518. 64 | *
65 | * @param privateKey Signature key 66 | */ 67 | public CBORAsymKeySigner(PrivateKey privateKey) { 68 | this(privateKey, 69 | KeyAlgorithms.getKeyAlgorithm(privateKey).getRecommendedSignatureAlgorithm()); 70 | } 71 | 72 | /** 73 | * Creates a signer object with a private key. 74 | * 75 | * @param privateKey Signature key 76 | * @param algorithm Signature algorithm 77 | */ 78 | public CBORAsymKeySigner(PrivateKey privateKey, AsymSignatureAlgorithms algorithm) { 79 | 80 | signer = new AsymKeySignerInterface() { 81 | 82 | @Override 83 | public byte[] signData(byte[] data) { 84 | return SignatureWrapper.sign(privateKey, algorithm, data, provider); 85 | } 86 | 87 | @Override 88 | public AsymSignatureAlgorithms getAlgorithm() { 89 | return algorithm; 90 | } 91 | 92 | }; 93 | } 94 | 95 | /** 96 | * Put a public key into the signature container. 97 | * 98 | *99 | * Note that a public key value of
102 | * 103 | * @param publicKey The public key ornull100 | * is equivalent to the default (=no public key). 101 | *null104 | * @returnthis105 | */ 106 | public CBORAsymKeySigner setPublicKey(PublicKey publicKey) { 107 | optionalPublicKey = publicKey; 108 | return this; 109 | } 110 | 111 | @Override 112 | byte[] coreSigner(byte[] dataToBeSigned) { 113 | return signer.signData(dataToBeSigned); 114 | } 115 | 116 | @Override 117 | void additionalItems(CBORMap signatureObject) { 118 | if (optionalPublicKey != null) { 119 | signatureObject.set(CXF_PUBLIC_KEY_LBL, CBORPublicKey.convert(optionalPublicKey)); 120 | CBORCryptoUtils.rejectPossibleKeyId(optionalKeyId); 121 | } 122 | } 123 | 124 | @Override 125 | SignatureAlgorithms getAlgorithm() { 126 | return signer.getAlgorithm(); 127 | } 128 | 129 | @Override 130 | CBORAsymKeySigner getThis() { 131 | return this; 132 | } 133 | } 134 | -------------------------------------------------------------------------------- /distribution/apidoc/org/webpki/util/package-summary.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 |Package org.webpki.util
59 |61 |
Util - Various Support Classes
67 |-
68 |
69 | Classes
70 |
71 | Class
72 | Description
73 | Base64URL
74 |
75 | Encodes/decodes base64URL data.
76 |
77 | Float64Stringifier
78 |
79 | IEEE-754 double to string encoder.
80 |
81 | HexaDecimal
82 |
83 | Encodes/decodes hexadecimal data.
84 |
85 | IO
86 |
87 | Collection of file I/O functions.
88 |
89 | UTF8
90 |
91 | Encodes/decodes UTF-8 data.
92 |
93 |
94 |
95 |
96 |
97 |117 | * After each line (
119 | * @param byteArray The data to be listed 120 | * @param bytesPerLine Bytes per line 121 | * @return Human-readable String 122 | */ 123 | public static String encodeDebugData(byte[] byteArray, int bytesPerLine) { 124 | return new HexaDecimal().toHexDebugData(byteArray, bytesPerLine); 125 | } 126 | 127 | /** 128 | * Encode byte array. 129 | * 130 | * @param byteArray Data to be encoded 131 | * @return String with zero or more hexadecimal pairs (nn: hh hh...) the ASCII counterpart is listed as well. 118 | *hh) 132 | */ 133 | public static String encode(byte[] byteArray) { 134 | return new HexaDecimal().toHexString(byteArray); 135 | } 136 | 137 | static int toHex(char c) { 138 | if (c >= '0') { 139 | if (c <= '9') return c - '0'; 140 | if (c >= 'a') { 141 | if (c <= 'f') return c - ('a' - 10); 142 | } 143 | if (c >= 'A') { 144 | if (c <= 'F') return c - ('A' - 10); 145 | } 146 | } 147 | throw new IllegalArgumentException("Bad hexchar: " + c); 148 | } 149 | 150 | /** 151 | * Decode hexadecimal string. 152 | * 153 | * @param hexString String with zero or more hexadecimal pairs (hh) 154 | * @return Decoded data as a byte array 155 | * @throws IllegalArgumentException 156 | */ 157 | public static byte[] decode(String hexString) { 158 | int l = hexString.length(); 159 | int bl; 160 | if (l % 2 != 0) throw new IllegalArgumentException("Bad hexstring: " + hexString); 161 | byte[] data = new byte[bl = l / 2]; 162 | while (--bl >= 0) { 163 | data[bl] = (byte) (toHex(hexString.charAt(--l)) + (toHex(hexString.charAt(--l)) << 4)); 164 | } 165 | return data; 166 | } 167 | } 168 | -------------------------------------------------------------------------------- /jlibcbor/src/main/java/org/webpki/crypto/HmacAlgorithms.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2006-2024 WebPKI.org (https://webpki.org). 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * https://apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | */ 17 | package org.webpki.crypto; 18 | 19 | import java.security.GeneralSecurityException; 20 | 21 | import javax.crypto.Mac; 22 | 23 | import javax.crypto.spec.SecretKeySpec; 24 | 25 | /** 26 | * HMAC algorithms including an implementation. 27 | * 28 | */ 29 | public enum HmacAlgorithms implements SignatureAlgorithms { 30 | 31 | HMAC_SHA1 ("http://www.w3.org/2000/09/xmldsig#hmac-sha1", 32 | null, 0, "HmacSHA1", HashAlgorithms.SHA1, false), 33 | 34 | HMAC_SHA256 ("http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", 35 | "HS256", 5, "HmacSHA256", HashAlgorithms.SHA256, true), 36 | 37 | HMAC_SHA384 ("http://www.w3.org/2001/04/xmldsig-more#hmac-sha384", 38 | "HS384", 6, "HmacSHA384", HashAlgorithms.SHA384, true), 39 | 40 | HMAC_SHA512 ("http://www.w3.org/2001/04/xmldsig-more#hmac-sha512", 41 | "HS512", 7, "HmacSHA512", HashAlgorithms.SHA512, true); 42 | 43 | private final String sksId; // As expressed in SKS 44 | private final String joseId; // JOSE 45 | private final int coseId; // COSE 46 | private final String jceName; // As expressed for JCE 47 | private HashAlgorithms digestAlg; 48 | private boolean sksMandatory; // If required in SKS 49 | 50 | private HmacAlgorithms(String sksId, String joseId, int coseId, String jceName, 51 | HashAlgorithms digestAlg, boolean sksMandatory) { 52 | this.sksId = sksId; 53 | this.joseId = joseId; 54 | this.coseId = coseId; 55 | this.jceName = jceName; 56 | this.digestAlg = digestAlg; 57 | this.sksMandatory = sksMandatory; 58 | } 59 | 60 | @Override 61 | public boolean isMandatorySksAlgorithm() { 62 | return sksMandatory; 63 | } 64 | 65 | @Override 66 | public String getJceName() { 67 | return jceName; 68 | } 69 | 70 | @Override 71 | public String getOid() { 72 | return null; 73 | } 74 | 75 | public byte[] digest(byte[] key, byte[] data) { 76 | try { 77 | Mac mac = Mac.getInstance(getJceName()); 78 | mac.init(new SecretKeySpec(key, "RAW")); // Note: any length is OK in HMAC 79 | return mac.doFinal(data); 80 | } catch (GeneralSecurityException e) { 81 | throw new CryptoException(e); 82 | } 83 | } 84 | 85 | public static boolean testAlgorithmUri(String sksId) { 86 | for (HmacAlgorithms alg : HmacAlgorithms.values()) { 87 | if (sksId.equals(alg.sksId)) { 88 | return true; 89 | } 90 | } 91 | return false; 92 | } 93 | 94 | public static HmacAlgorithms getAlgorithmFromId(String algorithmId, 95 | AlgorithmPreferences algorithmPreferences) { 96 | for (HmacAlgorithms alg : values()) { 97 | if (algorithmId.equals(alg.sksId)) { 98 | if (algorithmPreferences == AlgorithmPreferences.JOSE) { 99 | throw new CryptoException("JOSE algorithm expected: " + algorithmId); 100 | } 101 | return alg; 102 | } 103 | if (algorithmId.equals(alg.joseId)) { 104 | if (algorithmPreferences == AlgorithmPreferences.SKS) { 105 | throw new CryptoException("SKS algorithm expected: " + algorithmId); 106 | } 107 | return alg; 108 | } 109 | } 110 | throw new CryptoException("Unknown HMAC algorithm: " + algorithmId); 111 | } 112 | 113 | @Override 114 | public String getAlgorithmId(AlgorithmPreferences algorithmPreferences) { 115 | if (joseId == null) { 116 | if (algorithmPreferences == AlgorithmPreferences.JOSE) { 117 | throw new CryptoException("There is no JOSE algorithm for: " + this.toString()); 118 | } 119 | return sksId; 120 | } 121 | return algorithmPreferences == AlgorithmPreferences.SKS ? sksId : joseId; 122 | } 123 | 124 | @Override 125 | public boolean isDeprecated() { 126 | return this == HMAC_SHA1; 127 | } 128 | 129 | @Override 130 | public HashAlgorithms getDigestAlgorithm() { 131 | return digestAlg; 132 | } 133 | 134 | @Override 135 | public KeyTypes getKeyType() { 136 | return KeyTypes.SYM; 137 | } 138 | 139 | @Override 140 | public int getCoseAlgorithmId() { 141 | if (coseId == 0) { 142 | throw new CryptoException("There is no COSE HMAC algorithm for :" + this.toString()); 143 | } 144 | return coseId; 145 | } 146 | 147 | public static HmacAlgorithms getAlgorithmFromId(int coseAlgorithmId) { 148 | for (HmacAlgorithms alg : HmacAlgorithms.values()) { 149 | if (coseAlgorithmId == alg.coseId) { 150 | alg.getCoseAlgorithmId(); 151 | return alg; 152 | } 153 | } 154 | throw new CryptoException("Unknown COSE HMAC algorithm: " + coseAlgorithmId); 155 | } 156 | } 157 | -------------------------------------------------------------------------------- /distribution/apidoc/org/webpki/cbor/doc-files/crypto-options.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 |Tagged and Custom Container Data
39 | The CBOR library contains support for wrapping CSF and 40 | CEF containers in aCBORTagas well as 41 | including acustomDataelement. 42 |43 | In both cases the added information becomes a part of the 44 | authenticated (signed) data. 45 |
46 |47 | Note that these options represent extensions that in order to be 48 | accepted during validation respectively decryption, must 49 | be preceded by setting a for the application suitable policy 50 | (
52 |CBORCryptoUtils.POLICY). 51 |Creating Tagged Containers
53 | Creating a tagged CSF only requires wrapping the map to be signed in a 54 | suitableCBORTagobject. 55 |56 | CEF containers can be tagged by wrapping an empty
59 | 60 |CBORMapin 57 | a suitableCBORTagobject, and use that as an additional 58 | argument during encryption:CBOREncrypter.encrypt(byte[], CBORTag).Decoding Tagged Containers
61 | Decoding the tag of a tagged CSF or CEF container is performed by calling 62 |CBORValidator.setTagPolicy(CBORCryptoUtils.POLICY,CBORCryptoUtils.Collector)and 63 |CBORDecrypter.setTagPolicy(CBORCryptoUtils.POLICY,CBORCryptoUtils.Collector)respectively, 64 | whereCBORCryptoUtils.Collector.foundData(CBORObject)returns 65 | the actual tag object ornullif the container is not tagged. 66 | 67 |Creating Custom Data
68 | Adding custom data to CSF or CEF containers is performed by calling 69 |CBORSigner.setIntercepter(CBORCryptoUtils.Intercepter)and 70 |CBOREncrypter.setIntercepter(CBORCryptoUtils.Intercepter)respectively, 71 | whereCBORCryptoUtils.Intercepter.getCustomData()is supposed 72 | to provide the actual data. 73 | 74 |Decoding Custom Data
75 | Decoding custom data in a CSF or CEF container is performed by calling 76 |CBORValidator.setCustomDataPolicy(CBORCryptoUtils.POLICY,CBORCryptoUtils.Collector)and 77 |CBORDecrypter.setCustomDataPolicy(CBORCryptoUtils.POLICY,CBORCryptoUtils.Collector)respectively, 78 | whereCBORCryptoUtils.Collector.foundData(CBORObject)returns 79 | the actual data ornullif the container does not contain such data.[](array) objects. 25 | */ 26 | public class CBORArray extends CBORObject { 27 | 28 | ArrayList[](array). 32 | * 33 | */ 34 | public CBORArray() {} 35 | 36 | /** 37 | * Get size of the CBOR array. 38 | * 39 | * @return The number of objects in the array 40 | */ 41 | public int size() { 42 | return objects.size(); 43 | } 44 | 45 | /** 46 | * Get object at a specific position in the CBOR array. 47 | * 48 | * @param index The position (0..size()-1) 49 | * @return CBOR object 50 | * @throws IndexOutOfBoundsException If the index is out of range. 51 | */ 52 | public CBORObject get(int index) { 53 | return objects.get(index); 54 | } 55 | 56 | /** 57 | * Add object to the CBOR array. 58 | *59 | * Also see {@link CBORArray#insert(int, CBORObject)} 60 | *
61 | * 62 | * @param object Object to be appended to the array. 63 | * @returnthis64 | */ 65 | public CBORArray add(CBORObject object) { 66 | immutableTest(); 67 | objects.add(checkObject(object)); 68 | return this; 69 | } 70 | 71 | /** 72 | * Insert object at a specific position in the CBOR array. 73 | *74 | * The
77 | * @param index The position (objectwill be inserted before the 75 | * current object with the sameindex. 76 | *0..size()) 78 | * @param object Object to be inserted in the array. 79 | * @returnthis80 | * @throws IndexOutOfBoundsException If the index is out of range. 81 | */ 82 | public CBORArray insert(int index, CBORObject object) { 83 | immutableTest(); 84 | objects.add(index, checkObject(object)); 85 | return this; 86 | } 87 | 88 | /** 89 | * Update object at a specific position in the CBOR array. 90 | * 91 | * @param index The position (0..size()-1) 92 | * @param object Object to set 93 | * @return Previousobject94 | * @throws IndexOutOfBoundsException If the index is out of range. 95 | */ 96 | public CBORObject update(int index, CBORObject object) { 97 | immutableTest(); 98 | return objects.set(index, checkObject(object)); 99 | } 100 | 101 | /** 102 | * Remove object at a specific position in the CBOR array. 103 | * 104 | * @param index The position (0..size()-1) 105 | * @return Previousobject106 | * @throws IndexOutOfBoundsException If the index is out of range. 107 | */ 108 | public CBORObject remove(int index) { 109 | immutableTest(); 110 | return objects.remove(index); 111 | } 112 | 113 | byte[] encodeBody(byte[] header) { 114 | for (CBORObject cborObject : objects) { 115 | header = CBORUtil.concatByteArrays(header, cborObject.internalEncode()); 116 | } 117 | return header; 118 | } 119 | 120 | /** 121 | * Encode CBOR sequence. 122 | *123 | * Return the objects in the array as a CBOR sequence using 124 | * Deterministic Encoding. 125 | *
126 | * 127 | * @return CBOR sequence 128 | */ 129 | public byte[] encodeAsSequence() { 130 | return encodeBody(new byte[0]); 131 | } 132 | 133 | /** 134 | * Create shallow copy of the CBOR array. 135 | * 136 | * @return Array of CBOR objects 137 | */ 138 | @SuppressWarnings("unchecked") 139 | public ArrayList30 | * Also see {@link CBORValidator}. 31 | *
32 | */ 33 | public class CBORAsymKeyValidator extends CBORValidator43 | * An implementation is supposed to throw an exception if it 44 | * does not find a matching key or if the supplied algorithm does 45 | * not meet the policy. 46 | *
47 | * 48 | * @param optionalPublicKey Optional public key found in the signature object 49 | * @param optionalKeyId KeyId ornull50 | * @param algorithm Signature algorithm 51 | * @return Validation key 52 | */ 53 | PublicKey locate(PublicKey optionalPublicKey, 54 | CBORObject optionalKeyId, 55 | AsymSignatureAlgorithms algorithm); 56 | } 57 | 58 | KeyLocator keyLocator; 59 | 60 | CBORAsymKeyValidator(KeyLocator keyLocator, boolean externalInterface) { 61 | super(externalInterface); 62 | this.keyLocator = keyLocator; 63 | } 64 | 65 | /** 66 | * Creates a validator object with a public key. 67 | *68 | * This constructor presumes that the validation key is given by the context 69 | * and that the supplied algorithm meets the policy. 70 | *
71 | * @see CBORAsymKeyValidator(KeyLocator) 72 | * @param publicKey The anticipated public key 73 | */ 74 | public CBORAsymKeyValidator(PublicKey publicKey) { 75 | this((optionalPublicKey, optionalKeyId, algorithm) -> publicKey, false); 76 | } 77 | 78 | /** 79 | * Creates a validator object with a key locator. 80 | *81 | * This constructor provides full control for the verifier 82 | * regarding in-lined public keys and key identifiers. 83 | *
84 | *85 | * If no public key is found in the signature object, 86 | * the {@link KeyLocator} will be called BEFORE signature validation 87 | * with a
91 | *nullpublic key argument. This permits 88 | * applications to retrieve a suitable key for validation. 89 | * This is usually done by requiring a key identifier. 90 | *92 | * If on the other hand a public key is found in the signature object, 93 | * it will be used for signature validation. AFTER successful 94 | * signature validation, the {@link KeyLocator} will be called 95 | * with the public key argument holding the public key of 96 | * the signature object. This permits applications to first 97 | * validate the signature and then lookup the key which may 98 | * simplify database design. 99 | *
100 | * 101 | * @param keyLocator KeyLocator implementation 102 | */ 103 | public CBORAsymKeyValidator(KeyLocator keyLocator) { 104 | this(keyLocator, true); 105 | } 106 | 107 | @Override 108 | void coreValidation(CBORMap csfContainer, 109 | int coseAlgorithmId, 110 | CBORObject optionalKeyId, 111 | byte[] signatureValue, 112 | byte[] signedData) { 113 | 114 | // Get signature algorithm. 115 | AsymSignatureAlgorithms algorithm = 116 | AsymSignatureAlgorithms.getAlgorithmFromId(coseAlgorithmId); 117 | 118 | // Fetch public key if there is one. 119 | PublicKey inLinePublicKey = null; 120 | if (csfContainer.containsKey(CXF_PUBLIC_KEY_LBL)) { 121 | inLinePublicKey = CBORPublicKey.convert(csfContainer.get(CXF_PUBLIC_KEY_LBL)); 122 | // Please select ONE method for identifying the signature key. 123 | CBORCryptoUtils.rejectPossibleKeyId(optionalKeyId); 124 | } 125 | 126 | // If we have no in-line public key we need to call the key locator. 127 | PublicKey publicKey = inLinePublicKey == null ? 128 | keyLocator.locate(null, optionalKeyId, algorithm) : inLinePublicKey; 129 | 130 | // Now we have everything needed for validating the signature. 131 | SignatureWrapper.validate(publicKey, 132 | algorithm, 133 | signedData, 134 | signatureValue, 135 | null); 136 | 137 | // If we have an in-line public key, check that it matches the expected one. 138 | if (inLinePublicKey != null && 139 | !inLinePublicKey.equals(keyLocator.locate(inLinePublicKey, 140 | optionalKeyId, 141 | algorithm))) { 142 | throw new CryptoException("Public keys not identical"); 143 | } 144 | } 145 | 146 | @Override 147 | CBORAsymKeyValidator getThis() { 148 | return this; 149 | } 150 | } 151 | -------------------------------------------------------------------------------- /distribution/apidoc/constant-values.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 |Constant Field Values
42 |Contents
45 |46 |- org.webpki.*
47 |
48 |org.webpki.*
51 |52 |-
53 |
org.webpki.cbor.CBORDecoder
54 |
55 | Modifier and Type
56 | Constant Field
57 | Value
58 |
68 |
69 | -
70 |
org.webpki.cbor.CBORTag
71 |
72 | Modifier and Type
73 | Constant Field
74 | Value
75 |
85 |
86 |
87 |public static final intLENIENT_MAP_DECODING2public static final intLENIENT_NUMBER_DECODING4public static final intSEQUENCE_MODE1public static final intRESERVED_TAG_COTX1010public static final intRESERVED_TAG_DATE_TIME0public static final intRESERVED_TAG_EPOCH_TIME188 |-
89 |
org.webpki.crypto.KeyAlgorithms
90 |
91 | Modifier and Type
92 | Constant Field
93 | Value
94 |
98 |
99 |
100 |public static final StringXML_DSIG_CURVE_PREFIX"urn:oid:"