I2P Address: [http://git.idk.i2p]

Skip to content
Snippets Groups Projects
Commit fea5bd4a authored by zzz's avatar zzz
Browse files

SelfSignedGenerator: 

- Fix generation with Ed25519ph keys (ticket #2465)
- Increase serial number from 63 to 71 bits
parent 00d45253
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
core/java/src/net/i2p/crypto/SelfSignedGenerator.java
+ 18
5
View file @ fea5bd4a
......@@ -14,6 +14,7 @@ import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.cert.X509CRL;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
......@@ -32,6 +33,7 @@ import javax.crypto.spec.DHPublicKeySpec;
import javax.security.auth.x500.X500Principal;
import static net.i2p.crypto.SigUtil.intToASN1;
import net.i2p.crypto.eddsa.EdDSAPublicKey;
import net.i2p.data.DataHelper;
import net.i2p.data.Signature;
import net.i2p.data.SigningPrivateKey;
......@@ -245,8 +247,19 @@ public final class SelfSignedGenerator {
// some simple tests
PublicKey cpub = cert.getPublicKey();
cert.verify(cpub);
if (!cpub.equals(jpub))
throw new GeneralSecurityException("pubkey mismatch");
if (!cpub.equals(jpub)) {
boolean ok = false;
if (cpub.getClass().getName().equals("sun.security.x509.X509Key")) {
// X509Certificate will sometimes contain an X509Key rather than the EdDSAPublicKey itself; the contained
// key is valid but needs to be instanced as an EdDSAPublicKey before it can be used.
try {
cpub = new EdDSAPublicKey(new X509EncodedKeySpec(cpub.getEncoded()));
ok = cpub.equals(jpub);
} catch (InvalidKeySpecException ex) {}
}
if (!ok)
throw new GeneralSecurityException("pubkey mismatch, in: " + jpub.getClass() + " cert: " + cpub.getClass());
}
// todo crl tests
Object[] rv = { jpub, jpriv, cert, crl };
......@@ -362,10 +375,10 @@ public final class SelfSignedGenerator {
byte[] version = { (byte) 0xa0, 3, 2, 1, 2 };
// positive serial number (long)
byte[] serial = new byte[10];
byte[] serial = new byte[11];
serial[0] = 2;
serial[1] = 8;
RandomSource.getInstance().nextBytes(serial, 2, 8);
serial[1] = 9;
RandomSource.getInstance().nextBytes(serial, 2, 9);
serial[2] &= 0x7f;
// going to use this for both issuer and subject
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Base32 Address: [http://7qeve4v2chmjdqlwpa3vl7aojf3nodbku7vepnjwrsxljzqipz6a.b32.i2p] Onion Address: [http://47ggr2fa3vnwfyhvgskzdmr3i32eijwymxohtxsls45dulmriwxszjad.onion]