List of usage examples for java.security.spec X509EncodedKeySpec X509EncodedKeySpec
public X509EncodedKeySpec(byte[] encodedKey)
From source file:org.apache.geode.internal.cache.tier.sockets.HandShake.java
/** * This method writes what readCredential() method expects to read. (Note the use of singular * credential). It is similar to writeCredentials(), except that it doesn't write * credential-properties.//from w ww .j a v a 2 s .c om */ public byte writeCredential(DataOutputStream dos, DataInputStream dis, String authInit, boolean isNotification, DistributedMember member, HeapDataOutputStream heapdos) throws IOException, GemFireSecurityException { if (!this.multiuserSecureMode && (authInit == null || authInit.length() == 0)) { // No credentials indicator heapdos.writeByte(CREDENTIALS_NONE); heapdos.flush(); dos.write(heapdos.toByteArray()); dos.flush(); return -1; } if (dhSKAlgo == null || dhSKAlgo.length() == 0) { // Normal credentials without encryption indicator heapdos.writeByte(CREDENTIALS_NORMAL); this.appSecureMode = CREDENTIALS_NORMAL; // DataSerializer.writeProperties(p_credentials, heapdos); heapdos.flush(); dos.write(heapdos.toByteArray()); dos.flush(); return -1; } byte acceptanceCode = -1; try { InternalLogWriter securityLogWriter = (InternalLogWriter) this.system.getSecurityLogWriter(); securityLogWriter.fine("HandShake: using Diffie-Hellman key exchange with algo " + dhSKAlgo); boolean requireAuthentication = (certificateFilePath != null && certificateFilePath.length() > 0); if (requireAuthentication) { securityLogWriter.fine("HandShake: server authentication using digital " + "signature required"); } // Credentials with encryption indicator heapdos.writeByte(CREDENTIALS_DHENCRYPT); this.appSecureMode = CREDENTIALS_DHENCRYPT; heapdos.writeBoolean(requireAuthentication); // Send the symmetric encryption algorithm name DataSerializer.writeString(dhSKAlgo, heapdos); // Send the DH public key byte[] keyBytes = dhPublicKey.getEncoded(); DataSerializer.writeByteArray(keyBytes, heapdos); byte[] clientChallenge = null; if (requireAuthentication) { // Authentication of server should be with the client supplied // challenge clientChallenge = new byte[64]; random.nextBytes(clientChallenge); DataSerializer.writeByteArray(clientChallenge, heapdos); } heapdos.flush(); dos.write(heapdos.toByteArray()); dos.flush(); // Expect the alias and signature in the reply acceptanceCode = dis.readByte(); if (acceptanceCode != REPLY_OK && acceptanceCode != REPLY_AUTH_NOT_REQUIRED) { // Ignore the useless data dis.readByte(); dis.readInt(); if (!isNotification) { DataSerializer.readByteArray(dis); } readMessage(dis, dos, acceptanceCode, member); } else if (acceptanceCode == REPLY_OK) { // Get the public key of the other side keyBytes = DataSerializer.readByteArray(dis); if (requireAuthentication) { String subject = DataSerializer.readString(dis); byte[] signatureBytes = DataSerializer.readByteArray(dis); if (!certificateMap.containsKey(subject)) { throw new AuthenticationFailedException( LocalizedStrings.HandShake_HANDSHAKE_FAILED_TO_FIND_PUBLIC_KEY_FOR_SERVER_WITH_SUBJECT_0 .toLocalizedString(subject)); } // Check the signature with the public key X509Certificate cert = (X509Certificate) certificateMap.get(subject); Signature sig = Signature.getInstance(cert.getSigAlgName()); sig.initVerify(cert); sig.update(clientChallenge); // Check the challenge string if (!sig.verify(signatureBytes)) { throw new AuthenticationFailedException( "Mismatch in client " + "challenge bytes. Malicious server?"); } securityLogWriter .fine("HandShake: Successfully verified the " + "digital signature from server"); } // Read server challenge bytes byte[] serverChallenge = DataSerializer.readByteArray(dis); X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFact = KeyFactory.getInstance("DH"); // PublicKey pubKey = keyFact.generatePublic(x509KeySpec); this.clientPublicKey = keyFact.generatePublic(x509KeySpec); HeapDataOutputStream hdos = new HeapDataOutputStream(Version.CURRENT); try { // Add the challenge string DataSerializer.writeByteArray(serverChallenge, hdos); // byte[] encBytes = encrypt.doFinal(hdos.toByteArray()); byte[] encBytes = encryptBytes(hdos.toByteArray(), getEncryptCipher(dhSKAlgo, this.clientPublicKey)); DataSerializer.writeByteArray(encBytes, dos); } finally { hdos.close(); } } } catch (IOException ex) { throw ex; } catch (GemFireSecurityException ex) { throw ex; } catch (Exception ex) { throw new AuthenticationFailedException("HandShake failed in Diffie-Hellman key exchange", ex); } dos.flush(); return acceptanceCode; }
From source file:com.yourkey.billing.util.InAppBilling.java
private boolean verifySignature(String signedData, String signature) { try {//w w w. j a va2s .com // do it only once if (appPublicKey == null) { // decode application public key from base64 to binary byte[] decodedKey = decodeBase64(appPublicKeyStr); if (decodedKey == null) return (false); // convert public key from binary to PublicKey object appPublicKey = KeyFactory.getInstance(KEY_FACTORY_ALGORITHM) .generatePublic(new X509EncodedKeySpec(decodedKey)); } // decode signature byte[] decodedSig = decodeBase64(signature); if (decodedSig == null) return (false); // verify signature Signature sig = Signature.getInstance(SIGNATURE_ALGORITHM); sig.initVerify(appPublicKey); sig.update(signedData.getBytes()); return (sig.verify(decodedSig)); } catch (Exception e) { return (false); } }
From source file:org.apache.geode.internal.cache.tier.sockets.HandShake.java
public Properties readCredential(DataInputStream dis, DataOutputStream dos, DistributedSystem system) throws GemFireSecurityException, IOException { Properties credentials = null; boolean requireAuthentication = securityService.isClientSecurityRequired(); try {//from ww w. j a va2 s .c om byte secureMode = dis.readByte(); throwIfMissingRequiredCredentials(requireAuthentication, secureMode != CREDENTIALS_NONE); if (secureMode == CREDENTIALS_NORMAL) { this.appSecureMode = CREDENTIALS_NORMAL; /* * if (requireAuthentication) { credentials = DataSerializer.readProperties(dis); } else { * DataSerializer.readProperties(dis); // ignore the credentials } */ } else if (secureMode == CREDENTIALS_DHENCRYPT) { this.appSecureMode = CREDENTIALS_DHENCRYPT; boolean sendAuthentication = dis.readBoolean(); InternalLogWriter securityLogWriter = (InternalLogWriter) system.getSecurityLogWriter(); // Get the symmetric encryption algorithm to be used // String skAlgo = DataSerializer.readString(dis); this.clientSKAlgo = DataSerializer.readString(dis); // Get the public key of the other side byte[] keyBytes = DataSerializer.readByteArray(dis); byte[] challenge = null; // PublicKey pubKey = null; if (requireAuthentication) { // Generate PublicKey from encoded form X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFact = KeyFactory.getInstance("DH"); this.clientPublicKey = keyFact.generatePublic(x509KeySpec); // Send the public key to other side keyBytes = dhPublicKey.getEncoded(); challenge = new byte[64]; random.nextBytes(challenge); // If the server has to also authenticate itself then // sign the challenge from client. if (sendAuthentication) { // Get the challenge string from client byte[] clientChallenge = DataSerializer.readByteArray(dis); if (privateKeyEncrypt == null) { throw new AuthenticationFailedException( LocalizedStrings.HandShake_SERVER_PRIVATE_KEY_NOT_AVAILABLE_FOR_CREATING_SIGNATURE .toLocalizedString()); } // Sign the challenge from client and send it to the client Signature sig = Signature.getInstance(privateKeySignAlgo); sig.initSign(privateKeyEncrypt); sig.update(clientChallenge); byte[] signedBytes = sig.sign(); dos.writeByte(REPLY_OK); DataSerializer.writeByteArray(keyBytes, dos); // DataSerializer.writeString(privateKeyAlias, dos); DataSerializer.writeString(privateKeySubject, dos); DataSerializer.writeByteArray(signedBytes, dos); securityLogWriter.fine("HandShake: sent the signed client challenge"); } else { // These two lines should not be moved before the if{} statement in // a common block for both if...then...else parts. This is to handle // the case when an AuthenticationFailedException is thrown by the // if...then part when sending the signature. dos.writeByte(REPLY_OK); DataSerializer.writeByteArray(keyBytes, dos); } // Now send the server challenge DataSerializer.writeByteArray(challenge, dos); securityLogWriter.fine("HandShake: sent the public key and challenge"); dos.flush(); // Read and decrypt the credentials byte[] encBytes = DataSerializer.readByteArray(dis); Cipher c = getDecryptCipher(this.clientSKAlgo, this.clientPublicKey); byte[] credentialBytes = decryptBytes(encBytes, c); ByteArrayInputStream bis = new ByteArrayInputStream(credentialBytes); DataInputStream dinp = new DataInputStream(bis); // credentials = DataSerializer.readProperties(dinp);//Hitesh: we don't send in handshake // now byte[] challengeRes = DataSerializer.readByteArray(dinp); // Check the challenge string if (!Arrays.equals(challenge, challengeRes)) { throw new AuthenticationFailedException( LocalizedStrings.HandShake_MISMATCH_IN_CHALLENGE_BYTES_MALICIOUS_CLIENT .toLocalizedString()); } dinp.close(); } else { if (sendAuthentication) { // Read and ignore the client challenge DataSerializer.readByteArray(dis); } dos.writeByte(REPLY_AUTH_NOT_REQUIRED); dos.flush(); } } } catch (IOException ex) { throw ex; } catch (GemFireSecurityException ex) { throw ex; } catch (Exception ex) { throw new AuthenticationFailedException( LocalizedStrings.HandShake_FAILURE_IN_READING_CREDENTIALS.toLocalizedString(), ex); } return credentials; }
From source file:org.hyperledger.fabric_ca.sdk.HFCAClient.java
private PublicKey getRevocationPublicKey(String str) throws EnrollmentException, IOException, NoSuchAlgorithmException, InvalidKeySpecException { if (Utils.isNullOrEmpty(str)) { throw new EnrollmentException( "fabric-ca-server did not return 'issuerPublicKey' in the response from " + HFCA_IDEMIXCRED); }/*from w w w .j a v a 2 s. c om*/ String pem = new String(Base64.getDecoder().decode(str)); byte[] der = convertPemToDer(pem); return KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(der)); }
From source file:org.cesecore.keys.util.KeyTools.java
/** * Get the ASN.1 encoded PublicKey as a Java PublicKey Object. * @param the ASN.1 encoded PublicKey//from ww w . j ava 2 s . com * @return the ASN.1 encoded PublicKey as a Java Object */ public static PublicKey getPublicKeyFromBytes(byte[] asn1EncodedPublicKey) { PublicKey pubKey = null; final ASN1InputStream in = new ASN1InputStream(asn1EncodedPublicKey); try { final SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(in.readObject()); final AlgorithmIdentifier keyAlg = keyInfo.getAlgorithm(); final X509EncodedKeySpec xKeySpec = new X509EncodedKeySpec(new DERBitString(keyInfo).getBytes()); final KeyFactory keyFact = KeyFactory.getInstance(keyAlg.getAlgorithm().getId(), "BC"); pubKey = keyFact.generatePublic(xKeySpec); } catch (IOException e) { log.debug("Unable to decode PublicKey.", e); } catch (NoSuchAlgorithmException e) { log.debug("Unable to decode PublicKey.", e); } catch (NoSuchProviderException e) { log.debug("Unable to decode PublicKey.", e); } catch (InvalidKeySpecException e) { log.debug("Unable to decode PublicKey.", e); } finally { try { in.close(); } catch (IOException e) { log.debug("Unable to close input stream."); } } return pubKey; }
From source file:org.apache.geode.internal.cache.tier.sockets.HandShake.java
public static Properties readCredentials(DataInputStream dis, DataOutputStream dos, DistributedSystem system, SecurityService securityService) throws GemFireSecurityException, IOException { boolean requireAuthentication = securityService.isClientSecurityRequired(); Properties credentials = null; try {// w w w . j a v a2 s . com byte secureMode = dis.readByte(); throwIfMissingRequiredCredentials(requireAuthentication, secureMode != CREDENTIALS_NONE); if (secureMode == CREDENTIALS_NORMAL) { if (requireAuthentication) { credentials = DataSerializer.readProperties(dis); } else { DataSerializer.readProperties(dis); // ignore the credentials } } else if (secureMode == CREDENTIALS_DHENCRYPT) { boolean sendAuthentication = dis.readBoolean(); InternalLogWriter securityLogWriter = (InternalLogWriter) system.getSecurityLogWriter(); // Get the symmetric encryption algorithm to be used String skAlgo = DataSerializer.readString(dis); // Get the public key of the other side byte[] keyBytes = DataSerializer.readByteArray(dis); byte[] challenge = null; PublicKey pubKey = null; if (requireAuthentication) { // Generate PublicKey from encoded form X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFact = KeyFactory.getInstance("DH"); pubKey = keyFact.generatePublic(x509KeySpec); // Send the public key to other side keyBytes = dhPublicKey.getEncoded(); challenge = new byte[64]; random.nextBytes(challenge); // If the server has to also authenticate itself then // sign the challenge from client. if (sendAuthentication) { // Get the challenge string from client byte[] clientChallenge = DataSerializer.readByteArray(dis); if (privateKeyEncrypt == null) { throw new AuthenticationFailedException( LocalizedStrings.HandShake_SERVER_PRIVATE_KEY_NOT_AVAILABLE_FOR_CREATING_SIGNATURE .toLocalizedString()); } // Sign the challenge from client and send it to the client Signature sig = Signature.getInstance(privateKeySignAlgo); sig.initSign(privateKeyEncrypt); sig.update(clientChallenge); byte[] signedBytes = sig.sign(); dos.writeByte(REPLY_OK); DataSerializer.writeByteArray(keyBytes, dos); // DataSerializer.writeString(privateKeyAlias, dos); DataSerializer.writeString(privateKeySubject, dos); DataSerializer.writeByteArray(signedBytes, dos); securityLogWriter.fine("HandShake: sent the signed client challenge"); } else { // These two lines should not be moved before the if{} statement in // a common block for both if...then...else parts. This is to handle // the case when an AuthenticationFailedException is thrown by the // if...then part when sending the signature. dos.writeByte(REPLY_OK); DataSerializer.writeByteArray(keyBytes, dos); } // Now send the server challenge DataSerializer.writeByteArray(challenge, dos); securityLogWriter.fine("HandShake: sent the public key and challenge"); dos.flush(); // Read and decrypt the credentials byte[] encBytes = DataSerializer.readByteArray(dis); KeyAgreement ka = KeyAgreement.getInstance("DH"); ka.init(dhPrivateKey); ka.doPhase(pubKey, true); Cipher decrypt; int keysize = getKeySize(skAlgo); int blocksize = getBlockSize(skAlgo); if (keysize == -1 || blocksize == -1) { SecretKey sKey = ka.generateSecret(skAlgo); decrypt = Cipher.getInstance(skAlgo); decrypt.init(Cipher.DECRYPT_MODE, sKey); } else { String algoStr = getDhAlgoStr(skAlgo); byte[] sKeyBytes = ka.generateSecret(); SecretKeySpec sks = new SecretKeySpec(sKeyBytes, 0, keysize, algoStr); IvParameterSpec ivps = new IvParameterSpec(sKeyBytes, keysize, blocksize); decrypt = Cipher.getInstance(algoStr + "/CBC/PKCS5Padding"); decrypt.init(Cipher.DECRYPT_MODE, sks, ivps); } byte[] credentialBytes = decrypt.doFinal(encBytes); ByteArrayInputStream bis = new ByteArrayInputStream(credentialBytes); DataInputStream dinp = new DataInputStream(bis); credentials = DataSerializer.readProperties(dinp); byte[] challengeRes = DataSerializer.readByteArray(dinp); // Check the challenge string if (!Arrays.equals(challenge, challengeRes)) { throw new AuthenticationFailedException( LocalizedStrings.HandShake_MISMATCH_IN_CHALLENGE_BYTES_MALICIOUS_CLIENT .toLocalizedString()); } dinp.close(); } else { if (sendAuthentication) { // Read and ignore the client challenge DataSerializer.readByteArray(dis); } dos.writeByte(REPLY_AUTH_NOT_REQUIRED); dos.flush(); } } else if (secureMode == SECURITY_MULTIUSER_NOTIFICATIONCHANNEL) { // hitesh there will be no credential CCP will get credential(Principal) using // ServerConnection.. logger.debug("readCredential where multiuser mode creating callback connection"); } } catch (IOException ex) { throw ex; } catch (GemFireSecurityException ex) { throw ex; } catch (Exception ex) { throw new AuthenticationFailedException( LocalizedStrings.HandShake_FAILURE_IN_READING_CREDENTIALS.toLocalizedString(), ex); } return credentials; }
From source file:org.telegram.ui.PassportActivity.java
private void createRequestInterface(Context context) { TLRPC.User botUser = null;/*from w ww .ja v a 2 s .c om*/ if (currentForm != null) { for (int a = 0; a < currentForm.users.size(); a++) { TLRPC.User user = currentForm.users.get(a); if (user.id == currentBotId) { botUser = user; break; } } } FrameLayout frameLayout = (FrameLayout) fragmentView; actionBar.setTitle(LocaleController.getString("TelegramPassport", R.string.TelegramPassport)); actionBar.createMenu().addItem(info_item, R.drawable.profile_info); if (botUser != null) { FrameLayout avatarContainer = new FrameLayout(context); linearLayout2.addView(avatarContainer, LayoutHelper.createLinear(LayoutHelper.MATCH_PARENT, 100)); BackupImageView avatarImageView = new BackupImageView(context); avatarImageView.setRoundRadius(AndroidUtilities.dp(32)); avatarContainer.addView(avatarImageView, LayoutHelper.createFrame(64, 64, Gravity.CENTER, 0, 8, 0, 0)); AvatarDrawable avatarDrawable = new AvatarDrawable(botUser); TLRPC.FileLocation photo = null; if (botUser.photo != null) { photo = botUser.photo.photo_small; } avatarImageView.setImage(photo, "50_50", avatarDrawable, botUser); bottomCell = new TextInfoPrivacyCell(context); bottomCell.setBackgroundDrawable(Theme.getThemedDrawable(context, R.drawable.greydivider_top, Theme.key_windowBackgroundGrayShadow)); bottomCell.setText(AndroidUtilities.replaceTags(LocaleController.formatString("PassportRequest", R.string.PassportRequest, UserObject.getFirstName(botUser)))); bottomCell.getTextView().setGravity(Gravity.CENTER_HORIZONTAL); ((FrameLayout.LayoutParams) bottomCell.getTextView() .getLayoutParams()).gravity = Gravity.CENTER_HORIZONTAL; linearLayout2.addView(bottomCell, LayoutHelper.createLinear(LayoutHelper.MATCH_PARENT, LayoutHelper.WRAP_CONTENT)); } headerCell = new HeaderCell(context); headerCell.setText( LocaleController.getString("PassportRequestedInformation", R.string.PassportRequestedInformation)); headerCell.setBackgroundColor(Theme.getColor(Theme.key_windowBackgroundWhite)); linearLayout2.addView(headerCell, LayoutHelper.createLinear(LayoutHelper.MATCH_PARENT, LayoutHelper.WRAP_CONTENT)); if (currentForm != null) { int size = currentForm.required_types.size(); ArrayList<TLRPC.TL_secureRequiredType> personalDocuments = new ArrayList<>(); ArrayList<TLRPC.TL_secureRequiredType> addressDocuments = new ArrayList<>(); int personalCount = 0; int addressCount = 0; boolean hasPersonalInfo = false; boolean hasAddressInfo = false; for (int a = 0; a < size; a++) { TLRPC.SecureRequiredType secureRequiredType = currentForm.required_types.get(a); if (secureRequiredType instanceof TLRPC.TL_secureRequiredType) { TLRPC.TL_secureRequiredType requiredType = (TLRPC.TL_secureRequiredType) secureRequiredType; if (isPersonalDocument(requiredType.type)) { personalDocuments.add(requiredType); personalCount++; } else if (isAddressDocument(requiredType.type)) { addressDocuments.add(requiredType); addressCount++; } else if (requiredType.type instanceof TLRPC.TL_secureValueTypePersonalDetails) { hasPersonalInfo = true; } else if (requiredType.type instanceof TLRPC.TL_secureValueTypeAddress) { hasAddressInfo = true; } } else if (secureRequiredType instanceof TLRPC.TL_secureRequiredTypeOneOf) { TLRPC.TL_secureRequiredTypeOneOf requiredTypeOneOf = (TLRPC.TL_secureRequiredTypeOneOf) secureRequiredType; if (requiredTypeOneOf.types.isEmpty()) { continue; } TLRPC.SecureRequiredType innerType = requiredTypeOneOf.types.get(0); if (!(innerType instanceof TLRPC.TL_secureRequiredType)) { continue; } TLRPC.TL_secureRequiredType requiredType = (TLRPC.TL_secureRequiredType) innerType; if (isPersonalDocument(requiredType.type)) { for (int b = 0, size2 = requiredTypeOneOf.types.size(); b < size2; b++) { innerType = requiredTypeOneOf.types.get(b); if (!(innerType instanceof TLRPC.TL_secureRequiredType)) { continue; } personalDocuments.add((TLRPC.TL_secureRequiredType) innerType); } personalCount++; } else if (isAddressDocument(requiredType.type)) { for (int b = 0, size2 = requiredTypeOneOf.types.size(); b < size2; b++) { innerType = requiredTypeOneOf.types.get(b); if (!(innerType instanceof TLRPC.TL_secureRequiredType)) { continue; } addressDocuments.add((TLRPC.TL_secureRequiredType) innerType); } addressCount++; } } } boolean separatePersonal = !hasPersonalInfo || personalCount > 1; boolean separateAddress = !hasAddressInfo || addressCount > 1; for (int a = 0; a < size; a++) { TLRPC.SecureRequiredType secureRequiredType = currentForm.required_types.get(a); ArrayList<TLRPC.TL_secureRequiredType> documentTypes; TLRPC.TL_secureRequiredType requiredType; boolean documentOnly; if (secureRequiredType instanceof TLRPC.TL_secureRequiredType) { requiredType = (TLRPC.TL_secureRequiredType) secureRequiredType; if (requiredType.type instanceof TLRPC.TL_secureValueTypePhone || requiredType.type instanceof TLRPC.TL_secureValueTypeEmail) { documentTypes = null; documentOnly = false; } else if (requiredType.type instanceof TLRPC.TL_secureValueTypePersonalDetails) { if (separatePersonal) { documentTypes = null; } else { documentTypes = personalDocuments; } documentOnly = false; } else if (requiredType.type instanceof TLRPC.TL_secureValueTypeAddress) { if (separateAddress) { documentTypes = null; } else { documentTypes = addressDocuments; } documentOnly = false; } else if (separatePersonal && isPersonalDocument(requiredType.type)) { documentTypes = new ArrayList<>(); documentTypes.add(requiredType); requiredType = new TLRPC.TL_secureRequiredType(); requiredType.type = new TLRPC.TL_secureValueTypePersonalDetails(); documentOnly = true; } else if (separateAddress && isAddressDocument(requiredType.type)) { documentTypes = new ArrayList<>(); documentTypes.add(requiredType); requiredType = new TLRPC.TL_secureRequiredType(); requiredType.type = new TLRPC.TL_secureValueTypeAddress(); documentOnly = true; } else { continue; } } else if (secureRequiredType instanceof TLRPC.TL_secureRequiredTypeOneOf) { TLRPC.TL_secureRequiredTypeOneOf requiredTypeOneOf = (TLRPC.TL_secureRequiredTypeOneOf) secureRequiredType; if (requiredTypeOneOf.types.isEmpty()) { continue; } TLRPC.SecureRequiredType innerType = requiredTypeOneOf.types.get(0); if (!(innerType instanceof TLRPC.TL_secureRequiredType)) { continue; } requiredType = (TLRPC.TL_secureRequiredType) innerType; if (separatePersonal && isPersonalDocument(requiredType.type) || separateAddress && isAddressDocument(requiredType.type)) { documentTypes = new ArrayList<>(); for (int b = 0, size2 = requiredTypeOneOf.types.size(); b < size2; b++) { innerType = requiredTypeOneOf.types.get(b); if (!(innerType instanceof TLRPC.TL_secureRequiredType)) { continue; } documentTypes.add((TLRPC.TL_secureRequiredType) innerType); } if (isPersonalDocument(requiredType.type)) { requiredType = new TLRPC.TL_secureRequiredType(); requiredType.type = new TLRPC.TL_secureValueTypePersonalDetails(); } else { requiredType = new TLRPC.TL_secureRequiredType(); requiredType.type = new TLRPC.TL_secureValueTypeAddress(); } documentOnly = true; } else { continue; } } else { continue; } addField(context, requiredType, documentTypes, documentOnly, a == size - 1); } } if (botUser != null) { bottomCell = new TextInfoPrivacyCell(context); bottomCell.setBackgroundDrawable(Theme.getThemedDrawable(context, R.drawable.greydivider_bottom, Theme.key_windowBackgroundGrayShadow)); bottomCell.setLinkTextColorKey(Theme.key_windowBackgroundWhiteGrayText4); if (!TextUtils.isEmpty(currentForm.privacy_policy_url)) { String str2 = LocaleController.formatString("PassportPolicy", R.string.PassportPolicy, UserObject.getFirstName(botUser), botUser.username); SpannableStringBuilder text = new SpannableStringBuilder(str2); int index1 = str2.indexOf('*'); int index2 = str2.lastIndexOf('*'); if (index1 != -1 && index2 != -1) { bottomCell.getTextView().setMovementMethod(new AndroidUtilities.LinkMovementMethodMy()); text.replace(index2, index2 + 1, ""); text.replace(index1, index1 + 1, ""); text.setSpan(new LinkSpan(), index1, index2 - 1, Spanned.SPAN_EXCLUSIVE_EXCLUSIVE); } bottomCell.setText(text); } else { bottomCell.setText(AndroidUtilities.replaceTags(LocaleController.formatString("PassportNoPolicy", R.string.PassportNoPolicy, UserObject.getFirstName(botUser), botUser.username))); } bottomCell.getTextView().setHighlightColor(Theme.getColor(Theme.key_windowBackgroundWhiteGrayText4)); bottomCell.getTextView().setGravity(Gravity.CENTER_HORIZONTAL); linearLayout2.addView(bottomCell, LayoutHelper.createLinear(LayoutHelper.MATCH_PARENT, LayoutHelper.WRAP_CONTENT)); } bottomLayout = new FrameLayout(context); bottomLayout.setBackgroundDrawable( Theme.createSelectorWithBackgroundDrawable(Theme.getColor(Theme.key_passport_authorizeBackground), Theme.getColor(Theme.key_passport_authorizeBackgroundSelected))); frameLayout.addView(bottomLayout, LayoutHelper.createFrame(LayoutHelper.MATCH_PARENT, 48, Gravity.BOTTOM)); bottomLayout.setOnClickListener(view -> { class ValueToSend { TLRPC.TL_secureValue value; boolean selfie_required; boolean translation_required; public ValueToSend(TLRPC.TL_secureValue v, boolean s, boolean t) { value = v; selfie_required = s; translation_required = t; } } ArrayList<ValueToSend> valuesToSend = new ArrayList<>(); for (int a = 0, size = currentForm.required_types.size(); a < size; a++) { TLRPC.TL_secureRequiredType requiredType; TLRPC.SecureRequiredType secureRequiredType = currentForm.required_types.get(a); if (secureRequiredType instanceof TLRPC.TL_secureRequiredType) { requiredType = (TLRPC.TL_secureRequiredType) secureRequiredType; } else if (secureRequiredType instanceof TLRPC.TL_secureRequiredTypeOneOf) { TLRPC.TL_secureRequiredTypeOneOf requiredTypeOneOf = (TLRPC.TL_secureRequiredTypeOneOf) secureRequiredType; if (requiredTypeOneOf.types.isEmpty()) { continue; } secureRequiredType = requiredTypeOneOf.types.get(0); if (!(secureRequiredType instanceof TLRPC.TL_secureRequiredType)) { continue; } requiredType = (TLRPC.TL_secureRequiredType) secureRequiredType; for (int b = 0, size2 = requiredTypeOneOf.types.size(); b < size2; b++) { secureRequiredType = requiredTypeOneOf.types.get(b); if (!(secureRequiredType instanceof TLRPC.TL_secureRequiredType)) { continue; } TLRPC.TL_secureRequiredType innerType = (TLRPC.TL_secureRequiredType) secureRequiredType; if (getValueByType(innerType, true) != null) { requiredType = innerType; break; } } } else { continue; } TLRPC.TL_secureValue value = getValueByType(requiredType, true); if (value == null) { Vibrator v = (Vibrator) getParentActivity().getSystemService(Context.VIBRATOR_SERVICE); if (v != null) { v.vibrate(200); } AndroidUtilities.shakeView(getViewByType(requiredType), 2, 0); return; } String key = getNameForType(requiredType.type); HashMap<String, String> errors = errorsMap.get(key); if (errors != null && !errors.isEmpty()) { Vibrator v = (Vibrator) getParentActivity().getSystemService(Context.VIBRATOR_SERVICE); if (v != null) { v.vibrate(200); } AndroidUtilities.shakeView(getViewByType(requiredType), 2, 0); return; } valuesToSend.add( new ValueToSend(value, requiredType.selfie_required, requiredType.translation_required)); } showEditDoneProgress(false, true); TLRPC.TL_account_acceptAuthorization req = new TLRPC.TL_account_acceptAuthorization(); req.bot_id = currentBotId; req.scope = currentScope; req.public_key = currentPublicKey; JSONObject jsonObject = new JSONObject(); for (int a = 0, size = valuesToSend.size(); a < size; a++) { ValueToSend valueToSend = valuesToSend.get(a); TLRPC.TL_secureValue secureValue = valueToSend.value; JSONObject data = new JSONObject(); if (secureValue.plain_data != null) { if (secureValue.plain_data instanceof TLRPC.TL_securePlainEmail) { TLRPC.TL_securePlainEmail securePlainEmail = (TLRPC.TL_securePlainEmail) secureValue.plain_data; } else if (secureValue.plain_data instanceof TLRPC.TL_securePlainPhone) { TLRPC.TL_securePlainPhone securePlainPhone = (TLRPC.TL_securePlainPhone) secureValue.plain_data; } } else { try { JSONObject result = new JSONObject(); if (secureValue.data != null) { byte[] decryptedSecret = decryptValueSecret(secureValue.data.secret, secureValue.data.data_hash); data.put("data_hash", Base64.encodeToString(secureValue.data.data_hash, Base64.NO_WRAP)); data.put("secret", Base64.encodeToString(decryptedSecret, Base64.NO_WRAP)); result.put("data", data); } if (!secureValue.files.isEmpty()) { JSONArray files = new JSONArray(); for (int b = 0, size2 = secureValue.files.size(); b < size2; b++) { TLRPC.TL_secureFile secureFile = (TLRPC.TL_secureFile) secureValue.files.get(b); byte[] decryptedSecret = decryptValueSecret(secureFile.secret, secureFile.file_hash); JSONObject file = new JSONObject(); file.put("file_hash", Base64.encodeToString(secureFile.file_hash, Base64.NO_WRAP)); file.put("secret", Base64.encodeToString(decryptedSecret, Base64.NO_WRAP)); files.put(file); } result.put("files", files); } if (secureValue.front_side instanceof TLRPC.TL_secureFile) { TLRPC.TL_secureFile secureFile = (TLRPC.TL_secureFile) secureValue.front_side; byte[] decryptedSecret = decryptValueSecret(secureFile.secret, secureFile.file_hash); JSONObject front = new JSONObject(); front.put("file_hash", Base64.encodeToString(secureFile.file_hash, Base64.NO_WRAP)); front.put("secret", Base64.encodeToString(decryptedSecret, Base64.NO_WRAP)); result.put("front_side", front); } if (secureValue.reverse_side instanceof TLRPC.TL_secureFile) { TLRPC.TL_secureFile secureFile = (TLRPC.TL_secureFile) secureValue.reverse_side; byte[] decryptedSecret = decryptValueSecret(secureFile.secret, secureFile.file_hash); JSONObject reverse = new JSONObject(); reverse.put("file_hash", Base64.encodeToString(secureFile.file_hash, Base64.NO_WRAP)); reverse.put("secret", Base64.encodeToString(decryptedSecret, Base64.NO_WRAP)); result.put("reverse_side", reverse); } if (valueToSend.selfie_required && secureValue.selfie instanceof TLRPC.TL_secureFile) { TLRPC.TL_secureFile secureFile = (TLRPC.TL_secureFile) secureValue.selfie; byte[] decryptedSecret = decryptValueSecret(secureFile.secret, secureFile.file_hash); JSONObject selfie = new JSONObject(); selfie.put("file_hash", Base64.encodeToString(secureFile.file_hash, Base64.NO_WRAP)); selfie.put("secret", Base64.encodeToString(decryptedSecret, Base64.NO_WRAP)); result.put("selfie", selfie); } if (valueToSend.translation_required && !secureValue.translation.isEmpty()) { JSONArray translation = new JSONArray(); for (int b = 0, size2 = secureValue.translation.size(); b < size2; b++) { TLRPC.TL_secureFile secureFile = (TLRPC.TL_secureFile) secureValue.translation .get(b); byte[] decryptedSecret = decryptValueSecret(secureFile.secret, secureFile.file_hash); JSONObject file = new JSONObject(); file.put("file_hash", Base64.encodeToString(secureFile.file_hash, Base64.NO_WRAP)); file.put("secret", Base64.encodeToString(decryptedSecret, Base64.NO_WRAP)); translation.put(file); } result.put("translation", translation); } jsonObject.put(getNameForType(secureValue.type), result); } catch (Exception ignore) { } } TLRPC.TL_secureValueHash hash = new TLRPC.TL_secureValueHash(); hash.type = secureValue.type; hash.hash = secureValue.hash; req.value_hashes.add(hash); } JSONObject result = new JSONObject(); try { result.put("secure_data", jsonObject); } catch (Exception ignore) { } if (currentPayload != null) { try { result.put("payload", currentPayload); } catch (Exception ignore) { } } if (currentNonce != null) { try { result.put("nonce", currentNonce); } catch (Exception ignore) { } } String json = result.toString(); EncryptionResult encryptionResult = encryptData(AndroidUtilities.getStringBytes(json)); req.credentials = new TLRPC.TL_secureCredentialsEncrypted(); req.credentials.hash = encryptionResult.fileHash; req.credentials.data = encryptionResult.encryptedData; try { String key = currentPublicKey.replaceAll("\\n", "").replace("-----BEGIN PUBLIC KEY-----", "") .replace("-----END PUBLIC KEY-----", ""); KeyFactory kf = KeyFactory.getInstance("RSA"); X509EncodedKeySpec keySpecX509 = new X509EncodedKeySpec(Base64.decode(key, Base64.DEFAULT)); RSAPublicKey pubKey = (RSAPublicKey) kf.generatePublic(keySpecX509); Cipher c = Cipher.getInstance("RSA/NONE/OAEPWithSHA1AndMGF1Padding", "BC"); c.init(Cipher.ENCRYPT_MODE, pubKey); req.credentials.secret = c.doFinal(encryptionResult.decrypyedFileSecret); } catch (Exception e) { FileLog.e(e); } int reqId = ConnectionsManager.getInstance(currentAccount).sendRequest(req, (response, error) -> AndroidUtilities.runOnUIThread(() -> { if (error == null) { ignoreOnFailure = true; callCallback(true); finishFragment(); } else { showEditDoneProgress(false, false); if ("APP_VERSION_OUTDATED".equals(error.text)) { AlertsCreator.showUpdateAppAlert(getParentActivity(), LocaleController.getString("UpdateAppAlert", R.string.UpdateAppAlert), true); } else { showAlertWithText(LocaleController.getString("AppName", R.string.AppName), error.text); } } })); ConnectionsManager.getInstance(currentAccount).bindRequestToGuid(reqId, classGuid); }); acceptTextView = new TextView(context); acceptTextView.setCompoundDrawablePadding(AndroidUtilities.dp(8)); acceptTextView.setCompoundDrawablesWithIntrinsicBounds(R.drawable.authorize, 0, 0, 0); acceptTextView.setTextColor(Theme.getColor(Theme.key_passport_authorizeText)); acceptTextView.setText(LocaleController.getString("PassportAuthorize", R.string.PassportAuthorize)); acceptTextView.setTextSize(TypedValue.COMPLEX_UNIT_DIP, 14); acceptTextView.setGravity(Gravity.CENTER); acceptTextView.setTypeface(AndroidUtilities.getTypeface("fonts/rmedium.ttf")); bottomLayout.addView(acceptTextView, LayoutHelper.createFrame(LayoutHelper.WRAP_CONTENT, LayoutHelper.MATCH_PARENT, Gravity.CENTER)); progressViewButton = new ContextProgressView(context, 0); progressViewButton.setVisibility(View.INVISIBLE); bottomLayout.addView(progressViewButton, LayoutHelper.createFrame(LayoutHelper.MATCH_PARENT, LayoutHelper.MATCH_PARENT)); View shadow = new View(context); shadow.setBackgroundResource(R.drawable.header_shadow_reverse); frameLayout.addView(shadow, LayoutHelper.createFrame(LayoutHelper.MATCH_PARENT, 3, Gravity.LEFT | Gravity.BOTTOM, 0, 0, 0, 48)); }
From source file:android.content.pm.PackageParser.java
public static final PublicKey parsePublicKey(final String encodedPublicKey) { if (encodedPublicKey == null) { Slog.w(TAG, "Could not parse null public key"); return null; }//www . j a va 2 s . c om EncodedKeySpec keySpec; try { final byte[] encoded = Base64.decode(encodedPublicKey, Base64.DEFAULT); keySpec = new X509EncodedKeySpec(encoded); } catch (IllegalArgumentException e) { Slog.w(TAG, "Could not parse verifier public key; invalid Base64"); return null; } /* First try the key as an RSA key. */ try { final KeyFactory keyFactory = KeyFactory.getInstance("RSA"); return keyFactory.generatePublic(keySpec); } catch (NoSuchAlgorithmException e) { Slog.wtf(TAG, "Could not parse public key: RSA KeyFactory not included in build"); } catch (InvalidKeySpecException e) { // Not a RSA public key. } /* Now try it as a ECDSA key. */ try { final KeyFactory keyFactory = KeyFactory.getInstance("EC"); return keyFactory.generatePublic(keySpec); } catch (NoSuchAlgorithmException e) { Slog.wtf(TAG, "Could not parse public key: EC KeyFactory not included in build"); } catch (InvalidKeySpecException e) { // Not a ECDSA public key. } /* Now try it as a DSA key. */ try { final KeyFactory keyFactory = KeyFactory.getInstance("DSA"); return keyFactory.generatePublic(keySpec); } catch (NoSuchAlgorithmException e) { Slog.wtf(TAG, "Could not parse public key: DSA KeyFactory not included in build"); } catch (InvalidKeySpecException e) { // Not a DSA public key. } /* Not a supported key type */ return null; }