Example usage for java.security.spec X509EncodedKeySpec X509EncodedKeySpec

List of usage examples for java.security.spec X509EncodedKeySpec X509EncodedKeySpec

Introduction

In this page you can find the example usage for java.security.spec X509EncodedKeySpec X509EncodedKeySpec.

Prototype

public X509EncodedKeySpec(byte[] encodedKey) 

Source Link

Document

Creates a new X509EncodedKeySpec with the given encoded key.

Usage

From source file:org.apache.geode.internal.cache.tier.sockets.HandShake.java

/**
 * This method writes what readCredential() method expects to read. (Note the use of singular
 * credential). It is similar to writeCredentials(), except that it doesn't write
 * credential-properties.//from  w  ww .j  a  v  a  2 s .c  om
 */
public byte writeCredential(DataOutputStream dos, DataInputStream dis, String authInit, boolean isNotification,
        DistributedMember member, HeapDataOutputStream heapdos) throws IOException, GemFireSecurityException {

    if (!this.multiuserSecureMode && (authInit == null || authInit.length() == 0)) {
        // No credentials indicator
        heapdos.writeByte(CREDENTIALS_NONE);
        heapdos.flush();
        dos.write(heapdos.toByteArray());
        dos.flush();
        return -1;
    }

    if (dhSKAlgo == null || dhSKAlgo.length() == 0) {
        // Normal credentials without encryption indicator
        heapdos.writeByte(CREDENTIALS_NORMAL);
        this.appSecureMode = CREDENTIALS_NORMAL;
        // DataSerializer.writeProperties(p_credentials, heapdos);
        heapdos.flush();
        dos.write(heapdos.toByteArray());
        dos.flush();
        return -1;
    }
    byte acceptanceCode = -1;
    try {
        InternalLogWriter securityLogWriter = (InternalLogWriter) this.system.getSecurityLogWriter();
        securityLogWriter.fine("HandShake: using Diffie-Hellman key exchange with algo " + dhSKAlgo);
        boolean requireAuthentication = (certificateFilePath != null && certificateFilePath.length() > 0);
        if (requireAuthentication) {
            securityLogWriter.fine("HandShake: server authentication using digital " + "signature required");
        }
        // Credentials with encryption indicator
        heapdos.writeByte(CREDENTIALS_DHENCRYPT);
        this.appSecureMode = CREDENTIALS_DHENCRYPT;
        heapdos.writeBoolean(requireAuthentication);
        // Send the symmetric encryption algorithm name
        DataSerializer.writeString(dhSKAlgo, heapdos);
        // Send the DH public key
        byte[] keyBytes = dhPublicKey.getEncoded();
        DataSerializer.writeByteArray(keyBytes, heapdos);
        byte[] clientChallenge = null;
        if (requireAuthentication) {
            // Authentication of server should be with the client supplied
            // challenge
            clientChallenge = new byte[64];
            random.nextBytes(clientChallenge);
            DataSerializer.writeByteArray(clientChallenge, heapdos);
        }
        heapdos.flush();
        dos.write(heapdos.toByteArray());
        dos.flush();

        // Expect the alias and signature in the reply
        acceptanceCode = dis.readByte();
        if (acceptanceCode != REPLY_OK && acceptanceCode != REPLY_AUTH_NOT_REQUIRED) {
            // Ignore the useless data
            dis.readByte();
            dis.readInt();
            if (!isNotification) {
                DataSerializer.readByteArray(dis);
            }
            readMessage(dis, dos, acceptanceCode, member);
        } else if (acceptanceCode == REPLY_OK) {
            // Get the public key of the other side
            keyBytes = DataSerializer.readByteArray(dis);
            if (requireAuthentication) {
                String subject = DataSerializer.readString(dis);
                byte[] signatureBytes = DataSerializer.readByteArray(dis);
                if (!certificateMap.containsKey(subject)) {
                    throw new AuthenticationFailedException(
                            LocalizedStrings.HandShake_HANDSHAKE_FAILED_TO_FIND_PUBLIC_KEY_FOR_SERVER_WITH_SUBJECT_0
                                    .toLocalizedString(subject));
                }

                // Check the signature with the public key
                X509Certificate cert = (X509Certificate) certificateMap.get(subject);
                Signature sig = Signature.getInstance(cert.getSigAlgName());
                sig.initVerify(cert);
                sig.update(clientChallenge);
                // Check the challenge string
                if (!sig.verify(signatureBytes)) {
                    throw new AuthenticationFailedException(
                            "Mismatch in client " + "challenge bytes. Malicious server?");
                }
                securityLogWriter
                        .fine("HandShake: Successfully verified the " + "digital signature from server");
            }

            // Read server challenge bytes
            byte[] serverChallenge = DataSerializer.readByteArray(dis);
            X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
            KeyFactory keyFact = KeyFactory.getInstance("DH");
            // PublicKey pubKey = keyFact.generatePublic(x509KeySpec);
            this.clientPublicKey = keyFact.generatePublic(x509KeySpec);

            HeapDataOutputStream hdos = new HeapDataOutputStream(Version.CURRENT);
            try {
                // Add the challenge string
                DataSerializer.writeByteArray(serverChallenge, hdos);
                // byte[] encBytes = encrypt.doFinal(hdos.toByteArray());
                byte[] encBytes = encryptBytes(hdos.toByteArray(),
                        getEncryptCipher(dhSKAlgo, this.clientPublicKey));
                DataSerializer.writeByteArray(encBytes, dos);
            } finally {
                hdos.close();
            }
        }
    } catch (IOException ex) {
        throw ex;
    } catch (GemFireSecurityException ex) {
        throw ex;
    } catch (Exception ex) {
        throw new AuthenticationFailedException("HandShake failed in Diffie-Hellman key exchange", ex);
    }
    dos.flush();
    return acceptanceCode;
}

From source file:com.yourkey.billing.util.InAppBilling.java

private boolean verifySignature(String signedData, String signature) {
    try {//w w  w. j a va2s .com
        // do it only once
        if (appPublicKey == null) {
            // decode application public key from base64 to binary   
            byte[] decodedKey = decodeBase64(appPublicKeyStr);
            if (decodedKey == null)
                return (false);

            // convert public key from binary to PublicKey object
            appPublicKey = KeyFactory.getInstance(KEY_FACTORY_ALGORITHM)
                    .generatePublic(new X509EncodedKeySpec(decodedKey));
        }

        // decode signature
        byte[] decodedSig = decodeBase64(signature);
        if (decodedSig == null)
            return (false);

        // verify signature
        Signature sig = Signature.getInstance(SIGNATURE_ALGORITHM);
        sig.initVerify(appPublicKey);
        sig.update(signedData.getBytes());
        return (sig.verify(decodedSig));
    } catch (Exception e) {
        return (false);
    }
}

From source file:org.apache.geode.internal.cache.tier.sockets.HandShake.java

public Properties readCredential(DataInputStream dis, DataOutputStream dos, DistributedSystem system)
        throws GemFireSecurityException, IOException {

    Properties credentials = null;
    boolean requireAuthentication = securityService.isClientSecurityRequired();
    try {//from ww  w. j a va2 s .c om
        byte secureMode = dis.readByte();
        throwIfMissingRequiredCredentials(requireAuthentication, secureMode != CREDENTIALS_NONE);
        if (secureMode == CREDENTIALS_NORMAL) {
            this.appSecureMode = CREDENTIALS_NORMAL;
            /*
             * if (requireAuthentication) { credentials = DataSerializer.readProperties(dis); } else {
             * DataSerializer.readProperties(dis); // ignore the credentials }
             */
        } else if (secureMode == CREDENTIALS_DHENCRYPT) {
            this.appSecureMode = CREDENTIALS_DHENCRYPT;
            boolean sendAuthentication = dis.readBoolean();
            InternalLogWriter securityLogWriter = (InternalLogWriter) system.getSecurityLogWriter();
            // Get the symmetric encryption algorithm to be used
            // String skAlgo = DataSerializer.readString(dis);
            this.clientSKAlgo = DataSerializer.readString(dis);
            // Get the public key of the other side
            byte[] keyBytes = DataSerializer.readByteArray(dis);
            byte[] challenge = null;
            // PublicKey pubKey = null;
            if (requireAuthentication) {
                // Generate PublicKey from encoded form
                X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
                KeyFactory keyFact = KeyFactory.getInstance("DH");
                this.clientPublicKey = keyFact.generatePublic(x509KeySpec);

                // Send the public key to other side
                keyBytes = dhPublicKey.getEncoded();
                challenge = new byte[64];
                random.nextBytes(challenge);

                // If the server has to also authenticate itself then
                // sign the challenge from client.
                if (sendAuthentication) {
                    // Get the challenge string from client
                    byte[] clientChallenge = DataSerializer.readByteArray(dis);
                    if (privateKeyEncrypt == null) {
                        throw new AuthenticationFailedException(
                                LocalizedStrings.HandShake_SERVER_PRIVATE_KEY_NOT_AVAILABLE_FOR_CREATING_SIGNATURE
                                        .toLocalizedString());
                    }
                    // Sign the challenge from client and send it to the client
                    Signature sig = Signature.getInstance(privateKeySignAlgo);
                    sig.initSign(privateKeyEncrypt);
                    sig.update(clientChallenge);
                    byte[] signedBytes = sig.sign();
                    dos.writeByte(REPLY_OK);
                    DataSerializer.writeByteArray(keyBytes, dos);
                    // DataSerializer.writeString(privateKeyAlias, dos);
                    DataSerializer.writeString(privateKeySubject, dos);
                    DataSerializer.writeByteArray(signedBytes, dos);
                    securityLogWriter.fine("HandShake: sent the signed client challenge");
                } else {
                    // These two lines should not be moved before the if{} statement in
                    // a common block for both if...then...else parts. This is to handle
                    // the case when an AuthenticationFailedException is thrown by the
                    // if...then part when sending the signature.
                    dos.writeByte(REPLY_OK);
                    DataSerializer.writeByteArray(keyBytes, dos);
                }
                // Now send the server challenge
                DataSerializer.writeByteArray(challenge, dos);
                securityLogWriter.fine("HandShake: sent the public key and challenge");
                dos.flush();

                // Read and decrypt the credentials
                byte[] encBytes = DataSerializer.readByteArray(dis);
                Cipher c = getDecryptCipher(this.clientSKAlgo, this.clientPublicKey);
                byte[] credentialBytes = decryptBytes(encBytes, c);
                ByteArrayInputStream bis = new ByteArrayInputStream(credentialBytes);
                DataInputStream dinp = new DataInputStream(bis);
                // credentials = DataSerializer.readProperties(dinp);//Hitesh: we don't send in handshake
                // now
                byte[] challengeRes = DataSerializer.readByteArray(dinp);
                // Check the challenge string
                if (!Arrays.equals(challenge, challengeRes)) {
                    throw new AuthenticationFailedException(
                            LocalizedStrings.HandShake_MISMATCH_IN_CHALLENGE_BYTES_MALICIOUS_CLIENT
                                    .toLocalizedString());
                }
                dinp.close();
            } else {
                if (sendAuthentication) {
                    // Read and ignore the client challenge
                    DataSerializer.readByteArray(dis);
                }
                dos.writeByte(REPLY_AUTH_NOT_REQUIRED);
                dos.flush();
            }
        }
    } catch (IOException ex) {
        throw ex;
    } catch (GemFireSecurityException ex) {
        throw ex;
    } catch (Exception ex) {
        throw new AuthenticationFailedException(
                LocalizedStrings.HandShake_FAILURE_IN_READING_CREDENTIALS.toLocalizedString(), ex);
    }
    return credentials;
}

From source file:org.hyperledger.fabric_ca.sdk.HFCAClient.java

private PublicKey getRevocationPublicKey(String str)
        throws EnrollmentException, IOException, NoSuchAlgorithmException, InvalidKeySpecException {
    if (Utils.isNullOrEmpty(str)) {
        throw new EnrollmentException(
                "fabric-ca-server did not return 'issuerPublicKey' in the response from " + HFCA_IDEMIXCRED);
    }/*from w  w  w  .j a  v a 2  s.  c  om*/
    String pem = new String(Base64.getDecoder().decode(str));
    byte[] der = convertPemToDer(pem);
    return KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(der));
}

From source file:org.cesecore.keys.util.KeyTools.java

/** 
 * Get the ASN.1 encoded PublicKey as a Java PublicKey Object.
 * @param the ASN.1 encoded PublicKey//from ww  w . j ava 2 s .  com
 * @return the ASN.1 encoded PublicKey as a Java Object
 */
public static PublicKey getPublicKeyFromBytes(byte[] asn1EncodedPublicKey) {
    PublicKey pubKey = null;
    final ASN1InputStream in = new ASN1InputStream(asn1EncodedPublicKey);
    try {
        final SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(in.readObject());
        final AlgorithmIdentifier keyAlg = keyInfo.getAlgorithm();
        final X509EncodedKeySpec xKeySpec = new X509EncodedKeySpec(new DERBitString(keyInfo).getBytes());
        final KeyFactory keyFact = KeyFactory.getInstance(keyAlg.getAlgorithm().getId(), "BC");
        pubKey = keyFact.generatePublic(xKeySpec);
    } catch (IOException e) {
        log.debug("Unable to decode PublicKey.", e);
    } catch (NoSuchAlgorithmException e) {
        log.debug("Unable to decode PublicKey.", e);
    } catch (NoSuchProviderException e) {
        log.debug("Unable to decode PublicKey.", e);
    } catch (InvalidKeySpecException e) {
        log.debug("Unable to decode PublicKey.", e);
    } finally {
        try {
            in.close();
        } catch (IOException e) {
            log.debug("Unable to close input stream.");
        }
    }
    return pubKey;
}

From source file:org.apache.geode.internal.cache.tier.sockets.HandShake.java

public static Properties readCredentials(DataInputStream dis, DataOutputStream dos, DistributedSystem system,
        SecurityService securityService) throws GemFireSecurityException, IOException {

    boolean requireAuthentication = securityService.isClientSecurityRequired();
    Properties credentials = null;
    try {// w w w  .  j  a v  a2 s  .  com
        byte secureMode = dis.readByte();
        throwIfMissingRequiredCredentials(requireAuthentication, secureMode != CREDENTIALS_NONE);
        if (secureMode == CREDENTIALS_NORMAL) {
            if (requireAuthentication) {
                credentials = DataSerializer.readProperties(dis);
            } else {
                DataSerializer.readProperties(dis); // ignore the credentials
            }
        } else if (secureMode == CREDENTIALS_DHENCRYPT) {
            boolean sendAuthentication = dis.readBoolean();
            InternalLogWriter securityLogWriter = (InternalLogWriter) system.getSecurityLogWriter();
            // Get the symmetric encryption algorithm to be used
            String skAlgo = DataSerializer.readString(dis);
            // Get the public key of the other side
            byte[] keyBytes = DataSerializer.readByteArray(dis);
            byte[] challenge = null;
            PublicKey pubKey = null;
            if (requireAuthentication) {
                // Generate PublicKey from encoded form
                X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
                KeyFactory keyFact = KeyFactory.getInstance("DH");
                pubKey = keyFact.generatePublic(x509KeySpec);

                // Send the public key to other side
                keyBytes = dhPublicKey.getEncoded();
                challenge = new byte[64];
                random.nextBytes(challenge);

                // If the server has to also authenticate itself then
                // sign the challenge from client.
                if (sendAuthentication) {
                    // Get the challenge string from client
                    byte[] clientChallenge = DataSerializer.readByteArray(dis);
                    if (privateKeyEncrypt == null) {
                        throw new AuthenticationFailedException(
                                LocalizedStrings.HandShake_SERVER_PRIVATE_KEY_NOT_AVAILABLE_FOR_CREATING_SIGNATURE
                                        .toLocalizedString());
                    }
                    // Sign the challenge from client and send it to the client
                    Signature sig = Signature.getInstance(privateKeySignAlgo);
                    sig.initSign(privateKeyEncrypt);
                    sig.update(clientChallenge);
                    byte[] signedBytes = sig.sign();
                    dos.writeByte(REPLY_OK);
                    DataSerializer.writeByteArray(keyBytes, dos);
                    // DataSerializer.writeString(privateKeyAlias, dos);
                    DataSerializer.writeString(privateKeySubject, dos);
                    DataSerializer.writeByteArray(signedBytes, dos);
                    securityLogWriter.fine("HandShake: sent the signed client challenge");
                } else {
                    // These two lines should not be moved before the if{} statement in
                    // a common block for both if...then...else parts. This is to handle
                    // the case when an AuthenticationFailedException is thrown by the
                    // if...then part when sending the signature.
                    dos.writeByte(REPLY_OK);
                    DataSerializer.writeByteArray(keyBytes, dos);
                }
                // Now send the server challenge
                DataSerializer.writeByteArray(challenge, dos);
                securityLogWriter.fine("HandShake: sent the public key and challenge");
                dos.flush();

                // Read and decrypt the credentials
                byte[] encBytes = DataSerializer.readByteArray(dis);
                KeyAgreement ka = KeyAgreement.getInstance("DH");
                ka.init(dhPrivateKey);
                ka.doPhase(pubKey, true);

                Cipher decrypt;

                int keysize = getKeySize(skAlgo);
                int blocksize = getBlockSize(skAlgo);

                if (keysize == -1 || blocksize == -1) {
                    SecretKey sKey = ka.generateSecret(skAlgo);
                    decrypt = Cipher.getInstance(skAlgo);
                    decrypt.init(Cipher.DECRYPT_MODE, sKey);
                } else {
                    String algoStr = getDhAlgoStr(skAlgo);

                    byte[] sKeyBytes = ka.generateSecret();
                    SecretKeySpec sks = new SecretKeySpec(sKeyBytes, 0, keysize, algoStr);
                    IvParameterSpec ivps = new IvParameterSpec(sKeyBytes, keysize, blocksize);

                    decrypt = Cipher.getInstance(algoStr + "/CBC/PKCS5Padding");
                    decrypt.init(Cipher.DECRYPT_MODE, sks, ivps);
                }

                byte[] credentialBytes = decrypt.doFinal(encBytes);
                ByteArrayInputStream bis = new ByteArrayInputStream(credentialBytes);
                DataInputStream dinp = new DataInputStream(bis);
                credentials = DataSerializer.readProperties(dinp);
                byte[] challengeRes = DataSerializer.readByteArray(dinp);
                // Check the challenge string
                if (!Arrays.equals(challenge, challengeRes)) {
                    throw new AuthenticationFailedException(
                            LocalizedStrings.HandShake_MISMATCH_IN_CHALLENGE_BYTES_MALICIOUS_CLIENT
                                    .toLocalizedString());
                }
                dinp.close();
            } else {
                if (sendAuthentication) {
                    // Read and ignore the client challenge
                    DataSerializer.readByteArray(dis);
                }
                dos.writeByte(REPLY_AUTH_NOT_REQUIRED);
                dos.flush();
            }
        } else if (secureMode == SECURITY_MULTIUSER_NOTIFICATIONCHANNEL) {
            // hitesh there will be no credential CCP will get credential(Principal) using
            // ServerConnection..
            logger.debug("readCredential where multiuser mode creating callback connection");
        }
    } catch (IOException ex) {
        throw ex;
    } catch (GemFireSecurityException ex) {
        throw ex;
    } catch (Exception ex) {
        throw new AuthenticationFailedException(
                LocalizedStrings.HandShake_FAILURE_IN_READING_CREDENTIALS.toLocalizedString(), ex);
    }
    return credentials;
}

From source file:org.telegram.ui.PassportActivity.java

private void createRequestInterface(Context context) {
    TLRPC.User botUser = null;/*from  w  ww  .ja v a 2  s .c  om*/
    if (currentForm != null) {
        for (int a = 0; a < currentForm.users.size(); a++) {
            TLRPC.User user = currentForm.users.get(a);
            if (user.id == currentBotId) {
                botUser = user;
                break;
            }
        }
    }

    FrameLayout frameLayout = (FrameLayout) fragmentView;

    actionBar.setTitle(LocaleController.getString("TelegramPassport", R.string.TelegramPassport));

    actionBar.createMenu().addItem(info_item, R.drawable.profile_info);

    if (botUser != null) {
        FrameLayout avatarContainer = new FrameLayout(context);
        linearLayout2.addView(avatarContainer, LayoutHelper.createLinear(LayoutHelper.MATCH_PARENT, 100));

        BackupImageView avatarImageView = new BackupImageView(context);
        avatarImageView.setRoundRadius(AndroidUtilities.dp(32));
        avatarContainer.addView(avatarImageView, LayoutHelper.createFrame(64, 64, Gravity.CENTER, 0, 8, 0, 0));

        AvatarDrawable avatarDrawable = new AvatarDrawable(botUser);
        TLRPC.FileLocation photo = null;
        if (botUser.photo != null) {
            photo = botUser.photo.photo_small;
        }
        avatarImageView.setImage(photo, "50_50", avatarDrawable, botUser);

        bottomCell = new TextInfoPrivacyCell(context);
        bottomCell.setBackgroundDrawable(Theme.getThemedDrawable(context, R.drawable.greydivider_top,
                Theme.key_windowBackgroundGrayShadow));
        bottomCell.setText(AndroidUtilities.replaceTags(LocaleController.formatString("PassportRequest",
                R.string.PassportRequest, UserObject.getFirstName(botUser))));
        bottomCell.getTextView().setGravity(Gravity.CENTER_HORIZONTAL);
        ((FrameLayout.LayoutParams) bottomCell.getTextView()
                .getLayoutParams()).gravity = Gravity.CENTER_HORIZONTAL;
        linearLayout2.addView(bottomCell,
                LayoutHelper.createLinear(LayoutHelper.MATCH_PARENT, LayoutHelper.WRAP_CONTENT));
    }

    headerCell = new HeaderCell(context);
    headerCell.setText(
            LocaleController.getString("PassportRequestedInformation", R.string.PassportRequestedInformation));
    headerCell.setBackgroundColor(Theme.getColor(Theme.key_windowBackgroundWhite));
    linearLayout2.addView(headerCell,
            LayoutHelper.createLinear(LayoutHelper.MATCH_PARENT, LayoutHelper.WRAP_CONTENT));

    if (currentForm != null) {
        int size = currentForm.required_types.size();
        ArrayList<TLRPC.TL_secureRequiredType> personalDocuments = new ArrayList<>();
        ArrayList<TLRPC.TL_secureRequiredType> addressDocuments = new ArrayList<>();
        int personalCount = 0;
        int addressCount = 0;
        boolean hasPersonalInfo = false;
        boolean hasAddressInfo = false;
        for (int a = 0; a < size; a++) {
            TLRPC.SecureRequiredType secureRequiredType = currentForm.required_types.get(a);
            if (secureRequiredType instanceof TLRPC.TL_secureRequiredType) {
                TLRPC.TL_secureRequiredType requiredType = (TLRPC.TL_secureRequiredType) secureRequiredType;
                if (isPersonalDocument(requiredType.type)) {
                    personalDocuments.add(requiredType);
                    personalCount++;
                } else if (isAddressDocument(requiredType.type)) {
                    addressDocuments.add(requiredType);
                    addressCount++;
                } else if (requiredType.type instanceof TLRPC.TL_secureValueTypePersonalDetails) {
                    hasPersonalInfo = true;
                } else if (requiredType.type instanceof TLRPC.TL_secureValueTypeAddress) {
                    hasAddressInfo = true;
                }
            } else if (secureRequiredType instanceof TLRPC.TL_secureRequiredTypeOneOf) {
                TLRPC.TL_secureRequiredTypeOneOf requiredTypeOneOf = (TLRPC.TL_secureRequiredTypeOneOf) secureRequiredType;
                if (requiredTypeOneOf.types.isEmpty()) {
                    continue;
                }
                TLRPC.SecureRequiredType innerType = requiredTypeOneOf.types.get(0);
                if (!(innerType instanceof TLRPC.TL_secureRequiredType)) {
                    continue;
                }
                TLRPC.TL_secureRequiredType requiredType = (TLRPC.TL_secureRequiredType) innerType;

                if (isPersonalDocument(requiredType.type)) {
                    for (int b = 0, size2 = requiredTypeOneOf.types.size(); b < size2; b++) {
                        innerType = requiredTypeOneOf.types.get(b);
                        if (!(innerType instanceof TLRPC.TL_secureRequiredType)) {
                            continue;
                        }
                        personalDocuments.add((TLRPC.TL_secureRequiredType) innerType);
                    }
                    personalCount++;
                } else if (isAddressDocument(requiredType.type)) {
                    for (int b = 0, size2 = requiredTypeOneOf.types.size(); b < size2; b++) {
                        innerType = requiredTypeOneOf.types.get(b);
                        if (!(innerType instanceof TLRPC.TL_secureRequiredType)) {
                            continue;
                        }
                        addressDocuments.add((TLRPC.TL_secureRequiredType) innerType);
                    }
                    addressCount++;
                }
            }
        }
        boolean separatePersonal = !hasPersonalInfo || personalCount > 1;
        boolean separateAddress = !hasAddressInfo || addressCount > 1;
        for (int a = 0; a < size; a++) {
            TLRPC.SecureRequiredType secureRequiredType = currentForm.required_types.get(a);
            ArrayList<TLRPC.TL_secureRequiredType> documentTypes;
            TLRPC.TL_secureRequiredType requiredType;
            boolean documentOnly;
            if (secureRequiredType instanceof TLRPC.TL_secureRequiredType) {
                requiredType = (TLRPC.TL_secureRequiredType) secureRequiredType;
                if (requiredType.type instanceof TLRPC.TL_secureValueTypePhone
                        || requiredType.type instanceof TLRPC.TL_secureValueTypeEmail) {
                    documentTypes = null;
                    documentOnly = false;
                } else if (requiredType.type instanceof TLRPC.TL_secureValueTypePersonalDetails) {
                    if (separatePersonal) {
                        documentTypes = null;
                    } else {
                        documentTypes = personalDocuments;
                    }
                    documentOnly = false;
                } else if (requiredType.type instanceof TLRPC.TL_secureValueTypeAddress) {
                    if (separateAddress) {
                        documentTypes = null;
                    } else {
                        documentTypes = addressDocuments;
                    }
                    documentOnly = false;
                } else if (separatePersonal && isPersonalDocument(requiredType.type)) {
                    documentTypes = new ArrayList<>();
                    documentTypes.add(requiredType);
                    requiredType = new TLRPC.TL_secureRequiredType();
                    requiredType.type = new TLRPC.TL_secureValueTypePersonalDetails();
                    documentOnly = true;
                } else if (separateAddress && isAddressDocument(requiredType.type)) {
                    documentTypes = new ArrayList<>();
                    documentTypes.add(requiredType);
                    requiredType = new TLRPC.TL_secureRequiredType();
                    requiredType.type = new TLRPC.TL_secureValueTypeAddress();
                    documentOnly = true;
                } else {
                    continue;
                }
            } else if (secureRequiredType instanceof TLRPC.TL_secureRequiredTypeOneOf) {
                TLRPC.TL_secureRequiredTypeOneOf requiredTypeOneOf = (TLRPC.TL_secureRequiredTypeOneOf) secureRequiredType;
                if (requiredTypeOneOf.types.isEmpty()) {
                    continue;
                }
                TLRPC.SecureRequiredType innerType = requiredTypeOneOf.types.get(0);
                if (!(innerType instanceof TLRPC.TL_secureRequiredType)) {
                    continue;
                }
                requiredType = (TLRPC.TL_secureRequiredType) innerType;

                if (separatePersonal && isPersonalDocument(requiredType.type)
                        || separateAddress && isAddressDocument(requiredType.type)) {
                    documentTypes = new ArrayList<>();
                    for (int b = 0, size2 = requiredTypeOneOf.types.size(); b < size2; b++) {
                        innerType = requiredTypeOneOf.types.get(b);
                        if (!(innerType instanceof TLRPC.TL_secureRequiredType)) {
                            continue;
                        }
                        documentTypes.add((TLRPC.TL_secureRequiredType) innerType);
                    }
                    if (isPersonalDocument(requiredType.type)) {
                        requiredType = new TLRPC.TL_secureRequiredType();
                        requiredType.type = new TLRPC.TL_secureValueTypePersonalDetails();
                    } else {
                        requiredType = new TLRPC.TL_secureRequiredType();
                        requiredType.type = new TLRPC.TL_secureValueTypeAddress();
                    }

                    documentOnly = true;
                } else {
                    continue;
                }
            } else {
                continue;
            }
            addField(context, requiredType, documentTypes, documentOnly, a == size - 1);
        }
    }

    if (botUser != null) {
        bottomCell = new TextInfoPrivacyCell(context);
        bottomCell.setBackgroundDrawable(Theme.getThemedDrawable(context, R.drawable.greydivider_bottom,
                Theme.key_windowBackgroundGrayShadow));
        bottomCell.setLinkTextColorKey(Theme.key_windowBackgroundWhiteGrayText4);
        if (!TextUtils.isEmpty(currentForm.privacy_policy_url)) {
            String str2 = LocaleController.formatString("PassportPolicy", R.string.PassportPolicy,
                    UserObject.getFirstName(botUser), botUser.username);
            SpannableStringBuilder text = new SpannableStringBuilder(str2);
            int index1 = str2.indexOf('*');
            int index2 = str2.lastIndexOf('*');
            if (index1 != -1 && index2 != -1) {
                bottomCell.getTextView().setMovementMethod(new AndroidUtilities.LinkMovementMethodMy());
                text.replace(index2, index2 + 1, "");
                text.replace(index1, index1 + 1, "");
                text.setSpan(new LinkSpan(), index1, index2 - 1, Spanned.SPAN_EXCLUSIVE_EXCLUSIVE);
            }
            bottomCell.setText(text);
        } else {
            bottomCell.setText(AndroidUtilities.replaceTags(LocaleController.formatString("PassportNoPolicy",
                    R.string.PassportNoPolicy, UserObject.getFirstName(botUser), botUser.username)));
        }
        bottomCell.getTextView().setHighlightColor(Theme.getColor(Theme.key_windowBackgroundWhiteGrayText4));
        bottomCell.getTextView().setGravity(Gravity.CENTER_HORIZONTAL);
        linearLayout2.addView(bottomCell,
                LayoutHelper.createLinear(LayoutHelper.MATCH_PARENT, LayoutHelper.WRAP_CONTENT));
    }

    bottomLayout = new FrameLayout(context);
    bottomLayout.setBackgroundDrawable(
            Theme.createSelectorWithBackgroundDrawable(Theme.getColor(Theme.key_passport_authorizeBackground),
                    Theme.getColor(Theme.key_passport_authorizeBackgroundSelected)));
    frameLayout.addView(bottomLayout, LayoutHelper.createFrame(LayoutHelper.MATCH_PARENT, 48, Gravity.BOTTOM));
    bottomLayout.setOnClickListener(view -> {

        class ValueToSend {
            TLRPC.TL_secureValue value;
            boolean selfie_required;
            boolean translation_required;

            public ValueToSend(TLRPC.TL_secureValue v, boolean s, boolean t) {
                value = v;
                selfie_required = s;
                translation_required = t;
            }
        }

        ArrayList<ValueToSend> valuesToSend = new ArrayList<>();
        for (int a = 0, size = currentForm.required_types.size(); a < size; a++) {

            TLRPC.TL_secureRequiredType requiredType;

            TLRPC.SecureRequiredType secureRequiredType = currentForm.required_types.get(a);
            if (secureRequiredType instanceof TLRPC.TL_secureRequiredType) {
                requiredType = (TLRPC.TL_secureRequiredType) secureRequiredType;
            } else if (secureRequiredType instanceof TLRPC.TL_secureRequiredTypeOneOf) {
                TLRPC.TL_secureRequiredTypeOneOf requiredTypeOneOf = (TLRPC.TL_secureRequiredTypeOneOf) secureRequiredType;
                if (requiredTypeOneOf.types.isEmpty()) {
                    continue;
                }
                secureRequiredType = requiredTypeOneOf.types.get(0);
                if (!(secureRequiredType instanceof TLRPC.TL_secureRequiredType)) {
                    continue;
                }
                requiredType = (TLRPC.TL_secureRequiredType) secureRequiredType;

                for (int b = 0, size2 = requiredTypeOneOf.types.size(); b < size2; b++) {
                    secureRequiredType = requiredTypeOneOf.types.get(b);
                    if (!(secureRequiredType instanceof TLRPC.TL_secureRequiredType)) {
                        continue;
                    }
                    TLRPC.TL_secureRequiredType innerType = (TLRPC.TL_secureRequiredType) secureRequiredType;
                    if (getValueByType(innerType, true) != null) {
                        requiredType = innerType;
                        break;
                    }
                }
            } else {
                continue;
            }

            TLRPC.TL_secureValue value = getValueByType(requiredType, true);
            if (value == null) {
                Vibrator v = (Vibrator) getParentActivity().getSystemService(Context.VIBRATOR_SERVICE);
                if (v != null) {
                    v.vibrate(200);
                }
                AndroidUtilities.shakeView(getViewByType(requiredType), 2, 0);
                return;
            }
            String key = getNameForType(requiredType.type);
            HashMap<String, String> errors = errorsMap.get(key);
            if (errors != null && !errors.isEmpty()) {
                Vibrator v = (Vibrator) getParentActivity().getSystemService(Context.VIBRATOR_SERVICE);
                if (v != null) {
                    v.vibrate(200);
                }
                AndroidUtilities.shakeView(getViewByType(requiredType), 2, 0);
                return;
            }
            valuesToSend.add(
                    new ValueToSend(value, requiredType.selfie_required, requiredType.translation_required));
        }
        showEditDoneProgress(false, true);
        TLRPC.TL_account_acceptAuthorization req = new TLRPC.TL_account_acceptAuthorization();
        req.bot_id = currentBotId;
        req.scope = currentScope;
        req.public_key = currentPublicKey;
        JSONObject jsonObject = new JSONObject();
        for (int a = 0, size = valuesToSend.size(); a < size; a++) {
            ValueToSend valueToSend = valuesToSend.get(a);
            TLRPC.TL_secureValue secureValue = valueToSend.value;

            JSONObject data = new JSONObject();

            if (secureValue.plain_data != null) {
                if (secureValue.plain_data instanceof TLRPC.TL_securePlainEmail) {
                    TLRPC.TL_securePlainEmail securePlainEmail = (TLRPC.TL_securePlainEmail) secureValue.plain_data;
                } else if (secureValue.plain_data instanceof TLRPC.TL_securePlainPhone) {
                    TLRPC.TL_securePlainPhone securePlainPhone = (TLRPC.TL_securePlainPhone) secureValue.plain_data;
                }
            } else {
                try {
                    JSONObject result = new JSONObject();
                    if (secureValue.data != null) {
                        byte[] decryptedSecret = decryptValueSecret(secureValue.data.secret,
                                secureValue.data.data_hash);

                        data.put("data_hash",
                                Base64.encodeToString(secureValue.data.data_hash, Base64.NO_WRAP));
                        data.put("secret", Base64.encodeToString(decryptedSecret, Base64.NO_WRAP));

                        result.put("data", data);
                    }
                    if (!secureValue.files.isEmpty()) {
                        JSONArray files = new JSONArray();
                        for (int b = 0, size2 = secureValue.files.size(); b < size2; b++) {
                            TLRPC.TL_secureFile secureFile = (TLRPC.TL_secureFile) secureValue.files.get(b);
                            byte[] decryptedSecret = decryptValueSecret(secureFile.secret,
                                    secureFile.file_hash);

                            JSONObject file = new JSONObject();
                            file.put("file_hash", Base64.encodeToString(secureFile.file_hash, Base64.NO_WRAP));
                            file.put("secret", Base64.encodeToString(decryptedSecret, Base64.NO_WRAP));
                            files.put(file);
                        }
                        result.put("files", files);
                    }
                    if (secureValue.front_side instanceof TLRPC.TL_secureFile) {
                        TLRPC.TL_secureFile secureFile = (TLRPC.TL_secureFile) secureValue.front_side;
                        byte[] decryptedSecret = decryptValueSecret(secureFile.secret, secureFile.file_hash);

                        JSONObject front = new JSONObject();
                        front.put("file_hash", Base64.encodeToString(secureFile.file_hash, Base64.NO_WRAP));
                        front.put("secret", Base64.encodeToString(decryptedSecret, Base64.NO_WRAP));
                        result.put("front_side", front);
                    }
                    if (secureValue.reverse_side instanceof TLRPC.TL_secureFile) {
                        TLRPC.TL_secureFile secureFile = (TLRPC.TL_secureFile) secureValue.reverse_side;
                        byte[] decryptedSecret = decryptValueSecret(secureFile.secret, secureFile.file_hash);

                        JSONObject reverse = new JSONObject();
                        reverse.put("file_hash", Base64.encodeToString(secureFile.file_hash, Base64.NO_WRAP));
                        reverse.put("secret", Base64.encodeToString(decryptedSecret, Base64.NO_WRAP));
                        result.put("reverse_side", reverse);
                    }
                    if (valueToSend.selfie_required && secureValue.selfie instanceof TLRPC.TL_secureFile) {
                        TLRPC.TL_secureFile secureFile = (TLRPC.TL_secureFile) secureValue.selfie;
                        byte[] decryptedSecret = decryptValueSecret(secureFile.secret, secureFile.file_hash);

                        JSONObject selfie = new JSONObject();
                        selfie.put("file_hash", Base64.encodeToString(secureFile.file_hash, Base64.NO_WRAP));
                        selfie.put("secret", Base64.encodeToString(decryptedSecret, Base64.NO_WRAP));
                        result.put("selfie", selfie);
                    }
                    if (valueToSend.translation_required && !secureValue.translation.isEmpty()) {
                        JSONArray translation = new JSONArray();
                        for (int b = 0, size2 = secureValue.translation.size(); b < size2; b++) {
                            TLRPC.TL_secureFile secureFile = (TLRPC.TL_secureFile) secureValue.translation
                                    .get(b);
                            byte[] decryptedSecret = decryptValueSecret(secureFile.secret,
                                    secureFile.file_hash);

                            JSONObject file = new JSONObject();
                            file.put("file_hash", Base64.encodeToString(secureFile.file_hash, Base64.NO_WRAP));
                            file.put("secret", Base64.encodeToString(decryptedSecret, Base64.NO_WRAP));
                            translation.put(file);
                        }
                        result.put("translation", translation);
                    }
                    jsonObject.put(getNameForType(secureValue.type), result);
                } catch (Exception ignore) {

                }
            }

            TLRPC.TL_secureValueHash hash = new TLRPC.TL_secureValueHash();
            hash.type = secureValue.type;
            hash.hash = secureValue.hash;
            req.value_hashes.add(hash);
        }
        JSONObject result = new JSONObject();
        try {
            result.put("secure_data", jsonObject);
        } catch (Exception ignore) {

        }
        if (currentPayload != null) {
            try {
                result.put("payload", currentPayload);
            } catch (Exception ignore) {

            }
        }
        if (currentNonce != null) {
            try {
                result.put("nonce", currentNonce);
            } catch (Exception ignore) {

            }
        }
        String json = result.toString();

        EncryptionResult encryptionResult = encryptData(AndroidUtilities.getStringBytes(json));

        req.credentials = new TLRPC.TL_secureCredentialsEncrypted();
        req.credentials.hash = encryptionResult.fileHash;
        req.credentials.data = encryptionResult.encryptedData;
        try {
            String key = currentPublicKey.replaceAll("\\n", "").replace("-----BEGIN PUBLIC KEY-----", "")
                    .replace("-----END PUBLIC KEY-----", "");
            KeyFactory kf = KeyFactory.getInstance("RSA");
            X509EncodedKeySpec keySpecX509 = new X509EncodedKeySpec(Base64.decode(key, Base64.DEFAULT));
            RSAPublicKey pubKey = (RSAPublicKey) kf.generatePublic(keySpecX509);

            Cipher c = Cipher.getInstance("RSA/NONE/OAEPWithSHA1AndMGF1Padding", "BC");
            c.init(Cipher.ENCRYPT_MODE, pubKey);
            req.credentials.secret = c.doFinal(encryptionResult.decrypyedFileSecret);
        } catch (Exception e) {
            FileLog.e(e);
        }
        int reqId = ConnectionsManager.getInstance(currentAccount).sendRequest(req,
                (response, error) -> AndroidUtilities.runOnUIThread(() -> {
                    if (error == null) {
                        ignoreOnFailure = true;
                        callCallback(true);
                        finishFragment();
                    } else {
                        showEditDoneProgress(false, false);
                        if ("APP_VERSION_OUTDATED".equals(error.text)) {
                            AlertsCreator.showUpdateAppAlert(getParentActivity(),
                                    LocaleController.getString("UpdateAppAlert", R.string.UpdateAppAlert),
                                    true);
                        } else {
                            showAlertWithText(LocaleController.getString("AppName", R.string.AppName),
                                    error.text);
                        }
                    }
                }));
        ConnectionsManager.getInstance(currentAccount).bindRequestToGuid(reqId, classGuid);
    });

    acceptTextView = new TextView(context);
    acceptTextView.setCompoundDrawablePadding(AndroidUtilities.dp(8));
    acceptTextView.setCompoundDrawablesWithIntrinsicBounds(R.drawable.authorize, 0, 0, 0);
    acceptTextView.setTextColor(Theme.getColor(Theme.key_passport_authorizeText));
    acceptTextView.setText(LocaleController.getString("PassportAuthorize", R.string.PassportAuthorize));
    acceptTextView.setTextSize(TypedValue.COMPLEX_UNIT_DIP, 14);
    acceptTextView.setGravity(Gravity.CENTER);
    acceptTextView.setTypeface(AndroidUtilities.getTypeface("fonts/rmedium.ttf"));
    bottomLayout.addView(acceptTextView,
            LayoutHelper.createFrame(LayoutHelper.WRAP_CONTENT, LayoutHelper.MATCH_PARENT, Gravity.CENTER));

    progressViewButton = new ContextProgressView(context, 0);
    progressViewButton.setVisibility(View.INVISIBLE);
    bottomLayout.addView(progressViewButton,
            LayoutHelper.createFrame(LayoutHelper.MATCH_PARENT, LayoutHelper.MATCH_PARENT));

    View shadow = new View(context);
    shadow.setBackgroundResource(R.drawable.header_shadow_reverse);
    frameLayout.addView(shadow,
            LayoutHelper.createFrame(LayoutHelper.MATCH_PARENT, 3, Gravity.LEFT | Gravity.BOTTOM, 0, 0, 0, 48));
}

From source file:android.content.pm.PackageParser.java

public static final PublicKey parsePublicKey(final String encodedPublicKey) {
    if (encodedPublicKey == null) {
        Slog.w(TAG, "Could not parse null public key");
        return null;
    }//www  . j  a  va 2  s  .  c  om

    EncodedKeySpec keySpec;
    try {
        final byte[] encoded = Base64.decode(encodedPublicKey, Base64.DEFAULT);
        keySpec = new X509EncodedKeySpec(encoded);
    } catch (IllegalArgumentException e) {
        Slog.w(TAG, "Could not parse verifier public key; invalid Base64");
        return null;
    }

    /* First try the key as an RSA key. */
    try {
        final KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        return keyFactory.generatePublic(keySpec);
    } catch (NoSuchAlgorithmException e) {
        Slog.wtf(TAG, "Could not parse public key: RSA KeyFactory not included in build");
    } catch (InvalidKeySpecException e) {
        // Not a RSA public key.
    }

    /* Now try it as a ECDSA key. */
    try {
        final KeyFactory keyFactory = KeyFactory.getInstance("EC");
        return keyFactory.generatePublic(keySpec);
    } catch (NoSuchAlgorithmException e) {
        Slog.wtf(TAG, "Could not parse public key: EC KeyFactory not included in build");
    } catch (InvalidKeySpecException e) {
        // Not a ECDSA public key.
    }

    /* Now try it as a DSA key. */
    try {
        final KeyFactory keyFactory = KeyFactory.getInstance("DSA");
        return keyFactory.generatePublic(keySpec);
    } catch (NoSuchAlgorithmException e) {
        Slog.wtf(TAG, "Could not parse public key: DSA KeyFactory not included in build");
    } catch (InvalidKeySpecException e) {
        // Not a DSA public key.
    }

    /* Not a supported key type */
    return null;
}