package at.gv.egiz.pdfas.lib.util; import iaik.asn1.structures.AlgorithmID; import iaik.x509.X509Certificate; import java.security.NoSuchAlgorithmException; import java.security.PublicKey; import java.security.interfaces.ECPublicKey; import java.security.spec.ECParameterSpec; public class CertificateUtils { public static AlgorithmID[] getAlgorithmIDs(X509Certificate signingCertificate) throws NoSuchAlgorithmException { PublicKey publicKey = signingCertificate.getPublicKey(); String algorithm = publicKey.getAlgorithm(); AlgorithmID[] algorithms = new AlgorithmID[2]; AlgorithmID signatureAlgorithm; AlgorithmID digestAlgorithm; if ("DSA".equals(algorithm)) { signatureAlgorithm = AlgorithmID.dsaWithSHA256; digestAlgorithm = AlgorithmID.sha256; } else if ("RSA".equals(algorithm)) { signatureAlgorithm = AlgorithmID.sha256WithRSAEncryption; digestAlgorithm = AlgorithmID.sha256; } else if (("EC".equals(algorithm)) || ("ECDSA".equals(algorithm))) { int fieldSize = 0; if (publicKey instanceof ECPublicKey) { ECParameterSpec params = ((ECPublicKey) publicKey).getParams(); fieldSize = params.getCurve().getField().getFieldSize(); } if (fieldSize >= 512) { signatureAlgorithm = AlgorithmID.ecdsa_With_SHA512; digestAlgorithm = AlgorithmID.sha512; } else if (fieldSize >= 256) { signatureAlgorithm = AlgorithmID.ecdsa_With_SHA256; digestAlgorithm = AlgorithmID.sha256; } else { signatureAlgorithm = AlgorithmID.ecdsa_With_SHA1; digestAlgorithm = AlgorithmID.sha1; } } else { throw new NoSuchAlgorithmException("Public key algorithm '" + algorithm + "' not supported."); } algorithms[0] = signatureAlgorithm; algorithms[1] = digestAlgorithm; return algorithms; } }