Search in sources :

Example 6 with DEROctetString

use of com.android.org.bouncycastle.asn1.DEROctetString in project wildfly by wildfly.

the class KerberosTestUtils method generateSpnegoTokenResp.

/**
     * Generates SPNEGO response (to a "select mechanism challenge") with given bytes as the ticket for selected mechanism.
     *
     * @param ticket
     * @return ASN.1 encoded SPNEGO response
     */
public static byte[] generateSpnegoTokenResp(byte[] ticket) throws IOException {
    DEROctetString ourKerberosTicket = new DEROctetString(ticket);
    // accept-incomplete
    DERTaggedObject taggedNegState = new DERTaggedObject(0, new ASN1Enumerated(1));
    DERTaggedObject taggedResponseToken = new DERTaggedObject(2, ourKerberosTicket);
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(taggedNegState);
    v.add(taggedResponseToken);
    DERSequence seqNegTokenResp = new DERSequence(v);
    DERTaggedObject taggedSpnego = new DERTaggedObject(1, seqNegTokenResp);
    return taggedSpnego.getEncoded();
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1Enumerated(org.bouncycastle.asn1.ASN1Enumerated) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 7 with DEROctetString

use of com.android.org.bouncycastle.asn1.DEROctetString in project oxAuth by GluuFederation.

the class CRLCertificateVerifier method getCrlNumber.

@SuppressWarnings({ "deprecation", "resource" })
private BigInteger getCrlNumber(X509CRL crl) throws IOException {
    byte[] crlNumberExtensionValue = crl.getExtensionValue(X509Extensions.CRLNumber.getId());
    if (crlNumberExtensionValue == null) {
        return null;
    }
    DEROctetString octetString = (DEROctetString) (new ASN1InputStream(new ByteArrayInputStream(crlNumberExtensionValue)).readObject());
    byte[] octets = octetString.getOctets();
    DERInteger integer = (DERInteger) new ASN1InputStream(octets).readObject();
    BigInteger crlNumber = integer.getPositiveValue();
    return crlNumber;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) BigInteger(java.math.BigInteger) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERInteger(org.bouncycastle.asn1.DERInteger)

Example 8 with DEROctetString

use of com.android.org.bouncycastle.asn1.DEROctetString in project poi by apache.

the class PkiTestUtils method createOcspResp.

public static OCSPResp createOcspResp(X509Certificate certificate, boolean revoked, X509Certificate issuerCertificate, X509Certificate ocspResponderCertificate, PrivateKey ocspResponderPrivateKey, String signatureAlgorithm, long nonceTimeinMillis) throws Exception {
    DigestCalculator digestCalc = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build().get(CertificateID.HASH_SHA1);
    X509CertificateHolder issuerHolder = new X509CertificateHolder(issuerCertificate.getEncoded());
    CertificateID certId = new CertificateID(digestCalc, issuerHolder, certificate.getSerialNumber());
    // request
    //create a nonce to avoid replay attack
    BigInteger nonce = BigInteger.valueOf(nonceTimeinMillis);
    DEROctetString nonceDer = new DEROctetString(nonce.toByteArray());
    Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, nonceDer);
    Extensions exts = new Extensions(ext);
    OCSPReqBuilder ocspReqBuilder = new OCSPReqBuilder();
    ocspReqBuilder.addRequest(certId);
    ocspReqBuilder.setRequestExtensions(exts);
    OCSPReq ocspReq = ocspReqBuilder.build();
    SubjectPublicKeyInfo keyInfo = new SubjectPublicKeyInfo(CertificateID.HASH_SHA1, ocspResponderCertificate.getPublicKey().getEncoded());
    BasicOCSPRespBuilder basicOCSPRespBuilder = new BasicOCSPRespBuilder(keyInfo, digestCalc);
    basicOCSPRespBuilder.setResponseExtensions(exts);
    // request processing
    Req[] requestList = ocspReq.getRequestList();
    for (Req ocspRequest : requestList) {
        CertificateID certificateID = ocspRequest.getCertID();
        CertificateStatus certificateStatus = CertificateStatus.GOOD;
        if (revoked) {
            certificateStatus = new RevokedStatus(new Date(), CRLReason.privilegeWithdrawn);
        }
        basicOCSPRespBuilder.addResponse(certificateID, certificateStatus);
    }
    // basic response generation
    X509CertificateHolder[] chain = null;
    if (!ocspResponderCertificate.equals(issuerCertificate)) {
        // TODO: HorribleProxy can't convert array input params yet
        chain = new X509CertificateHolder[] { new X509CertificateHolder(ocspResponderCertificate.getEncoded()), issuerHolder };
    }
    ContentSigner contentSigner = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(ocspResponderPrivateKey);
    BasicOCSPResp basicOCSPResp = basicOCSPRespBuilder.build(contentSigner, chain, new Date(nonceTimeinMillis));
    OCSPRespBuilder ocspRespBuilder = new OCSPRespBuilder();
    OCSPResp ocspResp = ocspRespBuilder.build(OCSPRespBuilder.SUCCESSFUL, basicOCSPResp);
    return ocspResp;
}
Also used : BasicOCSPRespBuilder(org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder) OCSPRespBuilder(org.bouncycastle.cert.ocsp.OCSPRespBuilder) CertificateID(org.bouncycastle.cert.ocsp.CertificateID) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) CertificateStatus(org.bouncycastle.cert.ocsp.CertificateStatus) DigestCalculator(org.bouncycastle.operator.DigestCalculator) ContentSigner(org.bouncycastle.operator.ContentSigner) Extensions(org.bouncycastle.asn1.x509.Extensions) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) DEROctetString(org.bouncycastle.asn1.DEROctetString) Date(java.util.Date) OCSPResp(org.bouncycastle.cert.ocsp.OCSPResp) BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp) Extension(org.bouncycastle.asn1.x509.Extension) BasicOCSPRespBuilder(org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder) RevokedStatus(org.bouncycastle.cert.ocsp.RevokedStatus) OCSPReq(org.bouncycastle.cert.ocsp.OCSPReq) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp) BigInteger(java.math.BigInteger) JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder) OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder) Req(org.bouncycastle.cert.ocsp.Req) OCSPReq(org.bouncycastle.cert.ocsp.OCSPReq)

Example 9 with DEROctetString

use of com.android.org.bouncycastle.asn1.DEROctetString in project robovm by robovm.

the class DefaultSignedAttributeTableGenerator method createStandardAttributeTable.

/**
     * Create a standard attribute table from the passed in parameters - this will
     * normally include contentType, signingTime, and messageDigest. If the constructor
     * using an AttributeTable was used, entries in it for contentType, signingTime, and
     * messageDigest will override the generated ones.
     *
     * @param parameters source parameters for table generation.
     *
     * @return a filled in Hashtable of attributes.
     */
protected Hashtable createStandardAttributeTable(Map parameters) {
    Hashtable std = (Hashtable) table.clone();
    if (!std.containsKey(CMSAttributes.contentType)) {
        ASN1ObjectIdentifier contentType = ASN1ObjectIdentifier.getInstance(parameters.get(CMSAttributeTableGenerator.CONTENT_TYPE));
        // contentType will be null if we're trying to generate a counter signature.
        if (contentType != null) {
            Attribute attr = new Attribute(CMSAttributes.contentType, new DERSet(contentType));
            std.put(attr.getAttrType(), attr);
        }
    }
    if (!std.containsKey(CMSAttributes.signingTime)) {
        Date signingTime = new Date();
        Attribute attr = new Attribute(CMSAttributes.signingTime, new DERSet(new Time(signingTime)));
        std.put(attr.getAttrType(), attr);
    }
    if (!std.containsKey(CMSAttributes.messageDigest)) {
        byte[] messageDigest = (byte[]) parameters.get(CMSAttributeTableGenerator.DIGEST);
        Attribute attr = new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(messageDigest)));
        std.put(attr.getAttrType(), attr);
    }
    return std;
}
Also used : Attribute(org.bouncycastle.asn1.cms.Attribute) Hashtable(java.util.Hashtable) Time(org.bouncycastle.asn1.cms.Time) DERSet(org.bouncycastle.asn1.DERSet) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) Date(java.util.Date) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 10 with DEROctetString

use of com.android.org.bouncycastle.asn1.DEROctetString in project robovm by robovm.

the class DigestInfo method toASN1Primitive.

public ASN1Primitive toASN1Primitive() {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(algId);
    v.add(new DEROctetString(digest));
    return new DERSequence(v);
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Aggregations

DEROctetString (org.bouncycastle.asn1.DEROctetString)20 DERSequence (org.bouncycastle.asn1.DERSequence)10 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)9 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)8 IOException (java.io.IOException)7 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)7 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)5 BigInteger (java.math.BigInteger)4 DERBitString (org.bouncycastle.asn1.DERBitString)4 DERInteger (org.bouncycastle.asn1.DERInteger)4 DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)4 X962Parameters (org.bouncycastle.asn1.x9.X962Parameters)4 X9ECParameters (org.bouncycastle.asn1.x9.X9ECParameters)4 X9ECPoint (org.bouncycastle.asn1.x9.X9ECPoint)4 ECParameterSpec (java.security.spec.ECParameterSpec)3 Enumeration (java.util.Enumeration)3 Hashtable (java.util.Hashtable)3 DERSet (org.bouncycastle.asn1.DERSet)3 DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)3 ByteArrayOutputStream (java.io.ByteArrayOutputStream)2