Search in sources :

Example 21 with ASN1Encodable

use of com.github.zhenwei.core.asn1.ASN1Encodable in project aws-greengrass-nucleus by aws-greengrass.

the class EncryptionUtilsTest method generatePkCS1PrivateKeyFile.

public static Path generatePkCS1PrivateKeyFile(int keySize, Path filepath) throws Exception {
    KeyPair pair = generateRSAKeyPair(keySize);
    byte[] privateKey = pair.getPrivate().getEncoded();
    PrivateKeyInfo keyInfo = PrivateKeyInfo.getInstance(privateKey);
    ASN1Encodable encodable = keyInfo.parsePrivateKey();
    ASN1Primitive primitive = encodable.toASN1Primitive();
    privateKey = primitive.getEncoded();
    writePemFile("RSA PRIVATE KEY", privateKey, filepath);
    return filepath;
}
Also used : KeyPair(java.security.KeyPair) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)

Example 22 with ASN1Encodable

use of com.github.zhenwei.core.asn1.ASN1Encodable in project Auditor by GrapheneOS.

the class AttestationApplicationId method parseAttestationPackageInfos.

private List<AttestationPackageInfo> parseAttestationPackageInfos(ASN1Encodable asn1Encodable) throws CertificateParsingException {
    if (!(asn1Encodable instanceof ASN1Set)) {
        throw new CertificateParsingException("Expected set for AttestationApplicationsInfos, found " + asn1Encodable.getClass().getName());
    }
    ASN1Set set = (ASN1Set) asn1Encodable;
    List<AttestationPackageInfo> result = new ArrayList<>();
    for (ASN1Encodable e : set) {
        result.add(new AttestationPackageInfo(e));
    }
    return result;
}
Also used : CertificateParsingException(java.security.cert.CertificateParsingException) ASN1Set(org.bouncycastle.asn1.ASN1Set) ArrayList(java.util.ArrayList) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)

Example 23 with ASN1Encodable

use of com.github.zhenwei.core.asn1.ASN1Encodable in project pdf-sign-check by spapas.

the class CertificateVerifier method extractOCSPURL.

/**
 * Extract the OCSP URL from an X.509 certificate if available.
 *
 * @param cert X.509 certificate
 * @return the URL of the OCSP validation service
 * @throws IOException
 */
private static String extractOCSPURL(X509Certificate cert) throws IOException {
    byte[] authorityExtensionValue = cert.getExtensionValue(Extension.authorityInfoAccess.getId());
    if (authorityExtensionValue != null) {
        // copied from CertInformationHelper.getAuthorityInfoExtensionValue()
        // DRY refactor should be done some day
        ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue);
        Enumeration<?> objects = asn1Seq.getObjects();
        while (objects.hasMoreElements()) {
            // AccessDescription
            ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
            ASN1Encodable oid = obj.getObjectAt(0);
            // accessLocation
            ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
            if (X509ObjectIdentifiers.id_ad_ocsp.equals(oid) && location.getTagNo() == GeneralName.uniformResourceIdentifier) {
                ASN1OctetString url = (ASN1OctetString) location.getBaseObject();
                String ocspURL = new String(url.getOctets());
                LOG.info("OCSP URL: " + ocspURL);
                return ocspURL;
            }
        }
    }
    return null;
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)

Example 24 with ASN1Encodable

use of com.github.zhenwei.core.asn1.ASN1Encodable in project pdf-sign-check by spapas.

the class ValidationTimeStamp method signTimeStamp.

/**
 * Extend CMS Signer Information with the TimeStampToken into the unsigned Attributes.
 *
 * @param signer information about signer
 * @return information about SignerInformation
 * @throws IOException
 */
private SignerInformation signTimeStamp(SignerInformation signer) throws IOException {
    AttributeTable unsignedAttributes = signer.getUnsignedAttributes();
    ASN1EncodableVector vector = new ASN1EncodableVector();
    if (unsignedAttributes != null) {
        vector = unsignedAttributes.toASN1EncodableVector();
    }
    TimeStampToken timeStampToken = tsaClient.getTimeStampToken(new ByteArrayInputStream(signer.getSignature()));
    byte[] token = timeStampToken.getEncoded();
    ASN1ObjectIdentifier oid = PKCSObjectIdentifiers.id_aa_signatureTimeStampToken;
    ASN1Encodable signatureTimeStamp = new Attribute(oid, new DERSet(ASN1Primitive.fromByteArray(token)));
    vector.add(signatureTimeStamp);
    Attributes signedAttributes = new Attributes(vector);
    // see source code of replaceUnsignedAttributes
    return SignerInformation.replaceUnsignedAttributes(signer, new AttributeTable(signedAttributes));
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) Attribute(org.bouncycastle.asn1.cms.Attribute) AttributeTable(org.bouncycastle.asn1.cms.AttributeTable) Attributes(org.bouncycastle.asn1.cms.Attributes) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) TimeStampToken(org.bouncycastle.tsp.TimeStampToken) DERSet(org.bouncycastle.asn1.DERSet) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 25 with ASN1Encodable

use of com.github.zhenwei.core.asn1.ASN1Encodable in project acme4j by shred.

the class SMIMECSRBuilderTest method keyUsageTest.

/**
 * Validate the Key Usage bits.
 *
 * @param csr
 *         {@link PKCS10CertificationRequest} to validate
 * @param expectedUsageBits
 *         Expected key usage bits. Exact match, validation fails if other bits are
 *         set or reset. If {@code null}, validation fails if key usage bits are set.
 */
private void keyUsageTest(PKCS10CertificationRequest csr, Integer expectedUsageBits) {
    Attribute[] attr = csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
    assertThat(attr).hasSize(1);
    ASN1Encodable[] extensions = attr[0].getAttrValues().toArray();
    assertThat(extensions).hasSize(1);
    DERBitString keyUsageBits = (DERBitString) ((Extensions) extensions[0]).getExtensionParsedValue(Extension.keyUsage);
    if (expectedUsageBits != null) {
        assertThat(keyUsageBits.intValue()).isEqualTo(expectedUsageBits);
    } else {
        assertThat(keyUsageBits).isNull();
    }
}
Also used : Attribute(org.bouncycastle.asn1.pkcs.Attribute) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)

Aggregations

ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)209 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)89 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)76 IOException (java.io.IOException)72 ASN1Encodable (com.github.zhenwei.core.asn1.ASN1Encodable)58 ArrayList (java.util.ArrayList)45 DEROctetString (org.bouncycastle.asn1.DEROctetString)43 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)42 DERSequence (org.bouncycastle.asn1.DERSequence)35 BigInteger (java.math.BigInteger)31 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)30 DERIA5String (org.bouncycastle.asn1.DERIA5String)30 X509Certificate (java.security.cert.X509Certificate)29 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)29 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)29 GeneralName (org.bouncycastle.asn1.x509.GeneralName)26 List (java.util.List)25 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)24 HashSet (java.util.HashSet)24 ASN1TaggedObject (org.bouncycastle.asn1.ASN1TaggedObject)23