use of com.github.zhenwei.core.asn1.ASN1Encodable in project aws-greengrass-nucleus by aws-greengrass.
the class EncryptionUtilsTest method generatePkCS1PrivateKeyFile.
public static Path generatePkCS1PrivateKeyFile(int keySize, Path filepath) throws Exception {
KeyPair pair = generateRSAKeyPair(keySize);
byte[] privateKey = pair.getPrivate().getEncoded();
PrivateKeyInfo keyInfo = PrivateKeyInfo.getInstance(privateKey);
ASN1Encodable encodable = keyInfo.parsePrivateKey();
ASN1Primitive primitive = encodable.toASN1Primitive();
privateKey = primitive.getEncoded();
writePemFile("RSA PRIVATE KEY", privateKey, filepath);
return filepath;
}
use of com.github.zhenwei.core.asn1.ASN1Encodable in project Auditor by GrapheneOS.
the class AttestationApplicationId method parseAttestationPackageInfos.
private List<AttestationPackageInfo> parseAttestationPackageInfos(ASN1Encodable asn1Encodable) throws CertificateParsingException {
if (!(asn1Encodable instanceof ASN1Set)) {
throw new CertificateParsingException("Expected set for AttestationApplicationsInfos, found " + asn1Encodable.getClass().getName());
}
ASN1Set set = (ASN1Set) asn1Encodable;
List<AttestationPackageInfo> result = new ArrayList<>();
for (ASN1Encodable e : set) {
result.add(new AttestationPackageInfo(e));
}
return result;
}
use of com.github.zhenwei.core.asn1.ASN1Encodable in project pdf-sign-check by spapas.
the class CertificateVerifier method extractOCSPURL.
/**
* Extract the OCSP URL from an X.509 certificate if available.
*
* @param cert X.509 certificate
* @return the URL of the OCSP validation service
* @throws IOException
*/
private static String extractOCSPURL(X509Certificate cert) throws IOException {
byte[] authorityExtensionValue = cert.getExtensionValue(Extension.authorityInfoAccess.getId());
if (authorityExtensionValue != null) {
// copied from CertInformationHelper.getAuthorityInfoExtensionValue()
// DRY refactor should be done some day
ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue);
Enumeration<?> objects = asn1Seq.getObjects();
while (objects.hasMoreElements()) {
// AccessDescription
ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
ASN1Encodable oid = obj.getObjectAt(0);
// accessLocation
ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
if (X509ObjectIdentifiers.id_ad_ocsp.equals(oid) && location.getTagNo() == GeneralName.uniformResourceIdentifier) {
ASN1OctetString url = (ASN1OctetString) location.getBaseObject();
String ocspURL = new String(url.getOctets());
LOG.info("OCSP URL: " + ocspURL);
return ocspURL;
}
}
}
return null;
}
use of com.github.zhenwei.core.asn1.ASN1Encodable in project pdf-sign-check by spapas.
the class ValidationTimeStamp method signTimeStamp.
/**
* Extend CMS Signer Information with the TimeStampToken into the unsigned Attributes.
*
* @param signer information about signer
* @return information about SignerInformation
* @throws IOException
*/
private SignerInformation signTimeStamp(SignerInformation signer) throws IOException {
AttributeTable unsignedAttributes = signer.getUnsignedAttributes();
ASN1EncodableVector vector = new ASN1EncodableVector();
if (unsignedAttributes != null) {
vector = unsignedAttributes.toASN1EncodableVector();
}
TimeStampToken timeStampToken = tsaClient.getTimeStampToken(new ByteArrayInputStream(signer.getSignature()));
byte[] token = timeStampToken.getEncoded();
ASN1ObjectIdentifier oid = PKCSObjectIdentifiers.id_aa_signatureTimeStampToken;
ASN1Encodable signatureTimeStamp = new Attribute(oid, new DERSet(ASN1Primitive.fromByteArray(token)));
vector.add(signatureTimeStamp);
Attributes signedAttributes = new Attributes(vector);
// see source code of replaceUnsignedAttributes
return SignerInformation.replaceUnsignedAttributes(signer, new AttributeTable(signedAttributes));
}
use of com.github.zhenwei.core.asn1.ASN1Encodable in project acme4j by shred.
the class SMIMECSRBuilderTest method keyUsageTest.
/**
* Validate the Key Usage bits.
*
* @param csr
* {@link PKCS10CertificationRequest} to validate
* @param expectedUsageBits
* Expected key usage bits. Exact match, validation fails if other bits are
* set or reset. If {@code null}, validation fails if key usage bits are set.
*/
private void keyUsageTest(PKCS10CertificationRequest csr, Integer expectedUsageBits) {
Attribute[] attr = csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
assertThat(attr).hasSize(1);
ASN1Encodable[] extensions = attr[0].getAttrValues().toArray();
assertThat(extensions).hasSize(1);
DERBitString keyUsageBits = (DERBitString) ((Extensions) extensions[0]).getExtensionParsedValue(Extension.keyUsage);
if (expectedUsageBits != null) {
assertThat(keyUsageBits.intValue()).isEqualTo(expectedUsageBits);
} else {
assertThat(keyUsageBits).isNull();
}
}
Aggregations