Examples with ASN1ObjectIdentifier com.github.zhenwei.core.asn1.ASN1ObjectIdentifier used on opensource projects

Example 1 with ASN1ObjectIdentifier

use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project OpenAttestation by OpenAttestation.

the class X509AttrBuilder method subjectUuid.

/*
     public X509AttrBuilder subjectName(sun.security.x509.X500Name subjectName) {
     return subjectName(subjectName.getRFC2253Name());
     }
     */
public X509AttrBuilder subjectUuid(UUID uuid) {
    DEROctetString uuidText = new DEROctetString(uuid.toByteArray().getBytes());
    ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(OID.HOST_UUID);
    AttributeTypeAndValue attr = new AttributeTypeAndValue(oid, uuidText);
    RDN rdn = new RDN(attr);
    subjectName = new X500Name(new RDN[] { rdn });
    return this;
}

Example 2 with ASN1ObjectIdentifier

use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project android_frameworks_base by ResurrectionRemix.

the class AndroidKeyStoreKeyPairGeneratorSpi method generateSelfSignedCertificateWithFakeSignature.

@SuppressWarnings("deprecation")
private X509Certificate generateSelfSignedCertificateWithFakeSignature(PublicKey publicKey) throws IOException, CertificateParsingException {
    V3TBSCertificateGenerator tbsGenerator = new V3TBSCertificateGenerator();
    ASN1ObjectIdentifier sigAlgOid;
    AlgorithmIdentifier sigAlgId;
    byte[] signature;
    switch(mKeymasterAlgorithm) {
        case KeymasterDefs.KM_ALGORITHM_EC:
            sigAlgOid = X9ObjectIdentifiers.ecdsa_with_SHA256;
            sigAlgId = new AlgorithmIdentifier(sigAlgOid);
            ASN1EncodableVector v = new ASN1EncodableVector();
            v.add(new DERInteger(0));
            v.add(new DERInteger(0));
            signature = new DERSequence().getEncoded();
            break;
        case KeymasterDefs.KM_ALGORITHM_RSA:
            sigAlgOid = PKCSObjectIdentifiers.sha256WithRSAEncryption;
            sigAlgId = new AlgorithmIdentifier(sigAlgOid, DERNull.INSTANCE);
            signature = new byte[1];
            break;
        default:
            throw new ProviderException("Unsupported key algorithm: " + mKeymasterAlgorithm);
    }
    try (ASN1InputStream publicKeyInfoIn = new ASN1InputStream(publicKey.getEncoded())) {
        tbsGenerator.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(publicKeyInfoIn.readObject()));
    }
    tbsGenerator.setSerialNumber(new ASN1Integer(mSpec.getCertificateSerialNumber()));
    X509Principal subject = new X509Principal(mSpec.getCertificateSubject().getEncoded());
    tbsGenerator.setSubject(subject);
    tbsGenerator.setIssuer(subject);
    tbsGenerator.setStartDate(new Time(mSpec.getCertificateNotBefore()));
    tbsGenerator.setEndDate(new Time(mSpec.getCertificateNotAfter()));
    tbsGenerator.setSignature(sigAlgId);
    TBSCertificate tbsCertificate = tbsGenerator.generateTBSCertificate();
    ASN1EncodableVector result = new ASN1EncodableVector();
    result.add(tbsCertificate);
    result.add(sigAlgId);
    result.add(new DERBitString(signature));
    return new X509CertificateObject(Certificate.getInstance(new DERSequence(result)));
}

Example 3 with ASN1ObjectIdentifier

use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project android_frameworks_base by AOSPA.

the class AndroidKeyStoreKeyPairGeneratorSpi method generateSelfSignedCertificateWithFakeSignature.

@SuppressWarnings("deprecation")
private X509Certificate generateSelfSignedCertificateWithFakeSignature(PublicKey publicKey) throws IOException, CertificateParsingException {
    V3TBSCertificateGenerator tbsGenerator = new V3TBSCertificateGenerator();
    ASN1ObjectIdentifier sigAlgOid;
    AlgorithmIdentifier sigAlgId;
    byte[] signature;
    switch(mKeymasterAlgorithm) {
        case KeymasterDefs.KM_ALGORITHM_EC:
            sigAlgOid = X9ObjectIdentifiers.ecdsa_with_SHA256;
            sigAlgId = new AlgorithmIdentifier(sigAlgOid);
            ASN1EncodableVector v = new ASN1EncodableVector();
            v.add(new DERInteger(0));
            v.add(new DERInteger(0));
            signature = new DERSequence().getEncoded();
            break;
        case KeymasterDefs.KM_ALGORITHM_RSA:
            sigAlgOid = PKCSObjectIdentifiers.sha256WithRSAEncryption;
            sigAlgId = new AlgorithmIdentifier(sigAlgOid, DERNull.INSTANCE);
            signature = new byte[1];
            break;
        default:
            throw new ProviderException("Unsupported key algorithm: " + mKeymasterAlgorithm);
    }
    try (ASN1InputStream publicKeyInfoIn = new ASN1InputStream(publicKey.getEncoded())) {
        tbsGenerator.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(publicKeyInfoIn.readObject()));
    }
    tbsGenerator.setSerialNumber(new ASN1Integer(mSpec.getCertificateSerialNumber()));
    X509Principal subject = new X509Principal(mSpec.getCertificateSubject().getEncoded());
    tbsGenerator.setSubject(subject);
    tbsGenerator.setIssuer(subject);
    tbsGenerator.setStartDate(new Time(mSpec.getCertificateNotBefore()));
    tbsGenerator.setEndDate(new Time(mSpec.getCertificateNotAfter()));
    tbsGenerator.setSignature(sigAlgId);
    TBSCertificate tbsCertificate = tbsGenerator.generateTBSCertificate();
    ASN1EncodableVector result = new ASN1EncodableVector();
    result.add(tbsCertificate);
    result.add(sigAlgId);
    result.add(new DERBitString(signature));
    return new X509CertificateObject(Certificate.getInstance(new DERSequence(result)));
}

Example 4 with ASN1ObjectIdentifier

use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project oxAuth by GluuFederation.

the class OxAuthCryptoProvider method generateV3Certificate.

public X509Certificate generateV3Certificate(KeyPair keyPair, String issuer, String signatureAlgorithm, Long expirationTime) throws CertIOException, OperatorCreationException, CertificateException {
    PrivateKey privateKey = keyPair.getPrivate();
    PublicKey publicKey = keyPair.getPublic();
    // Signers name
    X500Name issuerName = new X500Name(issuer);
    // Subjects name - the same as we are self signed.
    X500Name subjectName = new X500Name(issuer);
    // Serial
    BigInteger serial = new BigInteger(256, new SecureRandom());
    // Not before
    Date notBefore = new Date(System.currentTimeMillis() - 10000);
    Date notAfter = new Date(expirationTime);
    // Create the certificate - version 3
    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerName, serial, notBefore, notAfter, subjectName, publicKey);
    ASN1EncodableVector purposes = new ASN1EncodableVector();
    purposes.add(KeyPurposeId.id_kp_serverAuth);
    purposes.add(KeyPurposeId.id_kp_clientAuth);
    purposes.add(KeyPurposeId.anyExtendedKeyUsage);
    ASN1ObjectIdentifier extendedKeyUsage = new ASN1ObjectIdentifier("2.5.29.37").intern();
    builder.addExtension(extendedKeyUsage, false, new DERSequence(purposes));
    ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).setProvider("BC").build(privateKey);
    X509CertificateHolder holder = builder.build(signer);
    X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(holder);
    return cert;
}

Example 5 with ASN1ObjectIdentifier

use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project robovm by robovm.

the class CMSSignedDataGenerator method generate.

public CMSSignedData generate(// FIXME Avoid accessing more than once to support CMSProcessableInputStream
CMSTypedData content, boolean encapsulate) throws CMSException {
    if (!signerInfs.isEmpty()) {
        throw new IllegalStateException("this method can only be used with SignerInfoGenerator");
    }
    // TODO
    //        if (signerInfs.isEmpty())
    //        {
    //            /* RFC 3852 5.2
    //             * "In the degenerate case where there are no signers, the
    //             * EncapsulatedContentInfo value being "signed" is irrelevant.  In this
    //             * case, the content type within the EncapsulatedContentInfo value being
    //             * "signed" MUST be id-data (as defined in section 4), and the content
    //             * field of the EncapsulatedContentInfo value MUST be omitted."
    //             */
    //            if (encapsulate)
    //            {
    //                throw new IllegalArgumentException("no signers, encapsulate must be false");
    //            }
    //            if (!DATA.equals(eContentType))
    //            {
    //                throw new IllegalArgumentException("no signers, eContentType must be id-data");
    //            }
    //        }
    //
    //        if (!DATA.equals(eContentType))
    //        {
    //            /* RFC 3852 5.3
    //             * [The 'signedAttrs']...
    //             * field is optional, but it MUST be present if the content type of
    //             * the EncapsulatedContentInfo value being signed is not id-data.
    //             */
    //            // TODO signedAttrs must be present for all signers
    //        }
    ASN1EncodableVector digestAlgs = new ASN1EncodableVector();
    ASN1EncodableVector signerInfos = new ASN1EncodableVector();
    // clear the current preserved digest state
    digests.clear();
    //
    for (Iterator it = _signers.iterator(); it.hasNext(); ) {
        SignerInformation signer = (SignerInformation) it.next();
        digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID()));
        // TODO Verify the content type and calculated digest match the precalculated SignerInfo
        signerInfos.add(signer.toASN1Structure());
    }
    //
    // add the SignerInfo objects
    //
    ASN1ObjectIdentifier contentTypeOID = content.getContentType();
    ASN1OctetString octs = null;
    if (content != null) {
        ByteArrayOutputStream bOut = null;
        if (encapsulate) {
            bOut = new ByteArrayOutputStream();
        }
        OutputStream cOut = CMSUtils.attachSignersToOutputStream(signerGens, bOut);
        // Just in case it's unencapsulated and there are no signers!
        cOut = CMSUtils.getSafeOutputStream(cOut);
        try {
            content.write(cOut);
            cOut.close();
        } catch (IOException e) {
            throw new CMSException("data processing exception: " + e.getMessage(), e);
        }
        if (encapsulate) {
            octs = new BEROctetString(bOut.toByteArray());
        }
    }
    for (Iterator it = signerGens.iterator(); it.hasNext(); ) {
        SignerInfoGenerator sGen = (SignerInfoGenerator) it.next();
        SignerInfo inf = sGen.generate(contentTypeOID);
        digestAlgs.add(inf.getDigestAlgorithm());
        signerInfos.add(inf);
        byte[] calcDigest = sGen.getCalculatedDigest();
        if (calcDigest != null) {
            digests.put(inf.getDigestAlgorithm().getAlgorithm().getId(), calcDigest);
        }
    }
    ASN1Set certificates = null;
    if (certs.size() != 0) {
        certificates = CMSUtils.createBerSetFromList(certs);
    }
    ASN1Set certrevlist = null;
    if (crls.size() != 0) {
        certrevlist = CMSUtils.createBerSetFromList(crls);
    }
    ContentInfo encInfo = new ContentInfo(contentTypeOID, octs);
    SignedData sd = new SignedData(new DERSet(digestAlgs), encInfo, certificates, certrevlist, new DERSet(signerInfos));
    ContentInfo contentInfo = new ContentInfo(CMSObjectIdentifiers.signedData, sd);
    return new CMSSignedData(content, contentInfo);
}