Search in sources :

Example 51 with ASN1ObjectIdentifier

use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project attestation by TokenScript.

the class ASN1Util method restorePublicKey.

/**
 * Extract the public key from its DER encoded BITString
 * @param input
 * @return
 */
public static AsymmetricKeyParameter restorePublicKey(byte[] input, X9ECParameters parameters, String oid) throws IOException {
    AlgorithmIdentifier identifierEnc = new AlgorithmIdentifier(new ASN1ObjectIdentifier(oid), parameters.toASN1Primitive());
    ASN1BitString keyEnc = DERBitString.getInstance(input);
    ASN1Sequence spkiEnc = new DERSequence(new ASN1Encodable[] { identifierEnc, keyEnc });
    SubjectPublicKeyInfo spki = SubjectPublicKeyInfo.getInstance(spkiEnc);
    return PublicKeyFactory.createKey(spki);
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERSequence(org.bouncycastle.asn1.DERSequence) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ASN1BitString(org.bouncycastle.asn1.ASN1BitString) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 52 with ASN1ObjectIdentifier

use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project attestation by TokenScript.

the class Parser method getExtensions.

public Map<String, Extensions> getExtensions() {
    Map<String, Extensions> res = new HashMap<>();
    for (String currentDatasourceName : matching.keySet()) {
        List<Extension> extensionList = new ArrayList<>();
        Map<String, String> currentMap = matching.get(currentDatasourceName);
        currentMap.putAll(global);
        for (String oid : currentMap.keySet()) {
            if (!X500_OIDS.contains(oid)) {
                Extension extension = new Extension(new ASN1ObjectIdentifier(oid), true, new DEROctetString(currentMap.get(oid).getBytes(StandardCharsets.UTF_8)));
                extensionList.add(extension);
            }
        }
        res.put(currentDatasourceName, new Extensions(extensionList.toArray(new Extension[0])));
    }
    return res;
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) DEROctetString(org.bouncycastle.asn1.DEROctetString) Extensions(org.bouncycastle.asn1.x509.Extensions) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 53 with ASN1ObjectIdentifier

use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project staplr by pridiltal.

the class PdfPKCS7 method getAuthenticatedAttributeBytes.

/**
 * When using authenticatedAttributes the authentication process is different.
 * The document digest is generated and put inside the attribute. The signing is done over the DER encoded
 * authenticatedAttributes. This method provides that encoding and the parameters must be
 * exactly the same as in {@link #getEncodedPKCS7(byte[],Calendar)}.
 * <p>
 * A simple example:
 * <p>
 * <pre>
 * Calendar cal = Calendar.getInstance();
 * PdfPKCS7 pk7 = new PdfPKCS7(key, chain, null, "SHA1", null, false);
 * MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
 * byte buf[] = new byte[8192];
 * int n;
 * InputStream inp = sap.getRangeStream();
 * while ((n = inp.read(buf)) &gt; 0) {
 *    messageDigest.update(buf, 0, n);
 * }
 * byte hash[] = messageDigest.digest();
 * byte sh[] = pk7.getAuthenticatedAttributeBytes(hash, cal);
 * pk7.update(sh, 0, sh.length);
 * byte sg[] = pk7.getEncodedPKCS7(hash, cal);
 * </pre>
 * @param secondDigest the content digest
 * @param signingTime the signing time
 * @return the byte array representation of the authenticatedAttributes ready to be signed
 */
public byte[] getAuthenticatedAttributeBytes(byte[] secondDigest, Calendar signingTime) {
    try {
        ASN1EncodableVector attribute = new ASN1EncodableVector();
        ASN1EncodableVector v = new ASN1EncodableVector();
        v.add(new ASN1ObjectIdentifier(ID_CONTENT_TYPE));
        v.add(new DERSet(new ASN1ObjectIdentifier(ID_PKCS7_DATA)));
        attribute.add(new DERSequence(v));
        v = new ASN1EncodableVector();
        v.add(new ASN1ObjectIdentifier(ID_SIGNING_TIME));
        v.add(new DERSet(new DERUTCTime(signingTime.getTime())));
        attribute.add(new DERSequence(v));
        v = new ASN1EncodableVector();
        v.add(new ASN1ObjectIdentifier(ID_MESSAGE_DIGEST));
        v.add(new DERSet(new DEROctetString(secondDigest)));
        attribute.add(new DERSequence(v));
        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
        ASN1OutputStream dout = new ASN1OutputStream(bOut);
        dout.writeObject(new DERSet(attribute));
        dout.close();
        return bOut.toByteArray();
    } catch (Exception e) {
        throw new ExceptionConverter(e);
    }
}
Also used : ExceptionConverter(pdftk.com.lowagie.text.ExceptionConverter) DERSequence(org.bouncycastle.asn1.DERSequence) DERUTCTime(org.bouncycastle.asn1.DERUTCTime) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ASN1OutputStream(org.bouncycastle.asn1.ASN1OutputStream) DERSet(org.bouncycastle.asn1.DERSet) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) DEROctetString(org.bouncycastle.asn1.DEROctetString) SignatureException(java.security.SignatureException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) CRLException(java.security.cert.CRLException) NoSuchProviderException(java.security.NoSuchProviderException)

Example 54 with ASN1ObjectIdentifier

use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project jcifs by codelibs.

the class NegTokenTarg method toByteArray.

@Override
public byte[] toByteArray() {
    try {
        ByteArrayOutputStream collector = new ByteArrayOutputStream();
        ASN1OutputStream der = ASN1OutputStream.create(collector, ASN1Encoding.DER);
        ASN1EncodableVector fields = new ASN1EncodableVector();
        int res = getResult();
        if (res != UNSPECIFIED_RESULT) {
            fields.add(new DERTaggedObject(true, 0, new ASN1Enumerated(res)));
        }
        ASN1ObjectIdentifier mech = getMechanism();
        if (mech != null) {
            fields.add(new DERTaggedObject(true, 1, mech));
        }
        byte[] mechanismToken = getMechanismToken();
        if (mechanismToken != null) {
            fields.add(new DERTaggedObject(true, 2, new DEROctetString(mechanismToken)));
        }
        byte[] mechanismListMIC = getMechanismListMIC();
        if (mechanismListMIC != null) {
            fields.add(new DERTaggedObject(true, 3, new DEROctetString(mechanismListMIC)));
        }
        der.writeObject(new DERTaggedObject(true, 1, new DERSequence(fields)));
        return collector.toByteArray();
    } catch (IOException ex) {
        throw new IllegalStateException(ex.getMessage());
    }
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1Enumerated(org.bouncycastle.asn1.ASN1Enumerated) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) ASN1OutputStream(org.bouncycastle.asn1.ASN1OutputStream) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 55 with ASN1ObjectIdentifier

use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project jcifs by codelibs.

the class SpnegoContext method negotitate.

private SpnegoToken negotitate(byte[] inputBuf, int offset, int len) throws CIFSException {
    SpnegoToken spToken = getToken(inputBuf, offset, len);
    byte[] inputToken = null;
    if (spToken instanceof NegTokenInit) {
        NegTokenInit tinit = (NegTokenInit) spToken;
        ASN1ObjectIdentifier[] rm = tinit.getMechanisms();
        this.remoteMechs = rm;
        ASN1ObjectIdentifier prefMech = rm[0];
        // only use token if the optimistic mechanism is supported
        if (this.mechContext.isSupported(prefMech)) {
            inputToken = tinit.getMechanismToken();
        } else {
            ASN1ObjectIdentifier found = null;
            for (ASN1ObjectIdentifier mech : rm) {
                if (this.mechContext.isSupported(mech)) {
                    found = mech;
                    break;
                }
            }
            if (found == null) {
                throw new SmbException("Server does advertise any supported mechanism");
            }
        }
    } else if (spToken instanceof NegTokenTarg) {
        NegTokenTarg targ = (NegTokenTarg) spToken;
        if (this.firstResponse) {
            if (!this.mechContext.isSupported(targ.getMechanism())) {
                throw new SmbException("Server chose an unsupported mechanism " + targ.getMechanism());
            }
            this.selectedMech = targ.getMechanism();
            if (targ.getResult() == NegTokenTarg.REQUEST_MIC) {
                this.requireMic = true;
            }
            this.firstResponse = false;
        } else {
            if (targ.getMechanism() != null && !targ.getMechanism().equals(this.selectedMech)) {
                throw new SmbException("Server switched mechanism");
            }
        }
        inputToken = targ.getMechanismToken();
    } else {
        throw new SmbException("Invalid token");
    }
    if (spToken instanceof NegTokenTarg && this.mechContext.isEstablished()) {
        // already established, but server hasn't completed yet
        NegTokenTarg targ = (NegTokenTarg) spToken;
        if (targ.getResult() == NegTokenTarg.ACCEPT_INCOMPLETE && targ.getMechanismToken() == null && targ.getMechanismListMIC() != null) {
            // this indicates that mechlistMIC is required by the server
            verifyMechListMIC(targ.getMechanismListMIC());
            return new NegTokenTarg(NegTokenTarg.UNSPECIFIED_RESULT, null, null, calculateMechListMIC());
        } else if (targ.getResult() != NegTokenTarg.ACCEPT_COMPLETED) {
            throw new SmbException("SPNEGO negotiation did not complete");
        }
        verifyMechListMIC(targ.getMechanismListMIC());
        this.completed = true;
        return null;
    }
    if (inputToken == null) {
        return initialToken();
    }
    byte[] mechMIC = null;
    byte[] responseToken = this.mechContext.initSecContext(inputToken, 0, inputToken.length);
    if (spToken instanceof NegTokenTarg) {
        NegTokenTarg targ = (NegTokenTarg) spToken;
        if (targ.getResult() == NegTokenTarg.ACCEPT_COMPLETED && this.mechContext.isEstablished()) {
            // server sent final token
            verifyMechListMIC(targ.getMechanismListMIC());
            if (!this.disableMic || this.requireMic) {
                mechMIC = calculateMechListMIC();
            }
            this.completed = true;
        } else if (this.mechContext.isMICAvailable() && (!this.disableMic || this.requireMic)) {
            // we need to send our final data
            mechMIC = calculateMechListMIC();
        } else if (targ.getResult() == NegTokenTarg.REJECTED) {
            throw new SmbException("SPNEGO mechanism was rejected");
        }
    }
    if (responseToken == null && this.mechContext.isEstablished()) {
        return null;
    }
    return new NegTokenTarg(NegTokenTarg.UNSPECIFIED_RESULT, null, responseToken, mechMIC);
}
Also used : NegTokenTarg(jcifs.spnego.NegTokenTarg) SpnegoToken(jcifs.spnego.SpnegoToken) NegTokenInit(jcifs.spnego.NegTokenInit) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)545 IOException (java.io.IOException)161 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)126 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)87 DEROctetString (org.bouncycastle.asn1.DEROctetString)87 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)73 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)71 Enumeration (java.util.Enumeration)70 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)70 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)69 ArrayList (java.util.ArrayList)65 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)64 BigInteger (java.math.BigInteger)60 DERSequence (org.bouncycastle.asn1.DERSequence)60 HashSet (java.util.HashSet)57 DERIA5String (org.bouncycastle.asn1.DERIA5String)52 X500Name (org.bouncycastle.asn1.x500.X500Name)52 X509Certificate (java.security.cert.X509Certificate)50 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)47 Extension (org.bouncycastle.asn1.x509.Extension)46