use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project attestation by TokenScript.
the class ASN1Util method restorePublicKey.
/**
* Extract the public key from its DER encoded BITString
* @param input
* @return
*/
public static AsymmetricKeyParameter restorePublicKey(byte[] input, X9ECParameters parameters, String oid) throws IOException {
AlgorithmIdentifier identifierEnc = new AlgorithmIdentifier(new ASN1ObjectIdentifier(oid), parameters.toASN1Primitive());
ASN1BitString keyEnc = DERBitString.getInstance(input);
ASN1Sequence spkiEnc = new DERSequence(new ASN1Encodable[] { identifierEnc, keyEnc });
SubjectPublicKeyInfo spki = SubjectPublicKeyInfo.getInstance(spkiEnc);
return PublicKeyFactory.createKey(spki);
}
use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project attestation by TokenScript.
the class Parser method getExtensions.
public Map<String, Extensions> getExtensions() {
Map<String, Extensions> res = new HashMap<>();
for (String currentDatasourceName : matching.keySet()) {
List<Extension> extensionList = new ArrayList<>();
Map<String, String> currentMap = matching.get(currentDatasourceName);
currentMap.putAll(global);
for (String oid : currentMap.keySet()) {
if (!X500_OIDS.contains(oid)) {
Extension extension = new Extension(new ASN1ObjectIdentifier(oid), true, new DEROctetString(currentMap.get(oid).getBytes(StandardCharsets.UTF_8)));
extensionList.add(extension);
}
}
res.put(currentDatasourceName, new Extensions(extensionList.toArray(new Extension[0])));
}
return res;
}
use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project staplr by pridiltal.
the class PdfPKCS7 method getAuthenticatedAttributeBytes.
/**
* When using authenticatedAttributes the authentication process is different.
* The document digest is generated and put inside the attribute. The signing is done over the DER encoded
* authenticatedAttributes. This method provides that encoding and the parameters must be
* exactly the same as in {@link #getEncodedPKCS7(byte[],Calendar)}.
* <p>
* A simple example:
* <p>
* <pre>
* Calendar cal = Calendar.getInstance();
* PdfPKCS7 pk7 = new PdfPKCS7(key, chain, null, "SHA1", null, false);
* MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
* byte buf[] = new byte[8192];
* int n;
* InputStream inp = sap.getRangeStream();
* while ((n = inp.read(buf)) > 0) {
* messageDigest.update(buf, 0, n);
* }
* byte hash[] = messageDigest.digest();
* byte sh[] = pk7.getAuthenticatedAttributeBytes(hash, cal);
* pk7.update(sh, 0, sh.length);
* byte sg[] = pk7.getEncodedPKCS7(hash, cal);
* </pre>
* @param secondDigest the content digest
* @param signingTime the signing time
* @return the byte array representation of the authenticatedAttributes ready to be signed
*/
public byte[] getAuthenticatedAttributeBytes(byte[] secondDigest, Calendar signingTime) {
try {
ASN1EncodableVector attribute = new ASN1EncodableVector();
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new ASN1ObjectIdentifier(ID_CONTENT_TYPE));
v.add(new DERSet(new ASN1ObjectIdentifier(ID_PKCS7_DATA)));
attribute.add(new DERSequence(v));
v = new ASN1EncodableVector();
v.add(new ASN1ObjectIdentifier(ID_SIGNING_TIME));
v.add(new DERSet(new DERUTCTime(signingTime.getTime())));
attribute.add(new DERSequence(v));
v = new ASN1EncodableVector();
v.add(new ASN1ObjectIdentifier(ID_MESSAGE_DIGEST));
v.add(new DERSet(new DEROctetString(secondDigest)));
attribute.add(new DERSequence(v));
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
ASN1OutputStream dout = new ASN1OutputStream(bOut);
dout.writeObject(new DERSet(attribute));
dout.close();
return bOut.toByteArray();
} catch (Exception e) {
throw new ExceptionConverter(e);
}
}
use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project jcifs by codelibs.
the class NegTokenTarg method toByteArray.
@Override
public byte[] toByteArray() {
try {
ByteArrayOutputStream collector = new ByteArrayOutputStream();
ASN1OutputStream der = ASN1OutputStream.create(collector, ASN1Encoding.DER);
ASN1EncodableVector fields = new ASN1EncodableVector();
int res = getResult();
if (res != UNSPECIFIED_RESULT) {
fields.add(new DERTaggedObject(true, 0, new ASN1Enumerated(res)));
}
ASN1ObjectIdentifier mech = getMechanism();
if (mech != null) {
fields.add(new DERTaggedObject(true, 1, mech));
}
byte[] mechanismToken = getMechanismToken();
if (mechanismToken != null) {
fields.add(new DERTaggedObject(true, 2, new DEROctetString(mechanismToken)));
}
byte[] mechanismListMIC = getMechanismListMIC();
if (mechanismListMIC != null) {
fields.add(new DERTaggedObject(true, 3, new DEROctetString(mechanismListMIC)));
}
der.writeObject(new DERTaggedObject(true, 1, new DERSequence(fields)));
return collector.toByteArray();
} catch (IOException ex) {
throw new IllegalStateException(ex.getMessage());
}
}
use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project jcifs by codelibs.
the class SpnegoContext method negotitate.
private SpnegoToken negotitate(byte[] inputBuf, int offset, int len) throws CIFSException {
SpnegoToken spToken = getToken(inputBuf, offset, len);
byte[] inputToken = null;
if (spToken instanceof NegTokenInit) {
NegTokenInit tinit = (NegTokenInit) spToken;
ASN1ObjectIdentifier[] rm = tinit.getMechanisms();
this.remoteMechs = rm;
ASN1ObjectIdentifier prefMech = rm[0];
// only use token if the optimistic mechanism is supported
if (this.mechContext.isSupported(prefMech)) {
inputToken = tinit.getMechanismToken();
} else {
ASN1ObjectIdentifier found = null;
for (ASN1ObjectIdentifier mech : rm) {
if (this.mechContext.isSupported(mech)) {
found = mech;
break;
}
}
if (found == null) {
throw new SmbException("Server does advertise any supported mechanism");
}
}
} else if (spToken instanceof NegTokenTarg) {
NegTokenTarg targ = (NegTokenTarg) spToken;
if (this.firstResponse) {
if (!this.mechContext.isSupported(targ.getMechanism())) {
throw new SmbException("Server chose an unsupported mechanism " + targ.getMechanism());
}
this.selectedMech = targ.getMechanism();
if (targ.getResult() == NegTokenTarg.REQUEST_MIC) {
this.requireMic = true;
}
this.firstResponse = false;
} else {
if (targ.getMechanism() != null && !targ.getMechanism().equals(this.selectedMech)) {
throw new SmbException("Server switched mechanism");
}
}
inputToken = targ.getMechanismToken();
} else {
throw new SmbException("Invalid token");
}
if (spToken instanceof NegTokenTarg && this.mechContext.isEstablished()) {
// already established, but server hasn't completed yet
NegTokenTarg targ = (NegTokenTarg) spToken;
if (targ.getResult() == NegTokenTarg.ACCEPT_INCOMPLETE && targ.getMechanismToken() == null && targ.getMechanismListMIC() != null) {
// this indicates that mechlistMIC is required by the server
verifyMechListMIC(targ.getMechanismListMIC());
return new NegTokenTarg(NegTokenTarg.UNSPECIFIED_RESULT, null, null, calculateMechListMIC());
} else if (targ.getResult() != NegTokenTarg.ACCEPT_COMPLETED) {
throw new SmbException("SPNEGO negotiation did not complete");
}
verifyMechListMIC(targ.getMechanismListMIC());
this.completed = true;
return null;
}
if (inputToken == null) {
return initialToken();
}
byte[] mechMIC = null;
byte[] responseToken = this.mechContext.initSecContext(inputToken, 0, inputToken.length);
if (spToken instanceof NegTokenTarg) {
NegTokenTarg targ = (NegTokenTarg) spToken;
if (targ.getResult() == NegTokenTarg.ACCEPT_COMPLETED && this.mechContext.isEstablished()) {
// server sent final token
verifyMechListMIC(targ.getMechanismListMIC());
if (!this.disableMic || this.requireMic) {
mechMIC = calculateMechListMIC();
}
this.completed = true;
} else if (this.mechContext.isMICAvailable() && (!this.disableMic || this.requireMic)) {
// we need to send our final data
mechMIC = calculateMechListMIC();
} else if (targ.getResult() == NegTokenTarg.REJECTED) {
throw new SmbException("SPNEGO mechanism was rejected");
}
}
if (responseToken == null && this.mechContext.isEstablished()) {
return null;
}
return new NegTokenTarg(NegTokenTarg.UNSPECIFIED_RESULT, null, responseToken, mechMIC);
}
Aggregations