Search in sources :

Example 46 with DEROctetString

use of com.github.zhenwei.core.asn1.DEROctetString in project LinLong-Java by zhenwei1108.

the class ESSCertIDv2 method toASN1Primitive.

/**
 * <pre>
 * ESSCertIDv2 ::=  SEQUENCE {
 *     hashAlgorithm     AlgorithmIdentifier
 *              DEFAULT {algorithm id-sha256},
 *     certHash          Hash,
 *     issuerSerial      IssuerSerial OPTIONAL
 * }
 *
 * Hash ::= OCTET STRING
 *
 * IssuerSerial ::= SEQUENCE {
 *     issuer         GeneralNames,
 *     serialNumber   CertificateSerialNumber
 * }
 * </pre>
 */
public ASN1Primitive toASN1Primitive() {
    ASN1EncodableVector v = new ASN1EncodableVector(3);
    if (!hashAlgorithm.equals(DEFAULT_ALG_ID)) {
        v.add(hashAlgorithm);
    }
    v.add(new DEROctetString(certHash).toASN1Primitive());
    if (issuerSerial != null) {
        v.add(issuerSerial);
    }
    return new DERSequence(v);
}
Also used : DERSequence(com.github.zhenwei.core.asn1.DERSequence) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)

Example 47 with DEROctetString

use of com.github.zhenwei.core.asn1.DEROctetString in project LinLong-Java by zhenwei1108.

the class ECDSAPublicKey method getASN1EncodableVector.

public ASN1EncodableVector getASN1EncodableVector(ASN1ObjectIdentifier oid, boolean publicPointOnly) {
    ASN1EncodableVector v = new ASN1EncodableVector(8);
    v.add(oid);
    if (!publicPointOnly) {
        v.add(new UnsignedInteger(0x01, getPrimeModulusP()));
        v.add(new UnsignedInteger(0x02, getFirstCoefA()));
        v.add(new UnsignedInteger(0x03, getSecondCoefB()));
        v.add(new DERTaggedObject(false, 0x04, new DEROctetString(getBasePointG())));
        v.add(new UnsignedInteger(0x05, getOrderOfBasePointR()));
    }
    v.add(new DERTaggedObject(false, 0x06, new DEROctetString(getPublicPointY())));
    if (!publicPointOnly) {
        v.add(new UnsignedInteger(0x07, getCofactorF()));
    }
    return v;
}
Also used : DERTaggedObject(com.github.zhenwei.core.asn1.DERTaggedObject) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)

Example 48 with DEROctetString

use of com.github.zhenwei.core.asn1.DEROctetString in project LinLong-Java by zhenwei1108.

the class PKCS12KeyStoreSpi method doStore.

private void doStore(OutputStream stream, char[] password, boolean useDEREncoding) throws IOException {
    if (keys.size() == 0) {
        if (password == null) {
            Enumeration cs = certs.keys();
            ASN1EncodableVector certSeq = new ASN1EncodableVector();
            while (cs.hasMoreElements()) {
                try {
                    String certId = (String) cs.nextElement();
                    Certificate cert = (Certificate) certs.get(certId);
                    SafeBag sBag = createSafeBag(certId, cert);
                    certSeq.add(sBag);
                } catch (CertificateEncodingException e) {
                    throw new IOException("Error encoding certificate: " + e.toString());
                }
            }
            if (useDEREncoding) {
                ContentInfo bagInfo = new ContentInfo(PKCSObjectIdentifiers.data, new DEROctetString(new DERSequence(certSeq).getEncoded()));
                Pfx pfx = new Pfx(new ContentInfo(PKCSObjectIdentifiers.data, new DEROctetString(new DERSequence(bagInfo).getEncoded())), null);
                pfx.encodeTo(stream, ASN1Encoding.DER);
            } else {
                ContentInfo bagInfo = new ContentInfo(PKCSObjectIdentifiers.data, new BEROctetString(new BERSequence(certSeq).getEncoded()));
                Pfx pfx = new Pfx(new ContentInfo(PKCSObjectIdentifiers.data, new BEROctetString(new BERSequence(bagInfo).getEncoded())), null);
                pfx.encodeTo(stream, ASN1Encoding.BER);
            }
            return;
        }
    } else {
        if (password == null) {
            throw new NullPointerException("no password supplied for PKCS#12 KeyStore");
        }
    }
    // 
    // handle the key
    // 
    ASN1EncodableVector keyS = new ASN1EncodableVector();
    Enumeration ks = keys.keys();
    while (ks.hasMoreElements()) {
        byte[] kSalt = new byte[SALT_SIZE];
        random.nextBytes(kSalt);
        String name = (String) ks.nextElement();
        PrivateKey privKey = (PrivateKey) keys.get(name);
        PKCS12PBEParams kParams = new PKCS12PBEParams(kSalt, MIN_ITERATIONS);
        byte[] kBytes = wrapKey(keyAlgorithm.getId(), privKey, kParams, password);
        AlgorithmIdentifier kAlgId = new AlgorithmIdentifier(keyAlgorithm, kParams.toASN1Primitive());
        com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo kInfo = new com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo(kAlgId, kBytes);
        boolean attrSet = false;
        ASN1EncodableVector kName = new ASN1EncodableVector();
        if (privKey instanceof PKCS12BagAttributeCarrier) {
            PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier) privKey;
            // 
            // make sure we are using the local alias on store
            // 
            ASN1BMPString nm = (ASN1BMPString) bagAttrs.getBagAttribute(pkcs_9_at_friendlyName);
            if (nm == null || !nm.getString().equals(name)) {
                bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name));
            }
            // 
            if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null) {
                Certificate ct = engineGetCertificate(name);
                bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(ct.getPublicKey()));
            }
            Enumeration e = bagAttrs.getBagAttributeKeys();
            while (e.hasMoreElements()) {
                ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
                ASN1EncodableVector kSeq = new ASN1EncodableVector();
                kSeq.add(oid);
                kSeq.add(new DERSet(bagAttrs.getBagAttribute(oid)));
                attrSet = true;
                kName.add(new DERSequence(kSeq));
            }
        }
        if (!attrSet) {
            // 
            // set a default friendly name (from the key id) and local id
            // 
            ASN1EncodableVector kSeq = new ASN1EncodableVector();
            Certificate ct = engineGetCertificate(name);
            kSeq.add(pkcs_9_at_localKeyId);
            kSeq.add(new DERSet(createSubjectKeyId(ct.getPublicKey())));
            kName.add(new DERSequence(kSeq));
            kSeq = new ASN1EncodableVector();
            kSeq.add(pkcs_9_at_friendlyName);
            kSeq.add(new DERSet(new DERBMPString(name)));
            kName.add(new DERSequence(kSeq));
        }
        SafeBag kBag = new SafeBag(pkcs8ShroudedKeyBag, kInfo.toASN1Primitive(), new DERSet(kName));
        keyS.add(kBag);
    }
    byte[] keySEncoded = new DERSequence(keyS).getEncoded(ASN1Encoding.DER);
    BEROctetString keyString = new BEROctetString(keySEncoded);
    // 
    // certificate processing
    // 
    byte[] cSalt = new byte[SALT_SIZE];
    random.nextBytes(cSalt);
    ASN1EncodableVector certSeq = new ASN1EncodableVector();
    PKCS12PBEParams cParams = new PKCS12PBEParams(cSalt, MIN_ITERATIONS);
    AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.toASN1Primitive());
    Hashtable doneCerts = new Hashtable();
    Enumeration cs = keys.keys();
    while (cs.hasMoreElements()) {
        try {
            String name = (String) cs.nextElement();
            Certificate cert = engineGetCertificate(name);
            boolean cAttrSet = false;
            CertBag cBag = new CertBag(x509Certificate, new DEROctetString(cert.getEncoded()));
            ASN1EncodableVector fName = new ASN1EncodableVector();
            if (cert instanceof PKCS12BagAttributeCarrier) {
                PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier) cert;
                // 
                // make sure we are using the local alias on store
                // 
                ASN1BMPString nm = (ASN1BMPString) bagAttrs.getBagAttribute(pkcs_9_at_friendlyName);
                if (nm == null || !nm.getString().equals(name)) {
                    bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name));
                }
                // 
                if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null) {
                    bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(cert.getPublicKey()));
                }
                Enumeration e = bagAttrs.getBagAttributeKeys();
                while (e.hasMoreElements()) {
                    ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
                    ASN1EncodableVector fSeq = new ASN1EncodableVector();
                    fSeq.add(oid);
                    fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid)));
                    fName.add(new DERSequence(fSeq));
                    cAttrSet = true;
                }
            }
            if (!cAttrSet) {
                ASN1EncodableVector fSeq = new ASN1EncodableVector();
                fSeq.add(pkcs_9_at_localKeyId);
                fSeq.add(new DERSet(createSubjectKeyId(cert.getPublicKey())));
                fName.add(new DERSequence(fSeq));
                fSeq = new ASN1EncodableVector();
                fSeq.add(pkcs_9_at_friendlyName);
                fSeq.add(new DERSet(new DERBMPString(name)));
                fName.add(new DERSequence(fSeq));
            }
            SafeBag sBag = new SafeBag(certBag, cBag.toASN1Primitive(), new DERSet(fName));
            certSeq.add(sBag);
            doneCerts.put(cert, cert);
        } catch (CertificateEncodingException e) {
            throw new IOException("Error encoding certificate: " + e.toString());
        }
    }
    cs = certs.keys();
    while (cs.hasMoreElements()) {
        try {
            String certId = (String) cs.nextElement();
            Certificate cert = (Certificate) certs.get(certId);
            if (keys.get(certId) != null) {
                continue;
            }
            SafeBag sBag = createSafeBag(certId, cert);
            certSeq.add(sBag);
            doneCerts.put(cert, cert);
        } catch (CertificateEncodingException e) {
            throw new IOException("Error encoding certificate: " + e.toString());
        }
    }
    Set usedSet = getUsedCertificateSet();
    cs = chainCerts.keys();
    while (cs.hasMoreElements()) {
        try {
            CertId certId = (CertId) cs.nextElement();
            Certificate cert = (Certificate) chainCerts.get(certId);
            if (!usedSet.contains(cert)) {
                continue;
            }
            if (doneCerts.get(cert) != null) {
                continue;
            }
            CertBag cBag = new CertBag(x509Certificate, new DEROctetString(cert.getEncoded()));
            ASN1EncodableVector fName = new ASN1EncodableVector();
            if (cert instanceof PKCS12BagAttributeCarrier) {
                PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier) cert;
                Enumeration e = bagAttrs.getBagAttributeKeys();
                while (e.hasMoreElements()) {
                    ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
                    // If we find one, we'll prune it out.
                    if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) {
                        continue;
                    }
                    ASN1EncodableVector fSeq = new ASN1EncodableVector();
                    fSeq.add(oid);
                    fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid)));
                    fName.add(new DERSequence(fSeq));
                }
            }
            SafeBag sBag = new SafeBag(certBag, cBag.toASN1Primitive(), new DERSet(fName));
            certSeq.add(sBag);
        } catch (CertificateEncodingException e) {
            throw new IOException("Error encoding certificate: " + e.toString());
        }
    }
    byte[] certSeqEncoded = new DERSequence(certSeq).getEncoded(ASN1Encoding.DER);
    byte[] certBytes = cryptData(true, cAlgId, password, false, certSeqEncoded);
    EncryptedData cInfo = new EncryptedData(data, cAlgId, new BEROctetString(certBytes));
    ContentInfo[] info = new ContentInfo[] { new ContentInfo(data, keyString), new ContentInfo(encryptedData, cInfo.toASN1Primitive()) };
    AuthenticatedSafe auth = new AuthenticatedSafe(info);
    byte[] pkg = auth.getEncoded(useDEREncoding ? ASN1Encoding.DER : ASN1Encoding.BER);
    ContentInfo mainInfo = new ContentInfo(data, new BEROctetString(pkg));
    // 
    // create the mac
    // 
    byte[] mSalt = new byte[saltLength];
    random.nextBytes(mSalt);
    byte[] data = ((ASN1OctetString) mainInfo.getContent()).getOctets();
    MacData mData;
    try {
        byte[] res = calculatePbeMac(macAlgorithm.getAlgorithm(), mSalt, itCount, password, false, data);
        DigestInfo dInfo = new DigestInfo(macAlgorithm, res);
        mData = new MacData(dInfo, mSalt, itCount);
    } catch (Exception e) {
        throw new IOException("error constructing MAC: " + e.toString());
    }
    // 
    // output the Pfx
    // 
    Pfx pfx = new Pfx(mainInfo, mData);
    pfx.encodeTo(stream, useDEREncoding ? ASN1Encoding.DER : ASN1Encoding.BER);
}
Also used : ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString) PrivateKey(java.security.PrivateKey) Set(java.util.Set) DERSet(com.github.zhenwei.core.asn1.DERSet) ASN1Set(com.github.zhenwei.core.asn1.ASN1Set) HashSet(java.util.HashSet) ASN1BMPString(com.github.zhenwei.core.asn1.ASN1BMPString) AuthenticatedSafe(com.github.zhenwei.core.asn1.pkcs.AuthenticatedSafe) BEROctetString(com.github.zhenwei.core.asn1.BEROctetString) DERBMPString(com.github.zhenwei.core.asn1.DERBMPString) ASN1BMPString(com.github.zhenwei.core.asn1.ASN1BMPString) ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString) DEROctetString(com.github.zhenwei.core.asn1.DEROctetString) DERSet(com.github.zhenwei.core.asn1.DERSet) DEROctetString(com.github.zhenwei.core.asn1.DEROctetString) PKCS12BagAttributeCarrier(com.github.zhenwei.provider.jce.interfaces.PKCS12BagAttributeCarrier) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) DERSequence(com.github.zhenwei.core.asn1.DERSequence) BEROctetString(com.github.zhenwei.core.asn1.BEROctetString) ContentInfo(com.github.zhenwei.core.asn1.pkcs.ContentInfo) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) EncryptedData(com.github.zhenwei.core.asn1.pkcs.EncryptedData) MacData(com.github.zhenwei.core.asn1.pkcs.MacData) Enumeration(java.util.Enumeration) Pfx(com.github.zhenwei.core.asn1.pkcs.Pfx) DERBMPString(com.github.zhenwei.core.asn1.DERBMPString) Hashtable(java.util.Hashtable) BERSequence(com.github.zhenwei.core.asn1.BERSequence) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) SafeBag(com.github.zhenwei.core.asn1.pkcs.SafeBag) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) CertificateEncodingException(java.security.cert.CertificateEncodingException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) IOException(java.io.IOException) EOFException(java.io.EOFException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) CertificateException(java.security.cert.CertificateException) NoSuchProviderException(java.security.NoSuchProviderException) CertBag(com.github.zhenwei.core.asn1.pkcs.CertBag) PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams) DigestInfo(com.github.zhenwei.core.asn1.x509.DigestInfo) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 49 with DEROctetString

use of com.github.zhenwei.core.asn1.DEROctetString in project LinLong-Java by zhenwei1108.

the class PKCS12KeyStoreSpi method createSafeBag.

private SafeBag createSafeBag(String certId, Certificate cert) throws CertificateEncodingException {
    CertBag cBag = new CertBag(x509Certificate, new DEROctetString(cert.getEncoded()));
    ASN1EncodableVector fName = new ASN1EncodableVector();
    boolean cAttrSet = false;
    if (cert instanceof PKCS12BagAttributeCarrier) {
        PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier) cert;
        // 
        // make sure we are using the local alias on store
        // 
        ASN1BMPString nm = (ASN1BMPString) bagAttrs.getBagAttribute(pkcs_9_at_friendlyName);
        if (nm == null || !nm.getString().equals(certId)) {
            if (certId != null) {
                bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(certId));
            }
        }
        Enumeration e = bagAttrs.getBagAttributeKeys();
        while (e.hasMoreElements()) {
            ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
            // If we find one, we'll prune it out.
            if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) {
                continue;
            }
            ASN1EncodableVector fSeq = new ASN1EncodableVector();
            fSeq.add(oid);
            fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid)));
            fName.add(new DERSequence(fSeq));
            cAttrSet = true;
        }
    }
    if (!cAttrSet) {
        ASN1EncodableVector fSeq = new ASN1EncodableVector();
        fSeq.add(pkcs_9_at_friendlyName);
        fSeq.add(new DERSet(new DERBMPString(certId)));
        fName.add(new DERSequence(fSeq));
    }
    return new SafeBag(certBag, cBag.toASN1Primitive(), new DERSet(fName));
}
Also used : CertBag(com.github.zhenwei.core.asn1.pkcs.CertBag) DERBMPString(com.github.zhenwei.core.asn1.DERBMPString) Enumeration(java.util.Enumeration) DERSequence(com.github.zhenwei.core.asn1.DERSequence) ASN1BMPString(com.github.zhenwei.core.asn1.ASN1BMPString) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) SafeBag(com.github.zhenwei.core.asn1.pkcs.SafeBag) DERSet(com.github.zhenwei.core.asn1.DERSet) DEROctetString(com.github.zhenwei.core.asn1.DEROctetString) PKCS12BagAttributeCarrier(com.github.zhenwei.provider.jce.interfaces.PKCS12BagAttributeCarrier) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)

Example 50 with DEROctetString

use of com.github.zhenwei.core.asn1.DEROctetString in project LinLong-Java by zhenwei1108.

the class MacData method toASN1Primitive.

/**
 * <pre>
 * MacData ::= SEQUENCE {
 *     mac      DigestInfo,
 *     macSalt  OCTET STRING,
 *     iterations INTEGER DEFAULT 1
 *     -- Note: The default is for historic reasons and its use is deprecated. A
 *     -- higher value, like 1024 is recommended.
 * </pre>
 *
 * @return the basic ASN1Primitive construction.
 */
public ASN1Primitive toASN1Primitive() {
    ASN1EncodableVector v = new ASN1EncodableVector(3);
    v.add(digInfo);
    v.add(new DEROctetString(salt));
    if (!iterationCount.equals(ONE)) {
        v.add(new ASN1Integer(iterationCount));
    }
    return new DERSequence(v);
}
Also used : DERSequence(com.github.zhenwei.core.asn1.DERSequence) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) ASN1Integer(com.github.zhenwei.core.asn1.ASN1Integer) DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)

Aggregations

DEROctetString (org.bouncycastle.asn1.DEROctetString)139 IOException (java.io.IOException)104 DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)86 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)49 DERSequence (org.bouncycastle.asn1.DERSequence)48 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)46 DERSequence (com.github.zhenwei.core.asn1.DERSequence)44 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)39 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)32 BigInteger (java.math.BigInteger)27 Extension (org.bouncycastle.asn1.x509.Extension)27 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)26 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)26 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)24 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)23 DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)21 ASN1Integer (com.github.zhenwei.core.asn1.ASN1Integer)20 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)19 Extensions (org.bouncycastle.asn1.x509.Extensions)19 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)18