use of com.github.zhenwei.core.asn1.DERSet in project xipki by xipki.
the class X509Ca method addXipkiCertset.
// method generateCrl
/**
* Add XiPKI extension CrlCertSet.
*
* <pre>
* Xipki-CrlCertSet ::= SET OF Xipki-CrlCert
*
* Xipki-CrlCert ::= SEQUENCE {
* serial INTEGER
* cert [0] EXPLICIT Certificate OPTIONAL
* profileName [1] EXPLICIT UTF8String OPTIONAL
* }
* </pre>
*/
private void addXipkiCertset(X509v2CRLBuilder crlBuilder, boolean deltaCrl, CrlControl control, Date notExpireAt, boolean onlyCaCerts, boolean onlyUserCerts) throws OperationException {
if (deltaCrl || !control.isXipkiCertsetIncluded()) {
return;
}
ASN1EncodableVector vector = new ASN1EncodableVector();
final int numEntries = 100;
long startId = 1;
List<SerialWithId> serials;
do {
serials = certstore.getCertSerials(caIdent, notExpireAt, startId, numEntries, false, onlyCaCerts, onlyUserCerts);
long maxId = 1;
for (SerialWithId sid : serials) {
if (sid.getId() > maxId) {
maxId = sid.getId();
}
ASN1EncodableVector vec = new ASN1EncodableVector();
vec.add(new ASN1Integer(sid.getSerial()));
Integer profileId = null;
if (control.isXipkiCertsetCertIncluded()) {
X509CertificateInfo certInfo;
try {
certInfo = certstore.getCertificateInfoForId(caIdent, caCert, sid.getId(), caIdNameMap);
} catch (CertificateException ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, "CertificateException: " + ex.getMessage());
}
Certificate cert = Certificate.getInstance(certInfo.getCert().getEncodedCert());
vec.add(new DERTaggedObject(true, 0, cert));
if (control.isXipkiCertsetProfilenameIncluded()) {
profileId = certInfo.getProfile().getId();
}
} else if (control.isXipkiCertsetProfilenameIncluded()) {
profileId = certstore.getCertProfileForId(caIdent, sid.getId());
}
if (profileId != null) {
String profileName = caIdNameMap.getCertprofileName(profileId);
vec.add(new DERTaggedObject(true, 1, new DERUTF8String(profileName)));
}
vector.add(new DERSequence(vec));
}
// end for
startId = maxId + 1;
} while (serials.size() >= numEntries);
try {
crlBuilder.addExtension(ObjectIdentifiers.id_xipki_ext_crlCertset, false, new DERSet(vector));
} catch (CertIOException ex) {
throw new OperationException(ErrorCode.INVALID_EXTENSION, "CertIOException: " + ex.getMessage());
}
}
use of com.github.zhenwei.core.asn1.DERSet in project pdfbox by apache.
the class ValidationTimeStamp method signTimeStamp.
/**
* Extend CMS Signer Information with the TimeStampToken into the unsigned Attributes.
*
* @param signer information about signer
* @return information about SignerInformation
* @throws IOException
*/
private SignerInformation signTimeStamp(SignerInformation signer) throws IOException {
AttributeTable unsignedAttributes = signer.getUnsignedAttributes();
ASN1EncodableVector vector = new ASN1EncodableVector();
if (unsignedAttributes != null) {
vector = unsignedAttributes.toASN1EncodableVector();
}
TimeStampToken timeStampToken = tsaClient.getTimeStampToken(new ByteArrayInputStream(signer.getSignature()));
byte[] token = timeStampToken.getEncoded();
ASN1ObjectIdentifier oid = PKCSObjectIdentifiers.id_aa_signatureTimeStampToken;
ASN1Encodable signatureTimeStamp = new Attribute(oid, new DERSet(ASN1Primitive.fromByteArray(token)));
vector.add(signatureTimeStamp);
Attributes signedAttributes = new Attributes(vector);
// see source code of replaceUnsignedAttributes
return SignerInformation.replaceUnsignedAttributes(signer, new AttributeTable(signedAttributes));
}
use of com.github.zhenwei.core.asn1.DERSet in project pdfbox by apache.
the class PublicKeySecurityHandler method createDERForRecipient.
private ASN1Primitive createDERForRecipient(byte[] in, X509Certificate cert) throws IOException, GeneralSecurityException {
String algorithm = PKCSObjectIdentifiers.RC2_CBC.getId();
AlgorithmParameterGenerator apg;
KeyGenerator keygen;
Cipher cipher;
try {
Provider provider = SecurityProvider.getProvider();
apg = AlgorithmParameterGenerator.getInstance(algorithm, provider);
keygen = KeyGenerator.getInstance(algorithm, provider);
cipher = Cipher.getInstance(algorithm, provider);
} catch (NoSuchAlgorithmException e) {
// happens when using the command line app .jar file
throw new IOException("Could not find a suitable javax.crypto provider for algorithm " + algorithm + "; possible reason: using an unsigned .jar file", e);
} catch (NoSuchPaddingException e) {
// should never happen, if this happens throw IOException instead
throw new RuntimeException("Could not find a suitable javax.crypto provider", e);
}
AlgorithmParameters parameters = apg.generateParameters();
ASN1Primitive object;
try (ASN1InputStream input = new ASN1InputStream(parameters.getEncoded("ASN.1"))) {
object = input.readObject();
}
keygen.init(128);
SecretKey secretkey = keygen.generateKey();
cipher.init(1, secretkey, parameters);
byte[] bytes = cipher.doFinal(in);
KeyTransRecipientInfo recipientInfo = computeRecipientInfo(cert, secretkey.getEncoded());
DERSet set = new DERSet(new RecipientInfo(recipientInfo));
AlgorithmIdentifier algorithmId = new AlgorithmIdentifier(new ASN1ObjectIdentifier(algorithm), object);
EncryptedContentInfo encryptedInfo = new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmId, new DEROctetString(bytes));
EnvelopedData enveloped = new EnvelopedData(null, set, encryptedInfo, (ASN1Set) null);
ContentInfo contentInfo = new ContentInfo(PKCSObjectIdentifiers.envelopedData, enveloped);
return contentInfo.toASN1Primitive();
}
use of com.github.zhenwei.core.asn1.DERSet in project keystore-explorer by kaikramer.
the class JarSigner method addTimestamp.
private static CMSSignedData addTimestamp(String tsaUrl, CMSSignedData signedData) throws IOException {
Collection<SignerInformation> signerInfos = signedData.getSignerInfos().getSigners();
// get signature of first signer (should be the only one)
SignerInformation si = signerInfos.iterator().next();
byte[] signature = si.getSignature();
// send request to TSA
byte[] token = TimeStampingClient.getTimeStampToken(tsaUrl, signature, DigestType.SHA256);
// create new SignerInformation with TS attribute
Attribute tokenAttr = new Attribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, new DERSet(ASN1Primitive.fromByteArray(token)));
ASN1EncodableVector timestampVector = new ASN1EncodableVector();
timestampVector.add(tokenAttr);
AttributeTable at = new AttributeTable(timestampVector);
si = SignerInformation.replaceUnsignedAttributes(si, at);
signerInfos.clear();
signerInfos.add(si);
SignerInformationStore newSignerStore = new SignerInformationStore(signerInfos);
// create new signed data
return CMSSignedData.replaceSigners(signedData, newSignerStore);
}
use of com.github.zhenwei.core.asn1.DERSet in project OpenPDF by LibrePDF.
the class PdfPublicKeySecurityHandler method createDERForRecipient.
private ASN1Primitive createDERForRecipient(byte[] in, X509Certificate cert) throws IOException, GeneralSecurityException {
String s = "1.2.840.113549.3.2";
AlgorithmParameterGenerator algorithmparametergenerator = AlgorithmParameterGenerator.getInstance(s);
AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters();
ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1"));
ASN1InputStream asn1inputstream = new ASN1InputStream(bytearrayinputstream);
ASN1Primitive derobject = asn1inputstream.readObject();
KeyGenerator keygenerator = KeyGenerator.getInstance(s);
keygenerator.init(128);
SecretKey secretkey = keygenerator.generateKey();
Cipher cipher = Cipher.getInstance(s);
cipher.init(1, secretkey, algorithmparameters);
byte[] abyte1 = cipher.doFinal(in);
DEROctetString deroctetstring = new DEROctetString(abyte1);
KeyTransRecipientInfo keytransrecipientinfo = computeRecipientInfo(cert, secretkey.getEncoded());
DERSet derset = new DERSet(new RecipientInfo(keytransrecipientinfo));
AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new ASN1ObjectIdentifier(s), derobject);
EncryptedContentInfo encryptedcontentinfo = new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring);
ASN1Set set = null;
EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, set);
ContentInfo contentinfo = new ContentInfo(PKCSObjectIdentifiers.envelopedData, env);
// return contentinfo.getDERObject();
return contentinfo.toASN1Primitive();
// ******************************************************************************
}
Aggregations