Example 66 with DERSet
use of com.github.zhenwei.core.asn1.DERSet in project signer by demoiselle.
the class RevocationValues method getValue.
@Override
public Attribute getValue() throws SignerException {
List<X509CRL> crlList = new ArrayList<X509CRL>();
ArrayList<CertificateList> crlVals = new ArrayList<CertificateList>();
List<BasicOCSPResponse> ocspVals = new ArrayList<BasicOCSPResponse>();
try {
int chainSize = certificates.length - 1;
for (int ix = 0; ix < chainSize; ix++) {
X509Certificate cert = (X509Certificate) certificates[ix];
Collection<ICPBR_CRL> icpCrls = crlRepository.getX509CRL(cert);
for (ICPBR_CRL icpCrl : icpCrls) {
crlList.add(icpCrl.getCRL());
}
}
if (crlList.isEmpty()) {
throw new SignerException(cadesMessagesBundle.getString("error.crl.list.empty"));
} else {
for (X509CRL varCrl : crlList) {
crlVals.add(CertificateList.getInstance(varCrl.getEncoded()));
}
}
CertificateList[] crlValuesArray = new CertificateList[crlVals.size()];
BasicOCSPResponse[] ocspValuesArray = new BasicOCSPResponse[ocspVals.size()];
// org.bouncycastle.asn1.esf.RevocationValues revocationVals = new org.bouncycastle.asn1.esf.RevocationValues(crlVals.toArray(crlValuesArray), null, null);
return new Attribute(identifier, new DERSet(new DERSequence(crlVals.toArray(crlValuesArray))));
} catch (Exception e) {
throw new SignerException(e.getMessage());
}
}
Also used :
X509CRL(java.security.cert.X509CRL)
UnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute)
Attribute(org.bouncycastle.asn1.cms.Attribute)
ArrayList(java.util.ArrayList)
CertificateList(org.bouncycastle.asn1.x509.CertificateList)
DERSet(org.bouncycastle.asn1.DERSet)
X509Certificate(java.security.cert.X509Certificate)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
ICPBR_CRL(org.demoiselle.signer.core.extension.ICPBR_CRL)
DERSequence(org.bouncycastle.asn1.DERSequence)
BasicOCSPResponse(org.bouncycastle.asn1.ocsp.BasicOCSPResponse)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
Example 67 with DERSet
use of com.github.zhenwei.core.asn1.DERSet in project signer by demoiselle.
the class SigningCertificateV2 method getValue.
@Override
public Attribute getValue() throws SignerException {
try {
X509Certificate cert = (X509Certificate) certificates[0];
X509Certificate issuerCert = (X509Certificate) certificates[1];
Digest digest = DigestFactory.getInstance().factoryDefault();
digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
byte[] certHash = digest.digest(cert.getEncoded());
X500Name dirName = new JcaX509CertificateHolder(issuerCert).getSubject();
GeneralName name = new GeneralName(dirName);
GeneralNames issuer = new GeneralNames(name);
ASN1Integer serialNumber = new ASN1Integer(cert.getSerialNumber());
IssuerSerial issuerSerial = new IssuerSerial(issuer, serialNumber);
// SHA-256
AlgorithmIdentifier algId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256);
ESSCertIDv2 essCertIDv2 = new ESSCertIDv2(algId, certHash, issuerSerial);
org.bouncycastle.asn1.ess.SigningCertificateV2 signingCertificateV2 = new org.bouncycastle.asn1.ess.SigningCertificateV2(essCertIDv2);
return new Attribute(identifier, new DERSet(signingCertificateV2));
} catch (CertificateEncodingException ex) {
throw new SignerException(ex.getMessage());
}
}
Also used :
IssuerSerial(org.bouncycastle.asn1.x509.IssuerSerial)
Digest(org.demoiselle.signer.cryptography.Digest)
SignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.SignedAttribute)
Attribute(org.bouncycastle.asn1.cms.Attribute)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
DERSet(org.bouncycastle.asn1.DERSet)
X509Certificate(java.security.cert.X509Certificate)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
ESSCertIDv2(org.bouncycastle.asn1.ess.ESSCertIDv2)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
Example 68 with DERSet
use of com.github.zhenwei.core.asn1.DERSet in project jruby-openssl by jruby.
the class X509Attribute method toASN1.
ASN1Primitive toASN1(final ThreadContext context) {
ASN1EncodableVector v1 = new ASN1EncodableVector();
v1.add(getTypeID());
if (value instanceof ASN1.Constructive) {
v1.add(((ASN1.Constructive) value).toASN1(context));
} else {
ASN1EncodableVector v2 = new ASN1EncodableVector();
v2.add(((ASN1.ASN1Data) value).toASN1(context));
v1.add(new DERSet(v2));
}
return new DLSequence(v1);
}
Also used :
DLSequence(org.bouncycastle.asn1.DLSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
ASN1._ASN1(org.jruby.ext.openssl.ASN1._ASN1)
DERSet(org.bouncycastle.asn1.DERSet)
Example 69 with DERSet
use of com.github.zhenwei.core.asn1.DERSet in project airlift by airlift.
the class TestCertificationRequestInfo method test.
@Test
public void test() throws Exception {
// test only with state because BC encodes every other value using UTF8String instead of PrintableString used by the JDK
String name = "C=country";
KeyPairGenerator generator = KeyPairGenerator.getInstance("EC");
generator.initialize(new ECGenParameterSpec("secp256r1"));
KeyPair keyPair = generator.generateKeyPair();
CertificationRequestInfo actualInfo = new CertificationRequestInfo(new X500Principal(name), keyPair.getPublic());
assertEquals(actualInfo.getPublicKey(), keyPair.getPublic());
assertEquals(actualInfo.getSubject().getName(), name);
assertEquals(actualInfo, actualInfo);
assertEquals(actualInfo.hashCode(), actualInfo.hashCode());
org.bouncycastle.asn1.pkcs.CertificationRequestInfo expectedInfo = new org.bouncycastle.asn1.pkcs.CertificationRequestInfo(new X500Name(name), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()), new DERSet());
assertEquals(base16().encode(actualInfo.getEncoded()), base16().encode(expectedInfo.getEncoded("DER")));
SignatureAlgorithmIdentifier signatureAlgorithmIdentifier = findSignatureAlgorithmIdentifier("SHA256withECDSA");
byte[] actualSignature = actualInfo.sign(signatureAlgorithmIdentifier, keyPair.getPrivate());
Signature signature = Signature.getInstance(signatureAlgorithmIdentifier.getName());
signature.initVerify(keyPair.getPublic());
signature.update(actualInfo.getEncoded());
assertTrue(signature.verify(actualSignature));
}
Also used :
KeyPair(java.security.KeyPair)
ECGenParameterSpec(java.security.spec.ECGenParameterSpec)
KeyPairGenerator(java.security.KeyPairGenerator)
X500Name(org.bouncycastle.asn1.x500.X500Name)
DERSet(org.bouncycastle.asn1.DERSet)
SignatureAlgorithmIdentifier.findSignatureAlgorithmIdentifier(io.airlift.security.csr.SignatureAlgorithmIdentifier.findSignatureAlgorithmIdentifier)
Signature(java.security.Signature)
X500Principal(javax.security.auth.x500.X500Principal)
Test(org.testng.annotations.Test)
Example 70 with DERSet
use of com.github.zhenwei.core.asn1.DERSet in project LinLong-Java by zhenwei1108.
the class CMSAuthenticatedDataStreamGenerator method open.
/**
* generate an authenticated data structure with the encapsulated bytes marked as type dataType.
*
* @param dataType the type of the data been written to the object.
* @param out the stream to store the authenticated structure in.
* @param macCalculator calculator for the MAC to be attached to the data.
* @param digestCalculator calculator for computing digest of the encapsulated data.
*/
public OutputStream open(ASN1ObjectIdentifier dataType, OutputStream out, MacCalculator macCalculator, DigestCalculator digestCalculator) throws CMSException {
this.macCalculator = macCalculator;
try {
ASN1EncodableVector recipientInfos = new ASN1EncodableVector();
for (Iterator it = recipientInfoGenerators.iterator(); it.hasNext(); ) {
RecipientInfoGenerator recipient = (RecipientInfoGenerator) it.next();
recipientInfos.add(recipient.generate(macCalculator.getKey()));
}
//
// ContentInfo
//
BERSequenceGenerator cGen = new BERSequenceGenerator(out);
cGen.addObject(CMSObjectIdentifiers.authenticatedData);
//
// Authenticated Data
//
BERSequenceGenerator authGen = new BERSequenceGenerator(cGen.getRawOutputStream(), 0, true);
authGen.addObject(new ASN1Integer(AuthenticatedData.calculateVersion(originatorInfo)));
if (originatorInfo != null) {
authGen.addObject(new DERTaggedObject(false, 0, originatorInfo));
}
if (berEncodeRecipientSet) {
authGen.getRawOutputStream().write(new BERSet(recipientInfos).getEncoded());
} else {
authGen.getRawOutputStream().write(new DERSet(recipientInfos).getEncoded());
}
AlgorithmIdentifier macAlgId = macCalculator.getAlgorithmIdentifier();
authGen.getRawOutputStream().write(macAlgId.getEncoded());
if (digestCalculator != null) {
authGen.addObject(new DERTaggedObject(false, 1, digestCalculator.getAlgorithmIdentifier()));
}
BERSequenceGenerator eiGen = new BERSequenceGenerator(authGen.getRawOutputStream());
eiGen.addObject(dataType);
OutputStream octetStream = CMSUtils.createBEROctetOutputStream(eiGen.getRawOutputStream(), 0, true, bufferSize);
OutputStream mOut;
if (digestCalculator != null) {
mOut = new TeeOutputStream(octetStream, digestCalculator.getOutputStream());
} else {
mOut = new TeeOutputStream(octetStream, macCalculator.getOutputStream());
}
return new CmsAuthenticatedDataOutputStream(macCalculator, digestCalculator, dataType, mOut, cGen, authGen, eiGen);
} catch (IOException e) {
throw new CMSException("exception decoding algorithm parameters.", e);
}
}
Also used :
BERSet(com.github.zhenwei.core.asn1.BERSet)
TeeOutputStream(com.github.zhenwei.core.util.io.TeeOutputStream)
DERTaggedObject(com.github.zhenwei.core.asn1.DERTaggedObject)
OutputStream(java.io.OutputStream)
TeeOutputStream(com.github.zhenwei.core.util.io.TeeOutputStream)
ASN1Integer(com.github.zhenwei.core.asn1.ASN1Integer)
IOException(java.io.IOException)
DERSet(com.github.zhenwei.core.asn1.DERSet)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
BERSequenceGenerator(com.github.zhenwei.core.asn1.BERSequenceGenerator)
Iterator(java.util.Iterator)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
Aggregations
DERSet (org.bouncycastle.asn1.DERSet)59
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)34
IOException (java.io.IOException)29
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)27
DERSequence (org.bouncycastle.asn1.DERSequence)27
DEROctetString (org.bouncycastle.asn1.DEROctetString)22
DERSet (com.github.zhenwei.core.asn1.DERSet)21
Attribute (org.bouncycastle.asn1.cms.Attribute)21
X509Certificate (java.security.cert.X509Certificate)19
ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)15
Iterator (java.util.Iterator)15
ByteArrayOutputStream (java.io.ByteArrayOutputStream)13
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)13
ArrayList (java.util.ArrayList)12
ByteArrayInputStream (java.io.ByteArrayInputStream)11
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11
DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)11
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)11
AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)9
OutputStream (java.io.OutputStream)9
