use of com.github.zhenwei.core.asn1.DERSet in project itext2 by albfernandez.
the class PdfPKCS7 method getAuthenticatedAttributeSet.
private DERSet getAuthenticatedAttributeSet(byte[] secondDigest, Calendar signingTime, byte[] ocsp) {
try {
ASN1EncodableVector attribute = new ASN1EncodableVector();
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new ASN1ObjectIdentifier(ID_CONTENT_TYPE));
v.add(new DERSet(new ASN1ObjectIdentifier(ID_PKCS7_DATA)));
attribute.add(new DERSequence(v));
v = new ASN1EncodableVector();
v.add(new ASN1ObjectIdentifier(ID_SIGNING_TIME));
v.add(new DERSet(new DERUTCTime(signingTime.getTime())));
attribute.add(new DERSequence(v));
v = new ASN1EncodableVector();
v.add(new ASN1ObjectIdentifier(ID_MESSAGE_DIGEST));
v.add(new DERSet(new DEROctetString(secondDigest)));
attribute.add(new DERSequence(v));
if (ocsp != null) {
v = new ASN1EncodableVector();
v.add(new ASN1ObjectIdentifier(ID_ADBE_REVOCATION));
DEROctetString doctet = new DEROctetString(ocsp);
ASN1EncodableVector vo1 = new ASN1EncodableVector();
ASN1EncodableVector v2 = new ASN1EncodableVector();
v2.add(OCSPObjectIdentifiers.id_pkix_ocsp_basic);
v2.add(doctet);
ASN1Enumerated den = new ASN1Enumerated(0);
ASN1EncodableVector v3 = new ASN1EncodableVector();
v3.add(den);
v3.add(new DERTaggedObject(true, 0, new DERSequence(v2)));
vo1.add(new DERSequence(v3));
v.add(new DERSet(new DERSequence(new DERTaggedObject(true, 1, new DERSequence(vo1)))));
attribute.add(new DERSequence(v));
} else if (!crls.isEmpty()) {
v = new ASN1EncodableVector();
v.add(new ASN1ObjectIdentifier(ID_ADBE_REVOCATION));
ASN1EncodableVector v2 = new ASN1EncodableVector();
for (Iterator i = crls.iterator(); i.hasNext(); ) {
ASN1InputStream t = new ASN1InputStream(new ByteArrayInputStream(((X509CRL) i.next()).getEncoded()));
v2.add(t.readObject());
}
v.add(new DERSet(new DERSequence(new DERTaggedObject(true, 0, new DERSequence(v2)))));
attribute.add(new DERSequence(v));
}
return new DERSet(attribute);
} catch (Exception e) {
throw new ExceptionConverter(e);
}
}
use of com.github.zhenwei.core.asn1.DERSet in project staplr by pridiltal.
the class PdfPKCS7 method getEncodedPKCS7.
/**
* Gets the bytes for the PKCS7SignedData object. Optionally the authenticatedAttributes
* in the signerInfo can also be set. If either of the parameters is <CODE>null</CODE>, none will be used.
* @param secondDigest the digest in the authenticatedAttributes
* @param signingTime the signing time in the authenticatedAttributes
* @return the bytes for the PKCS7SignedData object
*/
public byte[] getEncodedPKCS7(byte[] secondDigest, Calendar signingTime) {
try {
if (externalDigest != null) {
digest = externalDigest;
if (RSAdata != null)
RSAdata = externalRSAdata;
} else if (externalRSAdata != null && RSAdata != null) {
RSAdata = externalRSAdata;
sig.update(RSAdata);
digest = sig.sign();
} else {
if (RSAdata != null) {
RSAdata = messageDigest.digest();
sig.update(RSAdata);
}
digest = sig.sign();
}
// Create the set of Hash algorithms
ASN1EncodableVector digestAlgorithms_ = new ASN1EncodableVector();
for (Iterator it = digestalgos.iterator(); it.hasNext(); ) {
ASN1EncodableVector algos = new ASN1EncodableVector();
algos.add(new ASN1ObjectIdentifier((String) it.next()));
algos.add(new DERNull());
digestAlgorithms_.add(new DERSequence(algos));
}
DERSet digestAlgorithms = new DERSet(digestAlgorithms_);
// Create the contentInfo.
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new ASN1ObjectIdentifier(ID_PKCS7_DATA));
if (RSAdata != null)
v.add(new DERTaggedObject(0, new DEROctetString(RSAdata)));
DERSequence contentinfo = new DERSequence(v);
// Get all the certificates
//
v = new ASN1EncodableVector();
for (Iterator i = certs.iterator(); i.hasNext(); ) {
ASN1InputStream tempstream = new ASN1InputStream(new ByteArrayInputStream(((X509Certificate) i.next()).getEncoded()));
v.add(tempstream.readObject());
}
DERSet dercertificates = new DERSet(v);
// Create signerinfo structure.
//
ASN1EncodableVector signerinfo = new ASN1EncodableVector();
// Add the signerInfo version
//
signerinfo.add(new ASN1Integer(signerversion));
v = new ASN1EncodableVector();
v.add(getIssuer(signCert.getTBSCertificate()));
v.add(new ASN1Integer(signCert.getSerialNumber()));
signerinfo.add(new DERSequence(v));
// Add the digestAlgorithm
v = new ASN1EncodableVector();
v.add(new ASN1ObjectIdentifier(digestAlgorithm));
v.add(new DERNull());
signerinfo.add(new DERSequence(v));
// add the authenticated attribute if present
if (secondDigest != null && signingTime != null) {
ASN1EncodableVector attribute = new ASN1EncodableVector();
v = new ASN1EncodableVector();
v.add(new ASN1ObjectIdentifier(ID_CONTENT_TYPE));
v.add(new DERSet(new ASN1ObjectIdentifier(ID_PKCS7_DATA)));
attribute.add(new DERSequence(v));
v = new ASN1EncodableVector();
v.add(new ASN1ObjectIdentifier(ID_SIGNING_TIME));
v.add(new DERSet(new DERUTCTime(signingTime.getTime())));
attribute.add(new DERSequence(v));
v = new ASN1EncodableVector();
v.add(new ASN1ObjectIdentifier(ID_MESSAGE_DIGEST));
v.add(new DERSet(new DEROctetString(secondDigest)));
attribute.add(new DERSequence(v));
signerinfo.add(new DERTaggedObject(false, 0, new DERSet(attribute)));
}
// Add the digestEncryptionAlgorithm
v = new ASN1EncodableVector();
v.add(new ASN1ObjectIdentifier(digestEncryptionAlgorithm));
v.add(new DERNull());
signerinfo.add(new DERSequence(v));
// Add the digest
signerinfo.add(new DEROctetString(digest));
// Finally build the body out of all the components above
ASN1EncodableVector body = new ASN1EncodableVector();
body.add(new ASN1Integer(version));
body.add(digestAlgorithms);
body.add(contentinfo);
body.add(new DERTaggedObject(false, 0, dercertificates));
if (crls.size() > 0) {
v = new ASN1EncodableVector();
for (Iterator i = crls.iterator(); i.hasNext(); ) {
ASN1InputStream t = new ASN1InputStream(new ByteArrayInputStream((((X509CRL) i.next()).getEncoded())));
v.add(t.readObject());
}
DERSet dercrls = new DERSet(v);
body.add(new DERTaggedObject(false, 1, dercrls));
}
// Only allow one signerInfo
body.add(new DERSet(new DERSequence(signerinfo)));
// Now we have the body, wrap it in it's PKCS7Signed shell
// and return it
//
ASN1EncodableVector whole = new ASN1EncodableVector();
whole.add(new ASN1ObjectIdentifier(ID_PKCS7_SIGNED_DATA));
whole.add(new DERTaggedObject(0, new DERSequence(body)));
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
ASN1OutputStream dout = new ASN1OutputStream(bOut);
dout.writeObject(new DERSequence(whole));
dout.close();
return bOut.toByteArray();
} catch (Exception e) {
throw new ExceptionConverter(e);
}
}
use of com.github.zhenwei.core.asn1.DERSet in project Falcon-File-Transfer-Optimizer by arif-zaman.
the class BouncyCastleCertProcessingFactory method createCertificateRequest.
/**
* Creates a certificate request from the specified subject name, signing algorithm, and a key pair.
*
* @param subjectDN
* the subject name of the certificate request.
* @param sigAlgName
* the signing algorithm name.
* @param keyPair
* the key pair of the certificate request
* @return the certificate request.
* @exception GeneralSecurityException
* if security error occurs.
*/
public byte[] createCertificateRequest(X509Name subjectDN, String sigAlgName, KeyPair keyPair) throws GeneralSecurityException {
DERSet attrs = null;
PKCS10CertificationRequest certReq = null;
certReq = new PKCS10CertificationRequest(sigAlgName, subjectDN, keyPair.getPublic(), attrs, keyPair.getPrivate());
return certReq.getEncoded();
}
use of com.github.zhenwei.core.asn1.DERSet in project Falcon-File-Transfer-Optimizer by arif-zaman.
the class X509NameHelper method add.
/**
* Appends the specified OID and value pair name component to the end of the
* current name.
*
* @param oid the name component oid, e.g. {@link org.bouncycastle.asn1.x500.style.BCStyle#CN
* BCStyle.CN}
* @param value the value (e.g. "proxy")
*/
public void add(ASN1ObjectIdentifier oid, String value) {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(oid);
v.add(new DERPrintableString(value));
add(new DERSet(new DERSequence(v)));
}
use of com.github.zhenwei.core.asn1.DERSet in project Falcon-File-Transfer-Optimizer by arif-zaman.
the class GridCertRequest method genCertificateRequest.
/**
* Generates a encrypted private key and certificate request.
*/
public static void genCertificateRequest(String dname, String emailAddressOfCA, String password, File keyFile, File certFile, File certReqFile) throws Exception {
String sigAlgName = "MD5WithRSA";
String keyAlgName = "RSA";
CertUtil.init();
X509Name name = new X509Name(dname);
String certSubject = X509NameHelper.toString(name);
System.out.println("Generating a 1024 bit RSA private key");
// Generate a new key pair.
KeyPairGenerator keygen = KeyPairGenerator.getInstance(keyAlgName);
keygen.initialize(1024);
KeyPair keyPair = keygen.genKeyPair();
PrivateKey privKey = keyPair.getPrivate();
PublicKey pubKey = keyPair.getPublic();
// Generate the certificate request.
DERSet derSet = new DERSet();
PKCS10CertificationRequest request = new PKCS10CertificationRequest(sigAlgName, name, pubKey, derSet, privKey);
// Save the certificate request to a .pem file.
byte[] data = request.getEncoded();
byte[] encodedData = Base64.encode(data);
PrintStream ps = null;
try {
ps = new PrintStream(new FileOutputStream(certReqFile));
boolean caEmail = false;
if ((emailAddressOfCA != null) && (emailAddressOfCA.length() > 0)) {
caEmail = true;
ps.print("\n\n" + "Please mail the following certificate request to " + emailAddressOfCA);
} else {
ps.print("\n\n" + "Please send the following certificate request to the Certificate Authority (CA). Refer to CA instructions for details on to send the request.");
}
ps.print("\n\n" + "==================================================================\n" + "\n" + "Certificate Subject:\n" + "\n" + certSubject + "\n" + "\n" + "The above string is known as your user certificate subject, and it \n" + "uniquely identifies this user.\n" + "\n" + "To install this user certificate, please save this e-mail message\n" + "into the following file.\n" + "\n" + "\n" + certReqFile.getAbsolutePath() + "\n" + "\n" + "\n" + " You need not edit this message in any way. Simply \n" + " save this e-mail message to the file.\n" + "\n" + "\n" + "If you have any questions about the certificate contact\n" + "the Certificate Authority");
if (caEmail) {
ps.print("at " + emailAddressOfCA);
}
ps.print("\n\n");
PEMUtils.writeBase64(ps, "-----BEGIN CERTIFICATE REQUEST-----", encodedData, "-----END CERTIFICATE REQUEST-----");
} finally {
if (ps != null) {
ps.close();
}
}
// Save private key to a .pem file.
OpenSSLKey key = new BouncyCastleOpenSSLKey(privKey);
if (password != null) {
key.encrypt(password);
}
// this will set the permissions correctly already
key.writeTo(keyFile.getAbsolutePath());
// Create an empty cert file.
certFile.createNewFile();
System.out.println("A private key and a certificate request has been generated with the subject:");
System.out.println();
System.out.println(certSubject);
System.out.println();
System.out.println("The private key is stored in " + keyFile.getAbsolutePath());
System.out.println("The request is stored in " + certReqFile.getAbsolutePath());
}
Aggregations