Example 11 with DERSet
use of com.github.zhenwei.core.asn1.DERSet in project robovm by robovm.
the class DefaultSignedAttributeTableGenerator method createStandardAttributeTable.
/**
* Create a standard attribute table from the passed in parameters - this will
* normally include contentType, signingTime, and messageDigest. If the constructor
* using an AttributeTable was used, entries in it for contentType, signingTime, and
* messageDigest will override the generated ones.
*
* @param parameters source parameters for table generation.
*
* @return a filled in Hashtable of attributes.
*/
protected Hashtable createStandardAttributeTable(Map parameters) {
Hashtable std = (Hashtable) table.clone();
if (!std.containsKey(CMSAttributes.contentType)) {
ASN1ObjectIdentifier contentType = ASN1ObjectIdentifier.getInstance(parameters.get(CMSAttributeTableGenerator.CONTENT_TYPE));
// contentType will be null if we're trying to generate a counter signature.
if (contentType != null) {
Attribute attr = new Attribute(CMSAttributes.contentType, new DERSet(contentType));
std.put(attr.getAttrType(), attr);
}
}
if (!std.containsKey(CMSAttributes.signingTime)) {
Date signingTime = new Date();
Attribute attr = new Attribute(CMSAttributes.signingTime, new DERSet(new Time(signingTime)));
std.put(attr.getAttrType(), attr);
}
if (!std.containsKey(CMSAttributes.messageDigest)) {
byte[] messageDigest = (byte[]) parameters.get(CMSAttributeTableGenerator.DIGEST);
Attribute attr = new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(messageDigest)));
std.put(attr.getAttrType(), attr);
}
return std;
}
Also used :
Attribute(org.bouncycastle.asn1.cms.Attribute)
Hashtable(java.util.Hashtable)
Time(org.bouncycastle.asn1.cms.Time)
DERSet(org.bouncycastle.asn1.DERSet)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Date(java.util.Date)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Example 12 with DERSet
use of com.github.zhenwei.core.asn1.DERSet in project robovm by robovm.
the class SignerInformation method addCounterSigners.
/**
* Return a signer information object with passed in SignerInformationStore representing counter
* signatures attached as an unsigned attribute.
*
* @param signerInformation the signerInfo to be used as the basis.
* @param counterSigners signer info objects carrying counter signature.
* @return a copy of the original SignerInformationObject with the changed attributes.
*/
public static SignerInformation addCounterSigners(SignerInformation signerInformation, SignerInformationStore counterSigners) {
// TODO Perform checks from RFC 3852 11.4
SignerInfo sInfo = signerInformation.info;
AttributeTable unsignedAttr = signerInformation.getUnsignedAttributes();
ASN1EncodableVector v;
if (unsignedAttr != null) {
v = unsignedAttr.toASN1EncodableVector();
} else {
v = new ASN1EncodableVector();
}
ASN1EncodableVector sigs = new ASN1EncodableVector();
for (Iterator it = counterSigners.getSigners().iterator(); it.hasNext(); ) {
sigs.add(((SignerInformation) it.next()).toASN1Structure());
}
v.add(new Attribute(CMSAttributes.counterSignature, new DERSet(sigs)));
return new SignerInformation(new SignerInfo(sInfo.getSID(), sInfo.getDigestAlgorithm(), sInfo.getAuthenticatedAttributes(), sInfo.getDigestEncryptionAlgorithm(), sInfo.getEncryptedDigest(), new DERSet(v)), signerInformation.contentType, signerInformation.content, null);
}
Also used :
SignerInfo(org.bouncycastle.asn1.cms.SignerInfo)
Attribute(org.bouncycastle.asn1.cms.Attribute)
AttributeTable(org.bouncycastle.asn1.cms.AttributeTable)
Iterator(java.util.Iterator)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
DERSet(org.bouncycastle.asn1.DERSet)
Example 13 with DERSet
use of com.github.zhenwei.core.asn1.DERSet in project robovm by robovm.
the class CMSSignedData method replaceSigners.
// BEGIN android-removed
// /**
// * Verify all the SignerInformation objects and their associated counter signatures attached
// * to this CMS SignedData object.
// *
// * @param verifierProvider a provider of SignerInformationVerifier objects.
// * @return true if all verify, false otherwise.
// * @throws CMSException if an exception occurs during the verification process.
// */
// public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider)
// throws CMSException
// {
// return verifySignatures(verifierProvider, false);
// }
//
// /**
// * Verify all the SignerInformation objects and optionally their associated counter signatures attached
// * to this CMS SignedData object.
// *
// * @param verifierProvider a provider of SignerInformationVerifier objects.
// * @param ignoreCounterSignatures if true don't check counter signatures. If false check counter signatures as well.
// * @return true if all verify, false otherwise.
// * @throws CMSException if an exception occurs during the verification process.
// */
// public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider, boolean ignoreCounterSignatures)
// throws CMSException
// {
// Collection signers = this.getSignerInfos().getSigners();
//
// for (Iterator it = signers.iterator(); it.hasNext();)
// {
// SignerInformation signer = (SignerInformation)it.next();
//
// try
// {
// SignerInformationVerifier verifier = verifierProvider.get(signer.getSID());
//
// if (!signer.verify(verifier))
// {
// return false;
// }
//
// if (!ignoreCounterSignatures)
// {
// Collection counterSigners = signer.getCounterSignatures().getSigners();
//
// for (Iterator cIt = counterSigners.iterator(); cIt.hasNext();)
// {
// SignerInformation counterSigner = (SignerInformation)cIt.next();
// SignerInformationVerifier counterVerifier = verifierProvider.get(signer.getSID());
//
// if (!counterSigner.verify(counterVerifier))
// {
// return false;
// }
// }
// }
// }
// catch (OperatorCreationException e)
// {
// throw new CMSException("failure in verifier provider: " + e.getMessage(), e);
// }
// }
//
// return true;
// }
// END android-removed
/**
* Replace the SignerInformation store associated with this
* CMSSignedData object with the new one passed in. You would
* probably only want to do this if you wanted to change the unsigned
* attributes associated with a signer, or perhaps delete one.
*
* @param signedData the signed data object to be used as a base.
* @param signerInformationStore the new signer information store to use.
* @return a new signed data object.
*/
public static CMSSignedData replaceSigners(CMSSignedData signedData, SignerInformationStore signerInformationStore) {
//
// copy
//
CMSSignedData cms = new CMSSignedData(signedData);
//
// replace the store
//
cms.signerInfoStore = signerInformationStore;
//
// replace the signers in the SignedData object
//
ASN1EncodableVector digestAlgs = new ASN1EncodableVector();
ASN1EncodableVector vec = new ASN1EncodableVector();
Iterator it = signerInformationStore.getSigners().iterator();
while (it.hasNext()) {
SignerInformation signer = (SignerInformation) it.next();
digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID()));
vec.add(signer.toASN1Structure());
}
ASN1Set digests = new DERSet(digestAlgs);
ASN1Set signers = new DERSet(vec);
ASN1Sequence sD = (ASN1Sequence) signedData.signedData.toASN1Primitive();
vec = new ASN1EncodableVector();
//
// signers are the last item in the sequence.
//
// version
vec.add(sD.getObjectAt(0));
vec.add(digests);
for (int i = 2; i != sD.size() - 1; i++) {
vec.add(sD.getObjectAt(i));
}
vec.add(signers);
cms.signedData = SignedData.getInstance(new BERSequence(vec));
//
// replace the contentInfo with the new one
//
cms.contentInfo = new ContentInfo(cms.contentInfo.getContentType(), cms.signedData);
return cms;
}
Also used :
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
BERSequence(org.bouncycastle.asn1.BERSequence)
Iterator(java.util.Iterator)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
DERSet(org.bouncycastle.asn1.DERSet)
Example 14 with DERSet
use of com.github.zhenwei.core.asn1.DERSet in project robovm by robovm.
the class X509Name method toASN1Primitive.
public ASN1Primitive toASN1Primitive() {
if (seq == null) {
ASN1EncodableVector vec = new ASN1EncodableVector();
ASN1EncodableVector sVec = new ASN1EncodableVector();
ASN1ObjectIdentifier lstOid = null;
for (int i = 0; i != ordering.size(); i++) {
ASN1EncodableVector v = new ASN1EncodableVector();
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) ordering.elementAt(i);
v.add(oid);
String str = (String) values.elementAt(i);
v.add(converter.getConvertedValue(oid, str));
if (lstOid == null || ((Boolean) this.added.elementAt(i)).booleanValue()) {
sVec.add(new DERSequence(v));
} else {
vec.add(new DERSet(sVec));
sVec = new ASN1EncodableVector();
sVec.add(new DERSequence(v));
}
lstOid = oid;
}
vec.add(new DERSet(sVec));
seq = new DERSequence(vec);
}
return seq;
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
ASN1String(org.bouncycastle.asn1.ASN1String)
DERUniversalString(org.bouncycastle.asn1.DERUniversalString)
DERSet(org.bouncycastle.asn1.DERSet)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 15 with DERSet
use of com.github.zhenwei.core.asn1.DERSet in project platform_frameworks_base by android.
the class ESTHandler method buildCSR.
private byte[] buildCSR(ByteBuffer octetBuffer, OMADMAdapter omadmAdapter, HTTPHandler httpHandler) throws IOException, GeneralSecurityException {
//Security.addProvider(new BouncyCastleProvider());
Log.d(TAG, "/csrattrs:");
/*
byte[] octets = new byte[octetBuffer.remaining()];
octetBuffer.duplicate().get(octets);
for (byte b : octets) {
System.out.printf("%02x ", b & 0xff);
}
*/
Collection<Asn1Object> csrs = Asn1Decoder.decode(octetBuffer);
for (Asn1Object asn1Object : csrs) {
Log.d(TAG, asn1Object.toString());
}
if (csrs.size() != 1) {
throw new IOException("Unexpected object count in CSR attributes response: " + csrs.size());
}
Asn1Object sequence = csrs.iterator().next();
if (sequence.getClass() != Asn1Constructed.class) {
throw new IOException("Unexpected CSR attribute container: " + sequence);
}
String keyAlgo = null;
Asn1Oid keyAlgoOID = null;
String sigAlgo = null;
String curveName = null;
Asn1Oid pubCrypto = null;
int keySize = -1;
Map<Asn1Oid, ASN1Encodable> idAttributes = new HashMap<>();
for (Asn1Object child : sequence.getChildren()) {
if (child.getTag() == Asn1Decoder.TAG_OID) {
Asn1Oid oid = (Asn1Oid) child;
OidMappings.SigEntry sigEntry = OidMappings.getSigEntry(oid);
if (sigEntry != null) {
sigAlgo = sigEntry.getSigAlgo();
keyAlgoOID = sigEntry.getKeyAlgo();
keyAlgo = OidMappings.getJCEName(keyAlgoOID);
} else if (oid.equals(OidMappings.sPkcs9AtChallengePassword)) {
byte[] tlsUnique = httpHandler.getTLSUnique();
if (tlsUnique != null) {
idAttributes.put(oid, new DERPrintableString(Base64.encodeToString(tlsUnique, Base64.DEFAULT)));
} else {
Log.w(TAG, "Cannot retrieve TLS unique channel binding");
}
}
} else if (child.getTag() == Asn1Decoder.TAG_SEQ) {
Asn1Oid oid = null;
Set<Asn1Oid> oidValues = new HashSet<>();
List<Asn1Object> values = new ArrayList<>();
for (Asn1Object attributeSeq : child.getChildren()) {
if (attributeSeq.getTag() == Asn1Decoder.TAG_OID) {
oid = (Asn1Oid) attributeSeq;
} else if (attributeSeq.getTag() == Asn1Decoder.TAG_SET) {
for (Asn1Object value : attributeSeq.getChildren()) {
if (value.getTag() == Asn1Decoder.TAG_OID) {
oidValues.add((Asn1Oid) value);
} else {
values.add(value);
}
}
}
}
if (oid == null) {
throw new IOException("Invalid attribute, no OID");
}
if (oid.equals(OidMappings.sExtensionRequest)) {
for (Asn1Oid subOid : oidValues) {
if (OidMappings.isIDAttribute(subOid)) {
if (subOid.equals(OidMappings.sMAC)) {
idAttributes.put(subOid, new DERIA5String(omadmAdapter.getMAC()));
} else if (subOid.equals(OidMappings.sIMEI)) {
idAttributes.put(subOid, new DERIA5String(omadmAdapter.getImei()));
} else if (subOid.equals(OidMappings.sMEID)) {
idAttributes.put(subOid, new DERBitString(omadmAdapter.getMeid()));
} else if (subOid.equals(OidMappings.sDevID)) {
idAttributes.put(subOid, new DERPrintableString(omadmAdapter.getDevID()));
}
}
}
} else if (OidMappings.getCryptoID(oid) != null) {
pubCrypto = oid;
if (!values.isEmpty()) {
for (Asn1Object value : values) {
if (value.getTag() == Asn1Decoder.TAG_INTEGER) {
keySize = (int) ((Asn1Integer) value).getValue();
}
}
}
if (oid.equals(OidMappings.sAlgo_EC)) {
if (oidValues.isEmpty()) {
throw new IOException("No ECC curve name provided");
}
for (Asn1Oid value : oidValues) {
curveName = OidMappings.getJCEName(value);
if (curveName != null) {
break;
}
}
if (curveName == null) {
throw new IOException("Found no ECC curve for " + oidValues);
}
}
}
}
}
if (keyAlgoOID == null) {
throw new IOException("No public key algorithm specified");
}
if (pubCrypto != null && !pubCrypto.equals(keyAlgoOID)) {
throw new IOException("Mismatching key algorithms");
}
if (keyAlgoOID.equals(OidMappings.sAlgo_RSA)) {
if (keySize < MinRSAKeySize) {
if (keySize >= 0) {
Log.i(TAG, "Upgrading suggested RSA key size from " + keySize + " to " + MinRSAKeySize);
}
keySize = MinRSAKeySize;
}
}
Log.d(TAG, String.format("pub key '%s', signature '%s', ECC curve '%s', id-atts %s", keyAlgo, sigAlgo, curveName, idAttributes));
/*
Ruckus:
SEQUENCE:
OID=1.2.840.113549.1.1.11 (algo_id_sha256WithRSAEncryption)
RFC-7030:
SEQUENCE:
OID=1.2.840.113549.1.9.7 (challengePassword)
SEQUENCE:
OID=1.2.840.10045.2.1 (algo_id_ecPublicKey)
SET:
OID=1.3.132.0.34 (secp384r1)
SEQUENCE:
OID=1.2.840.113549.1.9.14 (extensionRequest)
SET:
OID=1.3.6.1.1.1.1.22 (mac-address)
OID=1.2.840.10045.4.3.3 (eccdaWithSHA384)
1L, 3L, 6L, 1L, 1L, 1L, 1L, 22
*/
// ECC Does not appear to be supported currently
KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgo);
if (curveName != null) {
AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(keyAlgo);
algorithmParameters.init(new ECNamedCurveGenParameterSpec(curveName));
kpg.initialize(algorithmParameters.getParameterSpec(ECNamedCurveGenParameterSpec.class));
} else {
kpg.initialize(keySize);
}
KeyPair kp = kpg.generateKeyPair();
X500Principal subject = new X500Principal("CN=Android, O=Google, C=US");
mClientKey = kp.getPrivate();
// !!! Map the idAttributes into an ASN1Set of values to pass to
// the PKCS10CertificationRequest - this code is using outdated BC classes and
// has *not* been tested.
ASN1Set attributes;
if (!idAttributes.isEmpty()) {
ASN1EncodableVector payload = new DEREncodableVector();
for (Map.Entry<Asn1Oid, ASN1Encodable> entry : idAttributes.entrySet()) {
DERObjectIdentifier type = new DERObjectIdentifier(entry.getKey().toOIDString());
ASN1Set values = new DERSet(entry.getValue());
Attribute attribute = new Attribute(type, values);
payload.add(attribute);
}
attributes = new DERSet(payload);
} else {
attributes = null;
}
return new PKCS10CertificationRequest(sigAlgo, subject, kp.getPublic(), attributes, mClientKey).getEncoded();
}
Also used :
DERSet(com.android.org.bouncycastle.asn1.DERSet)
ASN1Set(com.android.org.bouncycastle.asn1.ASN1Set)
Set(java.util.Set)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
Attribute(com.android.org.bouncycastle.asn1.x509.Attribute)
DERBitString(com.android.org.bouncycastle.asn1.DERBitString)
DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString)
DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String)
DERSet(com.android.org.bouncycastle.asn1.DERSet)
DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String)
Asn1Integer(com.android.hotspot2.asn1.Asn1Integer)
DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString)
ASN1EncodableVector(com.android.org.bouncycastle.asn1.ASN1EncodableVector)
List(java.util.List)
ArrayList(java.util.ArrayList)
ASN1Encodable(com.android.org.bouncycastle.asn1.ASN1Encodable)
PKCS10CertificationRequest(com.android.org.bouncycastle.jce.PKCS10CertificationRequest)
Asn1Oid(com.android.hotspot2.asn1.Asn1Oid)
KeyPair(java.security.KeyPair)
ECNamedCurveGenParameterSpec(com.android.org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec)
DEREncodableVector(com.android.org.bouncycastle.asn1.DEREncodableVector)
DERBitString(com.android.org.bouncycastle.asn1.DERBitString)
IOException(java.io.IOException)
KeyPairGenerator(java.security.KeyPairGenerator)
DERObjectIdentifier(com.android.org.bouncycastle.asn1.DERObjectIdentifier)
Asn1Object(com.android.hotspot2.asn1.Asn1Object)
OidMappings(com.android.hotspot2.asn1.OidMappings)
ASN1Set(com.android.org.bouncycastle.asn1.ASN1Set)
X500Principal(javax.security.auth.x500.X500Principal)
Map(java.util.Map)
HashMap(java.util.HashMap)
AlgorithmParameters(java.security.AlgorithmParameters)
Aggregations
DERSet (org.bouncycastle.asn1.DERSet)59
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)34
IOException (java.io.IOException)29
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)27
DERSequence (org.bouncycastle.asn1.DERSequence)27
DEROctetString (org.bouncycastle.asn1.DEROctetString)22
DERSet (com.github.zhenwei.core.asn1.DERSet)21
Attribute (org.bouncycastle.asn1.cms.Attribute)21
X509Certificate (java.security.cert.X509Certificate)19
ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)15
Iterator (java.util.Iterator)15
ByteArrayOutputStream (java.io.ByteArrayOutputStream)13
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)13
ArrayList (java.util.ArrayList)12
ByteArrayInputStream (java.io.ByteArrayInputStream)11
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11
DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)11
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)11
AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)9
OutputStream (java.io.OutputStream)9
