Example 11 with CertID
use of com.github.zhenwei.core.asn1.ocsp.CertID in project LinLong-Java by zhenwei1108.
the class RevRepContent method toASN1Primitive.
/**
* <pre>
* RevRepContent ::= SEQUENCE {
* status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo,
* -- in same order as was sent in RevReqContent
* revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId OPTIONAL,
* -- IDs for which revocation was requested
* -- (same order as status)
* crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList OPTIONAL
* -- the resulting CRLs (there may be more than one)
* }
* </pre>
*
* @return a basic ASN.1 object representation.
*/
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector(3);
v.add(status);
addOptional(v, 0, revCerts);
addOptional(v, 1, crls);
return new DERSequence(v);
}
Also used :
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
Example 12 with CertID
use of com.github.zhenwei.core.asn1.ocsp.CertID in project LinLong-Java by zhenwei1108.
the class CertId method toASN1Primitive.
/**
* <pre>
* CertId ::= SEQUENCE {
* issuer GeneralName,
* serialNumber INTEGER }
* </pre>
*
* @return a basic ASN.1 object representation.
*/
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector(2);
v.add(issuer);
v.add(serialNumber);
return new DERSequence(v);
}
Also used :
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
Example 13 with CertID
use of com.github.zhenwei.core.asn1.ocsp.CertID in project LinLong-Java by zhenwei1108.
the class PKCS12KeyStoreSpi method createSafeBag.
private SafeBag createSafeBag(String certId, Certificate cert) throws CertificateEncodingException {
CertBag cBag = new CertBag(x509Certificate, new DEROctetString(cert.getEncoded()));
ASN1EncodableVector fName = new ASN1EncodableVector();
boolean cAttrSet = false;
if (cert instanceof PKCS12BagAttributeCarrier) {
PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier) cert;
//
// make sure we are using the local alias on store
//
ASN1BMPString nm = (ASN1BMPString) bagAttrs.getBagAttribute(pkcs_9_at_friendlyName);
if (nm == null || !nm.getString().equals(certId)) {
if (certId != null) {
bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(certId));
}
}
Enumeration e = bagAttrs.getBagAttributeKeys();
while (e.hasMoreElements()) {
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
// If we find one, we'll prune it out.
if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) {
continue;
}
ASN1EncodableVector fSeq = new ASN1EncodableVector();
fSeq.add(oid);
fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid)));
fName.add(new DERSequence(fSeq));
cAttrSet = true;
}
}
if (!cAttrSet) {
ASN1EncodableVector fSeq = new ASN1EncodableVector();
fSeq.add(pkcs_9_at_friendlyName);
fSeq.add(new DERSet(new DERBMPString(certId)));
fName.add(new DERSequence(fSeq));
}
return new SafeBag(certBag, cBag.toASN1Primitive(), new DERSet(fName));
}
Also used :
CertBag(com.github.zhenwei.core.asn1.pkcs.CertBag)
DERBMPString(com.github.zhenwei.core.asn1.DERBMPString)
Enumeration(java.util.Enumeration)
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
ASN1BMPString(com.github.zhenwei.core.asn1.ASN1BMPString)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
SafeBag(com.github.zhenwei.core.asn1.pkcs.SafeBag)
DERSet(com.github.zhenwei.core.asn1.DERSet)
DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)
PKCS12BagAttributeCarrier(com.github.zhenwei.provider.jce.interfaces.PKCS12BagAttributeCarrier)
ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)
Example 14 with CertID
use of com.github.zhenwei.core.asn1.ocsp.CertID in project LinLong-Java by zhenwei1108.
the class PKCS12KeyStoreSpi method engineDeleteEntry.
/**
* this is not quite complete - we should follow up on the chain, a bit tricky if a certificate
* appears in more than one chain... the store method now prunes out unused certificates from the
* chain map if they are present.
*/
public void engineDeleteEntry(String alias) throws KeyStoreException {
Key k = (Key) keys.remove(alias);
Certificate c = (Certificate) certs.remove(alias);
if (c != null) {
chainCerts.remove(new CertId(c.getPublicKey()));
}
if (k != null) {
String id = (String) localIds.remove(alias);
if (id != null) {
c = (Certificate) keyCerts.remove(id);
}
if (c != null) {
chainCerts.remove(new CertId(c.getPublicKey()));
}
}
}
Also used :
BEROctetString(com.github.zhenwei.core.asn1.BEROctetString)
DERBMPString(com.github.zhenwei.core.asn1.DERBMPString)
ASN1BMPString(com.github.zhenwei.core.asn1.ASN1BMPString)
ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString)
DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
PKCS12Key(com.github.zhenwei.provider.jcajce.PKCS12Key)
Key(java.security.Key)
PublicKey(java.security.PublicKey)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 15 with CertID
use of com.github.zhenwei.core.asn1.ocsp.CertID in project LinLong-Java by zhenwei1108.
the class PKCS12KeyStoreSpi method doStore.
private void doStore(OutputStream stream, char[] password, boolean useDEREncoding) throws IOException {
if (keys.size() == 0) {
if (password == null) {
Enumeration cs = certs.keys();
ASN1EncodableVector certSeq = new ASN1EncodableVector();
while (cs.hasMoreElements()) {
try {
String certId = (String) cs.nextElement();
Certificate cert = (Certificate) certs.get(certId);
SafeBag sBag = createSafeBag(certId, cert);
certSeq.add(sBag);
} catch (CertificateEncodingException e) {
throw new IOException("Error encoding certificate: " + e.toString());
}
}
if (useDEREncoding) {
ContentInfo bagInfo = new ContentInfo(PKCSObjectIdentifiers.data, new DEROctetString(new DERSequence(certSeq).getEncoded()));
Pfx pfx = new Pfx(new ContentInfo(PKCSObjectIdentifiers.data, new DEROctetString(new DERSequence(bagInfo).getEncoded())), null);
pfx.encodeTo(stream, ASN1Encoding.DER);
} else {
ContentInfo bagInfo = new ContentInfo(PKCSObjectIdentifiers.data, new BEROctetString(new BERSequence(certSeq).getEncoded()));
Pfx pfx = new Pfx(new ContentInfo(PKCSObjectIdentifiers.data, new BEROctetString(new BERSequence(bagInfo).getEncoded())), null);
pfx.encodeTo(stream, ASN1Encoding.BER);
}
return;
}
} else {
if (password == null) {
throw new NullPointerException("no password supplied for PKCS#12 KeyStore");
}
}
//
// handle the key
//
ASN1EncodableVector keyS = new ASN1EncodableVector();
Enumeration ks = keys.keys();
while (ks.hasMoreElements()) {
byte[] kSalt = new byte[SALT_SIZE];
random.nextBytes(kSalt);
String name = (String) ks.nextElement();
PrivateKey privKey = (PrivateKey) keys.get(name);
PKCS12PBEParams kParams = new PKCS12PBEParams(kSalt, MIN_ITERATIONS);
byte[] kBytes = wrapKey(keyAlgorithm.getId(), privKey, kParams, password);
AlgorithmIdentifier kAlgId = new AlgorithmIdentifier(keyAlgorithm, kParams.toASN1Primitive());
com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo kInfo = new com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo(kAlgId, kBytes);
boolean attrSet = false;
ASN1EncodableVector kName = new ASN1EncodableVector();
if (privKey instanceof PKCS12BagAttributeCarrier) {
PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier) privKey;
//
// make sure we are using the local alias on store
//
ASN1BMPString nm = (ASN1BMPString) bagAttrs.getBagAttribute(pkcs_9_at_friendlyName);
if (nm == null || !nm.getString().equals(name)) {
bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name));
}
//
if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null) {
Certificate ct = engineGetCertificate(name);
bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(ct.getPublicKey()));
}
Enumeration e = bagAttrs.getBagAttributeKeys();
while (e.hasMoreElements()) {
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
ASN1EncodableVector kSeq = new ASN1EncodableVector();
kSeq.add(oid);
kSeq.add(new DERSet(bagAttrs.getBagAttribute(oid)));
attrSet = true;
kName.add(new DERSequence(kSeq));
}
}
if (!attrSet) {
//
// set a default friendly name (from the key id) and local id
//
ASN1EncodableVector kSeq = new ASN1EncodableVector();
Certificate ct = engineGetCertificate(name);
kSeq.add(pkcs_9_at_localKeyId);
kSeq.add(new DERSet(createSubjectKeyId(ct.getPublicKey())));
kName.add(new DERSequence(kSeq));
kSeq = new ASN1EncodableVector();
kSeq.add(pkcs_9_at_friendlyName);
kSeq.add(new DERSet(new DERBMPString(name)));
kName.add(new DERSequence(kSeq));
}
SafeBag kBag = new SafeBag(pkcs8ShroudedKeyBag, kInfo.toASN1Primitive(), new DERSet(kName));
keyS.add(kBag);
}
byte[] keySEncoded = new DERSequence(keyS).getEncoded(ASN1Encoding.DER);
BEROctetString keyString = new BEROctetString(keySEncoded);
//
// certificate processing
//
byte[] cSalt = new byte[SALT_SIZE];
random.nextBytes(cSalt);
ASN1EncodableVector certSeq = new ASN1EncodableVector();
PKCS12PBEParams cParams = new PKCS12PBEParams(cSalt, MIN_ITERATIONS);
AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.toASN1Primitive());
Hashtable doneCerts = new Hashtable();
Enumeration cs = keys.keys();
while (cs.hasMoreElements()) {
try {
String name = (String) cs.nextElement();
Certificate cert = engineGetCertificate(name);
boolean cAttrSet = false;
CertBag cBag = new CertBag(x509Certificate, new DEROctetString(cert.getEncoded()));
ASN1EncodableVector fName = new ASN1EncodableVector();
if (cert instanceof PKCS12BagAttributeCarrier) {
PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier) cert;
//
// make sure we are using the local alias on store
//
ASN1BMPString nm = (ASN1BMPString) bagAttrs.getBagAttribute(pkcs_9_at_friendlyName);
if (nm == null || !nm.getString().equals(name)) {
bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name));
}
//
if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null) {
bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(cert.getPublicKey()));
}
Enumeration e = bagAttrs.getBagAttributeKeys();
while (e.hasMoreElements()) {
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
ASN1EncodableVector fSeq = new ASN1EncodableVector();
fSeq.add(oid);
fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid)));
fName.add(new DERSequence(fSeq));
cAttrSet = true;
}
}
if (!cAttrSet) {
ASN1EncodableVector fSeq = new ASN1EncodableVector();
fSeq.add(pkcs_9_at_localKeyId);
fSeq.add(new DERSet(createSubjectKeyId(cert.getPublicKey())));
fName.add(new DERSequence(fSeq));
fSeq = new ASN1EncodableVector();
fSeq.add(pkcs_9_at_friendlyName);
fSeq.add(new DERSet(new DERBMPString(name)));
fName.add(new DERSequence(fSeq));
}
SafeBag sBag = new SafeBag(certBag, cBag.toASN1Primitive(), new DERSet(fName));
certSeq.add(sBag);
doneCerts.put(cert, cert);
} catch (CertificateEncodingException e) {
throw new IOException("Error encoding certificate: " + e.toString());
}
}
cs = certs.keys();
while (cs.hasMoreElements()) {
try {
String certId = (String) cs.nextElement();
Certificate cert = (Certificate) certs.get(certId);
if (keys.get(certId) != null) {
continue;
}
SafeBag sBag = createSafeBag(certId, cert);
certSeq.add(sBag);
doneCerts.put(cert, cert);
} catch (CertificateEncodingException e) {
throw new IOException("Error encoding certificate: " + e.toString());
}
}
Set usedSet = getUsedCertificateSet();
cs = chainCerts.keys();
while (cs.hasMoreElements()) {
try {
CertId certId = (CertId) cs.nextElement();
Certificate cert = (Certificate) chainCerts.get(certId);
if (!usedSet.contains(cert)) {
continue;
}
if (doneCerts.get(cert) != null) {
continue;
}
CertBag cBag = new CertBag(x509Certificate, new DEROctetString(cert.getEncoded()));
ASN1EncodableVector fName = new ASN1EncodableVector();
if (cert instanceof PKCS12BagAttributeCarrier) {
PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier) cert;
Enumeration e = bagAttrs.getBagAttributeKeys();
while (e.hasMoreElements()) {
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
// If we find one, we'll prune it out.
if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) {
continue;
}
ASN1EncodableVector fSeq = new ASN1EncodableVector();
fSeq.add(oid);
fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid)));
fName.add(new DERSequence(fSeq));
}
}
SafeBag sBag = new SafeBag(certBag, cBag.toASN1Primitive(), new DERSet(fName));
certSeq.add(sBag);
} catch (CertificateEncodingException e) {
throw new IOException("Error encoding certificate: " + e.toString());
}
}
byte[] certSeqEncoded = new DERSequence(certSeq).getEncoded(ASN1Encoding.DER);
byte[] certBytes = cryptData(true, cAlgId, password, false, certSeqEncoded);
EncryptedData cInfo = new EncryptedData(data, cAlgId, new BEROctetString(certBytes));
ContentInfo[] info = new ContentInfo[] { new ContentInfo(data, keyString), new ContentInfo(encryptedData, cInfo.toASN1Primitive()) };
AuthenticatedSafe auth = new AuthenticatedSafe(info);
byte[] pkg = auth.getEncoded(useDEREncoding ? ASN1Encoding.DER : ASN1Encoding.BER);
ContentInfo mainInfo = new ContentInfo(data, new BEROctetString(pkg));
//
// create the mac
//
byte[] mSalt = new byte[saltLength];
random.nextBytes(mSalt);
byte[] data = ((ASN1OctetString) mainInfo.getContent()).getOctets();
MacData mData;
try {
byte[] res = calculatePbeMac(macAlgorithm.getAlgorithm(), mSalt, itCount, password, false, data);
DigestInfo dInfo = new DigestInfo(macAlgorithm, res);
mData = new MacData(dInfo, mSalt, itCount);
} catch (Exception e) {
throw new IOException("error constructing MAC: " + e.toString());
}
//
// output the Pfx
//
Pfx pfx = new Pfx(mainInfo, mData);
pfx.encodeTo(stream, useDEREncoding ? ASN1Encoding.DER : ASN1Encoding.BER);
}
Also used :
ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString)
PrivateKey(java.security.PrivateKey)
Set(java.util.Set)
DERSet(com.github.zhenwei.core.asn1.DERSet)
ASN1Set(com.github.zhenwei.core.asn1.ASN1Set)
HashSet(java.util.HashSet)
ASN1BMPString(com.github.zhenwei.core.asn1.ASN1BMPString)
AuthenticatedSafe(com.github.zhenwei.core.asn1.pkcs.AuthenticatedSafe)
BEROctetString(com.github.zhenwei.core.asn1.BEROctetString)
DERBMPString(com.github.zhenwei.core.asn1.DERBMPString)
ASN1BMPString(com.github.zhenwei.core.asn1.ASN1BMPString)
ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString)
DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)
DERSet(com.github.zhenwei.core.asn1.DERSet)
DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)
PKCS12BagAttributeCarrier(com.github.zhenwei.provider.jce.interfaces.PKCS12BagAttributeCarrier)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
BEROctetString(com.github.zhenwei.core.asn1.BEROctetString)
ContentInfo(com.github.zhenwei.core.asn1.pkcs.ContentInfo)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
EncryptedData(com.github.zhenwei.core.asn1.pkcs.EncryptedData)
MacData(com.github.zhenwei.core.asn1.pkcs.MacData)
Enumeration(java.util.Enumeration)
Pfx(com.github.zhenwei.core.asn1.pkcs.Pfx)
DERBMPString(com.github.zhenwei.core.asn1.DERBMPString)
Hashtable(java.util.Hashtable)
BERSequence(com.github.zhenwei.core.asn1.BERSequence)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
SafeBag(com.github.zhenwei.core.asn1.pkcs.SafeBag)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
IOException(java.io.IOException)
EOFException(java.io.EOFException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
CertificateException(java.security.cert.CertificateException)
NoSuchProviderException(java.security.NoSuchProviderException)
CertBag(com.github.zhenwei.core.asn1.pkcs.CertBag)
PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)
DigestInfo(com.github.zhenwei.core.asn1.x509.DigestInfo)
ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Aggregations
IOException (java.io.IOException)19
CertID (org.bouncycastle.asn1.ocsp.CertID)15
ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)13
DERSequence (com.github.zhenwei.core.asn1.DERSequence)11
CertificateException (java.security.cert.CertificateException)7
X509Certificate (java.security.cert.X509Certificate)7
ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)6
DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)6
BigInteger (java.math.BigInteger)6
CertificateEncodingException (java.security.cert.CertificateEncodingException)6
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5
NoSuchProviderException (java.security.NoSuchProviderException)5
ASN1BMPString (com.github.zhenwei.core.asn1.ASN1BMPString)4
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)4
DERBMPString (com.github.zhenwei.core.asn1.DERBMPString)4
Extension (org.bouncycastle.asn1.x509.Extension)4
ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)3
BEROctetString (com.github.zhenwei.core.asn1.BEROctetString)3
DERTaggedObject (com.github.zhenwei.core.asn1.DERTaggedObject)3
CertID (com.github.zhenwei.core.asn1.ocsp.CertID)3
