use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.
the class SMimeParserListener method object.
public void object(MimeParserContext parserContext, Headers headers, InputStream inputStream) throws IOException {
try {
if (headers.getContentType().equals("application/pkcs7-signature") || headers.getContentType().equals("application/x-pkcs7-signature")) {
Map<ASN1ObjectIdentifier, byte[]> hashes = new HashMap<ASN1ObjectIdentifier, byte[]>();
for (int i = 0; i != digestCalculators.length; i++) {
digestCalculators[i].getOutputStream().close();
hashes.put(digestCalculators[i].getAlgorithmIdentifier().getAlgorithm(), digestCalculators[i].getDigest());
}
byte[] sigBlock = Streams.readAll(inputStream);
CMSSignedData signedData = new CMSSignedData(hashes, sigBlock);
signedData(parserContext, headers, signedData.getCertificates(), signedData.getCRLs(), signedData.getAttributeCertificates(), signedData.getSignerInfos());
} else if (headers.getContentType().equals("application/pkcs7-mime") || headers.getContentType().equals("application/x-pkcs7-mime")) {
CMSEnvelopedDataParser envelopedDataParser = new CMSEnvelopedDataParser(inputStream);
envelopedData(parserContext, headers, envelopedDataParser.getOriginatorInfo(), envelopedDataParser.getRecipientInfos());
envelopedDataParser.close();
} else {
content(parserContext, headers, inputStream);
}
} catch (CMSException e) {
throw new MimeIOException("CMS failure: " + e.getMessage(), e);
}
}
use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.
the class ECDSAEncoder method toX962.
public static byte[] toX962(Signature signature) {
byte[] r;
byte[] s;
if (signature.getChoice() == Signature.ecdsaNistP256Signature || signature.getChoice() == Signature.ecdsaBrainpoolP256r1Signature) {
EcdsaP256Signature sig = EcdsaP256Signature.getInstance(signature.getValue());
r = ASN1OctetString.getInstance(sig.getrSig().getValue()).getOctets();
s = sig.getsSig().getOctets();
} else {
EcdsaP384Signature sig = EcdsaP384Signature.getInstance(signature.getValue());
r = ASN1OctetString.getInstance(sig.getrSig().getValue()).getOctets();
s = sig.getsSig().getOctets();
}
try {
return new DERSequence(new ASN1Encodable[] { new ASN1Integer(BigIntegers.fromUnsignedByteArray(r)), new ASN1Integer(BigIntegers.fromUnsignedByteArray(s)) }).getEncoded();
} catch (IOException ioException) {
throw new RuntimeException("der encoding r & s");
}
}
use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.
the class PKIStatusInfo method toASN1Primitive.
/**
* <pre>
* PKIStatusInfo ::= SEQUENCE {
* status PKIStatus, (INTEGER)
* statusString PKIFreeText OPTIONAL,
* failInfo PKIFailureInfo OPTIONAL (BIT STRING)
* }
*
* PKIStatus:
* granted (0), -- you got exactly what you asked for
* grantedWithMods (1), -- you got something like what you asked for
* rejection (2), -- you don't get it, more information elsewhere in the message
* waiting (3), -- the request body part has not yet been processed, expect to hear more later
* revocationWarning (4), -- this message contains a warning that a revocation is imminent
* revocationNotification (5), -- notification that a revocation has occurred
* keyUpdateWarning (6) -- update already done for the oldCertId specified in CertReqMsg
*
* PKIFailureInfo:
* badAlg (0), -- unrecognized or unsupported Algorithm Identifier
* badMessageCheck (1), -- integrity check failed (e.g., signature did not verify)
* badRequest (2), -- transaction not permitted or supported
* badTime (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
* badCertId (4), -- no certificate could be found matching the provided criteria
* badDataFormat (5), -- the data submitted has the wrong format
* wrongAuthority (6), -- the authority indicated in the request is different from the one creating the response token
* incorrectData (7), -- the requester's data is incorrect (for notary services)
* missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy)
* badPOP (9) -- the proof-of-possession failed
*
* </pre>
*/
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector(3);
v.add(status);
if (statusString != null) {
v.add(statusString);
}
if (failInfo != null) {
v.add(failInfo);
}
return new DERSequence(v);
}
use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.
the class BcFKSKeyStoreSpi method engineStore.
public void engineStore(KeyStore.LoadStoreParameter parameter) throws CertificateException, NoSuchAlgorithmException, IOException {
if (parameter == null) {
throw new IllegalArgumentException("'parameter' arg cannot be null");
}
if (parameter instanceof BCFKSStoreParameter) {
BCFKSStoreParameter bcParam = (BCFKSStoreParameter) parameter;
char[] password = ParameterUtil.extractPassword(parameter);
hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(bcParam.getStorePBKDFConfig(), 512 / 8);
engineStore(bcParam.getOutputStream(), password);
} else if (parameter instanceof BCFKSLoadStoreParameter) {
BCFKSLoadStoreParameter bcParam = (BCFKSLoadStoreParameter) parameter;
if (bcParam.getStoreSignatureKey() != null) {
signatureAlgorithm = generateSignatureAlgId(bcParam.getStoreSignatureKey(), bcParam.getStoreSignatureAlgorithm());
hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(bcParam.getStorePBKDFConfig(), 512 / 8);
if (bcParam.getStoreEncryptionAlgorithm() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM) {
storeEncryptionAlgorithm = NISTObjectIdentifiers.id_aes256_CCM;
} else {
storeEncryptionAlgorithm = NISTObjectIdentifiers.id_aes256_wrap_pad;
}
if (bcParam.getStoreMacAlgorithm() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512) {
hmacAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA512, DERNull.INSTANCE);
} else {
hmacAlgorithm = new AlgorithmIdentifier(NISTObjectIdentifiers.id_hmacWithSHA3_512, DERNull.INSTANCE);
}
char[] password = ParameterUtil.extractPassword(bcParam);
EncryptedObjectStoreData encStoreData = getEncryptedObjectStoreData(signatureAlgorithm, password);
try {
Signature sig = helper.createSignature(signatureAlgorithm.getAlgorithm().getId());
sig.initSign((PrivateKey) bcParam.getStoreSignatureKey());
sig.update(encStoreData.getEncoded());
SignatureCheck signatureCheck;
X509Certificate[] certs = bcParam.getStoreCertificates();
if (certs != null) {
com.github.zhenwei.core.asn1.x509.Certificate[] certificates = new com.github.zhenwei.core.asn1.x509.Certificate[certs.length];
for (int i = 0; i != certificates.length; i++) {
certificates[i] = com.github.zhenwei.core.asn1.x509.Certificate.getInstance(certs[i].getEncoded());
}
signatureCheck = new SignatureCheck(signatureAlgorithm, certificates, sig.sign());
} else {
signatureCheck = new SignatureCheck(signatureAlgorithm, sig.sign());
}
ObjectStore store = new ObjectStore(encStoreData, new ObjectStoreIntegrityCheck(signatureCheck));
bcParam.getOutputStream().write(store.getEncoded());
bcParam.getOutputStream().flush();
} catch (GeneralSecurityException e) {
throw new IOException("error creating signature: " + e.getMessage(), e);
}
} else {
char[] password = ParameterUtil.extractPassword(bcParam);
hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(bcParam.getStorePBKDFConfig(), 512 / 8);
if (bcParam.getStoreEncryptionAlgorithm() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM) {
storeEncryptionAlgorithm = NISTObjectIdentifiers.id_aes256_CCM;
} else {
storeEncryptionAlgorithm = NISTObjectIdentifiers.id_aes256_wrap_pad;
}
if (bcParam.getStoreMacAlgorithm() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512) {
hmacAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA512, DERNull.INSTANCE);
} else {
hmacAlgorithm = new AlgorithmIdentifier(NISTObjectIdentifiers.id_hmacWithSHA3_512, DERNull.INSTANCE);
}
engineStore(bcParam.getOutputStream(), password);
}
} else if (parameter instanceof BCLoadStoreParameter) {
BCLoadStoreParameter bcParam = (BCLoadStoreParameter) parameter;
engineStore(bcParam.getOutputStream(), ParameterUtil.extractPassword(parameter));
} else {
throw new IllegalArgumentException("no support for 'parameter' of type " + parameter.getClass().getName());
}
}
use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.
the class X509CertificateImpl method toString.
public String toString() {
StringBuffer buf = new StringBuffer();
String nl = Strings.lineSeparator();
buf.append(" [0] Version: ").append(this.getVersion()).append(nl);
buf.append(" SerialNumber: ").append(this.getSerialNumber()).append(nl);
buf.append(" IssuerDN: ").append(this.getIssuerDN()).append(nl);
buf.append(" Start Date: ").append(this.getNotBefore()).append(nl);
buf.append(" Final Date: ").append(this.getNotAfter()).append(nl);
buf.append(" SubjectDN: ").append(this.getSubjectDN()).append(nl);
buf.append(" Public Key: ").append(this.getPublicKey()).append(nl);
buf.append(" Signature Algorithm: ").append(this.getSigAlgName()).append(nl);
X509SignatureUtil.prettyPrintSignature(this.getSignature(), buf, nl);
Extensions extensions = c.getTBSCertificate().getExtensions();
if (extensions != null) {
Enumeration e = extensions.oids();
if (e.hasMoreElements()) {
buf.append(" Extensions: \n");
}
while (e.hasMoreElements()) {
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
Extension ext = extensions.getExtension(oid);
if (ext.getExtnValue() != null) {
byte[] octs = ext.getExtnValue().getOctets();
ASN1InputStream dIn = new ASN1InputStream(octs);
buf.append(" critical(").append(ext.isCritical()).append(") ");
try {
if (oid.equals(Extension.basicConstraints)) {
buf.append(BasicConstraints.getInstance(dIn.readObject())).append(nl);
} else if (oid.equals(Extension.keyUsage)) {
buf.append(KeyUsage.getInstance(dIn.readObject())).append(nl);
} else if (oid.equals(MiscObjectIdentifiers.netscapeCertType)) {
buf.append(new NetscapeCertType(DERBitString.getInstance(dIn.readObject()))).append(nl);
} else if (oid.equals(MiscObjectIdentifiers.netscapeRevocationURL)) {
buf.append(new NetscapeRevocationURL(ASN1IA5String.getInstance(dIn.readObject()))).append(nl);
} else if (oid.equals(MiscObjectIdentifiers.verisignCzagExtension)) {
buf.append(new VerisignCzagExtension(ASN1IA5String.getInstance(dIn.readObject()))).append(nl);
} else {
buf.append(oid.getId());
buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
// buf.append(" value = ").append("*****").append(nl);
}
} catch (Exception ex) {
buf.append(oid.getId());
// buf.append(" value = ").append(new String(Hex.encode(ext.getExtnValue().getOctets()))).append(nl);
buf.append(" value = ").append("*****").append(nl);
}
} else {
buf.append(nl);
}
}
}
return buf.toString();
}
Aggregations