Search in sources :

Example 76 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class SMimeParserListener method object.

public void object(MimeParserContext parserContext, Headers headers, InputStream inputStream) throws IOException {
    try {
        if (headers.getContentType().equals("application/pkcs7-signature") || headers.getContentType().equals("application/x-pkcs7-signature")) {
            Map<ASN1ObjectIdentifier, byte[]> hashes = new HashMap<ASN1ObjectIdentifier, byte[]>();
            for (int i = 0; i != digestCalculators.length; i++) {
                digestCalculators[i].getOutputStream().close();
                hashes.put(digestCalculators[i].getAlgorithmIdentifier().getAlgorithm(), digestCalculators[i].getDigest());
            }
            byte[] sigBlock = Streams.readAll(inputStream);
            CMSSignedData signedData = new CMSSignedData(hashes, sigBlock);
            signedData(parserContext, headers, signedData.getCertificates(), signedData.getCRLs(), signedData.getAttributeCertificates(), signedData.getSignerInfos());
        } else if (headers.getContentType().equals("application/pkcs7-mime") || headers.getContentType().equals("application/x-pkcs7-mime")) {
            CMSEnvelopedDataParser envelopedDataParser = new CMSEnvelopedDataParser(inputStream);
            envelopedData(parserContext, headers, envelopedDataParser.getOriginatorInfo(), envelopedDataParser.getRecipientInfos());
            envelopedDataParser.close();
        } else {
            content(parserContext, headers, inputStream);
        }
    } catch (CMSException e) {
        throw new MimeIOException("CMS failure: " + e.getMessage(), e);
    }
}
Also used : HashMap(java.util.HashMap) CMSEnvelopedDataParser(com.github.zhenwei.pkix.cms.CMSEnvelopedDataParser) MimeIOException(com.github.zhenwei.pkix.mime.MimeIOException) CMSSignedData(com.github.zhenwei.pkix.cms.CMSSignedData) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) CMSException(com.github.zhenwei.pkix.cms.CMSException)

Example 77 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class ECDSAEncoder method toX962.

public static byte[] toX962(Signature signature) {
    byte[] r;
    byte[] s;
    if (signature.getChoice() == Signature.ecdsaNistP256Signature || signature.getChoice() == Signature.ecdsaBrainpoolP256r1Signature) {
        EcdsaP256Signature sig = EcdsaP256Signature.getInstance(signature.getValue());
        r = ASN1OctetString.getInstance(sig.getrSig().getValue()).getOctets();
        s = sig.getsSig().getOctets();
    } else {
        EcdsaP384Signature sig = EcdsaP384Signature.getInstance(signature.getValue());
        r = ASN1OctetString.getInstance(sig.getrSig().getValue()).getOctets();
        s = sig.getsSig().getOctets();
    }
    try {
        return new DERSequence(new ASN1Encodable[] { new ASN1Integer(BigIntegers.fromUnsignedByteArray(r)), new ASN1Integer(BigIntegers.fromUnsignedByteArray(s)) }).getEncoded();
    } catch (IOException ioException) {
        throw new RuntimeException("der encoding r & s");
    }
}
Also used : EcdsaP256Signature(com.github.zhenwei.pkix.util.oer.its.EcdsaP256Signature) DERSequence(com.github.zhenwei.core.asn1.DERSequence) EcdsaP384Signature(com.github.zhenwei.pkix.util.oer.its.EcdsaP384Signature) ASN1Encodable(com.github.zhenwei.core.asn1.ASN1Encodable) ASN1Integer(com.github.zhenwei.core.asn1.ASN1Integer) IOException(java.io.IOException)

Example 78 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class PKIStatusInfo method toASN1Primitive.

/**
 * <pre>
 * PKIStatusInfo ::= SEQUENCE {
 *     status        PKIStatus,                (INTEGER)
 *     statusString  PKIFreeText     OPTIONAL,
 *     failInfo      PKIFailureInfo  OPTIONAL  (BIT STRING)
 * }
 *
 * PKIStatus:
 *   granted                (0), -- you got exactly what you asked for
 *   grantedWithMods        (1), -- you got something like what you asked for
 *   rejection              (2), -- you don't get it, more information elsewhere in the message
 *   waiting                (3), -- the request body part has not yet been processed, expect to hear more later
 *   revocationWarning      (4), -- this message contains a warning that a revocation is imminent
 *   revocationNotification (5), -- notification that a revocation has occurred
 *   keyUpdateWarning       (6)  -- update already done for the oldCertId specified in CertReqMsg
 *
 * PKIFailureInfo:
 *   badAlg           (0), -- unrecognized or unsupported Algorithm Identifier
 *   badMessageCheck  (1), -- integrity check failed (e.g., signature did not verify)
 *   badRequest       (2), -- transaction not permitted or supported
 *   badTime          (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
 *   badCertId        (4), -- no certificate could be found matching the provided criteria
 *   badDataFormat    (5), -- the data submitted has the wrong format
 *   wrongAuthority   (6), -- the authority indicated in the request is different from the one creating the response token
 *   incorrectData    (7), -- the requester's data is incorrect (for notary services)
 *   missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy)
 *   badPOP           (9)  -- the proof-of-possession failed
 *
 * </pre>
 */
public ASN1Primitive toASN1Primitive() {
    ASN1EncodableVector v = new ASN1EncodableVector(3);
    v.add(status);
    if (statusString != null) {
        v.add(statusString);
    }
    if (failInfo != null) {
        v.add(failInfo);
    }
    return new DERSequence(v);
}
Also used : DERSequence(com.github.zhenwei.core.asn1.DERSequence) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)

Example 79 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class BcFKSKeyStoreSpi method engineStore.

public void engineStore(KeyStore.LoadStoreParameter parameter) throws CertificateException, NoSuchAlgorithmException, IOException {
    if (parameter == null) {
        throw new IllegalArgumentException("'parameter' arg cannot be null");
    }
    if (parameter instanceof BCFKSStoreParameter) {
        BCFKSStoreParameter bcParam = (BCFKSStoreParameter) parameter;
        char[] password = ParameterUtil.extractPassword(parameter);
        hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(bcParam.getStorePBKDFConfig(), 512 / 8);
        engineStore(bcParam.getOutputStream(), password);
    } else if (parameter instanceof BCFKSLoadStoreParameter) {
        BCFKSLoadStoreParameter bcParam = (BCFKSLoadStoreParameter) parameter;
        if (bcParam.getStoreSignatureKey() != null) {
            signatureAlgorithm = generateSignatureAlgId(bcParam.getStoreSignatureKey(), bcParam.getStoreSignatureAlgorithm());
            hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(bcParam.getStorePBKDFConfig(), 512 / 8);
            if (bcParam.getStoreEncryptionAlgorithm() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM) {
                storeEncryptionAlgorithm = NISTObjectIdentifiers.id_aes256_CCM;
            } else {
                storeEncryptionAlgorithm = NISTObjectIdentifiers.id_aes256_wrap_pad;
            }
            if (bcParam.getStoreMacAlgorithm() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512) {
                hmacAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA512, DERNull.INSTANCE);
            } else {
                hmacAlgorithm = new AlgorithmIdentifier(NISTObjectIdentifiers.id_hmacWithSHA3_512, DERNull.INSTANCE);
            }
            char[] password = ParameterUtil.extractPassword(bcParam);
            EncryptedObjectStoreData encStoreData = getEncryptedObjectStoreData(signatureAlgorithm, password);
            try {
                Signature sig = helper.createSignature(signatureAlgorithm.getAlgorithm().getId());
                sig.initSign((PrivateKey) bcParam.getStoreSignatureKey());
                sig.update(encStoreData.getEncoded());
                SignatureCheck signatureCheck;
                X509Certificate[] certs = bcParam.getStoreCertificates();
                if (certs != null) {
                    com.github.zhenwei.core.asn1.x509.Certificate[] certificates = new com.github.zhenwei.core.asn1.x509.Certificate[certs.length];
                    for (int i = 0; i != certificates.length; i++) {
                        certificates[i] = com.github.zhenwei.core.asn1.x509.Certificate.getInstance(certs[i].getEncoded());
                    }
                    signatureCheck = new SignatureCheck(signatureAlgorithm, certificates, sig.sign());
                } else {
                    signatureCheck = new SignatureCheck(signatureAlgorithm, sig.sign());
                }
                ObjectStore store = new ObjectStore(encStoreData, new ObjectStoreIntegrityCheck(signatureCheck));
                bcParam.getOutputStream().write(store.getEncoded());
                bcParam.getOutputStream().flush();
            } catch (GeneralSecurityException e) {
                throw new IOException("error creating signature: " + e.getMessage(), e);
            }
        } else {
            char[] password = ParameterUtil.extractPassword(bcParam);
            hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(bcParam.getStorePBKDFConfig(), 512 / 8);
            if (bcParam.getStoreEncryptionAlgorithm() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM) {
                storeEncryptionAlgorithm = NISTObjectIdentifiers.id_aes256_CCM;
            } else {
                storeEncryptionAlgorithm = NISTObjectIdentifiers.id_aes256_wrap_pad;
            }
            if (bcParam.getStoreMacAlgorithm() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512) {
                hmacAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA512, DERNull.INSTANCE);
            } else {
                hmacAlgorithm = new AlgorithmIdentifier(NISTObjectIdentifiers.id_hmacWithSHA3_512, DERNull.INSTANCE);
            }
            engineStore(bcParam.getOutputStream(), password);
        }
    } else if (parameter instanceof BCLoadStoreParameter) {
        BCLoadStoreParameter bcParam = (BCLoadStoreParameter) parameter;
        engineStore(bcParam.getOutputStream(), ParameterUtil.extractPassword(parameter));
    } else {
        throw new IllegalArgumentException("no support for 'parameter' of type " + parameter.getClass().getName());
    }
}
Also used : ObjectStore(com.github.zhenwei.core.asn1.bc.ObjectStore) PrivateKey(java.security.PrivateKey) GeneralSecurityException(java.security.GeneralSecurityException) BCFKSStoreParameter(com.github.zhenwei.provider.jcajce.BCFKSStoreParameter) EncryptedObjectStoreData(com.github.zhenwei.core.asn1.bc.EncryptedObjectStoreData) IOException(java.io.IOException) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) SignatureCheck(com.github.zhenwei.core.asn1.bc.SignatureCheck) Signature(java.security.Signature) BCFKSLoadStoreParameter(com.github.zhenwei.provider.jcajce.BCFKSLoadStoreParameter) BCLoadStoreParameter(com.github.zhenwei.provider.jcajce.BCLoadStoreParameter) ObjectStoreIntegrityCheck(com.github.zhenwei.core.asn1.bc.ObjectStoreIntegrityCheck)

Example 80 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class X509CertificateImpl method toString.

public String toString() {
    StringBuffer buf = new StringBuffer();
    String nl = Strings.lineSeparator();
    buf.append("  [0]         Version: ").append(this.getVersion()).append(nl);
    buf.append("         SerialNumber: ").append(this.getSerialNumber()).append(nl);
    buf.append("             IssuerDN: ").append(this.getIssuerDN()).append(nl);
    buf.append("           Start Date: ").append(this.getNotBefore()).append(nl);
    buf.append("           Final Date: ").append(this.getNotAfter()).append(nl);
    buf.append("            SubjectDN: ").append(this.getSubjectDN()).append(nl);
    buf.append("           Public Key: ").append(this.getPublicKey()).append(nl);
    buf.append("  Signature Algorithm: ").append(this.getSigAlgName()).append(nl);
    X509SignatureUtil.prettyPrintSignature(this.getSignature(), buf, nl);
    Extensions extensions = c.getTBSCertificate().getExtensions();
    if (extensions != null) {
        Enumeration e = extensions.oids();
        if (e.hasMoreElements()) {
            buf.append("       Extensions: \n");
        }
        while (e.hasMoreElements()) {
            ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
            Extension ext = extensions.getExtension(oid);
            if (ext.getExtnValue() != null) {
                byte[] octs = ext.getExtnValue().getOctets();
                ASN1InputStream dIn = new ASN1InputStream(octs);
                buf.append("                       critical(").append(ext.isCritical()).append(") ");
                try {
                    if (oid.equals(Extension.basicConstraints)) {
                        buf.append(BasicConstraints.getInstance(dIn.readObject())).append(nl);
                    } else if (oid.equals(Extension.keyUsage)) {
                        buf.append(KeyUsage.getInstance(dIn.readObject())).append(nl);
                    } else if (oid.equals(MiscObjectIdentifiers.netscapeCertType)) {
                        buf.append(new NetscapeCertType(DERBitString.getInstance(dIn.readObject()))).append(nl);
                    } else if (oid.equals(MiscObjectIdentifiers.netscapeRevocationURL)) {
                        buf.append(new NetscapeRevocationURL(ASN1IA5String.getInstance(dIn.readObject()))).append(nl);
                    } else if (oid.equals(MiscObjectIdentifiers.verisignCzagExtension)) {
                        buf.append(new VerisignCzagExtension(ASN1IA5String.getInstance(dIn.readObject()))).append(nl);
                    } else {
                        buf.append(oid.getId());
                        buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
                    // buf.append(" value = ").append("*****").append(nl);
                    }
                } catch (Exception ex) {
                    buf.append(oid.getId());
                    // buf.append(" value = ").append(new String(Hex.encode(ext.getExtnValue().getOctets()))).append(nl);
                    buf.append(" value = ").append("*****").append(nl);
                }
            } else {
                buf.append(nl);
            }
        }
    }
    return buf.toString();
}
Also used : Extension(com.github.zhenwei.core.asn1.x509.Extension) VerisignCzagExtension(com.github.zhenwei.core.asn1.misc.VerisignCzagExtension) VerisignCzagExtension(com.github.zhenwei.core.asn1.misc.VerisignCzagExtension) ASN1InputStream(com.github.zhenwei.core.asn1.ASN1InputStream) Enumeration(java.util.Enumeration) NetscapeCertType(com.github.zhenwei.core.asn1.misc.NetscapeCertType) NetscapeRevocationURL(com.github.zhenwei.core.asn1.misc.NetscapeRevocationURL) ASN1BitString(com.github.zhenwei.core.asn1.ASN1BitString) ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString) DEROctetString(com.github.zhenwei.core.asn1.DEROctetString) DERBitString(com.github.zhenwei.core.asn1.DERBitString) ASN1String(com.github.zhenwei.core.asn1.ASN1String) ASN1IA5String(com.github.zhenwei.core.asn1.ASN1IA5String) Extensions(com.github.zhenwei.core.asn1.x509.Extensions) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) CertificateExpiredException(java.security.cert.CertificateExpiredException) SignatureException(java.security.SignatureException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) CertificateEncodingException(java.security.cert.CertificateEncodingException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertificateParsingException(java.security.cert.CertificateParsingException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) UnknownHostException(java.net.UnknownHostException) NoSuchProviderException(java.security.NoSuchProviderException)

Aggregations

IOException (java.io.IOException)44 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)34 DERSequence (com.github.zhenwei.core.asn1.DERSequence)29 DERBitString (com.github.zhenwei.core.asn1.DERBitString)21 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)20 OutputStream (java.io.OutputStream)20 SignatureException (java.security.SignatureException)20 GeneralSecurityException (java.security.GeneralSecurityException)15 Signature (java.security.Signature)15 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)14 DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)14 InvalidKeyException (java.security.InvalidKeyException)13 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)13 Iterator (java.util.Iterator)13 OperatorCreationException (com.github.zhenwei.pkix.operator.OperatorCreationException)11 CertificateEncodingException (java.security.cert.CertificateEncodingException)11 NoSuchProviderException (java.security.NoSuchProviderException)10 ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)9 ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)9 List (java.util.List)9