use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.
the class DefaultSignedAttributeTableGenerator method createStandardAttributeTable.
/**
* Create a standard attribute table from the passed in parameters - this will normally include
* contentType, signingTime, messageDigest, and CMS algorithm protection. If the constructor using
* an AttributeTable was used, entries in it for contentType, signingTime, and messageDigest will
* override the generated ones.
*
* @param parameters source parameters for table generation.
* @return a filled in Hashtable of attributes.
*/
protected Hashtable createStandardAttributeTable(Map parameters) {
Hashtable std = copyHashTable(table);
if (!std.containsKey(CMSAttributes.contentType)) {
ASN1ObjectIdentifier contentType = ASN1ObjectIdentifier.getInstance(parameters.get(CMSAttributeTableGenerator.CONTENT_TYPE));
// contentType will be null if we're trying to generate a counter signature.
if (contentType != null) {
Attribute attr = new Attribute(CMSAttributes.contentType, new DERSet(contentType));
std.put(attr.getAttrType(), attr);
}
}
if (!std.containsKey(CMSAttributes.signingTime)) {
Date signingTime = new Date();
Attribute attr = new Attribute(CMSAttributes.signingTime, new DERSet(new Time(signingTime)));
std.put(attr.getAttrType(), attr);
}
if (!std.containsKey(CMSAttributes.messageDigest)) {
byte[] messageDigest = (byte[]) parameters.get(CMSAttributeTableGenerator.DIGEST);
Attribute attr = new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(messageDigest)));
std.put(attr.getAttrType(), attr);
}
if (!std.contains(CMSAttributes.cmsAlgorithmProtect)) {
Attribute attr = new Attribute(CMSAttributes.cmsAlgorithmProtect, new DERSet(new CMSAlgorithmProtection((AlgorithmIdentifier) parameters.get(CMSAttributeTableGenerator.DIGEST_ALGORITHM_IDENTIFIER), CMSAlgorithmProtection.SIGNATURE, (AlgorithmIdentifier) parameters.get(CMSAttributeTableGenerator.SIGNATURE_ALGORITHM_IDENTIFIER))));
std.put(attr.getAttrType(), attr);
}
return std;
}
use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.
the class ITSExplicitCertificateBuilder method build.
public ITSCertificate build(CertificateId certificateId, ITSPublicVerificationKey verificationKey, ITSPublicEncryptionKey publicEncryptionKey) {
ToBeSignedCertificate.Builder tbsBldr = new ToBeSignedCertificate.Builder(tbsCertificateBuilder);
tbsBldr.setCertificateId(certificateId);
if (publicEncryptionKey != null) {
tbsBldr.setEncryptionKey(publicEncryptionKey.toASN1Structure());
}
tbsBldr.setVerificationKeyIndicator(VerificationKeyIndicator.builder().publicVerificationKey(verificationKey.toASN1Structure()).createVerificationKeyIndicator());
ToBeSignedCertificate tbsCertificate = tbsBldr.createToBeSignedCertificate();
ToBeSignedCertificate signerCert = null;
VerificationKeyIndicator verificationKeyIndicator;
if (signer.isForSelfSigning()) {
verificationKeyIndicator = tbsCertificate.getVerificationKeyIndicator();
} else {
signerCert = signer.getAssociatedCertificate().toASN1Structure().getCertificateBase().getToBeSignedCertificate();
verificationKeyIndicator = signerCert.getVerificationKeyIndicator();
}
OutputStream sOut = signer.getOutputStream();
try {
sOut.write(OEREncoder.toByteArray(tbsCertificate, IEEE1609dot2.tbsCertificate));
sOut.close();
} catch (IOException e) {
throw new IllegalArgumentException("cannot produce certificate signature");
}
// TODO: signature actually optional.
Signature sig = null;
switch(verificationKeyIndicator.getChoice()) {
case PublicVerificationKey.ecdsaNistP256:
sig = ECDSAEncoder.toITS(SECObjectIdentifiers.secp256r1, signer.getSignature());
break;
case PublicVerificationKey.ecdsaBrainpoolP256r1:
sig = ECDSAEncoder.toITS(TeleTrusTObjectIdentifiers.brainpoolP256r1, signer.getSignature());
break;
case PublicVerificationKey.ecdsaBrainpoolP384r1:
sig = ECDSAEncoder.toITS(TeleTrusTObjectIdentifiers.brainpoolP384r1, signer.getSignature());
break;
default:
throw new IllegalStateException("unknown key type");
}
CertificateBase.Builder baseBldr = new CertificateBase.Builder();
IssuerIdentifier.Builder issuerIdentifierBuilder = IssuerIdentifier.builder();
ASN1ObjectIdentifier digestAlg = signer.getDigestAlgorithm().getAlgorithm();
if (signer.isForSelfSigning()) {
if (digestAlg.equals(NISTObjectIdentifiers.id_sha256)) {
issuerIdentifierBuilder.self(HashAlgorithm.sha256);
} else if (digestAlg.equals(NISTObjectIdentifiers.id_sha384)) {
issuerIdentifierBuilder.self(HashAlgorithm.sha384);
} else {
throw new IllegalStateException("unknown digest");
}
} else {
byte[] parentDigest = signer.getAssociatedCertificateDigest();
HashedId.HashedId8 hashedID = new HashedId.HashedId8(Arrays.copyOfRange(parentDigest, parentDigest.length - 8, parentDigest.length));
if (digestAlg.equals(NISTObjectIdentifiers.id_sha256)) {
issuerIdentifierBuilder.sha256AndDigest(hashedID);
} else if (digestAlg.equals(NISTObjectIdentifiers.id_sha384)) {
issuerIdentifierBuilder.sha384AndDigest(hashedID);
} else {
throw new IllegalStateException("unknown digest");
}
}
baseBldr.setVersion(version);
baseBldr.setType(CertificateType.Explicit);
baseBldr.setIssuer(issuerIdentifierBuilder.createIssuerIdentifier());
baseBldr.setToBeSignedCertificate(tbsCertificate);
baseBldr.setSignature(sig);
Certificate.Builder bldr = new Certificate.Builder();
bldr.setCertificateBase(baseBldr.createCertificateBase());
return new ITSCertificate(bldr.createCertificate());
}
use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.
the class CertStatus method toASN1Primitive.
/**
* <pre>
* CertStatus ::= SEQUENCE {
* certHash OCTET STRING,
* -- the hash of the certificate, using the same hash algorithm
* -- as is used to create and verify the certificate signature
* certReqId INTEGER,
* -- to match this confirmation with the corresponding req/rep
* statusInfo PKIStatusInfo OPTIONAL
* }
* </pre>
*
* @return a basic ASN.1 object representation.
*/
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector(3);
v.add(certHash);
v.add(certReqId);
if (statusInfo != null) {
v.add(statusInfo);
}
return new DERSequence(v);
}
use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.
the class CVCertificateRequest method toASN1Primitive.
public ASN1Primitive toASN1Primitive() {
if (original != null) {
return original;
} else {
ASN1EncodableVector v = new ASN1EncodableVector(2);
v.add(certificateBody);
try {
v.add(new DERApplicationSpecific(false, EACTags.STATIC_INTERNAL_AUTHENTIFICATION_ONE_STEP, new DEROctetString(innerSignature)));
} catch (IOException e) {
throw new IllegalStateException("unable to convert signature!");
}
return new DERApplicationSpecific(EACTags.CARDHOLDER_CERTIFICATE, v);
}
}
use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.
the class POPOSigningKey method toASN1Primitive.
/**
* <pre>
* POPOSigningKey ::= SEQUENCE {
* poposkInput [0] POPOSigningKeyInput OPTIONAL,
* algorithmIdentifier AlgorithmIdentifier,
* signature BIT STRING }
* -- The signature (using "algorithmIdentifier") is on the
* -- DER-encoded value of poposkInput. NOTE: If the CertReqMsg
* -- certReq CertTemplate contains the subject and publicKey values,
* -- then poposkInput MUST be omitted and the signature MUST be
* -- computed on the DER-encoded value of CertReqMsg certReq. If
* -- the CertReqMsg certReq CertTemplate does not contain the public
* -- key and subject values, then poposkInput MUST be present and
* -- MUST be signed. This strategy ensures that the public key is
* -- not present in both the poposkInput and CertReqMsg certReq
* -- CertTemplate fields.
* </pre>
*
* @return a basic ASN.1 object representation.
*/
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector(3);
if (poposkInput != null) {
v.add(new DERTaggedObject(false, 0, poposkInput));
}
v.add(algorithmIdentifier);
v.add(signature);
return new DERSequence(v);
}
Aggregations