Search in sources :

Example 11 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class DefaultSignedAttributeTableGenerator method createStandardAttributeTable.

/**
 * Create a standard attribute table from the passed in parameters - this will normally include
 * contentType, signingTime, messageDigest, and CMS algorithm protection. If the constructor using
 * an AttributeTable was used, entries in it for contentType, signingTime, and messageDigest will
 * override the generated ones.
 *
 * @param parameters source parameters for table generation.
 * @return a filled in Hashtable of attributes.
 */
protected Hashtable createStandardAttributeTable(Map parameters) {
    Hashtable std = copyHashTable(table);
    if (!std.containsKey(CMSAttributes.contentType)) {
        ASN1ObjectIdentifier contentType = ASN1ObjectIdentifier.getInstance(parameters.get(CMSAttributeTableGenerator.CONTENT_TYPE));
        // contentType will be null if we're trying to generate a counter signature.
        if (contentType != null) {
            Attribute attr = new Attribute(CMSAttributes.contentType, new DERSet(contentType));
            std.put(attr.getAttrType(), attr);
        }
    }
    if (!std.containsKey(CMSAttributes.signingTime)) {
        Date signingTime = new Date();
        Attribute attr = new Attribute(CMSAttributes.signingTime, new DERSet(new Time(signingTime)));
        std.put(attr.getAttrType(), attr);
    }
    if (!std.containsKey(CMSAttributes.messageDigest)) {
        byte[] messageDigest = (byte[]) parameters.get(CMSAttributeTableGenerator.DIGEST);
        Attribute attr = new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(messageDigest)));
        std.put(attr.getAttrType(), attr);
    }
    if (!std.contains(CMSAttributes.cmsAlgorithmProtect)) {
        Attribute attr = new Attribute(CMSAttributes.cmsAlgorithmProtect, new DERSet(new CMSAlgorithmProtection((AlgorithmIdentifier) parameters.get(CMSAttributeTableGenerator.DIGEST_ALGORITHM_IDENTIFIER), CMSAlgorithmProtection.SIGNATURE, (AlgorithmIdentifier) parameters.get(CMSAttributeTableGenerator.SIGNATURE_ALGORITHM_IDENTIFIER))));
        std.put(attr.getAttrType(), attr);
    }
    return std;
}
Also used : CMSAlgorithmProtection(com.github.zhenwei.pkix.util.asn1.cms.CMSAlgorithmProtection) Attribute(com.github.zhenwei.pkix.util.asn1.cms.Attribute) Hashtable(java.util.Hashtable) Time(com.github.zhenwei.pkix.util.asn1.cms.Time) DERSet(com.github.zhenwei.core.asn1.DERSet) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) Date(java.util.Date) DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)

Example 12 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class ITSExplicitCertificateBuilder method build.

public ITSCertificate build(CertificateId certificateId, ITSPublicVerificationKey verificationKey, ITSPublicEncryptionKey publicEncryptionKey) {
    ToBeSignedCertificate.Builder tbsBldr = new ToBeSignedCertificate.Builder(tbsCertificateBuilder);
    tbsBldr.setCertificateId(certificateId);
    if (publicEncryptionKey != null) {
        tbsBldr.setEncryptionKey(publicEncryptionKey.toASN1Structure());
    }
    tbsBldr.setVerificationKeyIndicator(VerificationKeyIndicator.builder().publicVerificationKey(verificationKey.toASN1Structure()).createVerificationKeyIndicator());
    ToBeSignedCertificate tbsCertificate = tbsBldr.createToBeSignedCertificate();
    ToBeSignedCertificate signerCert = null;
    VerificationKeyIndicator verificationKeyIndicator;
    if (signer.isForSelfSigning()) {
        verificationKeyIndicator = tbsCertificate.getVerificationKeyIndicator();
    } else {
        signerCert = signer.getAssociatedCertificate().toASN1Structure().getCertificateBase().getToBeSignedCertificate();
        verificationKeyIndicator = signerCert.getVerificationKeyIndicator();
    }
    OutputStream sOut = signer.getOutputStream();
    try {
        sOut.write(OEREncoder.toByteArray(tbsCertificate, IEEE1609dot2.tbsCertificate));
        sOut.close();
    } catch (IOException e) {
        throw new IllegalArgumentException("cannot produce certificate signature");
    }
    // TODO: signature actually optional.
    Signature sig = null;
    switch(verificationKeyIndicator.getChoice()) {
        case PublicVerificationKey.ecdsaNistP256:
            sig = ECDSAEncoder.toITS(SECObjectIdentifiers.secp256r1, signer.getSignature());
            break;
        case PublicVerificationKey.ecdsaBrainpoolP256r1:
            sig = ECDSAEncoder.toITS(TeleTrusTObjectIdentifiers.brainpoolP256r1, signer.getSignature());
            break;
        case PublicVerificationKey.ecdsaBrainpoolP384r1:
            sig = ECDSAEncoder.toITS(TeleTrusTObjectIdentifiers.brainpoolP384r1, signer.getSignature());
            break;
        default:
            throw new IllegalStateException("unknown key type");
    }
    CertificateBase.Builder baseBldr = new CertificateBase.Builder();
    IssuerIdentifier.Builder issuerIdentifierBuilder = IssuerIdentifier.builder();
    ASN1ObjectIdentifier digestAlg = signer.getDigestAlgorithm().getAlgorithm();
    if (signer.isForSelfSigning()) {
        if (digestAlg.equals(NISTObjectIdentifiers.id_sha256)) {
            issuerIdentifierBuilder.self(HashAlgorithm.sha256);
        } else if (digestAlg.equals(NISTObjectIdentifiers.id_sha384)) {
            issuerIdentifierBuilder.self(HashAlgorithm.sha384);
        } else {
            throw new IllegalStateException("unknown digest");
        }
    } else {
        byte[] parentDigest = signer.getAssociatedCertificateDigest();
        HashedId.HashedId8 hashedID = new HashedId.HashedId8(Arrays.copyOfRange(parentDigest, parentDigest.length - 8, parentDigest.length));
        if (digestAlg.equals(NISTObjectIdentifiers.id_sha256)) {
            issuerIdentifierBuilder.sha256AndDigest(hashedID);
        } else if (digestAlg.equals(NISTObjectIdentifiers.id_sha384)) {
            issuerIdentifierBuilder.sha384AndDigest(hashedID);
        } else {
            throw new IllegalStateException("unknown digest");
        }
    }
    baseBldr.setVersion(version);
    baseBldr.setType(CertificateType.Explicit);
    baseBldr.setIssuer(issuerIdentifierBuilder.createIssuerIdentifier());
    baseBldr.setToBeSignedCertificate(tbsCertificate);
    baseBldr.setSignature(sig);
    Certificate.Builder bldr = new Certificate.Builder();
    bldr.setCertificateBase(baseBldr.createCertificateBase());
    return new ITSCertificate(bldr.createCertificate());
}
Also used : OutputStream(java.io.OutputStream) IOException(java.io.IOException) ToBeSignedCertificate(com.github.zhenwei.pkix.util.oer.its.ToBeSignedCertificate) CertificateBase(com.github.zhenwei.pkix.util.oer.its.CertificateBase) IssuerIdentifier(com.github.zhenwei.pkix.util.oer.its.IssuerIdentifier) Signature(com.github.zhenwei.pkix.util.oer.its.Signature) VerificationKeyIndicator(com.github.zhenwei.pkix.util.oer.its.VerificationKeyIndicator) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) HashedId(com.github.zhenwei.pkix.util.oer.its.HashedId) Certificate(com.github.zhenwei.pkix.util.oer.its.Certificate) ToBeSignedCertificate(com.github.zhenwei.pkix.util.oer.its.ToBeSignedCertificate)

Example 13 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class CertStatus method toASN1Primitive.

/**
 * <pre>
 * CertStatus ::= SEQUENCE {
 *                   certHash    OCTET STRING,
 *                   -- the hash of the certificate, using the same hash algorithm
 *                   -- as is used to create and verify the certificate signature
 *                   certReqId   INTEGER,
 *                   -- to match this confirmation with the corresponding req/rep
 *                   statusInfo  PKIStatusInfo OPTIONAL
 * }
 * </pre>
 *
 * @return a basic ASN.1 object representation.
 */
public ASN1Primitive toASN1Primitive() {
    ASN1EncodableVector v = new ASN1EncodableVector(3);
    v.add(certHash);
    v.add(certReqId);
    if (statusInfo != null) {
        v.add(statusInfo);
    }
    return new DERSequence(v);
}
Also used : DERSequence(com.github.zhenwei.core.asn1.DERSequence) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)

Example 14 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class CVCertificateRequest method toASN1Primitive.

public ASN1Primitive toASN1Primitive() {
    if (original != null) {
        return original;
    } else {
        ASN1EncodableVector v = new ASN1EncodableVector(2);
        v.add(certificateBody);
        try {
            v.add(new DERApplicationSpecific(false, EACTags.STATIC_INTERNAL_AUTHENTIFICATION_ONE_STEP, new DEROctetString(innerSignature)));
        } catch (IOException e) {
            throw new IllegalStateException("unable to convert signature!");
        }
        return new DERApplicationSpecific(EACTags.CARDHOLDER_CERTIFICATE, v);
    }
}
Also used : DERApplicationSpecific(com.github.zhenwei.core.asn1.DERApplicationSpecific) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) IOException(java.io.IOException) DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)

Example 15 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class POPOSigningKey method toASN1Primitive.

/**
 * <pre>
 * POPOSigningKey ::= SEQUENCE {
 *                      poposkInput           [0] POPOSigningKeyInput OPTIONAL,
 *                      algorithmIdentifier   AlgorithmIdentifier,
 *                      signature             BIT STRING }
 *  -- The signature (using "algorithmIdentifier") is on the
 *  -- DER-encoded value of poposkInput.  NOTE: If the CertReqMsg
 *  -- certReq CertTemplate contains the subject and publicKey values,
 *  -- then poposkInput MUST be omitted and the signature MUST be
 *  -- computed on the DER-encoded value of CertReqMsg certReq.  If
 *  -- the CertReqMsg certReq CertTemplate does not contain the public
 *  -- key and subject values, then poposkInput MUST be present and
 *  -- MUST be signed.  This strategy ensures that the public key is
 *  -- not present in both the poposkInput and CertReqMsg certReq
 *  -- CertTemplate fields.
 * </pre>
 *
 * @return a basic ASN.1 object representation.
 */
public ASN1Primitive toASN1Primitive() {
    ASN1EncodableVector v = new ASN1EncodableVector(3);
    if (poposkInput != null) {
        v.add(new DERTaggedObject(false, 0, poposkInput));
    }
    v.add(algorithmIdentifier);
    v.add(signature);
    return new DERSequence(v);
}
Also used : DERSequence(com.github.zhenwei.core.asn1.DERSequence) DERTaggedObject(com.github.zhenwei.core.asn1.DERTaggedObject) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)

Aggregations

IOException (java.io.IOException)44 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)34 DERSequence (com.github.zhenwei.core.asn1.DERSequence)29 DERBitString (com.github.zhenwei.core.asn1.DERBitString)21 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)20 OutputStream (java.io.OutputStream)20 SignatureException (java.security.SignatureException)20 GeneralSecurityException (java.security.GeneralSecurityException)15 Signature (java.security.Signature)15 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)14 DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)14 InvalidKeyException (java.security.InvalidKeyException)13 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)13 Iterator (java.util.Iterator)13 OperatorCreationException (com.github.zhenwei.pkix.operator.OperatorCreationException)11 CertificateEncodingException (java.security.cert.CertificateEncodingException)11 NoSuchProviderException (java.security.NoSuchProviderException)10 ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)9 ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)9 List (java.util.List)9