Search in sources :

Example 31 with ContentInfo

use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project LinLong-Java by zhenwei1108.

the class CMSCompressedDataGenerator method generate.

/**
 * generate an object that contains an CMS Compressed Data
 */
public CMSCompressedData generate(CMSTypedData content, OutputCompressor compressor) throws CMSException {
    AlgorithmIdentifier comAlgId;
    ASN1OctetString comOcts;
    try {
        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
        OutputStream zOut = compressor.getOutputStream(bOut);
        content.write(zOut);
        zOut.close();
        comAlgId = compressor.getAlgorithmIdentifier();
        comOcts = new BEROctetString(bOut.toByteArray());
    } catch (IOException e) {
        throw new CMSException("exception encoding data.", e);
    }
    ContentInfo comContent = new ContentInfo(content.getContentType(), comOcts);
    ContentInfo contentInfo = new ContentInfo(CMSObjectIdentifiers.compressedData, new CompressedData(comAlgId, comContent));
    return new CMSCompressedData(contentInfo);
}
Also used : ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString) BEROctetString(com.github.zhenwei.core.asn1.BEROctetString) ContentInfo(com.github.zhenwei.pkix.util.asn1.cms.ContentInfo) OutputStream(java.io.OutputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) CompressedData(com.github.zhenwei.pkix.util.asn1.cms.CompressedData) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)

Example 32 with ContentInfo

use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project LinLong-Java by zhenwei1108.

the class MiscPEMGenerator method createPemObject.

private PemObject createPemObject(Object o) throws IOException {
    String type;
    byte[] encoding;
    if (o instanceof PemObject) {
        return (PemObject) o;
    }
    if (o instanceof PemObjectGenerator) {
        return ((PemObjectGenerator) o).generate();
    }
    if (o instanceof X509CertificateHolder) {
        type = "CERTIFICATE";
        encoding = ((X509CertificateHolder) o).getEncoded();
    } else if (o instanceof X509CRLHolder) {
        type = "X509 CRL";
        encoding = ((X509CRLHolder) o).getEncoded();
    } else if (o instanceof X509TrustedCertificateBlock) {
        type = "TRUSTED CERTIFICATE";
        encoding = ((X509TrustedCertificateBlock) o).getEncoded();
    } else if (o instanceof PrivateKeyInfo) {
        PrivateKeyInfo info = (PrivateKeyInfo) o;
        ASN1ObjectIdentifier algOID = info.getPrivateKeyAlgorithm().getAlgorithm();
        if (algOID.equals(PKCSObjectIdentifiers.rsaEncryption)) {
            type = "RSA PRIVATE KEY";
            encoding = info.parsePrivateKey().toASN1Primitive().getEncoded();
        } else if (algOID.equals(dsaOids[0]) || algOID.equals(dsaOids[1])) {
            type = "DSA PRIVATE KEY";
            DSAParameter p = DSAParameter.getInstance(info.getPrivateKeyAlgorithm().getParameters());
            ASN1EncodableVector v = new ASN1EncodableVector();
            v.add(new ASN1Integer(0));
            v.add(new ASN1Integer(p.getP()));
            v.add(new ASN1Integer(p.getQ()));
            v.add(new ASN1Integer(p.getG()));
            BigInteger x = ASN1Integer.getInstance(info.parsePrivateKey()).getValue();
            BigInteger y = p.getG().modPow(x, p.getP());
            v.add(new ASN1Integer(y));
            v.add(new ASN1Integer(x));
            encoding = new DERSequence(v).getEncoded();
        } else if (algOID.equals(X9ObjectIdentifiers.id_ecPublicKey)) {
            type = "EC PRIVATE KEY";
            encoding = info.parsePrivateKey().toASN1Primitive().getEncoded();
        } else {
            type = "PRIVATE KEY";
            encoding = info.getEncoded();
        }
    } else if (o instanceof SubjectPublicKeyInfo) {
        type = "PUBLIC KEY";
        encoding = ((SubjectPublicKeyInfo) o).getEncoded();
    } else if (o instanceof X509AttributeCertificateHolder) {
        type = "ATTRIBUTE CERTIFICATE";
        encoding = ((X509AttributeCertificateHolder) o).getEncoded();
    } else if (o instanceof com.github.zhenwei.pkix.pkcs.PKCS10CertificationRequest) {
        type = "CERTIFICATE REQUEST";
        encoding = ((PKCS10CertificationRequest) o).getEncoded();
    } else if (o instanceof PKCS8EncryptedPrivateKeyInfo) {
        type = "ENCRYPTED PRIVATE KEY";
        encoding = ((PKCS8EncryptedPrivateKeyInfo) o).getEncoded();
    } else if (o instanceof ContentInfo) {
        type = "PKCS7";
        encoding = ((ContentInfo) o).getEncoded();
    } else {
        throw new PemGenerationException("unknown object passed - can't encode.");
    }
    if (encryptor != null) {
        String dekAlgName = Strings.toUpperCase(encryptor.getAlgorithm());
        // Note: For backward compatibility
        if (dekAlgName.equals("DESEDE")) {
            dekAlgName = "DES-EDE3-CBC";
        }
        byte[] iv = encryptor.getIV();
        byte[] encData = encryptor.encrypt(encoding);
        List headers = new ArrayList(2);
        headers.add(new PemHeader("Proc-Type", "4,ENCRYPTED"));
        headers.add(new PemHeader("DEK-Info", dekAlgName + "," + getHexEncoded(iv)));
        return new PemObject(type, headers, encData);
    }
    return new PemObject(type, encoding);
}
Also used : ArrayList(java.util.ArrayList) SubjectPublicKeyInfo(com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo) PemObjectGenerator(com.github.zhenwei.core.util.io.pem.PemObjectGenerator) DERSequence(com.github.zhenwei.core.asn1.DERSequence) ContentInfo(com.github.zhenwei.pkix.util.asn1.cms.ContentInfo) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) ArrayList(java.util.ArrayList) List(java.util.List) DSAParameter(com.github.zhenwei.core.asn1.x509.DSAParameter) PKCS10CertificationRequest(com.github.zhenwei.pkix.pkcs.PKCS10CertificationRequest) PemGenerationException(com.github.zhenwei.core.util.io.pem.PemGenerationException) X509AttributeCertificateHolder(com.github.zhenwei.pkix.cert.X509AttributeCertificateHolder) ASN1Integer(com.github.zhenwei.core.asn1.ASN1Integer) PKCS8EncryptedPrivateKeyInfo(com.github.zhenwei.pkix.pkcs.PKCS8EncryptedPrivateKeyInfo) PemObject(com.github.zhenwei.core.util.io.pem.PemObject) X509CertificateHolder(com.github.zhenwei.pkix.cert.X509CertificateHolder) X509CRLHolder(com.github.zhenwei.pkix.cert.X509CRLHolder) BigInteger(java.math.BigInteger) PKCS8EncryptedPrivateKeyInfo(com.github.zhenwei.pkix.pkcs.PKCS8EncryptedPrivateKeyInfo) PrivateKeyInfo(com.github.zhenwei.core.asn1.pkcs.PrivateKeyInfo) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) PemHeader(com.github.zhenwei.core.util.io.pem.PemHeader)

Example 33 with ContentInfo

use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project LinLong-Java by zhenwei1108.

the class TSPUtil method getSignatureTimestamps.

/**
 * Fetches the signature time-stamp attributes from a SignerInformation object. Checks that the
 * MessageImprint for each time-stamp matches the signature field. (see RFC 3161 Appendix A).
 *
 * @param signerInfo      a SignerInformation to search for time-stamps
 * @param digCalcProvider provider for digest calculators
 * @return a collection of TimeStampToken objects
 * @throws TSPValidationException
 */
public static Collection getSignatureTimestamps(SignerInformation signerInfo, DigestCalculatorProvider digCalcProvider) throws TSPValidationException {
    List timestamps = new ArrayList();
    AttributeTable unsignedAttrs = signerInfo.getUnsignedAttributes();
    if (unsignedAttrs != null) {
        ASN1EncodableVector allTSAttrs = unsignedAttrs.getAll(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken);
        for (int i = 0; i < allTSAttrs.size(); ++i) {
            Attribute tsAttr = (Attribute) allTSAttrs.get(i);
            ASN1Set tsAttrValues = tsAttr.getAttrValues();
            for (int j = 0; j < tsAttrValues.size(); ++j) {
                try {
                    ContentInfo contentInfo = ContentInfo.getInstance(tsAttrValues.getObjectAt(j));
                    TimeStampToken timeStampToken = new TimeStampToken(contentInfo);
                    TimeStampTokenInfo tstInfo = timeStampToken.getTimeStampInfo();
                    DigestCalculator digCalc = digCalcProvider.get(tstInfo.getHashAlgorithm());
                    OutputStream dOut = digCalc.getOutputStream();
                    dOut.write(signerInfo.getSignature());
                    dOut.close();
                    byte[] expectedDigest = digCalc.getDigest();
                    if (!Arrays.constantTimeAreEqual(expectedDigest, tstInfo.getMessageImprintDigest())) {
                        throw new TSPValidationException("Incorrect digest in message imprint");
                    }
                    timestamps.add(timeStampToken);
                } catch (OperatorCreationException e) {
                    throw new TSPValidationException("Unknown hash algorithm specified in timestamp");
                } catch (Exception e) {
                    throw new TSPValidationException("Timestamp could not be parsed");
                }
            }
        }
    }
    return timestamps;
}
Also used : Attribute(com.github.zhenwei.pkix.util.asn1.cms.Attribute) OutputStream(java.io.OutputStream) ArrayList(java.util.ArrayList) AttributeTable(com.github.zhenwei.pkix.util.asn1.cms.AttributeTable) DigestCalculator(com.github.zhenwei.pkix.operator.DigestCalculator) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) IOException(java.io.IOException) ASN1Set(com.github.zhenwei.core.asn1.ASN1Set) ContentInfo(com.github.zhenwei.pkix.util.asn1.cms.ContentInfo) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) ArrayList(java.util.ArrayList) List(java.util.List) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)

Example 34 with ContentInfo

use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project LinLong-Java by zhenwei1108.

the class TimeStampResponseGenerator method generateGrantedResponse.

/**
 * Return a granted response, if the passed in request passes validation with the passed in status
 * string and extra extensions.
 * <p>
 * If genTime is null a timeNotAvailable or a validation exception occurs a TSPValidationException
 * will be thrown. The parent TSPException will only occur on some sort of system failure.
 * </p>
 *
 * @param request              the request this response is for.
 * @param serialNumber         serial number for the response token.
 * @param genTime              generation time for the response token.
 * @param additionalExtensions extra extensions to be added to the response token.
 * @return the TimeStampResponse with a status of  PKIStatus.GRANTED
 * @throws TSPException on validation exception or internal error.
 */
public TimeStampResponse generateGrantedResponse(TimeStampRequest request, BigInteger serialNumber, Date genTime, String statusString, Extensions additionalExtensions) throws TSPException {
    if (genTime == null) {
        throw new TSPValidationException("The time source is not available.", PKIFailureInfo.timeNotAvailable);
    }
    request.validate(acceptedAlgorithms, acceptedPolicies, acceptedExtensions);
    status = PKIStatus.GRANTED;
    statusStrings = new ASN1EncodableVector();
    if (statusString != null) {
        this.addStatusString(statusString);
    }
    PKIStatusInfo pkiStatusInfo = getPKIStatusInfo();
    ContentInfo tstTokenContentInfo;
    try {
        tstTokenContentInfo = tokenGenerator.generate(request, serialNumber, genTime, additionalExtensions).toCMSSignedData().toASN1Structure();
    } catch (TSPException e) {
        throw e;
    } catch (Exception e) {
        throw new TSPException("Timestamp token received cannot be converted to ContentInfo", e);
    }
    try {
        return new TimeStampResponse(new DLSequence(new ASN1Encodable[] { pkiStatusInfo.toASN1Primitive(), tstTokenContentInfo.toASN1Primitive() }));
    } catch (IOException e) {
        throw new TSPException("created badly formatted response!");
    }
}
Also used : DLSequence(com.github.zhenwei.core.asn1.DLSequence) ContentInfo(com.github.zhenwei.pkix.util.asn1.cms.ContentInfo) PKIStatusInfo(com.github.zhenwei.pkix.util.asn1.cmp.PKIStatusInfo) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) ASN1Encodable(com.github.zhenwei.core.asn1.ASN1Encodable) IOException(java.io.IOException) IOException(java.io.IOException)

Example 35 with ContentInfo

use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project LinLong-Java by zhenwei1108.

the class CMSTimeStampedDataGenerator method generate.

public CMSTimeStampedData generate(TimeStampToken timeStamp, InputStream content) throws CMSException {
    ByteArrayOutputStream contentOut = new ByteArrayOutputStream();
    if (content != null) {
        try {
            Streams.pipeAll(content, contentOut);
        } catch (IOException e) {
            throw new CMSException("exception encapsulating content: " + e.getMessage(), e);
        }
    }
    ASN1OctetString encContent = null;
    if (contentOut.size() != 0) {
        encContent = new BEROctetString(contentOut.toByteArray());
    }
    TimeStampAndCRL stamp = new TimeStampAndCRL(timeStamp.toCMSSignedData().toASN1Structure());
    ASN1IA5String asn1DataUri = null;
    if (dataUri != null) {
        asn1DataUri = new DERIA5String(dataUri.toString());
    }
    return new CMSTimeStampedData(new ContentInfo(CMSObjectIdentifiers.timestampedData, new TimeStampedData(asn1DataUri, metaData, encContent, new Evidence(new TimeStampTokenEvidence(stamp)))));
}
Also used : ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) TimeStampAndCRL(com.github.zhenwei.pkix.util.asn1.cms.TimeStampAndCRL) TimeStampTokenEvidence(com.github.zhenwei.pkix.util.asn1.cms.TimeStampTokenEvidence) DERIA5String(com.github.zhenwei.core.asn1.DERIA5String) BEROctetString(com.github.zhenwei.core.asn1.BEROctetString) ContentInfo(com.github.zhenwei.pkix.util.asn1.cms.ContentInfo) ASN1IA5String(com.github.zhenwei.core.asn1.ASN1IA5String) TimeStampedData(com.github.zhenwei.pkix.util.asn1.cms.TimeStampedData) TimeStampTokenEvidence(com.github.zhenwei.pkix.util.asn1.cms.TimeStampTokenEvidence) Evidence(com.github.zhenwei.pkix.util.asn1.cms.Evidence) CMSException(com.github.zhenwei.pkix.cms.CMSException)

Aggregations

ContentInfo (org.bouncycastle.asn1.cms.ContentInfo)60 IOException (java.io.IOException)28 CMSSignedData (org.bouncycastle.cms.CMSSignedData)22 ContentInfo (com.github.zhenwei.pkix.util.asn1.cms.ContentInfo)18 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)15 OutputStream (java.io.OutputStream)12 X509Certificate (java.security.cert.X509Certificate)12 ArrayList (java.util.ArrayList)12 SignedData (org.bouncycastle.asn1.cms.SignedData)12 Iterator (java.util.Iterator)11 ASN1Set (org.bouncycastle.asn1.ASN1Set)11 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)10 ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)10 ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)9 ByteArrayInputStream (java.io.ByteArrayInputStream)9 ByteArrayOutputStream (java.io.ByteArrayOutputStream)9 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)9 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)9 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)9 DERSet (org.bouncycastle.asn1.DERSet)9