Search in sources :

Example 56 with ASN1Integer

use of com.mindbright.asn1.ASN1Integer in project attestation by TokenScript.

the class UseTicketTest method testNegativeAttestation.

@Test
public void testNegativeAttestation() throws Exception {
    Attestation att = attestedTicket.getAtt().getUnsignedAttestation();
    Field field = att.getClass().getSuperclass().getDeclaredField("version");
    field.setAccessible(true);
    // Invalid version for Identifier Attestation along with failing signature
    field.set(att, new ASN1Integer(19));
    // Only correctly formed Identifier Attestations are allowed
    assertFalse(att.checkValidity());
    assertFalse(attestedTicket.checkValidity());
    // Verification should also fail since signature is now invalid
    assertFalse(attestedTicket.getAtt().verify());
    assertFalse(attestedTicket.verify());
}
Also used : Field(java.lang.reflect.Field) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) SignedIdentifierAttestation(org.tokenscript.attestation.SignedIdentifierAttestation) IdentifierAttestation(org.tokenscript.attestation.IdentifierAttestation) Attestation(org.tokenscript.attestation.Attestation) Test(org.junit.jupiter.api.Test) HelperTest(org.tokenscript.attestation.HelperTest)

Example 57 with ASN1Integer

use of com.mindbright.asn1.ASN1Integer in project attestation by TokenScript.

the class Attestor method constructAttestations.

/**
 * Constructs a list of X509 attestations to each of the relevant DatasourceName lists of elements
 * in the response json.
 *
 * @param request Json request in a Sring - verification request that was sent to Trulioo Global Gateway†
 * @param verifyRecord Json object of the Record in verifyResponse, from Trulioo Global Gateway‡
 * @param signature DER encoded signature of exactly the json request string encoded as UTF-8 using a Secp256k1 key with Keccak
 * @param userPK user's public key (SubjectPublicKeyInfo object)
 * @return List of DER encoded x509 attestations
 *
 * † An example can be found https://developer.trulioo.com/docs/identity-verification-step-6-verify
 * ‡ Observe the "Record" in https://developer.trulioo.com/docs/identity-verification-verify-response
 */
public List<X509CertificateHolder> constructAttestations(String request, JSONObject verifyRecord, byte[] signature, AsymmetricKeyParameter userPK) {
    if (!SignatureUtil.verifySha256(request.getBytes(StandardCharsets.UTF_8), signature, userPK)) {
        throw ExceptionUtil.throwException(logger, new IllegalArgumentException("Request signature verification failed. " + "Make sure that your message is unaltered, signature is created by hashing the message with SHA256" + "and using a key of secp256k1 type."));
    }
    List<X509CertificateHolder> res = new ArrayList<>();
    Parser parser = new Parser(new JSONObject(request), verifyRecord);
    Map<String, X500Name> subjectNames = parser.getX500Names();
    Map<String, Extensions> subjectExtensions = parser.getExtensions();
    for (String currentAttName : subjectNames.keySet()) {
        try {
            long time = System.currentTimeMillis();
            V3TBSCertificateGenerator certBuilder = new V3TBSCertificateGenerator();
            certBuilder.setSignature(serverSigningAlgo);
            certBuilder.setIssuer(serverInfo);
            certBuilder.setSerialNumber(new ASN1Integer(time));
            certBuilder.setStartDate(new Time(new Date(time)));
            certBuilder.setEndDate(new Time(new Date(time + lifeTime)));
            SubjectPublicKeyInfo spki = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(userPK);
            // // todo hack to create a valid spki without ECNamedParameters
            // spki = new SubjectPublicKeyInfo(new AlgorithmIdentifier(new ASN1ObjectIdentifier(OID_ECDSA)),
            // spki.getPublicKeyData());
            certBuilder.setSubjectPublicKeyInfo(spki);
            certBuilder.setSubject(subjectNames.get(currentAttName));
            certBuilder.setExtensions(subjectExtensions.get(currentAttName));
            TBSCertificate tbsCert = certBuilder.generateTBSCertificate();
            res.add(new X509CertificateHolder(constructSignedAttestation(tbsCert)));
            // To ensure that we get a new serial number for every cert
            Thread.sleep(1);
        } catch (IOException e) {
            throw ExceptionUtil.makeRuntimeException(logger, "Could not parse server key", e);
        } catch (InterruptedException e) {
            throw ExceptionUtil.makeRuntimeException(logger, "Could not sleep", e);
        }
    }
    return res;
}
Also used : ArrayList(java.util.ArrayList) Time(org.bouncycastle.asn1.x509.Time) DERBitString(org.bouncycastle.asn1.DERBitString) X500Name(org.bouncycastle.asn1.x500.X500Name) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) Extensions(org.bouncycastle.asn1.x509.Extensions) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) JSONObject(org.json.JSONObject) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) V3TBSCertificateGenerator(org.bouncycastle.asn1.x509.V3TBSCertificateGenerator) TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)

Example 58 with ASN1Integer

use of com.mindbright.asn1.ASN1Integer in project attestation by TokenScript.

the class SignatureUtil method signHashed.

static byte[] signHashed(byte[] digest, AsymmetricKeyParameter key) {
    try {
        ECDSASigner signer = new ECDSASigner();
        signer.init(true, key);
        BigInteger[] signature = signer.generateSignature(digest);
        // Normalize number s
        BigInteger half_curve = ((ECKeyParameters) key).getParameters().getCurve().getOrder().shiftRight(1);
        if (signature[1].compareTo(half_curve) > 0) {
            signature[1] = ((ECKeyParameters) key).getParameters().getN().subtract(signature[1]);
        }
        ASN1EncodableVector asn1 = new ASN1EncodableVector();
        asn1.add(new ASN1Integer(signature[0]));
        asn1.add(new ASN1Integer(signature[1]));
        return new DERSequence(asn1).getEncoded();
    } catch (Exception e) {
        throw ExceptionUtil.makeRuntimeException(logger, "Could not construct signature", e);
    }
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) ECDSASigner(org.bouncycastle.crypto.signers.ECDSASigner) BigInteger(java.math.BigInteger) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1Integer(org.bouncycastle.asn1.ASN1Integer)

Example 59 with ASN1Integer

use of com.mindbright.asn1.ASN1Integer in project attestation by TokenScript.

the class SignedNFTAttestation method constructSignedAttestation.

static byte[] constructSignedAttestation(NFTAttestation unsignedAtt, int signingVersion, byte[] signature) {
    try {
        byte[] rawAtt = unsignedAtt.getDerEncoding();
        ASN1EncodableVector res = new ASN1EncodableVector();
        res.add(ASN1Primitive.fromByteArray(rawAtt));
        // Only include version number if it is greater than 1
        if (signingVersion > 1) {
            res.add(new ASN1Integer(signingVersion));
        }
        res.add(unsignedAtt.getSigningAlgorithm());
        res.add(new DERBitString(signature));
        return new DERSequence(res).getEncoded();
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException)

Example 60 with ASN1Integer

use of com.mindbright.asn1.ASN1Integer in project attestation by TokenScript.

the class LisconTicket method makeTicket.

@Override
ASN1Sequence makeTicket() {
    ASN1EncodableVector ticket = new ASN1EncodableVector();
    ticket.add(new DERUTF8String(getDevconId()));
    ticket.add(new ASN1Integer(getTicketId()));
    ticket.add(new ASN1Integer(getTicketClass()));
    return new DERSequence(ticket);
}
Also used : DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERSequence(org.bouncycastle.asn1.DERSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1Integer(org.bouncycastle.asn1.ASN1Integer)

Aggregations

ASN1Integer (org.bouncycastle.asn1.ASN1Integer)213 ASN1Integer (com.unboundid.asn1.ASN1Integer)96 ASN1Sequence (com.unboundid.asn1.ASN1Sequence)94 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)91 IOException (java.io.IOException)89 DERSequence (org.bouncycastle.asn1.DERSequence)89 ASN1Integer (com.github.zhenwei.core.asn1.ASN1Integer)86 BigInteger (java.math.BigInteger)86 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)80 ASN1Element (com.unboundid.asn1.ASN1Element)69 Test (org.testng.annotations.Test)63 ArrayList (java.util.ArrayList)50 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)49 DERSequence (com.github.zhenwei.core.asn1.DERSequence)47 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)47 DEROctetString (org.bouncycastle.asn1.DEROctetString)38 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)35 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)28 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)27 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)27