use of com.mindbright.asn1.ASN1Integer in project attestation by TokenScript.
the class UseTicketTest method testNegativeAttestation.
@Test
public void testNegativeAttestation() throws Exception {
Attestation att = attestedTicket.getAtt().getUnsignedAttestation();
Field field = att.getClass().getSuperclass().getDeclaredField("version");
field.setAccessible(true);
// Invalid version for Identifier Attestation along with failing signature
field.set(att, new ASN1Integer(19));
// Only correctly formed Identifier Attestations are allowed
assertFalse(att.checkValidity());
assertFalse(attestedTicket.checkValidity());
// Verification should also fail since signature is now invalid
assertFalse(attestedTicket.getAtt().verify());
assertFalse(attestedTicket.verify());
}
use of com.mindbright.asn1.ASN1Integer in project attestation by TokenScript.
the class Attestor method constructAttestations.
/**
* Constructs a list of X509 attestations to each of the relevant DatasourceName lists of elements
* in the response json.
*
* @param request Json request in a Sring - verification request that was sent to Trulioo Global Gateway†
* @param verifyRecord Json object of the Record in verifyResponse, from Trulioo Global Gateway‡
* @param signature DER encoded signature of exactly the json request string encoded as UTF-8 using a Secp256k1 key with Keccak
* @param userPK user's public key (SubjectPublicKeyInfo object)
* @return List of DER encoded x509 attestations
*
* † An example can be found https://developer.trulioo.com/docs/identity-verification-step-6-verify
* ‡ Observe the "Record" in https://developer.trulioo.com/docs/identity-verification-verify-response
*/
public List<X509CertificateHolder> constructAttestations(String request, JSONObject verifyRecord, byte[] signature, AsymmetricKeyParameter userPK) {
if (!SignatureUtil.verifySha256(request.getBytes(StandardCharsets.UTF_8), signature, userPK)) {
throw ExceptionUtil.throwException(logger, new IllegalArgumentException("Request signature verification failed. " + "Make sure that your message is unaltered, signature is created by hashing the message with SHA256" + "and using a key of secp256k1 type."));
}
List<X509CertificateHolder> res = new ArrayList<>();
Parser parser = new Parser(new JSONObject(request), verifyRecord);
Map<String, X500Name> subjectNames = parser.getX500Names();
Map<String, Extensions> subjectExtensions = parser.getExtensions();
for (String currentAttName : subjectNames.keySet()) {
try {
long time = System.currentTimeMillis();
V3TBSCertificateGenerator certBuilder = new V3TBSCertificateGenerator();
certBuilder.setSignature(serverSigningAlgo);
certBuilder.setIssuer(serverInfo);
certBuilder.setSerialNumber(new ASN1Integer(time));
certBuilder.setStartDate(new Time(new Date(time)));
certBuilder.setEndDate(new Time(new Date(time + lifeTime)));
SubjectPublicKeyInfo spki = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(userPK);
// // todo hack to create a valid spki without ECNamedParameters
// spki = new SubjectPublicKeyInfo(new AlgorithmIdentifier(new ASN1ObjectIdentifier(OID_ECDSA)),
// spki.getPublicKeyData());
certBuilder.setSubjectPublicKeyInfo(spki);
certBuilder.setSubject(subjectNames.get(currentAttName));
certBuilder.setExtensions(subjectExtensions.get(currentAttName));
TBSCertificate tbsCert = certBuilder.generateTBSCertificate();
res.add(new X509CertificateHolder(constructSignedAttestation(tbsCert)));
// To ensure that we get a new serial number for every cert
Thread.sleep(1);
} catch (IOException e) {
throw ExceptionUtil.makeRuntimeException(logger, "Could not parse server key", e);
} catch (InterruptedException e) {
throw ExceptionUtil.makeRuntimeException(logger, "Could not sleep", e);
}
}
return res;
}
use of com.mindbright.asn1.ASN1Integer in project attestation by TokenScript.
the class SignatureUtil method signHashed.
static byte[] signHashed(byte[] digest, AsymmetricKeyParameter key) {
try {
ECDSASigner signer = new ECDSASigner();
signer.init(true, key);
BigInteger[] signature = signer.generateSignature(digest);
// Normalize number s
BigInteger half_curve = ((ECKeyParameters) key).getParameters().getCurve().getOrder().shiftRight(1);
if (signature[1].compareTo(half_curve) > 0) {
signature[1] = ((ECKeyParameters) key).getParameters().getN().subtract(signature[1]);
}
ASN1EncodableVector asn1 = new ASN1EncodableVector();
asn1.add(new ASN1Integer(signature[0]));
asn1.add(new ASN1Integer(signature[1]));
return new DERSequence(asn1).getEncoded();
} catch (Exception e) {
throw ExceptionUtil.makeRuntimeException(logger, "Could not construct signature", e);
}
}
use of com.mindbright.asn1.ASN1Integer in project attestation by TokenScript.
the class SignedNFTAttestation method constructSignedAttestation.
static byte[] constructSignedAttestation(NFTAttestation unsignedAtt, int signingVersion, byte[] signature) {
try {
byte[] rawAtt = unsignedAtt.getDerEncoding();
ASN1EncodableVector res = new ASN1EncodableVector();
res.add(ASN1Primitive.fromByteArray(rawAtt));
// Only include version number if it is greater than 1
if (signingVersion > 1) {
res.add(new ASN1Integer(signingVersion));
}
res.add(unsignedAtt.getSigningAlgorithm());
res.add(new DERBitString(signature));
return new DERSequence(res).getEncoded();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
use of com.mindbright.asn1.ASN1Integer in project attestation by TokenScript.
the class LisconTicket method makeTicket.
@Override
ASN1Sequence makeTicket() {
ASN1EncodableVector ticket = new ASN1EncodableVector();
ticket.add(new DERUTF8String(getDevconId()));
ticket.add(new ASN1Integer(getTicketId()));
ticket.add(new ASN1Integer(getTicketClass()));
return new DERSequence(ticket);
}
Aggregations