Examples with ASN1Integer com.mindbright.asn1.ASN1Integer used on opensource projects

Example 56 with ASN1Integer

use of com.mindbright.asn1.ASN1Integer in project attestation by TokenScript.

the class UseTicketTest method testNegativeAttestation.

@Test
public void testNegativeAttestation() throws Exception {
    Attestation att = attestedTicket.getAtt().getUnsignedAttestation();
    Field field = att.getClass().getSuperclass().getDeclaredField("version");
    field.setAccessible(true);
    // Invalid version for Identifier Attestation along with failing signature
    field.set(att, new ASN1Integer(19));
    // Only correctly formed Identifier Attestations are allowed
    assertFalse(att.checkValidity());
    assertFalse(attestedTicket.checkValidity());
    // Verification should also fail since signature is now invalid
    assertFalse(attestedTicket.getAtt().verify());
    assertFalse(attestedTicket.verify());
}

Example 57 with ASN1Integer

use of com.mindbright.asn1.ASN1Integer in project attestation by TokenScript.

the class Attestor method constructAttestations.

/**
 * Constructs a list of X509 attestations to each of the relevant DatasourceName lists of elements
 * in the response json.
 *
 * @param request Json request in a Sring - verification request that was sent to Trulioo Global Gateway†
 * @param verifyRecord Json object of the Record in verifyResponse, from Trulioo Global Gateway‡
 * @param signature DER encoded signature of exactly the json request string encoded as UTF-8 using a Secp256k1 key with Keccak
 * @param userPK user's public key (SubjectPublicKeyInfo object)
 * @return List of DER encoded x509 attestations
 *
 * † An example can be found https://developer.trulioo.com/docs/identity-verification-step-6-verify
 * ‡ Observe the "Record" in https://developer.trulioo.com/docs/identity-verification-verify-response
 */
public List<X509CertificateHolder> constructAttestations(String request, JSONObject verifyRecord, byte[] signature, AsymmetricKeyParameter userPK) {
    if (!SignatureUtil.verifySha256(request.getBytes(StandardCharsets.UTF_8), signature, userPK)) {
        throw ExceptionUtil.throwException(logger, new IllegalArgumentException("Request signature verification failed. " + "Make sure that your message is unaltered, signature is created by hashing the message with SHA256" + "and using a key of secp256k1 type."));
    }
    List<X509CertificateHolder> res = new ArrayList<>();
    Parser parser = new Parser(new JSONObject(request), verifyRecord);
    Map<String, X500Name> subjectNames = parser.getX500Names();
    Map<String, Extensions> subjectExtensions = parser.getExtensions();
    for (String currentAttName : subjectNames.keySet()) {
        try {
            long time = System.currentTimeMillis();
            V3TBSCertificateGenerator certBuilder = new V3TBSCertificateGenerator();
            certBuilder.setSignature(serverSigningAlgo);
            certBuilder.setIssuer(serverInfo);
            certBuilder.setSerialNumber(new ASN1Integer(time));
            certBuilder.setStartDate(new Time(new Date(time)));
            certBuilder.setEndDate(new Time(new Date(time + lifeTime)));
            SubjectPublicKeyInfo spki = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(userPK);
            // // todo hack to create a valid spki without ECNamedParameters
            // spki = new SubjectPublicKeyInfo(new AlgorithmIdentifier(new ASN1ObjectIdentifier(OID_ECDSA)),
            // spki.getPublicKeyData());
            certBuilder.setSubjectPublicKeyInfo(spki);
            certBuilder.setSubject(subjectNames.get(currentAttName));
            certBuilder.setExtensions(subjectExtensions.get(currentAttName));
            TBSCertificate tbsCert = certBuilder.generateTBSCertificate();
            res.add(new X509CertificateHolder(constructSignedAttestation(tbsCert)));
            // To ensure that we get a new serial number for every cert
            Thread.sleep(1);
        } catch (IOException e) {
            throw ExceptionUtil.makeRuntimeException(logger, "Could not parse server key", e);
        } catch (InterruptedException e) {
            throw ExceptionUtil.makeRuntimeException(logger, "Could not sleep", e);
        }
    }
    return res;
}

Example 58 with ASN1Integer

use of com.mindbright.asn1.ASN1Integer in project attestation by TokenScript.

the class SignatureUtil method signHashed.

static byte[] signHashed(byte[] digest, AsymmetricKeyParameter key) {
    try {
        ECDSASigner signer = new ECDSASigner();
        signer.init(true, key);
        BigInteger[] signature = signer.generateSignature(digest);
        // Normalize number s
        BigInteger half_curve = ((ECKeyParameters) key).getParameters().getCurve().getOrder().shiftRight(1);
        if (signature[1].compareTo(half_curve) > 0) {
            signature[1] = ((ECKeyParameters) key).getParameters().getN().subtract(signature[1]);
        }
        ASN1EncodableVector asn1 = new ASN1EncodableVector();
        asn1.add(new ASN1Integer(signature[0]));
        asn1.add(new ASN1Integer(signature[1]));
        return new DERSequence(asn1).getEncoded();
    } catch (Exception e) {
        throw ExceptionUtil.makeRuntimeException(logger, "Could not construct signature", e);
    }
}

Example 59 with ASN1Integer

use of com.mindbright.asn1.ASN1Integer in project attestation by TokenScript.

the class SignedNFTAttestation method constructSignedAttestation.

static byte[] constructSignedAttestation(NFTAttestation unsignedAtt, int signingVersion, byte[] signature) {
    try {
        byte[] rawAtt = unsignedAtt.getDerEncoding();
        ASN1EncodableVector res = new ASN1EncodableVector();
        res.add(ASN1Primitive.fromByteArray(rawAtt));
        // Only include version number if it is greater than 1
        if (signingVersion > 1) {
            res.add(new ASN1Integer(signingVersion));
        }
        res.add(unsignedAtt.getSigningAlgorithm());
        res.add(new DERBitString(signature));
        return new DERSequence(res).getEncoded();
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}

Example 60 with ASN1Integer

use of com.mindbright.asn1.ASN1Integer in project attestation by TokenScript.

the class LisconTicket method makeTicket.

@Override
ASN1Sequence makeTicket() {
    ASN1EncodableVector ticket = new ASN1EncodableVector();
    ticket.add(new DERUTF8String(getDevconId()));
    ticket.add(new ASN1Integer(getTicketId()));
    ticket.add(new ASN1Integer(getTicketClass()));
    return new DERSequence(ticket);
}