Examples with ASN1BigInteger com.unboundid.asn1.ASN1BigInteger used on opensource projects

Example 6 with ASN1BigInteger

use of com.unboundid.asn1.ASN1BigInteger in project ldapsdk by pingidentity.

the class RSAPrivateKeyTestCase method testDecodeKeyInvalidVersion.

/**
 * Tests the behavior when trying to decode a private key with an invalid
 * version.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test(expectedExceptions = { CertException.class })
public void testDecodeKeyInvalidVersion() throws Exception {
    final ASN1Sequence pkSequence = new ASN1Sequence(new ASN1Integer(123), new ASN1BigInteger(BigInteger.ONE), new ASN1BigInteger(BigInteger.ONE), new ASN1BigInteger(BigInteger.ONE), new ASN1BigInteger(BigInteger.ONE), new ASN1BigInteger(BigInteger.ONE), new ASN1BigInteger(BigInteger.ONE), new ASN1BigInteger(BigInteger.ONE), new ASN1BigInteger(BigInteger.ONE));
    new RSAPrivateKey(new ASN1OctetString(pkSequence.encode()));
}

Example 7 with ASN1BigInteger

use of com.unboundid.asn1.ASN1BigInteger in project ldapsdk by pingidentity.

the class X509CertificateTestCase method testDecodeMalformedSubjectDN.

/**
 * Tests the behavior when trying to decode a certificate with a malformed
 * subject DN.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test(expectedExceptions = { CertException.class })
public void testDecodeMalformedSubjectDN() throws Exception {
    final long notBefore = System.currentTimeMillis();
    final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
    final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1GeneralizedTime(notBefore), new ASN1GeneralizedTime(notAfter)), new ASN1OctetString("malformed subject DN"), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]))), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
    new X509Certificate(valueSequence.encode());
}

Example 8 with ASN1BigInteger

use of com.unboundid.asn1.ASN1BigInteger in project ldapsdk by pingidentity.

the class X509CertificateTestCase method testDecodeSignatureAlgorithmMismatch.

/**
 * Tests the behavior when trying to decode a certificate with a mismatch in
 * the signature algorithm between the TBSCertificate and Certificate
 * sequences.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test(expectedExceptions = { CertException.class })
public void testDecodeSignatureAlgorithmMismatch() throws Exception {
    final long notBefore = System.currentTimeMillis();
    final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
    final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1GeneralizedTime(notBefore), new ASN1GeneralizedTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]))), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1OctetString());
    new X509Certificate(valueSequence.encode());
}

Example 9 with ASN1BigInteger

use of com.unboundid.asn1.ASN1BigInteger in project ldapsdk by pingidentity.

the class X509CertificateTestCase method testDecodeSignatureAlgorithmElementNotSequence.

/**
 * Tests the behavior when trying to decode a certificate with a signature
 * algorithm element that is not a valid sequence.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test(expectedExceptions = { CertException.class })
public void testDecodeSignatureAlgorithmElementNotSequence() throws Exception {
    final long notBefore = System.currentTimeMillis();
    final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
    final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1OctetString("not a valid sequence"), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1UTCTime(notBefore), new ASN1UTCTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]))), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
    new X509Certificate(valueSequence.encode());
}

Example 10 with ASN1BigInteger

use of com.unboundid.asn1.ASN1BigInteger in project ldapsdk by pingidentity.

the class X509Certificate method generateSignature.

/**
 * Generates a signature for the certificate with the provided information.
 *
 * @param  signatureAlgorithm            The signature algorithm to use to
 *                                       generate the signature.  This must
 *                                       not be {@code null}.
 * @param  privateKey                    The private key to use to sign the
 *                                       certificate.  This must not be
 *                                       {@code null}.
 * @param  serialNumber                  The serial number for the
 *                                       certificate.  This must not be
 *                                       {@code null}.
 * @param  issuerDN                      The issuer DN for the certificate.
 *                                       This must not be {@code null}.
 * @param  notBefore                     The validity start time for the
 *                                       certificate.
 * @param  notAfter                      The validity end time for the
 *                                       certificate.
 * @param  subjectDN                     The subject DN for the certificate.
 *                                       This must not be {@code null}.
 * @param  publicKeyAlgorithmOID         The OID for the public key algorithm.
 *                                       This must not be {@code null}.
 * @param  publicKeyAlgorithmParameters  The encoded public key algorithm
 *                                       parameters.  This may be
 *                                       {@code null} if no parameters are
 *                                       needed.
 * @param  encodedPublicKey              The encoded representation of the
 *                                       public key.  This must not be
 *                                       {@code null}.
 * @param  extensions                    The set of extensions to include in
 *                                       the certificate.  This must not be
 *                                       {@code null} but may be empty.
 *
 * @return  An encoded representation of the generated signature.
 *
 * @throws  CertException  If a problem is encountered while generating the
 *                         certificate.
 */
@NotNull()
private static ASN1BitString generateSignature(@NotNull final SignatureAlgorithmIdentifier signatureAlgorithm, @NotNull final PrivateKey privateKey, @NotNull final BigInteger serialNumber, @NotNull final DN issuerDN, final long notBefore, final long notAfter, @NotNull final DN subjectDN, @NotNull final OID publicKeyAlgorithmOID, @Nullable final ASN1Element publicKeyAlgorithmParameters, @NotNull final ASN1BitString encodedPublicKey, @NotNull final X509CertificateExtension... extensions) throws CertException {
    // Get and initialize the signature generator.
    final Signature signature;
    try {
        signature = CryptoHelper.getSignature(signatureAlgorithm.getJavaName());
    } catch (final Exception e) {
        Debug.debugException(e);
        throw new CertException(ERR_CERT_GEN_SIGNATURE_CANNOT_GET_SIGNATURE_GENERATOR.get(signatureAlgorithm.getJavaName(), StaticUtils.getExceptionMessage(e)), e);
    }
    try {
        signature.initSign(privateKey);
    } catch (final Exception e) {
        Debug.debugException(e);
        throw new CertException(ERR_CERT_GEN_SIGNATURE_CANNOT_INIT_SIGNATURE_GENERATOR.get(signatureAlgorithm.getJavaName(), StaticUtils.getExceptionMessage(e)), e);
    }
    // signature.
    try {
        final ArrayList<ASN1Element> tbsCertificateElements = new ArrayList<>(8);
        tbsCertificateElements.add(new ASN1Element(TYPE_EXPLICIT_VERSION, new ASN1Integer(X509CertificateVersion.V3.getIntValue()).encode()));
        tbsCertificateElements.add(new ASN1BigInteger(serialNumber));
        tbsCertificateElements.add(new ASN1Sequence(new ASN1ObjectIdentifier(signatureAlgorithm.getOID())));
        tbsCertificateElements.add(encodeName(issuerDN));
        tbsCertificateElements.add(encodeValiditySequence(notBefore, notAfter));
        tbsCertificateElements.add(encodeName(subjectDN));
        if (publicKeyAlgorithmParameters == null) {
            tbsCertificateElements.add(new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(publicKeyAlgorithmOID)), encodedPublicKey));
        } else {
            tbsCertificateElements.add(new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(publicKeyAlgorithmOID), publicKeyAlgorithmParameters), encodedPublicKey));
        }
        final ArrayList<ASN1Element> extensionElements = new ArrayList<>(extensions.length);
        for (final X509CertificateExtension e : extensions) {
            extensionElements.add(e.encode());
        }
        tbsCertificateElements.add(new ASN1Element(TYPE_EXPLICIT_EXTENSIONS, new ASN1Sequence(extensionElements).encode()));
        final byte[] tbsCertificateBytes = new ASN1Sequence(tbsCertificateElements).encode();
        signature.update(tbsCertificateBytes);
        final byte[] signatureBytes = signature.sign();
        return new ASN1BitString(ASN1BitString.getBitsForBytes(signatureBytes));
    } catch (final Exception e) {
        Debug.debugException(e);
        throw new CertException(ERR_CERT_GEN_SIGNATURE_CANNOT_COMPUTE.get(signatureAlgorithm.getJavaName(), StaticUtils.getExceptionMessage(e)), e);
    }
}