use of com.unboundid.asn1.ASN1BitString in project attestation by TokenScript.
the class SignatureUtility method restoreDefaultKey.
/**
* Extract any public key from its DER encoded BITString and AlgorithmIdentifier
* @param input
* @return
*/
public static AsymmetricKeyParameter restoreDefaultKey(AlgorithmIdentifier identifier, byte[] input) throws IOException {
ASN1BitString keyEnc = DERBitString.getInstance(input);
ASN1Sequence spkiEnc = new DERSequence(new ASN1Encodable[] { identifier, keyEnc });
return restoreKeyFromSPKI(spkiEnc.getEncoded());
}
use of com.unboundid.asn1.ASN1BitString in project candlepin by candlepin.
the class X509CRLStreamWriter method write.
/**
* Write a modified CRL to the given output stream. This method will add each entry provided
* via the add() method.
*
* @param out OutputStream to write to
* @throws IOException if something goes wrong
*/
public void write(OutputStream out) throws IOException {
if (!locked || !preScanned) {
throw new IllegalStateException("The instance must be preScanned and locked before writing.");
}
if (emptyCrl) {
/* An empty CRL is going to be missing the revokedCertificates sequence
* and would require a lot of special casing during the streaming process.
* Instead, it is easier to construct the CRL in the normal fashion using
* BouncyCastle. Performance should be acceptable as long as the number of
* CRL entries being added are reasonable in number. Something less than a
* thousand or so should yield adequate performance.
*/
writeToEmptyCrl(out);
return;
}
originalLength = handleHeader(out);
int tag;
int tagNo;
int length;
while (originalLength > count.get()) {
tag = readTag(crlIn, count);
tagNo = readTagNumber(crlIn, tag, count);
length = readLength(crlIn, count);
byte[] entryBytes = new byte[length];
readFullyAndTrack(crlIn, entryBytes, count);
// We only need the serial number and not the rest of the stuff in the entry
ASN1Integer serial = (ASN1Integer) new ASN1InputStream(entryBytes).readObject();
if (deletedEntriesLength == 0 || !deletedEntries.contains(serial.getValue())) {
writeTag(out, tag, tagNo, signer);
writeLength(out, length, signer);
writeValue(out, entryBytes, signer);
}
}
// Write the new entries into the new CRL
for (ASN1Sequence entry : newEntries) {
writeBytes(out, entry.getEncoded(), signer);
}
// Copy the old extensions over
if (newExtensions != null) {
out.write(newExtensions);
signer.getOutputStream().write(newExtensions, 0, newExtensions.length);
}
out.write(signingAlg.getEncoded());
try {
byte[] signature = signer.getSignature();
ASN1BitString signatureBits = new DERBitString(signature);
out.write(signatureBits.getEncoded());
} catch (DataLengthException e) {
throw new IOException("Could not sign", e);
}
}
use of com.unboundid.asn1.ASN1BitString in project keystore-explorer by kaikramer.
the class DKeyUsage method prepopulateWithValue.
private void prepopulateWithValue(byte[] value) throws IOException {
try (ASN1InputStream asn1InputStream = new ASN1InputStream(value)) {
ASN1BitString keyUsage = ASN1BitString.getInstance(asn1InputStream.readObject());
int keyUsageValue = keyUsage.intValue();
jcbDigitalSignature.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.digitalSignature));
jcbNonRepudiation.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.nonRepudiation));
jcbKeyEncipherment.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.keyEncipherment));
jcbDataEncipherment.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.dataEncipherment));
jcbKeyAgreement.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.keyAgreement));
jcbCertificateSigning.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.keyCertSign));
jcbCrlSign.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.cRLSign));
jcbEncipherOnly.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.encipherOnly));
jcbDecipherOnly.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.decipherOnly));
}
}
use of com.unboundid.asn1.ASN1BitString in project keystore-explorer by kaikramer.
the class X509Ext method getKeyUsageStringValue.
private static String getKeyUsageStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1),
* keyEncipherment (2), dataEncipherment (3), keyAgreement (4),
* keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) }
*/
// @formatter:on
ASN1BitString keyUsage = ASN1BitString.getInstance(ASN1Primitive.fromByteArray(value));
int keyUsages = keyUsage.intValue();
StringBuilder sb = new StringBuilder();
if (hasKeyUsage(keyUsages, KeyUsage.digitalSignature)) {
sb.append(res.getString("DigitalSignatureKeyUsage"));
sb.append(NEWLINE);
}
if (hasKeyUsage(keyUsages, KeyUsage.nonRepudiation)) {
sb.append(res.getString("NonRepudiationKeyUsage"));
sb.append(NEWLINE);
}
if (hasKeyUsage(keyUsages, KeyUsage.keyEncipherment)) {
sb.append(res.getString("KeyEnciphermentKeyUsage"));
sb.append(NEWLINE);
}
if (hasKeyUsage(keyUsages, KeyUsage.dataEncipherment)) {
sb.append(res.getString("DataEnciphermentKeyUsage"));
sb.append(NEWLINE);
}
if (hasKeyUsage(keyUsages, KeyUsage.keyAgreement)) {
sb.append(res.getString("KeyAgreementKeyUsage"));
sb.append(NEWLINE);
}
if (hasKeyUsage(keyUsages, KeyUsage.keyCertSign)) {
sb.append(res.getString("KeyCertSignKeyUsage"));
sb.append(NEWLINE);
}
if (hasKeyUsage(keyUsages, KeyUsage.cRLSign)) {
sb.append(res.getString("CrlSignKeyUsage"));
sb.append(NEWLINE);
}
if (hasKeyUsage(keyUsages, KeyUsage.encipherOnly)) {
sb.append(res.getString("EncipherOnlyKeyUsage"));
sb.append(NEWLINE);
}
if (hasKeyUsage(keyUsages, KeyUsage.decipherOnly)) {
sb.append(res.getString("DecipherOnlyKeyUsage"));
sb.append(NEWLINE);
}
return sb.toString();
}
use of com.unboundid.asn1.ASN1BitString in project keystore-explorer by kaikramer.
the class X509Ext method getNetscapeCertificateTypeStringValue.
private static String getNetscapeCertificateTypeStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* NetscapeCertType ::= BIT STRING { sslClient (0), sslServer (1), smime
* (2), objectSigning (3), reserved (4), sslCA (5), smimeCA (6),
* objectSigningCA (7) }
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
// we have a ByteArrayInputStream here which does not need to be closed
@SuppressWarnings("resource") ASN1BitString netscapeCertType = ASN1BitString.getInstance(new ASN1InputStream(value).readObject());
int netscapeCertTypes = netscapeCertType.intValue();
if (isCertType(netscapeCertTypes, NetscapeCertType.sslClient)) {
sb.append(res.getString("SslClientNetscapeCertificateType"));
sb.append(NEWLINE);
}
if (isCertType(netscapeCertTypes, NetscapeCertType.sslServer)) {
sb.append(res.getString("SslServerNetscapeCertificateType"));
sb.append(NEWLINE);
}
if (isCertType(netscapeCertTypes, NetscapeCertType.smime)) {
sb.append(res.getString("SmimeNetscapeCertificateType"));
sb.append(NEWLINE);
}
if (isCertType(netscapeCertTypes, NetscapeCertType.objectSigning)) {
sb.append(res.getString("ObjectSigningNetscapeCertificateType"));
sb.append(NEWLINE);
}
if (isCertType(netscapeCertTypes, NetscapeCertType.reserved)) {
sb.append(res.getString("ReservedNetscapeCertificateType"));
sb.append(NEWLINE);
}
if (isCertType(netscapeCertTypes, NetscapeCertType.sslCA)) {
sb.append(res.getString("SslCaNetscapeCertificateType"));
sb.append(NEWLINE);
}
if (isCertType(netscapeCertTypes, NetscapeCertType.smimeCA)) {
sb.append(res.getString("SmimeCaNetscapeCertificateType"));
sb.append(NEWLINE);
}
if (isCertType(netscapeCertTypes, NetscapeCertType.objectSigningCA)) {
sb.append(res.getString("ObjectSigningCaNetscapeCertificateType"));
sb.append(NEWLINE);
}
return sb.toString();
}
Aggregations