Search in sources :

Example 46 with ASN1BitString

use of com.unboundid.asn1.ASN1BitString in project attestation by TokenScript.

the class SignatureUtility method restoreDefaultKey.

/**
 * Extract any public key from its DER encoded BITString and AlgorithmIdentifier
 * @param input
 * @return
 */
public static AsymmetricKeyParameter restoreDefaultKey(AlgorithmIdentifier identifier, byte[] input) throws IOException {
    ASN1BitString keyEnc = DERBitString.getInstance(input);
    ASN1Sequence spkiEnc = new DERSequence(new ASN1Encodable[] { identifier, keyEnc });
    return restoreKeyFromSPKI(spkiEnc.getEncoded());
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERSequence(org.bouncycastle.asn1.DERSequence) ASN1BitString(org.bouncycastle.asn1.ASN1BitString)

Example 47 with ASN1BitString

use of com.unboundid.asn1.ASN1BitString in project candlepin by candlepin.

the class X509CRLStreamWriter method write.

/**
 * Write a modified CRL to the given output stream.  This method will add each entry provided
 * via the add() method.
 *
 * @param out OutputStream to write to
 * @throws IOException if something goes wrong
 */
public void write(OutputStream out) throws IOException {
    if (!locked || !preScanned) {
        throw new IllegalStateException("The instance must be preScanned and locked before writing.");
    }
    if (emptyCrl) {
        /* An empty CRL is going to be missing the revokedCertificates sequence
             * and would require a lot of special casing during the streaming process.
             * Instead, it is easier to construct the CRL in the normal fashion using
             * BouncyCastle.  Performance should be acceptable as long as the number of
             * CRL entries being added are reasonable in number.  Something less than a
             * thousand or so should yield adequate performance.
             */
        writeToEmptyCrl(out);
        return;
    }
    originalLength = handleHeader(out);
    int tag;
    int tagNo;
    int length;
    while (originalLength > count.get()) {
        tag = readTag(crlIn, count);
        tagNo = readTagNumber(crlIn, tag, count);
        length = readLength(crlIn, count);
        byte[] entryBytes = new byte[length];
        readFullyAndTrack(crlIn, entryBytes, count);
        // We only need the serial number and not the rest of the stuff in the entry
        ASN1Integer serial = (ASN1Integer) new ASN1InputStream(entryBytes).readObject();
        if (deletedEntriesLength == 0 || !deletedEntries.contains(serial.getValue())) {
            writeTag(out, tag, tagNo, signer);
            writeLength(out, length, signer);
            writeValue(out, entryBytes, signer);
        }
    }
    // Write the new entries into the new CRL
    for (ASN1Sequence entry : newEntries) {
        writeBytes(out, entry.getEncoded(), signer);
    }
    // Copy the old extensions over
    if (newExtensions != null) {
        out.write(newExtensions);
        signer.getOutputStream().write(newExtensions, 0, newExtensions.length);
    }
    out.write(signingAlg.getEncoded());
    try {
        byte[] signature = signer.getSignature();
        ASN1BitString signatureBits = new DERBitString(signature);
        out.write(signatureBits.getEncoded());
    } catch (DataLengthException e) {
        throw new IOException("Could not sign", e);
    }
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DataLengthException(org.bouncycastle.crypto.DataLengthException) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) ASN1BitString(org.bouncycastle.asn1.ASN1BitString)

Example 48 with ASN1BitString

use of com.unboundid.asn1.ASN1BitString in project keystore-explorer by kaikramer.

the class DKeyUsage method prepopulateWithValue.

private void prepopulateWithValue(byte[] value) throws IOException {
    try (ASN1InputStream asn1InputStream = new ASN1InputStream(value)) {
        ASN1BitString keyUsage = ASN1BitString.getInstance(asn1InputStream.readObject());
        int keyUsageValue = keyUsage.intValue();
        jcbDigitalSignature.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.digitalSignature));
        jcbNonRepudiation.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.nonRepudiation));
        jcbKeyEncipherment.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.keyEncipherment));
        jcbDataEncipherment.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.dataEncipherment));
        jcbKeyAgreement.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.keyAgreement));
        jcbCertificateSigning.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.keyCertSign));
        jcbCrlSign.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.cRLSign));
        jcbEncipherOnly.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.encipherOnly));
        jcbDecipherOnly.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.decipherOnly));
    }
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1BitString(org.bouncycastle.asn1.ASN1BitString)

Example 49 with ASN1BitString

use of com.unboundid.asn1.ASN1BitString in project keystore-explorer by kaikramer.

the class X509Ext method getKeyUsageStringValue.

private static String getKeyUsageStringValue(byte[] value) throws IOException {
    // @formatter:off
    /*
		 * KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1),
		 * keyEncipherment (2), dataEncipherment (3), keyAgreement (4),
		 * keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) }
		 */
    // @formatter:on
    ASN1BitString keyUsage = ASN1BitString.getInstance(ASN1Primitive.fromByteArray(value));
    int keyUsages = keyUsage.intValue();
    StringBuilder sb = new StringBuilder();
    if (hasKeyUsage(keyUsages, KeyUsage.digitalSignature)) {
        sb.append(res.getString("DigitalSignatureKeyUsage"));
        sb.append(NEWLINE);
    }
    if (hasKeyUsage(keyUsages, KeyUsage.nonRepudiation)) {
        sb.append(res.getString("NonRepudiationKeyUsage"));
        sb.append(NEWLINE);
    }
    if (hasKeyUsage(keyUsages, KeyUsage.keyEncipherment)) {
        sb.append(res.getString("KeyEnciphermentKeyUsage"));
        sb.append(NEWLINE);
    }
    if (hasKeyUsage(keyUsages, KeyUsage.dataEncipherment)) {
        sb.append(res.getString("DataEnciphermentKeyUsage"));
        sb.append(NEWLINE);
    }
    if (hasKeyUsage(keyUsages, KeyUsage.keyAgreement)) {
        sb.append(res.getString("KeyAgreementKeyUsage"));
        sb.append(NEWLINE);
    }
    if (hasKeyUsage(keyUsages, KeyUsage.keyCertSign)) {
        sb.append(res.getString("KeyCertSignKeyUsage"));
        sb.append(NEWLINE);
    }
    if (hasKeyUsage(keyUsages, KeyUsage.cRLSign)) {
        sb.append(res.getString("CrlSignKeyUsage"));
        sb.append(NEWLINE);
    }
    if (hasKeyUsage(keyUsages, KeyUsage.encipherOnly)) {
        sb.append(res.getString("EncipherOnlyKeyUsage"));
        sb.append(NEWLINE);
    }
    if (hasKeyUsage(keyUsages, KeyUsage.decipherOnly)) {
        sb.append(res.getString("DecipherOnlyKeyUsage"));
        sb.append(NEWLINE);
    }
    return sb.toString();
}
Also used : ASN1BitString(org.bouncycastle.asn1.ASN1BitString) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)

Example 50 with ASN1BitString

use of com.unboundid.asn1.ASN1BitString in project keystore-explorer by kaikramer.

the class X509Ext method getNetscapeCertificateTypeStringValue.

private static String getNetscapeCertificateTypeStringValue(byte[] value) throws IOException {
    // @formatter:off
    /*
		 * NetscapeCertType ::= BIT STRING { sslClient (0), sslServer (1), smime
		 * (2), objectSigning (3), reserved (4), sslCA (5), smimeCA (6),
		 * objectSigningCA (7) }
		 */
    // @formatter:on
    StringBuilder sb = new StringBuilder();
    // we have a ByteArrayInputStream here which does not need to be closed
    @SuppressWarnings("resource") ASN1BitString netscapeCertType = ASN1BitString.getInstance(new ASN1InputStream(value).readObject());
    int netscapeCertTypes = netscapeCertType.intValue();
    if (isCertType(netscapeCertTypes, NetscapeCertType.sslClient)) {
        sb.append(res.getString("SslClientNetscapeCertificateType"));
        sb.append(NEWLINE);
    }
    if (isCertType(netscapeCertTypes, NetscapeCertType.sslServer)) {
        sb.append(res.getString("SslServerNetscapeCertificateType"));
        sb.append(NEWLINE);
    }
    if (isCertType(netscapeCertTypes, NetscapeCertType.smime)) {
        sb.append(res.getString("SmimeNetscapeCertificateType"));
        sb.append(NEWLINE);
    }
    if (isCertType(netscapeCertTypes, NetscapeCertType.objectSigning)) {
        sb.append(res.getString("ObjectSigningNetscapeCertificateType"));
        sb.append(NEWLINE);
    }
    if (isCertType(netscapeCertTypes, NetscapeCertType.reserved)) {
        sb.append(res.getString("ReservedNetscapeCertificateType"));
        sb.append(NEWLINE);
    }
    if (isCertType(netscapeCertTypes, NetscapeCertType.sslCA)) {
        sb.append(res.getString("SslCaNetscapeCertificateType"));
        sb.append(NEWLINE);
    }
    if (isCertType(netscapeCertTypes, NetscapeCertType.smimeCA)) {
        sb.append(res.getString("SmimeCaNetscapeCertificateType"));
        sb.append(NEWLINE);
    }
    if (isCertType(netscapeCertTypes, NetscapeCertType.objectSigningCA)) {
        sb.append(res.getString("ObjectSigningCaNetscapeCertificateType"));
        sb.append(NEWLINE);
    }
    return sb.toString();
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1BitString(org.bouncycastle.asn1.ASN1BitString) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)

Aggregations

ASN1BitString (com.unboundid.asn1.ASN1BitString)72 Test (org.testng.annotations.Test)62 DN (com.unboundid.ldap.sdk.DN)49 ASN1Null (com.unboundid.asn1.ASN1Null)36 OID (com.unboundid.util.OID)33 ASN1ObjectIdentifier (com.unboundid.asn1.ASN1ObjectIdentifier)26 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)25 ASN1Sequence (com.unboundid.asn1.ASN1Sequence)24 ASN1Element (com.unboundid.asn1.ASN1Element)23 ASN1BigInteger (com.unboundid.asn1.ASN1BigInteger)22 ASN1Integer (com.unboundid.asn1.ASN1Integer)20 IOException (java.io.IOException)16 ASN1BitString (com.github.zhenwei.core.asn1.ASN1BitString)14 ASN1BitString (org.bouncycastle.asn1.ASN1BitString)11 BigInteger (java.math.BigInteger)10 ArrayList (java.util.ArrayList)10 ASN1GeneralizedTime (com.unboundid.asn1.ASN1GeneralizedTime)9 NotNull (com.unboundid.util.NotNull)9 Date (java.util.Date)8 KeyPair (java.security.KeyPair)7