Examples with ASN1ObjectIdentifier com.unboundid.asn1.ASN1ObjectIdentifier used on opensource projects

Example 51 with ASN1ObjectIdentifier

use of com.unboundid.asn1.ASN1ObjectIdentifier in project attestation by TokenScript.

the class ASN1Util method restorePublicKey.

/**
 * Extract the public key from its DER encoded BITString
 * @param input
 * @return
 */
public static AsymmetricKeyParameter restorePublicKey(byte[] input, X9ECParameters parameters, String oid) throws IOException {
    AlgorithmIdentifier identifierEnc = new AlgorithmIdentifier(new ASN1ObjectIdentifier(oid), parameters.toASN1Primitive());
    ASN1BitString keyEnc = DERBitString.getInstance(input);
    ASN1Sequence spkiEnc = new DERSequence(new ASN1Encodable[] { identifierEnc, keyEnc });
    SubjectPublicKeyInfo spki = SubjectPublicKeyInfo.getInstance(spkiEnc);
    return PublicKeyFactory.createKey(spki);
}

Example 52 with ASN1ObjectIdentifier

use of com.unboundid.asn1.ASN1ObjectIdentifier in project attestation by TokenScript.

the class Parser method getExtensions.

public Map<String, Extensions> getExtensions() {
    Map<String, Extensions> res = new HashMap<>();
    for (String currentDatasourceName : matching.keySet()) {
        List<Extension> extensionList = new ArrayList<>();
        Map<String, String> currentMap = matching.get(currentDatasourceName);
        currentMap.putAll(global);
        for (String oid : currentMap.keySet()) {
            if (!X500_OIDS.contains(oid)) {
                Extension extension = new Extension(new ASN1ObjectIdentifier(oid), true, new DEROctetString(currentMap.get(oid).getBytes(StandardCharsets.UTF_8)));
                extensionList.add(extension);
            }
        }
        res.put(currentDatasourceName, new Extensions(extensionList.toArray(new Extension[0])));
    }
    return res;
}

Example 53 with ASN1ObjectIdentifier

use of com.unboundid.asn1.ASN1ObjectIdentifier in project staplr by pridiltal.

the class PdfPKCS7 method getAuthenticatedAttributeBytes.

/**
 * When using authenticatedAttributes the authentication process is different.
 * The document digest is generated and put inside the attribute. The signing is done over the DER encoded
 * authenticatedAttributes. This method provides that encoding and the parameters must be
 * exactly the same as in {@link #getEncodedPKCS7(byte[],Calendar)}.
 * <p>
 * A simple example:
 * <p>
 * <pre>
 * Calendar cal = Calendar.getInstance();
 * PdfPKCS7 pk7 = new PdfPKCS7(key, chain, null, "SHA1", null, false);
 * MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
 * byte buf[] = new byte[8192];
 * int n;
 * InputStream inp = sap.getRangeStream();
 * while ((n = inp.read(buf)) &gt; 0) {
 *    messageDigest.update(buf, 0, n);
 * }
 * byte hash[] = messageDigest.digest();
 * byte sh[] = pk7.getAuthenticatedAttributeBytes(hash, cal);
 * pk7.update(sh, 0, sh.length);
 * byte sg[] = pk7.getEncodedPKCS7(hash, cal);
 * </pre>
 * @param secondDigest the content digest
 * @param signingTime the signing time
 * @return the byte array representation of the authenticatedAttributes ready to be signed
 */
public byte[] getAuthenticatedAttributeBytes(byte[] secondDigest, Calendar signingTime) {
    try {
        ASN1EncodableVector attribute = new ASN1EncodableVector();
        ASN1EncodableVector v = new ASN1EncodableVector();
        v.add(new ASN1ObjectIdentifier(ID_CONTENT_TYPE));
        v.add(new DERSet(new ASN1ObjectIdentifier(ID_PKCS7_DATA)));
        attribute.add(new DERSequence(v));
        v = new ASN1EncodableVector();
        v.add(new ASN1ObjectIdentifier(ID_SIGNING_TIME));
        v.add(new DERSet(new DERUTCTime(signingTime.getTime())));
        attribute.add(new DERSequence(v));
        v = new ASN1EncodableVector();
        v.add(new ASN1ObjectIdentifier(ID_MESSAGE_DIGEST));
        v.add(new DERSet(new DEROctetString(secondDigest)));
        attribute.add(new DERSequence(v));
        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
        ASN1OutputStream dout = new ASN1OutputStream(bOut);
        dout.writeObject(new DERSet(attribute));
        dout.close();
        return bOut.toByteArray();
    } catch (Exception e) {
        throw new ExceptionConverter(e);
    }
}

Example 54 with ASN1ObjectIdentifier

use of com.unboundid.asn1.ASN1ObjectIdentifier in project jcifs by codelibs.

the class NegTokenTarg method toByteArray.

@Override
public byte[] toByteArray() {
    try {
        ByteArrayOutputStream collector = new ByteArrayOutputStream();
        ASN1OutputStream der = ASN1OutputStream.create(collector, ASN1Encoding.DER);
        ASN1EncodableVector fields = new ASN1EncodableVector();
        int res = getResult();
        if (res != UNSPECIFIED_RESULT) {
            fields.add(new DERTaggedObject(true, 0, new ASN1Enumerated(res)));
        }
        ASN1ObjectIdentifier mech = getMechanism();
        if (mech != null) {
            fields.add(new DERTaggedObject(true, 1, mech));
        }
        byte[] mechanismToken = getMechanismToken();
        if (mechanismToken != null) {
            fields.add(new DERTaggedObject(true, 2, new DEROctetString(mechanismToken)));
        }
        byte[] mechanismListMIC = getMechanismListMIC();
        if (mechanismListMIC != null) {
            fields.add(new DERTaggedObject(true, 3, new DEROctetString(mechanismListMIC)));
        }
        der.writeObject(new DERTaggedObject(true, 1, new DERSequence(fields)));
        return collector.toByteArray();
    } catch (IOException ex) {
        throw new IllegalStateException(ex.getMessage());
    }
}

Example 55 with ASN1ObjectIdentifier

use of com.unboundid.asn1.ASN1ObjectIdentifier in project jcifs by codelibs.

the class SpnegoContext method negotitate.

private SpnegoToken negotitate(byte[] inputBuf, int offset, int len) throws CIFSException {
    SpnegoToken spToken = getToken(inputBuf, offset, len);
    byte[] inputToken = null;
    if (spToken instanceof NegTokenInit) {
        NegTokenInit tinit = (NegTokenInit) spToken;
        ASN1ObjectIdentifier[] rm = tinit.getMechanisms();
        this.remoteMechs = rm;
        ASN1ObjectIdentifier prefMech = rm[0];
        // only use token if the optimistic mechanism is supported
        if (this.mechContext.isSupported(prefMech)) {
            inputToken = tinit.getMechanismToken();
        } else {
            ASN1ObjectIdentifier found = null;
            for (ASN1ObjectIdentifier mech : rm) {
                if (this.mechContext.isSupported(mech)) {
                    found = mech;
                    break;
                }
            }
            if (found == null) {
                throw new SmbException("Server does advertise any supported mechanism");
            }
        }
    } else if (spToken instanceof NegTokenTarg) {
        NegTokenTarg targ = (NegTokenTarg) spToken;
        if (this.firstResponse) {
            if (!this.mechContext.isSupported(targ.getMechanism())) {
                throw new SmbException("Server chose an unsupported mechanism " + targ.getMechanism());
            }
            this.selectedMech = targ.getMechanism();
            if (targ.getResult() == NegTokenTarg.REQUEST_MIC) {
                this.requireMic = true;
            }
            this.firstResponse = false;
        } else {
            if (targ.getMechanism() != null && !targ.getMechanism().equals(this.selectedMech)) {
                throw new SmbException("Server switched mechanism");
            }
        }
        inputToken = targ.getMechanismToken();
    } else {
        throw new SmbException("Invalid token");
    }
    if (spToken instanceof NegTokenTarg && this.mechContext.isEstablished()) {
        // already established, but server hasn't completed yet
        NegTokenTarg targ = (NegTokenTarg) spToken;
        if (targ.getResult() == NegTokenTarg.ACCEPT_INCOMPLETE && targ.getMechanismToken() == null && targ.getMechanismListMIC() != null) {
            // this indicates that mechlistMIC is required by the server
            verifyMechListMIC(targ.getMechanismListMIC());
            return new NegTokenTarg(NegTokenTarg.UNSPECIFIED_RESULT, null, null, calculateMechListMIC());
        } else if (targ.getResult() != NegTokenTarg.ACCEPT_COMPLETED) {
            throw new SmbException("SPNEGO negotiation did not complete");
        }
        verifyMechListMIC(targ.getMechanismListMIC());
        this.completed = true;
        return null;
    }
    if (inputToken == null) {
        return initialToken();
    }
    byte[] mechMIC = null;
    byte[] responseToken = this.mechContext.initSecContext(inputToken, 0, inputToken.length);
    if (spToken instanceof NegTokenTarg) {
        NegTokenTarg targ = (NegTokenTarg) spToken;
        if (targ.getResult() == NegTokenTarg.ACCEPT_COMPLETED && this.mechContext.isEstablished()) {
            // server sent final token
            verifyMechListMIC(targ.getMechanismListMIC());
            if (!this.disableMic || this.requireMic) {
                mechMIC = calculateMechListMIC();
            }
            this.completed = true;
        } else if (this.mechContext.isMICAvailable() && (!this.disableMic || this.requireMic)) {
            // we need to send our final data
            mechMIC = calculateMechListMIC();
        } else if (targ.getResult() == NegTokenTarg.REJECTED) {
            throw new SmbException("SPNEGO mechanism was rejected");
        }
    }
    if (responseToken == null && this.mechContext.isEstablished()) {
        return null;
    }
    return new NegTokenTarg(NegTokenTarg.UNSPECIFIED_RESULT, null, responseToken, mechMIC);
}