Example 86 with ASN1Set
use of com.unboundid.asn1.ASN1Set in project OpenPDF by LibrePDF.
the class PdfPublicKeySecurityHandler method createDERForRecipient.
private ASN1Primitive createDERForRecipient(byte[] in, X509Certificate cert) throws IOException, GeneralSecurityException {
String s = "1.2.840.113549.3.2";
AlgorithmParameterGenerator algorithmparametergenerator = AlgorithmParameterGenerator.getInstance(s);
AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters();
ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1"));
ASN1InputStream asn1inputstream = new ASN1InputStream(bytearrayinputstream);
ASN1Primitive derobject = asn1inputstream.readObject();
KeyGenerator keygenerator = KeyGenerator.getInstance(s);
keygenerator.init(128);
SecretKey secretkey = keygenerator.generateKey();
Cipher cipher = Cipher.getInstance(s);
cipher.init(1, secretkey, algorithmparameters);
byte[] abyte1 = cipher.doFinal(in);
DEROctetString deroctetstring = new DEROctetString(abyte1);
KeyTransRecipientInfo keytransrecipientinfo = computeRecipientInfo(cert, secretkey.getEncoded());
DERSet derset = new DERSet(new RecipientInfo(keytransrecipientinfo));
AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new ASN1ObjectIdentifier(s), derobject);
EncryptedContentInfo encryptedcontentinfo = new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring);
ASN1Set set = null;
EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, set);
ContentInfo contentinfo = new ContentInfo(PKCSObjectIdentifiers.envelopedData, env);
// return contentinfo.getDERObject();
return contentinfo.toASN1Primitive();
// ******************************************************************************
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
KeyTransRecipientInfo(org.bouncycastle.asn1.cms.KeyTransRecipientInfo)
AlgorithmParameterGenerator(java.security.AlgorithmParameterGenerator)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERSet(org.bouncycastle.asn1.DERSet)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
SecretKey(javax.crypto.SecretKey)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
ByteArrayInputStream(java.io.ByteArrayInputStream)
EncryptedContentInfo(org.bouncycastle.asn1.cms.EncryptedContentInfo)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
Cipher(javax.crypto.Cipher)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
KeyGenerator(javax.crypto.KeyGenerator)
KeyTransRecipientInfo(org.bouncycastle.asn1.cms.KeyTransRecipientInfo)
RecipientInfo(org.bouncycastle.asn1.cms.RecipientInfo)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
EnvelopedData(org.bouncycastle.asn1.cms.EnvelopedData)
AlgorithmParameters(java.security.AlgorithmParameters)
EncryptedContentInfo(org.bouncycastle.asn1.cms.EncryptedContentInfo)
Example 87 with ASN1Set
use of com.unboundid.asn1.ASN1Set in project open-ecard by ecsec.
the class EFCardAccess method decodeSecurityInfos.
/**
* Decode the SecurityInfos.
*/
private void decodeSecurityInfos() {
final ASN1Set securityinfos = sis.getSecurityInfos();
final int length = securityinfos.size();
psi = new PACESecurityInfos();
tsi = new TASecurityInfos();
csi = new CASecurityInfos();
for (int i = 0; i < length; i++) {
ASN1Sequence securityInfo = (ASN1Sequence) securityinfos.getObjectAt(i);
String oid = securityInfo.getObjectAt(0).toString();
// PACEInfo (REQUIRED)
if (PACEInfo.isPACEObjectIdentifer(oid)) {
_logger.debug("Found PACEInfo object identifier");
PACEInfo pi = new PACEInfo(securityInfo);
psi.addPACEInfo(pi);
} else // PACEDoaminParameterInfo (CONDITIONAL)
if (PACEDomainParameterInfo.isPACEObjectIdentifer(oid)) {
_logger.debug("Found PACEDomainParameterInfo object identifier");
PACEDomainParameterInfo pdp = new PACEDomainParameterInfo(securityInfo);
psi.addPACEDomainParameterInfo(pdp);
} else // ChipAuthenticationInfo (CONDITIONAL)
if (CAInfo.isObjectIdentifier(oid)) {
_logger.debug("Found ChipAuthenticationInfo object identifier");
CAInfo ci = new CAInfo(securityInfo);
csi.addCAInfo(ci);
} else // ChipAuthenticationDomainParameterInfo (CONDITIONAL)
if (CADomainParameterInfo.isObjectIdentifier(oid)) {
_logger.debug("Found ChipAuthenticationDomainParameterInfo object identifier");
CADomainParameterInfo cdp = new CADomainParameterInfo(securityInfo);
csi.addCADomainParameterInfo(cdp);
} else // TerminalAuthenticationInfo (CONDITIONAL)
if (EACObjectIdentifier.id_TA.equals(oid)) {
_logger.debug("Found TerminalAuthenticationInfo object identifier");
TAInfo ta = new TAInfo(securityInfo);
tsi.addTAInfo(ta);
} else // CardInfoLocator (RECOMMENDED)
if (EACObjectIdentifier.id_CI.equals(oid)) {
_logger.debug("Found CardInfoLocator object identifier");
cil = CardInfoLocator.getInstance(securityInfo);
} else // PrivilegedTerminalInfo (CONDITIONAL)
if (EACObjectIdentifier.id_PT.equals(oid)) {
_logger.debug("Found PrivilegedTerminalInfo object identifier");
pti = PrivilegedTerminalInfo.getInstance(securityInfo);
} else {
_logger.debug("Found unknown object identifier: {}", oid.toString());
}
}
}
Also used :
PACESecurityInfos(org.openecard.crypto.common.asn1.eac.PACESecurityInfos)
ASN1Sequence(org.openecard.bouncycastle.asn1.ASN1Sequence)
ASN1Set(org.openecard.bouncycastle.asn1.ASN1Set)
TASecurityInfos(org.openecard.crypto.common.asn1.eac.TASecurityInfos)
CADomainParameterInfo(org.openecard.crypto.common.asn1.eac.CADomainParameterInfo)
TAInfo(org.openecard.crypto.common.asn1.eac.TAInfo)
PACEInfo(org.openecard.crypto.common.asn1.eac.PACEInfo)
CAInfo(org.openecard.crypto.common.asn1.eac.CAInfo)
CASecurityInfos(org.openecard.crypto.common.asn1.eac.CASecurityInfos)
PACEDomainParameterInfo(org.openecard.crypto.common.asn1.eac.PACEDomainParameterInfo)
Example 88 with ASN1Set
use of com.unboundid.asn1.ASN1Set in project jruby-openssl by jruby.
the class PKCS7 method dataFinal.
/**
* c: PKCS7_dataFinal
*/
public int dataFinal(BIO bio) throws PKCS7Exception {
Collection<SignerInfoWithPkey> siSk = null;
BIO btmp;
byte[] buf;
MessageDigest mdc = null;
MessageDigest ctx_tmp = null;
ASN1Set sk;
int i = this.data.getType();
switch(i) {
case ASN1Registry.NID_pkcs7_signedAndEnveloped:
siSk = getSignedAndEnveloped().getSignerInfo();
break;
case ASN1Registry.NID_pkcs7_signed:
siSk = getSign().getSignerInfo();
break;
case ASN1Registry.NID_pkcs7_digest:
break;
default:
break;
}
if (siSk != null) {
for (SignerInfoWithPkey si : siSk) {
if (si.getPkey() == null) {
continue;
}
int j = ASN1Registry.oid2nid(si.getDigestAlgorithm().getAlgorithm());
btmp = bio;
MessageDigest[] _mdc = new MessageDigest[] { mdc };
btmp = findDigest(_mdc, btmp, j);
mdc = _mdc[0];
if (btmp == null) {
return 0;
}
try {
ctx_tmp = (MessageDigest) mdc.clone();
} catch (CloneNotSupportedException e) {
throw new RuntimeException(e);
}
sk = si.getAuthenticatedAttributes();
Signature sign = null;
try {
if (sk != null && sk.size() > 0) {
/* Add signing time if not already present */
if (null == si.getSignedAttribute(ASN1Registry.NID_pkcs9_signingTime)) {
DERUTCTime signTime = new DERUTCTime(Calendar.getInstance(TimeZone.getTimeZone("UTC")).getTime());
si.addSignedAttribute(ASN1Registry.NID_pkcs9_signingTime, signTime);
}
byte[] md_data = ctx_tmp.digest();
ASN1OctetString digest = new DEROctetString(md_data);
si.addSignedAttribute(ASN1Registry.NID_pkcs9_messageDigest, digest);
sk = si.getAuthenticatedAttributes();
sign = SecurityHelper.getSignature(EVP.signatureAlgorithm(ctx_tmp, si.getPkey()));
sign.initSign(si.getPkey());
byte[] abuf = sk.getEncoded();
sign.update(abuf);
}
if (sign != null) {
byte[] out = sign.sign();
si.setEncryptedDigest(new DEROctetString(out));
}
} catch (Exception e) {
throw new PKCS7Exception(F_PKCS7_DATAFINAL, -1, e);
}
}
} else if (i == ASN1Registry.NID_pkcs7_digest) {
int nid = ASN1Registry.oid2nid(getDigest().getMd().getAlgorithm());
MessageDigest[] _mdc = new MessageDigest[] { mdc };
bio = findDigest(_mdc, bio, nid);
mdc = _mdc[0];
byte[] md_data = mdc.digest();
ASN1OctetString digest = new DEROctetString(md_data);
getDigest().setDigest(digest);
}
if (!isDetached()) {
btmp = bio.findType(BIO.TYPE_MEM);
if (null == btmp) {
throw new PKCS7Exception(F_PKCS7_DATAFINAL, R_UNABLE_TO_FIND_MEM_BIO);
}
buf = ((MemBIO) btmp).getMemCopy();
switch(i) {
case ASN1Registry.NID_pkcs7_signedAndEnveloped:
getSignedAndEnveloped().getEncData().setEncData(new DEROctetString(buf));
break;
case ASN1Registry.NID_pkcs7_enveloped:
getEnveloped().getEncData().setEncData(new DEROctetString(buf));
break;
case ASN1Registry.NID_pkcs7_signed:
if (getSign().getContents().isData() && getDetached() != 0) {
getSign().getContents().setData(null);
} else {
getSign().getContents().setData(new DEROctetString(buf));
}
break;
case ASN1Registry.NID_pkcs7_digest:
if (getDigest().getContents().isData() && getDetached() != 0) {
getDigest().getContents().setData(null);
} else {
getDigest().getContents().setData(new DEROctetString(buf));
}
break;
}
}
return 1;
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
PKCSException(org.bouncycastle.pkcs.PKCSException)
IOException(java.io.IOException)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
DERUTCTime(org.bouncycastle.asn1.DERUTCTime)
Example 89 with ASN1Set
use of com.unboundid.asn1.ASN1Set in project jruby-openssl by jruby.
the class PKCS7 method signatureVerify.
/* c: PKCS7_signatureVerify
*
*/
public void signatureVerify(BIO bio, SignerInfoWithPkey si, X509AuxCertificate x509) throws PKCS7Exception {
if (!isSigned() && !isSignedAndEnveloped()) {
throw new PKCS7Exception(F_PKCS7_SIGNATUREVERIFY, R_WRONG_PKCS7_TYPE);
}
final int md_type = ASN1Registry.oid2nid(si.getDigestAlgorithm().getAlgorithm());
BIO btmp = bio;
MessageDigest mdc;
for (; ; ) {
if (btmp == null || (btmp = bio.findType(BIO.TYPE_MD)) == null) {
throw new PKCS7Exception(F_PKCS7_SIGNATUREVERIFY, R_UNABLE_TO_FIND_MESSAGE_DIGEST);
}
mdc = ((MessageDigestBIOFilter) btmp).getMessageDigest();
if (null == mdc) {
throw new PKCS7Exception(F_PKCS7_SIGNATUREVERIFY, -1);
}
if (EVP.type(mdc) == md_type)
break;
btmp = btmp.next();
}
MessageDigest mdc_tmp = null;
try {
mdc_tmp = (MessageDigest) mdc.clone();
} catch (Exception e) {
}
byte[] currentData = new byte[0];
ASN1Set sk = si.getAuthenticatedAttributes();
try {
if (sk != null && sk.size() > 0) {
byte[] md_dat = mdc_tmp.digest();
ASN1OctetString message_digest = digestFromAttributes(sk);
if (message_digest == null) {
throw new PKCS7Exception(F_PKCS7_SIGNATUREVERIFY, R_UNABLE_TO_FIND_MESSAGE_DIGEST);
}
if (!Arrays.equals(md_dat, message_digest.getOctets())) {
throw new NotVerifiedPKCS7Exception();
}
currentData = sk.getEncoded();
}
ASN1OctetString os = si.getEncryptedDigest();
PublicKey pkey = x509.getPublicKey();
Signature sign = SecurityHelper.getSignature(EVP.signatureAlgorithm(mdc_tmp, pkey));
sign.initVerify(pkey);
if (currentData.length > 0) {
sign.update(currentData);
}
if (!sign.verify(os.getOctets())) {
throw new NotVerifiedPKCS7Exception();
}
} catch (NotVerifiedPKCS7Exception e) {
throw e;
} catch (GeneralSecurityException | IOException e) {
throw new NotVerifiedPKCS7Exception(e);
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
IOException(java.io.IOException)
PKCSException(org.bouncycastle.pkcs.PKCSException)
IOException(java.io.IOException)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
Example 90 with ASN1Set
use of com.unboundid.asn1.ASN1Set in project jruby-openssl by jruby.
the class Signed method certificatesFromASN1Set.
private static Collection<X509AuxCertificate> certificatesFromASN1Set(ASN1Encodable content) throws PKCS7Exception {
Collection<X509AuxCertificate> result = new ArrayList<X509AuxCertificate>();
if (content instanceof ASN1Sequence) {
try {
for (Enumeration<?> enm = ((ASN1Sequence) content).getObjects(); enm.hasMoreElements(); ) {
ASN1Encodable current = (ASN1Encodable) enm.nextElement();
result.add(certificateFromASN1(current));
}
} catch (IllegalArgumentException iae) {
result.add(certificateFromASN1(content));
}
} else if (content instanceof ASN1Set) {
// EXPLICIT Set shouldn't apper here but keep this for backward compatibility.
for (Enumeration<?> enm = ((ASN1Set) content).getObjects(); enm.hasMoreElements(); ) {
ASN1Encodable current = (ASN1Encodable) enm.nextElement();
result.add(certificateFromASN1(current));
}
} else {
throw new PKCS7Exception(PKCS7.F_B64_READ_PKCS7, PKCS7.R_CERTIFICATE_VERIFY_ERROR, "unknown certificates format");
}
return result;
}
Also used :
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
Enumeration(java.util.Enumeration)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
ArrayList(java.util.ArrayList)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate)
Aggregations
ASN1Set (org.bouncycastle.asn1.ASN1Set)67
ArrayList (java.util.ArrayList)51
ASN1Set (com.unboundid.asn1.ASN1Set)33
IOException (java.io.IOException)32
ASN1OctetString (com.unboundid.asn1.ASN1OctetString)30
ASN1Sequence (com.unboundid.asn1.ASN1Sequence)30
ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)26
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)22
ASN1Element (com.unboundid.asn1.ASN1Element)21
NotNull (com.unboundid.util.NotNull)21
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)19
List (java.util.List)17
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)17
DEROctetString (org.bouncycastle.asn1.DEROctetString)16
Enumeration (java.util.Enumeration)14
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)14
OutputStream (java.io.OutputStream)12
Test (org.testng.annotations.Test)12
ASN1Enumerated (com.unboundid.asn1.ASN1Enumerated)11
X509Certificate (java.security.cert.X509Certificate)11
