Example 46 with ASN1Integer
use of org.bouncycastle.asn1.ASN1Integer in project xipki by xipki.
the class CaEmulator method getCrl.
public synchronized CertificateList getCrl(X500Name issuer, BigInteger serialNumber) throws Exception {
if (crl != null) {
return crl;
}
Date thisUpdate = new Date();
X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(caSubject, thisUpdate);
Date nextUpdate = new Date(thisUpdate.getTime() + 30 * DAY_IN_MS);
crlBuilder.setNextUpdate(nextUpdate);
Date caStartTime = caCert.getTBSCertificate().getStartDate().getDate();
Date revocationTime = new Date(caStartTime.getTime() + 1);
if (revocationTime.after(thisUpdate)) {
revocationTime = caStartTime;
}
crlBuilder.addCRLEntry(BigInteger.valueOf(2), revocationTime, CRLReason.keyCompromise);
crlBuilder.addExtension(Extension.cRLNumber, false, new ASN1Integer(crlNumber.getAndAdd(1)));
String signatureAlgorithm = ScepUtil.getSignatureAlgorithm(caKey, ScepHashAlgo.SHA256);
ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).build(caKey);
X509CRLHolder crl = crlBuilder.build(contentSigner);
return crl.toASN1Structure();
}
Also used :
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
X509CRLHolder(org.bouncycastle.cert.X509CRLHolder)
X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
Date(java.util.Date)
Example 47 with ASN1Integer
use of org.bouncycastle.asn1.ASN1Integer in project candlepin by candlepin.
the class X509CRLStreamWriter method add.
/**
* Create an entry to be added to the CRL.
*
* @param serial
* @param date
* @param reason
* @throws IOException if an entry fails to generate
*/
@SuppressWarnings({ "unchecked", "rawtypes" })
public void add(BigInteger serial, Date date, int reason) throws IOException {
if (locked) {
throw new IllegalStateException("Cannot add to a locked stream.");
}
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new ASN1Integer(serial));
v.add(new Time(date));
CRLReason crlReason = CRLReason.getInstance(new ASN1Enumerated(reason));
ExtensionsGenerator generator = new ExtensionsGenerator();
generator.addExtension(Extension.reasonCode, false, crlReason);
v.add(generator.generate());
newEntries.add(new DERSequence(v));
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1Enumerated(org.bouncycastle.asn1.ASN1Enumerated)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
DERGeneralizedTime(org.bouncycastle.asn1.DERGeneralizedTime)
ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime)
DERUTCTime(org.bouncycastle.asn1.DERUTCTime)
Time(org.bouncycastle.asn1.x509.Time)
ASN1UTCTime(org.bouncycastle.asn1.ASN1UTCTime)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
CRLReason(org.bouncycastle.asn1.x509.CRLReason)
ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)
Example 48 with ASN1Integer
use of org.bouncycastle.asn1.ASN1Integer in project candlepin by candlepin.
the class X509CRLStreamWriter method write.
/**
* Write a modified CRL to the given output stream. This method will add each entry provided
* via the add() method.
*
* @param out OutputStream to write to
* @throws IOException if something goes wrong
*/
public void write(OutputStream out) throws IOException {
if (!locked || !preScanned) {
throw new IllegalStateException("The instance must be preScanned and locked before writing.");
}
if (emptyCrl) {
/* An empty CRL is going to be missing the revokedCertificates sequence
* and would require a lot of special casing during the streaming process.
* Instead, it is easier to construct the CRL in the normal fashion using
* BouncyCastle. Performance should be acceptable as long as the number of
* CRL entries being added are reasonable in number. Something less than a
* thousand or so should yield adequate performance.
*/
writeToEmptyCrl(out);
return;
}
originalLength = handleHeader(out);
int tag;
int tagNo;
int length;
while (originalLength > count.get()) {
tag = readTag(crlIn, count);
tagNo = readTagNumber(crlIn, tag, count);
length = readLength(crlIn, count);
byte[] entryBytes = new byte[length];
readFullyAndTrack(crlIn, entryBytes, count);
// We only need the serial number and not the rest of the stuff in the entry
ASN1Integer serial = (ASN1Integer) new ASN1InputStream(entryBytes).readObject();
if (deletedEntriesLength == 0 || !deletedEntries.contains(serial.getValue())) {
writeTag(out, tag, tagNo, signer);
writeLength(out, length, signer);
writeValue(out, entryBytes, signer);
}
}
// Write the new entries into the new CRL
for (ASN1Sequence entry : newEntries) {
writeBytes(out, entry.getEncoded(), signer);
}
// Copy the old extensions over
if (newExtensions != null) {
out.write(newExtensions);
signer.getOutputStream().write(newExtensions, 0, newExtensions.length);
}
out.write(signingAlg.getEncoded());
try {
byte[] signature = signer.getSignature();
ASN1BitString signatureBits = new DERBitString(signature);
out.write(signatureBits.getEncoded());
} catch (DataLengthException e) {
throw new IOException("Could not sign", e);
}
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DataLengthException(org.bouncycastle.crypto.DataLengthException)
DERBitString(org.bouncycastle.asn1.DERBitString)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
ASN1BitString(org.bouncycastle.asn1.ASN1BitString)
Example 49 with ASN1Integer
use of org.bouncycastle.asn1.ASN1Integer in project fabric-sdk-java by hyperledger.
the class CryptoPrimitives method ecdsaSignToBytes.
/**
* Sign data with the specified elliptic curve private key.
*
* @param privateKey elliptic curve private key.
* @param data data to sign
* @return the signed data.
* @throws CryptoException
*/
private byte[] ecdsaSignToBytes(ECPrivateKey privateKey, byte[] data) throws CryptoException {
try {
X9ECParameters params = ECNamedCurveTable.getByName(curveName);
BigInteger curveN = params.getN();
Signature sig = SECURITY_PROVIDER == null ? Signature.getInstance(DEFAULT_SIGNATURE_ALGORITHM) : Signature.getInstance(DEFAULT_SIGNATURE_ALGORITHM, SECURITY_PROVIDER);
sig.initSign(privateKey);
sig.update(data);
byte[] signature = sig.sign();
BigInteger[] sigs = decodeECDSASignature(signature);
sigs = preventMalleability(sigs, curveN);
ByteArrayOutputStream s = new ByteArrayOutputStream();
DERSequenceGenerator seq = new DERSequenceGenerator(s);
seq.addObject(new ASN1Integer(sigs[0]));
seq.addObject(new ASN1Integer(sigs[1]));
seq.close();
return s.toByteArray();
} catch (Exception e) {
throw new CryptoException("Could not sign the message using private key", e);
}
}
Also used :
X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters)
Signature(java.security.Signature)
BigInteger(java.math.BigInteger)
DERSequenceGenerator(org.bouncycastle.asn1.DERSequenceGenerator)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
CryptoException(org.hyperledger.fabric.sdk.exception.CryptoException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
KeyStoreException(java.security.KeyStoreException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
InvalidArgumentException(org.hyperledger.fabric.sdk.exception.InvalidArgumentException)
SignatureException(java.security.SignatureException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
CryptoException(org.hyperledger.fabric.sdk.exception.CryptoException)
Example 50 with ASN1Integer
use of org.bouncycastle.asn1.ASN1Integer in project jruby-openssl by jruby.
the class PKeyEC method dsa_sign_asn1.
@JRubyMethod(name = "dsa_sign_asn1")
public IRubyObject dsa_sign_asn1(final ThreadContext context, final IRubyObject data) {
try {
ECNamedCurveParameterSpec params = ECNamedCurveTable.getParameterSpec(getCurveName());
ASN1ObjectIdentifier oid = getCurveOID(getCurveName());
ECNamedDomainParameters domainParams = new ECNamedDomainParameters(oid, params.getCurve(), params.getG(), params.getN(), params.getH(), params.getSeed());
final ECDSASigner signer = new ECDSASigner();
final ECPrivateKey privKey = (ECPrivateKey) this.privateKey;
signer.init(true, new ECPrivateKeyParameters(privKey.getS(), domainParams));
final byte[] message = data.convertToString().getBytes();
// [r, s]
BigInteger[] signature = signer.generateSignature(message);
// final byte[] r = signature[0].toByteArray();
// final byte[] s = signature[1].toByteArray();
// // ASN.1 encode as: 0x30 len 0x02 rlen (r) 0x02 slen (s)
// final int len = 1 + (1 + r.length) + 1 + (1 + s.length);
//
// final byte[] encoded = new byte[1 + 1 + len]; int i;
// encoded[0] = 0x30;
// encoded[1] = (byte) len;
// encoded[2] = 0x20;
// encoded[3] = (byte) r.length;
// System.arraycopy(r, 0, encoded, i = 4, r.length); i += r.length;
// encoded[i++] = 0x20;
// encoded[i++] = (byte) s.length;
// System.arraycopy(s, 0, encoded, i, s.length);
ByteArrayOutputStream bytes = new ByteArrayOutputStream();
ASN1OutputStream asn1 = new ASN1OutputStream(bytes);
ASN1EncodableVector v = new ASN1EncodableVector();
// r
v.add(new ASN1Integer(signature[0]));
// s
v.add(new ASN1Integer(signature[1]));
asn1.writeObject(new DLSequence(v));
return StringHelper.newString(context.runtime, bytes.buffer(), bytes.size());
} catch (IOException ex) {
throw newECError(context.runtime, ex.toString());
} catch (RuntimeException ex) {
throw newECError(context.runtime, ex.toString());
}
}
Also used :
PKey.readECPrivateKey(org.jruby.ext.openssl.impl.PKey.readECPrivateKey)
ECPrivateKey(java.security.interfaces.ECPrivateKey)
ECDSASigner(org.bouncycastle.crypto.signers.ECDSASigner)
ECNamedDomainParameters(org.bouncycastle.crypto.params.ECNamedDomainParameters)
ByteArrayOutputStream(org.jruby.ext.openssl.util.ByteArrayOutputStream)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
ASN1OutputStream(org.bouncycastle.asn1.ASN1OutputStream)
ECPrivateKeyParameters(org.bouncycastle.crypto.params.ECPrivateKeyParameters)
DLSequence(org.bouncycastle.asn1.DLSequence)
ECNamedCurveParameterSpec(org.bouncycastle.jce.spec.ECNamedCurveParameterSpec)
BigInteger(java.math.BigInteger)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
JRubyMethod(org.jruby.anno.JRubyMethod)
Aggregations
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)127
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)56
BigInteger (java.math.BigInteger)54
DERSequence (org.bouncycastle.asn1.DERSequence)51
IOException (java.io.IOException)44
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)43
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)29
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)21
DEROctetString (org.bouncycastle.asn1.DEROctetString)21
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)20
ArrayList (java.util.ArrayList)18
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)17
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)16
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)15
X509Certificate (java.security.cert.X509Certificate)14
Date (java.util.Date)12
DLSequence (org.bouncycastle.asn1.DLSequence)12
ByteArrayInputStream (java.io.ByteArrayInputStream)11
KeyPair (java.security.KeyPair)11
HashMap (java.util.HashMap)11
