Search in sources :

Example 46 with DERObjectIdentifier

use of org.bouncycastle.asn1.DERObjectIdentifier in project nhin-d by DirectProject.

the class SplitProviderDirectSignedDataGenerator method generate.

/**
	 * {@inheritDoc}
	 */
@Override
public CMSSignedData generate(String signedContentType, CMSProcessable content, boolean encapsulate, String sigProvider, boolean addDefaultAttributes) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException {
    final ASN1EncodableVector digestAlgs = new ASN1EncodableVector();
    final ASN1EncodableVector signerInfos = new ASN1EncodableVector();
    // clear the current preserved digest state
    _digests.clear();
    //
    // add the SignerInfo objects
    //
    DERObjectIdentifier contentTypeOID;
    boolean isCounterSignature;
    if (signedContentType != null) {
        contentTypeOID = new DERObjectIdentifier(signedContentType);
        isCounterSignature = false;
    } else {
        contentTypeOID = CMSObjectIdentifiers.data;
        isCounterSignature = true;
    }
    for (DirectTargetedSignerInf signer : privateSigners) {
        AlgorithmIdentifier digAlgId;
        try {
            digAlgId = new AlgorithmIdentifier(new DERObjectIdentifier(signer.digestOID), new DERNull());
            digestAlgs.add(digAlgId);
            try {
                signerInfos.add(signer.toSignerInfo(contentTypeOID, content, rand, sigProvider, digestProvider, addDefaultAttributes, isCounterSignature));
            } catch (ClassCastException e) {
                // try again with the digest provider... the key may need to use a different provider than the sig provider
                signerInfos.add(signer.toSignerInfo(contentTypeOID, content, rand, digestProvider, digestProvider, addDefaultAttributes, isCounterSignature));
            }
        } catch (IOException e) {
            throw new CMSException("encoding error.", e);
        } catch (InvalidKeyException e) {
            throw new CMSException("key inappropriate for signature.", e);
        } catch (SignatureException e) {
            throw new CMSException("error creating signature.", e);
        } catch (CertificateEncodingException e) {
            throw new CMSException("error creating sid.", e);
        }
    }
    ASN1Set certificates = null;
    if (_certs.size() != 0) {
        certificates = createBerSetFromList(_certs);
    }
    ASN1Set certrevlist = null;
    if (_crls.size() != 0) {
        certrevlist = createBerSetFromList(_crls);
    }
    ContentInfo encInfo;
    if (encapsulate) {
        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
        try {
            content.write(bOut);
        } catch (IOException e) {
            throw new CMSException("encapsulation error.", e);
        }
        ASN1OctetString octs = new BERConstructedOctetString(bOut.toByteArray());
        encInfo = new ContentInfo(contentTypeOID, octs);
    } else {
        encInfo = new ContentInfo(contentTypeOID, null);
    }
    SignedData sd = new SignedData(new DERSet(digestAlgs), encInfo, certificates, certrevlist, new DERSet(signerInfos));
    ContentInfo contentInfo = new ContentInfo(PKCSObjectIdentifiers.signedData, sd);
    return new CMSSignedData(content, contentInfo);
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) SignedData(org.bouncycastle.asn1.cms.SignedData) CMSSignedData(org.bouncycastle.cms.CMSSignedData) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) SignatureException(java.security.SignatureException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InvalidKeyException(java.security.InvalidKeyException) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) DERSet(org.bouncycastle.asn1.DERSet) CMSSignedData(org.bouncycastle.cms.CMSSignedData) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) ASN1Set(org.bouncycastle.asn1.ASN1Set) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) DERNull(org.bouncycastle.asn1.DERNull) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) BERConstructedOctetString(org.bouncycastle.asn1.BERConstructedOctetString) CMSException(org.bouncycastle.cms.CMSException)

Example 47 with DERObjectIdentifier

use of org.bouncycastle.asn1.DERObjectIdentifier in project android_frameworks_base by AOSPA.

the class ESTHandler method buildCSR.

private byte[] buildCSR(ByteBuffer octetBuffer, OMADMAdapter omadmAdapter, HTTPHandler httpHandler) throws IOException, GeneralSecurityException {
    //Security.addProvider(new BouncyCastleProvider());
    Log.d(TAG, "/csrattrs:");
    /*
        byte[] octets = new byte[octetBuffer.remaining()];
        octetBuffer.duplicate().get(octets);
        for (byte b : octets) {
            System.out.printf("%02x ", b & 0xff);
        }
        */
    Collection<Asn1Object> csrs = Asn1Decoder.decode(octetBuffer);
    for (Asn1Object asn1Object : csrs) {
        Log.d(TAG, asn1Object.toString());
    }
    if (csrs.size() != 1) {
        throw new IOException("Unexpected object count in CSR attributes response: " + csrs.size());
    }
    Asn1Object sequence = csrs.iterator().next();
    if (sequence.getClass() != Asn1Constructed.class) {
        throw new IOException("Unexpected CSR attribute container: " + sequence);
    }
    String keyAlgo = null;
    Asn1Oid keyAlgoOID = null;
    String sigAlgo = null;
    String curveName = null;
    Asn1Oid pubCrypto = null;
    int keySize = -1;
    Map<Asn1Oid, ASN1Encodable> idAttributes = new HashMap<>();
    for (Asn1Object child : sequence.getChildren()) {
        if (child.getTag() == Asn1Decoder.TAG_OID) {
            Asn1Oid oid = (Asn1Oid) child;
            OidMappings.SigEntry sigEntry = OidMappings.getSigEntry(oid);
            if (sigEntry != null) {
                sigAlgo = sigEntry.getSigAlgo();
                keyAlgoOID = sigEntry.getKeyAlgo();
                keyAlgo = OidMappings.getJCEName(keyAlgoOID);
            } else if (oid.equals(OidMappings.sPkcs9AtChallengePassword)) {
                byte[] tlsUnique = httpHandler.getTLSUnique();
                if (tlsUnique != null) {
                    idAttributes.put(oid, new DERPrintableString(Base64.encodeToString(tlsUnique, Base64.DEFAULT)));
                } else {
                    Log.w(TAG, "Cannot retrieve TLS unique channel binding");
                }
            }
        } else if (child.getTag() == Asn1Decoder.TAG_SEQ) {
            Asn1Oid oid = null;
            Set<Asn1Oid> oidValues = new HashSet<>();
            List<Asn1Object> values = new ArrayList<>();
            for (Asn1Object attributeSeq : child.getChildren()) {
                if (attributeSeq.getTag() == Asn1Decoder.TAG_OID) {
                    oid = (Asn1Oid) attributeSeq;
                } else if (attributeSeq.getTag() == Asn1Decoder.TAG_SET) {
                    for (Asn1Object value : attributeSeq.getChildren()) {
                        if (value.getTag() == Asn1Decoder.TAG_OID) {
                            oidValues.add((Asn1Oid) value);
                        } else {
                            values.add(value);
                        }
                    }
                }
            }
            if (oid == null) {
                throw new IOException("Invalid attribute, no OID");
            }
            if (oid.equals(OidMappings.sExtensionRequest)) {
                for (Asn1Oid subOid : oidValues) {
                    if (OidMappings.isIDAttribute(subOid)) {
                        if (subOid.equals(OidMappings.sMAC)) {
                            idAttributes.put(subOid, new DERIA5String(omadmAdapter.getMAC()));
                        } else if (subOid.equals(OidMappings.sIMEI)) {
                            idAttributes.put(subOid, new DERIA5String(omadmAdapter.getImei()));
                        } else if (subOid.equals(OidMappings.sMEID)) {
                            idAttributes.put(subOid, new DERBitString(omadmAdapter.getMeid()));
                        } else if (subOid.equals(OidMappings.sDevID)) {
                            idAttributes.put(subOid, new DERPrintableString(omadmAdapter.getDevID()));
                        }
                    }
                }
            } else if (OidMappings.getCryptoID(oid) != null) {
                pubCrypto = oid;
                if (!values.isEmpty()) {
                    for (Asn1Object value : values) {
                        if (value.getTag() == Asn1Decoder.TAG_INTEGER) {
                            keySize = (int) ((Asn1Integer) value).getValue();
                        }
                    }
                }
                if (oid.equals(OidMappings.sAlgo_EC)) {
                    if (oidValues.isEmpty()) {
                        throw new IOException("No ECC curve name provided");
                    }
                    for (Asn1Oid value : oidValues) {
                        curveName = OidMappings.getJCEName(value);
                        if (curveName != null) {
                            break;
                        }
                    }
                    if (curveName == null) {
                        throw new IOException("Found no ECC curve for " + oidValues);
                    }
                }
            }
        }
    }
    if (keyAlgoOID == null) {
        throw new IOException("No public key algorithm specified");
    }
    if (pubCrypto != null && !pubCrypto.equals(keyAlgoOID)) {
        throw new IOException("Mismatching key algorithms");
    }
    if (keyAlgoOID.equals(OidMappings.sAlgo_RSA)) {
        if (keySize < MinRSAKeySize) {
            if (keySize >= 0) {
                Log.i(TAG, "Upgrading suggested RSA key size from " + keySize + " to " + MinRSAKeySize);
            }
            keySize = MinRSAKeySize;
        }
    }
    Log.d(TAG, String.format("pub key '%s', signature '%s', ECC curve '%s', id-atts %s", keyAlgo, sigAlgo, curveName, idAttributes));
    /*
          Ruckus:
            SEQUENCE:
              OID=1.2.840.113549.1.1.11 (algo_id_sha256WithRSAEncryption)

          RFC-7030:
            SEQUENCE:
              OID=1.2.840.113549.1.9.7 (challengePassword)
              SEQUENCE:
                OID=1.2.840.10045.2.1 (algo_id_ecPublicKey)
                SET:
                  OID=1.3.132.0.34 (secp384r1)
              SEQUENCE:
                OID=1.2.840.113549.1.9.14 (extensionRequest)
                SET:
                  OID=1.3.6.1.1.1.1.22 (mac-address)
              OID=1.2.840.10045.4.3.3 (eccdaWithSHA384)

              1L, 3L, 6L, 1L, 1L, 1L, 1L, 22
         */
    // ECC Does not appear to be supported currently
    KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgo);
    if (curveName != null) {
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(keyAlgo);
        algorithmParameters.init(new ECNamedCurveGenParameterSpec(curveName));
        kpg.initialize(algorithmParameters.getParameterSpec(ECNamedCurveGenParameterSpec.class));
    } else {
        kpg.initialize(keySize);
    }
    KeyPair kp = kpg.generateKeyPair();
    X500Principal subject = new X500Principal("CN=Android, O=Google, C=US");
    mClientKey = kp.getPrivate();
    // !!! Map the idAttributes into an ASN1Set of values to pass to
    // the PKCS10CertificationRequest - this code is using outdated BC classes and
    // has *not* been tested.
    ASN1Set attributes;
    if (!idAttributes.isEmpty()) {
        ASN1EncodableVector payload = new DEREncodableVector();
        for (Map.Entry<Asn1Oid, ASN1Encodable> entry : idAttributes.entrySet()) {
            DERObjectIdentifier type = new DERObjectIdentifier(entry.getKey().toOIDString());
            ASN1Set values = new DERSet(entry.getValue());
            Attribute attribute = new Attribute(type, values);
            payload.add(attribute);
        }
        attributes = new DERSet(payload);
    } else {
        attributes = null;
    }
    return new PKCS10CertificationRequest(sigAlgo, subject, kp.getPublic(), attributes, mClientKey).getEncoded();
}
Also used : DERSet(com.android.org.bouncycastle.asn1.DERSet) ASN1Set(com.android.org.bouncycastle.asn1.ASN1Set) Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) Attribute(com.android.org.bouncycastle.asn1.x509.Attribute) DERBitString(com.android.org.bouncycastle.asn1.DERBitString) DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString) DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String) DERSet(com.android.org.bouncycastle.asn1.DERSet) DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String) Asn1Integer(com.android.hotspot2.asn1.Asn1Integer) DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString) ASN1EncodableVector(com.android.org.bouncycastle.asn1.ASN1EncodableVector) List(java.util.List) ArrayList(java.util.ArrayList) ASN1Encodable(com.android.org.bouncycastle.asn1.ASN1Encodable) PKCS10CertificationRequest(com.android.org.bouncycastle.jce.PKCS10CertificationRequest) Asn1Oid(com.android.hotspot2.asn1.Asn1Oid) KeyPair(java.security.KeyPair) ECNamedCurveGenParameterSpec(com.android.org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec) DEREncodableVector(com.android.org.bouncycastle.asn1.DEREncodableVector) DERBitString(com.android.org.bouncycastle.asn1.DERBitString) IOException(java.io.IOException) KeyPairGenerator(java.security.KeyPairGenerator) DERObjectIdentifier(com.android.org.bouncycastle.asn1.DERObjectIdentifier) Asn1Object(com.android.hotspot2.asn1.Asn1Object) OidMappings(com.android.hotspot2.asn1.OidMappings) ASN1Set(com.android.org.bouncycastle.asn1.ASN1Set) X500Principal(javax.security.auth.x500.X500Principal) Map(java.util.Map) HashMap(java.util.HashMap) AlgorithmParameters(java.security.AlgorithmParameters)

Example 48 with DERObjectIdentifier

use of org.bouncycastle.asn1.DERObjectIdentifier in project robovm by robovm.

the class CertPathValidatorUtilities method processCertD1ii.

protected static void processCertD1ii(int index, List[] policyNodes, DERObjectIdentifier _poid, Set _pq) {
    List policyNodeVec = policyNodes[index - 1];
    for (int j = 0; j < policyNodeVec.size(); j++) {
        PKIXPolicyNode _node = (PKIXPolicyNode) policyNodeVec.get(j);
        if (ANY_POLICY.equals(_node.getValidPolicy())) {
            Set _childExpectedPolicies = new HashSet();
            _childExpectedPolicies.add(_poid.getId());
            PKIXPolicyNode _child = new PKIXPolicyNode(new ArrayList(), index, _childExpectedPolicies, _node, _pq, _poid.getId(), false);
            _node.addChild(_child);
            policyNodes[index].add(_child);
            return;
        }
    }
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) ArrayList(java.util.ArrayList) List(java.util.List) ArrayList(java.util.ArrayList) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) HashSet(java.util.HashSet)

Example 49 with DERObjectIdentifier

use of org.bouncycastle.asn1.DERObjectIdentifier in project robovm by robovm.

the class RFC3280CertPathUtilities method prepareNextCertA.

protected static void prepareNextCertA(CertPath certPath, int index) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    //
    //
    // (a) check the policy mappings
    //
    ASN1Sequence pm = null;
    try {
        pm = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_MAPPINGS));
    } catch (AnnotatedException ex) {
        throw new ExtCertPathValidatorException("Policy mappings extension could not be decoded.", ex, certPath, index);
    }
    if (pm != null) {
        ASN1Sequence mappings = pm;
        for (int j = 0; j < mappings.size(); j++) {
            DERObjectIdentifier issuerDomainPolicy = null;
            DERObjectIdentifier subjectDomainPolicy = null;
            try {
                ASN1Sequence mapping = DERSequence.getInstance(mappings.getObjectAt(j));
                issuerDomainPolicy = DERObjectIdentifier.getInstance(mapping.getObjectAt(0));
                subjectDomainPolicy = DERObjectIdentifier.getInstance(mapping.getObjectAt(1));
            } catch (Exception e) {
                throw new ExtCertPathValidatorException("Policy mappings extension contents could not be decoded.", e, certPath, index);
            }
            if (RFC3280CertPathUtilities.ANY_POLICY.equals(issuerDomainPolicy.getId())) {
                throw new CertPathValidatorException("IssuerDomainPolicy is anyPolicy", null, certPath, index);
            }
            if (RFC3280CertPathUtilities.ANY_POLICY.equals(subjectDomainPolicy.getId())) {
                throw new CertPathValidatorException("SubjectDomainPolicy is anyPolicy,", null, certPath, index);
            }
        }
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) List(java.util.List) ArrayList(java.util.ArrayList) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) X509Certificate(java.security.cert.X509Certificate) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CertificateExpiredException(java.security.cert.CertificateExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException)

Example 50 with DERObjectIdentifier

use of org.bouncycastle.asn1.DERObjectIdentifier in project robovm by robovm.

the class JCEECPrivateKey method getEncoded.

/**
     * Return a PKCS8 representation of the key. The sequence returned
     * represents a full PrivateKeyInfo object.
     *
     * @return a PKCS8 representation of the key.
     */
public byte[] getEncoded() {
    X962Parameters params;
    if (ecSpec instanceof ECNamedCurveSpec) {
        DERObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec) ecSpec).getName());
        if (// guess it's the OID
        curveOid == null) {
            curveOid = new DERObjectIdentifier(((ECNamedCurveSpec) ecSpec).getName());
        }
        params = new X962Parameters(curveOid);
    } else if (ecSpec == null) {
        params = new X962Parameters(DERNull.INSTANCE);
    } else {
        ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
        X9ECParameters ecP = new X9ECParameters(curve, EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), ecSpec.getOrder(), BigInteger.valueOf(ecSpec.getCofactor()), ecSpec.getCurve().getSeed());
        params = new X962Parameters(ecP);
    }
    PrivateKeyInfo info;
    ECPrivateKeyStructure keyStructure;
    if (publicKey != null) {
        keyStructure = new ECPrivateKeyStructure(this.getS(), publicKey, params);
    } else {
        keyStructure = new ECPrivateKeyStructure(this.getS(), params);
    }
    try {
        // BEGIN android-removed
        // if (algorithm.equals("ECGOST3410"))
        // {
        //     info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive());
        // }
        // else
        // END android-removed
        {
            info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive());
        }
        return info.getEncoded(ASN1Encoding.DER);
    } catch (IOException e) {
        return null;
    }
}
Also used : X962Parameters(org.bouncycastle.asn1.x9.X962Parameters) X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters) ECCurve(org.bouncycastle.math.ec.ECCurve) ECPrivateKeyStructure(org.bouncycastle.asn1.sec.ECPrivateKeyStructure) IOException(java.io.IOException) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) ECNamedCurveSpec(org.bouncycastle.jce.spec.ECNamedCurveSpec) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Aggregations

DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)43 IOException (java.io.IOException)22 ArrayList (java.util.ArrayList)22 HashSet (java.util.HashSet)21 List (java.util.List)21 Set (java.util.Set)21 Enumeration (java.util.Enumeration)18 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)16 X509Certificate (java.security.cert.X509Certificate)13 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)11 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)11 DEREncodable (org.bouncycastle.asn1.DEREncodable)10 DERObject (org.bouncycastle.asn1.DERObject)10 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)9 Iterator (java.util.Iterator)8 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)8 X962Parameters (org.bouncycastle.asn1.x9.X962Parameters)8 X9ECParameters (org.bouncycastle.asn1.x9.X9ECParameters)8 HashMap (java.util.HashMap)7 Map (java.util.Map)7