use of org.bouncycastle.asn1.DERTaggedObject in project candlepin by candlepin.
the class X509CRLStreamWriter method updateExtensions.
/**
* This method updates the crlNumber and authorityKeyIdentifier extensions. Any
* other extensions are copied over unchanged.
* @param obj
* @return
* @throws IOException
*/
@SuppressWarnings("rawtypes")
protected byte[] updateExtensions(byte[] obj) throws IOException {
ASN1TaggedObject taggedExts = (ASN1TaggedObject) new ASN1InputStream(obj).readObject();
ASN1Sequence seq = (ASN1Sequence) taggedExts.getObject();
ASN1EncodableVector modifiedExts = new ASN1EncodableVector();
// Now we need to read the extensions and find the CRL number and increment it,
// and determine if its length changed.
Enumeration objs = seq.getObjects();
while (objs.hasMoreElements()) {
ASN1Sequence ext = (ASN1Sequence) objs.nextElement();
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) ext.getObjectAt(0);
if (Extension.cRLNumber.equals(oid)) {
ASN1OctetString s = (ASN1OctetString) ext.getObjectAt(1);
ASN1Integer i = (ASN1Integer) new ASN1InputStream(s.getOctets()).readObject();
ASN1Integer newCrlNumber = new ASN1Integer(i.getValue().add(BigInteger.ONE));
Extension newNumberExt = new Extension(Extension.cRLNumber, false, new DEROctetString(newCrlNumber.getEncoded()));
ASN1EncodableVector crlNumber = new ASN1EncodableVector();
crlNumber.add(Extension.cRLNumber);
crlNumber.add(newNumberExt.getExtnValue());
modifiedExts.add(new DERSequence(crlNumber));
} else if (Extension.authorityKeyIdentifier.equals(oid)) {
Extension newAuthorityKeyExt = new Extension(Extension.authorityKeyIdentifier, false, aki.getEncoded());
ASN1EncodableVector aki = new ASN1EncodableVector();
aki.add(Extension.authorityKeyIdentifier);
aki.add(newAuthorityKeyExt.getExtnValue());
modifiedExts.add(new DERSequence(aki));
} else {
modifiedExts.add(ext);
}
}
ASN1Sequence seqOut = new DERSequence(modifiedExts);
ASN1TaggedObject out = new DERTaggedObject(true, 0, seqOut);
return out.getEncoded();
}
use of org.bouncycastle.asn1.DERTaggedObject in project candlepin by candlepin.
the class X509CRLStreamWriter method readAndReplaceTime.
/**
* Replace a time in the ASN1 with the current time.
*
* @param out
* @param tagNo
* @return the time that was replaced
* @throws IOException
*/
protected Date readAndReplaceTime(OutputStream out, int tagNo) throws IOException {
int originalLength = readLength(crlIn, null);
byte[] oldBytes = new byte[originalLength];
readFullyAndTrack(crlIn, oldBytes, null);
ASN1Object oldTime;
ASN1Object newTime;
if (tagNo == UTC_TIME) {
ASN1TaggedObject t = new DERTaggedObject(UTC_TIME, new DEROctetString(oldBytes));
oldTime = ASN1UTCTime.getInstance(t, false);
newTime = new DERUTCTime(new Date());
} else {
ASN1TaggedObject t = new DERTaggedObject(GENERALIZED_TIME, new DEROctetString(oldBytes));
oldTime = ASN1GeneralizedTime.getInstance(t, false);
newTime = new DERGeneralizedTime(new Date());
}
writeNewTime(out, newTime, originalLength);
return Time.getInstance(oldTime).getDate();
}
use of org.bouncycastle.asn1.DERTaggedObject in project keystore-explorer by kaikramer.
the class EccUtilTest method convertToECPrivateKeyStructure.
@ParameterizedTest
@ValueSource(strings = { // SEC curves
"secp112r1", "secp112r2", "secp128r1", "secp128r2", "secp160k1", "secp160r1", "secp160r2", "secp192k1", /* "secp192r1", = prime192v1 */
"secp224k1", "secp224r1", "secp256k1", /* "secp256r1", = prime256v1 */
"secp384r1", "secp521r1", "sect113r1", "sect113r2", "sect131r1", "sect131r2", "sect163k1", "sect163r1", "sect163r2", "sect193r1", "sect193r2", "sect233k1", "sect233r1", "sect239k1", "sect283k1", "sect283r1", "sect409k1", "sect409r1", "sect571k1", "sect571r1", // ANSI X9.62 curves
"prime192v1", "prime192v2", "prime192v3", "prime239v1", "prime239v2", "prime239v3", "prime256v1", "c2pnb163v1", "c2pnb163v2", "c2pnb163v3", "c2pnb176w1", "c2tnb191v1", "c2tnb191v2", "c2tnb191v3", "c2tnb239v1", "c2tnb239v2", "c2tnb239v3", "c2tnb359v1", "c2tnb431r1", "c2pnb208w1", "c2pnb272w1", "c2pnb304w1", "c2pnb368w1", // Brainpool curves
"brainpoolP160r1", "brainpoolP160t1", "brainpoolP192r1", "brainpoolP192t1", "brainpoolP224r1", "brainpoolP224t1", "brainpoolP256r1", "brainpoolP256t1", "brainpoolP320r1", "brainpoolP320t1", "brainpoolP384r1", "brainpoolP384t1", "brainpoolP512r1", "brainpoolP512t1" // NIST curves are a subset of SEC curves (not explicitly tested here)
})
public void convertToECPrivateKeyStructure(String curveName) throws Exception {
KeyPair keyPair = KeyPairUtil.generateECKeyPair(curveName, BC);
ECPrivateKey ecPrivateKey = (ECPrivateKey) keyPair.getPrivate();
byte[] encoded = EccUtil.convertToECPrivateKeyStructure(ecPrivateKey).toASN1Primitive().getEncoded();
// verify ASN.1 structure "ECPrivateKey" from RFC 5915:
//
// ECPrivateKey ::= SEQUENCE {
// version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
// privateKey OCTET STRING,
// parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
// publicKey [1] BIT STRING OPTIONAL
// }
//
// ECParameters ::= CHOICE {
// namedCurve OBJECT IDENTIFIER
// -- implicitCurve NULL
// -- specifiedCurve SpecifiedECDomain
// }
// RFC 5480:
// -- implicitCurve and specifiedCurve MUST NOT be used in PKIX.
ASN1Sequence sequence = ASN1Sequence.getInstance(encoded);
// check version of data structure
BigInteger version = ((ASN1Integer) sequence.getObjectAt(0)).getValue();
assertThat(version).isEqualTo(BigInteger.ONE);
// next is an octet string with the key
assertThat(sequence.getObjectAt(1)).isInstanceOf(ASN1OctetString.class);
// check for existence of (optional) EC parameters
ASN1Encodable tagged0 = sequence.getObjectAt(2);
DERTaggedObject derTaggedObject = (DERTaggedObject) tagged0;
assertThat(derTaggedObject.getTagNo()).isEqualTo(0);
// check that EC parameters contain the right curve name
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) derTaggedObject.getObject();
String resolvedCurveName = ObjectIdUtil.toString(oid);
assertThat(resolvedCurveName).containsIgnoringCase(curveName);
}
use of org.bouncycastle.asn1.DERTaggedObject in project pdfbox by apache.
the class CertInformationHelper method getCrlUrlFromExtensionValue.
/**
* Gets the first CRL Url from given extension value. Structure has to be build as in 4.2.1.14
* CRL Distribution Points of RFC 2459.
*
* @param extensionValue to get the extension value from
* @return first CRL- URL or null
* @throws IOException when there is a problem with the extensionValue
*/
protected static String getCrlUrlFromExtensionValue(byte[] extensionValue) throws IOException {
ASN1Sequence asn1Seq = (ASN1Sequence) X509ExtensionUtil.fromExtensionValue(extensionValue);
Enumeration<?> objects = asn1Seq.getObjects();
while (objects.hasMoreElements()) {
DLSequence obj = (DLSequence) objects.nextElement();
DERTaggedObject derTagged = (DERTaggedObject) obj.getObjectAt(0);
derTagged = (DERTaggedObject) derTagged.getObject();
derTagged = (DERTaggedObject) derTagged.getObject();
DEROctetString uri = (DEROctetString) derTagged.getObject();
String url = new String(uri.getOctets());
// return first http(s)-Url for crl
if (url.startsWith("http")) {
return url;
}
}
return null;
}
use of org.bouncycastle.asn1.DERTaggedObject in project keepass2android by PhilippC.
the class SignedData method toASN1Object.
/**
* Produce an object suitable for an ASN1OutputStream.
* <pre>
* SignedData ::= SEQUENCE {
* version Version,
* digestAlgorithms DigestAlgorithmIdentifiers,
* contentInfo ContentInfo,
* certificates
* [0] IMPLICIT ExtendedCertificatesAndCertificates
* OPTIONAL,
* crls
* [1] IMPLICIT CertificateRevocationLists OPTIONAL,
* signerInfos SignerInfos }
* </pre>
*/
public DERObject toASN1Object() {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(version);
v.add(digestAlgorithms);
v.add(contentInfo);
if (certificates != null) {
v.add(new DERTaggedObject(false, 0, certificates));
}
if (crls != null) {
v.add(new DERTaggedObject(false, 1, crls));
}
v.add(signerInfos);
return new BERSequence(v);
}
Aggregations