Example 41 with Attribute
use of org.bouncycastle.asn1.cms.Attribute in project nhin-d by DirectProject.
the class SMIMECryptographerImpl method logDigests.
protected void logDigests(SignerInformation sigInfo) {
// will fail
if (this.m_logDigest && sigInfo != null) {
try {
//get the digests
final Attribute digAttr = sigInfo.getSignedAttributes().get(CMSAttributes.messageDigest);
final DERObject hashObj = digAttr.getAttrValues().getObjectAt(0).getDERObject();
final byte[] signedDigest = ((ASN1OctetString) hashObj).getOctets();
final String signedDigestHex = org.apache.commons.codec.binary.Hex.encodeHexString(signedDigest);
LOGGER.info("Signed Message Digest: " + signedDigestHex);
// should have the computed digest now
final byte[] digest = sigInfo.getContentDigest();
final String digestHex = org.apache.commons.codec.binary.Hex.encodeHexString(digest);
LOGGER.info("Computed Message Digest: " + digestHex);
} catch (Throwable t) {
/* no-op.... logging digests is a quiet operation */
}
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERObject(org.bouncycastle.asn1.DERObject)
Attribute(org.bouncycastle.asn1.cms.Attribute)
SMIMECapabilitiesAttribute(org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
Example 42 with Attribute
use of org.bouncycastle.asn1.cms.Attribute in project nhin-d by DirectProject.
the class PKCS11Commands method createCSR.
@Command(name = "CreateCSR", usage = CREATE_CSR)
public void createCSR(String[] args) {
final String alias = StringArrayUtil.getRequiredValue(args, 0);
final String commonName = StringArrayUtil.getRequiredValue(args, 1);
final String subjectAltName = StringArrayUtil.getRequiredValue(args, 2);
final String keyUsage = StringArrayUtil.getRequiredValue(args, 3);
// make sure we have a valid keyUsage
if (!(keyUsage.compareToIgnoreCase("DigitalSignature") == 0 || keyUsage.compareToIgnoreCase("KeyEncipherment") == 0 || keyUsage.compareToIgnoreCase("DualUse") == 0)) {
System.out.println("Invalid key usage.");
return;
}
final Vector<String> additionalRDNFields = new Vector<String>();
int cnt = 4;
String rdnField;
do {
rdnField = StringArrayUtil.getOptionalValue(args, cnt++, "");
if (!StringUtils.isEmpty(rdnField))
additionalRDNFields.add(rdnField);
} while (!StringUtils.isEmpty(rdnField));
try {
final KeyStore ks = mgr.getKS();
if (!ks.containsAlias(alias)) {
System.out.println("Entry with key name " + alias + " does not exist.");
return;
}
final X509Certificate storedCert = (X509Certificate) ks.getCertificate(alias);
if (storedCert == null) {
System.out.println("Key name " + alias + " does not contain a certificate that can be exported. This key may not be an RSA key pair.");
return;
}
final PrivateKey privKey = (PrivateKey) ks.getKey(alias, "".toCharArray());
if (privKey == null) {
System.out.println("Failed to object private key. This key may not be an RSA key pair.");
return;
}
// create the CSR
// create the extensions that we want
final X509ExtensionsGenerator extsGen = new X509ExtensionsGenerator();
// Key Usage
int usage;
if (keyUsage.compareToIgnoreCase("KeyEncipherment") == 0)
usage = KeyUsage.keyEncipherment;
else if (keyUsage.compareToIgnoreCase("DigitalSignature") == 0)
usage = KeyUsage.digitalSignature;
else
usage = KeyUsage.keyEncipherment | KeyUsage.digitalSignature;
extsGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(usage));
// Subject Alt Name
int nameType = subjectAltName.contains("@") ? GeneralName.rfc822Name : GeneralName.dNSName;
final GeneralNames altName = new GeneralNames(new GeneralName(nameType, subjectAltName));
extsGen.addExtension(X509Extensions.SubjectAlternativeName, false, altName);
// Extended Key Usage
final Vector<KeyPurposeId> purposes = new Vector<KeyPurposeId>();
purposes.add(KeyPurposeId.id_kp_emailProtection);
extsGen.addExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(purposes));
// Basic constraint
final BasicConstraints bc = new BasicConstraints(false);
extsGen.addExtension(X509Extensions.BasicConstraints, true, bc);
// create the extension requests
final X509Extensions exts = extsGen.generate();
final ASN1EncodableVector attributes = new ASN1EncodableVector();
final Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new DERSet(exts.toASN1Object()));
attributes.add(attribute);
final DERSet requestedAttributes = new DERSet(attributes);
// create the DN
final StringBuilder dnBuilder = new StringBuilder("CN=").append(commonName);
for (String field : additionalRDNFields) dnBuilder.append(",").append(field);
final X500Principal subjectPrin = new X500Principal(dnBuilder.toString());
final X509Principal xName = new X509Principal(true, subjectPrin.getName());
// create the CSR
final PKCS10CertificationRequest request = new PKCS10CertificationRequest("SHA256WITHRSA", xName, storedCert.getPublicKey(), requestedAttributes, privKey, ks.getProvider().getName());
final byte[] encodedCSR = request.getEncoded();
final String csrString = "-----BEGIN CERTIFICATE REQUEST-----\r\n" + Base64.encodeBase64String(encodedCSR) + "-----END CERTIFICATE REQUEST-----";
final File csrFile = new File(alias + "-CSR.pem");
FileUtils.writeStringToFile(csrFile, csrString);
System.out.println("CSR written to " + csrFile.getAbsolutePath());
} catch (Exception e) {
e.printStackTrace();
System.err.println("Failed to create CSR : " + e.getMessage());
}
}
Also used :
PrivateKey(java.security.PrivateKey)
Attribute(org.bouncycastle.asn1.x509.Attribute)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
X509Extensions(org.bouncycastle.asn1.x509.X509Extensions)
DERSet(org.bouncycastle.asn1.DERSet)
X509Principal(org.bouncycastle.jce.X509Principal)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
X509ExtensionsGenerator(org.bouncycastle.asn1.x509.X509ExtensionsGenerator)
Vector(java.util.Vector)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
PKCS10CertificationRequest(org.bouncycastle.jce.PKCS10CertificationRequest)
KeyPurposeId(org.bouncycastle.asn1.x509.KeyPurposeId)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
X500Principal(javax.security.auth.x500.X500Principal)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
File(java.io.File)
Command(org.nhindirect.common.tooling.Command)
Example 43 with Attribute
use of org.bouncycastle.asn1.cms.Attribute in project nhin-d by DirectProject.
the class SigTest method testCreateVerifySig.
public void testCreateVerifySig() throws Exception {
X509CertificateEx internalCert = TestUtils.getInternalCert("user1");
X509Certificate caCert = TestUtils.getExternalCert("cacert");
String testMessage = TestUtils.readResource("MultipartMimeMessage.txt");
MimeMessage entity = EntitySerializer.Default.deserialize(testMessage);
Message message = new Message(entity);
MimeEntity entityToSig = message.extractEntityForSignature(true);
// Serialize message out as ASCII encoded...
byte[] messageBytes = EntitySerializer.Default.serializeToBytes(entityToSig);
MimeBodyPart partToSign = null;
try {
partToSign = new MimeBodyPart(new ByteArrayInputStream(messageBytes));
} catch (Exception e) {
}
SMIMESignedGenerator gen = new SMIMESignedGenerator();
ASN1EncodableVector signedAttrs = new ASN1EncodableVector();
SMIMECapabilityVector caps = new SMIMECapabilityVector();
caps.addCapability(SMIMECapability.dES_EDE3_CBC);
caps.addCapability(SMIMECapability.rC2_CBC, 128);
caps.addCapability(SMIMECapability.dES_CBC);
caps.addCapability(new DERObjectIdentifier("1.2.840.113549.1.7.1"));
caps.addCapability(PKCSObjectIdentifiers.x509Certificate);
signedAttrs.add(new SMIMECapabilitiesAttribute(caps));
List certList = new ArrayList();
gen.addSigner(internalCert.getPrivateKey(), internalCert, SMIMESignedGenerator.DIGEST_SHA1, new AttributeTable(signedAttrs), null);
//SMIMESignedGenerator.DIGEST_SHA1, null, null);
certList.add(internalCert);
MimeMultipart retVal = null;
CertStore certsAndcrls = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), CryptoExtensions.getJCEProviderName());
gen.addCertificatesAndCRLs(certsAndcrls);
_certStores.add(certsAndcrls);
_signers.add(new Signer(internalCert.getPrivateKey(), internalCert, SMIMESignedGenerator.DIGEST_SHA1, new AttributeTable(signedAttrs), null));
retVal = generate(partToSign, CryptoExtensions.getJCEProviderName());
for (int i = 0; i < 10; ++i) {
ByteArrayOutputStream oStream = new ByteArrayOutputStream();
retVal.writeTo(oStream);
oStream.flush();
byte[] serialzedBytes = oStream.toByteArray();
//System.out.println(new String(serialzedBytes, "ASCII") + "\r\n\r\n\r\n\r\n\r\n");
ByteArrayDataSource dataSource = new ByteArrayDataSource(serialzedBytes, retVal.getContentType());
MimeMultipart verifyMM = new MimeMultipart(dataSource);
CMSSignedData signed = null;
//CMSSignedData signeddata = new CMSSignedData(new CMSProcessableBodyPartInbound(verifyMM.getBodyPart(0)), verifyMM.getBodyPart(1).getInputStream());
CMSSignedData signeddata = new CMSSignedData(new CMSProcessableBodyPartInbound(partToSign), verifyMM.getBodyPart(1).getInputStream());
int verified = 0;
CertStore certs = signeddata.getCertificatesAndCRLs("Collection", CryptoExtensions.getJCEProviderName());
SignerInformationStore signers = signeddata.getSignerInfos();
Collection c = signers.getSigners();
Iterator it = c.iterator();
while (it.hasNext()) {
SignerInformation signer = (SignerInformation) it.next();
Collection certCollection = certs.getCertificates(signer.getSID());
Attribute dig = signer.getSignedAttributes().get(CMSAttributes.messageDigest);
DERObject hashObj = dig.getAttrValues().getObjectAt(0).getDERObject();
byte[] signedHash = ((ASN1OctetString) hashObj).getOctets();
System.out.print("value of signedHash: \r\n\tvalue: ");
for (byte bt : signedHash) {
System.out.print(bt + " ");
}
System.out.println();
Iterator certIt = certCollection.iterator();
try {
assertTrue(signer.verify(internalCert, CryptoExtensions.getJCEProviderName()));
} catch (Exception e) {
e.printStackTrace();
}
byte[] bytes = signer.getContentDigest();
/*
X509Certificate cert = (X509Certificate)certIt.next();
if (signer.verify(cert.getPublicKey()))
{
verified++;
}
*/
verified++;
}
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
CMSProcessableBodyPartInbound(org.bouncycastle.mail.smime.CMSProcessableBodyPartInbound)
Message(org.nhindirect.stagent.mail.Message)
MimeMessage(javax.mail.internet.MimeMessage)
Attribute(org.bouncycastle.asn1.cms.Attribute)
SMIMECapabilitiesAttribute(org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute)
ArrayList(java.util.ArrayList)
AttributeTable(org.bouncycastle.asn1.cms.AttributeTable)
SMIMESignedGenerator(org.bouncycastle.mail.smime.SMIMESignedGenerator)
SignerInformation(org.bouncycastle.cms.SignerInformation)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters)
DERObject(org.bouncycastle.asn1.DERObject)
MimeMessage(javax.mail.internet.MimeMessage)
SMIMECapabilityVector(org.bouncycastle.asn1.smime.SMIMECapabilityVector)
MimeMultipart(javax.mail.internet.MimeMultipart)
SignerInformationStore(org.bouncycastle.cms.SignerInformationStore)
Iterator(java.util.Iterator)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
List(java.util.List)
ArrayList(java.util.ArrayList)
SMIMECapabilitiesAttribute(org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute)
ByteArrayDataSource(javax.mail.util.ByteArrayDataSource)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
X509Certificate(java.security.cert.X509Certificate)
MessagingException(javax.mail.MessagingException)
CertStoreException(java.security.cert.CertStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
CMSException(org.bouncycastle.cms.CMSException)
IOException(java.io.IOException)
SMIMEException(org.bouncycastle.mail.smime.SMIMEException)
NoSuchProviderException(java.security.NoSuchProviderException)
X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx)
ByteArrayInputStream(java.io.ByteArrayInputStream)
MimeEntity(org.nhindirect.stagent.mail.MimeEntity)
Collection(java.util.Collection)
MimeBodyPart(javax.mail.internet.MimeBodyPart)
CertStore(java.security.cert.CertStore)
Example 44 with Attribute
use of org.bouncycastle.asn1.cms.Attribute in project nhin-d by DirectProject.
the class DefaultMessageSignatureImpl method logDigests.
private void logDigests(SignerInformation sigInfo) {
// will fail
if (this.m_logDigest && sigInfo != null) {
try {
//get the digests
final Attribute digAttr = sigInfo.getSignedAttributes().get(CMSAttributes.messageDigest);
final DERObject hashObj = digAttr.getAttrValues().getObjectAt(0).getDERObject();
final byte[] signedDigest = ((ASN1OctetString) hashObj).getOctets();
final String signedDigestHex = org.apache.commons.codec.binary.Hex.encodeHexString(signedDigest);
LOGGER.info("Signed Message Digest: " + signedDigestHex);
// should have the computed digest now
final byte[] digest = sigInfo.getContentDigest();
final String digestHex = org.apache.commons.codec.binary.Hex.encodeHexString(digest);
LOGGER.info("Computed Message Digest: " + digestHex);
} catch (Throwable t) {
/* no-op.... logging digests is a quiet operation */
}
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERObject(org.bouncycastle.asn1.DERObject)
Attribute(org.bouncycastle.asn1.cms.Attribute)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
Example 45 with Attribute
use of org.bouncycastle.asn1.cms.Attribute in project nhin-d by DirectProject.
the class IssuerAttributeField method injectReferenceValue.
/**
* {@inheritDoc}
*/
@Override
public void injectReferenceValue(X509Certificate value) throws PolicyProcessException {
this.certificate = value;
if (rdnAttributeId.equals(RDNAttributeIdentifier.DISTINGUISHED_NAME)) {
final Collection<String> str = Arrays.asList(certificate.getIssuerX500Principal().getName(X500Principal.RFC2253));
this.policyValue = PolicyValueFactory.getInstance(str);
return;
}
DERObject tbsValue = null;
try {
tbsValue = this.getDERObject(certificate.getTBSCertificate());
}///CLOVER:OFF
catch (Exception e) {
throw new PolicyProcessException("Exception parsing TBS certificate fields.", e);
}
///CLOVER:ON
final TBSCertificateStructure tbsStruct = TBSCertificateStructure.getInstance(tbsValue);
final X509Name x509Name = getX509Name(tbsStruct);
@SuppressWarnings("unchecked") final Vector<String> values = x509Name.getValues(new DERObjectIdentifier(getRDNAttributeFieldId().getId()));
if (values.isEmpty() && this.isRequired())
throw new PolicyRequiredException(getFieldName() + " field attribute " + rdnAttributeId.getName() + " is marked as required but is not present.");
final Collection<String> retVal = values;
this.policyValue = PolicyValueFactory.getInstance(retVal);
}
Also used :
PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException)
DERObject(org.bouncycastle.asn1.DERObject)
X509Name(org.bouncycastle.asn1.x509.X509Name)
TBSCertificateStructure(org.bouncycastle.asn1.x509.TBSCertificateStructure)
DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)
PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException)
PolicyProcessException(org.nhindirect.policy.PolicyProcessException)
PolicyProcessException(org.nhindirect.policy.PolicyProcessException)
Aggregations
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)18
IOException (java.io.IOException)15
List (java.util.List)11
ArrayList (java.util.ArrayList)10
Attribute (org.bouncycastle.asn1.cms.Attribute)10
DERSequence (org.bouncycastle.asn1.DERSequence)9
X509Certificate (java.security.cert.X509Certificate)8
Iterator (java.util.Iterator)8
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)8
DERObject (org.bouncycastle.asn1.DERObject)8
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)6
ASN1Set (org.bouncycastle.asn1.ASN1Set)6
AttributeTable (org.bouncycastle.asn1.cms.AttributeTable)6
Enumeration (java.util.Enumeration)5
X500Principal (javax.security.auth.x500.X500Principal)5
DEROctetString (org.bouncycastle.asn1.DEROctetString)5
Vector (java.util.Vector)4
Attribute (org.bouncycastle.asn1.x509.Attribute)4
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)4
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)4
