Example 51 with Attributes
use of org.bouncycastle.asn1.cms.Attributes in project signer by demoiselle.
the class DemoiselleSignedAttributeTableGenerator method createStandardAttributeTable.
/**
* Create a standard attribute table from the passed in parameters - this will
* normally include contentType, signingTime, and messageDigest. If the constructor
* using an AttributeTable was used, entries in it for contentType, signingTime, and
* messageDigest will override the generated ones.
*
* @param parameters source parameters for table generation.
*
* @return a filled in Hashtable of attributes.
*/
protected Hashtable createStandardAttributeTable(Map parameters) {
Hashtable std = copyHashTable(table);
if (!std.containsKey(CMSAttributes.contentType)) {
ASN1ObjectIdentifier contentType = ASN1ObjectIdentifier.getInstance(parameters.get(CMSAttributeTableGenerator.CONTENT_TYPE));
// contentType will be null if we're trying to generate a counter signature.
if (contentType != null) {
Attribute attr = new Attribute(CMSAttributes.contentType, new DERSet(contentType));
std.put(attr.getAttrType(), attr);
}
}
if (!std.containsKey(CMSAttributes.messageDigest)) {
byte[] messageDigest = (byte[]) parameters.get(CMSAttributeTableGenerator.DIGEST);
Attribute attr = new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(messageDigest)));
std.put(attr.getAttrType(), attr);
}
return std;
}
Also used :
Attribute(org.bouncycastle.asn1.cms.Attribute)
Hashtable(java.util.Hashtable)
DERSet(org.bouncycastle.asn1.DERSet)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Example 52 with Attributes
use of org.bouncycastle.asn1.cms.Attributes in project keystore-explorer by kaikramer.
the class TimeStampingClient method getTimeStampToken.
/**
* Get RFC 3161 timeStampToken.
*
* @param tsaUrl Location of TSA
* @param data The data to be time-stamped
* @param hashAlg The algorithm used for generating a hash value of the data to be time-stamped
* @return encoded, TSA signed data of the timeStampToken
* @throws IOException
*/
public static byte[] getTimeStampToken(String tsaUrl, byte[] data, DigestType hashAlg) throws IOException {
TimeStampResponse response = null;
try {
// calculate hash value
MessageDigest digest = MessageDigest.getInstance(hashAlg.jce());
byte[] hashValue = digest.digest(data);
// Setup the time stamp request
TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator();
tsqGenerator.setCertReq(true);
BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
TimeStampRequest request = tsqGenerator.generate(new ASN1ObjectIdentifier(hashAlg.oid()), hashValue, nonce);
byte[] requestBytes = request.getEncoded();
// send http request
byte[] respBytes = queryServer(tsaUrl, requestBytes);
// process response
response = new TimeStampResponse(respBytes);
// validate communication level attributes (RFC 3161 PKIStatus)
response.validate(request);
PKIFailureInfo failure = response.getFailInfo();
int value = failure == null ? 0 : failure.intValue();
if (value != 0) {
throw new IOException("Server returned error code: " + String.valueOf(value));
}
} catch (NoSuchAlgorithmException e) {
throw new IOException(e);
} catch (TSPException e) {
throw new IOException(e);
}
// extract the time stamp token
TimeStampToken tsToken = response.getTimeStampToken();
if (tsToken == null) {
throw new IOException("TSA returned no time stamp token: " + response.getStatusString());
}
return tsToken.getEncoded();
}
Also used :
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
TimeStampRequest(org.bouncycastle.tsp.TimeStampRequest)
PKIFailureInfo(org.bouncycastle.asn1.cmp.PKIFailureInfo)
TimeStampResponse(org.bouncycastle.tsp.TimeStampResponse)
BigInteger(java.math.BigInteger)
TimeStampRequestGenerator(org.bouncycastle.tsp.TimeStampRequestGenerator)
TSPException(org.bouncycastle.tsp.TSPException)
MessageDigest(java.security.MessageDigest)
TimeStampToken(org.bouncycastle.tsp.TimeStampToken)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 53 with Attributes
use of org.bouncycastle.asn1.cms.Attributes in project keystore-explorer by kaikramer.
the class OpenSslPvkUtil method loadEncrypted.
/**
* Load an encrypted OpenSSL private key from the specified stream. The
* encoding of the private key will be PEM.
*
* @param is
* Stream load the encrypted private key from
* @param password
* Password to decrypt
* @return The private key
* @throws PrivateKeyUnencryptedException
* If private key is unencrypted
* @throws PrivateKeyPbeNotSupportedException
* If private key PBE algorithm is not supported
* @throws CryptoException
* Problem encountered while loading the private key
* @throws IOException
* An I/O error occurred
*/
public static PrivateKey loadEncrypted(InputStream is, Password password) throws CryptoException, IOException {
byte[] streamContents = ReadUtil.readFully(is);
EncryptionType encType = getEncryptionType(new ByteArrayInputStream(streamContents));
if (encType == null) {
throw new CryptoException(res.getString("NotValidOpenSsl.exception.message"));
}
if (encType == UNENCRYPTED) {
throw new PrivateKeyUnencryptedException(res.getString("OpenSslIsUnencrypted.exception.message"));
}
// OpenSSL must be encrypted and therefore must be PEM
PemInfo pemInfo = PemUtil.decode(new ByteArrayInputStream(streamContents));
byte[] encKey = pemInfo.getContent();
PemAttributes attributes = pemInfo.getAttributes();
String dekInfo = attributes.get(DEK_INFO_ATTR_NAME).getValue();
// Split DEK-Info into encryption pbe algorithm and salt
int separator = dekInfo.indexOf(',');
if (separator == -1) {
throw new CryptoException(MessageFormat.format("OpenSslDekInfoMalformed.exception.message", dekInfo));
}
String encAlg = dekInfo.substring(0, separator);
String salt = dekInfo.substring(separator + 1);
byte[] saltBytes = hexToBytes(salt);
OpenSslPbeType pbeType = OpenSslPbeType.resolveDekInfo(encAlg);
if (pbeType == null) {
throw new PrivateKeyPbeNotSupportedException(encAlg, MessageFormat.format(res.getString("PrivateKeyWrappingAlgUnsupported.exception.message"), encAlg));
}
try {
byte[] decryptKey = deriveKeyFromPassword(password, saltBytes, pbeType.keySize());
// Create cipher - use all of the salt as the IV
Cipher cipher = createCipher(pbeType.jceCipher(), decryptKey, saltBytes, DECRYPT_MODE);
byte[] key = cipher.doFinal(encKey);
return load(new ByteArrayInputStream(key));
} catch (GeneralSecurityException ex) {
throw new CryptoException(MessageFormat.format("OpenSslDecryptionFailed.exception.message", pbeType.friendly()), ex);
}
}
Also used :
GeneralSecurityException(java.security.GeneralSecurityException)
PemInfo(org.kse.utilities.pem.PemInfo)
PemAttributes(org.kse.utilities.pem.PemAttributes)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Cipher(javax.crypto.Cipher)
CryptoException(org.kse.crypto.CryptoException)
Example 54 with Attributes
use of org.bouncycastle.asn1.cms.Attributes in project keystore-explorer by kaikramer.
the class JarSigner method getManifestEntriesAttrs.
/*
* Get all entries' attributes of JAR manifest as a string
*/
private static String getManifestEntriesAttrs(JarFile jar) throws IOException {
StringBuilder sbManifest = new StringBuilder();
// Get current manifest
Manifest manifest = jar.getManifest();
// Write out entry attributes to manifest
if (manifest != null) {
// Get entry attributes
Map<String, Attributes> entries = manifest.getEntries();
boolean firstEntry = true;
// For each entry...
for (String entryName : entries.keySet()) {
// Get entry's attributes
Attributes entryAttrs = entries.get(entryName);
// attribute
if ((entryAttrs.size() == 1) && (entryAttrs.keySet().toArray()[0].toString().endsWith("-Digest"))) {
continue;
}
if (!firstEntry) {
// Entries subsequent to the first are split by a newline
sbManifest.append(CRLF);
}
// Get entry attributes as a string to preserve their order
String manifestEntryAttributes = getManifestEntryAttrs(jar, entryName);
// Write them out
sbManifest.append(manifestEntryAttributes);
// The next entry will not be the first entry
firstEntry = false;
}
}
return sbManifest.toString();
}
Also used :
CMSAttributes(org.bouncycastle.asn1.cms.CMSAttributes)
Attributes(java.util.jar.Attributes)
Manifest(java.util.jar.Manifest)
Example 55 with Attributes
use of org.bouncycastle.asn1.cms.Attributes in project keystore-explorer by kaikramer.
the class DialogHelper method populatePkcs10Challenge.
/**
* Populates a JTextField with PKCS#10 challenge
*
* @param attributes
* Attributes from CSR
* @param textField
* Text field to be populated with the challenge
*/
public static void populatePkcs10Challenge(Attribute[] attributes, JTextField textField) {
ASN1ObjectIdentifier pkcs9AtChallengepassword = PKCSObjectIdentifiers.pkcs_9_at_challengePassword;
populateTextField(attributes, textField, pkcs9AtChallengepassword);
}
Also used :
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)20
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)19
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)16
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)15
DEROctetString (org.bouncycastle.asn1.DEROctetString)13
X509Certificate (java.security.cert.X509Certificate)12
IOException (java.io.IOException)10
Date (java.util.Date)10
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)10
DERSequence (org.bouncycastle.asn1.DERSequence)9
DERIA5String (org.bouncycastle.asn1.DERIA5String)8
DERSet (org.bouncycastle.asn1.DERSet)8
Attribute (org.bouncycastle.asn1.cms.Attribute)8
AttributeTable (org.bouncycastle.asn1.cms.AttributeTable)8
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)8
ByteArrayInputStream (java.io.ByteArrayInputStream)7
BigInteger (java.math.BigInteger)7
KeyStore (java.security.KeyStore)7
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)7
DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)7
