Search in sources :

Example 86 with AlgorithmIdentifier

use of org.bouncycastle.asn1.x509.AlgorithmIdentifier in project xipki by xipki.

the class OcspStatusCmd method processResponse.

@Override
protected Object processResponse(OCSPResp response, X509Certificate respIssuer, IssuerHash issuerHash, List<BigInteger> serialNumbers, Map<BigInteger, byte[]> encodedCerts) throws Exception {
    ParamUtil.requireNonNull("response", response);
    ParamUtil.requireNonNull("issuerHash", issuerHash);
    ParamUtil.requireNonNull("serialNumbers", serialNumbers);
    BasicOCSPResp basicResp = OcspUtils.extractBasicOcspResp(response);
    boolean extendedRevoke = basicResp.getExtension(ObjectIdentifiers.id_pkix_ocsp_extendedRevoke) != null;
    SingleResp[] singleResponses = basicResp.getResponses();
    if (singleResponses == null || singleResponses.length == 0) {
        throw new CmdFailure("received no status from server");
    }
    final int n = singleResponses.length;
    if (n != serialNumbers.size()) {
        throw new CmdFailure("received status with " + n + " single responses from server, but " + serialNumbers.size() + " were requested");
    }
    Date[] thisUpdates = new Date[n];
    for (int i = 0; i < n; i++) {
        thisUpdates[i] = singleResponses[i].getThisUpdate();
    }
    // check the signature if available
    if (null == basicResp.getSignature()) {
        println("response is not signed");
    } else {
        X509CertificateHolder[] responderCerts = basicResp.getCerts();
        if (responderCerts == null || responderCerts.length < 1) {
            throw new CmdFailure("no responder certificate is contained in the response");
        }
        ResponderID respId = basicResp.getResponderId().toASN1Primitive();
        X500Name respIdByName = respId.getName();
        byte[] respIdByKey = respId.getKeyHash();
        X509CertificateHolder respSigner = null;
        for (X509CertificateHolder cert : responderCerts) {
            if (respIdByName != null) {
                if (cert.getSubject().equals(respIdByName)) {
                    respSigner = cert;
                }
            } else {
                byte[] spkiSha1 = HashAlgo.SHA1.hash(cert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes());
                if (Arrays.equals(respIdByKey, spkiSha1)) {
                    respSigner = cert;
                }
            }
            if (respSigner != null) {
                break;
            }
        }
        if (respSigner == null) {
            throw new CmdFailure("no responder certificate match the ResponderId");
        }
        boolean validOn = true;
        for (Date thisUpdate : thisUpdates) {
            validOn = respSigner.isValidOn(thisUpdate);
            if (!validOn) {
                throw new CmdFailure("responder certificate is not valid on " + thisUpdate);
            }
        }
        if (validOn) {
            PublicKey responderPubKey = KeyUtil.generatePublicKey(respSigner.getSubjectPublicKeyInfo());
            ContentVerifierProvider cvp = securityFactory.getContentVerifierProvider(responderPubKey);
            boolean sigValid = basicResp.isSignatureValid(cvp);
            if (!sigValid) {
                throw new CmdFailure("response is equipped with invalid signature");
            }
            // verify the OCSPResponse signer
            if (respIssuer != null) {
                boolean certValid = true;
                X509Certificate jceRespSigner = X509Util.toX509Cert(respSigner.toASN1Structure());
                if (X509Util.issues(respIssuer, jceRespSigner)) {
                    try {
                        jceRespSigner.verify(respIssuer.getPublicKey());
                    } catch (SignatureException ex) {
                        certValid = false;
                    }
                }
                if (!certValid) {
                    throw new CmdFailure("response is equipped with valid signature but the" + " OCSP signer is not trusted");
                }
            } else {
                println("response is equipped with valid signature");
            }
        // end if(respIssuer)
        }
        if (verbose.booleanValue()) {
            println("responder is " + X509Util.getRfc4519Name(responderCerts[0].getSubject()));
        }
    }
    for (int i = 0; i < n; i++) {
        if (n > 1) {
            println("---------------------------- " + i + "----------------------------");
        }
        SingleResp singleResp = singleResponses[i];
        CertificateStatus singleCertStatus = singleResp.getCertStatus();
        String status;
        if (singleCertStatus == null) {
            status = "good";
        } else if (singleCertStatus instanceof RevokedStatus) {
            RevokedStatus revStatus = (RevokedStatus) singleCertStatus;
            Date revTime = revStatus.getRevocationTime();
            Date invTime = null;
            Extension ext = singleResp.getExtension(Extension.invalidityDate);
            if (ext != null) {
                invTime = ASN1GeneralizedTime.getInstance(ext.getParsedValue()).getDate();
            }
            if (revStatus.hasRevocationReason()) {
                int reason = revStatus.getRevocationReason();
                if (extendedRevoke && reason == CrlReason.CERTIFICATE_HOLD.getCode() && revTime.getTime() == 0) {
                    status = "unknown (RFC6960)";
                } else {
                    status = StringUtil.concatObjects("revoked, reason = ", CrlReason.forReasonCode(reason).getDescription(), ", revocationTime = ", revTime, (invTime == null ? "" : ", invalidityTime = " + invTime));
                }
            } else {
                status = "revoked, no reason, revocationTime = " + revTime;
            }
        } else if (singleCertStatus instanceof UnknownStatus) {
            status = "unknown (RFC2560)";
        } else {
            status = "ERROR";
        }
        StringBuilder msg = new StringBuilder();
        CertificateID certId = singleResp.getCertID();
        HashAlgo hashAlgo = HashAlgo.getNonNullInstance(certId.getHashAlgOID());
        boolean issuerMatch = issuerHash.match(hashAlgo, certId.getIssuerNameHash(), certId.getIssuerKeyHash());
        BigInteger serialNumber = certId.getSerialNumber();
        msg.append("issuer matched: ").append(issuerMatch);
        msg.append("\nserialNumber: ").append(LogUtil.formatCsn(serialNumber));
        msg.append("\nCertificate status: ").append(status);
        if (verbose.booleanValue()) {
            msg.append("\nthisUpdate: ").append(singleResp.getThisUpdate());
            msg.append("\nnextUpdate: ").append(singleResp.getNextUpdate());
            Extension extension = singleResp.getExtension(ISISMTTObjectIdentifiers.id_isismtt_at_certHash);
            if (extension != null) {
                msg.append("\nCertHash is provided:\n");
                ASN1Encodable extensionValue = extension.getParsedValue();
                CertHash certHash = CertHash.getInstance(extensionValue);
                ASN1ObjectIdentifier hashAlgOid = certHash.getHashAlgorithm().getAlgorithm();
                byte[] hashValue = certHash.getCertificateHash();
                msg.append("\tHash algo : ").append(hashAlgOid.getId()).append("\n");
                msg.append("\tHash value: ").append(Hex.encode(hashValue)).append("\n");
                if (encodedCerts != null) {
                    byte[] encodedCert = encodedCerts.get(serialNumber);
                    MessageDigest md = MessageDigest.getInstance(hashAlgOid.getId());
                    byte[] expectedHashValue = md.digest(encodedCert);
                    if (Arrays.equals(expectedHashValue, hashValue)) {
                        msg.append("\tThis matches the requested certificate");
                    } else {
                        msg.append("\tThis differs from the requested certificate");
                    }
                }
            }
            // end if (extension != null)
            extension = singleResp.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_archive_cutoff);
            if (extension != null) {
                ASN1Encodable extensionValue = extension.getParsedValue();
                ASN1GeneralizedTime time = ASN1GeneralizedTime.getInstance(extensionValue);
                msg.append("\nArchive-CutOff: ");
                msg.append(time.getTimeString());
            }
            AlgorithmIdentifier sigAlg = basicResp.getSignatureAlgorithmID();
            if (sigAlg == null) {
                msg.append(("\nresponse is not signed"));
            } else {
                String sigAlgName = AlgorithmUtil.getSignatureAlgoName(sigAlg);
                if (sigAlgName == null) {
                    sigAlgName = "unknown";
                }
                msg.append("\nresponse is signed with ").append(sigAlgName);
            }
            // extensions
            msg.append("\nExtensions: ");
            List<?> extensionOids = basicResp.getExtensionOIDs();
            if (extensionOids == null || extensionOids.size() == 0) {
                msg.append("-");
            } else {
                int size = extensionOids.size();
                for (int j = 0; j < size; j++) {
                    ASN1ObjectIdentifier extensionOid = (ASN1ObjectIdentifier) extensionOids.get(j);
                    String name = EXTENSION_OIDNAME_MAP.get(extensionOid);
                    if (name == null) {
                        msg.append(extensionOid.getId());
                    } else {
                        msg.append(name);
                    }
                    if (j != size - 1) {
                        msg.append(", ");
                    }
                }
            }
        }
        // end if (verbose.booleanValue())
        println(msg.toString());
    }
    // end for
    println("");
    return null;
}
Also used : HashAlgo(org.xipki.security.HashAlgo) ResponderID(org.bouncycastle.asn1.ocsp.ResponderID) ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) X500Name(org.bouncycastle.asn1.x500.X500Name) SignatureException(java.security.SignatureException) UnknownStatus(org.bouncycastle.cert.ocsp.UnknownStatus) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) CmdFailure(org.xipki.console.karaf.CmdFailure) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) MessageDigest(java.security.MessageDigest) SingleResp(org.bouncycastle.cert.ocsp.SingleResp) ContentVerifierProvider(org.bouncycastle.operator.ContentVerifierProvider) CertHash(org.bouncycastle.asn1.isismtt.ocsp.CertHash) PublicKey(java.security.PublicKey) CertificateID(org.bouncycastle.cert.ocsp.CertificateID) CertificateStatus(org.bouncycastle.cert.ocsp.CertificateStatus) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) Extension(org.bouncycastle.asn1.x509.Extension) RevokedStatus(org.bouncycastle.cert.ocsp.RevokedStatus) BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 87 with AlgorithmIdentifier

use of org.bouncycastle.asn1.x509.AlgorithmIdentifier in project signer by demoiselle.

the class RevocationRefs method makeCrlValidatedID.

/**
 * @param extract
 *            CrlValidatedID from X509CRL
 * @return a CrlValidatedID
 * @throws NoSuchAlgorithmException
 * @throws CRLException
 */
private CrlValidatedID makeCrlValidatedID(X509CRL crl) throws NoSuchAlgorithmException, CRLException {
    Digest digest = DigestFactory.getInstance().factoryDefault();
    digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
    OtherHashAlgAndValue otherHashAlgAndValue = new OtherHashAlgAndValue(new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256), new DEROctetString(digest.digest(crl.getEncoded())));
    OtherHash hash = new OtherHash(otherHashAlgAndValue);
    BigInteger crlnumber;
    CrlIdentifier crlid;
    if (crl.getExtensionValue("2.5.29.20") != null) {
        ASN1Integer varASN1Integer = new ASN1Integer(crl.getExtensionValue("2.5.29.20"));
        crlnumber = varASN1Integer.getPositiveValue();
        crlid = new CrlIdentifier(new X500Name(crl.getIssuerX500Principal().getName()), new DERUTCTime(crl.getThisUpdate()), crlnumber);
    } else {
        crlid = new CrlIdentifier(new X500Name(crl.getIssuerX500Principal().getName()), new DERUTCTime(crl.getThisUpdate()));
    }
    CrlValidatedID crlvid = new CrlValidatedID(hash, crlid);
    return crlvid;
}
Also used : CrlValidatedID(org.bouncycastle.asn1.esf.CrlValidatedID) Digest(org.demoiselle.signer.cryptography.Digest) DERUTCTime(org.bouncycastle.asn1.DERUTCTime) BigInteger(java.math.BigInteger) CrlIdentifier(org.bouncycastle.asn1.esf.CrlIdentifier) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) X500Name(org.bouncycastle.asn1.x500.X500Name) OtherHashAlgAndValue(org.bouncycastle.asn1.esf.OtherHashAlgAndValue) DEROctetString(org.bouncycastle.asn1.DEROctetString) OtherHash(org.bouncycastle.asn1.esf.OtherHash) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 88 with AlgorithmIdentifier

use of org.bouncycastle.asn1.x509.AlgorithmIdentifier in project signer by demoiselle.

the class CertificateRefs method getValue.

@Override
public Attribute getValue() throws SignerException {
    try {
        int chainSize = certificates.length - 1;
        OtherCertID[] arrayOtherCertID = new OtherCertID[chainSize];
        for (int i = 1; i <= chainSize; i++) {
            X509Certificate issuerCert = null;
            X509Certificate cert = (X509Certificate) certificates[i];
            if (i < chainSize) {
                issuerCert = (X509Certificate) certificates[i + 1];
            } else {
                // raiz
                issuerCert = (X509Certificate) certificates[i];
            }
            Digest digest = DigestFactory.getInstance().factoryDefault();
            digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
            byte[] certHash = digest.digest(cert.getEncoded());
            X500Name dirName = new X500Name(issuerCert.getSubjectX500Principal().getName());
            GeneralName name = new GeneralName(dirName);
            GeneralNames issuer = new GeneralNames(name);
            ASN1Integer serialNumber = new ASN1Integer(cert.getSerialNumber());
            IssuerSerial issuerSerial = new IssuerSerial(issuer, serialNumber);
            AlgorithmIdentifier algId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256);
            OtherCertID otherCertID = new OtherCertID(algId, certHash, issuerSerial);
            arrayOtherCertID[i - 1] = otherCertID;
        }
        return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new ASN1Encodable[] { new DERSequence(arrayOtherCertID) }));
    } catch (CertificateEncodingException e) {
        throw new SignerException(e.getMessage());
    }
}
Also used : IssuerSerial(org.bouncycastle.asn1.x509.IssuerSerial) Digest(org.demoiselle.signer.cryptography.Digest) UnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute) Attribute(org.bouncycastle.asn1.cms.Attribute) CertificateEncodingException(java.security.cert.CertificateEncodingException) X500Name(org.bouncycastle.asn1.x500.X500Name) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) DERSet(org.bouncycastle.asn1.DERSet) X509Certificate(java.security.cert.X509Certificate) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) OtherCertID(org.bouncycastle.asn1.ess.OtherCertID) DERSequence(org.bouncycastle.asn1.DERSequence) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 89 with AlgorithmIdentifier

use of org.bouncycastle.asn1.x509.AlgorithmIdentifier in project platformlayer by platformlayer.

the class SimpleCertificateAuthority method signCertificate.

private static Certificate signCertificate(X500Name signer, PrivateKey signerPrivateKey, X500Name subject, SubjectPublicKeyInfo subjectPublicKeyInfo) throws OpsException {
    try {
        AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(SIGNATURE_ALGORITHM);
        AlgorithmIdentifier digestAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
        long days = 3650;
        long now = System.currentTimeMillis();
        Date notBefore = new Date(now - ONE_DAY);
        Date notAfter = new Date(notBefore.getTime() + (days * ONE_DAY));
        BigInteger serialNumber;
        synchronized (SimpleCertificateAuthority.class) {
            long nextSerialNumber = System.currentTimeMillis();
            serialNumber = BigInteger.valueOf(nextSerialNumber);
        }
        X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(signer, serialNumber, notBefore, notAfter, subject, subjectPublicKeyInfo);
        // {
        // boolean isCritical = false;
        // certificateBuilder.addExtension(X509Extensions.SubjectKeyIdentifier, isCritical,
        // csr.getSubjectPublicKeyInfo());
        // }
        AsymmetricKeyParameter caPrivateKeyParameters = PrivateKeyFactory.createKey(signerPrivateKey.getEncoded());
        ContentSigner contentSigner = new BcRSAContentSignerBuilder(sigAlgId, digestAlgId).build(caPrivateKeyParameters);
        X509CertificateHolder certificateHolder = certificateBuilder.build(contentSigner);
        Certificate certificate = certificateHolder.toASN1Structure();
        return certificate;
    } catch (OperatorCreationException e) {
        throw new OpsException("Error signing certificate", e);
    } catch (IOException e) {
        throw new OpsException("Error signing certificate", e);
    }
}
Also used : OpsException(org.platformlayer.ops.OpsException) ContentSigner(org.bouncycastle.operator.ContentSigner) IOException(java.io.IOException) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) Date(java.util.Date) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder) BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder) AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate)

Example 90 with AlgorithmIdentifier

use of org.bouncycastle.asn1.x509.AlgorithmIdentifier in project open-ecard by ecsec.

the class SignatureVerifier method validate.

public void validate(@Nonnull byte[] signature) throws KeyStoreException, SignatureInvalid {
    try {
        // load BC provider, so that the algorithms are available for the signature verification
        Security.addProvider(new BouncyCastleProvider());
        CMSProcessable wrappedChallenge = new CMSProcessableByteArray(challenge);
        CMSSignedData signedData = new CMSSignedData(wrappedChallenge, signature);
        Store<X509CertificateHolder> certStore = signedData.getCertificates();
        SignerInformationStore signerInfoStore = signedData.getSignerInfos();
        Collection<SignerInformation> signers = signerInfoStore.getSigners();
        Collection<X509Certificate> allCerts = convertCertificates(certStore.getMatches(new AllSelector()));
        for (SignerInformation signer : signers) {
            Collection<X509CertificateHolder> certCollection = certStore.getMatches(signer.getSID());
            X509CertificateHolder cert = certCollection.iterator().next();
            DigestCalculatorProvider dp = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build();
            JcaSignerInfoVerifierBuilder verifBuilder = new JcaSignerInfoVerifierBuilder(dp).setProvider("BC");
            verifBuilder.setSignatureAlgorithmFinder(new DefaultSignatureAlgorithmIdentifierFinder() {

                @Override
                public AlgorithmIdentifier find(String sigAlgName) {
                    if (!AllowedSignatureAlgorithms.isKnownJcaAlgorithm(sigAlgName)) {
                        throw new IllegalArgumentException("Unsupported signature algorithm used.");
                    } else {
                        return super.find(sigAlgName);
                    }
                }
            });
            SignerInformationVerifier verif = verifBuilder.build(cert);
            // verify the signature
            if (!signer.verify(verif)) {
                throw new SignatureInvalid("Signer information could not be verified.");
            }
            // verify the path and certificate
            X509Certificate x509Cert = convertCertificate(cert);
            // TODO: verify that the signature is not too old. How old can it be at max? 1 minute?
            validatePath(x509Cert, allCerts, null);
            // check that the end certificate is under the admissable certificates
            if (ChipGatewayProperties.isUseSubjectWhitelist()) {
                X500Principal subj = x509Cert.getSubjectX500Principal();
                if (!AllowedSubjects.instance().isInSubjects(subj)) {
                    String msg = "The certificate used in the signature has an invalid subject: " + subj.getName();
                    throw new InvalidSubjectException(msg);
                }
            }
        }
        // fail if there is no signature in the SignedData structure
        if (signers.isEmpty()) {
            throw new SignatureInvalid("No signatures present in the given SignedData element.");
        }
    } catch (CertificateException ex) {
        throw new SignatureInvalid("Failed to read a certificate form the CMS data structure.", ex);
    } catch (CertPathBuilderException ex) {
        throw new SignatureInvalid("Failed to build certificate path for PKIX validation.", ex);
    } catch (CMSVerifierCertificateNotValidException ex) {
        throw new SignatureInvalid("Signer certificate was not valid when the signature was created.", ex);
    } catch (CMSException ex) {
        throw new SignatureInvalid("Failed to validate CMS data structure.", ex);
    } catch (InvalidSubjectException ex) {
        throw new SignatureInvalid("Certificate with invalid subject used in signature.", ex);
    } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | OperatorCreationException ex) {
        throw new SignatureInvalid("Invalid or unsupported algorithm or algorithm parameter used in signature.", ex);
    } catch (IllegalArgumentException ex) {
        throw new SignatureInvalid("Signature containes an invalid value.", ex);
    }
}
Also used : SignerInformation(org.openecard.bouncycastle.cms.SignerInformation) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) AlgorithmIdentifier(org.openecard.bouncycastle.asn1.x509.AlgorithmIdentifier) SignerInformationStore(org.openecard.bouncycastle.cms.SignerInformationStore) CertPathBuilderException(java.security.cert.CertPathBuilderException) JcaSignerInfoVerifierBuilder(org.openecard.bouncycastle.cms.jcajce.JcaSignerInfoVerifierBuilder) SignerInformationVerifier(org.openecard.bouncycastle.cms.SignerInformationVerifier) OperatorCreationException(org.openecard.bouncycastle.operator.OperatorCreationException) BouncyCastleProvider(org.openecard.bouncycastle.jce.provider.BouncyCastleProvider) CMSProcessableByteArray(org.openecard.bouncycastle.cms.CMSProcessableByteArray) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) CMSVerifierCertificateNotValidException(org.openecard.bouncycastle.cms.CMSVerifierCertificateNotValidException) CMSSignedData(org.openecard.bouncycastle.cms.CMSSignedData) CMSProcessable(org.openecard.bouncycastle.cms.CMSProcessable) X509Certificate(java.security.cert.X509Certificate) DefaultSignatureAlgorithmIdentifierFinder(org.openecard.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder) InvalidSubjectException(org.openecard.addons.cg.ex.InvalidSubjectException) DigestCalculatorProvider(org.openecard.bouncycastle.operator.DigestCalculatorProvider) X509CertificateHolder(org.openecard.bouncycastle.cert.X509CertificateHolder) X500Principal(javax.security.auth.x500.X500Principal) JcaDigestCalculatorProviderBuilder(org.openecard.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder) CMSException(org.openecard.bouncycastle.cms.CMSException)

Aggregations

AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)117 IOException (java.io.IOException)54 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)50 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)41 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)40 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)36 DERSequence (org.bouncycastle.asn1.DERSequence)34 BigInteger (java.math.BigInteger)30 X500Name (org.bouncycastle.asn1.x500.X500Name)30 X509Certificate (java.security.cert.X509Certificate)29 DEROctetString (org.bouncycastle.asn1.DEROctetString)29 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)26 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)21 Date (java.util.Date)20 KeyPair (java.security.KeyPair)19 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)19 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)19 ContentSigner (org.bouncycastle.operator.ContentSigner)17 KeyPairGenerator (java.security.KeyPairGenerator)15 CertificateEncodingException (java.security.cert.CertificateEncodingException)15