Examples with NULL org.mozilla.jss.asn1.NULL used on opensource projects

Example 46 with NULL

use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.

the class PKCS12Util method createCertBagAttrs.

SET createCertBagAttrs(PKCS12CertInfo certInfo) throws Exception {
    SET attrs = new SET();
    String friendlyName = certInfo.getFriendlyName();
    logger.debug("   Friendly name: " + friendlyName);
    SEQUENCE nicknameAttr = new SEQUENCE();
    nicknameAttr.addElement(SafeBag.FRIENDLY_NAME);
    SET nicknameSet = new SET();
    nicknameSet.addElement(new BMPString(friendlyName));
    nicknameAttr.addElement(nicknameSet);
    attrs.addElement(nicknameAttr);
    String trustFlags = certInfo.getTrustFlags();
    if (trustFlags != null && trustFlagsEnabled) {
        logger.debug("   Trust flags: " + trustFlags);
        SEQUENCE trustFlagsAttr = new SEQUENCE();
        trustFlagsAttr.addElement(PKCS12.CERT_TRUST_FLAGS_OID);
        SET trustFlagsSet = new SET();
        trustFlagsSet.addElement(new BMPString(trustFlags));
        trustFlagsAttr.addElement(trustFlagsSet);
        attrs.addElement(trustFlagsAttr);
    }
    byte[] keyID = certInfo.getKeyID();
    if (keyID != null) {
        logger.debug("   Key ID: " + Utils.HexEncode(keyID));
        SEQUENCE localKeyAttr = new SEQUENCE();
        localKeyAttr.addElement(SafeBag.LOCAL_KEY_ID);
        SET localKeySet = new SET();
        localKeySet.addElement(new OCTET_STRING(keyID));
        localKeyAttr.addElement(localKeySet);
        attrs.addElement(localKeyAttr);
    }
    return attrs;
}

Example 47 with NULL

use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.

the class EncryptedContentInfo method decrypt.

/**
 * Decrypts the content of an EncryptedContentInfo encrypted with a
 * PBE key.
 *
 * @param pass The password to use in generating the PBE decryption key.
 * @param charToByteConverter The converter for converting the password
 *      characters into bytes.  May be null to use the default.
 * @return The decrypted contents of the EncryptedContentInfo. The contents
 *      are first unpadded using the PKCS padding mechanism.
 */
public byte[] decrypt(Password pass, KeyGenerator.CharToByteConverter charToByteConverter) throws IllegalStateException, NotInitializedException, NoSuchAlgorithmException, InvalidBERException, IOException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, IllegalBlockSizeException, BadPaddingException {
    if (encryptedContent == null) {
        return null;
    }
    // get the key gen parameters
    AlgorithmIdentifier algid = contentEncryptionAlgorithm;
    KeyGenAlgorithm kgAlg = KeyGenAlgorithm.fromOID(algid.getOID());
    if (!(kgAlg instanceof PBEAlgorithm)) {
        throw new NoSuchAlgorithmException("KeyGenAlgorithm is not a" + " PBE algorithm");
    }
    ASN1Value params = algid.getParameters();
    if (params == null) {
        throw new InvalidAlgorithmParameterException("PBE algorithms require parameters");
    }
    PBEParameter pbeParams;
    if (params instanceof PBEParameter) {
        pbeParams = (PBEParameter) params;
    } else {
        byte[] encodedParams = ASN1Util.encode(params);
        pbeParams = (PBEParameter) ASN1Util.decode(PBEParameter.getTemplate(), encodedParams);
    }
    PBEKeyGenParams kgp = new PBEKeyGenParams(pass, pbeParams.getSalt(), pbeParams.getIterations());
    try {
        // compute the key and IV
        CryptoToken token = CryptoManager.getInstance().getInternalCryptoToken();
        KeyGenerator kg = token.getKeyGenerator(kgAlg);
        if (charToByteConverter != null) {
            kg.setCharToByteConverter(charToByteConverter);
        }
        kg.initialize(kgp);
        SymmetricKey key = kg.generate();
        // compute algorithm parameters
        EncryptionAlgorithm encAlg = ((PBEAlgorithm) kgAlg).getEncryptionAlg();
        AlgorithmParameterSpec algParams = null;
        Class<?>[] paramClasses = encAlg.getParameterClasses();
        for (int i = 0; i < paramClasses.length; i++) {
            if (paramClasses[i].equals(javax.crypto.spec.IvParameterSpec.class)) {
                algParams = new IVParameterSpec(kg.generatePBE_IV());
                break;
            } else if (paramClasses[i].equals(RC2ParameterSpec.class)) {
                algParams = new RC2ParameterSpec(key.getStrength(), kg.generatePBE_IV());
                break;
            }
        }
        // perform the decryption
        Cipher cipher = token.getCipherContext(encAlg);
        cipher.initDecrypt(key, algParams);
        return Cipher.unPad(cipher.doFinal(encryptedContent.toByteArray()));
    } finally {
        kgp.clear();
    }
}

Example 48 with NULL

use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.

the class PK11KeyPairGenerator method getECCurve.

/*
     * getECCurve
     *     maps curvecode to the actual oid of the curve and
     *     returns the PK11ParameterSpec
     */
private AlgorithmParameterSpec getECCurve(int curvecode) throws InvalidParameterException {
    OBJECT_IDENTIFIER oid;
    oid = mECCurve_CodeToCurve.get(curvecode);
    if (oid == null)
        throw new IllegalArgumentException("curvecode =" + curvecode);
    return new PK11ParameterSpec(ASN1Util.encode(oid));
}

Example 49 with NULL

use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.

the class SignerInfo method verifyWithoutAuthenticatedAttributes.

/**
 * Verifies that the message digest passed in, when encrypted with the
 * given public key, matches the encrypted digest in the SignerInfo.
 */
private void verifyWithoutAuthenticatedAttributes(byte[] messageDigest, OBJECT_IDENTIFIER contentType, PublicKey pubkey) throws NotInitializedException, NoSuchAlgorithmException, InvalidKeyException, TokenException, SignatureException {
    if (!contentType.equals(ContentInfo.DATA)) {
        // to go into authenticatedAttributes.
        throw new SignatureException("Content-Type is not DATA, but there are" + " no authenticated attributes");
    }
    SignatureAlgorithm sigAlg = SignatureAlgorithm.fromOID(digestEncryptionAlgorithm.getOID());
    byte[] toBeVerified;
    if (sigAlg.getRawAlg() == SignatureAlgorithm.RSASignature) {
        // create DigestInfo structure
        SEQUENCE digestInfo = new SEQUENCE();
        digestInfo.addElement(new AlgorithmIdentifier(digestAlgorithm.getOID(), null));
        digestInfo.addElement(new OCTET_STRING(messageDigest));
        toBeVerified = ASN1Util.encode(digestInfo);
    } else {
        toBeVerified = messageDigest;
    }
    CryptoToken token = CryptoManager.getInstance().getInternalCryptoToken();
    Signature sig = token.getSignatureContext(sigAlg);
    sig.initVerify(pubkey);
    sig.update(toBeVerified);
    if (sig.verify(encryptedDigest.toByteArray())) {
        // success
        return;
    } else {
        throw new SignatureException("Encrypted message digest parameter does not " + "match encrypted digest in SignerInfo");
    }
}

Example 50 with NULL

use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.

the class SignerInfo method encode.

@Override
public void encode(Tag tag, OutputStream ostream) throws IOException {
    SEQUENCE sequence = new SEQUENCE();
    sequence.addElement(version);
    sequence.addElement(issuerAndSerialNumber);
    sequence.addElement(digestAlgorithm);
    if (authenticatedAttributes != null) {
        sequence.addElement(new Tag(0), authenticatedAttributes);
    }
    sequence.addElement(digestEncryptionAlgorithm);
    sequence.addElement(encryptedDigest);
    if (unauthenticatedAttributes != null) {
        sequence.addElement(new Tag(1), unauthenticatedAttributes);
    }
    sequence.encode(tag, ostream);
}