Example 6 with NULL
use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.
the class GenerateTestCert method makeCert.
/**
* Method that generates a certificate for given credential
*
* @param issuerName
* @param subjectName
* @param serialNumber
* @param privKey
* @param pubKey
* @param rand
* @param extensions
* @throws java.lang.Exception
* @return
*/
private Certificate makeCert(String issuerName, String subjectName, int serialNumber, PrivateKey privKey, PublicKey pubKey, int rand, SEQUENCE extensions) throws Exception {
AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier(sigAlg.toOID());
Name issuer = new Name();
issuer.addCountryName("US");
issuer.addOrganizationName("Mozilla");
issuer.addOrganizationalUnitName("JSS Testing" + rand);
issuer.addCommonName(issuerName);
Name subject = new Name();
subject.addCountryName("US");
subject.addOrganizationName("Mozilla");
subject.addOrganizationalUnitName("JSS Testing" + rand);
subject.addCommonName(subjectName);
Calendar cal = Calendar.getInstance();
Date notBefore = cal.getTime();
cal.add(Calendar.YEAR, 1);
Date notAfter = cal.getTime();
SubjectPublicKeyInfo.Template spkiTemp = new SubjectPublicKeyInfo.Template();
SubjectPublicKeyInfo spki = (SubjectPublicKeyInfo) ASN1Util.decode(spkiTemp, pubKey.getEncoded());
CertificateInfo info = new CertificateInfo(CertificateInfo.v3, new INTEGER(serialNumber), sigAlgID, issuer, notBefore, notAfter, subject, spki);
if (extensions != null) {
info.setExtensions(extensions);
}
return new Certificate(info, privKey, sigAlg);
}
Also used :
Calendar(java.util.Calendar)
CertificateInfo(org.mozilla.jss.pkix.cert.CertificateInfo)
SubjectPublicKeyInfo(org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo)
Date(java.util.Date)
AlgorithmIdentifier(org.mozilla.jss.pkix.primitive.AlgorithmIdentifier)
Name(org.mozilla.jss.pkix.primitive.Name)
INTEGER(org.mozilla.jss.asn1.INTEGER)
Certificate(org.mozilla.jss.pkix.cert.Certificate)
InternalCertificate(org.mozilla.jss.crypto.InternalCertificate)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
Example 7 with NULL
use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.
the class JSSCipherSpi method generateAlgParams.
private AlgorithmParameterSpec generateAlgParams(Algorithm alg, int blockSize) throws InvalidKeyException {
Class<?>[] paramClasses = alg.getParameterClasses();
AlgorithmParameterSpec algParSpec = null;
if (paramClasses == null) {
// no parameters are needed
return null;
}
// generate an IV
byte[] iv = new byte[blockSize];
try {
SecureRandom random = SecureRandom.getInstance("pkcs11prng", "Mozilla-JSS");
random.nextBytes(iv);
} catch (Exception e) {
throw new RuntimeException(e);
}
for (int i = 0; i < paramClasses.length; i++) {
if (paramClasses[i].equals(javax.crypto.spec.IvParameterSpec.class)) {
algParSpec = new javax.crypto.spec.IvParameterSpec(iv);
break;
} else if (paramClasses[i].equals(RC2ParameterSpec.class)) {
algParSpec = new RC2ParameterSpec(keyStrength, iv);
break;
}
}
return algParSpec;
}
Also used :
TokenRuntimeException(org.mozilla.jss.crypto.TokenRuntimeException)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
SecureRandom(java.security.SecureRandom)
RC2ParameterSpec(javax.crypto.spec.RC2ParameterSpec)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
InvalidBERException(org.mozilla.jss.asn1.InvalidBERException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
InvalidParameterSpecException(java.security.spec.InvalidParameterSpecException)
ShortBufferException(javax.crypto.ShortBufferException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
BadPaddingException(javax.crypto.BadPaddingException)
TokenException(org.mozilla.jss.crypto.TokenException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
NoSuchProviderException(java.security.NoSuchProviderException)
TokenRuntimeException(org.mozilla.jss.crypto.TokenRuntimeException)
Example 8 with NULL
use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.
the class CertReqMsg method encode.
/**
* Encodes this <i>CertReqMsg</i> to the given OutputStream using
* DER encoding, with the given implicit tag.
*/
@Override
public void encode(Tag implicit, OutputStream ostream) throws IOException {
// Assert.notYetImplemented("CertReqMsg encoding");
SEQUENCE sequence = new SEQUENCE();
sequence.addElement(certReq);
if (pop != null)
sequence.addElement(pop);
if (regInfo != null)
sequence.addElement(regInfo);
sequence.encode(implicit, ostream);
}
Also used :
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
Example 9 with NULL
use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.
the class CertReqMsg method verify.
public void verify(CryptoToken token) throws SignatureException, InvalidKeyFormatException, NoSuchAlgorithmException, org.mozilla.jss.NotInitializedException, TokenException, java.security.InvalidKeyException, IOException {
ProofOfPossession.Type type = pop.getType();
if (type == ProofOfPossession.SIGNATURE) {
POPOSigningKey sigkey = pop.getSignature();
AlgorithmIdentifier alg = sigkey.getAlgorithmIdentifier();
BIT_STRING sig_from = sigkey.getSignature();
ByteArrayOutputStream bo = new ByteArrayOutputStream();
certReq.encode(bo);
byte[] toBeVerified = bo.toByteArray();
PublicKey pubkey = null;
CertTemplate ct = certReq.getCertTemplate();
if (ct.hasPublicKey()) {
SubjectPublicKeyInfo spi = ct.getPublicKey();
pubkey = spi.toPublicKey();
}
SignatureAlgorithm sigAlg = SignatureAlgorithm.fromOID(alg.getOID());
Signature sig = token.getSignatureContext(sigAlg);
sig.initVerify(pubkey);
sig.update(toBeVerified);
if (sig.verify(sig_from.getBits())) {
// success
return;
} else {
throw new SignatureException("Signed request information does not " + "match signature in POP");
}
} else if (type == ProofOfPossession.KEY_ENCIPHERMENT) {
POPOPrivKey keyEnc = pop.getKeyEncipherment();
POPOPrivKey.Type ptype = keyEnc.getType();
if (ptype == POPOPrivKey.THIS_MESSAGE) {
// BIT_STRING thisMessage = keyEnc.getThisMessage();
// This should be the same as from the archive control
// It's verified by DRM.
} else if (ptype == POPOPrivKey.SUBSEQUENT_MESSAGE) {
new ChallengeResponseException("requested");
}
}
}
Also used :
PublicKey(java.security.PublicKey)
SignatureAlgorithm(org.mozilla.jss.crypto.SignatureAlgorithm)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
SignatureException(java.security.SignatureException)
SubjectPublicKeyInfo(org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo)
BIT_STRING(org.mozilla.jss.asn1.BIT_STRING)
AlgorithmIdentifier(org.mozilla.jss.pkix.primitive.AlgorithmIdentifier)
Signature(org.mozilla.jss.crypto.Signature)
Example 10 with NULL
use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.
the class CertTemplate method encode.
@Override
public void encode(Tag t, OutputStream ostream) throws IOException {
SEQUENCE seq = new SEQUENCE();
seq.addElement(Tag.get(0), version);
seq.addElement(Tag.get(1), serialNumber);
seq.addElement(Tag.get(2), signingAlg);
if (issuer != null) {
// issuer is a CHOICE, so it must be EXPLICITly tagged
seq.addElement(new EXPLICIT(Tag.get(3), issuer));
}
if (notBefore != null || notAfter != null) {
SEQUENCE optionalVal = new SEQUENCE();
// notBefore & notAfter are CHOICES, so must be EXPLICITly tagged
if (notBefore != null) {
optionalVal.addElement(new EXPLICIT(Tag.get(0), dateToASN1(notBefore)));
}
if (notAfter != null) {
optionalVal.addElement(new EXPLICIT(Tag.get(1), dateToASN1(notAfter)));
}
seq.addElement(Tag.get(4), optionalVal);
}
if (subject != null) {
// subject is a CHOICE, so it must be EXPLICITly tagged
seq.addElement(new EXPLICIT(Tag.get(5), subject));
}
seq.addElement(Tag.get(6), publicKey);
seq.addElement(Tag.get(7), issuerUID);
seq.addElement(Tag.get(8), subjectUID);
seq.addElement(Tag.get(9), extensions);
seq.encode(t, ostream);
}Aggregations
SEQUENCE (org.mozilla.jss.asn1.SEQUENCE)33
OCTET_STRING (org.mozilla.jss.asn1.OCTET_STRING)19
InvalidBERException (org.mozilla.jss.asn1.InvalidBERException)17
ANY (org.mozilla.jss.asn1.ANY)14
CryptoToken (org.mozilla.jss.crypto.CryptoToken)14
AlgorithmIdentifier (org.mozilla.jss.pkix.primitive.AlgorithmIdentifier)11
IOException (java.io.IOException)10
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)10
ASN1Value (org.mozilla.jss.asn1.ASN1Value)10
BMPString (org.mozilla.jss.asn1.BMPString)10
CryptoManager (org.mozilla.jss.CryptoManager)9
SET (org.mozilla.jss.asn1.SET)9
ByteArrayOutputStream (java.io.ByteArrayOutputStream)8
AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)8
OBJECT_IDENTIFIER (org.mozilla.jss.asn1.OBJECT_IDENTIFIER)8
EncryptionAlgorithm (org.mozilla.jss.crypto.EncryptionAlgorithm)8
FileOutputStream (java.io.FileOutputStream)7
Cipher (org.mozilla.jss.crypto.Cipher)7
CertificateException (java.security.cert.CertificateException)6
BadPaddingException (javax.crypto.BadPaddingException)6
