use of org.openecard.bouncycastle.asn1.ASN1Integer in project candlepin by candlepin.
the class X509CRLStreamWriter method write.
/**
* Write a modified CRL to the given output stream. This method will add each entry provided
* via the add() method.
*
* @param out OutputStream to write to
* @throws IOException if something goes wrong
*/
public void write(OutputStream out) throws IOException {
if (!locked || !preScanned) {
throw new IllegalStateException("The instance must be preScanned and locked before writing.");
}
if (emptyCrl) {
/* An empty CRL is going to be missing the revokedCertificates sequence
* and would require a lot of special casing during the streaming process.
* Instead, it is easier to construct the CRL in the normal fashion using
* BouncyCastle. Performance should be acceptable as long as the number of
* CRL entries being added are reasonable in number. Something less than a
* thousand or so should yield adequate performance.
*/
writeToEmptyCrl(out);
return;
}
originalLength = handleHeader(out);
int tag;
int tagNo;
int length;
while (originalLength > count.get()) {
tag = readTag(crlIn, count);
tagNo = readTagNumber(crlIn, tag, count);
length = readLength(crlIn, count);
byte[] entryBytes = new byte[length];
readFullyAndTrack(crlIn, entryBytes, count);
// We only need the serial number and not the rest of the stuff in the entry
ASN1Integer serial = (ASN1Integer) new ASN1InputStream(entryBytes).readObject();
if (deletedEntriesLength == 0 || !deletedEntries.contains(serial.getValue())) {
writeTag(out, tag, tagNo, signer);
writeLength(out, length, signer);
writeValue(out, entryBytes, signer);
}
}
// Write the new entries into the new CRL
for (ASN1Sequence entry : newEntries) {
writeBytes(out, entry.getEncoded(), signer);
}
// Copy the old extensions over
if (newExtensions != null) {
out.write(newExtensions);
signer.getOutputStream().write(newExtensions, 0, newExtensions.length);
}
out.write(signingAlg.getEncoded());
try {
byte[] signature = signer.getSignature();
ASN1BitString signatureBits = new DERBitString(signature);
out.write(signatureBits.getEncoded());
} catch (DataLengthException e) {
throw new IOException("Could not sign", e);
}
}
use of org.openecard.bouncycastle.asn1.ASN1Integer in project open-ecard by ecsec.
the class SignStep method encodeRawRS.
private byte[] encodeRawRS(byte[] signature) throws WSHelper.WSException {
try {
LOG.info("Reencoding raw RS parameters as ECDSA signature.");
int n = signature.length / 2;
byte[] bytes = new byte[n];
System.arraycopy(signature, 0, bytes, 0, n);
BigInteger r = new BigInteger(1, bytes);
System.arraycopy(signature, n, bytes, 0, n);
BigInteger s = new BigInteger(1, bytes);
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new ASN1Integer(r));
v.add(new ASN1Integer(s));
return new DERSequence(v).getEncoded(ASN1Encoding.DER);
} catch (IOException ex) {
throw WSHelper.createException(WSHelper.makeResultError(ECardConstants.Minor.App.INT_ERROR, "Failed to reencode raw RS parameters as ECDSA signature."));
}
}
use of org.openecard.bouncycastle.asn1.ASN1Integer in project fabric-sdk-java by hyperledger.
the class CryptoPrimitives method ecdsaSignToBytes.
/**
* Sign data with the specified elliptic curve private key.
*
* @param privateKey elliptic curve private key.
* @param data data to sign
* @return the signed data.
* @throws CryptoException
*/
private byte[] ecdsaSignToBytes(ECPrivateKey privateKey, byte[] data) throws CryptoException {
try {
X9ECParameters params = ECNamedCurveTable.getByName(curveName);
BigInteger curveN = params.getN();
Signature sig = SECURITY_PROVIDER == null ? Signature.getInstance(DEFAULT_SIGNATURE_ALGORITHM) : Signature.getInstance(DEFAULT_SIGNATURE_ALGORITHM, SECURITY_PROVIDER);
sig.initSign(privateKey);
sig.update(data);
byte[] signature = sig.sign();
BigInteger[] sigs = decodeECDSASignature(signature);
sigs = preventMalleability(sigs, curveN);
ByteArrayOutputStream s = new ByteArrayOutputStream();
DERSequenceGenerator seq = new DERSequenceGenerator(s);
seq.addObject(new ASN1Integer(sigs[0]));
seq.addObject(new ASN1Integer(sigs[1]));
seq.close();
return s.toByteArray();
} catch (Exception e) {
throw new CryptoException("Could not sign the message using private key", e);
}
}
use of org.openecard.bouncycastle.asn1.ASN1Integer in project jruby-openssl by jruby.
the class PKeyEC method dsa_sign_asn1.
@JRubyMethod(name = "dsa_sign_asn1")
public IRubyObject dsa_sign_asn1(final ThreadContext context, final IRubyObject data) {
try {
ECNamedCurveParameterSpec params = ECNamedCurveTable.getParameterSpec(getCurveName());
ASN1ObjectIdentifier oid = getCurveOID(getCurveName());
ECNamedDomainParameters domainParams = new ECNamedDomainParameters(oid, params.getCurve(), params.getG(), params.getN(), params.getH(), params.getSeed());
final ECDSASigner signer = new ECDSASigner();
final ECPrivateKey privKey = (ECPrivateKey) this.privateKey;
signer.init(true, new ECPrivateKeyParameters(privKey.getS(), domainParams));
final byte[] message = data.convertToString().getBytes();
// [r, s]
BigInteger[] signature = signer.generateSignature(message);
// final byte[] r = signature[0].toByteArray();
// final byte[] s = signature[1].toByteArray();
// // ASN.1 encode as: 0x30 len 0x02 rlen (r) 0x02 slen (s)
// final int len = 1 + (1 + r.length) + 1 + (1 + s.length);
//
// final byte[] encoded = new byte[1 + 1 + len]; int i;
// encoded[0] = 0x30;
// encoded[1] = (byte) len;
// encoded[2] = 0x20;
// encoded[3] = (byte) r.length;
// System.arraycopy(r, 0, encoded, i = 4, r.length); i += r.length;
// encoded[i++] = 0x20;
// encoded[i++] = (byte) s.length;
// System.arraycopy(s, 0, encoded, i, s.length);
ByteArrayOutputStream bytes = new ByteArrayOutputStream();
ASN1OutputStream asn1 = new ASN1OutputStream(bytes);
ASN1EncodableVector v = new ASN1EncodableVector();
// r
v.add(new ASN1Integer(signature[0]));
// s
v.add(new ASN1Integer(signature[1]));
asn1.writeObject(new DLSequence(v));
return StringHelper.newString(context.runtime, bytes.buffer(), bytes.size());
} catch (IOException ex) {
throw newECError(context.runtime, ex.toString());
} catch (RuntimeException ex) {
throw newECError(context.runtime, ex.toString());
}
}
use of org.openecard.bouncycastle.asn1.ASN1Integer in project jruby-openssl by jruby.
the class X509CRL method sign.
@JRubyMethod
public IRubyObject sign(final ThreadContext context, final IRubyObject key, IRubyObject digest) {
final Ruby runtime = context.runtime;
final String signatureAlgorithm = getSignatureAlgorithm(runtime, (PKey) key, (Digest) digest);
final X500Name issuerName = ((X509Name) issuer).getX500Name();
final java.util.Date thisUpdate = getLastUpdate().toDate();
final X509v2CRLBuilder generator = new X509v2CRLBuilder(issuerName, thisUpdate);
final java.util.Date nextUpdate = getNextUpdate().toDate();
generator.setNextUpdate(nextUpdate);
if (revoked != null) {
for (int i = 0; i < revoked.size(); i++) {
final X509Revoked rev = (X509Revoked) revoked.entry(i);
BigInteger serial = new BigInteger(rev.callMethod(context, "serial").toString());
RubyTime t1 = (RubyTime) rev.callMethod(context, "time").callMethod(context, "getutc");
t1.setMicroseconds(0);
final Extensions revExts;
if (rev.hasExtensions()) {
final RubyArray exts = rev.extensions();
final ASN1Encodable[] array = new ASN1Encodable[exts.size()];
for (int j = 0; j < exts.size(); j++) {
final X509Extension ext = (X509Extension) exts.entry(j);
try {
array[j] = ext.toASN1Sequence();
} catch (IOException e) {
throw newCRLError(runtime, e);
}
}
revExts = Extensions.getInstance(new DERSequence(array));
} else {
revExts = null;
}
generator.addCRLEntry(serial, t1.getJavaDate(), revExts);
}
}
try {
for (int i = 0; i < extensions.size(); i++) {
X509Extension ext = (X509Extension) extensions.entry(i);
ASN1Encodable value = ext.getRealValue();
generator.addExtension(ext.getRealObjectID(), ext.isRealCritical(), value);
}
} catch (IOException e) {
throw newCRLError(runtime, e);
}
final PrivateKey privateKey = ((PKey) key).getPrivateKey();
try {
if (avoidJavaSecurity) {
// NOT IMPLEMENTED
} else {
// crl = generator.generate(((PKey) key).getPrivateKey());
}
/*
AlgorithmIdentifier keyAldID = new AlgorithmIdentifier(new ASN1ObjectIdentifier(keyAlg));
AlgorithmIdentifier digAldID = new AlgorithmIdentifier(new ASN1ObjectIdentifier(digAlg));
final BcContentSignerBuilder signerBuilder;
final AsymmetricKeyParameter signerPrivateKey;
if ( isDSA ) {
signerBuilder = new BcDSAContentSignerBuilder(keyAldID, digAldID);
DSAPrivateKey privateKey = (DSAPrivateKey) ((PKey) key).getPrivateKey();
DSAParameters params = new DSAParameters(
privateKey.getParams().getP(),
privateKey.getParams().getQ(),
privateKey.getParams().getG()
);
signerPrivateKey = new DSAPrivateKeyParameters(privateKey.getX(), params);
}
*/
ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(privateKey);
this.crlHolder = generator.build(signer);
this.crl = null;
} catch (IllegalStateException e) {
debugStackTrace(e);
throw newCRLError(runtime, e);
} catch (Exception e) {
debugStackTrace(e);
throw newCRLError(runtime, e.getMessage());
}
final ASN1Primitive crlVal = getCRLValue(runtime);
ASN1Sequence v1 = (ASN1Sequence) (((ASN1Sequence) crlVal).getObjectAt(0));
final ASN1EncodableVector build1 = new ASN1EncodableVector();
int copyIndex = 0;
if (v1.getObjectAt(0) instanceof ASN1Integer)
copyIndex++;
build1.add(new ASN1Integer(new BigInteger(version.toString())));
while (copyIndex < v1.size()) {
build1.add(v1.getObjectAt(copyIndex++));
}
final ASN1EncodableVector build2 = new ASN1EncodableVector();
build2.add(new DLSequence(build1));
build2.add(((ASN1Sequence) crlVal).getObjectAt(1));
build2.add(((ASN1Sequence) crlVal).getObjectAt(2));
this.crlValue = new DLSequence(build2);
changed = false;
return this;
}
Aggregations