Search in sources :

Example 56 with ASN1Integer

use of org.openecard.bouncycastle.asn1.ASN1Integer in project candlepin by candlepin.

the class X509CRLStreamWriter method write.

/**
 * Write a modified CRL to the given output stream.  This method will add each entry provided
 * via the add() method.
 *
 * @param out OutputStream to write to
 * @throws IOException if something goes wrong
 */
public void write(OutputStream out) throws IOException {
    if (!locked || !preScanned) {
        throw new IllegalStateException("The instance must be preScanned and locked before writing.");
    }
    if (emptyCrl) {
        /* An empty CRL is going to be missing the revokedCertificates sequence
             * and would require a lot of special casing during the streaming process.
             * Instead, it is easier to construct the CRL in the normal fashion using
             * BouncyCastle.  Performance should be acceptable as long as the number of
             * CRL entries being added are reasonable in number.  Something less than a
             * thousand or so should yield adequate performance.
             */
        writeToEmptyCrl(out);
        return;
    }
    originalLength = handleHeader(out);
    int tag;
    int tagNo;
    int length;
    while (originalLength > count.get()) {
        tag = readTag(crlIn, count);
        tagNo = readTagNumber(crlIn, tag, count);
        length = readLength(crlIn, count);
        byte[] entryBytes = new byte[length];
        readFullyAndTrack(crlIn, entryBytes, count);
        // We only need the serial number and not the rest of the stuff in the entry
        ASN1Integer serial = (ASN1Integer) new ASN1InputStream(entryBytes).readObject();
        if (deletedEntriesLength == 0 || !deletedEntries.contains(serial.getValue())) {
            writeTag(out, tag, tagNo, signer);
            writeLength(out, length, signer);
            writeValue(out, entryBytes, signer);
        }
    }
    // Write the new entries into the new CRL
    for (ASN1Sequence entry : newEntries) {
        writeBytes(out, entry.getEncoded(), signer);
    }
    // Copy the old extensions over
    if (newExtensions != null) {
        out.write(newExtensions);
        signer.getOutputStream().write(newExtensions, 0, newExtensions.length);
    }
    out.write(signingAlg.getEncoded());
    try {
        byte[] signature = signer.getSignature();
        ASN1BitString signatureBits = new DERBitString(signature);
        out.write(signatureBits.getEncoded());
    } catch (DataLengthException e) {
        throw new IOException("Could not sign", e);
    }
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DataLengthException(org.bouncycastle.crypto.DataLengthException) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) ASN1BitString(org.bouncycastle.asn1.ASN1BitString)

Example 57 with ASN1Integer

use of org.openecard.bouncycastle.asn1.ASN1Integer in project open-ecard by ecsec.

the class SignStep method encodeRawRS.

private byte[] encodeRawRS(byte[] signature) throws WSHelper.WSException {
    try {
        LOG.info("Reencoding raw RS parameters as ECDSA signature.");
        int n = signature.length / 2;
        byte[] bytes = new byte[n];
        System.arraycopy(signature, 0, bytes, 0, n);
        BigInteger r = new BigInteger(1, bytes);
        System.arraycopy(signature, n, bytes, 0, n);
        BigInteger s = new BigInteger(1, bytes);
        ASN1EncodableVector v = new ASN1EncodableVector();
        v.add(new ASN1Integer(r));
        v.add(new ASN1Integer(s));
        return new DERSequence(v).getEncoded(ASN1Encoding.DER);
    } catch (IOException ex) {
        throw WSHelper.createException(WSHelper.makeResultError(ECardConstants.Minor.App.INT_ERROR, "Failed to reencode raw RS parameters as ECDSA signature."));
    }
}
Also used : DERSequence(org.openecard.bouncycastle.asn1.DERSequence) BigInteger(java.math.BigInteger) ASN1EncodableVector(org.openecard.bouncycastle.asn1.ASN1EncodableVector) ASN1Integer(org.openecard.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException)

Example 58 with ASN1Integer

use of org.openecard.bouncycastle.asn1.ASN1Integer in project fabric-sdk-java by hyperledger.

the class CryptoPrimitives method ecdsaSignToBytes.

/**
 * Sign data with the specified elliptic curve private key.
 *
 * @param privateKey elliptic curve private key.
 * @param data       data to sign
 * @return the signed data.
 * @throws CryptoException
 */
private byte[] ecdsaSignToBytes(ECPrivateKey privateKey, byte[] data) throws CryptoException {
    try {
        X9ECParameters params = ECNamedCurveTable.getByName(curveName);
        BigInteger curveN = params.getN();
        Signature sig = SECURITY_PROVIDER == null ? Signature.getInstance(DEFAULT_SIGNATURE_ALGORITHM) : Signature.getInstance(DEFAULT_SIGNATURE_ALGORITHM, SECURITY_PROVIDER);
        sig.initSign(privateKey);
        sig.update(data);
        byte[] signature = sig.sign();
        BigInteger[] sigs = decodeECDSASignature(signature);
        sigs = preventMalleability(sigs, curveN);
        ByteArrayOutputStream s = new ByteArrayOutputStream();
        DERSequenceGenerator seq = new DERSequenceGenerator(s);
        seq.addObject(new ASN1Integer(sigs[0]));
        seq.addObject(new ASN1Integer(sigs[1]));
        seq.close();
        return s.toByteArray();
    } catch (Exception e) {
        throw new CryptoException("Could not sign the message using private key", e);
    }
}
Also used : X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters) Signature(java.security.Signature) BigInteger(java.math.BigInteger) DERSequenceGenerator(org.bouncycastle.asn1.DERSequenceGenerator) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) CryptoException(org.hyperledger.fabric.sdk.exception.CryptoException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) KeyStoreException(java.security.KeyStoreException) CertPathValidatorException(java.security.cert.CertPathValidatorException) InvalidArgumentException(org.hyperledger.fabric.sdk.exception.InvalidArgumentException) SignatureException(java.security.SignatureException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) CryptoException(org.hyperledger.fabric.sdk.exception.CryptoException)

Example 59 with ASN1Integer

use of org.openecard.bouncycastle.asn1.ASN1Integer in project jruby-openssl by jruby.

the class PKeyEC method dsa_sign_asn1.

@JRubyMethod(name = "dsa_sign_asn1")
public IRubyObject dsa_sign_asn1(final ThreadContext context, final IRubyObject data) {
    try {
        ECNamedCurveParameterSpec params = ECNamedCurveTable.getParameterSpec(getCurveName());
        ASN1ObjectIdentifier oid = getCurveOID(getCurveName());
        ECNamedDomainParameters domainParams = new ECNamedDomainParameters(oid, params.getCurve(), params.getG(), params.getN(), params.getH(), params.getSeed());
        final ECDSASigner signer = new ECDSASigner();
        final ECPrivateKey privKey = (ECPrivateKey) this.privateKey;
        signer.init(true, new ECPrivateKeyParameters(privKey.getS(), domainParams));
        final byte[] message = data.convertToString().getBytes();
        // [r, s]
        BigInteger[] signature = signer.generateSignature(message);
        // final byte[] r = signature[0].toByteArray();
        // final byte[] s = signature[1].toByteArray();
        // // ASN.1 encode as: 0x30 len 0x02 rlen (r) 0x02 slen (s)
        // final int len = 1 + (1 + r.length) + 1 + (1 + s.length);
        // 
        // final byte[] encoded = new byte[1 + 1 + len]; int i;
        // encoded[0] = 0x30;
        // encoded[1] = (byte) len;
        // encoded[2] = 0x20;
        // encoded[3] = (byte) r.length;
        // System.arraycopy(r, 0, encoded, i = 4, r.length); i += r.length;
        // encoded[i++] = 0x20;
        // encoded[i++] = (byte) s.length;
        // System.arraycopy(s, 0, encoded, i, s.length);
        ByteArrayOutputStream bytes = new ByteArrayOutputStream();
        ASN1OutputStream asn1 = new ASN1OutputStream(bytes);
        ASN1EncodableVector v = new ASN1EncodableVector();
        // r
        v.add(new ASN1Integer(signature[0]));
        // s
        v.add(new ASN1Integer(signature[1]));
        asn1.writeObject(new DLSequence(v));
        return StringHelper.newString(context.runtime, bytes.buffer(), bytes.size());
    } catch (IOException ex) {
        throw newECError(context.runtime, ex.toString());
    } catch (RuntimeException ex) {
        throw newECError(context.runtime, ex.toString());
    }
}
Also used : PKey.readECPrivateKey(org.jruby.ext.openssl.impl.PKey.readECPrivateKey) ECPrivateKey(java.security.interfaces.ECPrivateKey) ECDSASigner(org.bouncycastle.crypto.signers.ECDSASigner) ECNamedDomainParameters(org.bouncycastle.crypto.params.ECNamedDomainParameters) ByteArrayOutputStream(org.jruby.ext.openssl.util.ByteArrayOutputStream) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) ASN1OutputStream(org.bouncycastle.asn1.ASN1OutputStream) ECPrivateKeyParameters(org.bouncycastle.crypto.params.ECPrivateKeyParameters) DLSequence(org.bouncycastle.asn1.DLSequence) ECNamedCurveParameterSpec(org.bouncycastle.jce.spec.ECNamedCurveParameterSpec) BigInteger(java.math.BigInteger) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) JRubyMethod(org.jruby.anno.JRubyMethod)

Example 60 with ASN1Integer

use of org.openecard.bouncycastle.asn1.ASN1Integer in project jruby-openssl by jruby.

the class X509CRL method sign.

@JRubyMethod
public IRubyObject sign(final ThreadContext context, final IRubyObject key, IRubyObject digest) {
    final Ruby runtime = context.runtime;
    final String signatureAlgorithm = getSignatureAlgorithm(runtime, (PKey) key, (Digest) digest);
    final X500Name issuerName = ((X509Name) issuer).getX500Name();
    final java.util.Date thisUpdate = getLastUpdate().toDate();
    final X509v2CRLBuilder generator = new X509v2CRLBuilder(issuerName, thisUpdate);
    final java.util.Date nextUpdate = getNextUpdate().toDate();
    generator.setNextUpdate(nextUpdate);
    if (revoked != null) {
        for (int i = 0; i < revoked.size(); i++) {
            final X509Revoked rev = (X509Revoked) revoked.entry(i);
            BigInteger serial = new BigInteger(rev.callMethod(context, "serial").toString());
            RubyTime t1 = (RubyTime) rev.callMethod(context, "time").callMethod(context, "getutc");
            t1.setMicroseconds(0);
            final Extensions revExts;
            if (rev.hasExtensions()) {
                final RubyArray exts = rev.extensions();
                final ASN1Encodable[] array = new ASN1Encodable[exts.size()];
                for (int j = 0; j < exts.size(); j++) {
                    final X509Extension ext = (X509Extension) exts.entry(j);
                    try {
                        array[j] = ext.toASN1Sequence();
                    } catch (IOException e) {
                        throw newCRLError(runtime, e);
                    }
                }
                revExts = Extensions.getInstance(new DERSequence(array));
            } else {
                revExts = null;
            }
            generator.addCRLEntry(serial, t1.getJavaDate(), revExts);
        }
    }
    try {
        for (int i = 0; i < extensions.size(); i++) {
            X509Extension ext = (X509Extension) extensions.entry(i);
            ASN1Encodable value = ext.getRealValue();
            generator.addExtension(ext.getRealObjectID(), ext.isRealCritical(), value);
        }
    } catch (IOException e) {
        throw newCRLError(runtime, e);
    }
    final PrivateKey privateKey = ((PKey) key).getPrivateKey();
    try {
        if (avoidJavaSecurity) {
        // NOT IMPLEMENTED
        } else {
        // crl = generator.generate(((PKey) key).getPrivateKey());
        }
        /*
            AlgorithmIdentifier keyAldID = new AlgorithmIdentifier(new ASN1ObjectIdentifier(keyAlg));
            AlgorithmIdentifier digAldID = new AlgorithmIdentifier(new ASN1ObjectIdentifier(digAlg));
            final BcContentSignerBuilder signerBuilder;
            final AsymmetricKeyParameter signerPrivateKey;
            if ( isDSA ) {
                signerBuilder = new BcDSAContentSignerBuilder(keyAldID, digAldID);
                DSAPrivateKey privateKey = (DSAPrivateKey) ((PKey) key).getPrivateKey();
                DSAParameters params = new DSAParameters(
                        privateKey.getParams().getP(),
                        privateKey.getParams().getQ(),
                        privateKey.getParams().getG()
                );
                signerPrivateKey = new DSAPrivateKeyParameters(privateKey.getX(), params);
            }
            */
        ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(privateKey);
        this.crlHolder = generator.build(signer);
        this.crl = null;
    } catch (IllegalStateException e) {
        debugStackTrace(e);
        throw newCRLError(runtime, e);
    } catch (Exception e) {
        debugStackTrace(e);
        throw newCRLError(runtime, e.getMessage());
    }
    final ASN1Primitive crlVal = getCRLValue(runtime);
    ASN1Sequence v1 = (ASN1Sequence) (((ASN1Sequence) crlVal).getObjectAt(0));
    final ASN1EncodableVector build1 = new ASN1EncodableVector();
    int copyIndex = 0;
    if (v1.getObjectAt(0) instanceof ASN1Integer)
        copyIndex++;
    build1.add(new ASN1Integer(new BigInteger(version.toString())));
    while (copyIndex < v1.size()) {
        build1.add(v1.getObjectAt(copyIndex++));
    }
    final ASN1EncodableVector build2 = new ASN1EncodableVector();
    build2.add(new DLSequence(build1));
    build2.add(((ASN1Sequence) crlVal).getObjectAt(1));
    build2.add(((ASN1Sequence) crlVal).getObjectAt(2));
    this.crlValue = new DLSequence(build2);
    changed = false;
    return this;
}
Also used : RubyTime(org.jruby.RubyTime) PrivateKey(java.security.PrivateKey) RubyArray(org.jruby.RubyArray) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) RubyString(org.jruby.RubyString) X500Name(org.bouncycastle.asn1.x500.X500Name) Extensions(org.bouncycastle.asn1.x509.Extensions) DERSequence(org.bouncycastle.asn1.DERSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) Ruby(org.jruby.Ruby) ContentSigner(org.bouncycastle.operator.ContentSigner) IOException(java.io.IOException) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) RaiseException(org.jruby.exceptions.RaiseException) GeneralSecurityException(java.security.GeneralSecurityException) CRLException(java.security.cert.CRLException) IOException(java.io.IOException) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DLSequence(org.bouncycastle.asn1.DLSequence) BigInteger(java.math.BigInteger) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) JRubyMethod(org.jruby.anno.JRubyMethod)

Aggregations

ASN1Integer (org.bouncycastle.asn1.ASN1Integer)120 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)54 DERSequence (org.bouncycastle.asn1.DERSequence)48 IOException (java.io.IOException)43 BigInteger (java.math.BigInteger)43 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)39 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)28 DEROctetString (org.bouncycastle.asn1.DEROctetString)21 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)20 ArrayList (java.util.ArrayList)18 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)18 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)15 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)15 X509Certificate (java.security.cert.X509Certificate)14 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)14 Date (java.util.Date)12 DLSequence (org.bouncycastle.asn1.DLSequence)12 KeyPair (java.security.KeyPair)11 HashMap (java.util.HashMap)11 HashSet (java.util.HashSet)11