Examples with ASN1Integer org.spongycastle.asn1.ASN1Integer used on opensource projects

Example 56 with ASN1Integer

use of org.spongycastle.asn1.ASN1Integer in project candlepin by candlepin.

the class X509CRLStreamWriter method write.

/**
 * Write a modified CRL to the given output stream.  This method will add each entry provided
 * via the add() method.
 *
 * @param out OutputStream to write to
 * @throws IOException if something goes wrong
 */
public void write(OutputStream out) throws IOException {
    if (!locked || !preScanned) {
        throw new IllegalStateException("The instance must be preScanned and locked before writing.");
    }
    if (emptyCrl) {
        /* An empty CRL is going to be missing the revokedCertificates sequence
             * and would require a lot of special casing during the streaming process.
             * Instead, it is easier to construct the CRL in the normal fashion using
             * BouncyCastle.  Performance should be acceptable as long as the number of
             * CRL entries being added are reasonable in number.  Something less than a
             * thousand or so should yield adequate performance.
             */
        writeToEmptyCrl(out);
        return;
    }
    originalLength = handleHeader(out);
    int tag;
    int tagNo;
    int length;
    while (originalLength > count.get()) {
        tag = readTag(crlIn, count);
        tagNo = readTagNumber(crlIn, tag, count);
        length = readLength(crlIn, count);
        byte[] entryBytes = new byte[length];
        readFullyAndTrack(crlIn, entryBytes, count);
        // We only need the serial number and not the rest of the stuff in the entry
        ASN1Integer serial = (ASN1Integer) new ASN1InputStream(entryBytes).readObject();
        if (deletedEntriesLength == 0 || !deletedEntries.contains(serial.getValue())) {
            writeTag(out, tag, tagNo, signer);
            writeLength(out, length, signer);
            writeValue(out, entryBytes, signer);
        }
    }
    // Write the new entries into the new CRL
    for (ASN1Sequence entry : newEntries) {
        writeBytes(out, entry.getEncoded(), signer);
    }
    // Copy the old extensions over
    if (newExtensions != null) {
        out.write(newExtensions);
        signer.getOutputStream().write(newExtensions, 0, newExtensions.length);
    }
    out.write(signingAlg.getEncoded());
    try {
        byte[] signature = signer.getSignature();
        ASN1BitString signatureBits = new DERBitString(signature);
        out.write(signatureBits.getEncoded());
    } catch (DataLengthException e) {
        throw new IOException("Could not sign", e);
    }
}

Example 57 with ASN1Integer

use of org.spongycastle.asn1.ASN1Integer in project open-ecard by ecsec.

the class SignStep method encodeRawRS.

private byte[] encodeRawRS(byte[] signature) throws WSHelper.WSException {
    try {
        LOG.info("Reencoding raw RS parameters as ECDSA signature.");
        int n = signature.length / 2;
        byte[] bytes = new byte[n];
        System.arraycopy(signature, 0, bytes, 0, n);
        BigInteger r = new BigInteger(1, bytes);
        System.arraycopy(signature, n, bytes, 0, n);
        BigInteger s = new BigInteger(1, bytes);
        ASN1EncodableVector v = new ASN1EncodableVector();
        v.add(new ASN1Integer(r));
        v.add(new ASN1Integer(s));
        return new DERSequence(v).getEncoded(ASN1Encoding.DER);
    } catch (IOException ex) {
        throw WSHelper.createException(WSHelper.makeResultError(ECardConstants.Minor.App.INT_ERROR, "Failed to reencode raw RS parameters as ECDSA signature."));
    }
}

Example 58 with ASN1Integer

use of org.spongycastle.asn1.ASN1Integer in project fabric-sdk-java by hyperledger.

the class CryptoPrimitives method ecdsaSignToBytes.

/**
 * Sign data with the specified elliptic curve private key.
 *
 * @param privateKey elliptic curve private key.
 * @param data       data to sign
 * @return the signed data.
 * @throws CryptoException
 */
private byte[] ecdsaSignToBytes(ECPrivateKey privateKey, byte[] data) throws CryptoException {
    try {
        X9ECParameters params = ECNamedCurveTable.getByName(curveName);
        BigInteger curveN = params.getN();
        Signature sig = SECURITY_PROVIDER == null ? Signature.getInstance(DEFAULT_SIGNATURE_ALGORITHM) : Signature.getInstance(DEFAULT_SIGNATURE_ALGORITHM, SECURITY_PROVIDER);
        sig.initSign(privateKey);
        sig.update(data);
        byte[] signature = sig.sign();
        BigInteger[] sigs = decodeECDSASignature(signature);
        sigs = preventMalleability(sigs, curveN);
        ByteArrayOutputStream s = new ByteArrayOutputStream();
        DERSequenceGenerator seq = new DERSequenceGenerator(s);
        seq.addObject(new ASN1Integer(sigs[0]));
        seq.addObject(new ASN1Integer(sigs[1]));
        seq.close();
        return s.toByteArray();
    } catch (Exception e) {
        throw new CryptoException("Could not sign the message using private key", e);
    }
}

Example 59 with ASN1Integer

use of org.spongycastle.asn1.ASN1Integer in project jruby-openssl by jruby.

the class PKeyEC method dsa_sign_asn1.

@JRubyMethod(name = "dsa_sign_asn1")
public IRubyObject dsa_sign_asn1(final ThreadContext context, final IRubyObject data) {
    try {
        ECNamedCurveParameterSpec params = ECNamedCurveTable.getParameterSpec(getCurveName());
        ASN1ObjectIdentifier oid = getCurveOID(getCurveName());
        ECNamedDomainParameters domainParams = new ECNamedDomainParameters(oid, params.getCurve(), params.getG(), params.getN(), params.getH(), params.getSeed());
        final ECDSASigner signer = new ECDSASigner();
        final ECPrivateKey privKey = (ECPrivateKey) this.privateKey;
        signer.init(true, new ECPrivateKeyParameters(privKey.getS(), domainParams));
        final byte[] message = data.convertToString().getBytes();
        // [r, s]
        BigInteger[] signature = signer.generateSignature(message);
        // final byte[] r = signature[0].toByteArray();
        // final byte[] s = signature[1].toByteArray();
        // // ASN.1 encode as: 0x30 len 0x02 rlen (r) 0x02 slen (s)
        // final int len = 1 + (1 + r.length) + 1 + (1 + s.length);
        // 
        // final byte[] encoded = new byte[1 + 1 + len]; int i;
        // encoded[0] = 0x30;
        // encoded[1] = (byte) len;
        // encoded[2] = 0x20;
        // encoded[3] = (byte) r.length;
        // System.arraycopy(r, 0, encoded, i = 4, r.length); i += r.length;
        // encoded[i++] = 0x20;
        // encoded[i++] = (byte) s.length;
        // System.arraycopy(s, 0, encoded, i, s.length);
        ByteArrayOutputStream bytes = new ByteArrayOutputStream();
        ASN1OutputStream asn1 = new ASN1OutputStream(bytes);
        ASN1EncodableVector v = new ASN1EncodableVector();
        // r
        v.add(new ASN1Integer(signature[0]));
        // s
        v.add(new ASN1Integer(signature[1]));
        asn1.writeObject(new DLSequence(v));
        return StringHelper.newString(context.runtime, bytes.buffer(), bytes.size());
    } catch (IOException ex) {
        throw newECError(context.runtime, ex.toString());
    } catch (RuntimeException ex) {
        throw newECError(context.runtime, ex.toString());
    }
}

Example 60 with ASN1Integer

use of org.spongycastle.asn1.ASN1Integer in project jruby-openssl by jruby.

the class X509CRL method sign.

@JRubyMethod
public IRubyObject sign(final ThreadContext context, final IRubyObject key, IRubyObject digest) {
    final Ruby runtime = context.runtime;
    final String signatureAlgorithm = getSignatureAlgorithm(runtime, (PKey) key, (Digest) digest);
    final X500Name issuerName = ((X509Name) issuer).getX500Name();
    final java.util.Date thisUpdate = getLastUpdate().toDate();
    final X509v2CRLBuilder generator = new X509v2CRLBuilder(issuerName, thisUpdate);
    final java.util.Date nextUpdate = getNextUpdate().toDate();
    generator.setNextUpdate(nextUpdate);
    if (revoked != null) {
        for (int i = 0; i < revoked.size(); i++) {
            final X509Revoked rev = (X509Revoked) revoked.entry(i);
            BigInteger serial = new BigInteger(rev.callMethod(context, "serial").toString());
            RubyTime t1 = (RubyTime) rev.callMethod(context, "time").callMethod(context, "getutc");
            t1.setMicroseconds(0);
            final Extensions revExts;
            if (rev.hasExtensions()) {
                final RubyArray exts = rev.extensions();
                final ASN1Encodable[] array = new ASN1Encodable[exts.size()];
                for (int j = 0; j < exts.size(); j++) {
                    final X509Extension ext = (X509Extension) exts.entry(j);
                    try {
                        array[j] = ext.toASN1Sequence();
                    } catch (IOException e) {
                        throw newCRLError(runtime, e);
                    }
                }
                revExts = Extensions.getInstance(new DERSequence(array));
            } else {
                revExts = null;
            }
            generator.addCRLEntry(serial, t1.getJavaDate(), revExts);
        }
    }
    try {
        for (int i = 0; i < extensions.size(); i++) {
            X509Extension ext = (X509Extension) extensions.entry(i);
            ASN1Encodable value = ext.getRealValue();
            generator.addExtension(ext.getRealObjectID(), ext.isRealCritical(), value);
        }
    } catch (IOException e) {
        throw newCRLError(runtime, e);
    }
    final PrivateKey privateKey = ((PKey) key).getPrivateKey();
    try {
        if (avoidJavaSecurity) {
        // NOT IMPLEMENTED
        } else {
        // crl = generator.generate(((PKey) key).getPrivateKey());
        }
        /*
            AlgorithmIdentifier keyAldID = new AlgorithmIdentifier(new ASN1ObjectIdentifier(keyAlg));
            AlgorithmIdentifier digAldID = new AlgorithmIdentifier(new ASN1ObjectIdentifier(digAlg));
            final BcContentSignerBuilder signerBuilder;
            final AsymmetricKeyParameter signerPrivateKey;
            if ( isDSA ) {
                signerBuilder = new BcDSAContentSignerBuilder(keyAldID, digAldID);
                DSAPrivateKey privateKey = (DSAPrivateKey) ((PKey) key).getPrivateKey();
                DSAParameters params = new DSAParameters(
                        privateKey.getParams().getP(),
                        privateKey.getParams().getQ(),
                        privateKey.getParams().getG()
                );
                signerPrivateKey = new DSAPrivateKeyParameters(privateKey.getX(), params);
            }
            */
        ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(privateKey);
        this.crlHolder = generator.build(signer);
        this.crl = null;
    } catch (IllegalStateException e) {
        debugStackTrace(e);
        throw newCRLError(runtime, e);
    } catch (Exception e) {
        debugStackTrace(e);
        throw newCRLError(runtime, e.getMessage());
    }
    final ASN1Primitive crlVal = getCRLValue(runtime);
    ASN1Sequence v1 = (ASN1Sequence) (((ASN1Sequence) crlVal).getObjectAt(0));
    final ASN1EncodableVector build1 = new ASN1EncodableVector();
    int copyIndex = 0;
    if (v1.getObjectAt(0) instanceof ASN1Integer)
        copyIndex++;
    build1.add(new ASN1Integer(new BigInteger(version.toString())));
    while (copyIndex < v1.size()) {
        build1.add(v1.getObjectAt(copyIndex++));
    }
    final ASN1EncodableVector build2 = new ASN1EncodableVector();
    build2.add(new DLSequence(build1));
    build2.add(((ASN1Sequence) crlVal).getObjectAt(1));
    build2.add(((ASN1Sequence) crlVal).getObjectAt(2));
    this.crlValue = new DLSequence(build2);
    changed = false;
    return this;
}