Example 51 with DEROctetString
use of org.spongycastle.asn1.DEROctetString in project xipki by xipki.
the class Foo method createRequest.
private static byte[] createRequest(Control control) throws Exception {
GeneralName requestorName = control.withRequestName ? new GeneralName(new X500Name("CN=requestor1")) : null;
AlgorithmIdentifier algId1 = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE);
CertID certId1 = new CertID(algId1, new DEROctetString(newBytes(20, (byte) 0x11)), new DEROctetString(newBytes(20, (byte) 0x12)), new ASN1Integer(BigInteger.valueOf(0x1234)));
Request request1 = new Request(certId1, null);
AlgorithmIdentifier algId2 = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1);
CertID certId2 = new CertID(algId2, new DEROctetString(newBytes(20, (byte) 0x21)), new DEROctetString(newBytes(20, (byte) 0x22)), new ASN1Integer(BigInteger.valueOf(0x1235)));
Request request2 = new Request(certId2, new Extensions(new Extension(ObjectIdentifiers.id_ad_timeStamping, false, newBytes(30, (byte) 0x33))));
// CHECKSTYLE:SKIP
ASN1Sequence requestList = new DERSequence(new ASN1Encodable[] { request1, request2 });
Extensions requestExtensions = null;
if (control.withNonce || control.withPrefSigAlgs) {
int size = 0;
if (control.withNonce) {
size++;
}
if (control.withPrefSigAlgs) {
size++;
}
Extension[] arrays = new Extension[size];
int offset = 0;
if (control.withNonce) {
arrays[offset++] = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, control.extensionCritical, newBytes(20, (byte) 0x44));
}
if (control.withPrefSigAlgs) {
AlgorithmIdentifier sigAlg1 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256WithRSAEncryption, DERNull.INSTANCE);
AlgorithmIdentifier sigAlg2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption, DERNull.INSTANCE);
ASN1Sequence seq = new DERSequence(new ASN1Encodable[] { sigAlg1, sigAlg2 });
arrays[offset++] = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_pref_sig_algs, control.extensionCritical, seq.getEncoded());
}
requestExtensions = new Extensions(arrays);
}
ASN1EncodableVector vec = new ASN1EncodableVector();
if (control.version != 0) {
vec.add(new DERTaggedObject(true, 0, new ASN1Integer(BigInteger.valueOf(control.version))));
}
if (requestorName != null) {
vec.add(new DERTaggedObject(true, 1, requestorName));
}
vec.add(requestList);
if (requestExtensions != null) {
vec.add(new DERTaggedObject(true, 2, requestExtensions));
}
TBSRequest tbsRequest = TBSRequest.getInstance(new DERSequence(vec));
Signature sig = null;
if (control.withSignature) {
sig = new Signature(new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption), new DERBitString(newBytes(256, (byte) 0xFF)));
}
return new OCSPRequest(tbsRequest, sig).getEncoded();
}
Also used :
CertID(org.bouncycastle.asn1.ocsp.CertID)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
OCSPRequest(org.bouncycastle.asn1.ocsp.OCSPRequest)
OcspRequest(org.xipki.ocsp.server.impl.type.OcspRequest)
TBSRequest(org.bouncycastle.asn1.ocsp.TBSRequest)
Request(org.bouncycastle.asn1.ocsp.Request)
DERBitString(org.bouncycastle.asn1.DERBitString)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
Extensions(org.bouncycastle.asn1.x509.Extensions)
TBSRequest(org.bouncycastle.asn1.ocsp.TBSRequest)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Extension(org.bouncycastle.asn1.x509.Extension)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DERSequence(org.bouncycastle.asn1.DERSequence)
Signature(org.bouncycastle.asn1.ocsp.Signature)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
OCSPRequest(org.bouncycastle.asn1.ocsp.OCSPRequest)
Example 52 with DEROctetString
use of org.spongycastle.asn1.DEROctetString in project xipki by xipki.
the class EmulatorP11Slot method savePkcs11PublicKey.
private void savePkcs11PublicKey(byte[] id, String label, PublicKey publicKey) throws P11TokenException {
String hexId = hex(id);
StringBuilder sb = new StringBuilder(100);
sb.append(PROP_ID).append('=').append(hexId).append('\n');
sb.append(PROP_LABEL).append('=').append(label).append('\n');
if (publicKey instanceof RSAPublicKey) {
sb.append(PROP_ALGORITHM).append('=').append(PKCSObjectIdentifiers.rsaEncryption.getId()).append('\n');
RSAPublicKey rsaKey = (RSAPublicKey) publicKey;
sb.append(PROP_RSA_MODUS).append('=').append(hex(rsaKey.getModulus().toByteArray())).append('\n');
sb.append(PROP_RSA_PUBLIC_EXPONENT).append('=').append(hex(rsaKey.getPublicExponent().toByteArray())).append('\n');
} else if (publicKey instanceof DSAPublicKey) {
sb.append(PROP_ALGORITHM).append('=').append(X9ObjectIdentifiers.id_dsa.getId()).append('\n');
DSAPublicKey dsaKey = (DSAPublicKey) publicKey;
sb.append(PROP_DSA_PRIME).append('=').append(hex(dsaKey.getParams().getP().toByteArray())).append('\n');
sb.append(PROP_DSA_SUBPRIME).append('=').append(hex(dsaKey.getParams().getQ().toByteArray())).append('\n');
sb.append(PROP_DSA_BASE).append('=').append(hex(dsaKey.getParams().getG().toByteArray())).append('\n');
sb.append(PROP_DSA_VALUE).append('=').append(hex(dsaKey.getY().toByteArray())).append('\n');
} else if (publicKey instanceof ECPublicKey) {
sb.append(PROP_ALGORITHM).append('=').append(X9ObjectIdentifiers.id_ecPublicKey.getId()).append('\n');
ECPublicKey ecKey = (ECPublicKey) publicKey;
ECParameterSpec paramSpec = ecKey.getParams();
// ecdsaParams
org.bouncycastle.jce.spec.ECParameterSpec bcParamSpec = EC5Util.convertSpec(paramSpec, false);
ASN1ObjectIdentifier curveOid = ECUtil.getNamedCurveOid(bcParamSpec);
if (curveOid == null) {
throw new P11TokenException("EC public key is not of namedCurve");
}
byte[] encodedParams;
try {
if (namedCurveSupported) {
encodedParams = curveOid.getEncoded();
} else {
encodedParams = ECNamedCurveTable.getByOID(curveOid).getEncoded();
}
} catch (IOException | NullPointerException ex) {
throw new P11TokenException(ex.getMessage(), ex);
}
sb.append(PROP_EC_ECDSA_PARAMS).append('=').append(hex(encodedParams)).append('\n');
// EC point
java.security.spec.ECPoint pointW = ecKey.getW();
int keysize = (paramSpec.getOrder().bitLength() + 7) / 8;
byte[] ecPoint = new byte[1 + keysize * 2];
// uncompressed
ecPoint[0] = 4;
bigIntToBytes("Wx", pointW.getAffineX(), ecPoint, 1, keysize);
bigIntToBytes("Wy", pointW.getAffineY(), ecPoint, 1 + keysize, keysize);
byte[] encodedEcPoint;
try {
encodedEcPoint = new DEROctetString(ecPoint).getEncoded();
} catch (IOException ex) {
throw new P11TokenException("could not ASN.1 encode the ECPoint");
}
sb.append(PROP_EC_EC_POINT).append('=').append(hex(encodedEcPoint)).append('\n');
} else {
throw new IllegalArgumentException("unsupported public key " + publicKey.getClass().getName());
}
try {
IoUtil.save(new File(pubKeyDir, hexId + INFO_FILE_SUFFIX), sb.toString().getBytes());
} catch (IOException ex) {
throw new P11TokenException(ex.getMessage(), ex);
}
}
Also used :
P11TokenException(org.xipki.security.exception.P11TokenException)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
IOException(java.io.IOException)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
ECPublicKey(java.security.interfaces.ECPublicKey)
ECParameterSpec(java.security.spec.ECParameterSpec)
File(java.io.File)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 53 with DEROctetString
use of org.spongycastle.asn1.DEROctetString in project xipki by xipki.
the class AbstractOcspRequestor method buildRequest.
// method ask
private OCSPRequest buildRequest(X509Certificate caCert, BigInteger[] serialNumbers, byte[] nonce, RequestOptions requestOptions) throws OcspRequestorException {
HashAlgo hashAlgo = HashAlgo.getInstance(requestOptions.getHashAlgorithmId());
if (hashAlgo == null) {
throw new OcspRequestorException("unknown HashAlgo " + requestOptions.getHashAlgorithmId().getId());
}
List<AlgorithmIdentifier> prefSigAlgs = requestOptions.getPreferredSignatureAlgorithms();
XiOCSPReqBuilder reqBuilder = new XiOCSPReqBuilder();
List<Extension> extensions = new LinkedList<>();
if (nonce != null) {
extensions.add(new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonce)));
}
if (prefSigAlgs != null && prefSigAlgs.size() > 0) {
ASN1EncodableVector vec = new ASN1EncodableVector();
for (AlgorithmIdentifier algId : prefSigAlgs) {
vec.add(new DERSequence(algId));
}
ASN1Sequence extnValue = new DERSequence(vec);
Extension extn;
try {
extn = new Extension(ObjectIdentifiers.id_pkix_ocsp_prefSigAlgs, false, new DEROctetString(extnValue));
} catch (IOException ex) {
throw new OcspRequestorException(ex.getMessage(), ex);
}
extensions.add(extn);
}
if (CollectionUtil.isNonEmpty(extensions)) {
reqBuilder.setRequestExtensions(new Extensions(extensions.toArray(new Extension[0])));
}
try {
DEROctetString issuerNameHash = new DEROctetString(hashAlgo.hash(caCert.getSubjectX500Principal().getEncoded()));
TBSCertificate tbsCert;
try {
tbsCert = TBSCertificate.getInstance(caCert.getTBSCertificate());
} catch (CertificateEncodingException ex) {
throw new OcspRequestorException(ex);
}
DEROctetString issuerKeyHash = new DEROctetString(hashAlgo.hash(tbsCert.getSubjectPublicKeyInfo().getPublicKeyData().getOctets()));
for (BigInteger serialNumber : serialNumbers) {
CertID certId = new CertID(hashAlgo.getAlgorithmIdentifier(), issuerNameHash, issuerKeyHash, new ASN1Integer(serialNumber));
reqBuilder.addRequest(certId);
}
if (requestOptions.isSignRequest()) {
synchronized (signerLock) {
if (signer == null) {
if (StringUtil.isBlank(signerType)) {
throw new OcspRequestorException("signerType is not configured");
}
if (StringUtil.isBlank(signerConf)) {
throw new OcspRequestorException("signerConf is not configured");
}
X509Certificate cert = null;
if (StringUtil.isNotBlank(signerCertFile)) {
try {
cert = X509Util.parseCert(signerCertFile);
} catch (CertificateException ex) {
throw new OcspRequestorException("could not parse certificate " + signerCertFile + ": " + ex.getMessage());
}
}
try {
signer = getSecurityFactory().createSigner(signerType, new SignerConf(signerConf), cert);
} catch (Exception ex) {
throw new OcspRequestorException("could not create signer: " + ex.getMessage());
}
}
// end if
}
// end synchronized
reqBuilder.setRequestorName(signer.getBcCertificate().getSubject());
X509CertificateHolder[] certChain0 = signer.getBcCertificateChain();
Certificate[] certChain = new Certificate[certChain0.length];
for (int i = 0; i < certChain.length; i++) {
certChain[i] = certChain0[i].toASN1Structure();
}
ConcurrentBagEntrySigner signer0;
try {
signer0 = signer.borrowSigner();
} catch (NoIdleSignerException ex) {
throw new OcspRequestorException("NoIdleSignerException: " + ex.getMessage());
}
try {
return reqBuilder.build(signer0.value(), certChain);
} finally {
signer.requiteSigner(signer0);
}
} else {
return reqBuilder.build();
}
// end if
} catch (OCSPException | IOException ex) {
throw new OcspRequestorException(ex.getMessage(), ex);
}
}
Also used :
HashAlgo(org.xipki.security.HashAlgo)
CertID(org.bouncycastle.asn1.ocsp.CertID)
CertificateException(java.security.cert.CertificateException)
Extensions(org.bouncycastle.asn1.x509.Extensions)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DERSequence(org.bouncycastle.asn1.DERSequence)
OCSPException(org.bouncycastle.cert.ocsp.OCSPException)
NoIdleSignerException(org.xipki.security.exception.NoIdleSignerException)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)
OcspRequestorException(org.xipki.ocsp.client.api.OcspRequestorException)
SignerConf(org.xipki.security.SignerConf)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
ConcurrentBagEntrySigner(org.xipki.security.ConcurrentBagEntrySigner)
LinkedList(java.util.LinkedList)
X509Certificate(java.security.cert.X509Certificate)
OcspNonceUnmatchedException(org.xipki.ocsp.client.api.OcspNonceUnmatchedException)
OCSPException(org.bouncycastle.cert.ocsp.OCSPException)
OcspResponseException(org.xipki.ocsp.client.api.OcspResponseException)
OcspRequestorException(org.xipki.ocsp.client.api.OcspRequestorException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
NoIdleSignerException(org.xipki.security.exception.NoIdleSignerException)
ResponderUnreachableException(org.xipki.ocsp.client.api.ResponderUnreachableException)
OcspTargetUnmatchedException(org.xipki.ocsp.client.api.OcspTargetUnmatchedException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
InvalidOcspResponseException(org.xipki.ocsp.client.api.InvalidOcspResponseException)
Extension(org.bouncycastle.asn1.x509.Extension)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)
Example 54 with DEROctetString
use of org.spongycastle.asn1.DEROctetString in project xipki by xipki.
the class Asn1ImportSecretKeyParams method toASN1Primitive.
@Override
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector vector = new ASN1EncodableVector();
vector.add(new Asn1P11SlotIdentifier(slotId));
vector.add(new DERUTF8String(label));
vector.add(new ASN1Integer(keyType));
vector.add(new DEROctetString(keyValue));
return new DERSequence(vector);
}
Also used :
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Example 55 with DEROctetString
use of org.spongycastle.asn1.DEROctetString in project xipki by xipki.
the class Asn1P11ObjectIdentifier method toASN1Primitive.
@Override
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector vec = new ASN1EncodableVector();
vec.add(new DEROctetString(objectId.getId()));
vec.add(new DERUTF8String(objectId.getLabel()));
return new DERSequence(vec);
}
Also used :
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Aggregations
DEROctetString (org.bouncycastle.asn1.DEROctetString)84
IOException (java.io.IOException)38
DERSequence (org.bouncycastle.asn1.DERSequence)29
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)28
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)26
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)21
DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)19
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)18
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)16
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)16
Extension (org.bouncycastle.asn1.x509.Extension)16
BigInteger (java.math.BigInteger)13
Date (java.util.Date)11
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)11
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)11
DERSet (org.bouncycastle.asn1.DERSet)10
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)10
Extensions (org.bouncycastle.asn1.x509.Extensions)10
X509Certificate (java.security.cert.X509Certificate)8
ArrayList (java.util.ArrayList)8
