Example 76 with DEROctetString
use of org.spongycastle.asn1.DEROctetString in project candlepin by candlepin.
the class X509CRLStreamWriter method readAndReplaceTime.
/**
* Replace a time in the ASN1 with the current time.
*
* @param out
* @param tagNo
* @return the time that was replaced
* @throws IOException
*/
protected Date readAndReplaceTime(OutputStream out, int tagNo) throws IOException {
int originalLength = readLength(crlIn, null);
byte[] oldBytes = new byte[originalLength];
readFullyAndTrack(crlIn, oldBytes, null);
ASN1Object oldTime;
ASN1Object newTime;
if (tagNo == UTC_TIME) {
ASN1TaggedObject t = new DERTaggedObject(UTC_TIME, new DEROctetString(oldBytes));
oldTime = ASN1UTCTime.getInstance(t, false);
newTime = new DERUTCTime(new Date());
} else {
ASN1TaggedObject t = new DERTaggedObject(GENERALIZED_TIME, new DEROctetString(oldBytes));
oldTime = ASN1GeneralizedTime.getInstance(t, false);
newTime = new DERGeneralizedTime(new Date());
}
writeNewTime(out, newTime, originalLength);
return Time.getInstance(oldTime).getDate();
}
Also used :
DERGeneralizedTime(org.bouncycastle.asn1.DERGeneralizedTime)
DERUTCTime(org.bouncycastle.asn1.DERUTCTime)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
ASN1Object(org.bouncycastle.asn1.ASN1Object)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Date(java.util.Date)
Example 77 with DEROctetString
use of org.spongycastle.asn1.DEROctetString in project candlepin by candlepin.
the class X509CRLStreamWriterTest method testIncrementsExtensions.
@Test
public void testIncrementsExtensions() throws Exception {
File crlToChange = writeCRL(createCRL());
X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic());
stream.preScan(crlToChange).lock();
OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile));
stream.write(o);
o.close();
X509CRL changedCrl = readCRL();
byte[] val = changedCrl.getExtensionValue(Extension.cRLNumber.getId());
DEROctetString s = (DEROctetString) DERTaggedObject.fromByteArray(val);
ASN1Integer i = (ASN1Integer) DERTaggedObject.fromByteArray(s.getOctets());
assertTrue("CRL Number not incremented", i.getValue().compareTo(BigInteger.ONE) > 0);
}
Also used :
X509CRL(java.security.cert.X509CRL)
BufferedOutputStream(java.io.BufferedOutputStream)
OutputStream(java.io.OutputStream)
FileOutputStream(java.io.FileOutputStream)
FileOutputStream(java.io.FileOutputStream)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
File(java.io.File)
BufferedOutputStream(java.io.BufferedOutputStream)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Test(org.junit.Test)
Example 78 with DEROctetString
use of org.spongycastle.asn1.DEROctetString in project candlepin by candlepin.
the class X509CRLStreamWriterTest method testAddEntryToEmptyCRL.
@Test
public void testAddEntryToEmptyCRL() throws Exception {
Date oneHourAgo = new Date(new Date().getTime() - 60L * 60L * 1000L);
Date oneHourHence = new Date(new Date().getTime() + 60L * 60L * 1000L);
X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuer, oneHourAgo);
AuthorityKeyIdentifier identifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic());
crlBuilder.addExtension(Extension.authorityKeyIdentifier, false, identifier);
/* With a CRL number of 127, incrementing it should cause the number of bytes in the length
* portion of the TLV to increase by one.*/
crlBuilder.addExtension(Extension.cRLNumber, false, new CRLNumber(new BigInteger("127")));
crlBuilder.setNextUpdate(oneHourHence);
X509CRLHolder holder = crlBuilder.build(signer);
File crlToChange = writeCRL(holder);
File outfile = new File(folder.getRoot(), "new.crl");
X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic());
// Add enough items to cause the number of length bytes to change
Set<BigInteger> newSerials = new HashSet<>(Arrays.asList(new BigInteger("2358215310"), new BigInteger("7231352433"), new BigInteger("8233181205"), new BigInteger("1455615868"), new BigInteger("4323487764"), new BigInteger("6673256679")));
for (BigInteger i : newSerials) {
stream.add(i, new Date(), CRLReason.privilegeWithdrawn);
}
stream.preScan(crlToChange).lock();
OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile));
stream.write(o);
o.close();
X509CRL changedCrl = readCRL();
Set<BigInteger> discoveredSerials = new HashSet<>();
for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) {
discoveredSerials.add(entry.getSerialNumber());
}
X509CRL originalCrl = new JcaX509CRLConverter().setProvider(BC_PROVIDER).getCRL(holder);
assertNotNull(changedCrl.getNextUpdate());
long changedCrlUpdateDelta = changedCrl.getNextUpdate().getTime() - changedCrl.getThisUpdate().getTime();
assertEquals(changedCrlUpdateDelta, oneHourHence.getTime() - oneHourAgo.getTime());
assertThat(changedCrl.getThisUpdate(), OrderingComparison.greaterThan(originalCrl.getThisUpdate()));
assertEquals(newSerials, discoveredSerials);
assertEquals(originalCrl.getIssuerX500Principal(), changedCrl.getIssuerX500Principal());
ASN1ObjectIdentifier crlNumberOID = Extension.cRLNumber;
byte[] oldCrlNumberBytes = originalCrl.getExtensionValue(crlNumberOID.getId());
byte[] newCrlNumberBytes = changedCrl.getExtensionValue(crlNumberOID.getId());
DEROctetString oldOctet = (DEROctetString) DERTaggedObject.fromByteArray(oldCrlNumberBytes);
DEROctetString newOctet = (DEROctetString) DERTaggedObject.fromByteArray(newCrlNumberBytes);
ASN1Integer oldNumber = (ASN1Integer) DERTaggedObject.fromByteArray(oldOctet.getOctets());
ASN1Integer newNumber = (ASN1Integer) DERTaggedObject.fromByteArray(newOctet.getOctets());
assertEquals(oldNumber.getValue().add(BigInteger.ONE), newNumber.getValue());
ASN1ObjectIdentifier authorityKeyOID = Extension.authorityKeyIdentifier;
byte[] oldAuthorityKeyId = originalCrl.getExtensionValue(authorityKeyOID.getId());
byte[] newAuthorityKeyId = changedCrl.getExtensionValue(authorityKeyOID.getId());
assertArrayEquals(oldAuthorityKeyId, newAuthorityKeyId);
}
Also used :
JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)
X509CRL(java.security.cert.X509CRL)
CRLNumber(org.bouncycastle.asn1.x509.CRLNumber)
BufferedOutputStream(java.io.BufferedOutputStream)
OutputStream(java.io.OutputStream)
FileOutputStream(java.io.FileOutputStream)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
Date(java.util.Date)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
X509CRLEntry(java.security.cert.X509CRLEntry)
JcaX509CRLConverter(org.bouncycastle.cert.jcajce.JcaX509CRLConverter)
FileOutputStream(java.io.FileOutputStream)
X509CRLHolder(org.bouncycastle.cert.X509CRLHolder)
BigInteger(java.math.BigInteger)
X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder)
File(java.io.File)
BufferedOutputStream(java.io.BufferedOutputStream)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
HashSet(java.util.HashSet)
Test(org.junit.Test)
Example 79 with DEROctetString
use of org.spongycastle.asn1.DEROctetString in project pdfbox by apache.
the class PublicKeySecurityHandler method createDERForRecipient.
private ASN1Primitive createDERForRecipient(byte[] in, X509Certificate cert) throws IOException, GeneralSecurityException {
String algorithm = "1.2.840.113549.3.2";
AlgorithmParameterGenerator apg;
KeyGenerator keygen;
Cipher cipher;
try {
apg = AlgorithmParameterGenerator.getInstance(algorithm, SecurityProvider.getProvider());
keygen = KeyGenerator.getInstance(algorithm, SecurityProvider.getProvider());
cipher = Cipher.getInstance(algorithm, SecurityProvider.getProvider());
} catch (NoSuchAlgorithmException e) {
// happens when using the command line app .jar file
throw new IOException("Could not find a suitable javax.crypto provider for algorithm " + algorithm + "; possible reason: using an unsigned .jar file", e);
} catch (NoSuchPaddingException e) {
// should never happen, if this happens throw IOException instead
throw new RuntimeException("Could not find a suitable javax.crypto provider", e);
}
AlgorithmParameters parameters = apg.generateParameters();
ASN1Primitive object;
try (ASN1InputStream input = new ASN1InputStream(parameters.getEncoded("ASN.1"))) {
object = input.readObject();
}
keygen.init(128);
SecretKey secretkey = keygen.generateKey();
cipher.init(1, secretkey, parameters);
byte[] bytes = cipher.doFinal(in);
KeyTransRecipientInfo recipientInfo = computeRecipientInfo(cert, secretkey.getEncoded());
DERSet set = new DERSet(new RecipientInfo(recipientInfo));
AlgorithmIdentifier algorithmId = new AlgorithmIdentifier(new ASN1ObjectIdentifier(algorithm), object);
EncryptedContentInfo encryptedInfo = new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmId, new DEROctetString(bytes));
EnvelopedData enveloped = new EnvelopedData(null, set, encryptedInfo, (ASN1Set) null);
ContentInfo contentInfo = new ContentInfo(PKCSObjectIdentifiers.envelopedData, enveloped);
return contentInfo.toASN1Primitive();
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
KeyTransRecipientInfo(org.bouncycastle.asn1.cms.KeyTransRecipientInfo)
AlgorithmParameterGenerator(java.security.AlgorithmParameterGenerator)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
COSString(org.apache.pdfbox.cos.COSString)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
DERSet(org.bouncycastle.asn1.DERSet)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
SecretKey(javax.crypto.SecretKey)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
EncryptedContentInfo(org.bouncycastle.asn1.cms.EncryptedContentInfo)
Cipher(javax.crypto.Cipher)
KeyGenerator(javax.crypto.KeyGenerator)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
KeyTransRecipientInfo(org.bouncycastle.asn1.cms.KeyTransRecipientInfo)
RecipientInfo(org.bouncycastle.asn1.cms.RecipientInfo)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
EnvelopedData(org.bouncycastle.asn1.cms.EnvelopedData)
CMSEnvelopedData(org.bouncycastle.cms.CMSEnvelopedData)
AlgorithmParameters(java.security.AlgorithmParameters)
EncryptedContentInfo(org.bouncycastle.asn1.cms.EncryptedContentInfo)
Example 80 with DEROctetString
use of org.spongycastle.asn1.DEROctetString in project pdfbox by apache.
the class PublicKeySecurityHandler method computeRecipientInfo.
private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0) throws IOException, CertificateEncodingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
TBSCertificate certificate;
try (ASN1InputStream input = new ASN1InputStream(x509certificate.getTBSCertificate())) {
certificate = TBSCertificate.getInstance(input.readObject());
}
AlgorithmIdentifier algorithmId = certificate.getSubjectPublicKeyInfo().getAlgorithm();
IssuerAndSerialNumber serial = new IssuerAndSerialNumber(certificate.getIssuer(), certificate.getSerialNumber().getValue());
Cipher cipher;
try {
cipher = Cipher.getInstance(algorithmId.getAlgorithm().getId(), SecurityProvider.getProvider());
} catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
// should never happen, if this happens throw IOException instead
throw new RuntimeException("Could not find a suitable javax.crypto provider", e);
}
cipher.init(1, x509certificate.getPublicKey());
DEROctetString octets = new DEROctetString(cipher.doFinal(abyte0));
RecipientIdentifier recipientId = new RecipientIdentifier(serial);
return new KeyTransRecipientInfo(recipientId, algorithmId, octets);
}
Also used :
IssuerAndSerialNumber(org.bouncycastle.asn1.cms.IssuerAndSerialNumber)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
KeyTransRecipientInfo(org.bouncycastle.asn1.cms.KeyTransRecipientInfo)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
Cipher(javax.crypto.Cipher)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
RecipientIdentifier(org.bouncycastle.asn1.cms.RecipientIdentifier)
TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Aggregations
DEROctetString (org.bouncycastle.asn1.DEROctetString)84
IOException (java.io.IOException)38
DERSequence (org.bouncycastle.asn1.DERSequence)29
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)28
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)26
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)21
DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)19
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)18
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)16
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)16
Extension (org.bouncycastle.asn1.x509.Extension)16
BigInteger (java.math.BigInteger)13
Date (java.util.Date)11
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)11
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)11
DERSet (org.bouncycastle.asn1.DERSet)10
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)10
Extensions (org.bouncycastle.asn1.x509.Extensions)10
X509Certificate (java.security.cert.X509Certificate)8
ArrayList (java.util.ArrayList)8
