use of org.spongycastle.asn1.DEROctetString in project xipki by xipki.
the class CmpRequestor method buildPkiHeader.
protected PKIHeader buildPkiHeader(boolean addImplictConfirm, ASN1OctetString tid, CmpUtf8Pairs utf8Pairs, InfoTypeAndValue... additionalGeneralInfos) {
if (additionalGeneralInfos != null) {
for (InfoTypeAndValue itv : additionalGeneralInfos) {
ASN1ObjectIdentifier type = itv.getInfoType();
if (CMPObjectIdentifiers.it_implicitConfirm.equals(type)) {
throw new IllegalArgumentException("additionGeneralInfos contains not-permitted ITV implicitConfirm");
}
if (CMPObjectIdentifiers.regInfo_utf8Pairs.equals(type)) {
throw new IllegalArgumentException("additionGeneralInfos contains not-permitted ITV utf8Pairs");
}
}
}
PKIHeaderBuilder hdrBuilder = new PKIHeaderBuilder(PKIHeader.CMP_2000, sender, recipient);
hdrBuilder.setMessageTime(new ASN1GeneralizedTime(new Date()));
ASN1OctetString tmpTid = (tid == null) ? new DEROctetString(randomTransactionId()) : tid;
hdrBuilder.setTransactionID(tmpTid);
hdrBuilder.setSenderNonce(randomSenderNonce());
List<InfoTypeAndValue> itvs = new ArrayList<>(2);
if (addImplictConfirm) {
itvs.add(CmpUtil.getImplictConfirmGeneralInfo());
}
if (utf8Pairs != null) {
itvs.add(CmpUtil.buildInfoTypeAndValue(utf8Pairs));
}
if (additionalGeneralInfos != null) {
for (InfoTypeAndValue itv : additionalGeneralInfos) {
if (itv != null) {
itvs.add(itv);
}
}
}
if (CollectionUtil.isNonEmpty(itvs)) {
hdrBuilder.setGeneralInfo(itvs.toArray(new InfoTypeAndValue[0]));
}
return hdrBuilder.build();
}
use of org.spongycastle.asn1.DEROctetString in project xipki by xipki.
the class X509CmpRequestor method buildUnrevokeOrRemoveCertRequest.
// method buildRevokeCertRequest
private PKIMessage buildUnrevokeOrRemoveCertRequest(UnrevokeOrRemoveCertRequest request, int reasonCode) throws CmpRequestorException {
PKIHeader header = buildPkiHeader(null);
List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries();
List<RevDetails> revDetailsArray = new ArrayList<>(requestEntries.size());
for (UnrevokeOrRemoveCertEntry requestEntry : requestEntries) {
CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
certTempBuilder.setIssuer(requestEntry.getIssuer());
certTempBuilder.setSerialNumber(new ASN1Integer(requestEntry.getSerialNumber()));
byte[] aki = requestEntry.getAuthorityKeyIdentifier();
if (aki != null) {
Extensions certTempExts = getCertTempExtensions(aki);
certTempBuilder.setExtensions(certTempExts);
}
Extension[] extensions = new Extension[1];
try {
ASN1Enumerated reason = new ASN1Enumerated(reasonCode);
extensions[0] = new Extension(Extension.reasonCode, true, new DEROctetString(reason.getEncoded()));
} catch (IOException ex) {
throw new CmpRequestorException(ex.getMessage(), ex);
}
Extensions exts = new Extensions(extensions);
RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts);
revDetailsArray.add(revDetails);
}
RevReqContent content = new RevReqContent(revDetailsArray.toArray(new RevDetails[0]));
PKIBody body = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content);
return new PKIMessage(header, body);
}
use of org.spongycastle.asn1.DEROctetString in project xipki by xipki.
the class ProxyP11Identity method sign0.
@Override
protected byte[] sign0(long mechanism, P11Params parameters, byte[] content) throws P11TokenException {
Asn1P11EntityIdentifier asn1EntityId = new Asn1P11EntityIdentifier(identityId);
Asn1P11Params p11Param = null;
if (parameters != null) {
if (parameters instanceof P11RSAPkcsPssParams) {
p11Param = new Asn1P11Params(Asn1P11Params.TAG_RSA_PKCS_PSS, new Asn1RSAPkcsPssParams((P11RSAPkcsPssParams) parameters));
} else if (parameters instanceof P11ByteArrayParams) {
byte[] bytes = ((P11ByteArrayParams) parameters).getBytes();
p11Param = new Asn1P11Params(Asn1P11Params.TAG_OPAQUE, new DEROctetString(bytes));
} else if (parameters instanceof P11IVParams) {
p11Param = new Asn1P11Params(Asn1P11Params.TAG_IV, new DEROctetString(((P11IVParams) parameters).getIV()));
} else {
throw new IllegalArgumentException("unkown parameter 'parameters'");
}
}
Asn1SignTemplate signTemplate = new Asn1SignTemplate(asn1EntityId, mechanism, p11Param, content);
byte[] result = ((ProxyP11Slot) slot).getModule().send(P11ProxyConstants.ACTION_SIGN, signTemplate);
ASN1OctetString octetString;
try {
octetString = DEROctetString.getInstance(result);
} catch (IllegalArgumentException ex) {
throw new P11TokenException("the returned result is not OCTET STRING");
}
return (octetString == null) ? null : octetString.getOctets();
}
use of org.spongycastle.asn1.DEROctetString in project android_packages_apps_Settings by DirtyUnicorns.
the class CertInstallerHelper method isCa.
private boolean isCa(X509Certificate cert) {
try {
byte[] asn1EncodedBytes = cert.getExtensionValue("2.5.29.19");
if (asn1EncodedBytes == null) {
return false;
}
DEROctetString derOctetString = (DEROctetString) new ASN1InputStream(asn1EncodedBytes).readObject();
byte[] octets = derOctetString.getOctets();
ASN1Sequence sequence = (ASN1Sequence) new ASN1InputStream(octets).readObject();
return BasicConstraints.getInstance(sequence).isCA();
} catch (IOException e) {
return false;
}
}
use of org.spongycastle.asn1.DEROctetString in project signer by demoiselle.
the class RevocationRefs method makeCrlValidatedID.
/**
* @param extract
* CrlValidatedID from X509CRL
* @return a CrlValidatedID
* @throws NoSuchAlgorithmException
* @throws CRLException
*/
private CrlValidatedID makeCrlValidatedID(X509CRL crl) throws NoSuchAlgorithmException, CRLException {
Digest digest = DigestFactory.getInstance().factoryDefault();
digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
OtherHashAlgAndValue otherHashAlgAndValue = new OtherHashAlgAndValue(new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256), new DEROctetString(digest.digest(crl.getEncoded())));
OtherHash hash = new OtherHash(otherHashAlgAndValue);
BigInteger crlnumber;
CrlIdentifier crlid;
if (crl.getExtensionValue("2.5.29.20") != null) {
ASN1Integer varASN1Integer = new ASN1Integer(crl.getExtensionValue("2.5.29.20"));
crlnumber = varASN1Integer.getPositiveValue();
crlid = new CrlIdentifier(new X500Name(crl.getIssuerX500Principal().getName()), new DERUTCTime(crl.getThisUpdate()), crlnumber);
} else {
crlid = new CrlIdentifier(new X500Name(crl.getIssuerX500Principal().getName()), new DERUTCTime(crl.getThisUpdate()));
}
CrlValidatedID crlvid = new CrlValidatedID(hash, crlid);
return crlvid;
}
Aggregations