Search in sources :

Example 26 with DEROctetString

use of org.spongycastle.asn1.DEROctetString in project xipki by xipki.

the class CmpRequestor method buildPkiHeader.

protected PKIHeader buildPkiHeader(boolean addImplictConfirm, ASN1OctetString tid, CmpUtf8Pairs utf8Pairs, InfoTypeAndValue... additionalGeneralInfos) {
    if (additionalGeneralInfos != null) {
        for (InfoTypeAndValue itv : additionalGeneralInfos) {
            ASN1ObjectIdentifier type = itv.getInfoType();
            if (CMPObjectIdentifiers.it_implicitConfirm.equals(type)) {
                throw new IllegalArgumentException("additionGeneralInfos contains not-permitted ITV implicitConfirm");
            }
            if (CMPObjectIdentifiers.regInfo_utf8Pairs.equals(type)) {
                throw new IllegalArgumentException("additionGeneralInfos contains not-permitted ITV utf8Pairs");
            }
        }
    }
    PKIHeaderBuilder hdrBuilder = new PKIHeaderBuilder(PKIHeader.CMP_2000, sender, recipient);
    hdrBuilder.setMessageTime(new ASN1GeneralizedTime(new Date()));
    ASN1OctetString tmpTid = (tid == null) ? new DEROctetString(randomTransactionId()) : tid;
    hdrBuilder.setTransactionID(tmpTid);
    hdrBuilder.setSenderNonce(randomSenderNonce());
    List<InfoTypeAndValue> itvs = new ArrayList<>(2);
    if (addImplictConfirm) {
        itvs.add(CmpUtil.getImplictConfirmGeneralInfo());
    }
    if (utf8Pairs != null) {
        itvs.add(CmpUtil.buildInfoTypeAndValue(utf8Pairs));
    }
    if (additionalGeneralInfos != null) {
        for (InfoTypeAndValue itv : additionalGeneralInfos) {
            if (itv != null) {
                itvs.add(itv);
            }
        }
    }
    if (CollectionUtil.isNonEmpty(itvs)) {
        hdrBuilder.setGeneralInfo(itvs.toArray(new InfoTypeAndValue[0]));
    }
    return hdrBuilder.build();
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) PKIHeaderBuilder(org.bouncycastle.asn1.cmp.PKIHeaderBuilder) InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue) ArrayList(java.util.ArrayList) ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) Date(java.util.Date) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 27 with DEROctetString

use of org.spongycastle.asn1.DEROctetString in project xipki by xipki.

the class X509CmpRequestor method buildUnrevokeOrRemoveCertRequest.

// method buildRevokeCertRequest
private PKIMessage buildUnrevokeOrRemoveCertRequest(UnrevokeOrRemoveCertRequest request, int reasonCode) throws CmpRequestorException {
    PKIHeader header = buildPkiHeader(null);
    List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries();
    List<RevDetails> revDetailsArray = new ArrayList<>(requestEntries.size());
    for (UnrevokeOrRemoveCertEntry requestEntry : requestEntries) {
        CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
        certTempBuilder.setIssuer(requestEntry.getIssuer());
        certTempBuilder.setSerialNumber(new ASN1Integer(requestEntry.getSerialNumber()));
        byte[] aki = requestEntry.getAuthorityKeyIdentifier();
        if (aki != null) {
            Extensions certTempExts = getCertTempExtensions(aki);
            certTempBuilder.setExtensions(certTempExts);
        }
        Extension[] extensions = new Extension[1];
        try {
            ASN1Enumerated reason = new ASN1Enumerated(reasonCode);
            extensions[0] = new Extension(Extension.reasonCode, true, new DEROctetString(reason.getEncoded()));
        } catch (IOException ex) {
            throw new CmpRequestorException(ex.getMessage(), ex);
        }
        Extensions exts = new Extensions(extensions);
        RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts);
        revDetailsArray.add(revDetails);
    }
    RevReqContent content = new RevReqContent(revDetailsArray.toArray(new RevDetails[0]));
    PKIBody body = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content);
    return new PKIMessage(header, body);
}
Also used : PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) ArrayList(java.util.ArrayList) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) Extensions(org.bouncycastle.asn1.x509.Extensions) RevReqContent(org.bouncycastle.asn1.cmp.RevReqContent) DEROctetString(org.bouncycastle.asn1.DEROctetString) Extension(org.bouncycastle.asn1.x509.Extension) CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder) ASN1Enumerated(org.bouncycastle.asn1.ASN1Enumerated) UnrevokeOrRemoveCertEntry(org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry) RevDetails(org.bouncycastle.asn1.cmp.RevDetails)

Example 28 with DEROctetString

use of org.spongycastle.asn1.DEROctetString in project xipki by xipki.

the class ProxyP11Identity method sign0.

@Override
protected byte[] sign0(long mechanism, P11Params parameters, byte[] content) throws P11TokenException {
    Asn1P11EntityIdentifier asn1EntityId = new Asn1P11EntityIdentifier(identityId);
    Asn1P11Params p11Param = null;
    if (parameters != null) {
        if (parameters instanceof P11RSAPkcsPssParams) {
            p11Param = new Asn1P11Params(Asn1P11Params.TAG_RSA_PKCS_PSS, new Asn1RSAPkcsPssParams((P11RSAPkcsPssParams) parameters));
        } else if (parameters instanceof P11ByteArrayParams) {
            byte[] bytes = ((P11ByteArrayParams) parameters).getBytes();
            p11Param = new Asn1P11Params(Asn1P11Params.TAG_OPAQUE, new DEROctetString(bytes));
        } else if (parameters instanceof P11IVParams) {
            p11Param = new Asn1P11Params(Asn1P11Params.TAG_IV, new DEROctetString(((P11IVParams) parameters).getIV()));
        } else {
            throw new IllegalArgumentException("unkown parameter 'parameters'");
        }
    }
    Asn1SignTemplate signTemplate = new Asn1SignTemplate(asn1EntityId, mechanism, p11Param, content);
    byte[] result = ((ProxyP11Slot) slot).getModule().send(P11ProxyConstants.ACTION_SIGN, signTemplate);
    ASN1OctetString octetString;
    try {
        octetString = DEROctetString.getInstance(result);
    } catch (IllegalArgumentException ex) {
        throw new P11TokenException("the returned result is not OCTET STRING");
    }
    return (octetString == null) ? null : octetString.getOctets();
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier) Asn1P11Params(org.xipki.p11proxy.msg.Asn1P11Params) P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams) Asn1SignTemplate(org.xipki.p11proxy.msg.Asn1SignTemplate) P11TokenException(org.xipki.security.exception.P11TokenException) Asn1RSAPkcsPssParams(org.xipki.p11proxy.msg.Asn1RSAPkcsPssParams) P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11RSAPkcsPssParams) DEROctetString(org.bouncycastle.asn1.DEROctetString) P11IVParams(org.xipki.security.pkcs11.P11IVParams)

Example 29 with DEROctetString

use of org.spongycastle.asn1.DEROctetString in project android_packages_apps_Settings by DirtyUnicorns.

the class CertInstallerHelper method isCa.

private boolean isCa(X509Certificate cert) {
    try {
        byte[] asn1EncodedBytes = cert.getExtensionValue("2.5.29.19");
        if (asn1EncodedBytes == null) {
            return false;
        }
        DEROctetString derOctetString = (DEROctetString) new ASN1InputStream(asn1EncodedBytes).readObject();
        byte[] octets = derOctetString.getOctets();
        ASN1Sequence sequence = (ASN1Sequence) new ASN1InputStream(octets).readObject();
        return BasicConstraints.getInstance(sequence).isCA();
    } catch (IOException e) {
        return false;
    }
}
Also used : ASN1InputStream(com.android.org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(com.android.org.bouncycastle.asn1.ASN1Sequence) IOException(java.io.IOException) DEROctetString(com.android.org.bouncycastle.asn1.DEROctetString)

Example 30 with DEROctetString

use of org.spongycastle.asn1.DEROctetString in project signer by demoiselle.

the class RevocationRefs method makeCrlValidatedID.

/**
 * @param extract
 *            CrlValidatedID from X509CRL
 * @return a CrlValidatedID
 * @throws NoSuchAlgorithmException
 * @throws CRLException
 */
private CrlValidatedID makeCrlValidatedID(X509CRL crl) throws NoSuchAlgorithmException, CRLException {
    Digest digest = DigestFactory.getInstance().factoryDefault();
    digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
    OtherHashAlgAndValue otherHashAlgAndValue = new OtherHashAlgAndValue(new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256), new DEROctetString(digest.digest(crl.getEncoded())));
    OtherHash hash = new OtherHash(otherHashAlgAndValue);
    BigInteger crlnumber;
    CrlIdentifier crlid;
    if (crl.getExtensionValue("2.5.29.20") != null) {
        ASN1Integer varASN1Integer = new ASN1Integer(crl.getExtensionValue("2.5.29.20"));
        crlnumber = varASN1Integer.getPositiveValue();
        crlid = new CrlIdentifier(new X500Name(crl.getIssuerX500Principal().getName()), new DERUTCTime(crl.getThisUpdate()), crlnumber);
    } else {
        crlid = new CrlIdentifier(new X500Name(crl.getIssuerX500Principal().getName()), new DERUTCTime(crl.getThisUpdate()));
    }
    CrlValidatedID crlvid = new CrlValidatedID(hash, crlid);
    return crlvid;
}
Also used : CrlValidatedID(org.bouncycastle.asn1.esf.CrlValidatedID) Digest(org.demoiselle.signer.cryptography.Digest) DERUTCTime(org.bouncycastle.asn1.DERUTCTime) BigInteger(java.math.BigInteger) CrlIdentifier(org.bouncycastle.asn1.esf.CrlIdentifier) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) X500Name(org.bouncycastle.asn1.x500.X500Name) OtherHashAlgAndValue(org.bouncycastle.asn1.esf.OtherHashAlgAndValue) DEROctetString(org.bouncycastle.asn1.DEROctetString) OtherHash(org.bouncycastle.asn1.esf.OtherHash) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Aggregations

DEROctetString (org.bouncycastle.asn1.DEROctetString)84 IOException (java.io.IOException)38 DERSequence (org.bouncycastle.asn1.DERSequence)29 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)28 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)26 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)21 DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)19 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)18 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)16 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)16 Extension (org.bouncycastle.asn1.x509.Extension)16 BigInteger (java.math.BigInteger)13 Date (java.util.Date)11 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)11 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)11 DERSet (org.bouncycastle.asn1.DERSet)10 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)10 Extensions (org.bouncycastle.asn1.x509.Extensions)10 X509Certificate (java.security.cert.X509Certificate)8 ArrayList (java.util.ArrayList)8