Search in sources :

Example 36 with ASN1Integer

use of org.webpki.asn1.ASN1Integer in project ldapsdk by pingidentity.

the class GeneratePasswordExtendedRequest method encodeValue.

/**
 * Uses the provided information to generate an ASN.1 octet string that may be
 * used as the value of a generate password extended request.
 *
 * @param  passwordPolicySelectionType
 *              The password policy selection type to use.  It must not be
 *              {@code null}.
 * @param  passwordPolicyDN
 *              The password policy DN to use in conjunction with the
 *              {@link GeneratePasswordPolicySelectionType#PASSWORD_POLICY_DN}
 *              password policy selection type.  It must be non-{@code null}
 *              when used in conjunction with that policy selection type, and
 *              it must be {@code null} for all other selection types.
 * @param  targetEntryDN
 *              The target entry DN to use in conjunction with the
 *              {@link GeneratePasswordPolicySelectionType#TARGET_ENTRY_DN}
 *              password policy selection type.  It must be non-{@code null}
 *              when used in conjunction with that policy selection type, and
 *              it must be {@code null} for all other selection types.
 * @param  numberOfPasswords
 *              The number of passwords to generate.  The value must be
 *              greater than or equal to one.
 * @param  numberOfValidationAttempts
 *              The number of attempts that should be made to generate each
 *              password in an attempt to obtain a password that satisfies the
 *              associated set of password validators.  The value must be
 *              greater than or equal to zero.
 *
 * @return  An ASN.1 octet string that may be used as the value of a generate
 *          password extended request with the provided information, or
 *          {@code null} if the request uses all the default settings and no
 *          value is needed.
 */
@Nullable()
private static ASN1OctetString encodeValue(@NotNull final GeneratePasswordPolicySelectionType passwordPolicySelectionType, @Nullable final String passwordPolicyDN, @Nullable final String targetEntryDN, final int numberOfPasswords, final int numberOfValidationAttempts) {
    Validator.ensureNotNullWithMessage(passwordPolicySelectionType, "GeneratePasswordExtendedRequest.passwordPolicySelectionType must " + "not be null.");
    final List<ASN1Element> elements = new ArrayList<>(3);
    switch(passwordPolicySelectionType) {
        case DEFAULT_POLICY:
            Validator.ensureTrue((passwordPolicyDN == null), "GeneratePasswordExtendedRequest.passwordPolicyDN must be null " + "when using a password policy selection type of " + passwordPolicySelectionType + '.');
            Validator.ensureTrue((targetEntryDN == null), "GeneratePasswordExtendedRequest.targetEntryDN must be null " + "when using a password policy selection type of " + passwordPolicySelectionType + '.');
            if ((numberOfPasswords == DEFAULT_NUMBER_OF_PASSWORDS) && (numberOfValidationAttempts == DEFAULT_VALIDATION_ATTEMPTS)) {
                return null;
            }
            elements.add(new ASN1Null(passwordPolicySelectionType.getBERType()));
            break;
        case PASSWORD_POLICY_DN:
            Validator.ensureNotNullWithMessage(passwordPolicyDN, "GeneratePasswordExtendedRequest.passwordPolicyDN must not be " + "null when using a password policy selection type of " + passwordPolicySelectionType + '.');
            Validator.ensureTrue((targetEntryDN == null), "GeneratePasswordExtendedRequest.targetEntryDN must be null " + "when using a password policy selection type of " + passwordPolicySelectionType + '.');
            elements.add(new ASN1OctetString(passwordPolicySelectionType.getBERType(), passwordPolicyDN));
            break;
        case TARGET_ENTRY_DN:
            Validator.ensureTrue((passwordPolicyDN == null), "GeneratePasswordExtendedRequest.passwordPolicyDN must be null " + "when using a password policy selection type of " + passwordPolicySelectionType + '.');
            Validator.ensureNotNullWithMessage(targetEntryDN, "GeneratePasswordExtendedRequest.targetEntryDN must not be null " + "when using a password policy selection type of " + passwordPolicySelectionType + '.');
            elements.add(new ASN1OctetString(passwordPolicySelectionType.getBERType(), targetEntryDN));
            break;
    }
    if (numberOfPasswords != DEFAULT_NUMBER_OF_PASSWORDS) {
        Validator.ensureTrue((numberOfPasswords >= 1), "GeneratePasswordExtendedRequest.numberOfPasswords must be " + "greater than or equal to one.");
        elements.add(new ASN1Integer(TYPE_NUMBER_OF_PASSWORDS, numberOfPasswords));
    }
    if (numberOfValidationAttempts != DEFAULT_VALIDATION_ATTEMPTS) {
        Validator.ensureTrue((numberOfValidationAttempts >= 0), "GeneratePasswordExtendedRequest.validationAttempts must be " + "greater than or equal to zero.");
        elements.add(new ASN1Integer(TYPE_VALIDATION_ATTEMPTS, numberOfValidationAttempts));
    }
    return new ASN1OctetString(new ASN1Sequence(elements).encode());
}
Also used : ASN1OctetString(com.unboundid.asn1.ASN1OctetString) ASN1Sequence(com.unboundid.asn1.ASN1Sequence) ASN1Element(com.unboundid.asn1.ASN1Element) ArrayList(java.util.ArrayList) ASN1Integer(com.unboundid.asn1.ASN1Integer) ASN1Null(com.unboundid.asn1.ASN1Null) Nullable(com.unboundid.util.Nullable)

Example 37 with ASN1Integer

use of org.webpki.asn1.ASN1Integer in project ldapsdk by pingidentity.

the class PKCS10CertificateSigningRequest method generateSignature.

/**
 * Generates a signature for the certificate signing request with the provided
 * information.
 *
 * @param  signatureAlgorithm            The signature algorithm to use to
 *                                       generate the signature.  This must
 *                                       not be {@code null}.
 * @param  privateKey                    The private key to use to sign the
 *                                       certificate signing request.  This
 *                                       must not be {@code null}.
 * @param  subjectDN                     The subject DN for the certificate
 *                                       signing request.  This must not be
 *                                       {@code null}.
 * @param  publicKeyAlgorithmOID         The OID for the public key algorithm.
 *                                       This must not be {@code null}.
 * @param  publicKeyAlgorithmParameters  The encoded public key algorithm
 *                                       parameters.  This may be
 *                                       {@code null} if no parameters are
 *                                       needed.
 * @param  encodedPublicKey              The encoded representation of the
 *                                       public key.  This must not be
 *                                       {@code null}.
 * @param  extensions                    The set of extensions to include in
 *                                       the certificate signing request.
 *                                       This must not be {@code null} but
 *                                       may be empty.
 *
 * @return  An encoded representation of the generated signature.
 *
 * @throws  CertException  If a problem is encountered while generating the
 *                         certificate.
 */
@NotNull()
private static ASN1BitString generateSignature(@NotNull final SignatureAlgorithmIdentifier signatureAlgorithm, @NotNull final PrivateKey privateKey, @NotNull final DN subjectDN, @NotNull final OID publicKeyAlgorithmOID, @Nullable final ASN1Element publicKeyAlgorithmParameters, @NotNull final ASN1BitString encodedPublicKey, @NotNull final X509CertificateExtension... extensions) throws CertException {
    // Get and initialize the signature generator.
    final Signature signature;
    try {
        signature = CryptoHelper.getSignature(signatureAlgorithm.getJavaName());
    } catch (final Exception e) {
        Debug.debugException(e);
        throw new CertException(ERR_CSR_GEN_SIGNATURE_CANNOT_GET_SIGNATURE_GENERATOR.get(signatureAlgorithm.getJavaName(), StaticUtils.getExceptionMessage(e)), e);
    }
    try {
        signature.initSign(privateKey);
    } catch (final Exception e) {
        Debug.debugException(e);
        throw new CertException(ERR_CSR_GEN_SIGNATURE_CANNOT_INIT_SIGNATURE_GENERATOR.get(signatureAlgorithm.getJavaName(), StaticUtils.getExceptionMessage(e)), e);
    }
    // compute its signature.
    try {
        final ArrayList<ASN1Element> requestInfoElements = new ArrayList<>(4);
        requestInfoElements.add(new ASN1Integer(PKCS10CertificateSigningRequestVersion.V1.getIntValue()));
        requestInfoElements.add(X509Certificate.encodeName(subjectDN));
        if (publicKeyAlgorithmParameters == null) {
            requestInfoElements.add(new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(publicKeyAlgorithmOID)), encodedPublicKey));
        } else {
            requestInfoElements.add(new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(publicKeyAlgorithmOID), publicKeyAlgorithmParameters), encodedPublicKey));
        }
        final ArrayList<ASN1Element> attrElements = new ArrayList<>(1);
        if ((extensions != null) && (extensions.length > 0)) {
            final ArrayList<ASN1Element> extensionElements = new ArrayList<>(extensions.length);
            for (final X509CertificateExtension e : extensions) {
                extensionElements.add(e.encode());
            }
            attrElements.add(new ASN1Sequence(new ASN1ObjectIdentifier(ATTRIBUTE_OID_EXTENSIONS), new ASN1Set(new ASN1Sequence(extensionElements))));
        }
        requestInfoElements.add(new ASN1Set(TYPE_ATTRIBUTES, attrElements));
        final byte[] certificationRequestInfoBytes = new ASN1Sequence(requestInfoElements).encode();
        signature.update(certificationRequestInfoBytes);
        final byte[] signatureBytes = signature.sign();
        return new ASN1BitString(ASN1BitString.getBitsForBytes(signatureBytes));
    } catch (final Exception e) {
        Debug.debugException(e);
        throw new CertException(ERR_CSR_GEN_SIGNATURE_CANNOT_COMPUTE.get(signatureAlgorithm.getJavaName(), StaticUtils.getExceptionMessage(e)), e);
    }
}
Also used : ArrayList(java.util.ArrayList) ASN1Integer(com.unboundid.asn1.ASN1Integer) ASN1BitString(com.unboundid.asn1.ASN1BitString) ASN1Sequence(com.unboundid.asn1.ASN1Sequence) ASN1Set(com.unboundid.asn1.ASN1Set) Signature(java.security.Signature) ASN1Element(com.unboundid.asn1.ASN1Element) ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier) NotNull(com.unboundid.util.NotNull)

Example 38 with ASN1Integer

use of org.webpki.asn1.ASN1Integer in project ldapsdk by pingidentity.

the class X509Certificate method generateSignature.

/**
 * Generates a signature for the certificate with the provided information.
 *
 * @param  signatureAlgorithm            The signature algorithm to use to
 *                                       generate the signature.  This must
 *                                       not be {@code null}.
 * @param  privateKey                    The private key to use to sign the
 *                                       certificate.  This must not be
 *                                       {@code null}.
 * @param  serialNumber                  The serial number for the
 *                                       certificate.  This must not be
 *                                       {@code null}.
 * @param  issuerDN                      The issuer DN for the certificate.
 *                                       This must not be {@code null}.
 * @param  notBefore                     The validity start time for the
 *                                       certificate.
 * @param  notAfter                      The validity end time for the
 *                                       certificate.
 * @param  subjectDN                     The subject DN for the certificate.
 *                                       This must not be {@code null}.
 * @param  publicKeyAlgorithmOID         The OID for the public key algorithm.
 *                                       This must not be {@code null}.
 * @param  publicKeyAlgorithmParameters  The encoded public key algorithm
 *                                       parameters.  This may be
 *                                       {@code null} if no parameters are
 *                                       needed.
 * @param  encodedPublicKey              The encoded representation of the
 *                                       public key.  This must not be
 *                                       {@code null}.
 * @param  extensions                    The set of extensions to include in
 *                                       the certificate.  This must not be
 *                                       {@code null} but may be empty.
 *
 * @return  An encoded representation of the generated signature.
 *
 * @throws  CertException  If a problem is encountered while generating the
 *                         certificate.
 */
@NotNull()
private static ASN1BitString generateSignature(@NotNull final SignatureAlgorithmIdentifier signatureAlgorithm, @NotNull final PrivateKey privateKey, @NotNull final BigInteger serialNumber, @NotNull final DN issuerDN, final long notBefore, final long notAfter, @NotNull final DN subjectDN, @NotNull final OID publicKeyAlgorithmOID, @Nullable final ASN1Element publicKeyAlgorithmParameters, @NotNull final ASN1BitString encodedPublicKey, @NotNull final X509CertificateExtension... extensions) throws CertException {
    // Get and initialize the signature generator.
    final Signature signature;
    try {
        signature = CryptoHelper.getSignature(signatureAlgorithm.getJavaName());
    } catch (final Exception e) {
        Debug.debugException(e);
        throw new CertException(ERR_CERT_GEN_SIGNATURE_CANNOT_GET_SIGNATURE_GENERATOR.get(signatureAlgorithm.getJavaName(), StaticUtils.getExceptionMessage(e)), e);
    }
    try {
        signature.initSign(privateKey);
    } catch (final Exception e) {
        Debug.debugException(e);
        throw new CertException(ERR_CERT_GEN_SIGNATURE_CANNOT_INIT_SIGNATURE_GENERATOR.get(signatureAlgorithm.getJavaName(), StaticUtils.getExceptionMessage(e)), e);
    }
    // signature.
    try {
        final ArrayList<ASN1Element> tbsCertificateElements = new ArrayList<>(8);
        tbsCertificateElements.add(new ASN1Element(TYPE_EXPLICIT_VERSION, new ASN1Integer(X509CertificateVersion.V3.getIntValue()).encode()));
        tbsCertificateElements.add(new ASN1BigInteger(serialNumber));
        tbsCertificateElements.add(new ASN1Sequence(new ASN1ObjectIdentifier(signatureAlgorithm.getOID())));
        tbsCertificateElements.add(encodeName(issuerDN));
        tbsCertificateElements.add(encodeValiditySequence(notBefore, notAfter));
        tbsCertificateElements.add(encodeName(subjectDN));
        if (publicKeyAlgorithmParameters == null) {
            tbsCertificateElements.add(new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(publicKeyAlgorithmOID)), encodedPublicKey));
        } else {
            tbsCertificateElements.add(new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(publicKeyAlgorithmOID), publicKeyAlgorithmParameters), encodedPublicKey));
        }
        final ArrayList<ASN1Element> extensionElements = new ArrayList<>(extensions.length);
        for (final X509CertificateExtension e : extensions) {
            extensionElements.add(e.encode());
        }
        tbsCertificateElements.add(new ASN1Element(TYPE_EXPLICIT_EXTENSIONS, new ASN1Sequence(extensionElements).encode()));
        final byte[] tbsCertificateBytes = new ASN1Sequence(tbsCertificateElements).encode();
        signature.update(tbsCertificateBytes);
        final byte[] signatureBytes = signature.sign();
        return new ASN1BitString(ASN1BitString.getBitsForBytes(signatureBytes));
    } catch (final Exception e) {
        Debug.debugException(e);
        throw new CertException(ERR_CERT_GEN_SIGNATURE_CANNOT_COMPUTE.get(signatureAlgorithm.getJavaName(), StaticUtils.getExceptionMessage(e)), e);
    }
}
Also used : ArrayList(java.util.ArrayList) ASN1BigInteger(com.unboundid.asn1.ASN1BigInteger) ASN1Integer(com.unboundid.asn1.ASN1Integer) ASN1Exception(com.unboundid.asn1.ASN1Exception) CertificateException(java.security.cert.CertificateException) ASN1BitString(com.unboundid.asn1.ASN1BitString) ASN1Sequence(com.unboundid.asn1.ASN1Sequence) Signature(java.security.Signature) ASN1Element(com.unboundid.asn1.ASN1Element) ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier) NotNull(com.unboundid.util.NotNull)

Example 39 with ASN1Integer

use of org.webpki.asn1.ASN1Integer in project ldapsdk by pingidentity.

the class PKCS8PrivateKey method wrapRSAPrivateKey.

/**
 * Wraps the provided RSA private key bytes inside a full PKCS #8 encoded
 * private key.
 *
 * @param  rsaPrivateKeyBytes  The bytes that comprise just the RSA private
 *                             key.
 *
 * @return  The bytes that comprise a PKCS #8 encoded representation of the
 *          provided RSA private key.
 *
 * @throws  CertException  If a problem is encountered while trying to wrap
 *                         the private key.
 */
@NotNull()
static byte[] wrapRSAPrivateKey(@NotNull final byte[] rsaPrivateKeyBytes) throws CertException {
    try {
        final ArrayList<ASN1Element> elements = new ArrayList<>(5);
        elements.add(new ASN1Integer(PKCS8PrivateKeyVersion.V1.getIntValue()));
        elements.add(new ASN1Sequence(new ASN1ObjectIdentifier(PublicKeyAlgorithmIdentifier.RSA.getOID())));
        elements.add(new ASN1OctetString(rsaPrivateKeyBytes));
        return new ASN1Sequence(elements).encode();
    } catch (final Exception e) {
        Debug.debugException(e);
        throw new CertException(ERR_PRIVATE_KEY_WRAP_RSA_KEY_ERROR.get(StaticUtils.getExceptionMessage(e)), e);
    }
}
Also used : ASN1OctetString(com.unboundid.asn1.ASN1OctetString) ASN1Sequence(com.unboundid.asn1.ASN1Sequence) ASN1Element(com.unboundid.asn1.ASN1Element) ArrayList(java.util.ArrayList) ASN1Integer(com.unboundid.asn1.ASN1Integer) ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier) GeneralSecurityException(java.security.GeneralSecurityException) NotNull(com.unboundid.util.NotNull)

Example 40 with ASN1Integer

use of org.webpki.asn1.ASN1Integer in project ldapsdk by pingidentity.

the class RSAPrivateKey method encode.

/**
 * Encodes this RSA private key to an ASN.1 octet string.
 *
 * @return  The ASN.1 octet string containing the encoded private key.
 */
@NotNull()
ASN1OctetString encode() {
    final ArrayList<ASN1Element> elements = new ArrayList<>(9);
    elements.add(new ASN1Integer(version.getIntValue()));
    elements.add(new ASN1BigInteger(modulus));
    elements.add(new ASN1BigInteger(publicExponent));
    elements.add(new ASN1BigInteger(privateExponent));
    elements.add(new ASN1BigInteger(prime1));
    elements.add(new ASN1BigInteger(prime2));
    elements.add(new ASN1BigInteger(exponent1));
    elements.add(new ASN1BigInteger(exponent2));
    elements.add(new ASN1BigInteger(coefficient));
    if (!otherPrimeInfos.isEmpty()) {
        final ArrayList<ASN1Element> otherElements = new ArrayList<>(otherPrimeInfos.size());
        for (final BigInteger[] info : otherPrimeInfos) {
            otherElements.add(new ASN1Sequence(new ASN1BigInteger(info[0]), new ASN1BigInteger(info[1]), new ASN1BigInteger(info[2])));
        }
        elements.add(new ASN1Sequence(otherElements));
    }
    return new ASN1OctetString(new ASN1Sequence(elements).encode());
}
Also used : ASN1OctetString(com.unboundid.asn1.ASN1OctetString) ASN1Sequence(com.unboundid.asn1.ASN1Sequence) ASN1Element(com.unboundid.asn1.ASN1Element) ArrayList(java.util.ArrayList) ASN1BigInteger(com.unboundid.asn1.ASN1BigInteger) BigInteger(java.math.BigInteger) ASN1BigInteger(com.unboundid.asn1.ASN1BigInteger) ASN1Integer(com.unboundid.asn1.ASN1Integer) NotNull(com.unboundid.util.NotNull)

Aggregations

ASN1Integer (org.bouncycastle.asn1.ASN1Integer)213 ASN1Integer (com.unboundid.asn1.ASN1Integer)96 ASN1Sequence (com.unboundid.asn1.ASN1Sequence)94 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)91 IOException (java.io.IOException)89 DERSequence (org.bouncycastle.asn1.DERSequence)89 ASN1Integer (com.github.zhenwei.core.asn1.ASN1Integer)86 BigInteger (java.math.BigInteger)86 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)80 ASN1Element (com.unboundid.asn1.ASN1Element)69 Test (org.testng.annotations.Test)63 ArrayList (java.util.ArrayList)50 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)49 DERSequence (com.github.zhenwei.core.asn1.DERSequence)47 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)47 DEROctetString (org.bouncycastle.asn1.DEROctetString)38 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)35 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)28 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)27 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)27