use of org.webpki.asn1.ASN1Integer in project ldapsdk by pingidentity.
the class GeneratePasswordExtendedRequest method encodeValue.
/**
* Uses the provided information to generate an ASN.1 octet string that may be
* used as the value of a generate password extended request.
*
* @param passwordPolicySelectionType
* The password policy selection type to use. It must not be
* {@code null}.
* @param passwordPolicyDN
* The password policy DN to use in conjunction with the
* {@link GeneratePasswordPolicySelectionType#PASSWORD_POLICY_DN}
* password policy selection type. It must be non-{@code null}
* when used in conjunction with that policy selection type, and
* it must be {@code null} for all other selection types.
* @param targetEntryDN
* The target entry DN to use in conjunction with the
* {@link GeneratePasswordPolicySelectionType#TARGET_ENTRY_DN}
* password policy selection type. It must be non-{@code null}
* when used in conjunction with that policy selection type, and
* it must be {@code null} for all other selection types.
* @param numberOfPasswords
* The number of passwords to generate. The value must be
* greater than or equal to one.
* @param numberOfValidationAttempts
* The number of attempts that should be made to generate each
* password in an attempt to obtain a password that satisfies the
* associated set of password validators. The value must be
* greater than or equal to zero.
*
* @return An ASN.1 octet string that may be used as the value of a generate
* password extended request with the provided information, or
* {@code null} if the request uses all the default settings and no
* value is needed.
*/
@Nullable()
private static ASN1OctetString encodeValue(@NotNull final GeneratePasswordPolicySelectionType passwordPolicySelectionType, @Nullable final String passwordPolicyDN, @Nullable final String targetEntryDN, final int numberOfPasswords, final int numberOfValidationAttempts) {
Validator.ensureNotNullWithMessage(passwordPolicySelectionType, "GeneratePasswordExtendedRequest.passwordPolicySelectionType must " + "not be null.");
final List<ASN1Element> elements = new ArrayList<>(3);
switch(passwordPolicySelectionType) {
case DEFAULT_POLICY:
Validator.ensureTrue((passwordPolicyDN == null), "GeneratePasswordExtendedRequest.passwordPolicyDN must be null " + "when using a password policy selection type of " + passwordPolicySelectionType + '.');
Validator.ensureTrue((targetEntryDN == null), "GeneratePasswordExtendedRequest.targetEntryDN must be null " + "when using a password policy selection type of " + passwordPolicySelectionType + '.');
if ((numberOfPasswords == DEFAULT_NUMBER_OF_PASSWORDS) && (numberOfValidationAttempts == DEFAULT_VALIDATION_ATTEMPTS)) {
return null;
}
elements.add(new ASN1Null(passwordPolicySelectionType.getBERType()));
break;
case PASSWORD_POLICY_DN:
Validator.ensureNotNullWithMessage(passwordPolicyDN, "GeneratePasswordExtendedRequest.passwordPolicyDN must not be " + "null when using a password policy selection type of " + passwordPolicySelectionType + '.');
Validator.ensureTrue((targetEntryDN == null), "GeneratePasswordExtendedRequest.targetEntryDN must be null " + "when using a password policy selection type of " + passwordPolicySelectionType + '.');
elements.add(new ASN1OctetString(passwordPolicySelectionType.getBERType(), passwordPolicyDN));
break;
case TARGET_ENTRY_DN:
Validator.ensureTrue((passwordPolicyDN == null), "GeneratePasswordExtendedRequest.passwordPolicyDN must be null " + "when using a password policy selection type of " + passwordPolicySelectionType + '.');
Validator.ensureNotNullWithMessage(targetEntryDN, "GeneratePasswordExtendedRequest.targetEntryDN must not be null " + "when using a password policy selection type of " + passwordPolicySelectionType + '.');
elements.add(new ASN1OctetString(passwordPolicySelectionType.getBERType(), targetEntryDN));
break;
}
if (numberOfPasswords != DEFAULT_NUMBER_OF_PASSWORDS) {
Validator.ensureTrue((numberOfPasswords >= 1), "GeneratePasswordExtendedRequest.numberOfPasswords must be " + "greater than or equal to one.");
elements.add(new ASN1Integer(TYPE_NUMBER_OF_PASSWORDS, numberOfPasswords));
}
if (numberOfValidationAttempts != DEFAULT_VALIDATION_ATTEMPTS) {
Validator.ensureTrue((numberOfValidationAttempts >= 0), "GeneratePasswordExtendedRequest.validationAttempts must be " + "greater than or equal to zero.");
elements.add(new ASN1Integer(TYPE_VALIDATION_ATTEMPTS, numberOfValidationAttempts));
}
return new ASN1OctetString(new ASN1Sequence(elements).encode());
}
use of org.webpki.asn1.ASN1Integer in project ldapsdk by pingidentity.
the class PKCS10CertificateSigningRequest method generateSignature.
/**
* Generates a signature for the certificate signing request with the provided
* information.
*
* @param signatureAlgorithm The signature algorithm to use to
* generate the signature. This must
* not be {@code null}.
* @param privateKey The private key to use to sign the
* certificate signing request. This
* must not be {@code null}.
* @param subjectDN The subject DN for the certificate
* signing request. This must not be
* {@code null}.
* @param publicKeyAlgorithmOID The OID for the public key algorithm.
* This must not be {@code null}.
* @param publicKeyAlgorithmParameters The encoded public key algorithm
* parameters. This may be
* {@code null} if no parameters are
* needed.
* @param encodedPublicKey The encoded representation of the
* public key. This must not be
* {@code null}.
* @param extensions The set of extensions to include in
* the certificate signing request.
* This must not be {@code null} but
* may be empty.
*
* @return An encoded representation of the generated signature.
*
* @throws CertException If a problem is encountered while generating the
* certificate.
*/
@NotNull()
private static ASN1BitString generateSignature(@NotNull final SignatureAlgorithmIdentifier signatureAlgorithm, @NotNull final PrivateKey privateKey, @NotNull final DN subjectDN, @NotNull final OID publicKeyAlgorithmOID, @Nullable final ASN1Element publicKeyAlgorithmParameters, @NotNull final ASN1BitString encodedPublicKey, @NotNull final X509CertificateExtension... extensions) throws CertException {
// Get and initialize the signature generator.
final Signature signature;
try {
signature = CryptoHelper.getSignature(signatureAlgorithm.getJavaName());
} catch (final Exception e) {
Debug.debugException(e);
throw new CertException(ERR_CSR_GEN_SIGNATURE_CANNOT_GET_SIGNATURE_GENERATOR.get(signatureAlgorithm.getJavaName(), StaticUtils.getExceptionMessage(e)), e);
}
try {
signature.initSign(privateKey);
} catch (final Exception e) {
Debug.debugException(e);
throw new CertException(ERR_CSR_GEN_SIGNATURE_CANNOT_INIT_SIGNATURE_GENERATOR.get(signatureAlgorithm.getJavaName(), StaticUtils.getExceptionMessage(e)), e);
}
// compute its signature.
try {
final ArrayList<ASN1Element> requestInfoElements = new ArrayList<>(4);
requestInfoElements.add(new ASN1Integer(PKCS10CertificateSigningRequestVersion.V1.getIntValue()));
requestInfoElements.add(X509Certificate.encodeName(subjectDN));
if (publicKeyAlgorithmParameters == null) {
requestInfoElements.add(new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(publicKeyAlgorithmOID)), encodedPublicKey));
} else {
requestInfoElements.add(new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(publicKeyAlgorithmOID), publicKeyAlgorithmParameters), encodedPublicKey));
}
final ArrayList<ASN1Element> attrElements = new ArrayList<>(1);
if ((extensions != null) && (extensions.length > 0)) {
final ArrayList<ASN1Element> extensionElements = new ArrayList<>(extensions.length);
for (final X509CertificateExtension e : extensions) {
extensionElements.add(e.encode());
}
attrElements.add(new ASN1Sequence(new ASN1ObjectIdentifier(ATTRIBUTE_OID_EXTENSIONS), new ASN1Set(new ASN1Sequence(extensionElements))));
}
requestInfoElements.add(new ASN1Set(TYPE_ATTRIBUTES, attrElements));
final byte[] certificationRequestInfoBytes = new ASN1Sequence(requestInfoElements).encode();
signature.update(certificationRequestInfoBytes);
final byte[] signatureBytes = signature.sign();
return new ASN1BitString(ASN1BitString.getBitsForBytes(signatureBytes));
} catch (final Exception e) {
Debug.debugException(e);
throw new CertException(ERR_CSR_GEN_SIGNATURE_CANNOT_COMPUTE.get(signatureAlgorithm.getJavaName(), StaticUtils.getExceptionMessage(e)), e);
}
}
use of org.webpki.asn1.ASN1Integer in project ldapsdk by pingidentity.
the class X509Certificate method generateSignature.
/**
* Generates a signature for the certificate with the provided information.
*
* @param signatureAlgorithm The signature algorithm to use to
* generate the signature. This must
* not be {@code null}.
* @param privateKey The private key to use to sign the
* certificate. This must not be
* {@code null}.
* @param serialNumber The serial number for the
* certificate. This must not be
* {@code null}.
* @param issuerDN The issuer DN for the certificate.
* This must not be {@code null}.
* @param notBefore The validity start time for the
* certificate.
* @param notAfter The validity end time for the
* certificate.
* @param subjectDN The subject DN for the certificate.
* This must not be {@code null}.
* @param publicKeyAlgorithmOID The OID for the public key algorithm.
* This must not be {@code null}.
* @param publicKeyAlgorithmParameters The encoded public key algorithm
* parameters. This may be
* {@code null} if no parameters are
* needed.
* @param encodedPublicKey The encoded representation of the
* public key. This must not be
* {@code null}.
* @param extensions The set of extensions to include in
* the certificate. This must not be
* {@code null} but may be empty.
*
* @return An encoded representation of the generated signature.
*
* @throws CertException If a problem is encountered while generating the
* certificate.
*/
@NotNull()
private static ASN1BitString generateSignature(@NotNull final SignatureAlgorithmIdentifier signatureAlgorithm, @NotNull final PrivateKey privateKey, @NotNull final BigInteger serialNumber, @NotNull final DN issuerDN, final long notBefore, final long notAfter, @NotNull final DN subjectDN, @NotNull final OID publicKeyAlgorithmOID, @Nullable final ASN1Element publicKeyAlgorithmParameters, @NotNull final ASN1BitString encodedPublicKey, @NotNull final X509CertificateExtension... extensions) throws CertException {
// Get and initialize the signature generator.
final Signature signature;
try {
signature = CryptoHelper.getSignature(signatureAlgorithm.getJavaName());
} catch (final Exception e) {
Debug.debugException(e);
throw new CertException(ERR_CERT_GEN_SIGNATURE_CANNOT_GET_SIGNATURE_GENERATOR.get(signatureAlgorithm.getJavaName(), StaticUtils.getExceptionMessage(e)), e);
}
try {
signature.initSign(privateKey);
} catch (final Exception e) {
Debug.debugException(e);
throw new CertException(ERR_CERT_GEN_SIGNATURE_CANNOT_INIT_SIGNATURE_GENERATOR.get(signatureAlgorithm.getJavaName(), StaticUtils.getExceptionMessage(e)), e);
}
// signature.
try {
final ArrayList<ASN1Element> tbsCertificateElements = new ArrayList<>(8);
tbsCertificateElements.add(new ASN1Element(TYPE_EXPLICIT_VERSION, new ASN1Integer(X509CertificateVersion.V3.getIntValue()).encode()));
tbsCertificateElements.add(new ASN1BigInteger(serialNumber));
tbsCertificateElements.add(new ASN1Sequence(new ASN1ObjectIdentifier(signatureAlgorithm.getOID())));
tbsCertificateElements.add(encodeName(issuerDN));
tbsCertificateElements.add(encodeValiditySequence(notBefore, notAfter));
tbsCertificateElements.add(encodeName(subjectDN));
if (publicKeyAlgorithmParameters == null) {
tbsCertificateElements.add(new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(publicKeyAlgorithmOID)), encodedPublicKey));
} else {
tbsCertificateElements.add(new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(publicKeyAlgorithmOID), publicKeyAlgorithmParameters), encodedPublicKey));
}
final ArrayList<ASN1Element> extensionElements = new ArrayList<>(extensions.length);
for (final X509CertificateExtension e : extensions) {
extensionElements.add(e.encode());
}
tbsCertificateElements.add(new ASN1Element(TYPE_EXPLICIT_EXTENSIONS, new ASN1Sequence(extensionElements).encode()));
final byte[] tbsCertificateBytes = new ASN1Sequence(tbsCertificateElements).encode();
signature.update(tbsCertificateBytes);
final byte[] signatureBytes = signature.sign();
return new ASN1BitString(ASN1BitString.getBitsForBytes(signatureBytes));
} catch (final Exception e) {
Debug.debugException(e);
throw new CertException(ERR_CERT_GEN_SIGNATURE_CANNOT_COMPUTE.get(signatureAlgorithm.getJavaName(), StaticUtils.getExceptionMessage(e)), e);
}
}
use of org.webpki.asn1.ASN1Integer in project ldapsdk by pingidentity.
the class PKCS8PrivateKey method wrapRSAPrivateKey.
/**
* Wraps the provided RSA private key bytes inside a full PKCS #8 encoded
* private key.
*
* @param rsaPrivateKeyBytes The bytes that comprise just the RSA private
* key.
*
* @return The bytes that comprise a PKCS #8 encoded representation of the
* provided RSA private key.
*
* @throws CertException If a problem is encountered while trying to wrap
* the private key.
*/
@NotNull()
static byte[] wrapRSAPrivateKey(@NotNull final byte[] rsaPrivateKeyBytes) throws CertException {
try {
final ArrayList<ASN1Element> elements = new ArrayList<>(5);
elements.add(new ASN1Integer(PKCS8PrivateKeyVersion.V1.getIntValue()));
elements.add(new ASN1Sequence(new ASN1ObjectIdentifier(PublicKeyAlgorithmIdentifier.RSA.getOID())));
elements.add(new ASN1OctetString(rsaPrivateKeyBytes));
return new ASN1Sequence(elements).encode();
} catch (final Exception e) {
Debug.debugException(e);
throw new CertException(ERR_PRIVATE_KEY_WRAP_RSA_KEY_ERROR.get(StaticUtils.getExceptionMessage(e)), e);
}
}
use of org.webpki.asn1.ASN1Integer in project ldapsdk by pingidentity.
the class RSAPrivateKey method encode.
/**
* Encodes this RSA private key to an ASN.1 octet string.
*
* @return The ASN.1 octet string containing the encoded private key.
*/
@NotNull()
ASN1OctetString encode() {
final ArrayList<ASN1Element> elements = new ArrayList<>(9);
elements.add(new ASN1Integer(version.getIntValue()));
elements.add(new ASN1BigInteger(modulus));
elements.add(new ASN1BigInteger(publicExponent));
elements.add(new ASN1BigInteger(privateExponent));
elements.add(new ASN1BigInteger(prime1));
elements.add(new ASN1BigInteger(prime2));
elements.add(new ASN1BigInteger(exponent1));
elements.add(new ASN1BigInteger(exponent2));
elements.add(new ASN1BigInteger(coefficient));
if (!otherPrimeInfos.isEmpty()) {
final ArrayList<ASN1Element> otherElements = new ArrayList<>(otherPrimeInfos.size());
for (final BigInteger[] info : otherPrimeInfos) {
otherElements.add(new ASN1Sequence(new ASN1BigInteger(info[0]), new ASN1BigInteger(info[1]), new ASN1BigInteger(info[2])));
}
elements.add(new ASN1Sequence(otherElements));
}
return new ASN1OctetString(new ASN1Sequence(elements).encode());
}
Aggregations