Search in sources :

Example 1 with ASN1ObjectID

use of org.webpki.asn1.ASN1ObjectID in project openkeystore by cyberphone.

the class RelativeDistinguishedName method toASN1.

/*
     * Get the ASN.1 representation of this RelativeDistinguishedName.
     */
public ASN1Set toASN1() {
    if (asn1Representation == null) {
        BaseASN1Object[] t = new BaseASN1Object[components.size()];
        Enumeration<String> e = components.keys();
        for (int i = 0; i < t.length; i++) {
            String attribute = e.nextElement();
            t[i] = new ASN1Sequence(new BaseASN1Object[] { new ASN1ObjectID(attribute), components.get(attribute) });
        }
        asn1Representation = new ASN1Set(t);
    }
    return asn1Representation;
}
Also used : ASN1Sequence(org.webpki.asn1.ASN1Sequence) ASN1Set(org.webpki.asn1.ASN1Set) BaseASN1Object(org.webpki.asn1.BaseASN1Object) ASN1ObjectID(org.webpki.asn1.ASN1ObjectID) ASN1IA5String(org.webpki.asn1.ASN1IA5String) ASN1PrintableString(org.webpki.asn1.ASN1PrintableString) ASN1UTF8String(org.webpki.asn1.ASN1UTF8String) ASN1String(org.webpki.asn1.ASN1String)

Example 2 with ASN1ObjectID

use of org.webpki.asn1.ASN1ObjectID in project openkeystore by cyberphone.

the class CA method createCert.

public X509Certificate createCert(CertSpec certSpec, DistinguishedName issuerName, BigInteger serialNumber, Date startDate, Date endDate, AsymKeySignerInterface signer, PublicKey issuerPublicKey, PublicKey subjectPublicKey) throws IOException, GeneralSecurityException {
    Extensions extensions = new Extensions();
    BaseASN1Object version = new CompositeContextSpecific(0, new ASN1Integer(2));
    DistinguishedName subjectName = certSpec.getSubjectDistinguishedName();
    BaseASN1Object validity = new ASN1Sequence(new BaseASN1Object[] { getASN1Time(startDate), getASN1Time(endDate) });
    AsymSignatureAlgorithms certSignAlg = signer.getAlgorithm();
    BaseASN1Object signatureAlgorithm = new ASN1Sequence(certSignAlg.getKeyType() == KeyTypes.RSA ? new BaseASN1Object[] { new ASN1ObjectID(certSignAlg.getOid()), // Relic from the RSA hey-days...
    new ASN1Null() } : new BaseASN1Object[] { new ASN1ObjectID(certSignAlg.getOid()) });
    BaseASN1Object subjectPublicKeyInfo = DerDecoder.decode(subjectPublicKey.getEncoded());
    // ////////////////////////////////////////////////////
    if (certSpec.endEntity) {
        extensions.add(CertificateExtensions.BASIC_CONSTRAINTS, false, new ASN1Sequence(new BaseASN1Object[] {}));
    }
    // ////////////////////////////////////////////////////
    if (certSpec.caCert) {
        extensions.add(CertificateExtensions.BASIC_CONSTRAINTS, true, new ASN1Sequence(new ASN1Boolean(true)));
    }
    // ////////////////////////////////////////////////////
    if (!certSpec.keyUsageSet.isEmpty()) {
        int i = 0;
        for (KeyUsageBits kubit : certSpec.keyUsageSet) {
            i |= 1 << kubit.ordinal();
        }
        byte[] keyUsage = new byte[i > 255 ? 2 : 1];
        keyUsage[0] = reverseBits(i);
        if (i > 255) {
            keyUsage[1] = reverseBits(i >> 8);
        }
        extensions.add(CertificateExtensions.KEY_USAGE, true, new ASN1BitString(keyUsage));
    }
    // ////////////////////////////////////////////////////
    if (!certSpec.extendedKeyUsageSet.isEmpty()) {
        int i = 0;
        BaseASN1Object[] ekus = new BaseASN1Object[certSpec.extendedKeyUsageSet.size()];
        for (ExtendedKeyUsages eku : certSpec.extendedKeyUsageSet.toArray(new ExtendedKeyUsages[0])) {
            ekus[i++] = new ASN1ObjectID(eku.getOID());
        }
        extensions.add(CertificateExtensions.EXTENDED_KEY_USAGE, false, new ASN1Sequence(ekus));
    }
    // ////////////////////////////////////////////////////
    if (certSpec.skiExtension) {
        extensions.add(CertificateExtensions.SUBJECT_KEY_IDENTIFIER, createKeyID(subjectPublicKey));
    }
    // ////////////////////////////////////////////////////
    if (certSpec.akiExtension) {
        extensions.add(CertificateExtensions.AUTHORITY_KEY_IDENTIFIER, new ASN1Sequence(new SimpleContextSpecific(0, createKeyID(issuerPublicKey))));
    }
    // ////////////////////////////////////////////////////
    if (!certSpec.subjectAltName.isEmpty()) {
        int i = 0;
        BaseASN1Object[] san = new BaseASN1Object[certSpec.subjectAltName.size()];
        for (CertSpec.NameValue nameValue : certSpec.subjectAltName) {
            int type = nameValue.name;
            // We currently only handle simple IA5String types.
            if (type == SubjectAltNameTypes.RFC822_NAME || type == SubjectAltNameTypes.DNS_NAME || type == SubjectAltNameTypes.UNIFORM_RESOURCE_IDENTIFIER) {
                if (!(nameValue.value instanceof ASN1IA5String)) {
                    throw new IOException("Wrong argument type to SubjectAltNames of type " + type);
                }
            } else // Or IP addresses.
            if (type == SubjectAltNameTypes.IP_ADDRESS) {
                if (!(nameValue.value instanceof ASN1OctetString)) {
                    throw new IOException("Wrong argument type to SubjectAltNames of type IP address");
                }
            } else {
                throw new IOException("SubjectAltNames of type " + type + " are not handled.");
            }
            san[i++] = new SimpleContextSpecific(type, nameValue.value);
        }
        extensions.add(CertificateExtensions.SUBJECT_ALT_NAME, new ASN1Sequence(san));
    }
    // ////////////////////////////////////////////////////
    if (!certSpec.certPolicyOids.isEmpty()) {
        int i = 0;
        BaseASN1Object[] policies = new BaseASN1Object[certSpec.certPolicyOids.size()];
        for (String oid : certSpec.certPolicyOids) {
            policies[i++] = new ASN1Sequence(new ASN1ObjectID(oid));
        }
        extensions.add(CertificateExtensions.CERTIFICATE_POLICIES, new ASN1Sequence(policies));
    }
    // ////////////////////////////////////////////////////
    if (!certSpec.aiaLocators.isEmpty()) {
        int i = 0;
        BaseASN1Object[] locators = new BaseASN1Object[certSpec.aiaLocators.size()];
        for (String[] loc_info : certSpec.aiaLocators) {
            locators[i++] = new ASN1Sequence(new BaseASN1Object[] { new ASN1ObjectID(loc_info[0]), new SimpleContextSpecific(6, new ASN1IA5String(loc_info[1])) });
        }
        extensions.add(CertificateExtensions.AUTHORITY_INFO_ACCESS, new ASN1Sequence(locators));
    }
    // ////////////////////////////////////////////////////
    if (!certSpec.crlDistPoints.isEmpty()) {
        int i = 0;
        BaseASN1Object[] cdps = new BaseASN1Object[certSpec.crlDistPoints.size()];
        for (String uri : certSpec.crlDistPoints) {
            cdps[i++] = new ASN1Sequence(new CompositeContextSpecific(0, new CompositeContextSpecific(0, new SimpleContextSpecific(6, new ASN1IA5String(uri)))));
        }
        extensions.add(CertificateExtensions.CRL_DISTRIBUTION_POINTS, new ASN1Sequence(cdps));
    }
    // ////////////////////////////////////////////////////
    // Certificate Creation!
    // ////////////////////////////////////////////////////
    BaseASN1Object[] inner = new BaseASN1Object[extensions.isEmpty() ? 7 : 8];
    inner[0] = version;
    inner[1] = new ASN1Integer(serialNumber);
    inner[2] = signatureAlgorithm;
    inner[3] = issuerName.toASN1();
    inner[4] = validity;
    inner[5] = subjectName.toASN1();
    inner[6] = subjectPublicKeyInfo;
    if (!extensions.isEmpty()) {
        inner[7] = new CompositeContextSpecific(3, extensions.getExtensionData());
    }
    BaseASN1Object tbsCertificate = new ASN1Sequence(inner);
    BaseASN1Object signature = new ASN1BitString(signer.signData(tbsCertificate.encode()));
    byte[] certificate = new ASN1Sequence(new BaseASN1Object[] { tbsCertificate, signatureAlgorithm, signature }).encode();
    return CertificateUtil.getCertificateFromBlob(certificate);
}
Also used : ASN1OctetString(org.webpki.asn1.ASN1OctetString) KeyUsageBits(org.webpki.crypto.KeyUsageBits) DistinguishedName(org.webpki.asn1.cert.DistinguishedName) BaseASN1Object(org.webpki.asn1.BaseASN1Object) CompositeContextSpecific(org.webpki.asn1.CompositeContextSpecific) ASN1Integer(org.webpki.asn1.ASN1Integer) IOException(java.io.IOException) ASN1IA5String(org.webpki.asn1.ASN1IA5String) ASN1OctetString(org.webpki.asn1.ASN1OctetString) ASN1BitString(org.webpki.asn1.ASN1BitString) CertificateExtensions(org.webpki.crypto.CertificateExtensions) ExtendedKeyUsages(org.webpki.crypto.ExtendedKeyUsages) ASN1BitString(org.webpki.asn1.ASN1BitString) ASN1Sequence(org.webpki.asn1.ASN1Sequence) ASN1ObjectID(org.webpki.asn1.ASN1ObjectID) ASN1IA5String(org.webpki.asn1.ASN1IA5String) ASN1Boolean(org.webpki.asn1.ASN1Boolean) AsymSignatureAlgorithms(org.webpki.crypto.AsymSignatureAlgorithms) SimpleContextSpecific(org.webpki.asn1.SimpleContextSpecific) ASN1Null(org.webpki.asn1.ASN1Null)

Example 3 with ASN1ObjectID

use of org.webpki.asn1.ASN1ObjectID in project openkeystore by cyberphone.

the class OkpSupport method raw2PrivateOkpKey.

public static PrivateKey raw2PrivateOkpKey(byte[] d, KeyAlgorithms keyAlgorithm) throws IOException, GeneralSecurityException {
    KeyFactory keyFactory = KeyFactory.getInstance(keyAlgorithm.getJceName());
    byte[] pkcs8 = new ASN1Sequence(new BaseASN1Object[] { new ASN1Integer(0), new ASN1Sequence(new ASN1ObjectID(keyAlgorithm.getECDomainOID())), new ASN1OctetString(new ASN1OctetString(d).encode()) }).encode();
    return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(pkcs8));
}
Also used : ASN1OctetString(org.webpki.asn1.ASN1OctetString) ASN1Sequence(org.webpki.asn1.ASN1Sequence) BaseASN1Object(org.webpki.asn1.BaseASN1Object) ASN1ObjectID(org.webpki.asn1.ASN1ObjectID) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) ASN1Integer(org.webpki.asn1.ASN1Integer) KeyFactory(java.security.KeyFactory)

Example 4 with ASN1ObjectID

use of org.webpki.asn1.ASN1ObjectID in project openkeystore by cyberphone.

the class PKCS7Signer method sign.

private byte[] sign(byte[] message, boolean detached) throws IOException, GeneralSecurityException {
    ArrayList<BaseASN1Object> cert_path = new ArrayList<>();
    for (X509Certificate c : certificatePath) {
        cert_path.add(ASN1Util.x509Certificate(c));
    }
    BaseASN1Object signer_cert = cert_path.get(0);
    int i = ParseUtil.isContext(signer_cert.get(new int[] { 0, 0 }), 0) ? 1 : 0;
    BaseASN1Object sign_info = signer_cert.get(new int[] { 0, i + 2 });
    BaseASN1Object cert_ref = signer_cert.get(new int[] { 0, i });
    String digest_oid = signer_implem.getAlgorithm().getDigestAlgorithm().getOid();
    String encryption_oid = AsymEncryptionAlgorithms.RSA_ES_PKCS_1_5.getOid();
    byte[] signed_data = signer_implem.signData(message);
    BaseASN1Object r = ASN1Util.oidValue(PKCS7_SIGNED_DATA, new CompositeContextSpecific(0, new ASN1Sequence(new BaseASN1Object[] { new ASN1Integer(1), ASN1Util.oidValueSet(digest_oid, new ASN1Null()), detached ? new ASN1Sequence((BaseASN1Object) new ASN1ObjectID(PKCS7_DATA)) : (BaseASN1Object) ASN1Util.oidValue(PKCS7_DATA, new CompositeContextSpecific(0, new ASN1OctetString(message))), new CompositeContextSpecific(0, cert_path), new ASN1Set(new ASN1Sequence(new BaseASN1Object[] { new ASN1Integer(1), new ASN1Sequence(new BaseASN1Object[] { sign_info, cert_ref }), ASN1Util.oidNull(digest_oid), ASN1Util.oidNull(encryption_oid), new ASN1OctetString(signed_data) })) })));
    return r.encode();
}
Also used : ASN1OctetString(org.webpki.asn1.ASN1OctetString) BaseASN1Object(org.webpki.asn1.BaseASN1Object) CompositeContextSpecific(org.webpki.asn1.CompositeContextSpecific) ArrayList(java.util.ArrayList) ASN1OctetString(org.webpki.asn1.ASN1OctetString) ASN1Integer(org.webpki.asn1.ASN1Integer) X509Certificate(java.security.cert.X509Certificate) ASN1Sequence(org.webpki.asn1.ASN1Sequence) ASN1Set(org.webpki.asn1.ASN1Set) ASN1ObjectID(org.webpki.asn1.ASN1ObjectID) ASN1Null(org.webpki.asn1.ASN1Null)

Example 5 with ASN1ObjectID

use of org.webpki.asn1.ASN1ObjectID in project openkeystore by cyberphone.

the class XMLSignatureWrapper method readPublicKey.

public static PublicKey readPublicKey(DOMReaderHelper rd) throws IOException {
    PublicKey publicKey = null;
    try {
        if (rd.hasNext(RSA_KEY_VALUE_ELEM)) {
            rd.getNext(RSA_KEY_VALUE_ELEM);
            rd.getChild();
            publicKey = KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(readCryptoBinary(rd, MODULUS_ELEM), readCryptoBinary(rd, EXPONENT_ELEM)));
        } else {
            rd.getNext(EC_KEY_VALUE_ELEM);
            rd.getChild();
            rd.getNext(NAMED_CURVE_ELEM);
            final String named_curve = rd.getAttributeHelper().getString(URI_ATTR);
            if (!named_curve.startsWith(KeyAlgorithms.XML_DSIG_CURVE_PREFIX)) {
                throw new IOException("Syntax error: " + named_curve);
            }
            publicKey = KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(new ASN1Sequence(new BaseASN1Object[] { new ASN1Sequence(new BaseASN1Object[] { new ASN1ObjectID(EC_NAMED_CURVES_OID), new ASN1ObjectID(named_curve.substring(KeyAlgorithms.XML_DSIG_CURVE_PREFIX.length())) }), new ASN1BitString(rd.getBinary(PUBLIC_KEY_ELEM)) }).encode()));
        }
    } catch (GeneralSecurityException e) {
        throw new IOException(e);
    }
    rd.getParent();
    // Verify that it is one of the supported
    KeyAlgorithms.getKeyAlgorithm(publicKey);
    return publicKey;
}
Also used : ASN1Sequence(org.webpki.asn1.ASN1Sequence) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) BaseASN1Object(org.webpki.asn1.BaseASN1Object) ASN1ObjectID(org.webpki.asn1.ASN1ObjectID) GeneralSecurityException(java.security.GeneralSecurityException) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) ASN1BitString(org.webpki.asn1.ASN1BitString) IOException(java.io.IOException) ASN1BitString(org.webpki.asn1.ASN1BitString)

Aggregations

ASN1ObjectID (org.webpki.asn1.ASN1ObjectID)6 ASN1Sequence (org.webpki.asn1.ASN1Sequence)6 BaseASN1Object (org.webpki.asn1.BaseASN1Object)6 ASN1Integer (org.webpki.asn1.ASN1Integer)4 ASN1OctetString (org.webpki.asn1.ASN1OctetString)4 ASN1BitString (org.webpki.asn1.ASN1BitString)3 CompositeContextSpecific (org.webpki.asn1.CompositeContextSpecific)3 IOException (java.io.IOException)2 ASN1IA5String (org.webpki.asn1.ASN1IA5String)2 ASN1Null (org.webpki.asn1.ASN1Null)2 ASN1Set (org.webpki.asn1.ASN1Set)2 SimpleContextSpecific (org.webpki.asn1.SimpleContextSpecific)2 GeneralSecurityException (java.security.GeneralSecurityException)1 KeyFactory (java.security.KeyFactory)1 PublicKey (java.security.PublicKey)1 X509Certificate (java.security.cert.X509Certificate)1 ECKey (java.security.interfaces.ECKey)1 RSAKey (java.security.interfaces.RSAKey)1 RSAPublicKey (java.security.interfaces.RSAPublicKey)1 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)1