List of usage examples for org.bouncycastle.asn1 ASN1EncodableVector add
public void add(ASN1Encodable element)
From source file:ClientOCSPDriver.java
License:Open Source License
/** Method added to generate ASNSequence object of subjectDN consturcted in appropriate ASN1 type X509Name constructs all DN components as printablestring by default // w w w .j a va 2s . c om This code was taken and modified from X509Name.java file of BouncyCastle **/ public ASN1Sequence getASNSequence(Vector oids, Vector values) { ASN1Sequence seq; ASN1EncodableVector vec = new ASN1EncodableVector(); ASN1EncodableVector sVec = new ASN1EncodableVector(); DERObjectIdentifier lstOid = null; for (int i = 0; i != oids.size(); i++) { ASN1EncodableVector v = new ASN1EncodableVector(); DERObjectIdentifier oid = (DERObjectIdentifier) oids.elementAt(i); v.add(oid); String str = (String) values.elementAt(i); v.add(getConvertedValue(oid, str)); if (lstOid == null) { sVec.add(new DERSequence(v)); } else { vec.add(new DERSet(sVec)); sVec = new ASN1EncodableVector(); sVec.add(new DERSequence(v)); } lstOid = oid; } vec.add(new DERSet(sVec)); seq = new DERSequence(vec); return seq; }
From source file:CreateSignature.java
License:Apache License
/** * We are extending CMS Signature//w w w .j a va 2 s . com * * @param signer information about signer * @return information about SignerInformation */ private SignerInformation signTimeStamp(SignerInformation signer) throws IOException, TSPException { AttributeTable unsignedAttributes = signer.getUnsignedAttributes(); ASN1EncodableVector vector = new ASN1EncodableVector(); if (unsignedAttributes != null) { vector = unsignedAttributes.toASN1EncodableVector(); } byte[] token = getTsaClient().getTimeStampToken(signer.getSignature()); ASN1ObjectIdentifier oid = PKCSObjectIdentifiers.id_aa_signatureTimeStampToken; ASN1Encodable signatureTimeStamp = new Attribute(oid, new DERSet(ASN1Primitive.fromByteArray(token))); vector.add(signatureTimeStamp); Attributes signedAttributes = new Attributes(vector); SignerInformation newSigner = SignerInformation.replaceUnsignedAttributes(signer, new AttributeTable(signedAttributes)); // TODO can this actually happen? if (newSigner == null) { return signer; } return newSigner; }
From source file:be.fedict.trust.test.PKITestUtils.java
License:Open Source License
public static X509Certificate generateCertificate(PublicKey subjectPublicKey, String subjectDn, DateTime notBefore, DateTime notAfter, X509Certificate issuerCertificate, PrivateKey issuerPrivateKey, boolean caFlag, int pathLength, String crlUri, String ocspUri, KeyUsage keyUsage, String signatureAlgorithm, boolean tsa, boolean includeSKID, boolean includeAKID, PublicKey akidPublicKey, String certificatePolicy, Boolean qcCompliance, boolean ocspResponder, boolean qcSSCD) throws IOException, InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateException, OperatorCreationException { X500Name issuerName;/* w w w . j a va2 s . c o m*/ if (null != issuerCertificate) { issuerName = new X500Name(issuerCertificate.getSubjectX500Principal().toString()); } else { issuerName = new X500Name(subjectDn); } X500Name subjectName = new X500Name(subjectDn); BigInteger serial = new BigInteger(128, new SecureRandom()); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(subjectPublicKey.getEncoded()); X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(issuerName, serial, notBefore.toDate(), notAfter.toDate(), subjectName, publicKeyInfo); JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils(); if (includeSKID) { x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(subjectPublicKey)); } if (includeAKID) { PublicKey authorityPublicKey; if (null != akidPublicKey) { authorityPublicKey = akidPublicKey; } else if (null != issuerCertificate) { authorityPublicKey = issuerCertificate.getPublicKey(); } else { authorityPublicKey = subjectPublicKey; } x509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(authorityPublicKey)); } if (caFlag) { if (-1 == pathLength) { x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(2147483647)); } else { x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(pathLength)); } } if (null != crlUri) { GeneralName generalName = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(crlUri)); GeneralNames generalNames = new GeneralNames(generalName); DistributionPointName distPointName = new DistributionPointName(generalNames); DistributionPoint distPoint = new DistributionPoint(distPointName, null, null); DistributionPoint[] crlDistPoints = new DistributionPoint[] { distPoint }; CRLDistPoint crlDistPoint = new CRLDistPoint(crlDistPoints); x509v3CertificateBuilder.addExtension(Extension.cRLDistributionPoints, false, crlDistPoint); } if (null != ocspUri) { GeneralName ocspName = new GeneralName(GeneralName.uniformResourceIdentifier, ocspUri); AuthorityInformationAccess authorityInformationAccess = new AuthorityInformationAccess( X509ObjectIdentifiers.ocspAccessMethod, ocspName); x509v3CertificateBuilder.addExtension(Extension.authorityInfoAccess, false, authorityInformationAccess); } if (null != keyUsage) { x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, keyUsage); } if (null != certificatePolicy) { ASN1ObjectIdentifier policyObjectIdentifier = new ASN1ObjectIdentifier(certificatePolicy); PolicyInformation policyInformation = new PolicyInformation(policyObjectIdentifier); x509v3CertificateBuilder.addExtension(Extension.certificatePolicies, false, new DERSequence(policyInformation)); } if (null != qcCompliance) { ASN1EncodableVector vec = new ASN1EncodableVector(); if (qcCompliance) { vec.add(new QCStatement(QCStatement.id_etsi_qcs_QcCompliance)); } else { vec.add(new QCStatement(QCStatement.id_etsi_qcs_RetentionPeriod)); } if (qcSSCD) { vec.add(new QCStatement(QCStatement.id_etsi_qcs_QcSSCD)); } x509v3CertificateBuilder.addExtension(Extension.qCStatements, true, new DERSequence(vec)); } if (tsa) { x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping)); } if (ocspResponder) { x509v3CertificateBuilder.addExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck, false, DERNull.INSTANCE); x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_OCSPSigning)); } AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(signatureAlgorithm); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); AsymmetricKeyParameter asymmetricKeyParameter = PrivateKeyFactory.createKey(issuerPrivateKey.getEncoded()); ContentSigner contentSigner = new BcRSAContentSignerBuilder(sigAlgId, digAlgId) .build(asymmetricKeyParameter); X509CertificateHolder x509CertificateHolder = x509v3CertificateBuilder.build(contentSigner); byte[] encodedCertificate = x509CertificateHolder.getEncoded(); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); X509Certificate certificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(encodedCertificate)); return certificate; }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
public byte[] buildCmsBody(String signedHashId, X509Certificate certContent, byte[] content, String hashId, int version) throws CertificateEncodingException, IOException { final ASN1EncodableVector whole = new ASN1EncodableVector(); whole.add(new DERObjectIdentifier(CMS_SIGNED_ID)); final ASN1EncodableVector body = new ASN1EncodableVector(); // ----- versao ------- // final int version = 1; body.add(new DERInteger(version)); buildDigestAlg(body, hashId);//w w w . j a va2 s .c o m // buildContentInfo(body, content); buildCerts(body, certContent); buildSignerInfo(body, signedHashId, certContent, hashId); whole.add(new DERTaggedObject(0, new DERSequence(body))); return genOutput(new DERSequence(whole)); }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
public byte[] buildCmsBody(byte[] signedHashId, X509Certificate certContent, List<X509Certificate> chain, int hashId, int version, int attachSize) throws Exception { final ASN1EncodableVector whole = new ASN1EncodableVector(); // 0 SEQ whole.add(new DERObjectIdentifier(CMS_SIGNED_ID)); // 1 SEQ final ASN1EncodableVector body = new ASN1EncodableVector(); // ----- versao ------- // final int version = 1; body.add(new DERInteger(version)); // 3 INT buildDigestAlg(body, getHashAlg(hashId)); // 3 SET buildContentInfo(body, attachSize); // 3 SEQ buildCerts(body, chain); // 3 CS buildSignerInfo(body, signedHashId, certContent, hashId); // 3 SET whole.add(new DERTaggedObject(0, new DERSequence( // 2 SEQ body))); // 1 CS return genOutput(new DERSequence(whole)); }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
public byte[] buildADRBBody(List<AppSignedInfoEx> listAsiEx, SignPolicy signPol, List<X509Certificate> chain, int version, boolean signingCertFallback, int attachSize) throws Exception { // AppSignedInfoEx asiEx = listAsiEx.get(0); final ASN1EncodableVector whole = new ASN1EncodableVector(); // 0 SEQ whole.add(new DERObjectIdentifier(CMS_SIGNED_ID)); // 1 SEQ final ASN1EncodableVector body = new ASN1EncodableVector(); // ----- versao ------- // final int version = 1; body.add(new DERInteger(version)); // 3 INT List<String> listHashId = createHashList(listAsiEx); buildDigestAlg(body, listHashId); // 3 SET buildContentInfo(body, attachSize); // 3 SEQ if (chain != null) { buildCerts(body, chain); // 3 CS } else {/*from w w w .j a va2 s . c o m*/ buildCertsASIE(body, listAsiEx); // 3 CS } // buildADRBSignerInfo(body, asiEx.getSignedHash(), asiEx.getX509(), // asiEx.getOrigHash(), signPol.getPolicyHash(), // asiEx.getCertHash(), asiEx.getSigningTime(), // asiEx.getIdSha(), signPol.getPolicyUri(), // signPol.getPolicyId(), // signingCertFallback); // 3 SET buildADRBSignerInfo(body, listAsiEx, signPol, signingCertFallback); // 3 // SET whole.add(new DERTaggedObject(0, new DERSequence( // 2 SEQ body))); // 1 CS return genOutput(new DERSequence(whole)); }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
private void buildSignerInfo(ASN1EncodableVector body, byte[] signedHashContent, X509Certificate certContent, int hashId) throws Exception { // ----- Signers Info -------- final ASN1EncodableVector vec = new ASN1EncodableVector(); final ASN1EncodableVector signerinfoVector = new ASN1EncodableVector(); signerinfoVector.add(new DERInteger(SI_VERSION)); signerinfoVector.add(siAddCert(certContent)); signerinfoVector.add(siAddDigestAlgorithm(getHashAlg(hashId))); signerinfoVector.add(siAddDigestEncryptionAlgorithm(getHashSignAlg(hashId))); // Add the digest signerinfoVector.add(new DEROctetString(signedHashContent)); final DERSequence siSeq = new DERSequence(signerinfoVector); vec.add(siSeq);// ww w. j ava 2 s.co m DERSet siSet = new DERSet(vec); body.add(siSet); }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
private void buildADRBSignerInfo(ASN1EncodableVector body, List<AppSignedInfoEx> listAsiEx, SignPolicy signPol, boolean signingCertFallback) throws Exception { final ASN1EncodableVector vec = new ASN1EncodableVector(); // DERSequence siSeq = null; // ----- Signers Info -------- for (AppSignedInfoEx next : listAsiEx) { final ASN1EncodableVector signerinfoVector = new ASN1EncodableVector(); String hashId = getHashAlg(next.getIdSha()); String hashSignId = getHashSignAlg(next.getIdSha()); signerinfoVector.add(new DERInteger(SI_VERSION)); signerinfoVector.add(siAddCert(next.getX509())); signerinfoVector.add(siAddDigestAlgorithm(hashId)); // der encoded structure DERTaggedObject derEncStruct = adrbSiCreateDerEncSigned(next.getOrigHash(), signPol.getPolicyHash(), next.getCertHash(), next.getX509(), next.getSigningTime(), next.getIdSha(), signPol.getPolicyUri(), signPol.getPolicyId(), signingCertFallback); signerinfoVector.add(derEncStruct); signerinfoVector.add(siAddDigestEncryptionAlgorithm(hashSignId)); // Add the digest signerinfoVector.add(new DEROctetString(next.getSignedHash())); final DERSequence siSeq = new DERSequence(signerinfoVector); vec.add(siSeq);/* www.j a va 2 s . c o m*/ } // ----- Signers Info -------- DERSet siSet = new DERSet(vec); body.add(siSet); }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
private DERSequence siCreateDerEncSeqADRB(byte[] origHash, byte[] polHash, byte[] certHash, X509Certificate cert, Date now, int hashNdx, String sigPolicyUri, String sigPolicyId, boolean signingCertFallback) throws Exception { String hashId = getHashAlg(hashNdx); final ASN1EncodableVector desSeq = new ASN1EncodableVector(); // As assinaturas feitas segundo esta PA definem como obrigatrios as // seguintes atributos // assinados: // a) id-contentType; // b) id-messageDigest; // c.1) Para as verses 1.0, 1.1 e 2.0, id-aa-signingCertificate; // c.2) A partir da verso 2.1, inclusive, id-aa-signingCertificateV2; // d) id-aa-ets-sigPolicyId. // OPTIONAL/*from w w w . j ava 2 s .c o m*/ // private static final String ID_SIGNING_TIME = "1.2.840.113549.1.9.5"; if (now != null) { Attribute seq3 = createSigningTime(now); desSeq.add(seq3); } // D // private static final String ID_SIG_POLICY = // "1.2.840.113549.1.9.16.2.15"; if (polHash != null && sigPolicyUri != null && sigPolicyId != null) { Attribute seq2 = createPolicyId(polHash, hashId, sigPolicyUri, sigPolicyId); desSeq.add(seq2); } // C // private static final String ID_SIGNING_CERT2 = // "1.2.840.113549.1.9.16.2.47"; if (certHash != null && cert != null) { Attribute seq1 = createCertRef(certHash, cert, signingCertFallback, hashNdx); desSeq.add(seq1); } // B // private static final String ID_MESSAGE_DIGEST = // "1.2.840.113549.1.9.4"; if (origHash != null) { Attribute seq4 = createMessageDigest(origHash); desSeq.add(seq4); } // A // private static final String ID_CONTENT_TYPE = "1.2.840.113549.1.9.3"; Attribute seq5 = createContentType(); desSeq.add(seq5); DERSequence seq00 = new DERSequence(desSeq); return seq00; }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
private Attribute createContentType() { // // final ASN1EncodableVector desSeq = new ASN1EncodableVector(); // // desSeq.add(new DERObjectIdentifier(ID_CONTENT_TYPE)); final ASN1EncodableVector setEV = new ASN1EncodableVector(); setEV.add(new DERObjectIdentifier(ID_PKCS7_DATA)); DERSet set = new DERSet(setEV); // // desSeq.add(set); // // DERSequence seq = new DERSequence(desSeq); Attribute seq1 = new Attribute(new ASN1ObjectIdentifier(ID_CONTENT_TYPE), set); return seq1;/*www. j ava2 s. co m*/ }