List of usage examples for org.bouncycastle.asn1 ASN1Integer ASN1Integer
public ASN1Integer(byte[] bytes)
From source file:org.cesecore.util.CertTools.java
License:Open Source License
/** * From an altName string as defined in getSubjectAlternativeName * // www.ja va 2s .c o m * @param altName * @return ASN.1 GeneralNames * @see #getSubjectAlternativeName */ public static GeneralNames getGeneralNamesFromAltName(final String altName) { if (log.isTraceEnabled()) { log.trace(">getGeneralNamesFromAltName: " + altName); } final ASN1EncodableVector vec = new ASN1EncodableVector(); for (final String email : CertTools.getEmailFromDN(altName)) { vec.add(new GeneralName(1, /*new DERIA5String(iter.next())*/email)); } for (final String dns : CertTools.getPartsFromDN(altName, CertTools.DNS)) { vec.add(new GeneralName(2, new DERIA5String(dns))); } final String directoryName = getDirectoryStringFromAltName(altName); if (directoryName != null) { //final X500Name x500DirectoryName = new X500Name(directoryName); final X500Name x500DirectoryName = new X500Name(LDAPDN.unescapeRDN(directoryName)); final GeneralName gn = new GeneralName(4, x500DirectoryName); vec.add(gn); } for (final String uri : CertTools.getPartsFromDN(altName, CertTools.URI)) { vec.add(new GeneralName(6, new DERIA5String(uri))); } for (final String uri : CertTools.getPartsFromDN(altName, CertTools.URI1)) { vec.add(new GeneralName(6, new DERIA5String(uri))); } for (final String uri : CertTools.getPartsFromDN(altName, CertTools.URI2)) { vec.add(new GeneralName(6, new DERIA5String(uri))); } for (final String addr : CertTools.getPartsFromDN(altName, CertTools.IPADDR)) { final byte[] ipoctets = StringTools.ipStringToOctets(addr); if (ipoctets.length > 0) { final GeneralName gn = new GeneralName(7, new DEROctetString(ipoctets)); vec.add(gn); } else { log.error("Cannot parse/encode ip address, ignoring: " + addr); } } // UPN is an OtherName see method getUpn... for asn.1 definition for (final String upn : CertTools.getPartsFromDN(altName, CertTools.UPN)) { final ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new ASN1ObjectIdentifier(CertTools.UPN_OBJECTID)); v.add(new DERTaggedObject(true, 0, new DERUTF8String(upn))); vec.add(GeneralName.getInstance(new DERTaggedObject(false, 0, new DERSequence(v)))); } // PermanentIdentifier is an OtherName see method getPermananentIdentifier... for asn.1 definition for (final String permanentIdentifier : CertTools.getPartsFromDN(altName, CertTools.PERMANENTIDENTIFIER)) { final String[] values = getPermanentIdentifierValues(permanentIdentifier); final ASN1EncodableVector v = new ASN1EncodableVector(); // this is the OtherName v.add(new ASN1ObjectIdentifier(CertTools.PERMANENTIDENTIFIER_OBJECTID)); // First the PermanentIdentifier sequence final ASN1EncodableVector piSeq = new ASN1EncodableVector(); if (values[0] != null) { piSeq.add(new DERUTF8String(values[0])); } if (values[1] != null) { piSeq.add(new ASN1ObjectIdentifier(values[1])); } v.add(new DERTaggedObject(true, 0, new DERSequence(piSeq))); // GeneralName gn = new GeneralName(new DERSequence(v), 0); final ASN1Primitive gn = new DERTaggedObject(false, 0, new DERSequence(v)); vec.add(gn); } for (final String guid : CertTools.getPartsFromDN(altName, CertTools.GUID)) { final ASN1EncodableVector v = new ASN1EncodableVector(); byte[] guidbytes = Hex.decode(guid); if (guidbytes != null) { v.add(new ASN1ObjectIdentifier(CertTools.GUID_OBJECTID)); v.add(new DERTaggedObject(true, 0, new DEROctetString(guidbytes))); final ASN1Primitive gn = new DERTaggedObject(false, 0, new DERSequence(v)); vec.add(gn); } else { log.error("Cannot decode hexadecimal guid, ignoring: " + guid); } } // Krb5PrincipalName is an OtherName, see method getKrb5Principal...for ASN.1 definition for (final String principalString : CertTools.getPartsFromDN(altName, CertTools.KRB5PRINCIPAL)) { // Start by parsing the input string to separate it in different parts if (log.isDebugEnabled()) { log.debug("principalString: " + principalString); } // The realm is the last part moving back until an @ final int index = principalString.lastIndexOf('@'); String realm = ""; if (index > 0) { realm = principalString.substring(index + 1); } if (log.isDebugEnabled()) { log.debug("realm: " + realm); } // Now we can have several principals separated by / final ArrayList<String> principalarr = new ArrayList<String>(); int jndex = 0; int bindex = 0; while (jndex < index) { // Loop and add all strings separated by / jndex = principalString.indexOf('/', bindex); if (jndex == -1) { jndex = index; } String s = principalString.substring(bindex, jndex); if (log.isDebugEnabled()) { log.debug("adding principal name: " + s); } principalarr.add(s); bindex = jndex + 1; } // Now we must construct the rather complex asn.1... final ASN1EncodableVector v = new ASN1EncodableVector(); // this is the OtherName v.add(new ASN1ObjectIdentifier(CertTools.KRB5PRINCIPAL_OBJECTID)); // First the Krb5PrincipalName sequence final ASN1EncodableVector krb5p = new ASN1EncodableVector(); // The realm is the first tagged GeneralString krb5p.add(new DERTaggedObject(true, 0, new DERGeneralString(realm))); // Second is the sequence of principal names, which is at tagged position 1 in the krb5p final ASN1EncodableVector principals = new ASN1EncodableVector(); // According to rfc4210 the type NT-UNKNOWN is 0, and according to some other rfc this type should be used... principals.add(new DERTaggedObject(true, 0, new ASN1Integer(0))); // The names themselves are yet another sequence final Iterator<String> i = principalarr.iterator(); final ASN1EncodableVector names = new ASN1EncodableVector(); while (i.hasNext()) { String principalName = (String) i.next(); names.add(new DERGeneralString(principalName)); } principals.add(new DERTaggedObject(true, 1, new DERSequence(names))); krb5p.add(new DERTaggedObject(true, 1, new DERSequence(principals))); v.add(new DERTaggedObject(true, 0, new DERSequence(krb5p))); final ASN1Primitive gn = new DERTaggedObject(false, 0, new DERSequence(v)); vec.add(gn); } // To support custom OIDs in altNames, they must be added as an OtherName of plain type UTF8String for (final String oid : CertTools.getCustomOids(altName)) { for (final String oidValue : CertTools.getPartsFromDN(altName, oid)) { final ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new ASN1ObjectIdentifier(oid)); v.add(new DERTaggedObject(true, 0, new DERUTF8String(oidValue))); final ASN1Primitive gn = new DERTaggedObject(false, 0, new DERSequence(v)); vec.add(gn); } } if (vec.size() > 0) { return GeneralNames.getInstance(new DERSequence(vec)); } return null; }
From source file:org.cryptable.pki.communication.PKICMPMessages.java
License:Open Source License
/** * Revoke a certificate//w w w . j ava 2 s . c om * */ public byte[] createRevocationMessage(RevocationInput[] revocationInputs) throws CertificateEncodingException, CMSException, CRMFException, OperatorCreationException, CMPException, IOException, PKICMPMessageException, NoSuchFieldException, IllegalAccessException { List<RevDetails> revDetailsList = new ArrayList<RevDetails>(revocationInputs.length); for (RevocationInput revocationInput : revocationInputs) { List<Extension> extensions = new ArrayList<Extension>(); X509CertificateHolder x509CertificateHolder = new JcaX509CertificateHolder( revocationInput.getX509Certificate()); CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder(); // Template to fill in certTemplateBuilder.setSubject(x509CertificateHolder.getSubject()) .setIssuer(x509CertificateHolder.getIssuer()) .setSerialNumber(new ASN1Integer(x509CertificateHolder.getSerialNumber())) .setPublicKey(x509CertificateHolder.getSubjectPublicKeyInfo()); // Optional Revocation Extensions if (revocationInput.getReasonCode() != -1) { extensions.add(new Extension(Extension.reasonCode, false, new ReasonFlags(revocationInput.getReasonCode()).getEncoded())); } if (revocationInput.getInvalidityDate() != null) { extensions.add(new Extension(Extension.invalidityDate, false, new Time(revocationInput.getInvalidityDate()).getEncoded())); } if (extensions.size() == 0) { revDetailsList.add(new RevDetails(certTemplateBuilder.build())); } else { revDetailsList.add(new RevDetails(certTemplateBuilder.build(), new Extensions(extensions.toArray(new Extension[extensions.size()])))); } } RevReqContent revReqContent = new RevReqContent( revDetailsList.toArray(new RevDetails[revDetailsList.size()])); return createProtectedPKIMessage(new PKIBody(PKIBody.TYPE_REVOCATION_REQ, revReqContent)); }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
private byte[] createInitializationRespons1(byte[] senderNonce, byte[] transactionId) throws CMPException, CertificateEncodingException, OperatorCreationException, PKICMPMessageException, IOException { X509CertificateHolder x509CertificateHolder = new JcaX509CertificateHolder(pki.getTestUser3Cert()); // Body/*from w ww.j a v a2 s . c o m*/ CertResponse certResponse = new CertResponse(new ASN1Integer(0), new PKIStatusInfo(PKIStatus.granted), new CertifiedKeyPair( new CertOrEncCert(new CMPCertificate(x509CertificateHolder.toASN1Structure()))), null); CertResponse[] certResponses = new CertResponse[1]; certResponses[0] = certResponse; PKIBody pkiBody = new PKIBody(PKIBody.TYPE_INIT_REP, new CertRepMessage(pkiKeyStoreCA.getCMPCertificateChain(), certResponses)); return createProtectedPKIMessage(senderNonce, transactionId, pkiBody); }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
private byte[] createInitializationRespons2(byte[] senderNonce, byte[] transactionId) throws CMPException, CertificateEncodingException, OperatorException, PKICMPMessageException, IOException, CRMFException { X509CertificateHolder x509CertificateHolder = new JcaX509CertificateHolder(pki.getTestUser3Cert()); //encrypt Private Key KeyWrapper keyWrapper = new JceAsymmetricKeyWrapper(pkiKeyStoreCA.getRecipientCertificate().getPublicKey()) .setProvider("BC"); OutputEncryptor encryptor = new JceCRMFEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider("BC") .build();//w w w . j ava2 s .c om ByteArrayOutputStream bOut = new ByteArrayOutputStream(); OutputStream eOut = encryptor.getOutputStream(bOut); eOut.write(pki.getTestUser3CertPrivateKey().getEncoded()); eOut.close(); AlgorithmIdentifier intendedAlg = null; AlgorithmIdentifier symmAlg = encryptor.getAlgorithmIdentifier(); DERBitString encSymmKey; keyWrapper.generateWrappedKey(encryptor.getKey()); encSymmKey = new DERBitString(keyWrapper.generateWrappedKey(encryptor.getKey())); AlgorithmIdentifier keyAlg = keyWrapper.getAlgorithmIdentifier(); ASN1OctetString valueHint = null; DERBitString encValue = new DERBitString(bOut.toByteArray()); EncryptedValue encryptedPrivateKey = new EncryptedValue(intendedAlg, symmAlg, encSymmKey, keyAlg, valueHint, encValue); // Body CertResponse certResponse = new CertResponse(new ASN1Integer(0), new PKIStatusInfo(PKIStatus.granted), new CertifiedKeyPair(new CertOrEncCert(new CMPCertificate(x509CertificateHolder.toASN1Structure())), encryptedPrivateKey, null), null); CertResponse[] certResponses = new CertResponse[1]; certResponses[0] = certResponse; PKIBody pkiBody = new PKIBody(PKIBody.TYPE_INIT_REP, new CertRepMessage(pkiKeyStoreCA.getCMPCertificateChain(), certResponses)); return createProtectedPKIMessage(senderNonce, transactionId, pkiBody); }
From source file:org.cryptoworkshop.ximix.client.connection.signing.ECDSASigningService.java
License:Apache License
public MessageReply generateSig(SignatureCreateMessage ecdsaCreate) throws ServiceConnectionException, IOException { Participant[] participants = new Participant[ecdsaCreate.getNodesToUse().size()]; int index = 0; for (String name : ecdsaCreate.getNodesToUse()) { MessageReply seqRep = sendMessage(name, Type.FETCH_SEQUENCE_NO, new KeyIDMessage(ecdsaCreate.getKeyID())); // TODO: need to drop out people who don't reply. participants[index] = new Participant( BigIntegerMessage.getInstance(seqRep.getPayload()).getValue().intValue(), name); index++;//from w ww .ja va 2 s . c o m } FetchPublicKeyMessage fetchMessage = new FetchPublicKeyMessage(ecdsaCreate.getKeyID()); MessageReply reply = connection.sendMessage(ClientMessage.Type.FETCH_PUBLIC_KEY, fetchMessage); ECDomainParameters domainParams = ((ECPublicKeyParameters) PublicKeyFactory .createKey(SubjectPublicKeyInfo.getInstance(reply.getPayload()))).getParameters(); BigInteger n = domainParams.getN(); BigInteger e = calculateE(n, ecdsaCreate.getMessage()); // TODO: need to take into account node failure during startup. reply = sendMessage(participants[0].getName(), Type.FETCH_SIG_ID, DERNull.INSTANCE); SigID sigID = new SigID(IDMessage.getInstance(reply.getPayload()).getID()); BigInteger r, s; do // generate s { ECDSAInitialiseMessage initialiseMessage = new ECDSAInitialiseMessage(sigID.getID(), ecdsaCreate.getKeyID(), ecdsaCreate.getThreshold(), domainParams.getN(), participants); sendInitialiseMessage(Type.INIT_K_AND_P, initialiseMessage); sendInitialiseMessage(Type.INIT_A, initialiseMessage); sendInitialiseMessage(Type.INIT_B, initialiseMessage); sendInitialiseMessage(Type.INIT_C, initialiseMessage); sendInitialiseMessage(Type.INIT_R, initialiseMessage); sendInitialiseMessage(Type.INIT_MU, initialiseMessage); MessageReply seqRep = sendMessage(participants[0].getName(), Type.FETCH_R, new IDMessage(sigID.getID())); r = BigIntegerMessage.getInstance(seqRep.getPayload()).getValue(); s = accumulateBigInteger(participants, Type.PRIVATE_KEY_SIGN, new ECDSAPartialCreateMessage(sigID.getID(), ecdsaCreate.getKeyID(), e, participants), n); } while (s.equals(BigInteger.ZERO)); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new ASN1Integer(r)); v.add(new ASN1Integer(s)); return new MessageReply(MessageReply.Type.OKAY, new DERSequence(v)); }
From source file:org.cryptoworkshop.ximix.client.connection.signing.message.ECDSAInitialiseMessage.java
License:Apache License
@Override public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DERUTF8String(sigID)); v.add(new DERUTF8String(keyID)); v.add(new ASN1Integer(threshold)); v.add(new ASN1Integer(n)); v.add(MessageUtils.toASN1Sequence(nodesToUse)); return new DERSequence(v); }
From source file:org.cryptoworkshop.ximix.client.connection.signing.message.ECDSAPartialCreateMessage.java
License:Apache License
@Override public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DERUTF8String(sigID)); v.add(new DERUTF8String(keyID)); v.add(new ASN1Integer(e)); v.add(MessageUtils.toASN1Sequence(nodesToUse)); return new DERSequence(v); }
From source file:org.cryptoworkshop.ximix.common.asn1.board.PairSequenceWithProofs.java
License:Apache License
/** * <pre>// w ww . ja v a 2s . c om * PairSequence ::= SEQUENCE OF Pair * </pre> * * @return an encoding of an ASN.1 sequence */ public ASN1Primitive toASN1Primitive() { ASN1EncodableVector tot = new ASN1EncodableVector(); ASN1EncodableVector v = new ASN1EncodableVector(); for (ECPair pair : ecPairs) { v.add(new Pair(pair)); } tot.add(new DERSequence(v)); v = new ASN1EncodableVector(); for (ECDecryptionProof proof : ecProofs) { ASN1EncodableVector proofV = new ASN1EncodableVector(); proofV.add(new DEROctetString(proof.getA().getEncoded(true))); proofV.add(new DEROctetString(proof.getB().getEncoded(true))); proofV.add(new ASN1Integer(proof.getR())); v.add(new DERSequence(proofV)); } tot.add(new DERSequence(v)); return new DERSequence(tot); }
From source file:org.cryptoworkshop.ximix.common.asn1.message.BigIntegerMessage.java
License:Apache License
/** * <pre>/*from ww w. jav a 2s .com*/ * INTEGER value. * </pre> * @return the ASN.1 primitive representing this object. */ @Override public ASN1Primitive toASN1Primitive() { return new ASN1Integer(value); }
From source file:org.cryptoworkshop.ximix.common.asn1.message.BoardDetailMessage.java
License:Apache License
@Override public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DERUTF8String(boardName)); v.add(new DERUTF8String(host)); v.add(new ASN1Integer(messageCount)); if (backupHost != null) { v.add(new DERUTF8String(backupHost)); }//from ww w .j a va2s . c o m return new DERSequence(v); }