List of usage examples for org.bouncycastle.asn1 ASN1ObjectIdentifier ASN1ObjectIdentifier
public ASN1ObjectIdentifier(String identifier)
From source file:TSAClient.java
License:Apache License
private ASN1ObjectIdentifier getHashObjectIdentifier(String algorithm) { if (algorithm.equals("MD2")) { return new ASN1ObjectIdentifier(PKCSObjectIdentifiers.md2.getId()); } else if (algorithm.equals("MD5")) { return new ASN1ObjectIdentifier(PKCSObjectIdentifiers.md5.getId()); } else if (algorithm.equals("SHA-1")) { return new ASN1ObjectIdentifier(OIWObjectIdentifiers.idSHA1.getId()); } else if (algorithm.equals("SHA-224")) { return new ASN1ObjectIdentifier(NISTObjectIdentifiers.id_sha224.getId()); } else if (algorithm.equals("SHA-256")) { return new ASN1ObjectIdentifier(NISTObjectIdentifiers.id_sha256.getId()); } else if (algorithm.equals("SHA-384")) { return new ASN1ObjectIdentifier(NISTObjectIdentifiers.id_sha384.getId()); } else if (algorithm.equals("SHA-512")) { return new ASN1ObjectIdentifier(NISTObjectIdentifiers.id_sha512.getId()); } else {// w ww.j a v a2 s.com return new ASN1ObjectIdentifier(algorithm); } }
From source file:CMSProcessableInputStream.java
License:Apache License
CMSProcessableInputStream(InputStream is) {
this(new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId()), is);
}
From source file:be.fedict.trust.test.PKITestUtils.java
License:Open Source License
public static X509Certificate generateCertificate(PublicKey subjectPublicKey, String subjectDn, DateTime notBefore, DateTime notAfter, X509Certificate issuerCertificate, PrivateKey issuerPrivateKey, boolean caFlag, int pathLength, String crlUri, String ocspUri, KeyUsage keyUsage, String signatureAlgorithm, boolean tsa, boolean includeSKID, boolean includeAKID, PublicKey akidPublicKey, String certificatePolicy, Boolean qcCompliance, boolean ocspResponder, boolean qcSSCD) throws IOException, InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateException, OperatorCreationException { X500Name issuerName;//w ww . j av a2 s . c o m if (null != issuerCertificate) { issuerName = new X500Name(issuerCertificate.getSubjectX500Principal().toString()); } else { issuerName = new X500Name(subjectDn); } X500Name subjectName = new X500Name(subjectDn); BigInteger serial = new BigInteger(128, new SecureRandom()); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(subjectPublicKey.getEncoded()); X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(issuerName, serial, notBefore.toDate(), notAfter.toDate(), subjectName, publicKeyInfo); JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils(); if (includeSKID) { x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(subjectPublicKey)); } if (includeAKID) { PublicKey authorityPublicKey; if (null != akidPublicKey) { authorityPublicKey = akidPublicKey; } else if (null != issuerCertificate) { authorityPublicKey = issuerCertificate.getPublicKey(); } else { authorityPublicKey = subjectPublicKey; } x509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(authorityPublicKey)); } if (caFlag) { if (-1 == pathLength) { x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(2147483647)); } else { x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(pathLength)); } } if (null != crlUri) { GeneralName generalName = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(crlUri)); GeneralNames generalNames = new GeneralNames(generalName); DistributionPointName distPointName = new DistributionPointName(generalNames); DistributionPoint distPoint = new DistributionPoint(distPointName, null, null); DistributionPoint[] crlDistPoints = new DistributionPoint[] { distPoint }; CRLDistPoint crlDistPoint = new CRLDistPoint(crlDistPoints); x509v3CertificateBuilder.addExtension(Extension.cRLDistributionPoints, false, crlDistPoint); } if (null != ocspUri) { GeneralName ocspName = new GeneralName(GeneralName.uniformResourceIdentifier, ocspUri); AuthorityInformationAccess authorityInformationAccess = new AuthorityInformationAccess( X509ObjectIdentifiers.ocspAccessMethod, ocspName); x509v3CertificateBuilder.addExtension(Extension.authorityInfoAccess, false, authorityInformationAccess); } if (null != keyUsage) { x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, keyUsage); } if (null != certificatePolicy) { ASN1ObjectIdentifier policyObjectIdentifier = new ASN1ObjectIdentifier(certificatePolicy); PolicyInformation policyInformation = new PolicyInformation(policyObjectIdentifier); x509v3CertificateBuilder.addExtension(Extension.certificatePolicies, false, new DERSequence(policyInformation)); } if (null != qcCompliance) { ASN1EncodableVector vec = new ASN1EncodableVector(); if (qcCompliance) { vec.add(new QCStatement(QCStatement.id_etsi_qcs_QcCompliance)); } else { vec.add(new QCStatement(QCStatement.id_etsi_qcs_RetentionPeriod)); } if (qcSSCD) { vec.add(new QCStatement(QCStatement.id_etsi_qcs_QcSSCD)); } x509v3CertificateBuilder.addExtension(Extension.qCStatements, true, new DERSequence(vec)); } if (tsa) { x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping)); } if (ocspResponder) { x509v3CertificateBuilder.addExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck, false, DERNull.INSTANCE); x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_OCSPSigning)); } AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(signatureAlgorithm); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); AsymmetricKeyParameter asymmetricKeyParameter = PrivateKeyFactory.createKey(issuerPrivateKey.getEncoded()); ContentSigner contentSigner = new BcRSAContentSignerBuilder(sigAlgId, digAlgId) .build(asymmetricKeyParameter); X509CertificateHolder x509CertificateHolder = x509v3CertificateBuilder.build(contentSigner); byte[] encodedCertificate = x509CertificateHolder.getEncoded(); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); X509Certificate certificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(encodedCertificate)); return certificate; }
From source file:be.fedict.trust.test.PKITestUtils.java
License:Open Source License
public static TimeStampToken createTimeStampToken(PrivateKey privateKey, List<X509Certificate> certificateChain) throws Exception { Store certs = new JcaCertStore(certificateChain); TimeStampRequestGenerator requestGen = new TimeStampRequestGenerator(); requestGen.setCertReq(true);/*ww w. j a va2s .c o m*/ TimeStampRequest request = requestGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( new JcaSimpleSignerInfoGeneratorBuilder().build("SHA1withRSA", privateKey, certificateChain.get(0)), new JcaDigestCalculatorProviderBuilder().build().get( new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)), new ASN1ObjectIdentifier("1.2")); tsTokenGen.addCertificates(certs); return tsTokenGen.generate(request, BigInteger.ONE, new Date()); }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
private Attribute createContentType() { // // final ASN1EncodableVector desSeq = new ASN1EncodableVector(); // // desSeq.add(new DERObjectIdentifier(ID_CONTENT_TYPE)); final ASN1EncodableVector setEV = new ASN1EncodableVector(); setEV.add(new DERObjectIdentifier(ID_PKCS7_DATA)); DERSet set = new DERSet(setEV); // // desSeq.add(set); // // DERSequence seq = new DERSequence(desSeq); Attribute seq1 = new Attribute(new ASN1ObjectIdentifier(ID_CONTENT_TYPE), set); return seq1;/*from ww w. j a va 2 s. com*/ }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
private Attribute createMessageDigest(byte[] origHash) { final ASN1EncodableVector setEV = new ASN1EncodableVector(); setEV.add(new DEROctetString(origHash)); DERSet set = new DERSet(setEV); Attribute seq1 = new Attribute(new ASN1ObjectIdentifier(ID_MESSAGE_DIGEST), set); return seq1;/*from w w w . j a v a 2s .co m*/ }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
private Attribute createSigningTime(Date now) { final ASN1EncodableVector setEV = new ASN1EncodableVector(); setEV.add(new DERUTCTime(now)); DERSet set = new DERSet(setEV); Attribute seq1 = new Attribute(new ASN1ObjectIdentifier(ID_SIGNING_TIME), set); return seq1;//from w ww .j av a 2 s. c o m }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
private Attribute createPolicyId(byte[] polHash, String polHashAlg, String sigPolicyUri, String sigPolicyId) { final ASN1EncodableVector desSeq12 = new ASN1EncodableVector(); desSeq12.add(new DERObjectIdentifier(polHashAlg)); DERSequence seq12 = new DERSequence(desSeq12); final ASN1EncodableVector desSeq1 = new ASN1EncodableVector(); desSeq1.add(seq12);/*from w ww . j av a 2 s. c o m*/ desSeq1.add(new DEROctetString(polHash)); DERSequence seq1 = new DERSequence(desSeq1); // // end seq 1 // IGUALAR AO ITAU final ASN1EncodableVector desSeq22 = new ASN1EncodableVector(); desSeq22.add(new DERObjectIdentifier(ID_SIG_POLICY_URI)); desSeq22.add(new DERIA5String(sigPolicyUri)); DERSequence seq22 = new DERSequence(desSeq22); final ASN1EncodableVector desSeq2 = new ASN1EncodableVector(); desSeq2.add(seq22); DERSequence seq2 = new DERSequence(desSeq2); final ASN1EncodableVector aevDSet1 = new ASN1EncodableVector(); final ASN1EncodableVector aevDSeq1 = new ASN1EncodableVector(); aevDSeq1.add(new DERObjectIdentifier(sigPolicyId)); aevDSeq1.add(seq1); aevDSeq1.add(seq2); DERSequence dsq1 = new DERSequence(aevDSeq1); aevDSet1.add(dsq1); DERSet ds1 = new DERSet(aevDSet1); Attribute ret = new Attribute(new ASN1ObjectIdentifier(ID_SIG_POLICY), ds1); return ret; }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
private Attribute createCertRef(byte[] certHash, X509Certificate certContent, boolean signingCertFallback, int hashId) throws Exception { // *** BEGIN *** // 5.2.1.1.3 Certificados Obrigatoriamente Referenciados // O atributo signingCertificate deve conter referncia apenas ao // certificado do signatrio. // 5.2.1.1.4 Certificados Obrigatrios do Caminho de Certificao // Para a verso 1.0: nenhum certificado // Para as verses 1.1, 2.0 e 2.1: o certificado do signatrio. // ESSCertIDv2 ::= SEQUENCE { // hashAlgorithm AlgorithmIdentifier // DEFAULT {algorithm id-sha256}, // certHash Hash, // issuerSerial IssuerSerial OPTIONAL // }/* w w w .ja v a2s .c om*/ // // Hash ::= OCTET STRING // // IssuerSerial ::= SEQUENCE { // issuer GeneralNames, // serialNumber CertificateSerialNumber // } final ASN1EncodableVector issuerSerialaev = new ASN1EncodableVector(); final ASN1EncodableVector issuerCertaev = new ASN1EncodableVector(); DERTaggedObject issuerName = new DERTaggedObject(true, 4, // issuer // GeneralNames, getEncodedIssuer(certContent.getTBSCertificate())); // DERTaggedObject issuerName = new DERTaggedObject(false, 0, // issuer // GeneralNames, // getEncodedIssuer(certContent.getTBSCertificate())); issuerCertaev.add(issuerName); DERSequence issuerCertseq = new DERSequence(issuerCertaev); // IssuerSerial // ::= // SEQUENCE // { issuerSerialaev.add(issuerCertseq); // serialNumber CertificateSerialNumber BigInteger serialNumber = certContent.getSerialNumber(); issuerSerialaev.add(new DERInteger(serialNumber)); DERSequence issuerSerial = new DERSequence(issuerSerialaev); // *** END *** final ASN1EncodableVector essCertIDv2aev = new ASN1EncodableVector(); essCertIDv2aev.add(new DEROctetString(certHash)); // Hash ::= OCTET // STRING essCertIDv2aev.add(issuerSerial); // ESSCertIDv2 ::= SEQUENCE { // hashAlgorithm AlgorithmIdentifier if (!((signingCertFallback && hashId == NDX_SHA1) || (!signingCertFallback && hashId == NDX_SHA256))) { DERObjectIdentifier hashAlgorithm = new DERObjectIdentifier(getHashAlg(hashId)); essCertIDv2aev.add(hashAlgorithm); } // Nota 4: Para o atributo ESSCertIDv2, utilizada nas verses 2.1 das // polticas de assinatura // baseadas em CAdES, as aplicaes NO DEVEM codificar o campo // hashAlgorithm caso // utilize o mesmo algoritmo definido como valor default (SHA-256), // conforme ISO 8825-1. DERSequence essCertIDv2seq = new DERSequence(essCertIDv2aev); // ************************************************************************ // final ASN1EncodableVector aevSeq3 = new ASN1EncodableVector(); aevSeq3.add(essCertIDv2seq); DERSequence seq3 = new DERSequence(aevSeq3); final ASN1EncodableVector aevSeq2 = new ASN1EncodableVector(); aevSeq2.add(seq3); DERSequence seq2 = new DERSequence(aevSeq2); final ASN1EncodableVector aevSet = new ASN1EncodableVector(); aevSet.add(seq2); ASN1Set mainSet = new DERSet(aevSet); Attribute seq1 = new Attribute( new ASN1ObjectIdentifier(signingCertFallback ? ID_SIGNING_CERT : ID_SIGNING_CERT2), mainSet); return seq1; }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
public static AlgorithmIdentifier createAlgorithm(int hashId) throws Exception { return new AlgorithmIdentifier(new ASN1ObjectIdentifier(DerEncoder.getHashAlg(hashId)), new DERNull()); }