List of usage examples for org.bouncycastle.asn1 DERBitString DERBitString
public DERBitString(ASN1Encodable obj) throws IOException
From source file:ch.bfh.unicert.certimport.CertificateIssuer.java
License:GNU General Public License
public Certificate createClientCertificate(IdentityData id, String keyStorePath, PublicKey pk, int validity, String applicationIdentifier, String[] roles, String uniBoardWsdlURL, String uniBoardServiceURL, String section) throws CertificateCreationException { X509Certificate caCert;/*from w ww .j av a 2 s .com*/ RSAPrivateCrtKey privKey; try { caCert = this.readIssuerCertificate(this.issuerId); privKey = this.readPrivateKey(this.issuerId, this.privKeyPass); } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException ex) { logger.log(Level.SEVERE, null, ex); throw new CertificateCreationException("230 Could not create client certificate. Key error"); } RSAPrivateCrtKeyParameters cipherParams = this.createIssuerCipherParams(privKey); X509Certificate clientCert; Hashtable extension = new Hashtable(); extension.put(new DERObjectIdentifier(ExtensionOID.APPLICATION_IDENTIFIER.getOID()), new X509Extension(DERBoolean.FALSE, CertificateHelper.stringToDER(applicationIdentifier))); String completeRole = ""; for (String role : roles) { completeRole += role + ", "; } completeRole = completeRole.substring(0, completeRole.length() - 2); extension.put(new DERObjectIdentifier(ExtensionOID.ROLE.getOID()), new X509Extension(DERBoolean.FALSE, CertificateHelper.stringToDER(completeRole))); extension.put(new DERObjectIdentifier(ExtensionOID.IDENTITY_PROVIDER.getOID()), new X509Extension(DERBoolean.FALSE, CertificateHelper.stringToDER(id.getIdentityProvider()))); Map<String, String> extensionMap = new HashMap(); if (id.getOtherValues() != null) { for (Entry<ExtensionOID, String> entry : id.getOtherValues().entrySet()) { extension.put(new DERObjectIdentifier(entry.getKey().getOID()), new X509Extension(DERBoolean.FALSE, CertificateHelper.stringToDER(entry.getValue()))); extensionMap.put(entry.getKey().getName(), entry.getValue()); } } try { String x509NameString = ""; x509NameString += "CN=" + id.getCommonName(); if (id.getSurname() != null && !id.getSurname().equals("")) { x509NameString += ", SURNAME=" + id.getSurname(); } if (id.getGivenName() != null && !id.getGivenName().equals("")) { x509NameString += ", GIVENNAME=" + id.getGivenName(); } if (id.getUniqueIdentifier() != null && !id.getUniqueIdentifier().equals("")) { x509NameString += ", UID=" + id.getUniqueIdentifier(); } if (id.getOrganisation() != null && !id.getOrganisation().equals("")) { x509NameString += ", O=" + id.getOrganisation(); } if (id.getOrganisationUnit() != null && !id.getOrganisationUnit().equals("")) { x509NameString += ", OU=" + id.getOrganisationUnit(); } if (id.getCountryName() != null && !id.getCountryName().equals("")) { x509NameString += ", C=" + id.getCountryName(); } if (id.getState() != null && !id.getState().equals("")) { x509NameString += ", ST=" + id.getState(); } if (id.getLocality() != null && !id.getLocality().equals("")) { x509NameString += ", L=" + id.getLocality(); } X509Name x509Name = new X509Name(x509NameString); V3TBSCertificateGenerator certGen = new V3TBSCertificateGenerator(); certGen.setSerialNumber(new DERInteger(BigInteger.valueOf(System.currentTimeMillis()))); certGen.setIssuer(PrincipalUtil.getSubjectX509Principal(caCert)); certGen.setSubject(x509Name); certGen.setExtensions(new X509Extensions(extension)); DERObjectIdentifier sigOID = new DERObjectIdentifier("1.2.840.113549.1.1.5"); AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(sigOID, new DERNull()); certGen.setSignature(sigAlgId); certGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo( (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(pk.getEncoded())).readObject())); certGen.setStartDate(new Time(new Date(System.currentTimeMillis()))); certGen.setEndDate(new Time(getExpiryDate(validity).getTime())); TBSCertificateStructure tbsCert = certGen.generateTBSCertificate(); //Sign certificate SHA1Digest digester = new SHA1Digest(); AsymmetricBlockCipher rsa = new PKCS1Encoding(new RSAEngine()); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); DEROutputStream dOut = new DEROutputStream(bOut); dOut.writeObject(tbsCert); byte[] signature; byte[] certBlock = bOut.toByteArray(); // first create digest digester.update(certBlock, 0, certBlock.length); byte[] hash = new byte[digester.getDigestSize()]; digester.doFinal(hash, 0); // then sign it rsa.init(true, cipherParams); DigestInfo dInfo = new DigestInfo(new AlgorithmIdentifier(X509ObjectIdentifiers.id_SHA1, null), hash); byte[] digest = dInfo.getEncoded(ASN1Encodable.DER); signature = rsa.processBlock(digest, 0, digest.length); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(tbsCert); v.add(sigAlgId); v.add(new DERBitString(signature)); // Create CRT data structure clientCert = new X509CertificateObject(new X509CertificateStructure(new DERSequence(v))); clientCert.verify(caCert.getPublicKey()); } catch (IOException | InvalidCipherTextException | CertificateException | NoSuchAlgorithmException | InvalidKeyException | NoSuchProviderException | SignatureException e) { logger.log(Level.SEVERE, "Could not create client certificate: {0}", new Object[] { e.getMessage() }); throw new CertificateCreationException("230 Could not create client certificate"); } Certificate cert = new Certificate(clientCert, id.getCommonName(), id.getUniqueIdentifier(), id.getOrganisation(), id.getOrganisationUnit(), id.getCountryName(), id.getState(), id.getLocality(), id.getSurname(), id.getGivenName(), applicationIdentifier, roles, id.getIdentityProvider(), extensionMap); //post message on UniBoard if corresponding JNDI parameter is defined postOnUniBoard(cert, uniBoardWsdlURL, uniBoardServiceURL, section, (RSAPublicKey) caCert.getPublicKey(), privKey); return cert; }
From source file:ch.bfh.unicert.issuer.CertificateIssuerBean.java
License:GNU General Public License
/** * Actually creates the requestor certificate. * * @param id requestor identity data/*from w ww. ja v a 2 s . c o m*/ * @param caCert certificate of the certification authority * @param cipherParams issuer private key parameters used for signing * @param pk public key of the requestor to certify * @param expiry the expiry date * @param applicationIdentifier the application identifier for which te certificate is issued * @param role role for which the certificate is issued * @return the certificate object containing the X509 certificate * @throws CertificateCreationException if an error occurs */ private Certificate createClientCertificate(IdentityData id, X509Certificate caCert, CipherParameters cipherParams, PublicKey pk, Calendar expiry, String applicationIdentifier, String[] roles) throws CertificateCreationException { X509Certificate clientCert; Hashtable extension = new Hashtable(); extension.put(new DERObjectIdentifier(ExtensionOID.APPLICATION_IDENTIFIER.getOID()), new X509Extension(DERBoolean.FALSE, CertificateHelper.stringToDER(applicationIdentifier))); String completeRole = ""; for (String role : roles) { completeRole += role + ", "; } completeRole = completeRole.substring(0, completeRole.length() - 2); extension.put(new DERObjectIdentifier(ExtensionOID.ROLE.getOID()), new X509Extension(DERBoolean.FALSE, CertificateHelper.stringToDER(completeRole))); extension.put(new DERObjectIdentifier(ExtensionOID.IDENTITY_PROVIDER.getOID()), new X509Extension(DERBoolean.FALSE, CertificateHelper.stringToDER(id.getIdentityProvider()))); Map<String, String> extensionMap = new HashMap(); if (id.getOtherValues() != null) { for (Entry<ExtensionOID, String> entry : id.getOtherValues().entrySet()) { extension.put(new DERObjectIdentifier(entry.getKey().getOID()), new X509Extension(DERBoolean.FALSE, CertificateHelper.stringToDER(entry.getValue()))); extensionMap.put(entry.getKey().getName(), entry.getValue()); } } try { String x509NameString = ""; x509NameString += "CN=" + id.getCommonName(); if (id.getSurname() != null && !id.getSurname().equals("")) { x509NameString += ", SURNAME=" + id.getSurname(); } if (id.getGivenName() != null && !id.getGivenName().equals("")) { x509NameString += ", GIVENNAME=" + id.getGivenName(); } if (id.getUniqueIdentifier() != null && !id.getUniqueIdentifier().equals("")) { x509NameString += ", UID=" + id.getUniqueIdentifier(); } if (id.getOrganisation() != null && !id.getOrganisation().equals("")) { x509NameString += ", O=" + id.getOrganisation(); } if (id.getOrganisationUnit() != null && !id.getOrganisationUnit().equals("")) { x509NameString += ", OU=" + id.getOrganisationUnit(); } if (id.getCountryName() != null && !id.getCountryName().equals("")) { x509NameString += ", C=" + id.getCountryName(); } if (id.getState() != null && !id.getState().equals("")) { x509NameString += ", ST=" + id.getState(); } if (id.getLocality() != null && !id.getLocality().equals("")) { x509NameString += ", L=" + id.getLocality(); } X509Name x509Name = new X509Name(x509NameString); V3TBSCertificateGenerator certGen = new V3TBSCertificateGenerator(); certGen.setSerialNumber(new DERInteger(BigInteger.valueOf(System.currentTimeMillis()))); certGen.setIssuer(PrincipalUtil.getSubjectX509Principal(caCert)); certGen.setSubject(x509Name); certGen.setExtensions(new X509Extensions(extension)); DERObjectIdentifier sigOID = new DERObjectIdentifier("1.2.840.113549.1.1.5"); AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(sigOID, new DERNull()); certGen.setSignature(sigAlgId); certGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo( (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(pk.getEncoded())).readObject())); certGen.setStartDate(new Time(new Date(System.currentTimeMillis()))); certGen.setEndDate(new Time(expiry.getTime())); TBSCertificateStructure tbsCert = certGen.generateTBSCertificate(); //Sign certificate SHA1Digest digester = new SHA1Digest(); AsymmetricBlockCipher rsa = new PKCS1Encoding(new RSAEngine()); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); DEROutputStream dOut = new DEROutputStream(bOut); dOut.writeObject(tbsCert); byte[] signature; byte[] certBlock = bOut.toByteArray(); // first create digest digester.update(certBlock, 0, certBlock.length); byte[] hash = new byte[digester.getDigestSize()]; digester.doFinal(hash, 0); // then sign it rsa.init(true, cipherParams); DigestInfo dInfo = new DigestInfo(new AlgorithmIdentifier(X509ObjectIdentifiers.id_SHA1, null), hash); byte[] digest = dInfo.getEncoded(ASN1Encodable.DER); signature = rsa.processBlock(digest, 0, digest.length); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(tbsCert); v.add(sigAlgId); v.add(new DERBitString(signature)); // Create CRT data structure clientCert = new X509CertificateObject(new X509CertificateStructure(new DERSequence(v))); clientCert.verify(caCert.getPublicKey()); } catch (IOException | CertificateException | NoSuchAlgorithmException | InvalidKeyException | NoSuchProviderException | InvalidCipherTextException | SignatureException e) { logger.log(Level.SEVERE, "Could not create client certificate: {0}", new Object[] { e.getMessage() }); throw new CertificateCreationException("230 Could not create client certificate"); } return new Certificate(clientCert, id.getCommonName(), id.getUniqueIdentifier(), id.getOrganisation(), id.getOrganisationUnit(), id.getCountryName(), id.getState(), id.getLocality(), id.getSurname(), id.getGivenName(), applicationIdentifier, roles, id.getIdentityProvider(), extensionMap); }
From source file:com.google.bitcoin.core.ECKey.java
License:Apache License
/** * Output this ECKey as an ASN.1 encoded private key, as understood by OpenSSL or used by the BitCoin reference * implementation in its wallet storage format. *//*from w w w. j a v a 2s . c o m*/ public byte[] toASN1() { try { ByteArrayOutputStream baos = new ByteArrayOutputStream(400); // ASN1_SEQUENCE(EC_PRIVATEKEY) = { // ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG), // ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING), // ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0), // ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1) // } ASN1_SEQUENCE_END(EC_PRIVATEKEY) DERSequenceGenerator seq = new DERSequenceGenerator(baos); seq.addObject(new ASN1Integer(1)); // version seq.addObject(new DEROctetString(priv.toByteArray())); seq.addObject(new DERTaggedObject(0, SECNamedCurves.getByName("secp256k1").toASN1Primitive())); seq.addObject(new DERTaggedObject(1, new DERBitString(getPubKey()))); seq.close(); return baos.toByteArray(); } catch (IOException e) { throw new RuntimeException(e); // Cannot happen, writing to memory stream. } }
From source file:com.peterphi.std.crypto.keygen.CaHelper.java
License:Open Source License
static private X509V3CertificateGenerator addCaExtensions(X509V3CertificateGenerator gen, PublicKey pubKey) throws Exception { gen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true)); gen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyCertSign | KeyUsage.cRLSign)); gen.addExtension(X509Extensions.ExtendedKeyUsage, getExtendedKeyUsageCriticality(), new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)); // gen.addExtension(X509Extensions.SubjectAlternativeName, false, // new GeneralNames(new GeneralName(GeneralName.rfc822Name, // "test@test.test"))); // netscape-cert-type "2.16.840.1.113730.1.1" // * bit-0 SSL client - 128 // * bit-1 SSL server - 64 // * bit-2 S/MIME - 32 // * bit-3 Object Signing - 16 // * bit-4 Reserved - 8 // * bit-5 SSL CA - 4 // * bit-6 S/MIME CA - 2 // * bit-7 Object Signing CA - 1 gen.addExtension(netscapeCertType, false, new DERBitString(new byte[] { Byte.MAX_VALUE })); // was 4 addSubjectKeyIdentifier(gen, pubKey); addAuthorityKeyIdentifier(gen, pubKey); return gen;/*www . j av a 2s. c o m*/ }
From source file:com.peterphi.std.crypto.keygen.CaHelper.java
License:Open Source License
@SuppressWarnings("unused") static private X509V3CertificateGenerator addServerExtensions(X509V3CertificateGenerator gen, PublicKey pubKey) throws Exception { gen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true)); gen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment)); gen.addExtension(X509Extensions.ExtendedKeyUsage, getExtendedKeyUsageCriticality(), new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)); // gen.addExtension(X509Extensions.SubjectAlternativeName, false, // new GeneralNames(new GeneralName(GeneralName.rfc822Name, // "test@test.test"))); // netscape-cert-type "2.16.840.1.113730.1.1" // * bit-0 SSL client - 128 // * bit-1 SSL server - 64 // * bit-2 S/MIME - 32 // * bit-3 Object Signing - 16 // * bit-4 Reserved - 8 // * bit-5 SSL CA - 4 // * bit-6 S/MIME CA - 2 // * bit-7 Object Signing CA - 1 gen.addExtension(netscapeCertType, false, new DERBitString(new byte[] { -16 })); // was 4 addSubjectKeyIdentifier(gen, pubKey); addAuthorityKeyIdentifier(gen, pubKey); return gen;//from w w w.j a v a 2 s. c o m }
From source file:com.vmware.identity.rest.core.test.util.CertificateGenerator.java
License:Open Source License
/** * Generate a self-signed X.509 certificate * * @param pair the key pair to use when signing the certificate * @param algorithm the signing algorithm to use * @param dn the X.509 distinguished name for the certificate * @return a self-signed X.509 certificate * @throws NoSuchAlgorithmException//from ww w . j a va2 s .c om * @throws NoSuchProviderException * @throws InvalidKeyException * @throws SignatureException * @throws IOException * @throws CertificateException */ public static X509Certificate generateSelfSignedCertificate(KeyPair pair, AlgorithmName algorithm, String dn) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException, IOException, CertificateException { if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } AtomicLong serialNumber = new AtomicLong(System.currentTimeMillis()); X500Name owner = new X500Name(dn); V1TBSCertificateGenerator generator = new V1TBSCertificateGenerator(); long time = System.currentTimeMillis(); generator.setSerialNumber(new ASN1Integer(serialNumber.getAndIncrement())); generator.setIssuer(owner); generator.setSubject(owner); generator.setStartDate(new Time(new Date(time - 5000))); generator.setEndDate(new Time(new Date(time + 30 * 60 * 1000))); generator.setSignature(ALGORITHM_IDS.get(algorithm)); generator.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded())); Signature sig = Signature.getInstance(algorithm.toString(), "BC"); sig.initSign(pair.getPrivate()); sig.update(generator.generateTBSCertificate().getEncoded(ASN1Encoding.DER)); TBSCertificate tbsCert = generator.generateTBSCertificate(); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(tbsCert); v.add(ALGORITHM_IDS.get(algorithm)); v.add(new DERBitString(sig.sign())); return (X509Certificate) CertificateFactory.getInstance("X.509", "BC") .generateCertificate(new ByteArrayInputStream(new DERSequence(v).getEncoded(ASN1Encoding.DER))); }
From source file:com.yacme.ext.oxsit.cust_it.security.crl.X509CertRL.java
License:Open Source License
/** * Controls if the given certificate is revoked at the specified date. * Effettua il controllo di revoca sulla firma contenuta nel certificato * userCert, rispetto alla data corrente<br><br> * * @param userCert certificate to verify * @param date Date/* ww w .jav a 2s. c o m*/ * @return true if certificate is not revoked */ public boolean isNotRevokedCRL(XStatusIndicator _aStatus, X509Certificate userCert, Date date) { setCertificateStateConditions(CertificateStateConditions.REVOCATION_NOT_YET_CONTROLLED); X509CRL crl = null; //check if we have a status indicator m_xStatusIndicator = _aStatus; getConfiguration(); //check if CRL control is enabled if (m_bDisableCRLControl) { setCertificateStateConditions(CertificateStateConditions.REVOCATION_CONTROL_NOT_ENABLED); setCertificateState(CertificateState.NOT_VERIFIABLE); return false; } try { // devo fare l'update per compatibilita' all'indietro! if (!update(userCert, date, m_bAlwaysDownloadCRL)) { return false; } else { crl = (X509CRL) crls.get(userCert.getIssuerX500Principal()); } X509CRLEntry entry = crl.getRevokedCertificate(userCert.getSerialNumber()); if (entry == null) { trace("Verifica di revoca del certificato effettuata correttamente" + "\n***Fine Verifica CRL***"); setCertificateStateConditions(CertificateStateConditions.REVOCATION_CONTROLLED_OK); setCertificateState(CertificateState.OK); return true; } if (crl.getVersion() >= 1) { // CRL versione 2 o superiore: prevede le extensions String reason = null; Date revDate = null; try { revDate = entry.getRevocationDate(); byte[] extVal = entry.getExtensionValue("2.5.29.21"); if (extVal != null) { trace("ReasonCode presente"); DERBitString dbs = new DERBitString(extVal); reason = dbs.getString(); trace("ReasonCode trovato (DERBitString): " + reason); if (reason.endsWith("0")) { trace("unspecified(0)"); reasonCode = "in data " + revDate + " :\n unspecified(0)"; } if (reason.endsWith("1")) { trace("keyCompromise(1)"); reasonCode = "in data " + revDate + " :\n keyCompromise(1)"; } if (reason.endsWith("2")) { trace("cACompromise(2)"); reasonCode = "in data " + revDate + " :\n cACompromise(2)"; } if (reason.endsWith("3")) { trace("affiliationChanged(3)"); reasonCode = "in data " + revDate + " :\n affiliationChanged(3)"; } if (reason.endsWith("4")) { trace("superseded(4)"); reasonCode = "in data " + revDate + " :\n superseded(4)"; } if (reason.endsWith("5")) { trace("cessationOfOperation(5)"); reasonCode = "in data " + revDate + " :\n cessationOfOperation(5)"; } if (reason.endsWith("8")) { trace("removeFromCRL(8)"); reasonCode = "in data " + revDate + " :\n removeFromCRL(8)"; } if (reason.endsWith("6")) { //ReasonFlags.CERTIFICATEHOLD // il certificato e' sospeso .... if (date.before(revDate)) { trace("Il certificato risulta sospeso alla data: " + revDate); trace("data revoca " + revDate + " e data di controllo " + date); reasonCode = "data revoca " + revDate + " e data di controllo " + date; setCertificateStateConditions(CertificateStateConditions.REVOCATION_CONTROLLED_OK); setCertificateState(CertificateState.SUSPENDED); return true; // o false da decidere } else { trace("Il certificato risulta sospeso in data: " + revDate); reasonCode = "Il certificato risulta sospeso in data: " + revDate; traceDialog(reasonCode); setCertificateStateConditions(CertificateStateConditions.REVOCATION_CONTROLLED_OK); setCertificateState(CertificateState.SUSPENDED); return false; } } } // il certificato e' veramente revocato .... if (date.before(revDate)) { //non ancora revocato trace("Il certificato risulta revocato dopo il " + date + " (data di revoca: " + revDate); reasonCode = "in futuro.\nIl certificato risulta revocato dopo il " + date + " (data di revoca: " + revDate; traceDialog(reasonCode); setCertificateStateConditions(CertificateStateConditions.REVOCATION_CONTROLLED_OK); setCertificateState(CertificateState.REVOKED); return true; // o false da decidere } else { trace("Il certificato risulta revocato in data: " + revDate); if (reasonCode == null) { reasonCode = "in data: " + revDate; } traceDialog(reasonCode); setCertificateStateConditions(CertificateStateConditions.REVOCATION_CONTROLLED_OK); setCertificateState(CertificateState.REVOKED); return false; } } catch (Throwable ex) { trace(ex); traceDialog( "isNotRevoked - Errore nella lettura delle estensioni di revoca -> " + ex.getMessage()); setCertificateStateConditions(CertificateStateConditions.REVOCATION_CONTROLLED_OK); setCertificateState(CertificateState.NOT_YET_VERIFIED); return false; } // la versione della CRL e' la uno e quindi non si pu distinguere // la motivazione della revoca -> certificato revocato e basta. } else { trace("CRL V.1 : il certificato risulta revocato/sospeso"); //set state as revoked traceDialog("CRL V.1 : il certificato risulta revocato/sospeso"); setCertificateStateConditions(CertificateStateConditions.REVOCATION_CONTROLLED_OK); setCertificateState(CertificateState.REVOKED); return false; // o false da decidere } } catch (Throwable e) { //trace(e); traceDialog("isNotRevoked - Errore generico nel metodo -> ", e); setCertificateStateConditions(CertificateStateConditions.REVOCATION_NOT_YET_CONTROLLED); setCertificateState(CertificateState.NOT_YET_VERIFIED); return false; } }
From source file:de.carne.certmgr.store.provider.bouncycastle.BouncyCastleASN1Encoder.java
License:Open Source License
@Override public void asn1EncodeBitString(byte[] bs) { asn1Encode(new DERBitString(bs)); }
From source file:edu.tamu.tcat.crypto.bouncycastle.ASN1SeqKeyImpl.java
License:Apache License
private static DERBitString getPublic(java.security.interfaces.ECPrivateKey key) throws EncodingException { BCECPrivateKey priv = (BCECPrivateKey) key; org.bouncycastle.math.ec.ECPoint g = priv.getParameters().getG(); org.bouncycastle.math.ec.ECPoint q = g.multiply(priv.getS()); return new DERBitString(q.getEncoded()); }
From source file:edu.tamu.tcat.crypto.bouncycastle.ASN1SeqKeyImpl.java
License:Apache License
private static ASN1Sequence getCurve(EllipticCurve curve) throws EncodingException { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DEROctetString(getInteger(curve.getA()))); v.add(new DEROctetString(getInteger(curve.getB()))); byte[] seed = curve.getSeed(); if (seed != null) v.add(new DERBitString(seed)); return new DERSequence(v); }