List of usage examples for org.bouncycastle.asn1 DEROctetString DEROctetString
public DEROctetString(ASN1Encodable obj) throws IOException
From source file:io.aos.crypto.spl05.MyStructure.java
License:Apache License
/** * Constructor from corresponding Java objects and primitives. *///from w w w . ja v a2s. c om public MyStructure(int version, Date created, byte[] baseData, String extraData, String commentData) { this.version = new DERInteger(version); this.created = new DERGeneralizedTime(created); this.baseData = new DEROctetString(baseData); if (extraData != null) { this.extraData = new DERUTF8String(extraData); } if (commentData != null) { this.commentData = new DERUTF8String(commentData); } }
From source file:io.aos.crypto.spl06.PKCS10ExtensionExample.java
License:Apache License
public static PKCS10CertificationRequest generateRequest(KeyPair pair) throws Exception { // create a SubjectAlternativeName extension value GeneralNames subjectAltNames = new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test")); // create the extensions object and add it as an attribute Vector oids = new Vector(); Vector values = new Vector(); oids.add(X509Extensions.SubjectAlternativeName); values.add(new X509Extension(false, new DEROctetString(subjectAltNames))); X509Extensions extensions = new X509Extensions(oids, values); Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new DERSet(extensions)); return new PKCS10CertificationRequest("SHA256withRSA", new X500Principal("CN=Requested Test Certificate"), pair.getPublic(), new DERSet(attribute), pair.getPrivate()); }
From source file:io.aos.crypto.spl07.OCSPClientExample.java
License:Apache License
public static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException { // Generate the id for the certificate we are looking for CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert, serialNumber); // basic request generation with nonce OCSPReqGenerator gen = new OCSPReqGenerator(); gen.addRequest(id);/* w ww . jav a 2s . c o m*/ // create details for nonce extension BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis()); Vector oids = new Vector(); Vector values = new Vector(); oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce); values.add(new X509Extension(false, new DEROctetString(nonce.toByteArray()))); gen.setRequestExtensions(new X509Extensions(oids, values)); return gen.generate(); }
From source file:io.netty.example.ocsp.OcspRequestBuilder.java
License:Apache License
/** * ATTENTION: The returned {@link OCSPReq} is not re-usable/cacheable! It contains a one-time nonce * and CA's will (should) reject subsequent requests that have the same nonce value. *//*from w ww.ja v a2 s.c o m*/ public OCSPReq build() throws OCSPException, IOException, CertificateEncodingException { SecureRandom generator = checkNotNull(this.generator, "generator"); DigestCalculator calculator = checkNotNull(this.calculator, "calculator"); X509Certificate certificate = checkNotNull(this.certificate, "certificate"); X509Certificate issuer = checkNotNull(this.issuer, "issuer"); BigInteger serial = certificate.getSerialNumber(); CertificateID certId = new CertificateID(calculator, new X509CertificateHolder(issuer.getEncoded()), serial); OCSPReqBuilder builder = new OCSPReqBuilder(); builder.addRequest(certId); byte[] nonce = new byte[8]; generator.nextBytes(nonce); Extension[] extensions = new Extension[] { new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonce)) }; builder.setRequestExtensions(new Extensions(extensions)); return builder.build(); }
From source file:it.trento.comune.j4sign.cms.ExternalSignatureSignerInfoGenerator.java
License:Open Source License
/** * Generates the SignerInfo CMS structure information for a single signer. * This method has to be called after setting {@link #cert} * {@link #signedBytes}.//from www . j a v a2s . co m * * @return the <code>org.bouncycastle.asn1.cms.SignerInfo</code> object for * a signer. * @throws CertificateEncodingException * @throws IOException */ SignerInfo generate() throws CertificateEncodingException, IOException { AlgorithmIdentifier digAlgId = null; AlgorithmIdentifier encAlgId = null; digAlgId = new AlgorithmIdentifier(new DERObjectIdentifier(this.getDigestAlgOID()), new DERNull()); if (this.getEncryptionAlgOID().equals(CMSSignedDataGenerator.ENCRYPTION_DSA)) { encAlgId = new AlgorithmIdentifier(new DERObjectIdentifier(this.getEncryptionAlgOID())); } else { encAlgId = new AlgorithmIdentifier(new DERObjectIdentifier(this.getEncryptionAlgOID()), new DERNull()); } ASN1OctetString encDigest = new DEROctetString(this.signedBytes); X509Certificate cert = this.getCertificate(); ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getTBSCertificate()); ASN1InputStream aIn = new ASN1InputStream(bIn); TBSCertificateStructure tbs = TBSCertificateStructure.getInstance(aIn.readObject()); IssuerAndSerialNumber encSid = new IssuerAndSerialNumber(tbs.getIssuer(), cert.getSerialNumber()); return new SignerInfo(new SignerIdentifier(encSid), digAlgId, signedAttr, encAlgId, encDigest, unsignedAttr); }
From source file:it.trento.comune.j4sign.cms.ExternalSignatureSignerInfoGenerator.java
License:Open Source License
/** * Calculates the bytes to be externally signed (digested and encrypted with * signer private key).<br>//from ww w . j a v a2s .c om * The bytes are the DER encoding of authenticated attributes; the current * implementation includes this attributes: * <ul> * <li><b>content Type</b></li> of the provided content. * <li><b>message Digest</b></li> of the content, calculated in this method * with the algorithm specified in the class constructor. * <li><b>signing Time</b>. Note that time (internally stored as UTC) should * be presented to the signer BEFORE applying the external signature * procedure.<br> * This time has not to be confused with a thirdy part (Certification * Authority) certified timestamp ("Marcatura Temporale" in italian * terminology); for the italian digital signature law this attribute is not * mandatory and could be omitted. Nevertheless, the italian law states also * that the signature is valid if the certificate is not expired nor * suspended at the time of signature. So an indication of signing time is * (in my opinion) however useful.</li> * </ul> * * * @param contentType * the <code>org.bouncycastle.asn1.DERObjectIdentifier</code> of * the content. * @param hash * the content hash. * @param sigProvider * the cryptographic provider to use for calculating the digest * of the content. * @return a <code>byte[]</code> containing the raw bytes to be signed. * @throws IOException * @throws SignatureException * @throws InvalidKeyException * @throws NoSuchProviderException * @throws NoSuchAlgorithmException * @throws CertificateEncodingException * @throws CMSException */ public byte[] getBytesToSign(DERObjectIdentifier contentType, byte[] hash, Date signingDate, String sigProvider) throws IOException, SignatureException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException, CertificateEncodingException, CMSException { if (signingDate == null) signingDate = new Date(); AttributeTable attr = this.getSignedAttributes(); if (attr != null) { ASN1EncodableVector v = new ASN1EncodableVector(); if (attr.get(CMSAttributes.contentType) == null) { v.add(new Attribute(CMSAttributes.contentType, new DERSet(contentType))); } else { v.add(attr.get(CMSAttributes.contentType)); } if (attr.get(CMSAttributes.signingTime) == null) { v.add(new Attribute(CMSAttributes.signingTime, new DERSet(new DERUTCTime(signingDate)))); } else { v.add(attr.get(CMSAttributes.signingTime)); } v.add(new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(hash)))); // CAdES! v.add(buildSigningCertificateV2Attribute(sigProvider)); Hashtable ats = attr.toHashtable(); ats.remove(CMSAttributes.contentType); ats.remove(CMSAttributes.signingTime); ats.remove(CMSAttributes.messageDigest); ats.remove(PKCSObjectIdentifiers.id_aa_signingCertificateV2); Iterator it = ats.values().iterator(); while (it.hasNext()) { v.add(Attribute.getInstance(it.next())); } signedAttr = new DERSet(v); } else { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new Attribute(CMSAttributes.contentType, new DERSet(contentType))); v.add(new Attribute(CMSAttributes.signingTime, new DERSet(new DERUTCTime(signingDate)))); v.add(new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(hash)))); // CAdES! v.add(buildSigningCertificateV2Attribute(sigProvider)); signedAttr = new DERSet(v); } attr = this.getUnsignedAttributes(); if (attr != null) { Hashtable ats = attr.toHashtable(); Iterator it = ats.values().iterator(); ASN1EncodableVector v = new ASN1EncodableVector(); while (it.hasNext()) { v.add(Attribute.getInstance(it.next())); } unsignedAttr = new DERSet(v); } // // sig must be composed from the DER encoding. // ByteArrayOutputStream bOut = new ByteArrayOutputStream(); DEROutputStream dOut = new DEROutputStream(bOut); dOut.writeObject(signedAttr); return bOut.toByteArray(); }
From source file:jcifs.spnego.NegTokenInit.java
License:Open Source License
@Override public byte[] toByteArray() { try {//from w ww . j av a 2 s. c om ASN1EncodableVector fields = new ASN1EncodableVector(); Oid[] mechs = getMechanisms(); if (mechs != null) { ASN1EncodableVector vector = new ASN1EncodableVector(); for (int i = 0; i < mechs.length; i++) { vector.add(ASN1ObjectIdentifier.getInstance(mechs[i].getDER())); } fields.add(new DERTaggedObject(true, 0, new DERSequence(vector))); } int ctxFlags = getContextFlags(); if (ctxFlags != 0) { fields.add(new DERTaggedObject(true, 1, new DERBitString(ctxFlags))); } byte[] mechanismToken = getMechanismToken(); if (mechanismToken != null) { fields.add(new DERTaggedObject(true, 2, new DEROctetString(mechanismToken))); } byte[] mechanismListMIC = getMechanismListMIC(); if (mechanismListMIC != null) { fields.add(new DERTaggedObject(true, 3, new DEROctetString(mechanismListMIC))); } ASN1EncodableVector ev = new ASN1EncodableVector(); ev.add(SPNEGO_OID); ev.add(new DERTaggedObject(true, 0, new DERSequence(fields))); ByteArrayOutputStream collector = new ByteArrayOutputStream(); DEROutputStream der = new DEROutputStream(collector); DERApplicationSpecific derApplicationSpecific = new DERApplicationSpecific(0, ev); der.writeObject(derApplicationSpecific); return collector.toByteArray(); } catch (IOException | GSSException ex) { throw new IllegalStateException(ex.getMessage()); } }
From source file:jcifs.spnego.NegTokenTarg.java
License:Open Source License
@Override public byte[] toByteArray() { try {//from w ww . jav a 2 s . c o m ByteArrayOutputStream collector = new ByteArrayOutputStream(); DEROutputStream der = new DEROutputStream(collector); ASN1EncodableVector fields = new ASN1EncodableVector(); int res = getResult(); if (res != UNSPECIFIED_RESULT) { fields.add(new DERTaggedObject(true, 0, ASN1Enumerated.getInstance(res))); } Oid mech = getMechanism(); if (mech != null) { fields.add(new DERTaggedObject(true, 1, ASN1ObjectIdentifier.getInstance(mech.getDER()))); } byte[] mechanismToken = getMechanismToken(); if (mechanismToken != null) { fields.add(new DERTaggedObject(true, 2, new DEROctetString(mechanismToken))); } byte[] mechanismListMIC = getMechanismListMIC(); if (mechanismListMIC != null) { fields.add(new DERTaggedObject(true, 3, new DEROctetString(mechanismListMIC))); } der.writeObject(new DERTaggedObject(true, 1, new DERSequence(fields))); return collector.toByteArray(); } catch (IOException | GSSException ex) { throw new IllegalStateException(ex.getMessage()); } }
From source file:mitm.common.security.asn1.DERUtils.java
License:Open Source License
/** * Converts the byte array to a DER encoded octet string. * @param data// w w w . ja v a 2 s . c om * @return * @throws IOException */ public static byte[] toDEREncodedOctetString(byte[] data) throws IOException { return new DEROctetString(data).getEncoded(ASN1Encoding.DER); }
From source file:mitm.common.security.certificate.X509CertificateMicrosoftSKI.java
License:Open Source License
@Override public byte[] getExtensionValue(String oid) { byte[] ski;//w w w . j av a 2s . co m ski = delegate.getExtensionValue(oid); if (ski == null && StringUtils.equals(X509Extension.subjectKeyIdentifier.getId(), oid)) { /* * The subject key indentifier (SKI) is not part of the certificate. We need to calculate * the SKI in Microsoft's non-standard way and return it. */ try { ski = X509CertificateInspector.calculateSubjectKeyIdentifierMicrosoft(delegate); /* * X509Certificate wraps the extension in a DER object */ ski = new DEROctetString(new DEROctetString(ski)).getEncoded(); } catch (IOException e) { /* * getExtensionValue cannot throw exceptions. We will therefore silently * discard the exception and return null. */ ski = null; } } return ski; }