List of usage examples for org.bouncycastle.asn1 DEROctetString DEROctetString
public DEROctetString(ASN1Encodable obj) throws IOException
From source file:org.psl.fidouaf.core.ops.AuthenticationResponseProcessing.java
License:Apache License
private boolean verifySignature(Tag signedData, Tag signature, String pubKey, AlgAndEncodingEnum algAndEncoding) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, UnsupportedEncodingException, Exception { byte[] dataForSigning = getDataForSigning(signedData); logger.info(" : pub : " + pubKey); logger.info(" : dataForSigning : " + Base64.encodeBase64URLSafeString(dataForSigning)); logger.info(" : signature : " + Base64.encodeBase64URLSafeString(signature.value)); // This works // return NamedCurve.verify(KeyCodec.getKeyAsRawBytes(pubKey), // dataForSigning, Asn1.decodeToBigIntegerArray(signature.value)); byte[] decodeBase64 = Base64.decodeBase64(pubKey); /**//from w ww .ja v a 2 s. c o m * decoding public_key one more time to allow it to be passed onto X509 * function to form a x509 type certificate for further usage (for RSA * key data) */ // System.out.println("\nDecoded base 64 public Key: "+ new // String(decodeBase64)); // decodeBase64 = Base64.decodeBase64(decodeBase64); System.out .println("\ndecoded base 64 public key (2nd time to sent to x509 spec)" + new String(decodeBase64)); if (algAndEncoding == AlgAndEncodingEnum.UAF_ALG_SIGN_RSASSA_PSS_SHA256_RAW) { PublicKey publicKey = KeyCodec.getRSAPublicKey(decodeBase64); return RSA.verifyPSS(publicKey, SHA.sha(dataForSigning, "SHA-256"), signature.value); } else if (algAndEncoding == AlgAndEncodingEnum.UAF_ALG_SIGN_RSASSA_PSS_SHA256_DER) { /** commented below code for IOS (RSA keys) compatibility */ // PublicKey publicKey = KeyCodec.getRSAPublicKey(new // DEROctetString(decodeBase64).getOctets()); // return RSA.verifyPSS(publicKey, SHA.sha(dataForSigning, // "SHA-256"), new DEROctetString(signature.value).getOctets()); PublicKey publicKey = KeyCodec.getPublicKey(new DEROctetString(decodeBase64).getOctets()); return RSA.verifySimpleRSA(publicKey, dataForSigning, signature.value); } else { if (algAndEncoding == AlgAndEncodingEnum.UAF_ALG_SIGN_SECP256K1_ECDSA_SHA256_DER) { ECPublicKey decodedPub = (ECPublicKey) KeyCodec.getPubKeyFromCurve(decodeBase64, "secp256k1"); return NamedCurve.verifyUsingSecp256k1(KeyCodec.getKeyAsRawBytes(decodedPub), SHA.sha(dataForSigning, "SHA-256"), Asn1.decodeToBigIntegerArray(signature.value)); } if (algAndEncoding == AlgAndEncodingEnum.UAF_ALG_SIGN_SECP256R1_ECDSA_SHA256_DER) { if (decodeBase64.length > 65) { return NamedCurve.verify(KeyCodec.getKeyAsRawBytes(pubKey), SHA.sha(dataForSigning, "SHA-256"), Asn1.decodeToBigIntegerArray(signature.value)); } else { ECPublicKey decodedPub = (ECPublicKey) KeyCodec.getPubKeyFromCurve(decodeBase64, "secp256r1"); return NamedCurve.verify(KeyCodec.getKeyAsRawBytes(decodedPub), SHA.sha(dataForSigning, "SHA-256"), Asn1.decodeToBigIntegerArray(signature.value)); } } if (signature.value.length == 64) { ECPublicKey decodedPub = (ECPublicKey) KeyCodec.getPubKeyFromCurve(decodeBase64, "secp256r1"); return NamedCurve.verify(KeyCodec.getKeyAsRawBytes(decodedPub), SHA.sha(dataForSigning, "SHA-256"), Asn1.transformRawSignature(signature.value)); } else if (65 == decodeBase64.length && AlgAndEncodingEnum.UAF_ALG_SIGN_SECP256R1_ECDSA_SHA256_DER == algAndEncoding) { ECPublicKey decodedPub = (ECPublicKey) KeyCodec.getPubKeyFromCurve(decodeBase64, "secp256r1"); return NamedCurve.verify(KeyCodec.getKeyAsRawBytes(decodedPub), SHA.sha(dataForSigning, "SHA-256"), Asn1.decodeToBigIntegerArray(signature.value)); } else { return NamedCurve.verify(KeyCodec.getKeyAsRawBytes(pubKey), SHA.sha(dataForSigning, "SHA-256"), Asn1.decodeToBigIntegerArray(signature.value)); } } }
From source file:org.qipki.crypto.x509.X509GeneratorImpl.java
License:Open Source License
@SuppressWarnings({ "UseOfObsoleteCollectionType", "unchecked" })
private DERSet generateSANAttribute(GeneralNames subGeneralNames) {
if (subGeneralNames == null) {
return new DERSet();
}/*from w ww . j a v a2 s.c om*/
Vector oids = new Vector();
Vector values = new Vector();
oids.add(X509Extensions.SubjectAlternativeName);
values.add(new X509Extension(false, new DEROctetString(subGeneralNames)));
X509Extensions extensions = new X509Extensions(oids, values);
Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,
new DERSet(extensions));
return new DERSet(attribute);
}
From source file:org.signserver.module.mrtdsodsigner.jmrtd.SODFile.java
License:Open Source License
private static ContentInfo createContentInfo(String digestAlgorithm, Map<Integer, byte[]> dataGroupHashes, String ldsVersion, String unicodeVersion) throws NoSuchAlgorithmException, IOException { DataGroupHash[] dataGroupHashesArray = new DataGroupHash[dataGroupHashes.size()]; int i = 0;//ww w . ja va 2s . c om for (int dataGroupNumber : dataGroupHashes.keySet()) { byte[] hashBytes = dataGroupHashes.get(dataGroupNumber); DataGroupHash hash = new DataGroupHash(dataGroupNumber, new DEROctetString(hashBytes)); dataGroupHashesArray[i++] = hash; } AlgorithmIdentifier digestAlgorithmIdentifier = new AlgorithmIdentifier( lookupOIDByMnemonic(digestAlgorithm)); LDSVersionInfo ldsVersionInfo; if (ldsVersion == null) { ldsVersionInfo = null; } else { ldsVersionInfo = new LDSVersionInfo(new DERPrintableString(ldsVersion, true), new DERPrintableString(unicodeVersion, true)); } LDSSecurityObject sObject2 = new LDSSecurityObject(digestAlgorithmIdentifier, dataGroupHashesArray, ldsVersionInfo); return new ContentInfo(ICAO_SOD_OID, new DEROctetString(sObject2)); }
From source file:org.signserver.module.mrtdsodsigner.jmrtd.SODFile.java
License:Open Source License
private static SignerInfo createSignerInfo(String digestAlgorithm, String digestEncryptionAlgorithm, ASN1Encodable digestEncryptionAlgorithmParams, byte[] content, byte[] encryptedDigest, X509Certificate docSigningCertificate) throws NoSuchAlgorithmException, CertificateEncodingException { /* Get the issuer name (CN, O, OU, C) from the cert and put it in a SignerIdentifier struct. */ BigInteger serial = ((X509Certificate) docSigningCertificate).getSerialNumber(); IssuerAndSerialNumber iasn = new IssuerAndSerialNumber(JcaX500NameUtil.getIssuer(docSigningCertificate), serial);//from w w w . ja va 2 s . c o m SignerIdentifier sid = new SignerIdentifier(iasn); AlgorithmIdentifier digestAlgorithmObject = new AlgorithmIdentifier(lookupOIDByMnemonic(digestAlgorithm)); final AlgorithmIdentifier digestEncryptionAlgorithmObject; if (digestEncryptionAlgorithmParams == null) { digestEncryptionAlgorithmObject = new AlgorithmIdentifier( lookupOIDByMnemonic(digestEncryptionAlgorithm)); } else { digestEncryptionAlgorithmObject = new AlgorithmIdentifier( lookupOIDByMnemonic(digestEncryptionAlgorithm), digestEncryptionAlgorithmParams); } ASN1Set authenticatedAttributes = createAuthenticatedAttributes(digestAlgorithm, content); // struct containing the hash of content ASN1OctetString encryptedDigestObject = new DEROctetString(encryptedDigest); // this is the signature ASN1Set unAuthenticatedAttributes = null; // should be empty set? return new SignerInfo(sid, digestAlgorithmObject, authenticatedAttributes, digestEncryptionAlgorithmObject, encryptedDigestObject, unAuthenticatedAttributes); }
From source file:org.signserver.module.mrtdsodsigner.jmrtd.SODFile.java
License:Open Source License
private static ASN1Set createAuthenticatedAttributes(String digestAlgorithm, byte[] contentBytes) throws NoSuchAlgorithmException { MessageDigest dig = MessageDigest.getInstance(digestAlgorithm); byte[] digestedContentBytes = dig.digest(contentBytes); ASN1OctetString digestedContent = new DEROctetString(digestedContentBytes); Attribute contentTypeAttribute = new Attribute(RFC_3369_CONTENT_TYPE_OID, createSingletonSet(ICAO_SOD_OID)); Attribute messageDigestAttribute = new Attribute(RFC_3369_MESSAGE_DIGEST_OID, createSingletonSet(digestedContent)); ASN1Encodable[] result = { contentTypeAttribute.toASN1Primitive(), messageDigestAttribute.toASN1Primitive() }; return new DERSet(result); }
From source file:org.signserver.module.tsa.TimeStampSignerUnitTest.java
License:Open Source License
/** * Tests that a request including an extension not listed will cause a * rejection.// www . j av a2 s .c o m * @throws Exception */ @Test public void testNotAcceptedExtensionPrevented() throws Exception { LOG.info("testNotAcceptedExtensionPrevented"); TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator(); timeStampRequestGenerator.addExtension(new ASN1ObjectIdentifier("1.2.7.9"), false, new DEROctetString("Value".getBytes("UTF-8"))); TimeStampRequest timeStampRequest = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); byte[] requestBytes = timeStampRequest.getEncoded(); GenericSignRequest signRequest = new GenericSignRequest(100, requestBytes); final RequestContext requestContext = new RequestContext(); final GenericSignResponse res = (GenericSignResponse) workerSession.process(WORKER2, signRequest, requestContext); final TimeStampResponse timeStampResponse = new TimeStampResponse((byte[]) res.getProcessedData()); timeStampResponse.validate(timeStampRequest); assertEquals("rejection", PKIStatus.REJECTION, timeStampResponse.getStatus()); assertEquals("unacceptedExtension", PKIFailureInfo.unacceptedExtension, timeStampResponse.getFailInfo().intValue()); }
From source file:org.signserver.module.tsa.TimeStampSignerUnitTest.java
License:Open Source License
/** * Tests that a request including an extension listed will accept * the extension./*from w w w . j a v a 2 s . c o m*/ * @throws Exception */ @Test public void testAcceptedExtensions() throws Exception { LOG.info("testAcceptedExtensions"); TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator(); timeStampRequestGenerator.addExtension(new ASN1ObjectIdentifier("1.2.7.2"), false, new DEROctetString("Value".getBytes("UTF-8"))); TimeStampRequest timeStampRequest = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); byte[] requestBytes = timeStampRequest.getEncoded(); GenericSignRequest signRequest = new GenericSignRequest(100, requestBytes); final RequestContext requestContext = new RequestContext(); final GenericSignResponse res = (GenericSignResponse) workerSession.process(WORKER2, signRequest, requestContext); final TimeStampResponse timeStampResponse = new TimeStampResponse((byte[]) res.getProcessedData()); timeStampResponse.validate(timeStampRequest); assertEquals("granted", PKIStatus.GRANTED, timeStampResponse.getStatus()); assertEquals("extensions in token", Arrays.toString(new ASN1ObjectIdentifier[] { new ASN1ObjectIdentifier("1.2.7.2") }), Arrays.toString(timeStampResponse.getTimeStampToken().getTimeStampInfo().toASN1Structure() .getExtensions().getExtensionOIDs())); }
From source file:org.signserver.module.tsa.TimeStampSignerUnitTest.java
License:Open Source License
/** * Tests that a request including an extension listed will accept * the extension also when ACCEPTEDEXTENSIONS contains spaces. * @throws Exception/*from w w w .ja va2s.c o m*/ */ @Test public void testAcceptedExtensionsWithSpaces() throws Exception { LOG.info("testAcceptedExtensionsWithSpaces"); TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator(); timeStampRequestGenerator.addExtension(new ASN1ObjectIdentifier("1.2.7.2"), false, new DEROctetString("Value".getBytes("UTF-8"))); TimeStampRequest timeStampRequest = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); byte[] requestBytes = timeStampRequest.getEncoded(); GenericSignRequest signRequest = new GenericSignRequest(100, requestBytes); final RequestContext requestContext = new RequestContext(); final GenericSignResponse res = (GenericSignResponse) workerSession.process(WORKER4, signRequest, requestContext); final TimeStampResponse timeStampResponse = new TimeStampResponse((byte[]) res.getProcessedData()); timeStampResponse.validate(timeStampRequest); assertEquals("granted", PKIStatus.GRANTED, timeStampResponse.getStatus()); assertEquals("extensions in token", Arrays.toString(new ASN1ObjectIdentifier[] { new ASN1ObjectIdentifier("1.2.7.2") }), Arrays.toString(timeStampResponse.getTimeStampToken().getTimeStampInfo().toASN1Structure() .getExtensions().getExtensionOIDs())); }
From source file:org.signserver.module.tsa.TimeStampSignerUnitTest.java
License:Open Source License
/** * Tests that a request including an extension not listed will cause a * rejection also when the list of extensions is empty. * @throws Exception/*from www . jav a2s .c o m*/ */ @Test public void testEmptyAcceptedExtensionsPreventsExtension() throws Exception { LOG.info("testEmptyAcceptedExtensionsPreventsExtension"); TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator(); timeStampRequestGenerator.addExtension(new ASN1ObjectIdentifier("1.2.7.9"), false, new DEROctetString("Value".getBytes("UTF-8"))); TimeStampRequest timeStampRequest = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); byte[] requestBytes = timeStampRequest.getEncoded(); GenericSignRequest signRequest = new GenericSignRequest(100, requestBytes); final RequestContext requestContext = new RequestContext(); final GenericSignResponse res = (GenericSignResponse) workerSession.process(WORKER3, signRequest, requestContext); final TimeStampResponse timeStampResponse = new TimeStampResponse((byte[]) res.getProcessedData()); timeStampResponse.validate(timeStampRequest); assertEquals("rejection", PKIStatus.REJECTION, timeStampResponse.getStatus()); assertEquals("unacceptedExtension", PKIFailureInfo.unacceptedExtension, timeStampResponse.getFailInfo().intValue()); }
From source file:org.signserver.test.utils.builders.ocsp.OCSPResponseBuilder.java
License:Open Source License
private BasicOCSPResp buildBasicOCSPResp() throws OCSPResponseBuilderException { try {//from www . j a va 2 s .c o m BasicOCSPRespBuilder gen = new BasicOCSPRespBuilder(new RespID(new X500Name(getResponderName()))); if (getNonce() != null) { extensions.add( new OcspExt(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonce))); } Extension[] extArray = new Extension[extensions.size()]; int i = 0; for (OcspExt ext : extensions) { extArray[i++] = new Extension(ext.getOid(), ext.isIsCritical(), ext.getValue()); } if (extArray.length > 0) { gen.setResponseExtensions(new Extensions(extArray)); } for (OcspRespObject r : responses) { gen.addResponse(r.getCertId(), r.getCertStatus(), r.getThisUpdate(), r.getNextUpdate(), r.getExtensions()); } ContentSigner contentSigner = /*new BufferingContentSigner(*/new JcaContentSignerBuilder( getSignatureAlgorithm()).setProvider("BC").build(getIssuerPrivateKey());//, 20480); BasicOCSPResp response = gen.build(contentSigner, getChain(), getProducedAt()); return response; } catch (OCSPException ex) { throw new OCSPResponseBuilderException(ex); } catch (NoSuchAlgorithmException ex) { throw new OCSPResponseBuilderException(ex); } catch (NoSuchProviderException ex) { throw new OCSPResponseBuilderException(ex); } catch (OperatorCreationException ex) { throw new OCSPResponseBuilderException(ex); } }