List of usage examples for org.bouncycastle.asn1 DEROctetString DEROctetString
public DEROctetString(ASN1Encodable obj) throws IOException
From source file:com.vmware.admiral.common.util.CertificateUtil.java
License:Open Source License
private static List<ExtensionHolder> getServerExtensions(X509Certificate issuerCertificate) throws CertificateEncodingException, NoSuchAlgorithmException, IOException { List<ExtensionHolder> extensions = new ArrayList<>(); // SSO forces us to allow data encipherment extensions.add(new ExtensionHolder(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment))); extensions.add(new ExtensionHolder(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth))); Extension authorityKeyExtension = new Extension(Extension.authorityKeyIdentifier, false, new DEROctetString(new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(issuerCertificate))); extensions.add(new ExtensionHolder(authorityKeyExtension.getExtnId(), authorityKeyExtension.isCritical(), authorityKeyExtension.getParsedValue())); return extensions; }
From source file:com.vvote.thirdparty.ximix.util.SubjectPublicKeyInfoFactory.java
License:Apache License
/** * Return a SubjectPublicKeyInfo object containing an encoding of BLS public key. * * @param keyParameters the public key to be encoded. * @return a SubjectPublicKeyInfo object containing the public key. * @throws java.io.IOException if the public key cannot be encoded. *///from w w w .ja v a 2s. c o m public static SubjectPublicKeyInfo createSubjectPublicKeyInfo(BLS01PublicKeyParameters keyParameters) throws IOException { return new SubjectPublicKeyInfo( new AlgorithmIdentifier(XimixObjectIdentifiers.ximixAlgorithmsExperimental, new DERSequence(new ASN1Encodable[] { new DERUTF8String(keyParameters.getParameters().getCurveParameters().toString()), new DEROctetString(keyParameters.getParameters().getG().toBytes()) })), keyParameters.getPk().toBytes()); }
From source file:common.crypto.bouncycastle.CDEROctetStringBC.java
License:Open Source License
public CDEROctetStringBC(byte[] byaData) { m_adaptedObject = new DEROctetString(byaData); }
From source file:controller.CCInstance.java
License:Open Source License
private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException, OperatorException, CertificateEncodingException { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); CertificateID id = new CertificateID( new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(issuerCert), serialNumber); OCSPReqBuilder gen = new OCSPReqBuilder(); gen.addRequest(id);//from w ww.j a v a 2 s . c om Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded())); gen.setRequestExtensions(new Extensions(new Extension[] { ext })); return gen.build(); }
From source file:de.fraunhofer.fokus.openeid.pace.auth.AuthenticationToken.java
License:Open Source License
public static byte[] computeMAC(MAC macAlgorithm, Key K_mac, PACEInfoProtocol oid, ECPoint publicKey) { //0x86 0x04 ... DERTaggedObject pcdPoint = new DERTaggedObject(false, 0x06, new DEROctetString(publicKey.getEncoded())); //0x06/*from w w w .j a va 2 s . c om*/ DERObjectIdentifier derOid = new DERObjectIdentifier(oid.getOid()); ASN1EncodableVector outerValue = new ASN1EncodableVector(); outerValue.add(derOid); outerValue.add(pcdPoint); //see X.690-0207 section 8.1.2.4.3 DERApplicationSpecific outer = new DERApplicationSpecific(0x49, outerValue); logger.debug("mac input: " + Utils.byteArrayToHexString(outer.getDEREncoded())); byte[] keyMacBytes = K_mac.getKey(); byte[] mac = macAlgorithm.compute(outer.getDEREncoded(), keyMacBytes); //IMPORTANT only the first 8 bytes are necessary, all following bytes are 0 anyways byte[] rangedMac = Arrays.copyOfRange(mac, 0, 8); logger.debug("mac : " + Utils.byteArrayToHexString(mac)); return rangedMac; }
From source file:de.fraunhofer.fokus.openeid.pace.PaceECDH.java
License:Open Source License
@Override public void performKeyAgreement(byte[] password) throws CryptoException, InvalidAuthenticationException, IOException, PaceProtocolException, NotTrustedResponseAPDU, InvalidDataObjectException { try {// w w w .j a v a 2 s. c o m //see BSI TR-03110 4.2.1 //derive initial key K_pi Key Kpi = KeyDerivation.deriveKey(password, 3, protocolParameters.getKeyType()); //1. Get nonce byte[] z = requestNonce(); byte[] s = Kpi.decrypt(z); logger.info("Nonce decrypted: " + new BigInteger(1, s)); //static domain parameters X9ECParameters curveParams = domainParameters.getDomainParameter().getCurveParams(); EllipticCurve curve = new EllipticCurve(curveParams); //compute ephemeral domain parameters //which is actually the mapped generator for the specified curve ECKeyPair mappingKeys; ECPoint mappingPICC; logger.info("Mapping nonce.."); int i = 0; do { logger.info(" Trying No. {}", ++i); //choose random ephemeral key pair mappingKeys = curve.generateRandomKeyPair(); mappingPICC = mapNonce(mappingKeys.getPublicKey()); } while (mappingKeys.isEqualPublicKey(mappingPICC)); ECPoint ephemerealSecret = calculateSharedSecret(mappingKeys, mappingPICC); ECPoint mappedGenerator = ((ECDHMapping) protocolParameters.getMapping()).map(s, ephemerealSecret); logger.info("..done"); //perform Diffie-Hellman key agreement using ephemeral domain parameters (mappedGenerator) logger.info("Performing key agreement.."); i = 0; do { logger.info(" Trying No. {}", ++i); //choose random ephemeral key pair ephemeralKeyPair = curve.generateRandomKeyPair(mappedGenerator); ephemeralKeyPICC = exchangeEphemeralKeys(ephemeralKeyPair.getPublicKey()); } while (ephemeralKeyPair.isEqualPublicKey(ephemeralKeyPICC)); ID_PICC = Utils.trimLeadingZeros(ephemeralKeyPICC.getX().toBigInteger().toByteArray()); //calculate shared secret ECPoint secretPoint = calculateSharedSecret(ephemeralKeyPair, ephemeralKeyPICC); byte[] secret = calculateEffectiveSharedSecret(secretPoint); logger.info("..done"); //derive session keys keyENC = KeyDerivation.deriveKeyENC(secret, protocolParameters.getKeyType()); keyMAC = KeyDerivation.deriveKeyMAC(secret, protocolParameters.getKeyType()); //generate authentication token logger.info("Creating auth token.."); MAC mac = protocolParameters.getMACAlgorithm(); byte[] computedMac = AuthenticationToken.computeMAC(mac, keyMAC, protocolParameters, ephemeralKeyPICC); DERTaggedObject macObj = new DERTaggedObject(false, 5, new DEROctetString(computedMac)); GeneralAuthenticate authCommand = new GeneralAuthenticateShortApdu(manager, Utils.convert(macObj.getDEREncoded()), 0x0); executeCommand(authCommand); ResponseAPDU authPICCresponse = authCommand.getResponse(); logger.info(Utils.toString(Utils.convert(authPICCresponse.getBytes()))); //verify authentication tokens if (!authPICCresponse.normalProcessing()) { logger.warn("PACE (sent) authentication token issues.\nResponse was " + Utils.byteArrayToHexString(authPICCresponse.getBytes())); throw new InvalidAuthenticationException(); } if (authPICCresponse.getSW1() == 0x63) { byte[] macBytes = AuthenticationToken.computeMAC(mac, keyMAC, protocolParameters, ephemeralKeyPICC); logger.warn("WARNING: Remaining password tries: " + Utils.signedByteToUnsigned((byte) (authPICCresponse.getSW2() - 0xC0))); logger.info("\nkeyMac: " + Utils.byteArrayToHexString(keyMAC.getKey()) + "\nkeyEnc: " + Utils.byteArrayToHexString(keyENC.getKey()) + "\nMAC: " + Utils.byteArrayToHexString(macBytes) + "\nauthCommmand: " + authCommand.toString()); throw new InvalidAuthenticationException(); } logger.info("PACE (sent) authentication token ok"); CAR = new DynamicAuthenticationData(authPICCresponse).getCertificationAuthorityReference(); if (verifyAuthToken(mac, authPICCresponse)) { logger.info("PACE (received) authentication token ok"); logger.info("..done. PACE successful!"); isSecureMessagingEnabled = true; } else { logger.warn("PACE (received) authentication token issues"); isSecureMessagingEnabled = false; throw new InvalidAuthenticationException(); } } catch (ResponseStatusException e) { logger.error(e.toString()); throw new PaceProtocolException(e); } catch (InvalidInterindustryClassException e) { logger.error("invalid industry class (in apdu command)"); throw new PaceProtocolException(); } }
From source file:de.fraunhofer.fokus.openeid.pace.PaceECDH.java
License:Open Source License
public Byte[] createSendPointDataObject(ECPoint pcdPublic, int tagNo) { DERTaggedObject pcdPoint = new DERTaggedObject(false, tagNo, new DEROctetString(pcdPublic.getEncoded())); return Utils.convert(pcdPoint.getDEREncoded()); }
From source file:de.tsenger.animamea.asn1.AmECPublicKey.java
License:Open Source License
public AmECPublicKey(String oidString, BigInteger p, BigInteger a, BigInteger b, ECPoint G, BigInteger r, ECPoint Y, BigInteger f) { super(oidString); this.p = new DERTaggedObject(false, 1, new ASN1Integer(p)); this.a = new DERTaggedObject(false, 2, new ASN1Integer(a)); this.b = new DERTaggedObject(false, 3, new ASN1Integer(b)); this.G = new DERTaggedObject(false, 4, new DEROctetString(G.getEncoded())); this.r = new DERTaggedObject(false, 5, new ASN1Integer(r)); this.Y = new DERTaggedObject(false, 6, new DEROctetString(Y.getEncoded())); this.f = new DERTaggedObject(false, 7, new ASN1Integer(f)); vec.add(this.p); vec.add(this.a); vec.add(this.b); vec.add(this.G); vec.add(this.r); vec.add(this.Y); vec.add(this.f); }
From source file:de.tsenger.animamea.asn1.AmECPublicKey.java
License:Open Source License
/** * Konstruktor fr Ephemeral Public Keys (TR-03110 V2.05 D.3.4) * @param oidString OID String//from www.j a v a 2s . c om * @param Y public point */ public AmECPublicKey(String oidString, ECPoint Y) { super(oidString); this.Y = new DERTaggedObject(false, 6, new DEROctetString(Y.getEncoded())); vec.add(this.Y); }
From source file:de.tsenger.animamea.asn1.DiscretionaryData.java
License:Open Source License
/** Constructor for Encoding * @param data */ public DiscretionaryData(byte[] data) { this.data = new DEROctetString(data); }