List of usage examples for org.bouncycastle.asn1 DERTaggedObject DERTaggedObject
public DERTaggedObject(boolean explicit, int tagNo, ASN1Encodable obj)
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
public DERTaggedObject adrbSiCreateDerEncSigned(byte[] origHash, byte[] polHash, byte[] certHash, X509Certificate cert, Date now, int hashId, String sigPolicyUri, String sigPolicyId, boolean signingCertFallback) throws Exception { DERSequence seq00 = siCreateDerEncSeqADRB(origHash, polHash, certHash, cert, now, hashId, sigPolicyUri, sigPolicyId, signingCertFallback); DERTaggedObject derEncStruct = new DERTaggedObject(false, 0, seq00); return derEncStruct; }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
private Attribute createCertRef(byte[] certHash, X509Certificate certContent, boolean signingCertFallback, int hashId) throws Exception { // *** BEGIN *** // 5.2.1.1.3 Certificados Obrigatoriamente Referenciados // O atributo signingCertificate deve conter referncia apenas ao // certificado do signatrio. // 5.2.1.1.4 Certificados Obrigatrios do Caminho de Certificao // Para a verso 1.0: nenhum certificado // Para as verses 1.1, 2.0 e 2.1: o certificado do signatrio. // ESSCertIDv2 ::= SEQUENCE { // hashAlgorithm AlgorithmIdentifier // DEFAULT {algorithm id-sha256}, // certHash Hash, // issuerSerial IssuerSerial OPTIONAL // }//w w w . j av a2 s.c o m // // Hash ::= OCTET STRING // // IssuerSerial ::= SEQUENCE { // issuer GeneralNames, // serialNumber CertificateSerialNumber // } final ASN1EncodableVector issuerSerialaev = new ASN1EncodableVector(); final ASN1EncodableVector issuerCertaev = new ASN1EncodableVector(); DERTaggedObject issuerName = new DERTaggedObject(true, 4, // issuer // GeneralNames, getEncodedIssuer(certContent.getTBSCertificate())); // DERTaggedObject issuerName = new DERTaggedObject(false, 0, // issuer // GeneralNames, // getEncodedIssuer(certContent.getTBSCertificate())); issuerCertaev.add(issuerName); DERSequence issuerCertseq = new DERSequence(issuerCertaev); // IssuerSerial // ::= // SEQUENCE // { issuerSerialaev.add(issuerCertseq); // serialNumber CertificateSerialNumber BigInteger serialNumber = certContent.getSerialNumber(); issuerSerialaev.add(new DERInteger(serialNumber)); DERSequence issuerSerial = new DERSequence(issuerSerialaev); // *** END *** final ASN1EncodableVector essCertIDv2aev = new ASN1EncodableVector(); essCertIDv2aev.add(new DEROctetString(certHash)); // Hash ::= OCTET // STRING essCertIDv2aev.add(issuerSerial); // ESSCertIDv2 ::= SEQUENCE { // hashAlgorithm AlgorithmIdentifier if (!((signingCertFallback && hashId == NDX_SHA1) || (!signingCertFallback && hashId == NDX_SHA256))) { DERObjectIdentifier hashAlgorithm = new DERObjectIdentifier(getHashAlg(hashId)); essCertIDv2aev.add(hashAlgorithm); } // Nota 4: Para o atributo ESSCertIDv2, utilizada nas verses 2.1 das // polticas de assinatura // baseadas em CAdES, as aplicaes NO DEVEM codificar o campo // hashAlgorithm caso // utilize o mesmo algoritmo definido como valor default (SHA-256), // conforme ISO 8825-1. DERSequence essCertIDv2seq = new DERSequence(essCertIDv2aev); // ************************************************************************ // final ASN1EncodableVector aevSeq3 = new ASN1EncodableVector(); aevSeq3.add(essCertIDv2seq); DERSequence seq3 = new DERSequence(aevSeq3); final ASN1EncodableVector aevSeq2 = new ASN1EncodableVector(); aevSeq2.add(seq3); DERSequence seq2 = new DERSequence(aevSeq2); final ASN1EncodableVector aevSet = new ASN1EncodableVector(); aevSet.add(seq2); ASN1Set mainSet = new DERSet(aevSet); Attribute seq1 = new Attribute( new ASN1ObjectIdentifier(signingCertFallback ? ID_SIGNING_CERT : ID_SIGNING_CERT2), mainSet); return seq1; }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
private void buildCerts(ASN1EncodableVector body, List<X509Certificate> chain) throws IOException, CertificateEncodingException { // -------- Certificados ASN1EncodableVector certVector = new ASN1EncodableVector(); for (X509Certificate next : chain) { ASN1InputStream tempstream = new ASN1InputStream(new ByteArrayInputStream(next.getEncoded())); certVector.add(tempstream.readObject()); // 5 CERT (SEQ) }/*ww w . j a va 2s . c om*/ final DERSet dercertificates = new DERSet(certVector); // 4 SET body.add(new DERTaggedObject(false, 0, dercertificates)); // 3 CS }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
private void buildCerts(ASN1EncodableVector body, X509Certificate certContent) throws IOException, CertificateEncodingException { // -------- Certificados ASN1EncodableVector certVector = new ASN1EncodableVector(); ASN1InputStream tempstream = new ASN1InputStream(new ByteArrayInputStream(certContent.getEncoded())); certVector.add(tempstream.readObject()); // 5 CERT (SEQ) final DERSet dercertificates = new DERSet(certVector); // 4 SET body.add(new DERTaggedObject(false, 0, dercertificates)); // 3 CS }
From source file:ca.trustpoint.m2m.AuthorityKeyIdentifier.java
License:Apache License
/** * Returns the DER encoding of this instance. * * @return The DER encoding of this instance. * @throws IOException if this instance cannot be encoded. *//*from ww w . ja v a 2 s .c o m*/ public byte[] getEncoded() throws IOException { if (!isValid()) { throw new IOException("AuthKeyId is not valid."); } ASN1EncodableVector values = new ASN1EncodableVector(); if (keyIdentifier != null) { DEROctetString idOctets = new DEROctetString(keyIdentifier); values.add(new DERTaggedObject(false, INDEX_KEY_IDENTIFIER, idOctets)); } if (certificateIssuer != null) { ASN1TaggedObject encodedIssuer = DERTaggedObject.getInstance(certificateIssuer.getEncoded()); values.add(new DERTaggedObject(true, INDEX_AUTH_CERT_ISSUER, encodedIssuer)); } if (certificateSerialNumber != null) { DEROctetString serialOctets = new DEROctetString(certificateSerialNumber.toByteArray()); values.add(new DERTaggedObject(false, INDEX_AUTH_CERT_SERIAL_NUM, serialOctets)); } return (new DERSequence(values).getEncoded()); }
From source file:ca.trustpoint.m2m.EntityNameAttribute.java
License:Apache License
/** * Returns the DER encoding of this instance. * * @return The DER encoding of this instance. * @throws IOException if this instance cannot be encoded. *///from w ww . j ava2s. c om public byte[] getEncoded() throws IOException { if (!isValid()) { throw new IOException("Attribute is not valid."); } ASN1Encodable encodedValue; switch (id) { case Country: case DistinguishedNameQualifier: case SerialNumber: encodedValue = new DERPrintableString(value); break; case Organization: case OrganizationalUnit: case StateOrProvince: case Locality: case CommonName: encodedValue = new DERUTF8String(value); break; case DomainComponent: encodedValue = new DERIA5String(value); break; case RegisteredId: encodedValue = new ASN1ObjectIdentifier(value); break; case OctetsName: encodedValue = new DEROctetString(Hex.decode(value)); break; default: throw new IOException("Unknown attribute type ID."); } return new DERTaggedObject(false, id.getIndexId(), encodedValue).getEncoded(); }
From source file:ca.trustpoint.m2m.GeneralName.java
License:Apache License
/** * Returns the DER encoding of this instance. * * @return The DER encoding of this instance. * @throws IOException if this instance cannot be encoded. *//* w ww.j a v a 2 s . c o m*/ public byte[] getEncoded() throws IOException { if (!isValid()) { throw new IOException("name id and/or value is invalid."); } ASN1Encodable encodable; switch (id) { case Rfc822Name: case DnsName: case Uri: encodable = new DERIA5String(value); break; case DirectoryName: encodable = DERSequence.getInstance(entity.getEncoded()); break; case IpAddress: encodable = new DEROctetString(InetAddress.getByName(value).getAddress()); break; case RegisteredId: encodable = new ASN1ObjectIdentifier(value); break; default: throw new IOException("invalid name id."); } return new DERTaggedObject(false, id.getIndexId(), encodable).getEncoded(); }
From source file:ca.trustpoint.m2m.M2mCertificate.java
License:Apache License
/** * Returns the DER encoded to be signed certificate data. This is what would be sent to a CA for * signing, or the data that will be verified with the signature. * * @return The DER encoded to be signed certificate data. * @throws IOException if the encoding fails. *//*from www .j a v a 2s. c om*/ public byte[] getTBSCertificate() throws IOException { if (!isTbsCertificateValid()) { throw new IOException("One or more TBS certificate fields are invalid."); } ASN1EncodableVector elements = new ASN1EncodableVector(); /* * Since the default is v1 (0), we do not need to explicitly add this to the ASN.1 output. * * elements.add( new DERTaggedObject( false, TbsCertificateFields.VERSION.getTagNumber(), new * ASN1Integer(VERSION))); */ elements.add(new DERTaggedObject(false, TbsCertificateFields.SERIAL_NUMBER.getTagNumber(), new DEROctetString(serialNumber))); if (caKeyDefinition != null) { if (caKeyDefinition.getAlgorithm() != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.CA_ALGORITHM.getTagNumber(), ASN1Primitive.fromByteArray(caKeyDefinition.getEncodedAlgorithm()))); } if (caKeyDefinition.getParameters() != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.CA_ALGORITHM_PARAMETERS.getTagNumber(), ASN1Primitive.fromByteArray(caKeyDefinition.getEncodedParameters()))); } } if (issuer != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.ISSUER.getTagNumber(), DERSequence.getInstance(issuer.getEncoded()))); } if (validFrom != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.VALID_FROM.getTagNumber(), // We record seconds, not milliseconds, hence the / 1000 new DEROctetString(BigInteger.valueOf(validFrom.getTime() / 1000).toByteArray()))); } if (validDuration != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.VALID_DURATION.getTagNumber(), new DEROctetString(BigInteger.valueOf(validDuration.intValue()).toByteArray()))); } elements.add(new DERTaggedObject(false, TbsCertificateFields.SUBJECT.getTagNumber(), DERSequence.getInstance(subject.getEncoded()))); if (publicKeyDefinition != null) { if (publicKeyDefinition.getAlgorithm() != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.PUBLIC_KEY_ALGORITHM.getTagNumber(), ASN1Primitive.fromByteArray(publicKeyDefinition.getEncodedAlgorithm()))); } if (publicKeyDefinition.getParameters() != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.PUBLIC_KEY_ALGORITHM_PARAMETERS.getTagNumber(), ASN1Primitive.fromByteArray(publicKeyDefinition.getEncodedParameters()))); } } if (publicKey != null) { byte[] publicKeyBytes = KeyConversionUtils.convertEcPublicKeyToRawBytes(publicKey, isPublicKeyCompressed); elements.add(new DERTaggedObject(false, TbsCertificateFields.PUBLIC_KEY.getTagNumber(), new DEROctetString(publicKeyBytes))); } if (authorityKeyIdentifier != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.AUTHORITY_KEY_ID.getTagNumber(), ASN1Primitive.fromByteArray(authorityKeyIdentifier.getEncoded()))); } if (subjectKeyIdentifier != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.SUBJECT_KEY_ID.getTagNumber(), new DEROctetString(subjectKeyIdentifier))); } if (keyUsage != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.KEY_USAGE.getTagNumber(), ASN1Primitive.fromByteArray(keyUsage.getEncoded()))); } if (basicConstraints != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.BASIC_CONSTRAINTS.getTagNumber(), new ASN1Integer(basicConstraints.intValue()))); } if (certificatePolicy != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.CERTIFICATE_POLICY.getTagNumber(), new ASN1ObjectIdentifier(certificatePolicy))); } if (subjectAlternativeName != null) { elements.add(new DERTaggedObject(true, TbsCertificateFields.SUBJECT_ALTERNATE_NAME.getTagNumber(), DERTaggedObject.getInstance(subjectAlternativeName.getEncoded()))); } if (issuerAlternativeName != null) { elements.add(new DERTaggedObject(true, TbsCertificateFields.ISSUER_ALTERNATE_NAME.getTagNumber(), DERTaggedObject.getInstance(issuerAlternativeName.getEncoded()))); } if (extendedKeyUsage != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.EXTENDED_KEY_USAGE.getTagNumber(), new ASN1ObjectIdentifier(extendedKeyUsage))); } if (authenticationInfoAccessOcsp != null) { elements.add( new DERTaggedObject(false, TbsCertificateFields.AUTHENTICATION_INFO_ACCESS_OCSP.getTagNumber(), new DERIA5String(authenticationInfoAccessOcsp.toString()))); } if (crlDistributionPointUri != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.CRL_DISTRIBUTION_POINT_URI.getTagNumber(), new DERIA5String(crlDistributionPointUri.toString()))); } if (!extensions.isEmpty()) { ASN1EncodableVector toBeEncodedExtensions = new ASN1EncodableVector(); for (Extension extension : extensions) { toBeEncodedExtensions.add(new DERSequence(extension.getEncoded())); } elements.add(new DERTaggedObject(false, TbsCertificateFields.EXTENSIONS.getTagNumber(), new DERSequence(toBeEncodedExtensions))); } return ((new DERSequence(elements)).getEncoded()); }
From source file:ca.trustpoint.m2m.M2mCertificate.java
License:Apache License
@Override public byte[] getEncoded() throws CertificateEncodingException { ASN1EncodableVector elements = new ASN1EncodableVector(); if (!isTbsCertificateValid()) { throw new CertificateEncodingException("TBS certificate is invalid."); } else if ((caCalcValue == null) || (caCalcValue.length == 0)) { throw new CertificateEncodingException("Signature or reconstruction value must be present."); }/* ww w. j a va 2 s.com*/ try { elements.add(new DERTaggedObject(false, CertificateFields.TBS_CERTIFICATE.getTagNumber(), DERSequence.fromByteArray(getTBSCertificate()))); } catch (IOException ex) { throw new CertificateEncodingException("Could not encode TBS certificate fields.", ex); } elements.add(new DERTaggedObject(false, CertificateFields.CA_CALC_VALUE.getTagNumber(), new DEROctetString(caCalcValue))); DERApplicationSpecific certificate = null; try { certificate = new DERApplicationSpecific(false, APPLICATION_TAG_NUMBER, new DERSequence(elements)); } catch (IOException ex) { throw new CertificateEncodingException("Could not construct ASN.1 certificate.", ex); } byte[] encodedBytes = null; try { encodedBytes = certificate.getEncoded(); } catch (IOException ex) { throw new CertificateEncodingException("Could not encode certificate.", ex); } return encodedBytes; }
From source file:ca.trustpoint.m2m.M2mCertificateFactoryTest.java
License:Apache License
@BeforeClass public static void initializeTests() throws Exception { // Construct certificate data // A full certificate M2mCertificate cert = new M2mCertificate(); // serialNumber byte[] serialNumber = Hex.decode("F964EF36"); cert.setSerialNumber(serialNumber);/* w w w .j av a2 s . co m*/ // cAAlgorithm, CAAlgParams KeyAlgorithmDefinition caKeyDefinition = new KeyAlgorithmDefinition(); caKeyDefinition.setAlgorithm(M2mSignatureAlgorithmOids.ECDSA_SHA512_SECP521R1); caKeyDefinition.setParameters(Hex.decode("102030405060708090A0B0C0E0F0")); cert.setCaKeyDefinition(caKeyDefinition); // issuer EntityName issuer = new EntityName(); issuer.addAttribute(new EntityNameAttribute(EntityNameAttributeId.Country, "CA")); issuer.addAttribute(new EntityNameAttribute(EntityNameAttributeId.CommonName, "MyRoot")); issuer.addAttribute(new EntityNameAttribute(EntityNameAttributeId.DomainComponent, "DomC")); issuer.addAttribute(new EntityNameAttribute(EntityNameAttributeId.OctetsName, "ca2f00")); cert.setIssuer(issuer); // validFrom Calendar calendar = new GregorianCalendar(2016, 7, 1); Date validFrom = calendar.getTime(); cert.setValidFrom(validFrom); // validDuration cert.setValidDuration(60 * 60 * 24 * 365); // subject EntityName subject = new EntityName(); subject.addAttribute(new EntityNameAttribute(EntityNameAttributeId.Country, "CA")); subject.addAttribute(new EntityNameAttribute(EntityNameAttributeId.CommonName, "MyTest")); subject.addAttribute(new EntityNameAttribute(EntityNameAttributeId.DomainComponent, "DomC")); subject.addAttribute(new EntityNameAttribute(EntityNameAttributeId.OctetsName, "ca2f01")); cert.setSubject(subject); // pKAlgorithm, pKAlgParams KeyAlgorithmDefinition publicKeyDefinition = new KeyAlgorithmDefinition(); publicKeyDefinition.setAlgorithm(M2mSignatureAlgorithmOids.ECDSA_SHA256_SECP256R1); publicKeyDefinition.setParameters(Hex.decode("0102030405060708090A0B0C0E0F")); cert.setPublicKeyDefinition(publicKeyDefinition); // pubKey byte[] rawPublicKey = Hex.decode("040078EF059D605AB85B6A25A6EF31A1A73A632D3CB04DC606A8CA0B58239661" + "68CFAF6131D8D9B53F6BDF6B62946EC4B41D618FA3FF7F8BBFACBFD4F64FE3C3" + "3DA9D200A47AE528DC50B6F3876D7F5BA3C082D9927751E1A8C4F934D90942B3" + "5C57DFE311B2663E8D0187AD4EDE31BF9CD2AD8317107360522FDB6975AB2CD6" + "6DC029981F"); boolean isCompressed = KeyConversionUtils.isCompressedEcPoint(rawPublicKey); cert.setIsPublicKeyCompressed(isCompressed); PublicKey publicKey = KeyConversionUtils.convertRawBytestoEcPublicKey(rawPublicKey); cert.setPublicKey(publicKey); // authKeyId AuthorityKeyIdentifier authKeyId = new AuthorityKeyIdentifier(); authKeyId.setKeyIdentifier(Hex.decode("793F0C56")); GeneralName authKeyIdIssuer = new GeneralName(GeneralNameAttributeId.DnsName, "authKeyIdIssuer"); authKeyId.setCertificateIssuer(authKeyIdIssuer); authKeyId.setCertificateSerialNumber(new BigInteger(Hex.decode("729CB27DAE30"))); cert.setAuthorityKeyIdentifier(authKeyId); // subjKeyId cert.setSubjectKeyIdentifier(Hex.decode("729CB27DAE31")); // keyUsage KeyUsage keyUsage = new KeyUsage(); keyUsage.setDigitalSignature(true); cert.setKeyUsage(keyUsage); // basicConstraints cert.setBasicConstraints(5); // certificatePolicy cert.setCertificatePolicy("1.2.66.148.0.12"); // subjectAltName GeneralName subjectAltName = new GeneralName(GeneralNameAttributeId.DnsName, "subjectAltName"); cert.setSubjectAlternativeName(subjectAltName); // issuerAltName GeneralName issuerAltName = new GeneralName(GeneralNameAttributeId.DnsName, "issuerAltName"); cert.setIssuerAlternativeName(issuerAltName); // extendedKeyUsage cert.setExtendedKeyUsage("1.3.22.174.22"); // authInfoAccessOCSP URI authInfoAccessOCSP = new URI("https://ocsptest.trustpointinnovation.com"); cert.setAuthenticationInfoAccessOcsp(authInfoAccessOCSP); // cRLDistribPointURI URI cRLDistribPointURI = new URI("https://ocsptest.trustpointinnovation.com"); cert.setCrlDistributionPointUri(cRLDistribPointURI); // x509extensions String oid1 = "1.5.24.632.0"; String oid2 = "1.5.24.632.1"; byte[] value1 = Hex.decode("003a772fb1"); byte[] value2 = Hex.decode("98f2b10e27"); cert.addExtension(oid1, true, value1); cert.addExtension(oid2, false, value2); // cACalcValue byte[] caCalcValue = Hex.decode("3081880242014F15CAF8EF38626B2C7CFA85B9544E028668290CADB45F62E215" + "3EAAF5A9D51AF5BF0D02F2C057D3856B5CBFB3529C25B8481405924039FA612D" + "422AE9A1A85591024201868D3DFE5FC2BEDD2F7468B0B17ED2708E76CD0D37C4" + "4F4D0BB88693752046FCFC56D9818B32533B8992923C2C81499400AC44FBBECD" + "6324D8AE1DD41EC73A0B2A"); cert.setCaCalcValue(caCalcValue); // get encoded data fullCertData = cert.getEncoded(); int mySignerIndex = 0; int myIssuerIndex = 1; int bluelineIndex = 2; int certsTotal = 3; // construct certificate array ASN1Encodable[] certArray = new ASN1Encodable[certsTotal]; certArray[mySignerIndex] = ASN1Primitive.fromByteArray(signerData); certArray[myIssuerIndex] = ASN1Primitive.fromByteArray(issuerData); certArray[bluelineIndex] = ASN1Primitive.fromByteArray(rootcaData); ASN1EncodableVector vCerts; // Construct PKI Path encoding input data vCerts = new ASN1EncodableVector(); vCerts.add(certArray[bluelineIndex]); vCerts.add(certArray[myIssuerIndex]); vCerts.add(certArray[mySignerIndex]); pkiPathInputData = new DERSequence(vCerts).getEncoded(); // Construct PKCS7 encoding input data ASN1EncodableVector vContentInfo = new ASN1EncodableVector(); // contentType ASN1ObjectIdentifier contentType = PKCSObjectIdentifiers.data; vContentInfo.add(contentType); // content: signedData ASN1EncodableVector vSignedData = new ASN1EncodableVector(); // version ASN1Integer sdVersion = new ASN1Integer(BigInteger.ONE); vSignedData.add(sdVersion); // digestAlgorithmIds DERSet sdDigestAlgorithmIds = new DERSet(); vSignedData.add(sdDigestAlgorithmIds); // contentInfo without content BERSequence sdContentInfo = new BERSequence(PKCSObjectIdentifiers.data); vSignedData.add(sdContentInfo); // certificates [0] IMPLICIT SET OF certificate vCerts = new ASN1EncodableVector(); vCerts.add(certArray[mySignerIndex]); vCerts.add(certArray[myIssuerIndex]); vCerts.add(certArray[bluelineIndex]); DERTaggedObject sdCertificates = new DERTaggedObject(false, 0, new DERSet(vCerts)); vSignedData.add(sdCertificates); // signerInfos DERSet sdSignerInfos = new DERSet(); vSignedData.add(sdSignerInfos); // content [0] EXPLICIT SEQUENCE signedData BERSequence signedData = new BERSequence(vSignedData); BERTaggedObject content = new BERTaggedObject(true, 0, signedData); vContentInfo.add(content); BERSequence contentInfo = new BERSequence(vContentInfo); pkcs7InputData = contentInfo.getEncoded(); // Contruct cert path data list // Certificates are store in M2MCertPath from target to trust anchor. expectedCertPathData = new byte[][] { signerData, issuerData, rootcaData }; }