org.bouncycastle.asn1.ASN1Object Java Examples
The following examples show how to use
org.bouncycastle.asn1.ASN1Object.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ProxyP11Slot.java From xipki with Apache License 2.0 | 6 votes |
private PublicKey getPublicKey(P11ObjectIdentifier objectId) throws P11UnknownEntityException, P11TokenException { ASN1Object req = new ProxyMessage.SlotIdAndObjectId(asn1SlotId, new ProxyMessage.ObjectIdentifier(objectId)); byte[] resp = module.send(P11ProxyConstants.ACTION_GET_PUBLICKEY, req); if (resp == null) { return null; } SubjectPublicKeyInfo pkInfo = SubjectPublicKeyInfo.getInstance(resp); try { return KeyUtil.generatePublicKey(pkInfo); } catch (InvalidKeySpecException ex) { throw new P11TokenException("could not generate Public Key from SubjectPublicKeyInfo:" + ex.getMessage(), ex); } }
Example #2
Source File: CertificateSignRequest.java From hadoop-ozone with Apache License 2.0 | 5 votes |
private CertificateSignRequest.Builder addAltName(int tag, String name) { if (altNames == null) { altNames = new ArrayList<>(); } if (tag == GeneralName.otherName) { ASN1Object ono = addOtherNameAsn1Object(name); altNames.add(new GeneralName(tag, ono)); } else { altNames.add(new GeneralName(tag, name)); } return this; }
Example #3
Source File: CertificateSignRequest.java From hadoop-ozone with Apache License 2.0 | 5 votes |
/** * addOtherNameAsn1Object requires special handling since * Bouncy Castle does not support othername as string. * @param name * @return */ private ASN1Object addOtherNameAsn1Object(String name) { // Below oid is copied from this URL: // https://docs.microsoft.com/en-us/windows/win32/adschema/a-middlename final String otherNameOID = "2.16.840.1.113730.3.1.34"; ASN1EncodableVector otherName = new ASN1EncodableVector(); otherName.add(new ASN1ObjectIdentifier(otherNameOID)); otherName.add(new DERTaggedObject( true, GeneralName.otherName, new DERUTF8String(name))); return new DERTaggedObject( false, 0, new DERSequence(otherName)); }
Example #4
Source File: PolicyMapping.java From keystore-explorer with GNU General Public License v3.0 | 5 votes |
@Override public boolean equals(Object paramObject) { if (paramObject == null) { return false; } try { return Arrays.equals(((ASN1Object) paramObject).getEncoded(), getEncoded()); } catch (Exception e) { // ignore } return false; }
Example #5
Source File: CrlExtensionsUtils.java From xades4j with GNU Lesser General Public License v3.0 | 5 votes |
public static BigInteger getCrlNumber(X509CRL crl) throws IOException { byte[] crlNumEnc = crl.getExtensionValue(X509Extension.cRLNumber.getId()); BigInteger crlNum = null; // XAdES 7.4.2: "The 'number' element is an optional hint ..." if (crlNumEnc != null) { ASN1Object derCrlNum = X509ExtensionUtil.fromExtensionValue(crlNumEnc); crlNum = CRLNumber.getInstance(derCrlNum).getCRLNumber(); } return crlNum; }
Example #6
Source File: ProxyP11Slot.java From xipki with Apache License 2.0 | 5 votes |
private X509Cert getCertificate(P11ObjectIdentifier objectId) throws P11TokenException { ASN1Object req = new ProxyMessage.SlotIdAndObjectId(asn1SlotId, new ProxyMessage.ObjectIdentifier(objectId)); byte[] resp = module.send(P11ProxyConstants.ACTION_GET_CERT, req); if (resp == null) { return null; } try { return X509Util.parseCert(resp); } catch (CertificateException ex) { throw new P11TokenException("could not parse certificate:" + ex.getMessage(), ex); } }
Example #7
Source File: P11ProxyResponder.java From xipki with Apache License 2.0 | 5 votes |
private static byte[] getSuccessResp(short version, byte[] transactionId, short action, ASN1Object respContent) { byte[] encoded; try { encoded = respContent.getEncoded(); } catch (IOException ex) { LogUtil.error(LOG, ex, "could not encode response ASN1Object"); return getResp(version, transactionId, P11ProxyConstants.RC_INTERNAL_ERROR, action); } return getSuccessResp(version, transactionId, action, encoded); }
Example #8
Source File: CAdESSignatureExtension.java From dss with GNU Lesser General Public License v2.1 | 4 votes |
protected ASN1Object getTimeStampAttributeValue(byte[] message, CAdESSignatureParameters parameters) { final DigestAlgorithm timestampDigestAlgorithm = parameters.getSignatureTimestampParameters().getDigestAlgorithm(); return getTimeStampAttributeValue(message, timestampDigestAlgorithm); }
Example #9
Source File: CAdESSignatureExtension.java From dss with GNU Lesser General Public License v2.1 | 4 votes |
public ASN1Object getTimeStampAttributeValue(final byte[] messageToTimestamp, final DigestAlgorithm timestampDigestAlgorithm, final Attribute... attributesForTimestampToken) { try { if (LOG.isDebugEnabled()) { LOG.debug("Message to timestamp is: {}", Utils.toHex(messageToTimestamp)); } byte[] timestampDigest = DSSUtils.digest(timestampDigestAlgorithm, messageToTimestamp); if (LOG.isDebugEnabled()) { LOG.debug("Digested ({}) message to timestamp is {}", timestampDigestAlgorithm, Utils.toHex(timestampDigest)); } final TimestampBinary timeStampToken = tspSource.getTimeStampResponse(timestampDigestAlgorithm, timestampDigest); CMSSignedData cmsSignedDataTimeStampToken = new CMSSignedData(timeStampToken.getBytes()); // TODO (27/08/2014): attributesForTimestampToken cannot be null: to be modified if (attributesForTimestampToken != null) { // timeStampToken contains one and only one signer final SignerInformation signerInformation = cmsSignedDataTimeStampToken.getSignerInfos().getSigners().iterator().next(); AttributeTable unsignedAttributes = CMSUtils.getUnsignedAttributes(signerInformation); for (final Attribute attributeToAdd : attributesForTimestampToken) { final ASN1ObjectIdentifier attrType = attributeToAdd.getAttrType(); final ASN1Encodable objectAt = attributeToAdd.getAttrValues().getObjectAt(0); unsignedAttributes = unsignedAttributes.add(attrType, objectAt); } // Unsigned attributes cannot be empty (RFC 5652 5.3) if (unsignedAttributes.size() == 0) { unsignedAttributes = null; } final SignerInformation newSignerInformation = SignerInformation.replaceUnsignedAttributes(signerInformation, unsignedAttributes); final List<SignerInformation> signerInformationList = new ArrayList<>(); signerInformationList.add(newSignerInformation); final SignerInformationStore newSignerStore = new SignerInformationStore(signerInformationList); cmsSignedDataTimeStampToken = CMSSignedData.replaceSigners(cmsSignedDataTimeStampToken, newSignerStore); } final byte[] newTimeStampTokenBytes = cmsSignedDataTimeStampToken.getEncoded(); return DSSASN1Utils.toASN1Primitive(newTimeStampTokenBytes); } catch (IOException | CMSException e) { throw new DSSException("Cannot obtain timestamp attribute value.", e); } }
Example #10
Source File: CAdESLevelBaselineT.java From dss with GNU Lesser General Public License v2.1 | 4 votes |
private AttributeTable addSignatureTimestampAttribute(SignerInformation signerInformation, AttributeTable unsignedAttributes, CAdESSignatureParameters parameters) { ASN1Object signatureTimeStamp = getTimeStampAttributeValue(signerInformation.getSignature(), parameters); return unsignedAttributes.add(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, signatureTimeStamp); }
Example #11
Source File: CAdESLevelBaselineLTA.java From dss with GNU Lesser General Public License v2.1 | 4 votes |
/** * The input for the archive-time-stamp-v3’s message imprint computation shall be the concatenation (in the * order shown by the list below) of the signed data hash (see bullet 2 below) and certain fields in their binary * encoded * form without any modification and including the tag, length and value octets: * <ol> * <li>The SignedData.encapContentInfo.eContentType. * <li>The octets representing the hash of the signed data. The hash is computed on the same content that was used * for computing the hash value that is encapsulated within the message-digest signed attribute of the * CAdES signature being archive-time-stamped. The hash algorithm applied shall be the same as the hash * algorithm used for computing the archive time-stamp’s message imprint. The inclusion of the hash algorithm * in the SignedData.digestAlgorithms set is recommended. * <li>Fields version, sid, digestAlgorithm, signedAttrs, signatureAlgorithm, and * signature within the SignedData.signerInfos’s item corresponding to the signature being archive * time-stamped, in their order of appearance. * <li>A single instance of ATSHashIndex type (created as specified in clause 6.4.2). * </ol> * * @param cadesSignature * @param signerInformation * @param parameters * @param unsignedAttributes */ private AttributeTable addArchiveTimestampV3Attribute(CAdESSignature cadesSignature, SignerInformation signerInformation, CAdESSignatureParameters parameters, AttributeTable unsignedAttributes) { final CadesLevelBaselineLTATimestampExtractor timestampExtractor = new CadesLevelBaselineLTATimestampExtractor(cadesSignature); final DigestAlgorithm timestampDigestAlgorithm = parameters.getArchiveTimestampParameters().getDigestAlgorithm(); byte[] originalDocumentDigest = Utils.fromBase64(cadesSignature.getOriginalDocument().getDigest(timestampDigestAlgorithm)); ASN1ObjectIdentifier atsHashIndexTableIdentifier = getAtsHashIndexTableIdentifier(parameters); final Attribute atsHashIndexAttribute = timestampExtractor.getAtsHashIndex(signerInformation, timestampDigestAlgorithm, atsHashIndexTableIdentifier); final byte[] encodedToTimestamp = timestampExtractor.getArchiveTimestampDataV3(signerInformation, atsHashIndexAttribute, originalDocumentDigest); final ASN1Object timeStampAttributeValue = getTimeStampAttributeValue(encodedToTimestamp, timestampDigestAlgorithm, atsHashIndexAttribute); return unsignedAttributes.add(OID.id_aa_ets_archiveTimestampV3, timeStampAttributeValue); }
Example #12
Source File: ProxyP11Slot.java From xipki with Apache License 2.0 | 4 votes |
@Override protected void removeIdentity0(P11IdentityId identityId) throws P11TokenException { ASN1Object req = new ProxyMessage.SlotIdAndObjectId(asn1SlotId, new ProxyMessage.ObjectIdentifier(identityId.getKeyId())); module.send(P11ProxyConstants.ACTION_REMOVE_IDENTITY, req); }
Example #13
Source File: ProxyP11Slot.java From xipki with Apache License 2.0 | 4 votes |
@Override protected void removeCerts0(P11ObjectIdentifier objectId) throws P11TokenException { ASN1Object req = new ProxyMessage.SlotIdAndObjectId(asn1SlotId, new ProxyMessage.ObjectIdentifier(objectId)); module.send(P11ProxyConstants.ACTION_REMOVE_CERTS, req); }
Example #14
Source File: CAdESLevelBaselineB.java From dss with GNU Lesser General Public License v2.1 | 3 votes |
/** * A content time-stamp allows a time-stamp token of the data to be signed to be incorporated into the signed * information. * It provides proof of the existence of the data before the signature was created. * * A content time-stamp attribute is the time-stamp token of the signed data content before it is signed. * This attribute is a signed attribute. * Its object identifier is : * id-aa-ets-contentTimestamp OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) * smime(16) id-aa(2) 20} * * Content time-stamp attribute values have ASN.1 type ContentTimestamp: * ContentTimestamp ::= TimeStampToken * * The value of messageImprint of TimeStampToken (as described in RFC 3161) is the hash of the message digest as * defined in * ETSI standard 101733 v.2.2.1, clause 5.6.1. * * NOTE: content-time-stamp indicates that the signed information was formed before the date included in the * content-time-stamp. * NOTE (bis): There is a small difference in treatment between the content-time-stamp and the archive-timestamp * (ATSv2) when the signature * is attached. In that case, the content-time-stamp is computed on the raw data (without ASN.1 tag and length) * whereas the archive-timestamp * is computed on data as read. * * @param parameters * @param signedAttributes * @return */ private void addContentTimestamps(final CAdESSignatureParameters parameters, final ASN1EncodableVector signedAttributes) { if (Utils.isCollectionNotEmpty(parameters.getContentTimestamps())) { final List<TimestampToken> contentTimestamps = parameters.getContentTimestamps(); for (final TimestampToken contentTimestamp : contentTimestamps) { final ASN1Object asn1Object = DSSASN1Utils.toASN1Primitive(contentTimestamp.getEncoded()); final DERSet attrValues = new DERSet(asn1Object); final Attribute attribute = new Attribute(id_aa_ets_contentTimestamp, attrValues); signedAttributes.add(attribute); } } }