org.bouncycastle.asn1.cms.IssuerAndSerialNumber Java Examples

The following examples show how to use org.bouncycastle.asn1.cms.IssuerAndSerialNumber. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PdfPublicKeySecurityHandler.java    From itext2 with GNU Lesser General Public License v3.0 6 votes vote down vote up 
private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0)
    throws GeneralSecurityException, IOException
{
    ASN1InputStream asn1inputstream = 
        new ASN1InputStream(new ByteArrayInputStream(x509certificate.getTBSCertificate()));
    TBSCertificateStructure tbscertificatestructure = 
        TBSCertificateStructure.getInstance(asn1inputstream.readObject());
    AlgorithmIdentifier algorithmidentifier = tbscertificatestructure.getSubjectPublicKeyInfo().getAlgorithm();
    IssuerAndSerialNumber issuerandserialnumber = 
        new IssuerAndSerialNumber(
            tbscertificatestructure.getIssuer(), 
            tbscertificatestructure.getSerialNumber().getValue());
    Cipher cipher = Cipher.getInstance(algorithmidentifier.getAlgorithm().getId());        
    cipher.init(1, x509certificate);
    DEROctetString deroctetstring = new DEROctetString(cipher.doFinal(abyte0));
    RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber);
    return new KeyTransRecipientInfo( recipId, algorithmidentifier, deroctetstring);
}
Example #2
Source File: CaUtil.java    From xipki with Apache License 2.0 6 votes vote down vote up 
public static boolean verifyCsr(CertificationRequest csr, SecurityFactory securityFactory,
    AlgorithmValidator algorithmValidator, DhpocControl dhpocControl) {
  Args.notNull(csr, "csr");

  ASN1ObjectIdentifier algOid = csr.getSignatureAlgorithm().getAlgorithm();

  DHSigStaticKeyCertPair kaKeyAndCert = null;
  if (Xipki.id_alg_dhPop_x25519_sha256.equals(algOid)
      || Xipki.id_alg_dhPop_x448_sha512.equals(algOid)) {
    if (dhpocControl != null) {
      DhSigStatic dhSigStatic = DhSigStatic.getInstance(csr.getSignature().getBytes());
      IssuerAndSerialNumber isn = dhSigStatic.getIssuerAndSerial();

      ASN1ObjectIdentifier keyOid = csr.getCertificationRequestInfo().getSubjectPublicKeyInfo()
                                      .getAlgorithm().getAlgorithm();
      kaKeyAndCert = dhpocControl.getKeyCertPair(isn.getName(), isn.getSerialNumber().getValue(),
          EdECConstants.getName(keyOid));
    }

    if (kaKeyAndCert == null) {
      return false;
    }
  }

  return securityFactory.verifyPopo(csr, algorithmValidator, kaKeyAndCert);
}
Example #3
Source File: Client.java    From xipki with Apache License 2.0 5 votes vote down vote up 
public X509CRLHolder scepGetCrl(PrivateKey identityKey, X509Cert identityCert,
    X500Name issuer, BigInteger serialNumber) throws ScepClientException {
  Args.notNull(identityKey, "identityKey");
  Args.notNull(identityCert, "identityCert");
  Args.notNull(issuer, "issuer");
  Args.notNull(serialNumber, "serialNumber");

  initIfNotInited();

  PkiMessage pkiMessage = new PkiMessage(TransactionId.randomTransactionId(), MessageType.GetCRL);
  IssuerAndSerialNumber isn = new IssuerAndSerialNumber(issuer, serialNumber);
  pkiMessage.setMessageData(isn);
  ContentInfo request = encryptThenSign(pkiMessage, identityKey, identityCert);
  ScepHttpResponse httpResp = httpSend(Operation.PKIOperation, request);
  CMSSignedData cmsSignedData = parsePkiMessage(httpResp.getContentBytes());
  PkiMessage response = decode(cmsSignedData, identityKey, identityCert);
  if (response.getPkiStatus() != PkiStatus.SUCCESS) {
    throw new ScepClientException("server returned " + response.getPkiStatus());
  }

  ContentInfo messageData = ContentInfo.getInstance(response.getMessageData());

  try {
    return ScepUtil.getCrlFromPkiMessage(SignedData.getInstance(messageData.getContent()));
  } catch (CRLException ex) {
    throw new ScepClientException(ex.getMessage(), ex);
  }
}
Example #4
Source File: Client.java    From xipki with Apache License 2.0 5 votes vote down vote up 
public List<X509Cert> scepGetCert(PrivateKey identityKey, X509Cert identityCert,
    X500Name issuer, BigInteger serialNumber) throws ScepClientException {
  Args.notNull(identityKey, "identityKey");
  Args.notNull(identityCert, "identityCert");
  Args.notNull(issuer, "issuer");
  Args.notNull(serialNumber, "serialNumber");

  initIfNotInited();

  PkiMessage request = new PkiMessage(TransactionId.randomTransactionId(), MessageType.GetCert);

  IssuerAndSerialNumber isn = new IssuerAndSerialNumber(issuer, serialNumber);
  request.setMessageData(isn);
  ContentInfo envRequest = encryptThenSign(request, identityKey, identityCert);
  ScepHttpResponse httpResp = httpSend(Operation.PKIOperation, envRequest);

  CMSSignedData cmsSignedData = parsePkiMessage(httpResp.getContentBytes());
  DecodedPkiMessage response = decode(cmsSignedData, identityKey, identityCert);
  if (response.getPkiStatus() != PkiStatus.SUCCESS) {
    throw new ScepClientException("server returned " + response.getPkiStatus());
  }

  ContentInfo messageData = ContentInfo.getInstance(response.getMessageData());
  try {
    return ScepUtil.getCertsFromSignedData(SignedData.getInstance(messageData.getContent()));
  } catch (CertificateException ex) {
    throw new ScepClientException(ex.getMessage(), ex);
  }
}
Example #5
Source File: SMimePackageEncryptor.java    From ats-framework with Apache License 2.0 4 votes vote down vote up 
@PublicAtsApi
public Package sign( Package sourcePackage ) throws ActionException {

    try {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }

        KeyStore ks = getKeystore();
        // TODO wrap exception with possible causes and add some hint
        PrivateKey privateKey = (PrivateKey) ks.getKey(aliasOrCN, certPassword.toCharArray());

        // Get whole certificate chain
        Certificate[] certArr = ks.getCertificateChain(aliasOrCN);
        // Pre 4.0.6 behavior was not to attach full cert. chain X509Certificate cer = (X509Certificate) ks.getCertificate(aliasOrCN);
        if (certArr.length >= 1) {
            LOG.debug("Found certificate of alias: " + aliasOrCN + ". Lenght of cert chain: " + certArr.length
                      + ", child cert:" + certArr[0].toString());
        }

        X509Certificate childCert = (X509Certificate) certArr[0];

        /* Create the SMIMESignedGenerator */
        ASN1EncodableVector attributes = new ASN1EncodableVector();
        attributes.add(new SMIMEEncryptionKeyPreferenceAttribute(
                                                                 new IssuerAndSerialNumber(new X500Name(childCert.getIssuerDN()
                                                                                                                 .getName()),
                                                                                           childCert.getSerialNumber())));

        SMIMECapabilityVector capabilities = new SMIMECapabilityVector();
        capabilities.addCapability(SMIMECapability.aES128_CBC);
        capabilities.addCapability(SMIMECapability.dES_EDE3_CBC);
        capabilities.addCapability(SMIMECapability.rC2_CBC, 128);
        capabilities.addCapability(SMIMECapability.dES_CBC);

        attributes.add(new SMIMECapabilitiesAttribute(capabilities));

        if (signatureAlgorithm == null) { // not specified explicitly 
            // TODO check defaults to be used
            signatureAlgorithm = SignatureAlgorithm.DSA.equals(privateKey.getAlgorithm())
                                                                                          ? "SHA1withDSA"
                                                                                          : "MD5withRSA";
        }

        SMIMESignedGenerator signer = new SMIMESignedGenerator();
        JcaSimpleSignerInfoGeneratorBuilder signerGeneratorBuilder = new JcaSimpleSignerInfoGeneratorBuilder();
        signerGeneratorBuilder.setProvider(BouncyCastleProvider.PROVIDER_NAME);
        signerGeneratorBuilder.setSignedAttributeGenerator(new AttributeTable(attributes));
        signer.addSignerInfoGenerator(signerGeneratorBuilder.build(signatureAlgorithm, privateKey,
                                                                   childCert));

        /* Add the list of certs to the generator */
        List<X509Certificate> certList = new ArrayList<X509Certificate>();
        for (int i = 0; i < certArr.length; i++) { // first add child cert, and CAs
            certList.add((X509Certificate) certArr[i]);
        }

        Store<?> certs = new JcaCertStore(certList);
        signer.addCertificates(certs);

        /* Sign the message */
        Session session = Session.getDefaultInstance(System.getProperties(), null);

        MimeMultipart mm = signer.generate(getMimeMessage(sourcePackage));
        MimeMessage signedMessage = new MimeMessage(session);

        /* Set all original MIME headers in the signed message */
        Enumeration<?> headers = getMimeMessage(sourcePackage).getAllHeaderLines();
        while (headers.hasMoreElements()) {
            signedMessage.addHeaderLine((String) headers.nextElement());
        }

        /* Set the content of the signed message */
        signedMessage.setContent(mm);
        signedMessage.saveChanges();

        return new MimePackage(signedMessage);
    } catch (Exception e) {
        throw new ActionException(EXCEPTION_WHILE_SIGNING, e);
    }
}