protected AuthorityKeyIdentifier( ASN1Sequence seq) { Enumeration e = seq.getObjects(); while (e.hasMoreElements()) { ASN1TaggedObject o = DERTaggedObject.getInstance(e.nextElement()); switch (o.getTagNo()) { case 0: this.keyidentifier = ASN1OctetString.getInstance(o, false); break; case 1: this.certissuer = GeneralNames.getInstance(o, false); break; case 2: this.certserno = ASN1Integer.getInstance(o, false); break; default: throw new IllegalArgumentException("illegal tag"); } } }
/** * Get UPN String. * * @param seq ASN1Sequence abstraction representing subject alternative name. * First element is the object identifier, second is the object itself. * * @return UPN string or null */ private String getUPNStringFromSequence(final ASN1Sequence seq) { if (seq != null) { // First in sequence is the object identifier, that we must check final ASN1ObjectIdentifier id = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0)); if (id != null && UPN_OBJECTID.equals(id.getId())) { final ASN1TaggedObject obj = (ASN1TaggedObject) seq.getObjectAt(1); ASN1Primitive prim = obj.getObject(); // Due to bug in java cert.getSubjectAltName, it can be tagged an extra time if (prim instanceof ASN1TaggedObject) { prim = ASN1TaggedObject.getInstance(((ASN1TaggedObject) prim)).getObject(); } if (prim instanceof ASN1OctetString) { return new String(((ASN1OctetString) prim).getOctets()); } else if (prim instanceof ASN1String) { return ((ASN1String) prim).getString(); } else{ return null; } } } return null; }
public PBKDF2Params( ASN1Sequence seq) { Enumeration e = seq.getObjects(); octStr = (ASN1OctetString)e.nextElement(); iterationCount = (DERInteger)e.nextElement(); if (e.hasMoreElements()) { keyLength = (DERInteger)e.nextElement(); } else { keyLength = null; } }
public SignerId getSignerId(X509CertSelector certSelector) { try { if (certSelector.getSubjectKeyIdentifier() != null) { return new SignerId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber(), ASN1OctetString.getInstance(certSelector.getSubjectKeyIdentifier()).getOctets()); } else { return new SignerId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber()); } } catch (IOException e) { throw new IllegalArgumentException("unable to convert issuer: " + e.getMessage()); } }
private McElieceCCA2PrivateKey(ASN1Sequence seq) { oid = ((ASN1ObjectIdentifier)seq.getObjectAt(0)); BigInteger bigN = ((ASN1Integer)seq.getObjectAt(1)).getValue(); n = bigN.intValue(); BigInteger bigK = ((ASN1Integer)seq.getObjectAt(2)).getValue(); k = bigK.intValue(); encField = ((ASN1OctetString)seq.getObjectAt(3)).getOctets(); encGp = ((ASN1OctetString)seq.getObjectAt(4)).getOctets(); encP = ((ASN1OctetString)seq.getObjectAt(5)).getOctets(); encH = ((ASN1OctetString)seq.getObjectAt(6)).getOctets(); ASN1Sequence asnQInv = (ASN1Sequence)seq.getObjectAt(7); encqInv = new byte[asnQInv.size()][]; for (int i = 0; i < asnQInv.size(); i++) { encqInv[i] = ((ASN1OctetString)asnQInv.getObjectAt(i)).getOctets(); } }
protected Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] derivedKey, byte[] encryptedContentEncryptionKey) throws CMSException { Cipher keyEncryptionCipher = helper.createRFC3211Wrapper(keyEncryptionAlgorithm.getAlgorithm()); try { IvParameterSpec ivSpec = new IvParameterSpec(ASN1OctetString.getInstance(keyEncryptionAlgorithm.getParameters()).getOctets()); keyEncryptionCipher.init(Cipher.UNWRAP_MODE, new SecretKeySpec(derivedKey, keyEncryptionCipher.getAlgorithm()), ivSpec); return keyEncryptionCipher.unwrap(encryptedContentEncryptionKey, contentEncryptionAlgorithm.getAlgorithm().getId(), Cipher.SECRET_KEY); } catch (GeneralSecurityException e) { throw new CMSException("cannot process content encryption key: " + e.getMessage(), e); } }
private McElieceCCA2PublicKey(ASN1Sequence seq) { oid = ((ASN1ObjectIdentifier)seq.getObjectAt(0)); BigInteger bigN = ((ASN1Integer)seq.getObjectAt(1)).getValue(); n = bigN.intValue(); BigInteger bigT = ((ASN1Integer)seq.getObjectAt(2)).getValue(); t = bigT.intValue(); matrixG = ((ASN1OctetString)seq.getObjectAt(3)).getOctets(); }
private TimeStampedData(ASN1Sequence seq) { this.version = ASN1Integer.getInstance(seq.getObjectAt(0)); int index = 1; if (seq.getObjectAt(index) instanceof DERIA5String) { this.dataUri = DERIA5String.getInstance(seq.getObjectAt(index++)); } if (seq.getObjectAt(index) instanceof MetaData || seq.getObjectAt(index) instanceof ASN1Sequence) { this.metaData = MetaData.getInstance(seq.getObjectAt(index++)); } if (seq.getObjectAt(index) instanceof ASN1OctetString) { this.content = ASN1OctetString.getInstance(seq.getObjectAt(index++)); } this.temporalEvidence = Evidence.getInstance(seq.getObjectAt(index)); }
public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentEncryptionAlgorithm, SubjectPublicKeyInfo senderPublicKey, ASN1OctetString userKeyingMaterial, byte[] encryptedContentKey) throws CMSException { Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentEncryptionAlgorithm, senderPublicKey, userKeyingMaterial, encryptedContentKey); final Cipher dataCipher = contentHelper.createContentCipher(secretKey, contentEncryptionAlgorithm); return new RecipientOperator(new InputDecryptor() { public AlgorithmIdentifier getAlgorithmIdentifier() { return contentEncryptionAlgorithm; } public InputStream getInputStream(InputStream dataOut) { return new CipherInputStream(dataOut, dataCipher); } }); }
/** * Verify the MacData attached to the PFX is consistent with what is expected. * * @param macCalcProviderBuilder provider builder for the calculator for the MAC * @param password password to use * @return true if mac data is valid, false otherwise. * @throws PKCSException if there is a problem evaluating the MAC. * @throws IllegalStateException if no MAC is actually present */ public boolean isMacValid(PKCS12MacCalculatorBuilderProvider macCalcProviderBuilder, char[] password) throws PKCSException { if (hasMac()) { MacData pfxmData = pfx.getMacData(); MacDataGenerator mdGen = new MacDataGenerator(macCalcProviderBuilder.get(new AlgorithmIdentifier(pfxmData.getMac().getAlgorithmId().getAlgorithm(), new PKCS12PBEParams(pfxmData.getSalt(), pfxmData.getIterationCount().intValue())))); try { MacData mData = mdGen.build( password, ASN1OctetString.getInstance(pfx.getAuthSafe().getContent()).getOctets()); return Arrays.constantTimeAreEqual(mData.getEncoded(), pfx.getMacData().getEncoded()); } catch (IOException e) { throw new PKCSException("unable to process AuthSafe: " + e.getMessage()); } } throw new IllegalStateException("no MAC present on PFX"); }
/** * Constructor from ASN1Sequence. * * the extensions are a list of constructed sequences, either with (OID, OctetString) or (OID, Boolean, OctetString) */ public X509Extensions( ASN1Sequence seq) { Enumeration e = seq.getObjects(); while (e.hasMoreElements()) { ASN1Sequence s = ASN1Sequence.getInstance(e.nextElement()); if (s.size() == 3) { extensions.put(s.getObjectAt(0), new X509Extension(DERBoolean.getInstance(s.getObjectAt(1)), ASN1OctetString.getInstance(s.getObjectAt(2)))); } else if (s.size() == 2) { extensions.put(s.getObjectAt(0), new X509Extension(false, ASN1OctetString.getInstance(s.getObjectAt(1)))); } else { throw new IllegalArgumentException("Bad sequence size: " + s.size()); } ordering.addElement(s.getObjectAt(0)); } }
KeyTransRecipientInformation( KeyTransRecipientInfo info, AlgorithmIdentifier messageAlgorithm, CMSSecureReadable secureReadable, AuthAttributesProvider additionalData) { super(info.getKeyEncryptionAlgorithm(), messageAlgorithm, secureReadable, additionalData); this.info = info; RecipientIdentifier r = info.getRecipientIdentifier(); if (r.isTagged()) { ASN1OctetString octs = ASN1OctetString.getInstance(r.getId()); rid = new KeyTransRecipientId(octs.getOctets()); } else { IssuerAndSerialNumber iAnds = IssuerAndSerialNumber.getInstance(r.getId()); rid = new KeyTransRecipientId(iAnds.getName(), iAnds.getSerialNumber().getValue()); } }
/** * Return the uncompressed content, throwing an exception if the data size * is greater than the passed in limit. If the content is exceeded getCause() * on the CMSException will contain a StreamOverflowException * * @param limit maximum number of bytes to read * @return the content read * @throws CMSException if there is an exception uncompressing the data. * @deprecated use getContent(InputExpanderProvider) */ public byte[] getContent(int limit) throws CMSException { ContentInfo content = comData.getEncapContentInfo(); ASN1OctetString bytes = (ASN1OctetString)content.getContent(); InflaterInputStream zIn = new InflaterInputStream(bytes.getOctetStream()); try { return CMSUtils.streamToByteArray(zIn, limit); } catch (IOException e) { throw new CMSException("exception reading compressed stream.", e); } }
public KeyTransRecipientId getKeyTransRecipientId(X509CertSelector certSelector) { try { if (certSelector.getSubjectKeyIdentifier() != null) { return new KeyTransRecipientId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber(), ASN1OctetString.getInstance(certSelector.getSubjectKeyIdentifier()).getOctets()); } else { return new KeyTransRecipientId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber()); } } catch (IOException e) { throw new IllegalArgumentException("unable to convert issuer: " + e.getMessage()); } }
private PKIArchiveOptions(ASN1TaggedObject tagged) { switch (tagged.getTagNo()) { case encryptedPrivKey: value = EncryptedKey.getInstance(tagged.getObject()); break; case keyGenParameters: value = ASN1OctetString.getInstance(tagged, false); break; case archiveRemGenPrivKey: value = ASN1Boolean.getInstance(tagged, false); break; default: throw new IllegalArgumentException("unknown tag number: " + tagged.getTagNo()); } }
@Override protected byte[] digestSecretKey0(long mechanism) throws P11TokenException { Asn1P11EntityIdentifier asn1EntityId = new Asn1P11EntityIdentifier(identityId); Asn1DigestSecretKeyTemplate template = new Asn1DigestSecretKeyTemplate( asn1EntityId, mechanism); byte[] result = ((ProxyP11Slot) slot).module().send( P11ProxyConstants.ACTION_DIGEST_SECRETKEY, template); ASN1OctetString octetString; try { octetString = DEROctetString.getInstance(result); } catch (IllegalArgumentException ex) { throw new P11TokenException("the returned result is not OCTET STRING"); } return (octetString == null) ? null : octetString.getOctets(); }
public byte[] generateEncryptedBytes(AlgorithmIdentifier keyEncryptionAlgorithm, byte[] derivedKey, GenericKey contentEncryptionKey) throws CMSException { Key contentEncryptionKeySpec = helper.getJceKey(contentEncryptionKey); Cipher keyEncryptionCipher = helper.createRFC3211Wrapper(keyEncryptionAlgorithm.getAlgorithm()); try { IvParameterSpec ivSpec = new IvParameterSpec(ASN1OctetString.getInstance(keyEncryptionAlgorithm.getParameters()).getOctets()); keyEncryptionCipher.init(Cipher.WRAP_MODE, new SecretKeySpec(derivedKey, keyEncryptionCipher.getAlgorithm()), ivSpec); return keyEncryptionCipher.wrap(contentEncryptionKeySpec); } catch (GeneralSecurityException e) { throw new CMSException("cannot process content encryption key: " + e.getMessage(), e); } }
private EncryptedContentInfo( ASN1Sequence seq) { if (seq.size() < 2) { throw new IllegalArgumentException("Truncated Sequence Found"); } contentType = (ASN1ObjectIdentifier)seq.getObjectAt(0); contentEncryptionAlgorithm = AlgorithmIdentifier.getInstance( seq.getObjectAt(1)); if (seq.size() > 2) { encryptedContent = ASN1OctetString.getInstance( (ASN1TaggedObject)seq.getObjectAt(2), false); } }
public CMSSignedData( ContentInfo sigData) throws CMSException { this.contentInfo = sigData; this.signedData = getSignedData(); // // this can happen if the signed message is sent simply to send a // certificate chain. // if (signedData.getEncapContentInfo().getContent() != null) { this.signedContent = new CMSProcessableByteArray(signedData.getEncapContentInfo().getContentType(), ((ASN1OctetString)(signedData.getEncapContentInfo() .getContent())).getOctets()); } else { this.signedContent = null; } }
/** * Constructor which will take the byte[] returned from getExtensionValue() * * @param encodedValue a DER octet encoded string with the extension structure in it. * @throws IOException on parsing errors. */ public SubjectKeyIdentifierStructure( byte[] encodedValue) throws IOException { super((ASN1OctetString)X509ExtensionUtil.fromExtensionValue(encodedValue)); }
public static ASN1Primitive fromExtensionValue( byte[] encodedValue) throws IOException { ASN1OctetString octs = (ASN1OctetString)ASN1Primitive.fromByteArray(encodedValue); return ASN1Primitive.fromByteArray(octs.getOctets()); }
private static byte[] getSubjectKeyId(X509Certificate cert) { byte[] ext = cert.getExtensionValue(Extension.subjectKeyIdentifier.getId()); if (ext != null) { return ASN1OctetString.getInstance(ASN1OctetString.getInstance(ext).getOctets()).getOctets(); } else { return null; } }
public CertID( AlgorithmIdentifier hashAlgorithm, ASN1OctetString issuerNameHash, ASN1OctetString issuerKeyHash, ASN1Integer serialNumber) { this.hashAlgorithm = hashAlgorithm; this.issuerNameHash = issuerNameHash; this.issuerKeyHash = issuerKeyHash; this.serialNumber = serialNumber; }
private static CertID createCertID(DigestCalculator digCalc, X509CertificateHolder issuerCert, ASN1Integer serialNumber) throws OCSPException { try { OutputStream dgOut = digCalc.getOutputStream(); dgOut.write(issuerCert.toASN1Structure().getSubject().getEncoded(ASN1Encoding.DER)); dgOut.close(); ASN1OctetString issuerNameHash = new DEROctetString(digCalc.getDigest()); SubjectPublicKeyInfo info = issuerCert.getSubjectPublicKeyInfo(); dgOut = digCalc.getOutputStream(); dgOut.write(info.getPublicKeyData().getBytes()); dgOut.close(); ASN1OctetString issuerKeyHash = new DEROctetString(digCalc.getDigest()); return new CertID(digCalc.getAlgorithmIdentifier(), issuerNameHash, issuerKeyHash, serialNumber); } catch (Exception e) { throw new OCSPException("problem creating ID: " + e, e); } }
/** * Returns the intersection of the permitted IP ranges in * <code>permitted</code> with <code>ip</code>. * * @param permitted A <code>Set</code> of permitted IP addresses with * their subnet mask as byte arrays. * @param ips The IP address with its subnet mask. * @return The <code>Set</code> of permitted IP ranges intersected with * <code>ip</code>. */ private Set intersectIP(Set permitted, Set ips) { Set intersect = new HashSet(); for (Iterator it = ips.iterator(); it.hasNext();) { byte[] ip = ASN1OctetString.getInstance( ((GeneralSubtree)it.next()).getBase().getName()).getOctets(); if (permitted == null) { if (ip != null) { intersect.add(ip); } } else { Iterator it2 = permitted.iterator(); while (it2.hasNext()) { byte[] _permitted = (byte[])it2.next(); intersect.addAll(intersectIPRange(_permitted, ip)); } } } return intersect; }
/** * Adds a subtree to the excluded set of these name constraints. * * @param subtree A subtree with an excluded GeneralName. */ public void addExcludedSubtree(GeneralSubtree subtree) { GeneralName base = subtree.getBase(); switch (base.getTagNo()) { case 1: excludedSubtreesEmail = unionEmail(excludedSubtreesEmail, extractNameAsString(base)); break; case 2: excludedSubtreesDNS = unionDNS(excludedSubtreesDNS, extractNameAsString(base)); break; case 4: excludedSubtreesDN = unionDN(excludedSubtreesDN, (ASN1Sequence)base.getName().toASN1Primitive()); break; case 6: excludedSubtreesURI = unionURI(excludedSubtreesURI, extractNameAsString(base)); break; case 7: excludedSubtreesIP = unionIP(excludedSubtreesIP, ASN1OctetString .getInstance(base.getName()).getOctets()); break; } }
public ASN1Encodable getId() { if (id instanceof ASN1TaggedObject) { return ASN1OctetString.getInstance((ASN1TaggedObject)id, false); } return IssuerAndSerialNumber.getInstance(id); }
public PasswordRecipientInfo( AlgorithmIdentifier keyEncryptionAlgorithm, ASN1OctetString encryptedKey) { this.version = new ASN1Integer(0); this.keyEncryptionAlgorithm = keyEncryptionAlgorithm; this.encryptedKey = encryptedKey; }
public TimeStampedData(DERIA5String dataUri, MetaData metaData, ASN1OctetString content, Evidence temporalEvidence) { this.version = new ASN1Integer(1); this.dataUri = dataUri; this.metaData = metaData; this.content = content; this.temporalEvidence = temporalEvidence; }
public static byte[] extractSki(X509Certificate cert) throws CertificateEncodingException { byte[] extValue = getCoreExtValue(cert, Extension.subjectKeyIdentifier); if (extValue == null) { return null; } try { return ASN1OctetString.getInstance(extValue).getOctets(); } catch (IllegalArgumentException ex) { throw new CertificateEncodingException(ex.getMessage()); } }
protected void engineInit( byte[] params, String format) throws IOException { if (isASN1FormatString(format)) { try { ASN1OctetString oct = (ASN1OctetString)ASN1Primitive.fromByteArray(params); engineInit(oct.getOctets()); } catch (Exception e) { throw new IOException("Exception decoding: " + e); } return; } if (format.equals("RAW")) { engineInit(params); return; } throw new IOException("Unknown parameters format in IV parameters object"); }
private DataGroupHash(ASN1Sequence seq) { Enumeration e = seq.getObjects(); // dataGroupNumber dataGroupNumber = ASN1Integer.getInstance(e.nextElement()); // dataGroupHashValue dataGroupHashValue = ASN1OctetString.getInstance(e.nextElement()); }
public BiometricData( TypeOfBiometricData typeOfBiometricData, AlgorithmIdentifier hashAlgorithm, ASN1OctetString biometricDataHash, DERIA5String sourceDataUri) { this.typeOfBiometricData = typeOfBiometricData; this.hashAlgorithm = hashAlgorithm; this.biometricDataHash = biometricDataHash; this.sourceDataUri = sourceDataUri; }
public BiometricData( TypeOfBiometricData typeOfBiometricData, AlgorithmIdentifier hashAlgorithm, ASN1OctetString biometricDataHash) { this.typeOfBiometricData = typeOfBiometricData; this.hashAlgorithm = hashAlgorithm; this.biometricDataHash = biometricDataHash; this.sourceDataUri = null; }
public ResponseBytes( ASN1ObjectIdentifier responseType, ASN1OctetString response) { this.responseType = responseType; this.response = response; }
public static SubjectKeyIdentifier getInstance( Object obj) { if (obj instanceof SubjectKeyIdentifier) { return (SubjectKeyIdentifier)obj; } else if (obj != null) { return new SubjectKeyIdentifier(ASN1OctetString.getInstance(obj)); } return null; }
public static ContentIdentifier getInstance(Object o) { if (o instanceof ContentIdentifier) { return (ContentIdentifier) o; } else if (o != null) { return new ContentIdentifier(ASN1OctetString.getInstance(o)); } return null; }
public DigestInfo( ASN1Sequence obj) { Enumeration e = obj.getObjects(); algId = AlgorithmIdentifier.getInstance(e.nextElement()); digest = ASN1OctetString.getInstance(e.nextElement()).getOctets(); }
public Extension( ASN1ObjectIdentifier extnId, ASN1Boolean critical, ASN1OctetString value) { this(extnId, critical.isTrue(), value); }
