public PublicKey getPublicKey(String provider) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException { SubjectPublicKeyInfo subjectPKInfo = pkac.getSubjectPublicKeyInfo(); try { DERBitString bStr = new DERBitString(subjectPKInfo); X509EncodedKeySpec xspec = new X509EncodedKeySpec(bStr.getBytes()); AlgorithmIdentifier keyAlg = subjectPKInfo.getAlgorithm(); KeyFactory factory = KeyFactory.getInstance(keyAlg.getAlgorithm().getId(),provider); return factory.generatePublic(xspec); } catch (Exception e) { throw new InvalidKeyException("error encoding public key"); } }
public boolean[] getIssuerUniqueID() { DERBitString id = cert.getAcinfo().getIssuerUniqueID(); if (id != null) { byte[] bytes = id.getBytes(); boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()]; for (int i = 0; i != boolId.length; i++) { boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; } return boolId; } return null; }
private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature) throws CertificateEncodingException { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(tbsCert); v.add(sigAlgId); v.add(new DERBitString(signature)); try { return new X509CertificateObject(Certificate.getInstance(new DERSequence(v))); } catch (CertificateParsingException e) { throw new ExtCertificateEncodingException("exception producing certificate object", e); } }
private DERBitString booleanToBitString(boolean[] id) { byte[] bytes = new byte[(id.length + 7) / 8]; for (int i = 0; i != id.length; i++) { bytes[i / 8] |= (id[i]) ? (1 << ((7 - (i % 8)))) : 0; } int pad = id.length % 8; if (pad == 0) { return new DERBitString(bytes); } else { return new DERBitString(bytes, 8 - pad); } }
static DERBitString booleanToBitString(boolean[] id) { byte[] bytes = new byte[(id.length + 7) / 8]; for (int i = 0; i != id.length; i++) { bytes[i / 8] |= (id[i]) ? (1 << ((7 - (i % 8)))) : 0; } int pad = id.length % 8; if (pad == 0) { return new DERBitString(bytes); } else { return new DERBitString(bytes, 8 - pad); } }
static boolean[] bitStringToBoolean(DERBitString bitString) { if (bitString != null) { byte[] bytes = bitString.getBytes(); boolean[] boolId = new boolean[bytes.length * 8 - bitString.getPadBits()]; for (int i = 0; i != boolId.length; i++) { boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; } return boolId; } return null; }
public PKMACValue generate(char[] password, SubjectPublicKeyInfo keyInfo) throws CRMFException { MacCalculator calculator = builder.build(password); OutputStream macOut = calculator.getOutputStream(); try { macOut.write(keyInfo.getEncoded(ASN1Encoding.DER)); macOut.close(); } catch (IOException e) { throw new CRMFException("exception encoding mac input: " + e.getMessage(), e); } return new PKMACValue(calculator.getAlgorithmIdentifier(), new DERBitString(calculator.getMac())); }
/** * Build a protected PKI message which has MAC based integrity protection. * * @param macCalculator MAC calculator. * @return the resulting protected PKI message. * @throws CMPException if the protection MAC cannot be calculated. */ public ProtectedPKIMessage build(MacCalculator macCalculator) throws CMPException { finaliseHeader(macCalculator.getAlgorithmIdentifier()); PKIHeader header = hdrBuilder.build(); try { DERBitString protection = new DERBitString(calculateMac(macCalculator, header, body)); return finaliseMessage(header, protection); } catch (IOException e) { throw new CMPException("unable to encode MAC input: " + e.getMessage(), e); } }
/** * Build a protected PKI message which has MAC based integrity protection. * * @param signer the ContentSigner to be used to calculate the signature. * @return the resulting protected PKI message. * @throws CMPException if the protection signature cannot be calculated. */ public ProtectedPKIMessage build(ContentSigner signer) throws CMPException { finaliseHeader(signer.getAlgorithmIdentifier()); PKIHeader header = hdrBuilder.build(); try { DERBitString protection = new DERBitString(calculateSignature(signer, header, body)); return finaliseMessage(header, protection); } catch (IOException e) { throw new CMPException("unable to encode signature input: " + e.getMessage(), e); } }
private ProtectedPKIMessage finaliseMessage(PKIHeader header, DERBitString protection) { if (!extraCerts.isEmpty()) { CMPCertificate[] cmpCerts = new CMPCertificate[extraCerts.size()]; for (int i = 0; i != cmpCerts.length; i++) { cmpCerts[i] = new CMPCertificate(((X509CertificateHolder)extraCerts.get(i)).toASN1Structure()); } return new ProtectedPKIMessage(new PKIMessage(header, body, protection, cmpCerts)); } else { return new ProtectedPKIMessage(new PKIMessage(header, body, protection)); } }
public NetscapeCertRequest( String challenge, AlgorithmIdentifier signing_alg, PublicKey pub_key) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException { this.challenge = challenge; sigAlg = signing_alg; pubkey = pub_key; ASN1EncodableVector content_der = new ASN1EncodableVector(); content_der.add(getKeySpec()); //content_der.add(new SubjectPublicKeyInfo(sigAlg, new RSAPublicKeyStructure(pubkey.getModulus(), pubkey.getPublicExponent()).getDERObject())); content_der.add(new DERIA5String(challenge)); try { content = new DERBitString(new DERSequence(content_der)); } catch (IOException e) { throw new InvalidKeySpecException("exception encoding key: " + e.toString()); } }
public ASN1Primitive toASN1Primitive() { ASN1EncodableVector spkac = new ASN1EncodableVector(); ASN1EncodableVector pkac = new ASN1EncodableVector(); try { pkac.add(getKeySpec()); } catch (Exception e) { //ignore } pkac.add(new DERIA5String(challenge)); spkac.add(new DERSequence(pkac)); spkac.add(sigAlg); spkac.add(new DERBitString(sigBits)); return new DERSequence(spkac); }
public boolean[] getIssuerUniqueID() { DERBitString id = c.getTBSCertificate().getIssuerUniqueId(); if (id != null) { byte[] bytes = id.getBytes(); boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()]; for (int i = 0; i != boolId.length; i++) { boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; } return boolId; } return null; }
public boolean[] getSubjectUniqueID() { DERBitString id = c.getTBSCertificate().getSubjectUniqueId(); if (id != null) { byte[] bytes = id.getBytes(); boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()]; for (int i = 0; i != boolId.length; i++) { boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; } return boolId; } return null; }
public ECPrivateKey( BigInteger key, DERBitString publicKey, ASN1Object parameters) { byte[] bytes = BigIntegers.asUnsignedByteArray(key); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new ASN1Integer(1)); v.add(new DEROctetString(bytes)); if (parameters != null) { v.add(new DERTaggedObject(true, 0, parameters)); } if (publicKey != null) { v.add(new DERTaggedObject(true, 1, publicKey)); } seq = new DERSequence(v); }
public ECPrivateKeyStructure( BigInteger key, DERBitString publicKey, ASN1Encodable parameters) { byte[] bytes = BigIntegers.asUnsignedByteArray(key); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new ASN1Integer(1)); v.add(new DEROctetString(bytes)); if (parameters != null) { v.add(new DERTaggedObject(true, 0, parameters)); } if (publicKey != null) { v.add(new DERTaggedObject(true, 1, publicKey)); } seq = new DERSequence(v); }
/** * Constructor from given details. * <p> * If <code>digestedObjectType</code> is not {@link #publicKeyCert} or * {@link #publicKey} <code>otherObjectTypeID</code> must be given, * otherwise it is ignored. * * @param digestedObjectType The digest object type. * @param otherObjectTypeID The object type ID for * <code>otherObjectDigest</code>. * @param digestAlgorithm The algorithm identifier for the hash. * @param objectDigest The hash value. */ public ObjectDigestInfo( int digestedObjectType, ASN1ObjectIdentifier otherObjectTypeID, AlgorithmIdentifier digestAlgorithm, byte[] objectDigest) { this.digestedObjectType = new ASN1Enumerated(digestedObjectType); if (digestedObjectType == otherObjectDigest) { this.otherObjectTypeID = otherObjectTypeID; } this.digestAlgorithm = digestAlgorithm; this.objectDigest = new DERBitString(objectDigest); }
private ObjectDigestInfo( ASN1Sequence seq) { if (seq.size() > 4 || seq.size() < 3) { throw new IllegalArgumentException("Bad sequence size: " + seq.size()); } digestedObjectType = ASN1Enumerated.getInstance(seq.getObjectAt(0)); int offset = 0; if (seq.size() == 4) { otherObjectTypeID = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(1)); offset++; } digestAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(1 + offset)); objectDigest = DERBitString.getInstance(seq.getObjectAt(2 + offset)); }
public DistributionPoint( ASN1Sequence seq) { for (int i = 0; i != seq.size(); i++) { ASN1TaggedObject t = ASN1TaggedObject.getInstance(seq.getObjectAt(i)); switch (t.getTagNo()) { case 0: distributionPoint = DistributionPointName.getInstance(t, true); break; case 1: reasons = new ReasonFlags(DERBitString.getInstance(t, false)); break; case 2: cRLIssuer = GeneralNames.getInstance(t, false); } } }
public X509CertificateStructure( ASN1Sequence seq) { this.seq = seq; // // correct x509 certficate // if (seq.size() == 3) { tbsCert = TBSCertificateStructure.getInstance(seq.getObjectAt(0)); sigAlgId = AlgorithmIdentifier.getInstance(seq.getObjectAt(1)); sig = DERBitString.getInstance(seq.getObjectAt(2)); } else { throw new IllegalArgumentException("sequence wrong size for a certificate"); } }
private PKIStatusInfo getPKIStatusInfo() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DERInteger(status)); if (statusStrings.size() > 0) { v.add(PKIFreeText.getInstance(new DERSequence(statusStrings))); } if (failInfo != 0) { DERBitString failInfoBitString = new FailInfo(failInfo); v.add(failInfoBitString); } return PKIStatusInfo.getInstance(new DERSequence(v)); }
private IssuerSerial( ASN1Sequence seq) { if (seq.size() != 2 && seq.size() != 3) { throw new IllegalArgumentException("Bad sequence size: " + seq.size()); } issuer = GeneralNames.getInstance(seq.getObjectAt(0)); serial = ASN1Integer.getInstance(seq.getObjectAt(1)); if (seq.size() == 3) { issuerUID = DERBitString.getInstance(seq.getObjectAt(2)); } }
private Certificate( ASN1Sequence seq) { this.seq = seq; // // correct x509 certficate // if (seq.size() == 3) { tbsCert = TBSCertificate.getInstance(seq.getObjectAt(0)); sigAlgId = AlgorithmIdentifier.getInstance(seq.getObjectAt(1)); sig = DERBitString.getInstance(seq.getObjectAt(2)); } else { throw new IllegalArgumentException("sequence wrong size for a certificate"); } }
/** * Produce an object suitable for an ASN1OutputStream. * <pre> * Curve ::= SEQUENCE { * a FieldElement, * b FieldElement, * seed BIT STRING OPTIONAL * } * </pre> */ public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); if (fieldIdentifier.equals(prime_field)) { v.add(new X9FieldElement(curve.getA()).toASN1Primitive()); v.add(new X9FieldElement(curve.getB()).toASN1Primitive()); } else if (fieldIdentifier.equals(characteristic_two_field)) { v.add(new X9FieldElement(curve.getA()).toASN1Primitive()); v.add(new X9FieldElement(curve.getB()).toASN1Primitive()); } if (seed != null) { v.add(new DERBitString(seed)); } return new DERSequence(v); }
private POPOPrivKey(ASN1TaggedObject obj) { this.tagNo = obj.getTagNo(); switch (tagNo) { case thisMessage: this.obj = DERBitString.getInstance(obj, false); break; case subsequentMessage: this.obj = SubsequentMessage.valueOf(ASN1Integer.getInstance(obj, false).getValue().intValue()); break; case dhMAC: this.obj = DERBitString.getInstance(obj, false); break; case agreeMAC: this.obj = PKMACValue.getInstance(obj, false); break; case encryptedKey: this.obj = EnvelopedData.getInstance(obj, false); break; default: throw new IllegalArgumentException("unknown tag in POPOPrivKey"); } }
private POPOSigningKey(ASN1Sequence seq) { int index = 0; if (seq.getObjectAt(index) instanceof ASN1TaggedObject) { ASN1TaggedObject tagObj = (ASN1TaggedObject)seq.getObjectAt(index++); if (tagObj.getTagNo() != 0) { throw new IllegalArgumentException( "Unknown POPOSigningKeyInput tag: " + tagObj.getTagNo()); } poposkInput = POPOSigningKeyInput.getInstance(tagObj.getObject()); } algorithmIdentifier = AlgorithmIdentifier.getInstance(seq.getObjectAt(index++)); signature = DERBitString.getInstance(seq.getObjectAt(index)); }
public EncryptedValue( AlgorithmIdentifier intendedAlg, AlgorithmIdentifier symmAlg, DERBitString encSymmKey, AlgorithmIdentifier keyAlg, ASN1OctetString valueHint, DERBitString encValue) { if (encValue == null) { throw new IllegalArgumentException("'encValue' cannot be null"); } this.intendedAlg = intendedAlg; this.symmAlg = symmAlg; this.encSymmKey = encSymmKey; this.keyAlg = keyAlg; this.valueHint = valueHint; this.encValue = encValue; }
private OOBCertHash(ASN1Sequence seq) { int index = seq.size() - 1; hashVal = DERBitString.getInstance(seq.getObjectAt(index--)); for (int i = index; i >= 0; i--) { ASN1TaggedObject tObj = (ASN1TaggedObject)seq.getObjectAt(i); if (tObj.getTagNo() == 0) { hashAlg = AlgorithmIdentifier.getInstance(tObj, true); } else { certId = CertId.getInstance(tObj, true); } } }
private PKIMessage(ASN1Sequence seq) { Enumeration en = seq.getObjects(); header = PKIHeader.getInstance(en.nextElement()); body = PKIBody.getInstance(en.nextElement()); while (en.hasMoreElements()) { ASN1TaggedObject tObj = (ASN1TaggedObject)en.nextElement(); if (tObj.getTagNo() == 0) { protection = DERBitString.getInstance(tObj, true); } else { extraCerts = ASN1Sequence.getInstance(tObj, true); } } }
/** * Creates a new PKIMessage. * * @param header message header * @param body message body * @param protection message protection (may be null) * @param extraCerts extra certificates (may be null) */ public PKIMessage( PKIHeader header, PKIBody body, DERBitString protection, CMPCertificate[] extraCerts) { this.header = header; this.body = body; this.protection = protection; if (extraCerts != null) { ASN1EncodableVector v = new ASN1EncodableVector(); for (int i = 0; i < extraCerts.length; i++) { v.add(extraCerts[i]); } this.extraCerts = new DERSequence(v); } }
private PKIStatusInfo( ASN1Sequence seq) { this.status = ASN1Integer.getInstance(seq.getObjectAt(0)); this.statusString = null; this.failInfo = null; if (seq.size() > 2) { this.statusString = PKIFreeText.getInstance(seq.getObjectAt(1)); this.failInfo = DERBitString.getInstance(seq.getObjectAt(2)); } else if (seq.size() > 1) { Object obj = seq.getObjectAt(1); if (obj instanceof DERBitString) { this.failInfo = DERBitString.getInstance(obj); } else { this.statusString = PKIFreeText.getInstance(obj); } } }
public SignedPublicKeyAndChallenge(byte[] bytes) { spkacSeq = toDERSequence(bytes); pkac = PublicKeyAndChallenge.getInstance(spkacSeq.getObjectAt(0)); signatureAlgorithm = AlgorithmIdentifier.getInstance(spkacSeq.getObjectAt(1)); signature = (DERBitString)spkacSeq.getObjectAt(2); }
public boolean verify(String provider) throws NoSuchAlgorithmException, SignatureException, NoSuchProviderException, InvalidKeyException { Signature sig = null; if (provider == null) { sig = Signature.getInstance(signatureAlgorithm.getAlgorithm().getId()); } else { sig = Signature.getInstance(signatureAlgorithm.getAlgorithm().getId(), provider); } PublicKey pubKey = this.getPublicKey(provider); sig.initVerify(pubKey); try { DERBitString pkBytes = new DERBitString(pkac); sig.update(pkBytes.getBytes()); return sig.verify(signature.getBytes()); } catch (Exception e) { throw new InvalidKeyException("error encoding public key"); } }
private X509CRL generateJcaObject(TBSCertList tbsCrl, byte[] signature) throws CRLException { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(tbsCrl); v.add(sigAlgId); v.add(new DERBitString(signature)); return new X509CRLObject(new CertificateList(new DERSequence(v))); }
private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature) throws CertificateParsingException { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(tbsCert); v.add(sigAlgId); v.add(new DERBitString(signature)); return new X509CertificateObject(Certificate.getInstance(new DERSequence(v))); }
/** * generate an X509 certificate, based on the current issuer and subject, * using the passed in provider for the signing and the supplied source * of randomness, if required. */ public X509AttributeCertificate generate( PrivateKey key, String provider, SecureRandom random) throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException { if (!extGenerator.isEmpty()) { acInfoGen.setExtensions(extGenerator.generate()); } AttributeCertificateInfo acInfo = acInfoGen.generateAttributeCertificateInfo(); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(acInfo); v.add(sigAlgId); try { v.add(new DERBitString(X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, acInfo))); return new X509V2AttributeCertificate(new AttributeCertificate(new DERSequence(v))); } catch (IOException e) { throw new ExtCertificateEncodingException("constructed invalid certificate", e); } }
private static Certificate generateStructure(TBSCertificate tbsCert, AlgorithmIdentifier sigAlgId, byte[] signature) { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(tbsCert); v.add(sigAlgId); v.add(new DERBitString(signature)); return Certificate.getInstance(new DERSequence(v)); }
private DERBitString getPublicKeyDetails(BCECPublicKey pub) { try { SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(pub.getEncoded())); return info.getPublicKeyData(); } catch (IOException e) { // should never happen return null; } }
