public byte[] buildCmsBody(String signedHashId, X509Certificate certContent, byte[] content, String hashId, int version) throws CertificateEncodingException, IOException { final DEREncodableVector whole = new DEREncodableVector(); whole.add(new DERObjectIdentifier(CMS_SIGNED_ID)); final DEREncodableVector body = new DEREncodableVector(); // ----- versao ------- // final int version = 1; body.add(new DERInteger(version)); buildDigestAlg(body, hashId); // buildContentInfo(body, content); buildCerts(body, certContent); buildSignerInfo(body, signedHashId, certContent, hashId); whole.add(new DERTaggedObject(0, new DERSequence(body))); return genOutput(new DERSequence(whole)); }
public byte[] buildCmsBody(byte[] signedHashId, X509Certificate certContent, List<X509Certificate> chain, int hashId, int version, int attachSize) throws Exception { final DEREncodableVector whole = new DEREncodableVector(); // 0 SEQ whole.add(new DERObjectIdentifier(CMS_SIGNED_ID)); // 1 SEQ final DEREncodableVector body = new DEREncodableVector(); // ----- versao ------- // final int version = 1; body.add(new DERInteger(version)); // 3 INT buildDigestAlg(body, getHashAlg(hashId)); // 3 SET buildContentInfo(body, attachSize); // 3 SEQ buildCerts(body, chain); // 3 CS buildSignerInfo(body, signedHashId, certContent, hashId); // 3 SET whole.add(new DERTaggedObject(0, new DERSequence( // 2 SEQ body))); // 1 CS return genOutput(new DERSequence(whole)); }
private void buildSignerInfo(DEREncodableVector body, byte[] signedHashContent, X509Certificate certContent, int hashId) throws Exception { // ----- Signers Info -------- final DEREncodableVector vec = new DEREncodableVector(); final DEREncodableVector signerinfoVector = new DEREncodableVector(); signerinfoVector.add(new DERInteger(SI_VERSION)); signerinfoVector.add(siAddCert(certContent)); signerinfoVector.add(siAddDigestAlgorithm(getHashAlg(hashId))); signerinfoVector .add(siAddDigestEncryptionAlgorithm(getHashSignAlg(hashId))); // Add the digest signerinfoVector.add(new DEROctetString(signedHashContent)); final DERSequence siSeq = new DERSequence(signerinfoVector); vec.add(siSeq); DERSet siSet = new DERSet(vec); body.add(siSet); }
private void buildSignerInfo(DEREncodableVector body, String signedHashContent, X509Certificate certContent, String hashId) throws CertificateEncodingException { // ----- Signers Info -------- final DEREncodableVector vec = new DEREncodableVector(); final DEREncodableVector signerinfoVector = new DEREncodableVector(); signerinfoVector.add(new DERInteger(SI_VERSION)); // 5 INT signerinfoVector.add(siAddCert(certContent)); signerinfoVector.add(siAddDigestAlgorithm(hashId)); signerinfoVector.add(siAddDigestEncryptionAlgorithm(ID_SHA1_RSA)); // 6 // OCT // STR // Add the digest signerinfoVector.add(new DEROctetString( getDerSignedDigest(signedHashContent))); final DERSequence siSeq = new DERSequence(signerinfoVector); // 4 SEQ vec.add(siSeq); DERSet siSet = new DERSet(vec); // 3 SET body.add(siSet); }
private void buildContentInfo(final DEREncodableVector body, int size) { // ------ Content Info DEREncodableVector contentInfoVector = new DEREncodableVector(); contentInfoVector.add(new DERObjectIdentifier(ID_PKCS7_DATA)); // 4 OID if (size != DETACHED) { byte[] content = new byte[size]; for (int i = 0; i < size; i++) { content[i] = (byte) 0xba; } contentInfoVector.add(new DERTaggedObject(0, new DEROctetString( content))); } // CONTENT INFO final DERSequence contentinfo = new DERSequence(contentInfoVector); // 3 // SEQ body.add(contentinfo); }
private void buildDigestAlg(final DEREncodableVector body, List<String> listHashId) { // ---------- algoritmos de digest final DEREncodableVector algos = new DEREncodableVector(); for (String next : listHashId) { algos.add(new DERObjectIdentifier(next)); // 4 OID algos.add(new DERNull()); // 4 NULL } final DEREncodableVector algoSet = new DEREncodableVector(); algoSet.add(new DERSequence(algos)); final DERSet digestAlgorithms = new DERSet(algoSet); // 2 // SET body.add(digestAlgorithms); }
public byte[] buildADRBBody(List<AppSignedInfoEx> listAsiEx, SignPolicy signPol, List<X509Certificate> chain, int version, boolean signingCertFallback, int attachSize) throws Exception { // AppSignedInfoEx asiEx = listAsiEx.get(0); final DEREncodableVector whole = new DEREncodableVector(); // 0 SEQ whole.add(new DERObjectIdentifier(CMS_SIGNED_ID)); // 1 SEQ final DEREncodableVector body = new DEREncodableVector(); // ----- versao ------- // final int version = 1; body.add(new DERInteger(version)); // 3 INT List<String> listHashId = createHashList(listAsiEx); buildDigestAlg(body, listHashId); // 3 SET buildContentInfo(body, attachSize); // 3 SEQ if (chain != null) { buildCerts(body, chain); // 3 CS } else { buildCertsASIE(body, listAsiEx); // 3 CS } // buildADRBSignerInfo(body, asiEx.getSignedHash(), asiEx.getX509(), // asiEx.getOrigHash(), signPol.getPolicyHash(), // asiEx.getCertHash(), asiEx.getSigningTime(), // asiEx.getIdSha(), signPol.getPolicyUri(), // signPol.getPolicyId(), // signingCertFallback); // 3 SET buildADRBSignerInfo(body, listAsiEx, signPol, signingCertFallback); // 3 // SET whole.add(new DERTaggedObject(0, new DERSequence( // 2 SEQ body))); // 1 CS return genOutput(new DERSequence(whole)); }
private void buildADRBSignerInfo(DEREncodableVector body, List<AppSignedInfoEx> listAsiEx, SignPolicy signPol, boolean signingCertFallback) throws Exception { final DEREncodableVector vec = new DEREncodableVector(); // DERSequence siSeq = null; // ----- Signers Info -------- for (AppSignedInfoEx next : listAsiEx) { final DEREncodableVector signerinfoVector = new DEREncodableVector(); String hashId = getHashAlg(next.getIdSha()); String hashSignId = getHashSignAlg(next.getIdSha()); signerinfoVector.add(new DERInteger(SI_VERSION)); signerinfoVector.add(siAddCert(next.getX509())); signerinfoVector.add(siAddDigestAlgorithm(hashId)); // der encoded structure DERTaggedObject derEncStruct = adrbSiCreateDerEncSigned( next.getOrigHash(), signPol.getPolicyHash(), next.getCertHash(), next.getX509(), next.getSigningTime(), next.getIdSha(), signPol.getPolicyUri(), signPol.getPolicyId(), signingCertFallback); signerinfoVector.add(derEncStruct); signerinfoVector.add(siAddDigestEncryptionAlgorithm(hashSignId)); // Add the digest signerinfoVector.add(new DEROctetString(next.getSignedHash())); final DERSequence siSeq = new DERSequence(signerinfoVector); vec.add(siSeq); } // ----- Signers Info -------- DERSet siSet = new DERSet(vec); body.add(siSet); }
private Attribute createContentType() { // // final DEREncodableVector desSeq = new DEREncodableVector(); // // desSeq.add(new DERObjectIdentifier(ID_CONTENT_TYPE)); final DEREncodableVector setEV = new DEREncodableVector(); setEV.add(new DERObjectIdentifier(ID_PKCS7_DATA)); DERSet set = new DERSet(setEV); // // desSeq.add(set); // // DERSequence seq = new DERSequence(desSeq); Attribute seq1 = new Attribute( new DERObjectIdentifier(ID_CONTENT_TYPE), set); return seq1; }
private Attribute createMessageDigest(byte[] origHash) { final DEREncodableVector setEV = new DEREncodableVector(); setEV.add(new DEROctetString(origHash)); DERSet set = new DERSet(setEV); Attribute seq1 = new Attribute(new DERObjectIdentifier( ID_MESSAGE_DIGEST), set); return seq1; }
private Attribute createSigningTime(Date now) { final DEREncodableVector setEV = new DEREncodableVector(); setEV.add(new DERUTCTime(now)); DERSet set = new DERSet(setEV); Attribute seq1 = new Attribute( new DERObjectIdentifier(ID_SIGNING_TIME), set); return seq1; }
private DERSequence siAddDigestEncryptionAlgorithm(String hashId) { // Nota 3: Em aten��o � RFC 3370 (Cryptographic Message Syntax (CMS) // Algorithms), item // "2.1 SHA-1"; e RFC 5754 (Using SHA2 Algorithms with Cryptographic // Message Syntax), // item "2 - Message Digest Algorithms", recomenda-se a aus�ncia do // campo "parameters" na // estrutura "AlgorithmIdentifier", usada na indica��o do algoritmo de // hash, presentes nas // estruturas ASN.1 "SignedData.digestAlgorithms", // "SignerInfo.digestAlgorithm" e // "SignaturePolicyId.sigPolicyHash.hashAlgorithm". // AlgorithmIdentifier ::= SEQUENCE { // algorithm OBJECT IDENTIFIER, // parameters ANY DEFINED BY algorithm OPTIONAL } // Os processos para cria��o e verifica��o de assinaturas segundo esta // PA devem utilizar o // algoritmo : // a) para a vers�o 1.0: sha1withRSAEncryption(1 2 840 113549 1 1 5), // b) para a vers�o 1.1: sha1withRSAEncryption(1 2 840 113549 1 1 5) ou // sha256WithRSAEncryption(1.2.840.113549.1.1.11) // c) para as vers�es 2.0 e 2.1: // sha256WithRSAEncryption(1.2.840.113549.1.1.11). DEREncodableVector digestEncVetor = new DEREncodableVector(); digestEncVetor.add(new DERObjectIdentifier(hashId)); // VER NOTA // digestEncVetor.add(new DERNull()); return new DERSequence(digestEncVetor); }
private DERSequence siAddDigestAlgorithm(String hashId) { // Add the digestEncAlgorithm DEREncodableVector digestVetor = new DEREncodableVector(); digestVetor.add(new DERObjectIdentifier(hashId)); // 6 OID digestVetor.add(new DERNull()); // 6 NULL return new DERSequence(digestVetor); // 5 SEQ }
private DERSequence siAddCert(X509Certificate certContent) throws CertificateEncodingException { DEREncodableVector certVetor = new DEREncodableVector(); certVetor.add(getEncodedIssuer(certContent.getTBSCertificate())); // 6 // ISSUER certVetor.add(new DERInteger(certContent.getSerialNumber())); // 6 INT - // SERIAL return (new DERSequence(certVetor)); // 5 SEQ }
private void buildCertsASIE(DEREncodableVector body, List<AppSignedInfoEx> listAsiEx) throws CertificateEncodingException, IOException { List<X509Certificate> chain = new ArrayList<X509Certificate>(); for (AppSignedInfoEx next : listAsiEx) { chain.add(next.getX509()); } buildCerts(body, chain); }
private void buildCerts(DEREncodableVector body, List<X509Certificate> chain) throws IOException, CertificateEncodingException { // -------- Certificados DEREncodableVector certVector = new DEREncodableVector(); for (X509Certificate next : chain) { ASN1InputStream tempstream = new ASN1InputStream( new ByteArrayInputStream(next.getEncoded())); certVector.add(tempstream.readObject()); // 5 CERT (SEQ) } final DERSet dercertificates = new DERSet(certVector); // 4 SET body.add(new DERTaggedObject(false, 0, dercertificates)); // 3 CS }
private void buildCerts(DEREncodableVector body, X509Certificate certContent) throws IOException, CertificateEncodingException { // -------- Certificados DEREncodableVector certVector = new DEREncodableVector(); ASN1InputStream tempstream = new ASN1InputStream( new ByteArrayInputStream(certContent.getEncoded())); certVector.add(tempstream.readObject()); // 5 CERT (SEQ) final DERSet dercertificates = new DERSet(certVector); // 4 SET body.add(new DERTaggedObject(false, 0, dercertificates)); // 3 CS }
private void buildDigestAlg(final DEREncodableVector body, String hashId) { // ---------- algoritmos de digest final DEREncodableVector algos = new DEREncodableVector(); algos.add(new DERObjectIdentifier(hashId)); // 4 OID algos.add(new DERNull()); // 4 NULL final DEREncodableVector algoSet = new DEREncodableVector(); algoSet.add(new DERSequence(algos)); final DERSet digestAlgorithms = new DERSet(algoSet); // 2 // SET body.add(digestAlgorithms); }
/** * Appends the specified name component * entry to the current name. * This can be used to add handle multiple * AVAs in one name component. * * @param entry the name component to add. */ public void add(ASN1Set entry) { DEREncodableVector v = new DEREncodableVector(); int size = seq.size(); for (int i=0;i<size;i++) { v.add(seq.getObjectAt(i)); } v.add(entry); seq = new DERSequence(v); }
/** * Returns the DER-encoded ASN.1 representation of the * extension. * * @return <code>DERObject</code> the encoded representation * of the extension. */ public DERObject getDERObject() { DEREncodableVector vec = new DEREncodableVector(); if (this.pathLenConstraint != null) { vec.add(this.pathLenConstraint); } vec.add(this.proxyPolicy.getDERObject()); return new DERSequence(vec); }
/** * Returns the DER-encoded ASN.1 representation of proxy * policy. * * @return <code>DERObject</code> the encoded representation * of the proxy policy. */ public DERObject getDERObject() { DEREncodableVector vec = new DEREncodableVector(); vec.add(this.policyLanguage); if (this.policy != null) { vec.add(this.policy); } return new DERSequence(vec); }
private DERSequence siCreateDerEncSeqADRB(byte[] origHash, byte[] polHash, byte[] certHash, X509Certificate cert, Date now, int hashNdx, String sigPolicyUri, String sigPolicyId, boolean signingCertFallback) throws Exception { String hashId = getHashAlg(hashNdx); final DEREncodableVector desSeq = new DEREncodableVector(); // As assinaturas feitas segundo esta PA definem como obrigat�rios as // seguintes atributos // assinados: // a) id-contentType; // b) id-messageDigest; // c.1) Para as vers�es 1.0, 1.1 e 2.0, id-aa-signingCertificate; // c.2) A partir da vers�o 2.1, inclusive, id-aa-signingCertificateV2; // d) id-aa-ets-sigPolicyId. // OPTIONAL // private static final String ID_SIGNING_TIME = "1.2.840.113549.1.9.5"; if (now != null) { Attribute seq3 = createSigningTime(now); desSeq.add(seq3); } // D // private static final String ID_SIG_POLICY = // "1.2.840.113549.1.9.16.2.15"; if (polHash != null && sigPolicyUri != null && sigPolicyId != null) { Attribute seq2 = createPolicyId(polHash, hashId, sigPolicyUri, sigPolicyId); desSeq.add(seq2); } // C // private static final String ID_SIGNING_CERT2 = // "1.2.840.113549.1.9.16.2.47"; if (certHash != null && cert != null) { Attribute seq1 = createCertRef(certHash, cert, signingCertFallback, hashNdx); desSeq.add(seq1); } // B // private static final String ID_MESSAGE_DIGEST = // "1.2.840.113549.1.9.4"; if (origHash != null) { Attribute seq4 = createMessageDigest(origHash); desSeq.add(seq4); } // A // private static final String ID_CONTENT_TYPE = "1.2.840.113549.1.9.3"; Attribute seq5 = createContentType(); desSeq.add(seq5); DERSequence seq00 = new DERSequence(desSeq); return seq00; }
private Attribute createPolicyId(byte[] polHash, String polHashAlg, String sigPolicyUri, String sigPolicyId) { final DEREncodableVector desSeq12 = new DEREncodableVector(); desSeq12.add(new DERObjectIdentifier(polHashAlg)); DERSequence seq12 = new DERSequence(desSeq12); final DEREncodableVector desSeq1 = new DEREncodableVector(); desSeq1.add(seq12); desSeq1.add(new DEROctetString(polHash)); DERSequence seq1 = new DERSequence(desSeq1); // // end seq 1 // IGUALAR AO ITAU final DEREncodableVector desSeq22 = new DEREncodableVector(); desSeq22.add(new DERObjectIdentifier(ID_SIG_POLICY_URI)); desSeq22.add(new DERIA5String(sigPolicyUri)); DERSequence seq22 = new DERSequence(desSeq22); final DEREncodableVector desSeq2 = new DEREncodableVector(); desSeq2.add(seq22); DERSequence seq2 = new DERSequence(desSeq2); final DEREncodableVector aevDSet1 = new DEREncodableVector(); final DEREncodableVector aevDSeq1 = new DEREncodableVector(); aevDSeq1.add(new DERObjectIdentifier(sigPolicyId)); aevDSeq1.add(seq1); aevDSeq1.add(seq2); DERSequence dsq1 = new DERSequence(aevDSeq1); aevDSet1.add(dsq1); DERSet ds1 = new DERSet(aevDSet1); Attribute ret = new Attribute(new DERObjectIdentifier(ID_SIG_POLICY), ds1); return ret; }
/** * Creates a typical Certification Authority (CA) certificate. * @param keyPair * @throws SecurityException * @throws InvalidKeyException * @throws NoSuchProviderException * @throws NoSuchAlgorithmException * @throws CertificateException */ @SuppressWarnings("deprecation") public static X509Certificate createTypicalMasterCert(final KeyPair keyPair) throws SignatureException, InvalidKeyException, SecurityException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException { X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); X509Principal issuer=new X509Principal("O=CyberVillians.com,OU=CyberVillians Certification Authority,C=US"); // Create v3CertGen.setSerialNumber(BigInteger.valueOf(1)); v3CertGen.setIssuerDN(issuer); v3CertGen.setSubjectDN(issuer); //Set validity period v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 12 /* months */ *(1000L * 60 * 60 * 24 * 30))); v3CertGen.setNotAfter (new Date(System.currentTimeMillis() + 240 /* months */ *(1000L * 60 * 60 * 24 * 30))); //Set signature algorithm & public key v3CertGen.setPublicKey(keyPair.getPublic()); v3CertGen.setSignatureAlgorithm(CertificateCreator.SIGN_ALGO); // Add typical extensions for signing cert v3CertGen.addExtension( X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.getPublic())); v3CertGen.addExtension( X509Extensions.BasicConstraints, true, new BasicConstraints(0)); v3CertGen.addExtension( X509Extensions.KeyUsage, false, new KeyUsage(KeyUsage.cRLSign | KeyUsage.keyCertSign) ); DEREncodableVector typicalCAExtendedKeyUsages = new DEREncodableVector(); typicalCAExtendedKeyUsages.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.serverAuth)); typicalCAExtendedKeyUsages.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.OCSPSigning)); typicalCAExtendedKeyUsages.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.verisignUnknown)); v3CertGen.addExtension( X509Extensions.ExtendedKeyUsage, false, new DERSequence(typicalCAExtendedKeyUsages)); X509Certificate cert = v3CertGen.generate(keyPair.getPrivate(), "BC"); cert.checkValidity(new Date()); cert.verify(keyPair.getPublic()); return cert; }
public VOMSAttributeCertificate( String holderString , int holderSerialNumber , String issuerString , int productionSerial , long fromEpoch , long toEpoch , String[] fqans ) throws Exception { try { DEREncodableVector infoVector = new ASN1EncodableVector() ; this.setVersion() ; this.setHolder( holderString , holderSerialNumber ) ; this.setIssuer( issuerString ) ; this.setAlgorithmIdentifier() ; this.setSerialNumber( productionSerial ) ; this.setTimes( new Date ( fromEpoch ) , new Date( toEpoch ) ) ; this.setVOMSFQANs( fqans ) ; this.setExtensions() ; infoVector.add( version ) ; infoVector.add( holder ) ; infoVector.add( issuer ) ; infoVector.add( signature ) ; infoVector.add( serialNumber ) ; infoVector.add( attrCertValidityPeriod ) ; infoVector.add( attributes ) ; infoVector.add( extensions ) ; ASN1Sequence infoSequence = ASN1Sequence.getInstance( new DERSequence( infoVector ) ) ; this.acinfo = new AttributeCertificateInfo( infoSequence ) ; // Do it this way to match Vincenzo as much as possible // - rather than this way... this.signatureAlgorithm = new AlgorithmIdentifier( "1.2.840.113549.1.1.4" ) ; this.signatureAlgorithm = new AlgorithmIdentifier( new DERObjectIdentifier( "1.2.840.113549.1.1.4" ) , (DEREncodable)null ) ; this.signatureValue = new DERBitString( this.sign() ) ; this.ac = new AttributeCertificate( acinfo , signatureAlgorithm , signatureValue ) ; } catch( Exception e ) { // inspect?: throw e ; } }
public void setVOMSFQANs( String[] fqans ) throws Exception { try { //-------------------------------------------------------------------------- // put the FQANs into the SEQUENCE DEREncodableVector fqanVector = new ASN1EncodableVector() ; for( int f = 0 ; f < fqans.length ; f ++ ) { DERGeneralString fqan = new DERGeneralString( fqans[f] ) ; ASN1OctetString fqanOctetString = ASN1OctetString.getInstance( new DEROctetString( fqan.getOctets() ) ) ; fqanVector.add( fqanOctetString ) ; } ASN1Sequence fqanSequence = ASN1Sequence.getInstance( new DERSequence( fqanVector ) ) ; //-------------------------------------------------------------------------- // put something into the undocumented TaggedObject DERGeneralString origin = new DERGeneralString( "gridportal://newvoms:15000" ) ; ASN1OctetString originOctetString = ASN1OctetString.getInstance( new DEROctetString( origin.getOctets() ) ) ; /* ASN1TaggedObject taggedObject2 = ASN1TaggedObject.getInstance( new DERTaggedObject( 6 , originOctetString ) , true ) ; ASN1TaggedObject taggedObject = ASN1TaggedObject.getInstance( new DERTaggedObject( 0 , taggedObject2 ) , true ) ; DEROctetString originOctetString = new DEROctetString( origin.getOctets() ) ; */ DERTaggedObject taggedObject2 = new DERTaggedObject( 6 , originOctetString ) ; DERTaggedObject taggedObject = new DERTaggedObject( 0 , taggedObject2 ) ; //-------------------------------------------------------------------------- // put the taggedObject and then the fqanSequence into sequence2 DEREncodableVector sequence2Vector = new ASN1EncodableVector() ; sequence2Vector.add( taggedObject ) ; sequence2Vector.add( fqanSequence ) ; ASN1Sequence sequence2 = ASN1Sequence.getInstance( new DERSequence( sequence2Vector ) ) ; //-------------------------------------------------------------------------- // the SET has one member - sequence2 ASN1Set set = ASN1Set.getInstance( new DERSet( sequence2 ) ) ; //-------------------------------------------------------------------------- // SEQUENCE sequence has an OID and the set DERObjectIdentifier voms4oid = new DERObjectIdentifier( "1.3.6.1.4.1.8005.100.100.4" ) ; DEREncodableVector sequenceVector = new ASN1EncodableVector() ; sequenceVector.add( voms4oid ) ; sequenceVector.add( set ) ; ASN1Sequence sequence = ASN1Sequence.getInstance( new DERSequence( sequenceVector ) ) ; //-------------------------------------------------------------------------- this.attributes = ASN1Sequence.getInstance( new DERSequence( sequence ) ) ; } catch( Exception e ) { throw e ; } }
/** * Appends the specified OID and value pair * name component to the end of the current * name. * * @param oid the name component oid, e.g. * {@link X509Name#CN X509Name.CN} * @param value the value (e.g. "proxy") * */ public void add(DERObjectIdentifier oid, String value) { DEREncodableVector v = new DEREncodableVector(); v.add(oid); v.add(new DERPrintableString(value)); add(new DERSet(new DERSequence(v))); }
