byte[] authorityExtensionValue = cert.getExtensionValue(Extension.authorityInfoAccess.getId()); if (authorityExtensionValue != null) Enumeration<?> objects = asn1Seq.getObjects(); while (objects.hasMoreElements()) ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) obj.getObjectAt(0); DERTaggedObject location = (DERTaggedObject) obj.getObjectAt(1); if (oid.equals(X509ObjectIdentifiers.id_ad_ocsp) && location.getTagNo() == GeneralName.uniformResourceIdentifier)
BigInteger nonce = new BigInteger(128, new SecureRandom()); TimeStampRequestGenerator requestGenerator = new TimeStampRequestGenerator(); requestGenerator.setCertReq(true); String requestPolicy = signatureConfig.getTspRequestPolicy(); if (requestPolicy != null) { requestGenerator.setReqPolicy(new ASN1ObjectIdentifier(requestPolicy)); for (X509CertificateHolder certificate : certificates) { if (signerCertIssuer.equals(certificate.getIssuer()) && signerCertSerialNumber.equals(certificate.getSerialNumber())) { signerCert = certificate; X509CertificateHolder holder = new X509CertificateHolder(tspCertificateChain.get(0).getEncoded()); DefaultCMSSignatureAlgorithmNameGenerator nameGen = new DefaultCMSSignatureAlgorithmNameGenerator(); DefaultSignatureAlgorithmIdentifierFinder sigAlgoFinder = new DefaultSignatureAlgorithmIdentifierFinder();
CMSProcessableInputStream(InputStream is) { this(new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId()), is); }
@Test public void getSignedByIssuer_generatesACertificateWithTheRightValues() throws Exception { final X509Certificate generatedCertificate = subject .getSignedByIssuer(generatedCertificateKeyPair, certificateGenerationParameters, certificateAuthorityWithSubjectKeyId, issuerKey.getPrivate()); assertThat(generatedCertificate.getIssuerDN().getName(), containsString("CN=ca DN")); assertThat(generatedCertificate.getIssuerDN().getName(), containsString("O=credhub")); assertThat(generatedCertificate.getSerialNumber(), equalTo(BigInteger.valueOf(1337L))); assertThat(generatedCertificate.getNotBefore().toString(), equalTo(Date.from(now).toString())); assertThat(generatedCertificate.getNotAfter().toString(), equalTo(Date.from(later).toString())); assertThat(generatedCertificate.getSubjectDN().toString(), containsString("CN=my cert name")); assertThat(generatedCertificate.getPublicKey(), equalTo(generatedCertificateKeyPair.getPublic())); assertThat(generatedCertificate.getSigAlgName(), equalTo("SHA256WITHRSA")); generatedCertificate.verify(issuerKey.getPublic()); final byte[] isCaExtension = generatedCertificate.getExtensionValue(Extension.basicConstraints.getId()); assertThat(Arrays.copyOfRange(isCaExtension, 2, isCaExtension.length), equalTo(new BasicConstraints(true).getEncoded())); }
/** * Parses an EC private key as defined in RFC 5915. * <pre> * ECPrivateKey ::= SEQUENCE { * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), * privateKey OCTET STRING, * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, * publicKey [1] BIT STRING OPTIONAL * } * </pre> * * @param seq ASN1 sequence to parse * * @return EC private key */ private ECPrivateKeyParameters parseECPrivateKey(final ASN1Sequence seq) { final ASN1TaggedObject asn1Params = ASN1TaggedObject.getInstance(seq.getObjectAt(2)); final X9ECParameters params; if (asn1Params.getObject() instanceof ASN1ObjectIdentifier) { params = ECUtil.getNamedCurveByOid(ASN1ObjectIdentifier.getInstance(asn1Params.getObject())); } else { params = X9ECParameters.getInstance(asn1Params.getObject()); } return new ECPrivateKeyParameters( new BigInteger(1, ASN1OctetString.getInstance(seq.getObjectAt(1)).getOctets()), new ECDomainParameters(params.getCurve(), params.getG(), params.getN(), params.getH(), params.getSeed())); } }
X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder( serverCertificate, new BigInteger("1"), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + 30L * 365L * 24L * 60L * 60L * 1000L), jcaPKCS10CertificationRequest.getSubject(), jcaPKCS10CertificationRequest.getPublicKey() /*).addExtension( new ASN1ObjectIdentifier("2.5.29.35"), false, new AuthorityKeyIdentifier(keyPair.getPublic().getEncoded())*/ ).addExtension( new ASN1ObjectIdentifier("2.5.29.19"), false, new BasicConstraints(false) // true if it is allowed to sign other certs ).addExtension( new ASN1ObjectIdentifier("2.5.29.15"), true, new X509KeyUsage( X509KeyUsage.digitalSignature | X509KeyUsage.nonRepudiation | X509KeyUsage.keyEncipherment | X509KeyUsage.dataEncipherment));
@Test public void getSelfSigned_generatesACertificateWithTheRightValues() throws Exception { final X509Certificate generatedCertificate = subject.getSelfSigned(generatedCertificateKeyPair, certificateGenerationParameters); assertThat(generatedCertificate.getIssuerDN().getName(), containsString("CN=my cert name")); assertThat(generatedCertificate.getSubjectDN().toString(), containsString("CN=my cert name")); generatedCertificate.verify(generatedCertificateKeyPair.getPublic()); final byte[] authorityKeyIdDer = generatedCertificate.getExtensionValue(Extension.authorityKeyIdentifier.getId()); final AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(parseExtensionValue(authorityKeyIdDer)); final byte[] authorityKeyId = authorityKeyIdentifier.getKeyIdentifier(); expectedSubjectKeyIdentifier = jcaX509ExtensionUtils.createSubjectKeyIdentifier(generatedCertificateKeyPair.getPublic()).getKeyIdentifier(); assertThat(authorityKeyId, equalTo(expectedSubjectKeyIdentifier)); assertThat(generatedCertificate.getSerialNumber(), equalTo(BigInteger.valueOf(1337))); }
protected void engineInit( byte[] params) throws IOException { try { RSASSAPSSparams pssP = RSASSAPSSparams.getInstance(params); if (!pssP.getMaskGenAlgorithm().getAlgorithm().equals(PKCSObjectIdentifiers.id_mgf1)) { throw new IOException("unknown mask generation function: " + pssP.getMaskGenAlgorithm().getAlgorithm()); } currentSpec = new PSSParameterSpec( MessageDigestUtils.getDigestName(pssP.getHashAlgorithm().getAlgorithm()), PSSParameterSpec.DEFAULT.getMGFAlgorithm(), new MGF1ParameterSpec(MessageDigestUtils.getDigestName(AlgorithmIdentifier.getInstance(pssP.getMaskGenAlgorithm().getParameters()).getAlgorithm())), pssP.getSaltLength().intValue(), pssP.getTrailerField().intValue()); } catch (ClassCastException e) { throw new IOException("Not a valid PSS Parameter encoding."); } catch (ArrayIndexOutOfBoundsException e) { throw new IOException("Not a valid PSS Parameter encoding."); } }
@Test public void getSignedByIssuer_withSubjectKeyIdentifier_setsAuthorityKeyIdentifier() throws Exception { when(serialNumberGenerator.generate()) .thenReturn(BigInteger.valueOf(1337)) .thenReturn(BigInteger.valueOf(666)); final X509Certificate generatedCertificate = subject.getSignedByIssuer(generatedCertificateKeyPair, certificateGenerationParameters, certificateAuthorityWithSubjectKeyId, issuerKey.getPrivate()); final byte[] authorityKeyIdDer = generatedCertificate.getExtensionValue(Extension.authorityKeyIdentifier.getId()); final AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(parseExtensionValue(authorityKeyIdDer)); assertThat(authorityKeyIdentifier.getKeyIdentifier(), equalTo(caSubjectKeyIdentifier.getKeyIdentifier())); }
params = new DSTU4145Params(new ASN1ObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName())); EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), ecSpec.getOrder(), BigInteger.valueOf(ecSpec.getCofactor()), ecSpec.getCurve().getSeed()); info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(UAObjectIdentifiers.dstu4145be, params), new DEROctetString(encKey));
throws IOException ASN1Sequence seq = ASN1Sequence.getInstance(info.getPrivateKeyAlgorithm().getParameters()); ASN1Integer derX = ASN1Integer.getInstance(info.parsePrivateKey()); ASN1ObjectIdentifier id = info.getPrivateKeyAlgorithm().getAlgorithm(); this.x = derX.getValue(); if (id.equals(PKCSObjectIdentifiers.dhKeyAgreement)) this.dhSpec = new DHParameterSpec(params.getP(), params.getG(), params.getL().intValue()); else if (id.equals(X9ObjectIdentifiers.dhpublicnumber)) this.dhSpec = new DHParameterSpec(params.getP().getValue(), params.getG().getValue());
@Override protected void parse ( byte[] token ) throws IOException { try ( ASN1InputStream der = new ASN1InputStream(token) ) { ASN1TaggedObject tagged = (ASN1TaggedObject) der.readObject(); ASN1Sequence sequence = ASN1Sequence.getInstance(tagged, true); Enumeration<?> fields = sequence.getObjects(); while ( fields.hasMoreElements() ) { tagged = (ASN1TaggedObject) fields.nextElement(); switch ( tagged.getTagNo() ) { case 0: ASN1Enumerated enumerated = ASN1Enumerated.getInstance(tagged, true); setResult(enumerated.getValue().intValue()); break; case 1: setMechanism(ASN1ObjectIdentifier.getInstance(tagged, true)); break; case 2: ASN1OctetString mechanismToken = ASN1OctetString.getInstance(tagged, true); setMechanismToken(mechanismToken.getOctets()); break; case 3: ASN1OctetString mechanismListMIC = ASN1OctetString.getInstance(tagged, true); setMechanismListMIC(mechanismListMIC.getOctets()); break; default: throw new IOException("Malformed token field."); } } } }
byte[] authorityExtensionValue = certificate.getExtensionValue(Extension.authorityInfoAccess.getId()); if (authorityExtensionValue != null) byte[] crlExtensionValue = certificate.getExtensionValue(Extension.cRLDistributionPoints.getId()); if (crlExtensionValue != null) if (certificate.getIssuerX500Principal().equals(issuer.getSubjectX500Principal()))
String serial = DatatypeConverter.printHexBinary(certificate.getSerialNumber().toByteArray()); byte[] extensionValue = certificate.getExtensionValue(Extension.authorityKeyIdentifier.getId()); ASN1OctetString akiOc = ASN1OctetString.getInstance(extensionValue); String aki = DatatypeConverter.printHexBinary(AuthorityKeyIdentifier.getInstance(akiOc.getOctets()).getKeyIdentifier());
public static TypeOfBiometricData getInstance(Object obj) { if (obj == null || obj instanceof TypeOfBiometricData) { return (TypeOfBiometricData)obj; } if (obj instanceof ASN1Integer) { ASN1Integer predefinedBiometricTypeObj = ASN1Integer.getInstance(obj); int predefinedBiometricType = predefinedBiometricTypeObj.getValue().intValue(); return new TypeOfBiometricData(predefinedBiometricType); } else if (obj instanceof ASN1ObjectIdentifier) { ASN1ObjectIdentifier BiometricDataID = ASN1ObjectIdentifier.getInstance(obj); return new TypeOfBiometricData(BiometricDataID); } throw new IllegalArgumentException("unknown object in getInstance"); }
final org.bouncycastle.asn1.pkcs.EncryptionScheme scheme) final PBES2Algorithm alg = PBES2Algorithm.fromOid(scheme.getAlgorithm().getId()); if (keyLength == 0) { keyLength = alg.getKeySize(); setCipher(alg.getCipherSpec().newInstance()); final ASN1Sequence rc2Params = ASN1Sequence.getInstance(scheme.getParameters()); if (rc2Params.size() > 1) { cipherParameters = new RC2Parameters( ((KeyParameter) cipherParameters).getKey(), ASN1Integer.getInstance(rc2Params.getObjectAt(0)).getValue().intValue()); iv = ASN1OctetString.getInstance(rc2Params.getObjectAt(0)).getOctets(); final ASN1Sequence rc5Params = ASN1Sequence.getInstance(scheme.getParameters()); final int rounds = ASN1Integer.getInstance(rc5Params.getObjectAt(1)).getValue().intValue(); final int blockSize = ASN1Integer.getInstance(rc5Params.getObjectAt(2)).getValue().intValue(); if (blockSize == 32) { setCipher(new PaddedBufferedBlockCipher(new CBCBlockCipher(new RC532Engine()), new PKCS7Padding())); if (rc5Params.size() > 3) { iv = ASN1OctetString.getInstance(rc5Params.getObjectAt(3)).getOctets();
try derY = (ASN1Integer)info.parsePublicKey(); this.y = derY.getValue(); ASN1Sequence seq = ASN1Sequence.getInstance(info.getAlgorithm().getParameters()); ASN1ObjectIdentifier id = info.getAlgorithm().getAlgorithm(); if (id.equals(PKCSObjectIdentifiers.dhKeyAgreement) || isPKCSParam(seq)) this.dhSpec = new DHParameterSpec(params.getP(), params.getG(), params.getL().intValue()); else if (id.equals(X9ObjectIdentifiers.dhpublicnumber)) new DHValidationParameters(validationParams.getSeed(), validationParams.getPgenCounter().intValue())));
try derY = (ASN1Integer)info.parsePublicKey(); this.y = derY.getValue(); ASN1Sequence seq = ASN1Sequence.getInstance(info.getAlgorithmId().getParameters()); ASN1ObjectIdentifier id = info.getAlgorithmId().getAlgorithm(); if (id.equals(PKCSObjectIdentifiers.dhKeyAgreement) || isPKCSParam(seq)) this.dhSpec = new DHParameterSpec(params.getP(), params.getG(), params.getL().intValue()); else if (id.equals(X9ObjectIdentifiers.dhpublicnumber)) this.dhSpec = new DHParameterSpec(params.getP().getValue(), params.getG().getValue());
Args.notNull(crl, "crl"); byte[] encodedExtnValue = crl.getExtensionValue(Extension.cRLNumber.getId()); Long crlNumber = null; if (encodedExtnValue != null) { byte[] extnValue = DEROctetString.getInstance(encodedExtnValue).getOctets(); crlNumber = ASN1Integer.getInstance(extnValue).getPositiveValue().longValue(); encodedExtnValue = crl.getExtensionValue(Extension.deltaCRLIndicator.getId()); Long baseCrlNumber = null; if (encodedExtnValue != null) { byte[] extnValue = DEROctetString.getInstance(encodedExtnValue).getOctets(); baseCrlNumber = ASN1Integer.getInstance(extnValue).getPositiveValue().longValue();
ASN1Primitive tmp = seq.getObjectAt(index++).toASN1Primitive(); version = (ASN1Integer)tmp; if (this.version.getValue().intValue() != 0) tmp = seq.getObjectAt(index++).toASN1Primitive(); if (tmp instanceof ASN1TaggedObject) tmp = seq.getObjectAt(index++).toASN1Primitive(); if (!authEncryptedContentInfo.getContentType().equals(CMSObjectIdentifiers.data)) mac = ASN1OctetString.getInstance(tmp); if (seq.size() > index)