BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis()); Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, new DEROctetString(nonce.toByteArray())); requestGenerator.setRequestExtensions(new Extensions(new Extension[]{ext})); final BigInteger responseSerialNumber = responseCertificateId.getSerialNumber(); if (responseSerialNumber.equals(subjectSerialNumber)) { Object certStatus = singleResponse.getCertStatus();
if (oid.equals(X509ObjectIdentifiers.id_ad_ocsp) && location.getTagNo() == GeneralName.uniformResourceIdentifier) DEROctetString url = (DEROctetString) location.getObject(); certInfo.setOcspUrl(new String(url.getOctets())); else if (oid.equals(X509ObjectIdentifiers.id_ad_caIssuers)) DEROctetString uri = (DEROctetString) location.getObject(); certInfo.setIssuerUrl(new String(uri.getOctets()));
private XMSSMTPublicKey(ASN1Sequence seq) { if (!ASN1Integer.getInstance(seq.getObjectAt(0)).getValue().equals(BigInteger.valueOf(0))) { throw new IllegalArgumentException("unknown version of sequence"); } this.publicSeed = Arrays.clone(DEROctetString.getInstance(seq.getObjectAt(1)).getOctets()); this.root = Arrays.clone(DEROctetString.getInstance(seq.getObjectAt(2)).getOctets()); }
private OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws CertificateEncodingException, OperatorCreationException, OCSPException, IOException { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); OCSPReqBuilder gen = new OCSPReqBuilder(); gen.addRequest(new JcaCertificateID(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build().get(CertificateID.HASH_SHA1), issuerCert, serialNumber)); BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis()); Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, new DEROctetString(nonce.toByteArray())); gen.setRequestExtensions(new Extensions(new Extension[]{ext})); sentNonce = ext.getExtnId().getEncoded(); return gen.build(); }
public ECDSAPublicKey(ASN1ObjectIdentifier usage, BigInteger p, BigInteger a, BigInteger b, byte[] basePoint, BigInteger order, byte[] publicPoint, int cofactor) { this.usage = usage; setPrimeModulusP(p); setFirstCoefA(a); setSecondCoefB(b); setBasePointG(new DEROctetString(basePoint)); setOrderOfBasePointR(order); setPublicPointY(new DEROctetString(publicPoint)); setCofactorF(BigInteger.valueOf(cofactor)); }
public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DEROctetString(encryptedKey)); if (maskKey != null) { v.add(new DERTaggedObject(false, 0, new DEROctetString(encryptedKey))); } v.add(new DEROctetString(macKey)); return new DERSequence(v); } }
params = new DSTU4145Params(new ASN1ObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName())); EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), ecSpec.getOrder(), BigInteger.valueOf(ecSpec.getCofactor()), ecSpec.getCurve().getSeed()); info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(UAObjectIdentifiers.dstu4145be, params), new DEROctetString(encKey));
protected byte[] engineSign() throws SignatureException { byte[] hash = new byte[digest.getDigestSize()]; digest.doFinal(hash, 0); try { BigInteger[] sig = signer.generateSignature(hash); byte[] r = sig[0].toByteArray(); byte[] s = sig[1].toByteArray(); byte[] sigBytes = new byte[(r.length > s.length ? r.length * 2 : s.length * 2)]; System.arraycopy(s, 0, sigBytes, (sigBytes.length / 2) - s.length, s.length); System.arraycopy(r, 0, sigBytes, sigBytes.length - r.length, r.length); return new DEROctetString(sigBytes).getEncoded(); } catch (Exception e) { throw new SignatureException(e.toString()); } }
private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0) throws IOException, CertificateEncodingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException { TBSCertificate certificate; try (ASN1InputStream input = new ASN1InputStream(x509certificate.getTBSCertificate())) { certificate = TBSCertificate.getInstance(input.readObject()); } AlgorithmIdentifier algorithmId = certificate.getSubjectPublicKeyInfo().getAlgorithm(); IssuerAndSerialNumber serial = new IssuerAndSerialNumber( certificate.getIssuer(), certificate.getSerialNumber().getValue()); Cipher cipher; try { cipher = Cipher.getInstance(algorithmId.getAlgorithm().getId(), SecurityProvider.getProvider()); } catch (NoSuchAlgorithmException | NoSuchPaddingException e) { // should never happen, if this happens throw IOException instead throw new RuntimeException("Could not find a suitable javax.crypto provider", e); } cipher.init(1, x509certificate.getPublicKey()); DEROctetString octets = new DEROctetString(cipher.doFinal(abyte0)); RecipientIdentifier recipientId = new RecipientIdentifier(serial); return new KeyTransRecipientInfo(recipientId, algorithmId, octets); }
/** * 将SEC1标准的私钥字节流恢复为PKCS8标准的字节流 * * @param sec1Key * @return * @throws IOException */ public static byte[] convertECPrivateKeySEC1ToPKCS8(byte[] sec1Key) throws IOException { /** * 参考org.bouncycastle.asn1.pkcs.PrivateKeyInfo和 * org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey,逆向拼装 */ X962Parameters params = getDomainParametersFromName(SM2Util.JDK_EC_SPEC, false); ASN1OctetString privKey = new DEROctetString(sec1Key); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new ASN1Integer(0)); //版本号 v.add(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params)); //算法标识 v.add(privKey); DERSequence ds = new DERSequence(v); return ds.getEncoded(ASN1Encoding.DER); }
SignaturePolicyIdentifier toSignaturePolicyIdentifier() { String algId = DigestAlgorithms.getAllowedDigest(this.policyDigestAlgorithm); if (algId == null || algId.length() == 0) { throw new IllegalArgumentException("Invalid policy hash algorithm"); } SignaturePolicyIdentifier signaturePolicyIdentifier = null; SigPolicyQualifierInfo spqi = null; if (this.policyUri != null && this.policyUri.length() > 0) { spqi = new SigPolicyQualifierInfo(PKCSObjectIdentifiers.id_spq_ets_uri, new DERIA5String(this.policyUri)); } signaturePolicyIdentifier = new SignaturePolicyIdentifier(new SignaturePolicyId(DERObjectIdentifier.getInstance(new DERObjectIdentifier(this.policyIdentifier.replace("urn:oid:", ""))), new OtherHashAlgAndValue(new AlgorithmIdentifier(new ASN1ObjectIdentifier(algId)), new DEROctetString(this.policyHash)), SignUtils.createSigPolicyQualifiers(spqi))); return signaturePolicyIdentifier; } }
/** * output the ASN1 object of the proxy policy. * * @see org.bouncycastle.asn1.ASN1Object#toASN1Object() */ @Override public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new ASN1ObjectIdentifier(oid)); if (policy != null) v.add(DEROctetString.getInstance(policy)); return new DERSequence(v); }
private ASN1Primitive createDERForRecipient(byte[] in, X509Certificate cert) throws IOException, GeneralSecurityException String algorithm = PKCSObjectIdentifiers.RC2_CBC.getId(); AlgorithmParameterGenerator apg; KeyGenerator keygen; DERSet set = new DERSet(new RecipientInfo(recipientInfo)); AlgorithmIdentifier algorithmId = new AlgorithmIdentifier(new ASN1ObjectIdentifier(algorithm), object); EncryptedContentInfo encryptedInfo = new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmId, new DEROctetString(bytes)); EnvelopedData enveloped = new EnvelopedData(null, set, encryptedInfo, (ASN1Set) null);
private byte[] wrapInOctetString(byte[] extensionValue) throws IOException { return new DEROctetString(extensionValue).getEncoded(ASN1Encoding.DER); }
private void addSignaturePolicyId(final SignatureParameters parameters, final ASN1EncodableVector signedAttributes) { Policy policy = parameters.bLevel().getSignaturePolicy(); if (policy != null && policy.getId() != null) { final String policyId = policy.getId(); SignaturePolicyIdentifier sigPolicy = null; if (!"".equals(policyId)) { // explicit final ASN1ObjectIdentifier derOIPolicyId = new ASN1ObjectIdentifier(policyId); final ASN1ObjectIdentifier oid = policy.getDigestAlgorithm().getOid(); final AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(oid); OtherHashAlgAndValue otherHashAlgAndValue = new OtherHashAlgAndValue(algorithmIdentifier, new DEROctetString(policy.getDigestValue())); sigPolicy = new SignaturePolicyIdentifier(new SignaturePolicyId(derOIPolicyId, otherHashAlgAndValue)); } else {// implicit sigPolicy = new SignaturePolicyIdentifier(); } final DERSet attrValues = new DERSet(sigPolicy); final Attribute attribute = new Attribute(id_aa_ets_sigPolicyId, attrValues); signedAttributes.add(attribute); } }
private KeyTransRecipientInfo computeRecipientInfo(final X509Certificate x509certificate, final byte[] abyte0) throws GeneralSecurityException, IOException { final ASN1InputStream asn1inputstream = new ASN1InputStream(new ByteArrayInputStream(x509certificate.getTBSCertificate())); final TBSCertificateStructure tbscertificatestructure = TBSCertificateStructure.getInstance(asn1inputstream.readObject()); final AlgorithmIdentifier algorithmidentifier = tbscertificatestructure.getSubjectPublicKeyInfo().getAlgorithmId(); final IssuerAndSerialNumber issuerandserialnumber = new IssuerAndSerialNumber( tbscertificatestructure.getIssuer(), tbscertificatestructure.getSerialNumber().getValue()); final Cipher cipher = Cipher.getInstance(algorithmidentifier.getObjectId().getId()); cipher.init(1, x509certificate); final DEROctetString deroctetstring = new DEROctetString(cipher.doFinal(abyte0)); final RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber); return new KeyTransRecipientInfo( recipId, algorithmidentifier, deroctetstring); } }
@Override public ASN1Primitive toASN1Primitive() { DERTaggedObject parametersEncodable = parameters() .map(DEROctetString::new) .map(e -> new DERTaggedObject(PARAMETERS, e)) .orElseGet(null); DERTaggedObject publicKeyEncodable = publicKey() .map(DERBitString::new) .map(e -> new DERTaggedObject(PUBLIC_KEY, e)) .orElseGet(null); ASN1EncodableVector vector = DER.vector( new ASN1Integer(version), new DEROctetString(privateKey), parametersEncodable, publicKeyEncodable); return new DERSequence(vector); }
byte[] ext = cert.getExtensionValue(Extension.authorityKeyIdentifier.getId()); if (keyID != null) certSelectX509.setSubjectKeyIdentifier(new DEROctetString(keyID).getEncoded());
private String getCertificateSKI(String alias, KeyStore keyStore) throws CryptoException, KeyStoreException { X509Certificate x509Cert = getCertificate(alias, keyStore); try { byte[] skiValue = x509Cert.getExtensionValue(Extension.subjectKeyIdentifier.getId()); byte[] octets = DEROctetString.getInstance(skiValue).getOctets(); byte[] skiBytes = SubjectKeyIdentifier.getInstance(octets).getKeyIdentifier(); return HexUtil.getHexString(skiBytes); } catch (Exception e) { return "-"; } }