/** * <p> * Create an {@code OtherName} that is defined as: * * <pre> * OtherName ::= SEQUENCE { * type-id OBJECT IDENTIFIER, * value [0] EXPLICIT ANY DEFINED BY type-id } * </pre> * </p> * * @param typeId the object identifier for this name * @param encodedValue the DER encoded value for this name * @throws ASN1Exception if {@code encodedValue} is not DER encoded */ public OtherName(final String typeId, final byte[] encodedValue) throws ASN1Exception { super(OTHER_NAME); this.typeId = typeId; this.encodedValue = encodedValue; final DEREncoder encoder = new DEREncoder(); encoder.startSequence(); encoder.encodeObjectIdentifier(typeId); encoder.writeEncoded(encodedValue); encoder.endSequence(); encodedName = encoder.getEncoded(); }
DEREncoder derEncoder = new DEREncoder(); derEncoder.startSequence(); // TBSCertificate derEncoder.startExplicit(0); derEncoder.encodeInteger(version - 1); derEncoder.endExplicit(); derEncoder.encodeInteger(serialNumber); derEncoder.startSequence(); // AlgorithmIdentifier derEncoder.encodeObjectIdentifier(signatureAlgorithmOid); derEncoder.endSequence(); // AlgorithmIdentifier derEncoder.writeEncoded(issuerDn.getEncoded()); // already a SEQUENCE of SET of SEQUENCE of { OBJECT IDENTIFIER, ANY } derEncoder.startSequence(); // Validity derEncoder.encodeGeneralizedTime(notValidBefore.withZoneSameInstant(ZoneOffset.UTC)); derEncoder.encodeGeneralizedTime(notValidAfter.withZoneSameInstant(ZoneOffset.UTC)); derEncoder.endSequence(); // Validity if (subjectDn != null) derEncoder.writeEncoded(subjectDn.getEncoded()); // already a SEQUENCE of SET of SEQUENCE of { OBJECT IDENTIFIER, ANY } derEncoder.writeEncoded(keySpec.getEncoded()); // SubjectPublicKeyInfo derEncoder.encodeImplicit(1); derEncoder.encodeBitString(issuerUniqueId); derEncoder.encodeImplicit(2); derEncoder.encodeBitString(subjectUniqueId); derEncoder.startExplicit(3); derEncoder.startSequence(); for (X509CertificateExtension extension : extensionsByOid.values()) {
/** * <p> * Encode an {@code AlgorithmIdentifier} without any parameters using the given * DER encoder and object identifier, where {@code AlgorithmIdentifier} is defined as: * * <pre> * AlgorithmIdentifier ::= SEQUENCE { * algorithm OBJECT IDENTIFIER, * parameters ANY DEFINED BY algorithm OPTIONAL * } * </pre> * </p> * * @param encoder the DER encoder * @param objectIdentifier the object identifier for the algorithm * @param omitParametersField {@code true} if the parameters field should be ommitted in * the encoding and {@code false} otherwise * @throws ASN1Exception if the given object identifier is invalid */ public static void encodeAlgorithmIdentifier(final DEREncoder encoder, String objectIdentifier, boolean omitParametersField) throws ASN1Exception { encoder.startSequence(); encoder.encodeObjectIdentifier(objectIdentifier); if (!omitParametersField) { encoder.encodeNull(); } encoder.endSequence(); }
public byte[] getValue() { DEREncoder encoder = new DEREncoder(); encodeTo(encoder); return encoder.getEncoded(); } }
final DEREncoder encoder = new DEREncoder(); try { encoder.startSequence(); encoder.encodeImplicit(0); EntityUtil.encodeGeneralNames(encoder, new DNSName(serverName)); List<TrustedAuthority> trustedAuthorities = trustedAuthoritiesCallback.getTrustedAuthorities(); if ((trustedAuthorities != null) && (! trustedAuthorities.isEmpty())) { encoder.encodeImplicit(1); EntityUtil.encodeTrustedAuthorities(encoder, trustedAuthorities); encoder.endSequence(); } catch (ASN1Exception e) { throw saslEntity.mechUnableToCreateResponseTokenWithCause(e).toSaslException(); return encoder.getEncoded(); final DEREncoder tbsEncoder = new DEREncoder(); tbsEncoder.startSequence(); tbsEncoder.encodeOctetString(randomA); tbsEncoder.encodeOctetString(randomB); if (entityB != null) { tbsEncoder.encodeImplicit(0); EntityUtil.encodeGeneralNames(tbsEncoder, entityB); tbsEncoder.encodeImplicit(1); EntityUtil.encodeGeneralNames(tbsEncoder, authID);
final X509EncodedKeySpec publicSpec = keyFactory.getKeySpec(keyFactory.translateKey(publicKey), X509EncodedKeySpec.class); final PKCS8EncodedKeySpec privateSpec = keyFactory.getKeySpec(keyFactory.translateKey(privateKey), PKCS8EncodedKeySpec.class); final DEREncoder encoder = new DEREncoder(); encoder.startSequence(); encoder.writeEncoded(publicSpec.getEncoded()); encoder.writeEncoded(privateSpec.getEncoded()); encoder.endSequence(); entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encoder.getEncoded(), DATA_OID)); } else if (credentialClass == X509CertificateChainPublicCredential.class) { final X509Certificate[] x509Certificates = credential.castAndApply(X509CertificateChainPublicCredential.class, X509CertificateChainPublicCredential::getCertificateChain); final DEREncoder encoder = new DEREncoder(); encoder.encodeInteger(x509Certificates.length); encoder.startSequence(); for (X509Certificate x509Certificate : x509Certificates) { encoder.writeEncoded(x509Certificate.getEncoded()); encoder.endSequence(); entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encoder.getEncoded(), DATA_OID)); } else if (credentialClass == X509CertificateChainPrivateCredential.class) { @SuppressWarnings("ConstantConditions") final Password password = credential.castAndApply(PasswordCredential.class, PasswordCredential::getPassword); final String algorithm = password.getAlgorithm(); final DEREncoder encoder = new DEREncoder(); final PasswordFactory passwordFactory = PasswordFactory.getInstance(algorithm); switch (algorithm) { case UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_512: { IteratedSaltedHashPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), IteratedSaltedHashPasswordSpec.class);
/** * Encode an {@code Extension} using the given DER encoder. The ASN.1 definition of {@code Extension} is: * * <pre> * Extension ::= SEQUENCE { * extensionId OBJECT IDENTIFIER, * critical BOOLEAN DEFAULT FALSE, * extensionValue OCTET STRING * } * </pre> * * @param encoder the DER encoder * @param extension the X.509 certificate extension */ private static void encodeExtension(final DEREncoder encoder, final X509CertificateExtension extension) { encoder.startSequence(); encoder.encodeObjectIdentifier(extension.getId()); if (extension.isCritical()) { encoder.encodeBoolean(true); } DEREncoder extensionEncoder = new DEREncoder(); extension.encodeTo(extensionEncoder); encoder.encodeOctetString(extensionEncoder.getEncoded()); encoder.endSequence(); }
/** * Build the principal. On return (with any outcome), this builder is re-set for building a new principal. * * @return the constructed principal (not {@code null}) * @throws IllegalArgumentException if the principal is somehow invalid */ public X500Principal build() throws IllegalArgumentException { final DEREncoder derEncoder = new DEREncoder(); derEncoder.startSequence(); for (Collection<X500AttributeTypeAndValue> itemSet : items) { derEncoder.startSet(); for (X500AttributeTypeAndValue item : itemSet) { item.encodeTo(derEncoder); } derEncoder.endSet(); } derEncoder.endSequence(); return new X500Principal(derEncoder.getEncoded()); } }
/** * Encode a {@code CertificationRequestInfo} using the given DER encoder. The ASN.1 definition of {@code CertificationRequestInfo} is: * * <pre> * CertificationRequestInfo ::= SEQUENCE { * version INTEGER { v1(0) } (v1,...), * subject Name, * subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, * attributes [0] Attributes{{ CRIAttributes }} * } * </pre> * * @param encoder the DER encoder */ private void encodeCertificationRequestInfo(final DEREncoder encoder) { encoder.startSequence(); encoder.encodeInteger(VERSION); encoder.writeEncoded(subjectDn.getEncoded()); encoder.writeEncoded(publicKey.getEncoded()); // subjectPKInfo encoder.encodeImplicit(0); encodeAttributes(encoder); encoder.endSequence(); }
/** * Encode {@code Attributes} using the given DER encoder. The ASN.1 definition of {@code Attributes} is: * * <pre> * Attributes ::= SET OF Attribute * * Attribute :: SEQUENCE { * type AttributeType, * values SET OF AttributeValue * } * * AttributeType ::= OBJECT IDENTIFIER * AttributeValue ::= ANY defined by type * </pre> * * @param encoder the DER encoder */ private void encodeAttributes(final DEREncoder encoder) { encoder.startSetOf(); encoder.startSequence(); // extensionRequest attribute encoder.encodeObjectIdentifier(ASN1.OID_EXTENSION_REQUEST); encoder.startSetOf(); encodeExtensionRequest(encoder); encoder.endSetOf(); encoder.endSequence(); encoder.endSetOf(); }
/** * Encode an ASN.1 sequence of trusted authorities using the given DER encoder. * * @param encoder the DER encoder * @param trustedAuthorities the trusted authorities as a {@code List} where each entry must * be a {@link NameTrustedAuthority}, a {@link CertificateTrustedAuthority}, or a {@link HashTrustedAuthority} * @throws ASN1Exception if any of the trusted authorities are invalid */ public static void encodeTrustedAuthorities(final DEREncoder encoder, List<TrustedAuthority> trustedAuthorities) throws ASN1Exception { encoder.startSequence(); for (TrustedAuthority trustedAuthority : trustedAuthorities) { trustedAuthority.encodeTo(encoder); } encoder.endSequence(); }
@Override public void encodeBitString(BigInteger integer) { ByteStringBuilder target = new ByteStringBuilder(); new DEREncoder(target).encodeInteger(integer); encodeBitString(target.toArray()); }
/** * Encode an ASN.1 set of certificates using the given DER encoder and the * given {@code X509Certificate} chain. * * @param encoder the DER encoder * @param certChain the X.509 certificate chain to encode * @throws ASN1Exception if an error occurs while encoding the given certificate chain */ public static void encodeX509CertificateChain(final DEREncoder encoder, X509Certificate[] certChain) throws ASN1Exception { try { int chainSize = certChain.length; encoder.startSetOf(); for (int i = 0; i < chainSize; i++) { encoder.writeEncoded(certChain[i].getEncoded()); } encoder.endSetOf(); } catch (CertificateEncodingException e) { throw new ASN1Exception(e); } }
@Override public void flush() { while (states.size() != 0) { EncoderState lastState = states.peekLast(); if (lastState.getTag() == SEQUENCE_TYPE) { endSequence(); } else if (lastState.getTag() == SET_TYPE) { endSet(); } } }
@Override public void encodeOctetString(String str) { encodeOctetString(str.getBytes(StandardCharsets.UTF_8)); }
@Override public void encodeBitString(byte[] str) { encodeBitString(str, 0); // All bits will be used }
@Override public void encodeImplicit(int number) { encodeImplicit(CONTEXT_SPECIFIC_MASK, number); }
final DEREncoder encoder = new DEREncoder(); try { encoder.startSequence(); encoder.encodeImplicit(0); EntityUtil.encodeGeneralNames(encoder, entityB); encoder.startExplicit(1); TrustedAuthoritiesCallback trustedAuthoritiesCallback = new TrustedAuthoritiesCallback(); encoder.endExplicit(); List<GeneralName> authId = null; if (authorizationId != null) { encoder.encodeImplicit(2); final DEREncoder tbsEncoder = new DEREncoder(); tbsEncoder.startSequence(); tbsEncoder.encodeOctetString(randomA); tbsEncoder.encodeOctetString(randomB); if (entityB != null) { tbsEncoder.encodeImplicit(0); EntityUtil.encodeGeneralNames(tbsEncoder, entityB); tbsEncoder.encodeImplicit(1); EntityUtil.encodeGeneralNames(tbsEncoder, authId); tbsEncoder.endSequence();
final X509EncodedKeySpec publicSpec = keyFactory.getKeySpec(keyFactory.translateKey(publicKey), X509EncodedKeySpec.class); final PKCS8EncodedKeySpec privateSpec = keyFactory.getKeySpec(keyFactory.translateKey(privateKey), PKCS8EncodedKeySpec.class); final DEREncoder encoder = new DEREncoder(); encoder.startSequence(); encoder.writeEncoded(publicSpec.getEncoded()); encoder.writeEncoded(privateSpec.getEncoded()); encoder.endSequence(); entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encoder.getEncoded(), DATA_OID)); } else if (credentialClass == X509CertificateChainPublicCredential.class) { final X509Certificate[] x509Certificates = credential.castAndApply(X509CertificateChainPublicCredential.class, X509CertificateChainPublicCredential::getCertificateChain); final DEREncoder encoder = new DEREncoder(); encoder.encodeInteger(x509Certificates.length); encoder.startSequence(); for (X509Certificate x509Certificate : x509Certificates) { encoder.writeEncoded(x509Certificate.getEncoded()); encoder.endSequence(); entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encoder.getEncoded(), DATA_OID)); } else if (credentialClass == X509CertificateChainPrivateCredential.class) { @SuppressWarnings("ConstantConditions") final Password password = credential.castAndApply(PasswordCredential.class, PasswordCredential::getPassword); final String algorithm = password.getAlgorithm(); final DEREncoder encoder = new DEREncoder(); final PasswordFactory passwordFactory = PasswordFactory.getInstance(algorithm); switch (algorithm) { case UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_512: { IteratedSaltedHashPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), IteratedSaltedHashPasswordSpec.class);
/** * Encode an {@code Extension} using the given DER encoder. The ASN.1 definition of {@code Extension} is: * * <pre> * Extension ::= SEQUENCE { * extensionId OBJECT IDENTIFIER, * critical BOOLEAN DEFAULT FALSE, * extensionValue OCTET STRING * } * </pre> * * @param encoder the DER encoder * @param extension the X.509 certificate extension */ private static void encodeExtension(final DEREncoder encoder, final X509CertificateExtension extension) { encoder.startSequence(); encoder.encodeObjectIdentifier(extension.getId()); if (extension.isCritical()) { encoder.encodeBoolean(true); } DEREncoder extensionEncoder = new DEREncoder(); extension.encodeTo(extensionEncoder); encoder.encodeOctetString(extensionEncoder.getEncoded()); encoder.endSequence(); }