Example usage for org.bouncycastle.asn1 ASN1EncodableVector ASN1EncodableVector

List of usage examples for org.bouncycastle.asn1 ASN1EncodableVector ASN1EncodableVector

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.*
  5. ASN1EncodableVector
  6. ASN1EncodableVector

Introduction

In this page you can find the example usage for org.bouncycastle.asn1 ASN1EncodableVector ASN1EncodableVector.

Prototype

public ASN1EncodableVector()

Source Link

Usage

From source file:com.hierynomus.spnego.NegTokenInit.java

License:Apache License

public void write(Buffer<?> buffer) throws SpnegoException {
    try {/*ww w  . ja  va  2s .com*/
        ASN1EncodableVector negTokenInit = new ASN1EncodableVector();
        addMechTypeList(negTokenInit);
        addMechToken(negTokenInit);

        writeGss(buffer, negTokenInit);
    } catch (IOException e) {
        throw new SpnegoException("Unable to write NegTokenInit", e);
    }
}

From source file:com.hierynomus.spnego.NegTokenInit.java

License:Apache License

private void addMechTypeList(ASN1EncodableVector negTokenInit) {
    if (mechTypes.size() > 0) {
        ASN1EncodableVector supportedMechVector = new ASN1EncodableVector();
        for (ASN1ObjectIdentifier mechType : mechTypes) {
            supportedMechVector.add(mechType);
        }/*from w  w w .  j a  v a 2  s  . co  m*/

        ASN1Primitive asn1Encodables1 = new DERTaggedObject(true, 0x0, new DERSequence(supportedMechVector));
        negTokenInit.add(asn1Encodables1);
    }
}

From source file:com.hierynomus.spnego.NegTokenTarg.java

License:Apache License

public void write(Buffer<?> buffer) throws SpnegoException {
    try {/*from  w ww .j  a  v a2 s .c om*/
        ASN1EncodableVector negTokenTarg = new ASN1EncodableVector();
        if (negotiationResult != null) {
            negTokenTarg.add(new DERTaggedObject(0x0, new ASN1Enumerated(negotiationResult)));
        }
        if (supportedMech != null) {
            negTokenTarg.add(new DERTaggedObject(0x01, supportedMech));
        }
        if (responseToken != null && responseToken.length > 0) {
            negTokenTarg.add(new DERTaggedObject(0x02, new DEROctetString(responseToken)));
        }
        if (mechListMic != null && mechListMic.length > 0) {
            negTokenTarg.add(new DERTaggedObject(0x03, new DEROctetString(mechListMic)));
        }

        writeGss(buffer, negTokenTarg);
    } catch (IOException e) {
        throw new SpnegoException("Could not write NegTokenTarg to buffer", e);
    }
}

From source file:com.hierynomus.spnego.SpnegoToken.java

License:Apache License

protected void writeGss(Buffer<?> buffer, ASN1EncodableVector negToken) throws IOException {
    DERTaggedObject negotiationToken = new DERTaggedObject(true, tokenTagNo, new DERSequence(negToken));

    ASN1EncodableVector implicitSeqGssApi = new ASN1EncodableVector();
    implicitSeqGssApi.add(SPNEGO);//from w w  w. j  a  va2s.c  o  m
    implicitSeqGssApi.add(negotiationToken);

    DERApplicationSpecific gssApiHeader = new DERApplicationSpecific(0x0, implicitSeqGssApi);
    buffer.putRawBytes(gssApiHeader.getEncoded());
}

From source file:com.itdhq.poc.ocrsign.CreateSignature.java

License:Apache License

/**
 * We are extending CMS Signature//from   www  .  j  a va  2  s  .  co  m
 *
 * @param signer information about signer
 * @return information about SignerInformation
 */
private SignerInformation signTimeStamp(SignerInformation signer) throws IOException, TSPException {
    AttributeTable unsignedAttributes = signer.getUnsignedAttributes();

    ASN1EncodableVector vector = new ASN1EncodableVector();
    if (unsignedAttributes != null) {
        vector = unsignedAttributes.toASN1EncodableVector();
    }

    byte[] token = getTsaClient().getTimeStampToken(signer.getSignature());
    // FIXME
    /*ASN1ObjectIdentifier oid = PKCSObjectIdentifiers.id_aa_signatureTimeStampToken;
    ASN1Encodable signatureTimeStamp = new Attribute(oid, new DERSet(ASN1Primitive.fromByteArray(token)));
            
    vector.add(signatureTimeStamp);
    Attributes signedAttributes = new Attributes(vector);
            
    SignerInformation newSigner = SignerInformation.replaceUnsignedAttributes(
        signer, new AttributeTable(signedAttributes));
                
            
    // TODO can this actually happen?
    if (newSigner == null)
    {
    return signer;
    }
            
    return newSigner;*/
    return signer;
}

From source file:com.itextpdf.signatures.LtvVerification.java

License:Open Source License

private static byte[] buildOCSPResponse(byte[] BasicOCSPResponse) throws IOException {
    DEROctetString doctet = new DEROctetString(BasicOCSPResponse);
    ASN1EncodableVector v2 = new ASN1EncodableVector();
    v2.add(OCSPObjectIdentifiers.id_pkix_ocsp_basic);
    v2.add(doctet);/* w  w w .  ja v a 2s .c  o  m*/
    ASN1Enumerated den = new ASN1Enumerated(0);
    ASN1EncodableVector v3 = new ASN1EncodableVector();
    v3.add(den);
    v3.add(new DERTaggedObject(true, 0, new DERSequence(v2)));
    DERSequence seq = new DERSequence(v3);
    return seq.getEncoded();
}

From source file:com.itextpdf.signatures.PdfPKCS7.java

License:Open Source License

/**
 * Gets the bytes for the PKCS7SignedData object. Optionally the authenticatedAttributes
 * in the signerInfo can also be set, OR a time-stamp-authority client
 * may be provided./*from  w w w  .j a  va2  s  .c o  m*/
 *
 * @param secondDigest the digest in the authenticatedAttributes
 * @param tsaClient    TSAClient - null or an optional time stamp authority client
 * @return byte[] the bytes for the PKCS7SignedData object
 */
public byte[] getEncodedPKCS7(byte[] secondDigest, ITSAClient tsaClient, byte[] ocsp,
        Collection<byte[]> crlBytes, PdfSigner.CryptoStandard sigtype) {
    try {
        if (externalDigest != null) {
            digest = externalDigest;
            if (RSAdata != null)
                RSAdata = externalRSAdata;
        } else if (externalRSAdata != null && RSAdata != null) {
            RSAdata = externalRSAdata;
            sig.update(RSAdata);
            digest = sig.sign();
        } else {
            if (RSAdata != null) {
                RSAdata = messageDigest.digest();
                sig.update(RSAdata);
            }
            digest = sig.sign();
        }

        // Create the set of Hash algorithms
        ASN1EncodableVector digestAlgorithms = new ASN1EncodableVector();
        for (Object element : digestalgos) {
            ASN1EncodableVector algos = new ASN1EncodableVector();
            algos.add(new ASN1ObjectIdentifier((String) element));
            algos.add(DERNull.INSTANCE);
            digestAlgorithms.add(new DERSequence(algos));
        }

        // Create the contentInfo.
        ASN1EncodableVector v = new ASN1EncodableVector();
        v.add(new ASN1ObjectIdentifier(SecurityIDs.ID_PKCS7_DATA));
        if (RSAdata != null)
            v.add(new DERTaggedObject(0, new DEROctetString(RSAdata)));
        DERSequence contentinfo = new DERSequence(v);

        // Get all the certificates
        //
        v = new ASN1EncodableVector();
        for (Object element : certs) {
            ASN1InputStream tempstream = new ASN1InputStream(
                    new ByteArrayInputStream(((X509Certificate) element).getEncoded()));
            v.add(tempstream.readObject());
        }

        DERSet dercertificates = new DERSet(v);

        // Create signerinfo structure.
        //
        ASN1EncodableVector signerinfo = new ASN1EncodableVector();

        // Add the signerInfo version
        //
        signerinfo.add(new ASN1Integer(signerversion));

        v = new ASN1EncodableVector();
        v.add(CertificateInfo.getIssuer(signCert.getTBSCertificate()));
        v.add(new ASN1Integer(signCert.getSerialNumber()));
        signerinfo.add(new DERSequence(v));

        // Add the digestAlgorithm
        v = new ASN1EncodableVector();
        v.add(new ASN1ObjectIdentifier(digestAlgorithmOid));
        v.add(DERNull.INSTANCE);
        signerinfo.add(new DERSequence(v));

        // add the authenticated attribute if present
        if (secondDigest != null) {
            signerinfo.add(new DERTaggedObject(false, 0,
                    getAuthenticatedAttributeSet(secondDigest, ocsp, crlBytes, sigtype)));
        }
        // Add the digestEncryptionAlgorithm
        v = new ASN1EncodableVector();
        v.add(new ASN1ObjectIdentifier(digestEncryptionAlgorithmOid));
        v.add(DERNull.INSTANCE);
        signerinfo.add(new DERSequence(v));

        // Add the digest
        signerinfo.add(new DEROctetString(digest));

        // When requested, go get and add the timestamp. May throw an exception.
        // Added by Martin Brunecky, 07/12/2007 folowing Aiken Sam, 2006-11-15
        // Sam found Adobe expects time-stamped SHA1-1 of the encrypted digest
        if (tsaClient != null) {
            byte[] tsImprint = tsaClient.getMessageDigest().digest(digest);
            byte[] tsToken = tsaClient.getTimeStampToken(tsImprint);
            if (tsToken != null) {
                ASN1EncodableVector unauthAttributes = buildUnauthenticatedAttributes(tsToken);
                if (unauthAttributes != null) {
                    signerinfo.add(new DERTaggedObject(false, 1, new DERSet(unauthAttributes)));
                }
            }
        }

        // Finally build the body out of all the components above
        ASN1EncodableVector body = new ASN1EncodableVector();
        body.add(new ASN1Integer(version));
        body.add(new DERSet(digestAlgorithms));
        body.add(contentinfo);
        body.add(new DERTaggedObject(false, 0, dercertificates));

        // Only allow one signerInfo
        body.add(new DERSet(new DERSequence(signerinfo)));

        // Now we have the body, wrap it in it's PKCS7Signed shell
        // and return it
        //
        ASN1EncodableVector whole = new ASN1EncodableVector();
        whole.add(new ASN1ObjectIdentifier(SecurityIDs.ID_PKCS7_SIGNED_DATA));
        whole.add(new DERTaggedObject(0, new DERSequence(body)));

        ByteArrayOutputStream bOut = new ByteArrayOutputStream();

        ASN1OutputStream dout = new ASN1OutputStream(bOut);
        dout.writeObject(new DERSequence(whole));
        dout.close();

        return bOut.toByteArray();
    } catch (Exception e) {
        throw new PdfException(e);
    }
}

From source file:com.itextpdf.signatures.PdfPKCS7.java

License:Open Source License

/**
 * Added by Aiken Sam, 2006-11-15, modifed by Martin Brunecky 07/12/2007
 * to start with the timeStampToken (signedData 1.2.840.113549.1.7.2).
 * Token is the TSA response without response status, which is usually
 * handled by the (vendor supplied) TSA request/response interface).
 *
 * @param timeStampToken byte[] - time stamp token, DER encoded signedData
 * @return ASN1EncodableVector/*w  w  w. j  a v  a2 s .  co m*/
 * @throws IOException
 */
private ASN1EncodableVector buildUnauthenticatedAttributes(byte[] timeStampToken) throws IOException {
    if (timeStampToken == null)
        return null;

    // @todo: move this together with the rest of the defintions
    String ID_TIME_STAMP_TOKEN = "1.2.840.113549.1.9.16.2.14"; // RFC 3161 id-aa-timeStampToken

    ASN1InputStream tempstream = new ASN1InputStream(new ByteArrayInputStream(timeStampToken));
    ASN1EncodableVector unauthAttributes = new ASN1EncodableVector();

    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(new ASN1ObjectIdentifier(ID_TIME_STAMP_TOKEN)); // id-aa-timeStampToken
    ASN1Sequence seq = (ASN1Sequence) tempstream.readObject();
    v.add(new DERSet(seq));

    unauthAttributes.add(new DERSequence(v));
    return unauthAttributes;
}

From source file:com.itextpdf.signatures.PdfPKCS7.java

License:Open Source License

/**
 * This method provides that encoding and the parameters must be
 * exactly the same as in {@link #getEncodedPKCS7(byte[])}.
 *
 * @param secondDigest the content digest
 * @return the byte array representation of the authenticatedAttributes ready to be signed
 *//*  w w  w.ja  v  a  2 s  .  c  om*/
private DERSet getAuthenticatedAttributeSet(byte[] secondDigest, byte[] ocsp, Collection<byte[]> crlBytes,
        PdfSigner.CryptoStandard sigtype) {
    try {
        ASN1EncodableVector attribute = new ASN1EncodableVector();
        ASN1EncodableVector v = new ASN1EncodableVector();
        v.add(new ASN1ObjectIdentifier(SecurityIDs.ID_CONTENT_TYPE));
        v.add(new DERSet(new ASN1ObjectIdentifier(SecurityIDs.ID_PKCS7_DATA)));
        attribute.add(new DERSequence(v));
        v = new ASN1EncodableVector();
        v.add(new ASN1ObjectIdentifier(SecurityIDs.ID_MESSAGE_DIGEST));
        v.add(new DERSet(new DEROctetString(secondDigest)));
        attribute.add(new DERSequence(v));
        boolean haveCrl = false;
        if (crlBytes != null) {
            for (byte[] bCrl : crlBytes) {
                if (bCrl != null) {
                    haveCrl = true;
                    break;
                }
            }
        }
        if (ocsp != null || haveCrl) {
            v = new ASN1EncodableVector();
            v.add(new ASN1ObjectIdentifier(SecurityIDs.ID_ADBE_REVOCATION));

            ASN1EncodableVector revocationV = new ASN1EncodableVector();

            if (haveCrl) {
                ASN1EncodableVector v2 = new ASN1EncodableVector();
                for (byte[] bCrl : crlBytes) {
                    if (bCrl == null)
                        continue;
                    ASN1InputStream t = new ASN1InputStream(new ByteArrayInputStream(bCrl));
                    v2.add(t.readObject());
                }
                revocationV.add(new DERTaggedObject(true, 0, new DERSequence(v2)));
            }

            if (ocsp != null) {
                DEROctetString doctet = new DEROctetString(ocsp);
                ASN1EncodableVector vo1 = new ASN1EncodableVector();
                ASN1EncodableVector v2 = new ASN1EncodableVector();
                v2.add(OCSPObjectIdentifiers.id_pkix_ocsp_basic);
                v2.add(doctet);
                ASN1Enumerated den = new ASN1Enumerated(0);
                ASN1EncodableVector v3 = new ASN1EncodableVector();
                v3.add(den);
                v3.add(new DERTaggedObject(true, 0, new DERSequence(v2)));
                vo1.add(new DERSequence(v3));
                revocationV.add(new DERTaggedObject(true, 1, new DERSequence(vo1)));
            }

            v.add(new DERSet(new DERSequence(revocationV)));
            attribute.add(new DERSequence(v));
        }
        if (sigtype == PdfSigner.CryptoStandard.CADES) {
            v = new ASN1EncodableVector();
            v.add(new ASN1ObjectIdentifier(SecurityIDs.ID_AA_SIGNING_CERTIFICATE_V2));

            ASN1EncodableVector aaV2 = new ASN1EncodableVector();
            AlgorithmIdentifier algoId = new AlgorithmIdentifier(new ASN1ObjectIdentifier(digestAlgorithmOid),
                    null);
            aaV2.add(algoId);
            MessageDigest md = SignUtils.getMessageDigest(getHashAlgorithm(), interfaceDigest);
            byte[] dig = md.digest(signCert.getEncoded());
            aaV2.add(new DEROctetString(dig));

            v.add(new DERSet(new DERSequence(new DERSequence(new DERSequence(aaV2)))));
            attribute.add(new DERSequence(v));
        }

        if (signaturePolicyIdentifier != null) {
            attribute.add(new Attribute(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId,
                    new DERSet(signaturePolicyIdentifier)));
        }

        return new DERSet(attribute);
    } catch (Exception e) {
        throw new PdfException(e);
    }
}

From source file:com.itextpdf.text.pdf.JPKIPdfPKCS7.java

License:Open Source License

/**
 * Gets the bytes for the PKCS7SignedData object.
 * @return the bytes for the PKCS7SignedData object
 *///  w  w  w.j  a  v  a 2 s. co  m
public byte[] getEncodedPKCS7() {
    try {
        if (RSAdata != null) {
            RSAdata = messageDigest.digest();
            sig.update(RSAdata);
        }
        digest = sig.sign();

        // Create the set of Hash algorithms
        ASN1EncodableVector digestAlgorithms = new ASN1EncodableVector();
        ASN1EncodableVector algos = new ASN1EncodableVector();
        algos.add(new DERObjectIdentifier(ID_DIGEST_SHA1));
        algos.add(DERNull.INSTANCE);
        digestAlgorithms.add(new DERSequence(algos));

        // Create the contentInfo.
        ASN1EncodableVector v = new ASN1EncodableVector();
        v.add(new DERObjectIdentifier(ID_PKCS7_DATA));
        if (RSAdata != null)
            v.add(new DERTaggedObject(0, new DEROctetString(RSAdata)));
        DERSequence contentinfo = new DERSequence(v);

        // Get all the certificates
        //
        v = new ASN1EncodableVector();
        for (Object element : certs) {
            ASN1InputStream tempstream = new ASN1InputStream(
                    new ByteArrayInputStream(((X509Certificate) element).getEncoded()));
            v.add(tempstream.readObject());
        }

        DERSet dercertificates = new DERSet(v);

        // Create signerinfo structure.
        //
        ASN1EncodableVector signerinfo = new ASN1EncodableVector();

        // Add the signerInfo version
        //
        signerinfo.add(new DERInteger(signerversion));

        v = new ASN1EncodableVector();
        v.add(getIssuer(signCert.getTBSCertificate()));
        v.add(new DERInteger(signCert.getSerialNumber()));
        signerinfo.add(new DERSequence(v));

        // Add the digestAlgorithm
        v = new ASN1EncodableVector();
        v.add(new DERObjectIdentifier(ID_DIGEST_SHA1));
        v.add(new DERNull());
        signerinfo.add(new DERSequence(v));

        // Add the digestEncryptionAlgorithm
        v = new ASN1EncodableVector();
        v.add(new DERObjectIdentifier(ID_RSA));
        v.add(new DERNull());
        signerinfo.add(new DERSequence(v));

        // Add the digest
        signerinfo.add(new DEROctetString(digest));

        // Finally build the body out of all the components above
        ASN1EncodableVector body = new ASN1EncodableVector();
        body.add(new DERInteger(version));
        body.add(new DERSet(digestAlgorithms));
        body.add(contentinfo);
        body.add(new DERTaggedObject(false, 0, dercertificates));

        // Only allow one signerInfo
        body.add(new DERSet(new DERSequence(signerinfo)));

        // Now we have the body, wrap it in it's PKCS7Signed shell
        // and return it
        //
        ASN1EncodableVector whole = new ASN1EncodableVector();
        whole.add(new DERObjectIdentifier(ID_PKCS7_SIGNED_DATA));
        whole.add(new DERTaggedObject(0, new DERSequence(body)));

        ByteArrayOutputStream bOut = new ByteArrayOutputStream();

        ASN1OutputStream dout = new ASN1OutputStream(bOut);
        dout.writeObject(new DERSequence(whole));
        dout.close();

        return bOut.toByteArray();
    } catch (Exception e) {
        throw ExceptionConverter.convertException(e);
    }
}