Example usage for org.bouncycastle.asn1 DERSequence DERSequence

List of usage examples for org.bouncycastle.asn1 DERSequence DERSequence

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.*
  5. DERSequence
  6. DERSequence

Introduction

In this page you can find the example usage for org.bouncycastle.asn1 DERSequence DERSequence.

Prototype

public DERSequence(ASN1Encodable[] elements)

Source Link

Document

Create a sequence containing an array of objects.

Usage

From source file:bluecrystal.bcdeps.helper.DerEncoder.java

License:Open Source License

private void buildSignerInfo(ASN1EncodableVector body, String signedHashContent, X509Certificate certContent,
        String hashId) throws CertificateEncodingException {
    // ----- Signers Info --------

    final ASN1EncodableVector vec = new ASN1EncodableVector();
    final ASN1EncodableVector signerinfoVector = new ASN1EncodableVector();
    signerinfoVector.add(new DERInteger(SI_VERSION)); // 5 INT

    signerinfoVector.add(siAddCert(certContent));
    signerinfoVector.add(siAddDigestAlgorithm(hashId));
    signerinfoVector.add(siAddDigestEncryptionAlgorithm(ID_SHA1_RSA)); // 6
    // OCT//w w  w. ja v a  2s .com
    // STR
    // Add the digest
    signerinfoVector.add(new DEROctetString(getDerSignedDigest(signedHashContent)));

    final DERSequence siSeq = new DERSequence(signerinfoVector); // 4 SEQ
    vec.add(siSeq);
    DERSet siSet = new DERSet(vec); // 3 SET
    body.add(siSet);

}

From source file:bluecrystal.bcdeps.helper.DerEncoder.java

License:Open Source License

private DERSequence siAddDigestEncryptionAlgorithm(String hashId) {

    // Nota 3: Em ateno  RFC 3370 (Cryptographic Message Syntax (CMS)
    // Algorithms), item
    // "2.1 SHA-1"; e RFC 5754 (Using SHA2 Algorithms with Cryptographic
    // Message Syntax),
    // item "2 - Message Digest Algorithms", recomenda-se a ausncia do
    // campo "parameters" na
    // estrutura "AlgorithmIdentifier", usada na indicao do algoritmo de
    // hash, presentes nas
    // estruturas ASN.1 "SignedData.digestAlgorithms",
    // "SignerInfo.digestAlgorithm" e
    // "SignaturePolicyId.sigPolicyHash.hashAlgorithm".
    // AlgorithmIdentifier ::= SEQUENCE {
    // algorithm OBJECT IDENTIFIER,
    // parameters ANY DEFINED BY algorithm OPTIONAL }

    // Os processos para criao e verificao de assinaturas segundo esta
    // PA devem utilizar o
    // algoritmo :
    // a) para a verso 1.0: sha1withRSAEncryption(1 2 840 113549 1 1 5),
    // b) para a verso 1.1: sha1withRSAEncryption(1 2 840 113549 1 1 5) ou
    // sha256WithRSAEncryption(1.2.840.113549.1.1.11)
    // c) para as verses 2.0 e 2.1:
    // sha256WithRSAEncryption(1.2.840.113549.1.1.11).

    ASN1EncodableVector digestEncVetor = new ASN1EncodableVector();
    digestEncVetor.add(new DERObjectIdentifier(hashId));
    // VER NOTA//  w  ww.  j  a  va 2  s  .  c om
    // digestEncVetor.add(new DERNull());
    return new DERSequence(digestEncVetor);
}

From source file:bluecrystal.bcdeps.helper.DerEncoder.java

License:Open Source License

private DERSequence siAddDigestAlgorithm(String hashId) {
    // Add the digestEncAlgorithm
    ASN1EncodableVector digestVetor = new ASN1EncodableVector();
    digestVetor.add(new DERObjectIdentifier(hashId)); // 6 OID
    digestVetor.add(new DERNull()); // 6 NULL
    return new DERSequence(digestVetor); // 5 SEQ
}

From source file:bluecrystal.bcdeps.helper.DerEncoder.java

License:Open Source License

private DERSequence siAddCert(X509Certificate certContent) throws CertificateEncodingException {
    ASN1EncodableVector certVetor = new ASN1EncodableVector();
    certVetor.add(getEncodedIssuer(certContent.getTBSCertificate())); // 6
    // ISSUER/*from   w  w w . j a va 2  s  .  com*/
    certVetor.add(new DERInteger(certContent.getSerialNumber())); // 6 INT -
    // SERIAL
    return (new DERSequence(certVetor)); // 5 SEQ

}

From source file:bluecrystal.bcdeps.helper.DerEncoder.java

License:Open Source License

private void buildContentInfo(final ASN1EncodableVector body, int size) {

    // ------ Content Info
    ASN1EncodableVector contentInfoVector = new ASN1EncodableVector();
    contentInfoVector.add(new DERObjectIdentifier(ID_PKCS7_DATA)); // 4 OID
    if (size != DETACHED) {
        byte[] content = new byte[size];
        for (int i = 0; i < size; i++) {
            content[i] = (byte) 0xba;
        }//from  w w  w .j  a  v a 2s. co  m
        contentInfoVector.add(new DERTaggedObject(0, new DEROctetString(content)));
    }
    // CONTENT INFO

    final DERSequence contentinfo = new DERSequence(contentInfoVector); // 3
    // SEQ
    body.add(contentinfo);

}

From source file:bluecrystal.bcdeps.helper.DerEncoder.java

License:Open Source License

private void buildDigestAlg(final ASN1EncodableVector body, String hashId) {
    // ---------- algoritmos de digest
    final ASN1EncodableVector algos = new ASN1EncodableVector();
    algos.add(new DERObjectIdentifier(hashId)); // 4 OID
    algos.add(new DERNull()); // 4 NULL
    final ASN1EncodableVector algoSet = new ASN1EncodableVector();
    algoSet.add(new DERSequence(algos));
    final DERSet digestAlgorithms = new DERSet(algoSet); // 2
    // SET/*w ww .  j  a va 2s .  c om*/
    body.add(digestAlgorithms);
}

From source file:bluecrystal.bcdeps.helper.DerEncoder.java

License:Open Source License

private void buildDigestAlg(final ASN1EncodableVector body, List<String> listHashId) {
    // ---------- algoritmos de digest
    final ASN1EncodableVector algos = new ASN1EncodableVector();
    for (String next : listHashId) {
        algos.add(new DERObjectIdentifier(next)); // 4 OID
        algos.add(new DERNull()); // 4 NULL
    }//w ww .j a  v  a2s .  c  o m

    final ASN1EncodableVector algoSet = new ASN1EncodableVector();

    algoSet.add(new DERSequence(algos));
    final DERSet digestAlgorithms = new DERSet(algoSet); // 2
    // SET
    body.add(digestAlgorithms);
}

From source file:br.gov.frameworkdemoiselle.certificate.signer.pkcs7.bc.attribute.BCSigningCertificate.java

License:Open Source License

@Override
public ASN1Set getValue() {
    SigningCertificate attribute = (SigningCertificate) super.getAttribute();
    X509Certificate cert = attribute.getValue();
    Digest digest = DigestFactory.getInstance().factoryDefault();
    digest.setAlgorithm(DigestAlgorithmEnum.SHA_1);
    byte[] certHash = null;
    try {/* w  w w.  jav a 2 s.com*/
        certHash = digest.digest(cert.getEncoded());
    } catch (CertificateEncodingException ex) {
        ex.printStackTrace();
    }
    X509Name dirName = new X509Name(cert.getSubjectDN().getName());
    GeneralName name = new GeneralName(dirName);
    GeneralNames issuer = new GeneralNames(name);
    DERInteger serialNumber = new DERInteger(cert.getSerialNumber());
    IssuerSerial issuerSerial = new IssuerSerial(issuer, serialNumber);
    ESSCertID essCertId = new ESSCertID(certHash, issuerSerial);
    return new DERSet(new DERSequence(
            new ASN1Encodable[] { new DERSequence(essCertId), new DERSequence(new DERNull()) }));
}

From source file:br.gov.frameworkdemoiselle.certificate.signer.pkcs7.bc.attribute.BCSigningCertificateV2.java

License:Open Source License

@Override
public ASN1Set getValue() {
    SigningCertificateV2 attribute = (SigningCertificateV2) super.getAttribute();
    X509Certificate cert = attribute.getValue();
    Digest digest = DigestFactory.getInstance().factoryDefault();
    digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
    byte[] certHash = null;
    try {// w  ww .  j  a  v  a 2 s . c  om
        certHash = digest.digest(cert.getEncoded());
    } catch (CertificateEncodingException ex) {
        ex.printStackTrace();

    }
    X509Name dirName = new X509Name(cert.getSubjectDN().getName());
    GeneralName name = new GeneralName(dirName);
    GeneralNames issuer = new GeneralNames(name);
    DERInteger serial = new DERInteger(cert.getSerialNumber());
    IssuerSerial issuerSerial = new IssuerSerial(issuer, serial);
    String algorithmHashOID = SignerAlgorithmEnum.getSignerAlgorithmEnum(attribute.getAlgorithmHash())
            .getOIDAlgorithmHash();
    AlgorithmIdentifier algorithmId = new AlgorithmIdentifier(algorithmHashOID);
    ESSCertIDv2 essCertIDv2 = new ESSCertIDv2(algorithmId, certHash, issuerSerial);
    return new DERSet(new DERSequence(
            new ASN1Encodable[] { new DERSequence(essCertIDv2), new DERSequence(new DERNull()) }));
}

From source file:ca.nrc.cadc.cred.CertUtil.java

License:Open Source License

/**
 * Method that generates an X509 proxy certificate
 * /*from   w  w  w . j a va 2s  . co m*/
 * @param csr CSR for the certificate
 * @param lifetime lifetime of the certificate in SECONDS
 * @param chain certificate used to sign the proxy certificate
 * @return generated proxy certificate
 * @throws NoSuchAlgorithmException
 * @throws NoSuchProviderException
 * @throws InvalidKeyException
 * @throws CertificateParsingException
 * @throws CertificateEncodingException
 * @throws SignatureException
 * @throws CertificateNotYetValidException
 * @throws CertificateExpiredException
 */
public static X509Certificate generateCertificate(PKCS10CertificationRequest csr, int lifetime,
        X509CertificateChain chain) throws NoSuchAlgorithmException, NoSuchProviderException,
        InvalidKeyException, CertificateParsingException, CertificateEncodingException, SignatureException,
        CertificateExpiredException, CertificateNotYetValidException {
    X509Certificate issuerCert = chain.getChain()[0];
    PrivateKey issuerKey = chain.getPrivateKey();

    Security.addProvider(new BouncyCastleProvider());

    X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();

    certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
    certGen.setIssuerDN(issuerCert.getSubjectX500Principal());

    // generate the proxy DN as the issuerDN + CN=random number
    Random rand = new Random();
    String issuerDN = issuerCert.getSubjectX500Principal().getName(X500Principal.RFC2253);
    String delegDN = String.valueOf(Math.abs(rand.nextInt()));
    String proxyDn = "CN=" + delegDN + "," + issuerDN;
    certGen.setSubjectDN(new X500Principal(proxyDn));

    // set validity
    GregorianCalendar date = new GregorianCalendar(TimeZone.getTimeZone("GMT"));
    // Start date. Allow for a sixty five minute clock skew here.
    date.add(Calendar.MINUTE, -65);
    Date beforeDate = date.getTime();
    for (X509Certificate currentCert : chain.getChain()) {
        if (beforeDate.before(currentCert.getNotBefore())) {
            beforeDate = currentCert.getNotBefore();
        }
    }
    certGen.setNotBefore(beforeDate);

    // End date.
    // If hours = 0, then cert lifetime is set to that of user cert
    if (lifetime <= 0) {
        // set the validity of certificates as the minimum
        // of the certificates in the chain
        Date afterDate = issuerCert.getNotAfter();
        for (X509Certificate currentCert : chain.getChain()) {
            if (afterDate.after(currentCert.getNotAfter())) {
                afterDate = currentCert.getNotAfter();
            }
        }
        certGen.setNotAfter(afterDate);
    } else {
        // check the validity of the signing certificate
        date.add(Calendar.MINUTE, 5);
        date.add(Calendar.SECOND, lifetime);
        for (X509Certificate currentCert : chain.getChain()) {
            currentCert.checkValidity(date.getTime());
        }

        certGen.setNotAfter(date.getTime());
    }

    certGen.setPublicKey(csr.getPublicKey());
    // TODO: should be able to get signature algorithm from the csr, but... obtuse
    certGen.setSignatureAlgorithm(DEFAULT_SIGNATURE_ALGORITHM);

    // extensions
    // add ProxyCertInfo extension to the new cert

    certGen.addExtension(X509Extensions.KeyUsage, true,
            new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));

    certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
            new AuthorityKeyIdentifierStructure(issuerCert));

    certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
            new SubjectKeyIdentifierStructure(csr.getPublicKey("BC")));

    certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));

    // add the Proxy Certificate Information
    // I expect this code to be removed once support to proxy
    // certificates is provided in Bouncy Castle.

    // create a proxy policy
    // types of proxy certificate policies - see RFC3820
    // impersonates the user
    final DERObjectIdentifier IMPERSONATION = new DERObjectIdentifier("1.3.6.1.5.5.7.21.1");
    // independent
    // final DERObjectIdentifier INDEPENDENT = new
    // DERObjectIdentifier(
    // "1.3.6.1.5.5.7.21.2");
    // defined by a policy language
    // final DERObjectIdentifier LIMITED = new DERObjectIdentifier(
    // "1.3.6.1.4.1.3536.1.1.1.9");

    ASN1EncodableVector policy = new ASN1EncodableVector();
    policy.add(IMPERSONATION);

    // pathLengthConstr (RFC3820)
    // The pCPathLenConstraint field, if present, specifies the
    // maximum
    // depth of the path of Proxy Certificates that can be signed by
    // this
    // Proxy Certificate. A pCPathLenConstraint of 0 means that this
    // certificate MUST NOT be used to sign a Proxy Certificate. If
    // the
    // pCPathLenConstraint field is not present then the maximum proxy
    // path
    // length is unlimited. End entity certificates have unlimited
    // maximum
    // proxy path lengths.
    // DERInteger pathLengthConstr = new DERInteger(100);

    // create the proxy certificate information
    ASN1EncodableVector vec = new ASN1EncodableVector();
    // policy.add(pathLengthConstr);
    vec.add(new DERSequence(policy));

    // OID
    final DERObjectIdentifier OID = new DERObjectIdentifier("1.3.6.1.5.5.7.1.14");
    certGen.addExtension(OID, true, new DERSequence(vec));

    return certGen.generate(issuerKey, "BC");
}