List of usage examples for org.bouncycastle.asn1 DERSequence DERSequence
public DERSequence(ASN1Encodable[] elements)
From source file:com.itextpdf.text.pdf.JPKIPdfPKCS7.java
License:Open Source License
/** * Gets the bytes for the PKCS7SignedData object. * @return the bytes for the PKCS7SignedData object *///from w w w . ja v a2 s.c o m public byte[] getEncodedPKCS7() { try { if (RSAdata != null) { RSAdata = messageDigest.digest(); sig.update(RSAdata); } digest = sig.sign(); // Create the set of Hash algorithms ASN1EncodableVector digestAlgorithms = new ASN1EncodableVector(); ASN1EncodableVector algos = new ASN1EncodableVector(); algos.add(new DERObjectIdentifier(ID_DIGEST_SHA1)); algos.add(DERNull.INSTANCE); digestAlgorithms.add(new DERSequence(algos)); // Create the contentInfo. ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DERObjectIdentifier(ID_PKCS7_DATA)); if (RSAdata != null) v.add(new DERTaggedObject(0, new DEROctetString(RSAdata))); DERSequence contentinfo = new DERSequence(v); // Get all the certificates // v = new ASN1EncodableVector(); for (Object element : certs) { ASN1InputStream tempstream = new ASN1InputStream( new ByteArrayInputStream(((X509Certificate) element).getEncoded())); v.add(tempstream.readObject()); } DERSet dercertificates = new DERSet(v); // Create signerinfo structure. // ASN1EncodableVector signerinfo = new ASN1EncodableVector(); // Add the signerInfo version // signerinfo.add(new DERInteger(signerversion)); v = new ASN1EncodableVector(); v.add(getIssuer(signCert.getTBSCertificate())); v.add(new DERInteger(signCert.getSerialNumber())); signerinfo.add(new DERSequence(v)); // Add the digestAlgorithm v = new ASN1EncodableVector(); v.add(new DERObjectIdentifier(ID_DIGEST_SHA1)); v.add(new DERNull()); signerinfo.add(new DERSequence(v)); // Add the digestEncryptionAlgorithm v = new ASN1EncodableVector(); v.add(new DERObjectIdentifier(ID_RSA)); v.add(new DERNull()); signerinfo.add(new DERSequence(v)); // Add the digest signerinfo.add(new DEROctetString(digest)); // Finally build the body out of all the components above ASN1EncodableVector body = new ASN1EncodableVector(); body.add(new DERInteger(version)); body.add(new DERSet(digestAlgorithms)); body.add(contentinfo); body.add(new DERTaggedObject(false, 0, dercertificates)); // Only allow one signerInfo body.add(new DERSet(new DERSequence(signerinfo))); // Now we have the body, wrap it in it's PKCS7Signed shell // and return it // ASN1EncodableVector whole = new ASN1EncodableVector(); whole.add(new DERObjectIdentifier(ID_PKCS7_SIGNED_DATA)); whole.add(new DERTaggedObject(0, new DERSequence(body))); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); ASN1OutputStream dout = new ASN1OutputStream(bOut); dout.writeObject(new DERSequence(whole)); dout.close(); return bOut.toByteArray(); } catch (Exception e) { throw ExceptionConverter.convertException(e); } }
From source file:com.itextpdf.text.pdf.LtvVerification.java
License:Open Source License
private static byte[] buildOCSPResponse(byte[] BasicOCSPResponse) throws IOException { DEROctetString doctet = new DEROctetString(BasicOCSPResponse); ASN1EncodableVector v2 = new ASN1EncodableVector(); v2.add(OCSPObjectIdentifiers.id_pkix_ocsp_basic); v2.add(doctet);/*from w w w . j a va2 s . c o m*/ DEREnumerated den = new DEREnumerated(0); ASN1EncodableVector v3 = new ASN1EncodableVector(); v3.add(den); v3.add(new DERTaggedObject(true, 0, new DERSequence(v2))); DERSequence seq = new DERSequence(v3); return seq.getEncoded(); }
From source file:com.itextpdf.text.pdf.PdfPKCS7.java
License:Open Source License
/** * Gets the bytes for the PKCS7SignedData object. Optionally the authenticatedAttributes * in the signerInfo can also be set, OR a time-stamp-authority client * may be provided.//ww w. ja va 2 s.c om * @param secondDigest the digest in the authenticatedAttributes * @param signingTime the signing time in the authenticatedAttributes * @param tsaClient TSAClient - null or an optional time stamp authority client * @return byte[] the bytes for the PKCS7SignedData object * @since 2.1.6 */ public byte[] getEncodedPKCS7(byte secondDigest[], Calendar signingTime, TSAClient tsaClient, byte[] ocsp) { try { if (externalDigest != null) { digest = externalDigest; if (RSAdata != null) RSAdata = externalRSAdata; } else if (externalRSAdata != null && RSAdata != null) { RSAdata = externalRSAdata; sig.update(RSAdata); digest = sig.sign(); } else { if (RSAdata != null) { RSAdata = messageDigest.digest(); sig.update(RSAdata); } digest = sig.sign(); } // Create the set of Hash algorithms ASN1EncodableVector digestAlgorithms = new ASN1EncodableVector(); for (Object element : digestalgos) { ASN1EncodableVector algos = new ASN1EncodableVector(); algos.add(new DERObjectIdentifier((String) element)); algos.add(DERNull.INSTANCE); digestAlgorithms.add(new DERSequence(algos)); } // Create the contentInfo. ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DERObjectIdentifier(ID_PKCS7_DATA)); if (RSAdata != null) v.add(new DERTaggedObject(0, new DEROctetString(RSAdata))); DERSequence contentinfo = new DERSequence(v); // Get all the certificates // v = new ASN1EncodableVector(); for (Object element : certs) { ASN1InputStream tempstream = new ASN1InputStream( new ByteArrayInputStream(((X509Certificate) element).getEncoded())); v.add(tempstream.readObject()); } DERSet dercertificates = new DERSet(v); // Create signerinfo structure. // ASN1EncodableVector signerinfo = new ASN1EncodableVector(); // Add the signerInfo version // signerinfo.add(new DERInteger(signerversion)); v = new ASN1EncodableVector(); v.add(getIssuer(signCert.getTBSCertificate())); v.add(new DERInteger(signCert.getSerialNumber())); signerinfo.add(new DERSequence(v)); // Add the digestAlgorithm v = new ASN1EncodableVector(); v.add(new DERObjectIdentifier(digestAlgorithm)); v.add(new DERNull()); signerinfo.add(new DERSequence(v)); // add the authenticated attribute if present if (secondDigest != null && signingTime != null) { signerinfo.add(new DERTaggedObject(false, 0, getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp))); } // Add the digestEncryptionAlgorithm v = new ASN1EncodableVector(); v.add(new DERObjectIdentifier(digestEncryptionAlgorithm)); v.add(new DERNull()); signerinfo.add(new DERSequence(v)); // Add the digest signerinfo.add(new DEROctetString(digest)); // When requested, go get and add the timestamp. May throw an exception. // Added by Martin Brunecky, 07/12/2007 folowing Aiken Sam, 2006-11-15 // Sam found Adobe expects time-stamped SHA1-1 of the encrypted digest if (tsaClient != null) { byte[] tsImprint = MessageDigest.getInstance("SHA-1").digest(digest); byte[] tsToken = tsaClient.getTimeStampToken(this, tsImprint); if (tsToken != null) { ASN1EncodableVector unauthAttributes = buildUnauthenticatedAttributes(tsToken); if (unauthAttributes != null) { signerinfo.add(new DERTaggedObject(false, 1, new DERSet(unauthAttributes))); } } } // Finally build the body out of all the components above ASN1EncodableVector body = new ASN1EncodableVector(); body.add(new DERInteger(version)); body.add(new DERSet(digestAlgorithms)); body.add(contentinfo); body.add(new DERTaggedObject(false, 0, dercertificates)); // Only allow one signerInfo body.add(new DERSet(new DERSequence(signerinfo))); // Now we have the body, wrap it in it's PKCS7Signed shell // and return it // ASN1EncodableVector whole = new ASN1EncodableVector(); whole.add(new DERObjectIdentifier(ID_PKCS7_SIGNED_DATA)); whole.add(new DERTaggedObject(0, new DERSequence(body))); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); ASN1OutputStream dout = new ASN1OutputStream(bOut); dout.writeObject(new DERSequence(whole)); dout.close(); return bOut.toByteArray(); } catch (Exception e) { throw new ExceptionConverter(e); } }
From source file:com.itextpdf.text.pdf.PdfPKCS7.java
License:Open Source License
/** * Added by Aiken Sam, 2006-11-15, modifed by Martin Brunecky 07/12/2007 * to start with the timeStampToken (signedData 1.2.840.113549.1.7.2). * Token is the TSA response without response status, which is usually * handled by the (vendor supplied) TSA request/response interface). * @param timeStampToken byte[] - time stamp token, DER encoded signedData * @return ASN1EncodableVector//w w w .j a v a 2 s . c o m * @throws IOException */ private ASN1EncodableVector buildUnauthenticatedAttributes(byte[] timeStampToken) throws IOException { if (timeStampToken == null) return null; // @todo: move this together with the rest of the defintions String ID_TIME_STAMP_TOKEN = "1.2.840.113549.1.9.16.2.14"; // RFC 3161 id-aa-timeStampToken ASN1InputStream tempstream = new ASN1InputStream(new ByteArrayInputStream(timeStampToken)); ASN1EncodableVector unauthAttributes = new ASN1EncodableVector(); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DERObjectIdentifier(ID_TIME_STAMP_TOKEN)); // id-aa-timeStampToken ASN1Sequence seq = (ASN1Sequence) tempstream.readObject(); v.add(new DERSet(seq)); unauthAttributes.add(new DERSequence(v)); return unauthAttributes; }
From source file:com.itextpdf.text.pdf.PdfPKCS7.java
License:Open Source License
private DERSet getAuthenticatedAttributeSet(byte secondDigest[], Calendar signingTime, byte[] ocsp) { try {//from w ww .ja va2s . co m ASN1EncodableVector attribute = new ASN1EncodableVector(); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DERObjectIdentifier(ID_CONTENT_TYPE)); v.add(new DERSet(new DERObjectIdentifier(ID_PKCS7_DATA))); attribute.add(new DERSequence(v)); v = new ASN1EncodableVector(); v.add(new DERObjectIdentifier(ID_SIGNING_TIME)); v.add(new DERSet(new DERUTCTime(signingTime.getTime()))); attribute.add(new DERSequence(v)); v = new ASN1EncodableVector(); v.add(new DERObjectIdentifier(ID_MESSAGE_DIGEST)); v.add(new DERSet(new DEROctetString(secondDigest))); attribute.add(new DERSequence(v)); if (ocsp != null || !crls.isEmpty()) { v = new ASN1EncodableVector(); v.add(new DERObjectIdentifier(ID_ADBE_REVOCATION)); ASN1EncodableVector revocationV = new ASN1EncodableVector(); if (!crls.isEmpty()) { ASN1EncodableVector v2 = new ASN1EncodableVector(); for (Object element : crls) { ASN1InputStream t = new ASN1InputStream( new ByteArrayInputStream(((X509CRL) element).getEncoded())); v2.add(t.readObject()); } revocationV.add(new DERTaggedObject(true, 0, new DERSequence(v2))); } if (ocsp != null) { DEROctetString doctet = new DEROctetString(ocsp); ASN1EncodableVector vo1 = new ASN1EncodableVector(); ASN1EncodableVector v2 = new ASN1EncodableVector(); v2.add(OCSPObjectIdentifiers.id_pkix_ocsp_basic); v2.add(doctet); DEREnumerated den = new DEREnumerated(0); ASN1EncodableVector v3 = new ASN1EncodableVector(); v3.add(den); v3.add(new DERTaggedObject(true, 0, new DERSequence(v2))); vo1.add(new DERSequence(v3)); revocationV.add(new DERTaggedObject(true, 1, new DERSequence(vo1))); } v.add(new DERSet(new DERSequence(revocationV))); attribute.add(new DERSequence(v)); } return new DERSet(attribute); } catch (Exception e) { throw new ExceptionConverter(e); } }
From source file:com.itextpdf.text.pdf.security.PdfPKCS7.java
License:Open Source License
/** * Gets the bytes for the PKCS7SignedData object. Optionally the authenticatedAttributes * in the signerInfo can also be set, OR a time-stamp-authority client * may be provided./*from ww w.j ava 2 s. com*/ * @param secondDigest the digest in the authenticatedAttributes * @param signingTime the signing time in the authenticatedAttributes * @param tsaClient TSAClient - null or an optional time stamp authority client * @return byte[] the bytes for the PKCS7SignedData object * @since 2.1.6 */ public byte[] getEncodedPKCS7(byte secondDigest[], Calendar signingTime, TSAClient tsaClient, byte[] ocsp, Collection<byte[]> crlBytes, CryptoStandard sigtype) { try { if (externalDigest != null) { digest = externalDigest; if (RSAdata != null) RSAdata = externalRSAdata; } else if (externalRSAdata != null && RSAdata != null) { RSAdata = externalRSAdata; sig.update(RSAdata); digest = sig.sign(); } else { if (RSAdata != null) { RSAdata = messageDigest.digest(); sig.update(RSAdata); } digest = sig.sign(); } // Create the set of Hash algorithms ASN1EncodableVector digestAlgorithms = new ASN1EncodableVector(); for (Object element : digestalgos) { ASN1EncodableVector algos = new ASN1EncodableVector(); algos.add(new ASN1ObjectIdentifier((String) element)); algos.add(DERNull.INSTANCE); digestAlgorithms.add(new DERSequence(algos)); } // Create the contentInfo. ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new ASN1ObjectIdentifier(SecurityIDs.ID_PKCS7_DATA)); if (RSAdata != null) v.add(new DERTaggedObject(0, new DEROctetString(RSAdata))); DERSequence contentinfo = new DERSequence(v); // Get all the certificates // v = new ASN1EncodableVector(); for (Object element : certs) { ASN1InputStream tempstream = new ASN1InputStream( new ByteArrayInputStream(((X509Certificate) element).getEncoded())); v.add(tempstream.readObject()); } DERSet dercertificates = new DERSet(v); // Create signerinfo structure. // ASN1EncodableVector signerinfo = new ASN1EncodableVector(); // Add the signerInfo version // signerinfo.add(new ASN1Integer(signerversion)); v = new ASN1EncodableVector(); v.add(CertificateInfo.getIssuer(signCert.getTBSCertificate())); v.add(new ASN1Integer(signCert.getSerialNumber())); signerinfo.add(new DERSequence(v)); // Add the digestAlgorithm v = new ASN1EncodableVector(); v.add(new ASN1ObjectIdentifier(digestAlgorithmOid)); v.add(new DERNull()); signerinfo.add(new DERSequence(v)); // add the authenticated attribute if present if (secondDigest != null && signingTime != null) { signerinfo.add(new DERTaggedObject(false, 0, getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp, crlBytes, sigtype))); } // Add the digestEncryptionAlgorithm v = new ASN1EncodableVector(); v.add(new ASN1ObjectIdentifier(digestEncryptionAlgorithmOid)); v.add(new DERNull()); signerinfo.add(new DERSequence(v)); // Add the digest signerinfo.add(new DEROctetString(digest)); // When requested, go get and add the timestamp. May throw an exception. // Added by Martin Brunecky, 07/12/2007 folowing Aiken Sam, 2006-11-15 // Sam found Adobe expects time-stamped SHA1-1 of the encrypted digest if (tsaClient != null) { byte[] tsImprint = tsaClient.getMessageDigest().digest(digest); byte[] tsToken = tsaClient.getTimeStampToken(tsImprint); if (tsToken != null) { ASN1EncodableVector unauthAttributes = buildUnauthenticatedAttributes(tsToken); if (unauthAttributes != null) { signerinfo.add(new DERTaggedObject(false, 1, new DERSet(unauthAttributes))); } } } // Finally build the body out of all the components above ASN1EncodableVector body = new ASN1EncodableVector(); body.add(new ASN1Integer(version)); body.add(new DERSet(digestAlgorithms)); body.add(contentinfo); body.add(new DERTaggedObject(false, 0, dercertificates)); // Only allow one signerInfo body.add(new DERSet(new DERSequence(signerinfo))); // Now we have the body, wrap it in it's PKCS7Signed shell // and return it // ASN1EncodableVector whole = new ASN1EncodableVector(); whole.add(new ASN1ObjectIdentifier(SecurityIDs.ID_PKCS7_SIGNED_DATA)); whole.add(new DERTaggedObject(0, new DERSequence(body))); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); ASN1OutputStream dout = new ASN1OutputStream(bOut); dout.writeObject(new DERSequence(whole)); dout.close(); return bOut.toByteArray(); } catch (Exception e) { throw new ExceptionConverter(e); } }
From source file:com.itextpdf.text.pdf.security.PdfPKCS7.java
License:Open Source License
/** * This method provides that encoding and the parameters must be * exactly the same as in {@link #getEncodedPKCS7(byte[],Calendar)}. * /* w ww . j ava 2s. co m*/ * @param secondDigest the content digest * @param signingTime the signing time * @return the byte array representation of the authenticatedAttributes ready to be signed */ private DERSet getAuthenticatedAttributeSet(byte secondDigest[], Calendar signingTime, byte[] ocsp, Collection<byte[]> crlBytes, CryptoStandard sigtype) { try { ASN1EncodableVector attribute = new ASN1EncodableVector(); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new ASN1ObjectIdentifier(SecurityIDs.ID_CONTENT_TYPE)); v.add(new DERSet(new ASN1ObjectIdentifier(SecurityIDs.ID_PKCS7_DATA))); attribute.add(new DERSequence(v)); v = new ASN1EncodableVector(); v.add(new ASN1ObjectIdentifier(SecurityIDs.ID_SIGNING_TIME)); v.add(new DERSet(new DERUTCTime(signingTime.getTime()))); attribute.add(new DERSequence(v)); v = new ASN1EncodableVector(); v.add(new ASN1ObjectIdentifier(SecurityIDs.ID_MESSAGE_DIGEST)); v.add(new DERSet(new DEROctetString(secondDigest))); attribute.add(new DERSequence(v)); boolean haveCrl = false; if (crlBytes != null) { for (byte[] bCrl : crlBytes) { if (bCrl != null) { haveCrl = true; break; } } } if (ocsp != null || haveCrl) { v = new ASN1EncodableVector(); v.add(new ASN1ObjectIdentifier(SecurityIDs.ID_ADBE_REVOCATION)); ASN1EncodableVector revocationV = new ASN1EncodableVector(); if (haveCrl) { ASN1EncodableVector v2 = new ASN1EncodableVector(); for (byte[] bCrl : crlBytes) { if (bCrl == null) continue; ASN1InputStream t = new ASN1InputStream(new ByteArrayInputStream(bCrl)); v2.add(t.readObject()); } revocationV.add(new DERTaggedObject(true, 0, new DERSequence(v2))); } if (ocsp != null) { DEROctetString doctet = new DEROctetString(ocsp); ASN1EncodableVector vo1 = new ASN1EncodableVector(); ASN1EncodableVector v2 = new ASN1EncodableVector(); v2.add(OCSPObjectIdentifiers.id_pkix_ocsp_basic); v2.add(doctet); ASN1Enumerated den = new ASN1Enumerated(0); ASN1EncodableVector v3 = new ASN1EncodableVector(); v3.add(den); v3.add(new DERTaggedObject(true, 0, new DERSequence(v2))); vo1.add(new DERSequence(v3)); revocationV.add(new DERTaggedObject(true, 1, new DERSequence(vo1))); } v.add(new DERSet(new DERSequence(revocationV))); attribute.add(new DERSequence(v)); } if (sigtype == CryptoStandard.CADES) { v = new ASN1EncodableVector(); v.add(new ASN1ObjectIdentifier(SecurityIDs.ID_AA_SIGNING_CERTIFICATE_V2)); ASN1EncodableVector aaV2 = new ASN1EncodableVector(); AlgorithmIdentifier algoId = new AlgorithmIdentifier(new ASN1ObjectIdentifier(digestAlgorithmOid), null); aaV2.add(algoId); MessageDigest md = interfaceDigest.getMessageDigest(getHashAlgorithm()); byte[] dig = md.digest(signCert.getEncoded()); aaV2.add(new DEROctetString(dig)); v.add(new DERSet(new DERSequence(new DERSequence(new DERSequence(aaV2))))); attribute.add(new DERSequence(v)); } return new DERSet(attribute); } catch (Exception e) { throw new ExceptionConverter(e); } }
From source file:com.jlocksmith.util.ExtensionUtil.java
License:Open Source License
/** * Get Authority Key Identifier String Value * /* w w w. j a va2s . c o m*/ * @param bytes * * @return String * * @throws IOException */ private String getAuthorityKeyIdentifierStringValue(byte[] bytes) throws IOException { ASN1Sequence asn1Seq = (ASN1Sequence) toDERObject(bytes); DEROctetString keyIdentifier = null; ASN1Sequence authorityCertIssuer = null; DEROctetString certificateSerialNumber = null; for (int i = 0, len = asn1Seq.size(); i < len; i++) { DERTaggedObject derTagObj = (DERTaggedObject) asn1Seq.getObjectAt(i); DERObject derObj = derTagObj.getObject(); switch (derTagObj.getTagNo()) { case 0: keyIdentifier = (DEROctetString) derObj; break; case 1: if (derObj instanceof ASN1Sequence) { authorityCertIssuer = (ASN1Sequence) derObj; } else { authorityCertIssuer = new DERSequence(derObj); } break; case 2: certificateSerialNumber = (DEROctetString) derObj; break; } } StringBuffer strBuff = new StringBuffer(); if (keyIdentifier != null) { byte[] bKeyIdent = keyIdentifier.getOctets(); strBuff.append(MessageFormat.format(localeUtil.getString("KeyIdentifier"), new Object[] { convertToHexString(bKeyIdent) })); strBuff.append('\n'); } if (authorityCertIssuer != null) { strBuff.append(localeUtil.getString("CertificateIssuer")); strBuff.append('\n'); for (int i = 0, len = authorityCertIssuer.size(); i < len; i++) { DERTaggedObject generalName = (DERTaggedObject) authorityCertIssuer.getObjectAt(i); strBuff.append('\t'); strBuff.append(getGeneralNameString(generalName)); strBuff.append('\n'); } } if (certificateSerialNumber != null) { byte[] bCertSerialNumber = certificateSerialNumber.getOctets(); strBuff.append(MessageFormat.format(localeUtil.getString("CertificateSerialNumber"), new Object[] { convertToHexString(bCertSerialNumber) })); strBuff.append('\n'); } return strBuff.toString(); }
From source file:com.linkedin.mitm.services.IdentityCertificateService.java
License:Open Source License
/** * Fill subject alternate names in to signedCertificatebuilder to build new certificate * @param sans a list of subject alternate name. * * */// www. ja v a 2 s . com private void fillSans(List<ASN1Encodable> sans, X509v3CertificateBuilder x509v3CertificateBuilder) throws CertIOException { if (!sans.isEmpty()) { ASN1Encodable[] encodables = sans.toArray(new ASN1Encodable[sans.size()]); x509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new DERSequence(encodables)); } }
From source file:com.novosec.pkix.asn1.cmp.CAKeyUpdAnnContent.java
License:Open Source License
public DERObject getDERObject() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(oldWithNew);//w w w . jav a 2s.c o m v.add(newWithOld); v.add(newWithNew); return new DERSequence(v); }