org.bouncycastle.asn1.DERTaggedObject Java Examples

The following examples show how to use org.bouncycastle.asn1.DERTaggedObject. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: XmppDomainVerifier.java    From Conversations with GNU General Public License v3.0 6 votes vote down vote up
private static Pair<String, String> parseOtherName(byte[] otherName) {
    try {
        ASN1Primitive asn1Primitive = ASN1Primitive.fromByteArray(otherName);
        if (asn1Primitive instanceof DERTaggedObject) {
            ASN1Primitive inner = ((DERTaggedObject) asn1Primitive).getObject();
            if (inner instanceof DLSequence) {
                DLSequence sequence = (DLSequence) inner;
                if (sequence.size() >= 2 && sequence.getObjectAt(1) instanceof DERTaggedObject) {
                    String oid = sequence.getObjectAt(0).toString();
                    ASN1Primitive value = ((DERTaggedObject) sequence.getObjectAt(1)).getObject();
                    if (value instanceof DERUTF8String) {
                        return new Pair<>(oid, ((DERUTF8String) value).getString());
                    } else if (value instanceof DERIA5String) {
                        return new Pair<>(oid, ((DERIA5String) value).getString());
                    }
                }
            }
        }
        return null;
    } catch (IOException e) {
        return null;
    }
}
 
Example #2
Source File: KerberosRelevantAuthData.java    From jcifs with GNU Lesser General Public License v2.1 6 votes vote down vote up
public KerberosRelevantAuthData ( byte[] token, Map<Integer, KerberosKey> keys ) throws PACDecodingException {
    DLSequence authSequence;
    try {
        try ( ASN1InputStream stream = new ASN1InputStream(new ByteArrayInputStream(token)) ) {
            authSequence = ASN1Util.as(DLSequence.class, stream);
        }
    }
    catch ( IOException e ) {
        throw new PACDecodingException("Malformed kerberos ticket", e);
    }

    this.authorizations = new ArrayList<>();
    Enumeration<?> authElements = authSequence.getObjects();
    while ( authElements.hasMoreElements() ) {
        DLSequence authElement = ASN1Util.as(DLSequence.class, authElements);
        ASN1Integer authType = ASN1Util.as(ASN1Integer.class, ASN1Util.as(DERTaggedObject.class, authElement, 0));
        DEROctetString authData = ASN1Util.as(DEROctetString.class, ASN1Util.as(DERTaggedObject.class, authElement, 1));

        this.authorizations.addAll(KerberosAuthData.parse(authType.getValue().intValue(), authData.getOctets(), keys));
    }
}
 
Example #3
Source File: TestCertificateSignRequest.java    From hadoop-ozone with Apache License 2.0 6 votes vote down vote up
private void verifyServiceId(Extensions extensions) {
  GeneralNames gns =
      GeneralNames.fromExtensions(
          extensions, Extension.subjectAlternativeName);
  GeneralName[] names = gns.getNames();
  for(int i=0; i < names.length; i++) {
    if(names[i].getTagNo() == GeneralName.otherName) {
      ASN1Encodable asn1Encodable = names[i].getName();
      Iterator iterator = ((DLSequence) asn1Encodable).iterator();
      while (iterator.hasNext()) {
        Object o = iterator.next();
        if (o instanceof ASN1ObjectIdentifier) {
          String oid = o.toString();
          Assert.assertEquals(oid, "2.16.840.1.113730.3.1.34");
        }
        if (o instanceof DERTaggedObject) {
          String serviceName = ((DERTaggedObject)o).getObject().toString();
          Assert.assertEquals(serviceName, "OzoneMarketingCluster003");
        }
      }
    }
  }
}
 
Example #4
Source File: PolicyInfo.java    From signer with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
public void parse(ASN1Primitive derObject) {
    ASN1Sequence derSequence = ASN1Object.getDERSequence(derObject);
    ASN1Primitive firstObject = derSequence.getObjectAt(0).toASN1Primitive();
    this.policyName = new DirectoryString(firstObject.toString());
    ASN1Primitive secondObject = derSequence.getObjectAt(1).toASN1Primitive();
    String fieldOfApplication = secondObject.toString();
    this.fieldOfApplication = new DirectoryString(fieldOfApplication);
    this.signingPeriod = new SigningPeriod();
    this.signingPeriod.parse(derSequence.getObjectAt(2).toASN1Primitive());

    int indice = 3;
    ASN1Primitive revocationObject = derSequence.getObjectAt(indice).toASN1Primitive();
    if (!(secondObject instanceof DERTaggedObject)) {
        indice = 4;
    }
    if (indice == 3) {
        this.revocationDate = new Time();
        this.revocationDate.parse(revocationObject);
    }
}
 
Example #5
Source File: BasicCertificate.java    From signer with GNU Lesser General Public License v3.0 6 votes vote down vote up
/**
 *     *
 * @return the authority key identifier of a certificate
 * 
 */
public String getAuthorityKeyIdentifier() {
    // TODO - Precisa validar este metodo com a RFC
	try {
		DLSequence sequence = (DLSequence) getExtensionValue(Extension.authorityKeyIdentifier.getId());
		if (sequence == null || sequence.size() == 0) {
			return null;
		}
		DERTaggedObject taggedObject = (DERTaggedObject) sequence.getObjectAt(0);
		DEROctetString oct = (DEROctetString) taggedObject.getObject();
		return toString(oct.getOctets());
	} catch (Exception error) {
		logger.info(error.getMessage());
		return null;
	}
		
}
 
Example #6
Source File: XmppDomainVerifier.java    From ComplianceTester with BSD 3-Clause "New" or "Revised" License 6 votes vote down vote up
private static OtherName parseOtherName(byte[] otherName) {
    try {
        ASN1Primitive asn1Primitive = ASN1Primitive.fromByteArray(otherName);
        if (asn1Primitive instanceof DERTaggedObject) {
            ASN1Primitive inner = ((DERTaggedObject) asn1Primitive).getObject();
            if (inner instanceof DLSequence) {
                DLSequence sequence = (DLSequence) inner;
                if (sequence.size() >= 2 && sequence.getObjectAt(1) instanceof DERTaggedObject) {
                    String oid = sequence.getObjectAt(0).toString();
                    ASN1Primitive value = ((DERTaggedObject) sequence.getObjectAt(1)).getObject();
                    if (value instanceof DERUTF8String) {
                        return new OtherName(oid, ((DERUTF8String) value).getString());
                    } else if (value instanceof DERIA5String) {
                        return new OtherName(oid, ((DERIA5String) value).getString());
                    }
                }
            }
        }
        return null;
    } catch (IOException e) {
        return null;
    }
}
 
Example #7
Source File: KerberosRelevantAuthData.java    From jcifs-ng with GNU Lesser General Public License v2.1 6 votes vote down vote up
public KerberosRelevantAuthData ( byte[] token, Map<Integer, KerberosKey> keys ) throws PACDecodingException {
    DLSequence authSequence;
    try {
        try ( ASN1InputStream stream = new ASN1InputStream(new ByteArrayInputStream(token)) ) {
            authSequence = ASN1Util.as(DLSequence.class, stream);
        }
    }
    catch ( IOException e ) {
        throw new PACDecodingException("Malformed kerberos ticket", e);
    }

    this.authorizations = new ArrayList<>();
    Enumeration<?> authElements = authSequence.getObjects();
    while ( authElements.hasMoreElements() ) {
        DLSequence authElement = ASN1Util.as(DLSequence.class, authElements);
        ASN1Integer authType = ASN1Util.as(ASN1Integer.class, ASN1Util.as(DERTaggedObject.class, authElement, 0));
        DEROctetString authData = ASN1Util.as(DEROctetString.class, ASN1Util.as(DERTaggedObject.class, authElement, 1));

        this.authorizations.addAll(KerberosAuthData.parse(authType.getValue().intValue(), authData.getOctets(), keys));
    }
}
 
Example #8
Source File: CAdESTimestampDataBuilder.java    From dss with GNU Lesser General Public License v2.1 6 votes vote down vote up
private byte[] getCertificateDataBytes(final SignedData signedData) throws IOException {
	byte[] certificatesBytes = null;
	
	final ASN1Set certificates = signedData.getCertificates();
	if (certificates != null) {
		/*
		 * In order to calculate correct message imprint it is important
		 * to use the correct encoding.
		 */
		if (certificates instanceof BERSet) {
			certificatesBytes = new BERTaggedObject(false, 0, new BERSequence(certificates.toArray())).getEncoded();
		} else {
			certificatesBytes = new DERTaggedObject(false, 0, new DERSequence(certificates.toArray())).getEncoded();
		}
		
		if (LOG.isTraceEnabled()) {
			LOG.trace("Certificates: {}", DSSUtils.toHex(certificatesBytes));
		}
	}
	if (LOG.isDebugEnabled()) {
		LOG.debug("Certificates are not present in the SignedData.");
	}
	return certificatesBytes;
}
 
Example #9
Source File: CAdESTimestampDataBuilder.java    From dss with GNU Lesser General Public License v2.1 6 votes vote down vote up
private byte[] getCRLDataBytes(final SignedData signedData) throws IOException {
	byte[] crlBytes = null;
	
	final ASN1Set crLs = signedData.getCRLs();
	if (crLs != null) {
		
		if (signedData.getCRLs() instanceof BERSet) {
			crlBytes = new BERTaggedObject(false, 1, new BERSequence(crLs.toArray())).getEncoded();
		} else {
			crlBytes = new DERTaggedObject(false, 1, new DERSequence(crLs.toArray())).getEncoded();
		}
		if (LOG.isTraceEnabled()) {
			LOG.trace("CRLs: {}", DSSUtils.toHex(crlBytes));
		}
	}
	if (LOG.isDebugEnabled()) {
		LOG.debug("CRLs are not present in the SignedData.");
	}
	return crlBytes;
}
 
Example #10
Source File: CAdESTimestampSource.java    From dss with GNU Lesser General Public License v2.1 6 votes vote down vote up
private List<TimestampedReference> getSignedDataOCSPReferences(List<DEROctetString> crlsHashList, final DigestAlgorithm digestAlgorithm,
		final String timestampId) {
	List<TimestampedReference> references = new ArrayList<>();
	if (signatureOCSPSource instanceof CMSOCSPSource) {
		CMSOCSPSource cmsocspSource = (CMSOCSPSource) signatureOCSPSource;
		for (EncapsulatedRevocationTokenIdentifier token : cmsocspSource.getCMSSignedDataRevocationBinaries()) {
			OCSPResponseBinary binary = (OCSPResponseBinary) token;
			// Compute DERTaggedObject with the same algorithm how it was created
			// See: org.bouncycastle.cms.CMSUtils getOthersFromStore()
			OtherRevocationInfoFormat otherRevocationInfoFormat = new OtherRevocationInfoFormat(binary.getAsn1ObjectIdentifier(),
					DSSASN1Utils.toASN1Primitive(binary.getBasicOCSPRespContent()));
			// false value specifies an implicit encoding method
			DERTaggedObject derTaggedObject = new DERTaggedObject(false, 1, otherRevocationInfoFormat);
			if (isDigestValuePresent(DSSUtils.digest(digestAlgorithm, DSSASN1Utils.getDEREncoded(derTaggedObject)), crlsHashList)) {
				addReference(references, binary, TimestampedObjectType.REVOCATION);
			} else {
				LOG.warn("The OCSP Token with id [{}] was not included to the message imprint of timestamp with id [{}] "
						+ "or was added to the CMS SignedData after this ArchiveTimestamp!", 
						binary.asXmlId(), timestampId);
			}
		}
	}
	return references;
}
 
Example #11
Source File: SignerAttributeV2.java    From dss with GNU Lesser General Public License v2.1 6 votes vote down vote up
/**
 * <pre>
 *  SignerAttributeV2 ::= SEQUENCE {
 *	 	claimedAttributes [0] ClaimedAttributes OPTIONAL,
 * 		certifiedAttributesV2 [1] CertifiedAttributesV2 OPTIONAL,
 * 		signedAssertions [2] SignedAssertions OPTIONAL
 *	}
 * </pre>
 */
@Override
public ASN1Primitive toASN1Primitive() {
	ASN1EncodableVector v = new ASN1EncodableVector();

	for (int i = 0; i != values.length; i++) {
		if (values[i] instanceof Attribute[]) {
			v.add(new DERTaggedObject(0, new DERSequence((Attribute[]) values[i])));
		} else if (values[i] instanceof CertifiedAttributesV2) {
			v.add(new DERTaggedObject(1, (CertifiedAttributesV2) values[i]));
		} else if (values[i] instanceof SignedAssertions) {
			v.add(new DERTaggedObject(2, (SignedAssertions) values[i]));
		} else {
			LOG.warn("Unsupported type {}", values[i]);
		}
	}

	return new DERSequence(v);
}
 
Example #12
Source File: RevocationInfoArchival.java    From dss with GNU Lesser General Public License v2.1 6 votes vote down vote up
@Override
public ASN1Primitive toASN1Primitive()
   {
       ASN1EncodableVector v = new ASN1EncodableVector(3);
       if (null != this.crlVals)
       {
           v.add(new DERTaggedObject(true, 0, this.crlVals));
       }
       if (null != this.ocspVals)
       {
           v.add(new DERTaggedObject(true, 1, this.ocspVals));
       }
       if (null != this.otherRevVals)
       {
           v.add(new DERTaggedObject(true, 2, this.otherRevVals.toASN1Primitive()));
       }
       return new DERSequence(v);
   }
 
Example #13
Source File: XmppDomainVerifier.java    From Pix-Art-Messenger with GNU General Public License v3.0 6 votes vote down vote up
private static Pair<String, String> parseOtherName(byte[] otherName) {
    try {
        ASN1Primitive asn1Primitive = ASN1Primitive.fromByteArray(otherName);
        if (asn1Primitive instanceof DERTaggedObject) {
            ASN1Primitive inner = ((DERTaggedObject) asn1Primitive).getObject();
            if (inner instanceof DLSequence) {
                DLSequence sequence = (DLSequence) inner;
                if (sequence.size() >= 2 && sequence.getObjectAt(1) instanceof DERTaggedObject) {
                    String oid = sequence.getObjectAt(0).toString();
                    ASN1Primitive value = ((DERTaggedObject) sequence.getObjectAt(1)).getObject();
                    if (value instanceof DERUTF8String) {
                        return new Pair<>(oid, ((DERUTF8String) value).getString());
                    } else if (value instanceof DERIA5String) {
                        return new Pair<>(oid, ((DERIA5String) value).getString());
                    }
                }
            }
        }
        return null;
    } catch (IOException e) {
        return null;
    }
}
 
Example #14
Source File: PublicKeyInfo.java    From InflatableDonkey with MIT License 6 votes vote down vote up
@Override
public ASN1Primitive toASN1Primitive() {

    DERTaggedObject signatureInfoEncodable
            = signatureInfo.map(e -> new DERTaggedObject(SIGNATURE_INFO, e))
            .orElse(null);

    DERTaggedObject signatureEncodable
            = signature.map(e -> new DERTaggedObject(SIGNATURE, e))
            .orElse(null);

    DERTaggedObject extendedSignatureEncodable
            = extendedSignature.map(e -> new DERTaggedObject(EXTENDED_SIGNATURE, e))
            .orElse(null);

    ASN1EncodableVector vector = DER.vector(
            new ASN1Integer(service),
            new ASN1Integer(type),
            new DEROctetString(key()),
            signatureInfoEncodable,
            signatureEncodable,
            extendedSignatureEncodable);

    DERSequence sequence = new DERSequence(vector);
    return DER.toApplicationSpecific(APPLICATION_TAG, sequence);
}
 
Example #15
Source File: SECPrivateKey.java    From InflatableDonkey with MIT License 6 votes vote down vote up
@Override
public ASN1Primitive toASN1Primitive() {
    DERTaggedObject parametersEncodable = parameters()
            .map(DEROctetString::new)
            .map(e -> new DERTaggedObject(PARAMETERS, e))
            .orElseGet(null);

    DERTaggedObject publicKeyEncodable = publicKey()
            .map(DERBitString::new)
            .map(e -> new DERTaggedObject(PUBLIC_KEY, e))
            .orElseGet(null);

    ASN1EncodableVector vector = DER.vector(
            new ASN1Integer(version),
            new DEROctetString(privateKey),
            parametersEncodable,
            publicKeyEncodable);

    return new DERSequence(vector);
}
 
Example #16
Source File: ProxyMessage.java    From xipki with Apache License 2.0 6 votes vote down vote up
@Override
public ASN1Primitive toASN1Primitive() {
  ASN1EncodableVector vector = new ASN1EncodableVector();
  vector.add(new DERUTF8String(control.getLabel()));

  byte[] id = control.getId();
  if (id != null) {
    vector.add(new DERTaggedObject(0, new DEROctetString(id)));
  }

  Set<P11KeyUsage> usages = control.getUsages();
  if (CollectionUtil.isNotEmpty(usages)) {
    ASN1EncodableVector asn1Usages = new ASN1EncodableVector();
    for (P11KeyUsage usage : usages) {
      int value = usageToValueMap.get(usage);
      asn1Usages.add(new ASN1Enumerated(value));
    }
    vector.add(new DERTaggedObject(1, new DERSequence(asn1Usages)));
  }

  if (control.getExtractable() != null) {
    vector.add(new DERTaggedObject(2, ASN1Boolean.getInstance(control.getExtractable())));
  }

  return new DERSequence(vector);
}
 
Example #17
Source File: OcspRef.java    From freehealth-connector with GNU Affero General Public License v3.0 5 votes vote down vote up
private String getResponderIdByName() {
   RespID responderId = this.ocsp.getResponderId();
   ResponderID responderIdAsASN1Object = responderId.toASN1Primitive();
   DERTaggedObject derTaggedObject = (DERTaggedObject)responderIdAsASN1Object.toASN1Primitive();
   if (2 == derTaggedObject.getTagNo()) {
      return null;
   } else {
      ASN1Primitive derObject = derTaggedObject.getObject();
      X500Name name = X500Name.getInstance(derObject);
      return RFC2253Parser.normalize(name.toString());
   }
}
 
Example #18
Source File: ExtensionType.java    From xipki with Apache License 2.0 5 votes vote down vote up
public ASN1Sequence toXiPolicyConstrains() throws CertprofileException {
  if (requireExplicitPolicy != null && requireExplicitPolicy < 0) {
    throw new CertprofileException(
        "negative requireExplicitPolicy is not allowed: " + requireExplicitPolicy);
  }

  if (inhibitPolicyMapping != null && inhibitPolicyMapping < 0) {
    throw new CertprofileException(
        "negative inhibitPolicyMapping is not allowed: " + inhibitPolicyMapping);
  }

  if (requireExplicitPolicy == null && inhibitPolicyMapping == null) {
    return null;
  }

  final boolean explicit = false;
  ASN1EncodableVector vec = new ASN1EncodableVector();
  if (requireExplicitPolicy != null) {
    vec.add(new DERTaggedObject(explicit, 0,
        new ASN1Integer(BigInteger.valueOf(requireExplicitPolicy))));
  }

  if (inhibitPolicyMapping != null) {
    vec.add(new DERTaggedObject(explicit, 1,
        new ASN1Integer(BigInteger.valueOf(inhibitPolicyMapping))));
  }

  return new DERSequence(vec);
}
 
Example #19
Source File: ObjectSignature.java    From InflatableDonkey with MIT License 5 votes vote down vote up
@Override
public ASN1Primitive toASN1Primitive() {

    DERTaggedObject signatureInfoEncodable = signatureInfo
            .map(e -> new DERTaggedObject(SIGNATURE_INFO, e))
            .orElseGet(null);

    DERTaggedObject signatureEncodable = signature
            .map(e -> new DERTaggedObject(SIGNATURE, e))
            .orElseGet(null);

    ASN1EncodableVector vector = DER.vector(signatureInfoEncodable, signatureEncodable);

    return new DERSequence(vector);
}
 
Example #20
Source File: ProxyMessage.java    From xipki with Apache License 2.0 5 votes vote down vote up
@Override
public ASN1Primitive toASN1Primitive() {
  ASN1EncodableVector vector = new ASN1EncodableVector();
  vector.add(new DERUTF8String(control.getLabel()));

  byte[] id = control.getId();
  if (id != null) {
    vector.add(new DERTaggedObject(0, new DEROctetString(id)));
  }

  return new DERSequence(vector);
}
 
Example #21
Source File: OcspRef.java    From freehealth-connector with GNU Affero General Public License v3.0 5 votes vote down vote up
private byte[] getResponderIdByKey() {
   ResponderID responderID = this.ocsp.getResponderId().toASN1Primitive();
   DERTaggedObject derTaggedObject = (DERTaggedObject)responderID.toASN1Primitive();
   if (2 == derTaggedObject.getTagNo()) {
      ASN1OctetString keyHashOctetString = (ASN1OctetString)derTaggedObject.getObject();
      return keyHashOctetString.getOctets();
   } else {
      return new byte[0];
   }
}
 
Example #22
Source File: DSSASN1Utils.java    From dss with GNU Lesser General Public License v2.1 5 votes vote down vote up
private static String parseGn(GeneralName gn) {
	try {
		if (GeneralName.uniformResourceIdentifier == gn.getTagNo()) {
			ASN1String str = (ASN1String) ((DERTaggedObject) gn.toASN1Primitive()).getObject();
			return str.getString();
		}
	} catch (Exception e) {
		LOG.warn("Unable to parse GN '{}'", gn, e);
	}
	return null;
}
 
Example #23
Source File: OcspRef.java    From freehealth-connector with GNU Affero General Public License v3.0 5 votes vote down vote up
private String getResponderIdByName() {
   RespID responderId = this.ocsp.getResponderId();
   ResponderID responderIdAsASN1Object = responderId.toASN1Primitive();
   DERTaggedObject derTaggedObject = (DERTaggedObject)responderIdAsASN1Object.toASN1Primitive();
   if (2 == derTaggedObject.getTagNo()) {
      return null;
   } else {
      ASN1Primitive derObject = derTaggedObject.getObject();
      X500Name name = X500Name.getInstance(derObject);
      return RFC2253Parser.normalize(name.toString());
   }
}
 
Example #24
Source File: AbstractCRLUtils.java    From dss with GNU Lesser General Public License v2.1 5 votes vote down vote up
private String getUrl(DistributionPointName distributionPoint) {
	if ((distributionPoint != null) && (DistributionPointName.FULL_NAME == distributionPoint.getType())) {
		final GeneralNames generalNames = (GeneralNames) distributionPoint.getName();
		if ((generalNames != null) && (generalNames.getNames() != null && generalNames.getNames().length > 0)) {
			for (GeneralName generalName : generalNames.getNames()) {
				if (GeneralName.uniformResourceIdentifier == generalName.getTagNo()) {
					ASN1String str = (ASN1String) ((DERTaggedObject) generalName.toASN1Primitive()).getObject();
					return str.getString();
				}
			}
		}
	}
	return null;
}
 
Example #25
Source File: CertifiedAttributesV2.java    From dss with GNU Lesser General Public License v2.1 5 votes vote down vote up
@Override
public ASN1Primitive toASN1Primitive() {
	ASN1EncodableVector v = new ASN1EncodableVector();
	for (int i = 0; i != values.length; i++) {
		if (values[i] instanceof AttributeCertificate) {
			v.add(new DERTaggedObject(0, (AttributeCertificate) values[i]));
		} else {
			LOG.warn("Unsupported type : {}", values[i]);
		}
	}
	return new DERSequence(v);
}
 
Example #26
Source File: CadesLevelBaselineLTATimestampExtractor.java    From dss with GNU Lesser General Public License v2.1 5 votes vote down vote up
/**
 * 3) Fields version, sid, digestAlgorithm, signedAttrs, signatureAlgorithm, and
 * signature within the SignedData.signerInfos’s item corresponding to the signature being archive
 * time-stamped, in their order of appearance.
 *
 * @param signerInformation
 * @return
 */
private byte[] getSignedFields(final SignerInformation signerInformation) {

	final SignerInfo signerInfo = signerInformation.toASN1Structure();
	final ASN1Integer version = signerInfo.getVersion();
	final SignerIdentifier sid = signerInfo.getSID();
	final AlgorithmIdentifier digestAlgorithm = signerInfo.getDigestAlgorithm();
	final DERTaggedObject signedAttributes = CMSUtils.getDERSignedAttributes(signerInformation);
	final AlgorithmIdentifier digestEncryptionAlgorithm = signerInfo.getDigestEncryptionAlgorithm();
	final ASN1OctetString encryptedDigest = signerInfo.getEncryptedDigest();

	final byte[] derEncodedVersion = DSSASN1Utils.getDEREncoded(version);
	final byte[] derEncodedSid = DSSASN1Utils.getDEREncoded(sid);
	final byte[] derEncodedDigestAlgorithm = DSSASN1Utils.getDEREncoded(digestAlgorithm);
	final byte[] derEncodedSignedAttributes = DSSASN1Utils.getDEREncoded(signedAttributes);
	final byte[] derEncodedDigestEncryptionAlgorithm = DSSASN1Utils.getDEREncoded(digestEncryptionAlgorithm);
	final byte[] derEncodedEncryptedDigest = DSSASN1Utils.getDEREncoded(encryptedDigest);
	if (LOG.isDebugEnabled()) {

		LOG.debug("getSignedFields Version={}", Utils.toBase64(derEncodedVersion));
		LOG.debug("getSignedFields Sid={}", Utils.toBase64(derEncodedSid));
		LOG.debug("getSignedFields DigestAlgorithm={}", Utils.toBase64(derEncodedDigestAlgorithm));
		LOG.debug("getSignedFields SignedAttributes={}", Utils.toBase64(derEncodedSignedAttributes));
		LOG.debug("getSignedFields DigestEncryptionAlgorithm={}", Utils.toBase64(derEncodedDigestEncryptionAlgorithm));
		LOG.debug("getSignedFields EncryptedDigest={}", Utils.toBase64(derEncodedEncryptedDigest));
	}
	return DSSUtils.concatenate(derEncodedVersion, derEncodedSid, derEncodedDigestAlgorithm, derEncodedSignedAttributes,
			derEncodedDigestEncryptionAlgorithm, derEncodedEncryptedDigest);
}
 
Example #27
Source File: OcspRef.java    From freehealth-connector with GNU Affero General Public License v3.0 5 votes vote down vote up
private byte[] getResponderIdByKey() {
   ResponderID responderID = this.ocsp.getResponderId().toASN1Primitive();
   DERTaggedObject derTaggedObject = (DERTaggedObject)responderID.toASN1Primitive();
   if (2 == derTaggedObject.getTagNo()) {
      ASN1OctetString keyHashOctetString = (ASN1OctetString)derTaggedObject.getObject();
      return keyHashOctetString.getOctets();
   } else {
      return new byte[0];
   }
}
 
Example #28
Source File: OcspRef.java    From freehealth-connector with GNU Affero General Public License v3.0 5 votes vote down vote up
private String getResponderIdByName() {
   RespID responderId = this.ocsp.getResponderId();
   ResponderID responderIdAsASN1Object = responderId.toASN1Primitive();
   DERTaggedObject derTaggedObject = (DERTaggedObject)responderIdAsASN1Object.toASN1Primitive();
   if (2 == derTaggedObject.getTagNo()) {
      return null;
   } else {
      ASN1Primitive derObject = derTaggedObject.getObject();
      X500Name name = X500Name.getInstance(derObject);
      return RFC2253Parser.normalize(name.toString());
   }
}
 
Example #29
Source File: CAdESTimestampDataBuilder.java    From dss with GNU Lesser General Public License v2.1 5 votes vote down vote up
/**
 * Copied from org.bouncycastle.asn1.cms.SignerInfo#toASN1Object() and
 * adapted to be able to use the custom unauthenticatedAttributes
 * 
 * There is a difference in ETSI TS 101 733 version 1.8.3 and version 2.2.1 in archive-timestamp-v2 hash calculation.
 * In the 1.8.3 version the calculation did not include the tag and the length octets of the unsigned attributes set.
 * The hash calculation is described in Annex K in both versions of ETSI TS 101 733.
 * The differences are in TableK.3: Signed Data in rows 22 and 23.
 * However, there is a note in 2.2.1 version (Annex K, Table K.3: SignedData, Note 3) that says:
 * "A previous version of CAdES did not include the tag and length octets of this SET OF type
 * of unsignedAttrs element in this annex, which contradicted the normative section. To maximize
 * interoperability, it is recommended to imultaneously compute the two hash values
 * (including and not including the tag and length octets of SET OF type) and to test
 * the value of the timestamp against both."
 * The includeUnsignedAttrsTagAndLength parameter decides whether the tag and length octets are included.
 *
 * @param signerInfo
 * @param signerInfo
 * @param unauthenticatedAttributes
 * @param includeUnsignedAttrsTagAndLength
 * @return
 */
private ASN1Sequence getSignerInfoEncoded(final SignerInfo signerInfo, final ASN1Sequence unauthenticatedAttributes, final boolean includeUnsignedAttrsTagAndLength) {

	ASN1EncodableVector v = new ASN1EncodableVector();

	v.add(signerInfo.getVersion());
	v.add(signerInfo.getSID());
	v.add(signerInfo.getDigestAlgorithm());

	final DERTaggedObject signedAttributes = CMSUtils.getDERSignedAttributes(signerInformation);
	if (signedAttributes != null) {
		v.add(signedAttributes);
	}

	v.add(signerInfo.getDigestEncryptionAlgorithm());
	v.add(signerInfo.getEncryptedDigest());

	if (unauthenticatedAttributes != null) {
		if (includeUnsignedAttrsTagAndLength) {
			v.add(new DERTaggedObject(false, 1, unauthenticatedAttributes));
		} else {
			for (int i = 0; i < unauthenticatedAttributes.size(); i++) {
				v.add(unauthenticatedAttributes.getObjectAt(i));
			}
		}
	}
	
	return new DERSequence(v);
}
 
Example #30
Source File: EncryptedKeys.java    From InflatableDonkey with MIT License 5 votes vote down vote up
@Override
public ASN1Primitive toASN1Primitive() {
    DERTaggedObject cont0Encodable = cont0()
            .map(DEROctetString::new)
            .map(e -> new DERTaggedObject(CONT0, e))
            .orElseGet(null);

    ASN1EncodableVector vector = DER.vector(
            new ASN1Integer(x),
            DER.toSet(encryptedKeySet),
            cont0Encodable);

    return new DERSequence(vector);
}