/** * Encodes the signature as a DER sequence (ASN.1 format). */ private byte[] asnEncode(byte[] sigBlob) throws IOException { byte[] r = new BigInteger(1, Arrays.copyOfRange(sigBlob, 0, 20)).toByteArray(); byte[] s = new BigInteger(1, Arrays.copyOfRange(sigBlob, 20, 40)).toByteArray(); ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(new ASN1Integer(r)); vector.add(new ASN1Integer(s)); ByteArrayOutputStream baos = new ByteArrayOutputStream(); ASN1OutputStream asnOS = new ASN1OutputStream(baos); asnOS.writeObject(new DERSequence(vector)); asnOS.flush(); return baos.toByteArray(); } }
protected static GeneralNames getSubjectAlternativeNames( Set<String> sanDnsNames ) { final ASN1EncodableVector subjectAlternativeNames = new ASN1EncodableVector(); if ( sanDnsNames != null ) { for ( final String dnsNameValue : sanDnsNames ) { subjectAlternativeNames.add( new GeneralName( GeneralName.dNSName, dnsNameValue ) ); } } return GeneralNames.getInstance( new DERSequence( subjectAlternativeNames ) ); }
public CertificateExtension generateVOMSExtension( List<X509AttributeCertificateHolder> acs) { ASN1EncodableVector vomsACs = new ASN1EncodableVector(); for (X509AttributeCertificateHolder ac : acs) vomsACs.add(ac.toASN1Structure()); DERSequence acSeq = new DERSequence(vomsACs); CertificateExtension ext = new CertificateExtension( VOMS_EXTENSION_OID.getId(), acSeq.toASN1Primitive(), false); return ext; }
@Override public ASN1Primitive toASN1Primitive() { DERTaggedObject parametersEncodable = parameters() .map(DEROctetString::new) .map(e -> new DERTaggedObject(PARAMETERS, e)) .orElseGet(null); DERTaggedObject publicKeyEncodable = publicKey() .map(DERBitString::new) .map(e -> new DERTaggedObject(PUBLIC_KEY, e)) .orElseGet(null); ASN1EncodableVector vector = DER.vector( new ASN1Integer(version), new DEROctetString(privateKey), parametersEncodable, publicKeyEncodable); return new DERSequence(vector); }
/** * Remove any archive-timestamp-v2/3 attribute added after the timestampToken */ private ASN1Sequence filterUnauthenticatedAttributes(ASN1Set unauthenticatedAttributes, TimestampToken timestampToken) { ASN1EncodableVector result = new ASN1EncodableVector(); for (int ii = 0; ii < unauthenticatedAttributes.size(); ii++) { final Attribute attribute = Attribute.getInstance(unauthenticatedAttributes.getObjectAt(ii)); final ASN1ObjectIdentifier attrType = attribute.getAttrType(); if (id_aa_ets_archiveTimestampV2.equals(attrType) || id_aa_ets_archiveTimestampV3.equals(attrType)) { try { TimeStampToken token = new TimeStampToken(new CMSSignedData(DSSASN1Utils.getDEREncoded(attribute.getAttrValues().getObjectAt(0).toASN1Primitive()))); if (!token.getTimeStampInfo().getGenTime().before(timestampToken.getGenerationTime())) { continue; } } catch (Exception e) { throw new DSSException(e); } } result.add(unauthenticatedAttributes.getObjectAt(ii)); } return new DERSequence(result); }
if (extensionRequest.size() != 2) { continue; DEREncodable idObj = extensionRequest.getObjectAt(0); DEREncodable contentObj = extensionRequest.getObjectAt(1); if (!(idObj instanceof ASN1ObjectIdentifier && contentObj instanceof DERSet)) { continue; for (int k = 0; k < extensions.size(); k++) { DEREncodable extensionObj = extensions.getObjectAt(k); if (!(extensionObj instanceof DERSequence)) { continue; if (extension.size() != 2) { continue; DEREncodable extensionIdObj = extension.getObjectAt(0); DEREncodable extensionContentObj = extension.getObjectAt(1); if (!(extensionIdObj instanceof ASN1ObjectIdentifier)) { continue; ASN1StreamParser sanParser = new ASN1StreamParser(san.parser().getOctetStream()); DEREncodable namesObj = sanParser.readObject().getDERObject(); if (namesObj instanceof DERSequence) { DERSequence names = (DERSequence) namesObj; for (int m = 0; m < names.size(); m++) { DEREncodable nameObj = names.getObjectAt(m); if (nameObj instanceof DERTaggedObject) { DERTaggedObject name = (DERTaggedObject) nameObj;
public byte[] encode(BigInteger n, BigInteger r, BigInteger s) throws IOException { ASN1EncodableVector v = new ASN1EncodableVector(); encodeValue(n, v, r); encodeValue(n, v, s); return new DERSequence(v).getEncoded(ASN1Encoding.DER); }
new ASN1ObjectIdentifier(BASIC_CONSTRAINTS_EXTENSION), false, new DERSequence(ASN1Boolean.TRUE)) .build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate())) .getEncoded();
@Override public Attribute getValue() { try { X509Certificate cert = (X509Certificate) certificates[0]; Digest digest = DigestFactory.getInstance().factoryDefault(); digest.setAlgorithm(DigestAlgorithmEnum.SHA_1); byte[] hash = digest.digest(cert.getEncoded()); X500Name dirName = new X500Name(cert.getSubjectDN().getName()); GeneralName name = new GeneralName(dirName); GeneralNames issuer = new GeneralNames(name); ASN1Integer serial = new ASN1Integer(cert.getSerialNumber()); IssuerSerial issuerSerial = new IssuerSerial(issuer, serial); ESSCertID essCertId = new ESSCertID(hash, issuerSerial); return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(new ASN1Encodable[]{new DERSequence(essCertId), new DERSequence(DERNull.INSTANCE)}))); } catch (CertificateEncodingException ex) { throw new SignerException(ex.getMessage()); } } }
public static byte[] sign(byte[] data, BigInteger privateKeyS) throws IOException { //BigInteger privateKeyS = new BigInteger(hexPvk, 16); BigInteger[] rs = Sign(data, privateKeyS); // byte[] r = getEncoded(rs[0]); // byte[] s = getEncoded(rs[1]); ASN1Integer[] ars = new ASN1Integer[]{ new ASN1Integer(rs[0]), new ASN1Integer(rs[1]) }; return new DERSequence(ars).getEncoded(ASN1Encoding.DER); }
@Override public ASN1Primitive toASN1Primitive() { DERTaggedObject cont0Encodable = cont0() .map(DEROctetString::new) .map(e -> new DERTaggedObject(CONT0, e)) .orElseGet(null); ASN1EncodableVector vector = DER.vector( new ASN1Integer(x), DER.toSet(encryptedKeySet), cont0Encodable); return new DERSequence(vector); }
public void fillInto(X509v3CertificateBuilder certGen) throws CertIOException { if (!sans.isEmpty()) { ASN1Encodable[] encodables = sans.toArray(new ASN1Encodable[sans .size()]); certGen.addExtension(Extension.subjectAlternativeName, false, new DERSequence(encodables)); } }
/** * 解DER编码密文(根据《SM2密码算法使用规范》 GM/T 0009-2012) * * @param derCipher * @return */ public static byte[] decodeDERSM2Cipher(byte[] derCipher) { ASN1Sequence as = DERSequence.getInstance(derCipher); byte[] c1x = ((ASN1Integer) as.getObjectAt(0)).getValue().toByteArray(); byte[] c1y = ((ASN1Integer) as.getObjectAt(1)).getValue().toByteArray(); byte[] c3 = ((DEROctetString) as.getObjectAt(2)).getOctets(); byte[] c2 = ((DEROctetString) as.getObjectAt(3)).getOctets(); int pos = 0; byte[] cipherText = new byte[1 + c1x.length + c1y.length + c2.length + c3.length]; final byte uncompressedFlag = 0x04; cipherText[0] = uncompressedFlag; pos += 1; System.arraycopy(c1x, 0, cipherText, pos, c1x.length); pos += c1x.length; System.arraycopy(c1y, 0, cipherText, pos, c1y.length); pos += c1y.length; System.arraycopy(c2, 0, cipherText, pos, c2.length); pos += c2.length; System.arraycopy(c3, 0, cipherText, pos, c3.length); return cipherText; }
private String getSubjectAlternativeNames(final X509Certificate certificate, final int index, final int type) { final byte[] extVal = certificate.getExtensionValue(Extension.issuerAlternativeName.getId()); if (extVal == null) { return null; } try { final Enumeration<?> it = DERSequence.getInstance(X509ExtensionUtil.fromExtensionValue(extVal)).getObjects(); int i = index; while (it.hasMoreElements()) { if (index == i++) { final GeneralName genName = GeneralName.getInstance(it.nextElement()); if (genName.getTagNo() == type) { return ASN1String.class.cast(genName.getName()).getString(); } } } } catch (final IOException e) { // no-op } return null; }
/** * Returns the AuthorityKeyIdentifier extension value on String format.<br> * Otherwise, returns <b>null</b>.<br> * * @return String * @throws IOException */ public String getAuthorityKeyIdentifier() throws IOException { // TODO - Precisa validar este metodo com a RFC DERSequence seq = (DERSequence) getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId()); if (seq == null || seq.size() == 0) { return null; } DERTaggedObject tag = (DERTaggedObject) seq.getObjectAt(0); DEROctetString oct = (DEROctetString) DEROctetString.getInstance(tag); return toString(oct.getOctets()); }
try pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_CONSTRAINTS)); if (constraint.getTagNo() == 1) tmpInt = ASN1Integer.getInstance(constraint, false).getValue().intValue(); if (tmpInt < policyMapping)
public enum CertPathEncoding { PKCS7, PkiPath }
@Override public void parse(ASN1Primitive derObject) { DERTaggedObject derTaggedObject = (DERTaggedObject) derObject; DERSequence derSequence = (DERSequence) derTaggedObject.getObject(); int total = derSequence.size(); for (int i = 0; i < total; i++) { ObjectIdentifier objectIdentifier = new ObjectIdentifier(); objectIdentifier.parse(derSequence.getObjectAt(i).toASN1Primitive()); if (this.pathLenConstraints == null) { this.pathLenConstraints = new ArrayList<ObjectIdentifier>(); } this.pathLenConstraints.add(objectIdentifier); } }
/** * 将DER编码的SM2签名解析成64字节的纯R+S字节流 * * @param derSign * @return */ public static byte[] decodeDERSM2Sign(byte[] derSign) { ASN1Sequence as = DERSequence.getInstance(derSign); byte[] rBytes = ((ASN1Integer) as.getObjectAt(0)).getValue().toByteArray(); byte[] sBytes = ((ASN1Integer) as.getObjectAt(1)).getValue().toByteArray(); //由于大数的补0规则,所以可能会出现33个字节的情况,要修正回32个字节 rBytes = fixToCurveLengthBytes(rBytes); sBytes = fixToCurveLengthBytes(sBytes); byte[] rawSign = new byte[rBytes.length + sBytes.length]; System.arraycopy(rBytes, 0, rawSign, 0, rBytes.length); System.arraycopy(sBytes, 0, rawSign, rBytes.length, sBytes.length); return rawSign; }
private void prepareKeyBlob() throws IOException { SubjectPublicKeyInfo ephemeralKey = null; CustomECPoint ecPoint = msg.getComputations().getClientPublicKey(); if (ecPoint != null) { ephemeralKey = SubjectPublicKeyInfo.getInstance(generatePublicKey(ecPoint).getEncoded()); } Gost2814789EncryptedKey encryptedKey = new Gost2814789EncryptedKey(msg.getComputations().getEncryptedKey() .getValue(), getMaskKey(), msg.getComputations().getMacKey().getValue()); ASN1ObjectIdentifier paramSet = new ASN1ObjectIdentifier(msg.getComputations().getEncryptionParamSet() .getValue()); GostR3410TransportParameters params = new GostR3410TransportParameters(paramSet, ephemeralKey, msg .getComputations().getUkm().getValue()); GostR3410KeyTransport transport = new GostR3410KeyTransport(encryptedKey, params); DERSequence proxyKeyBlobs = (DERSequence) DERSequence.getInstance(getProxyKeyBlobs()); TLSGostKeyTransportBlob blob = new TLSGostKeyTransportBlob(transport, proxyKeyBlobs); msg.setKeyTransportBlob(blob.getEncoded()); LOGGER.debug("GOST key blob: " + ASN1Dump.dumpAsString(blob, true)); }