Package com.maverick.crypto.asn1

Examples of com.maverick.crypto.asn1.DERGeneralizedTime

23
24
25
26
27
28
29
   
    public RevokedStatus(
        Date        revocationDate,
        int         reason)
    {
        this.info = new RevokedInfo(new DERGeneralizedTime(revocationDate), new CRLReason(reason));
    }
View Full Code Here
51
52
53
54
55
56
57
58
59
60
61
        String  d = dateF.format(date) + "Z";
        int     year = Integer.parseInt(d.substring(0, 4));

        if (year < 1950 || year > 2049)
        {
            time = new DERGeneralizedTime(d);
        }
        else
        {
            time = new DERUTCTime(d.substring(2));
        }
View Full Code Here
49
50
51
52
53
54
55
56
57
58
59
            {
                return new DERIA5String(value);
            }
            else if (oid.equals(X509Name.DATE_OF_BIRTH))  // accept time string as well as # (for compatibility)
            {
                return new DERGeneralizedTime(value);
            }
            else if (oid.equals(X509Name.C) || oid.equals(X509Name.SN) || oid.equals(X509Name.DN_QUALIFIER))
            {
                 return new DERPrintableString(value);
            }
View Full Code Here
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
            }
            else
            {
                if (index - 1 == 0)
                {
                    DERGeneralizedTime dateOfCertgen = null;
                    try
                    {
                        dateOfCertgen = DERGeneralizedTime
                            .getInstance(((X509Certificate) certPath
                                .getCertificates().get(index - 1))
                                .getExtensionValue(ISISMTTObjectIdentifiers.id_isismtt_at_dateOfCertGen
                                    .getId()));
                    }
                    catch (IllegalArgumentException e)
                    {
                        throw new AnnotatedException(
                            "Date of cert gen extension could not be read.");
                    }
                    if (dateOfCertgen != null)
                    {
                        try
                        {
                            return dateOfCertgen.getDate();
                        }
                        catch (ParseException e)
                        {
                            throw new AnnotatedException(
                                "Date from dat of cert gen extension could not be parsed.",
View Full Code Here
53
54
55
56
57
58
59
60
61
62
63
        String  d = dateF.format(date) + "Z";
        int     year = Integer.parseInt(d.substring(0, 4));

        if (year < 1950 || year > 2049)
        {
            time = new DERGeneralizedTime(d);
        }
        else
        {
            time = new DERUTCTime(d.substring(2));
        }
View Full Code Here
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
                                transactionLogger.paramPut(ITransactionLogger.CERT_STATUS, OCSPUnidResponse.OCSP_GOOD);
                            }
            } else if ( status.equals(CertificateStatus.REVOKED) ) {
                // Revocation info available for this cert, handle it
                sStatus ="revoked";
                certStatus = new RevokedStatus(new RevokedInfo(new DERGeneralizedTime(status.revocationDate),
                                                               new CRLReason(status.revocationReason)));
                transactionLogger.paramPut(ITransactionLogger.CERT_STATUS, OCSPUnidResponse.OCSP_REVOKED); //1 = revoked
            } else {
                sStatus = "good";
                certStatus = null;
                transactionLogger.paramPut(ITransactionLogger.CERT_STATUS, OCSPUnidResponse.OCSP_GOOD);
            }
                        infoMsg = intres.getLocalizedMessage("ocsp.infoaddedstatusinfo", sStatus, certId.getSerialNumber().toString(16), cacert.getSubjectDN().getName());
                        m_log.info(infoMsg);
                        responseList.add(new OCSPResponseItem(certId, certStatus, nextUpdate));
                        transactionLogger.writeln();
          } else {
            certStatus = new RevokedStatus(new RevokedInfo(new DERGeneralizedTime(cacertStatus.revocationDate),
                new CRLReason(cacertStatus.revocationReason)));
            infoMsg = intres.getLocalizedMessage("ocsp.infoaddedstatusinfo", "revoked", certId.getSerialNumber().toString(16), cacert.getSubjectDN().getName());
            m_log.info(infoMsg);
            responseList.add(new OCSPResponseItem(certId, certStatus, nextUpdate));
            transactionLogger.paramPut(ITransactionLogger.CERT_STATUS, OCSPUnidResponse.OCSP_REVOKED);
View Full Code Here
93
94
95
96
97
98
99
100
101
102
103
104
              prefix = ", ";
            }
            if (attr.getAttrType().getId().equals(id_pda_dateOfBirth)) {
              ASN1Set set = attr.getAttrValues();
              // Come on, we'll only allow one dateOfBirth, we're not allowing such frauds with multiple birth dates
              DERGeneralizedTime time = DERGeneralizedTime.getInstance(set.getObjectAt(0));
              Date date = time.getDate();
              String dateStr = dateF.format(date);
              result += prefix + "dateOfBirth="+dateStr;
            }
            if (attr.getAttrType().getId().equals(id_pda_placeOfBirth)) {
              ASN1Set set = attr.getAttrValues();
View Full Code Here
176
177
178
179
180
181
182
183
184
185
186
        value = CertTools.getPartFromDN(dirAttr, "dateOfBirth");
        if (!StringUtils.isEmpty(value)) {
            if (value.length() == 8) {
                value += "120000Z"; // standard format according to rfc3739
              ASN1EncodableVector vec = new ASN1EncodableVector();
                vec.add(new DERGeneralizedTime(value));
                attr = new Attribute(new DERObjectIdentifier(id_pda_dateOfBirth),new DERSet(vec));
                ret.add(attr);               
            } else {
                log.error("Wrong length of data for 'dateOfBirth', should be of format YYYYMMDD, skipping...");
            }
View Full Code Here
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
    public void testCrmfRequestMessageSerialization() throws IOException, ClassNotFoundException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
      // Create a bogus PKIMessage
    KeyPair keys = KeyTools.genKeys("1024", "RSA");
    OptionalValidity myOptionalValidity = new OptionalValidity();
    org.bouncycastle.asn1.x509.Time nb = new org.bouncycastle.asn1.x509.Time(new DERGeneralizedTime("20030211002120Z"));
    org.bouncycastle.asn1.x509.Time na = new org.bouncycastle.asn1.x509.Time(new Date());
    myOptionalValidity.setNotBefore(nb);
    myOptionalValidity.setNotAfter(na);
    CertTemplate myCertTemplate = new CertTemplate();
    myCertTemplate.setValidity( myOptionalValidity );
    myCertTemplate.setIssuer(new X509Name("CN=bogusIssuer"));
    myCertTemplate.setSubject(new X509Name("CN=bogusSubject"));
    byte[]                  bytes = keys.getPublic().getEncoded();
        ByteArrayInputStream    bIn = new ByteArrayInputStream(bytes);
        ASN1InputStream         dIn = new ASN1InputStream(bIn);
        SubjectPublicKeyInfo keyInfo = new SubjectPublicKeyInfo((ASN1Sequence)dIn.readObject());
    myCertTemplate.setPublicKey(keyInfo);
    ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
    DEROutputStream         dOut = new DEROutputStream(bOut);
    Vector<X509Extension> values = new Vector<X509Extension>();
    Vector<DERObjectIdentifier> oids = new Vector<DERObjectIdentifier>();
    int bcku = X509KeyUsage.digitalSignature | X509KeyUsage.keyEncipherment | X509KeyUsage.nonRepudiation;
    X509KeyUsage ku = new X509KeyUsage(bcku);
    bOut = new ByteArrayOutputStream();
    dOut = new DEROutputStream(bOut);
    dOut.writeObject(ku);
    byte[] value = bOut.toByteArray();
    X509Extension kuext = new X509Extension(false, new DEROctetString(value));
    values.add(kuext);
    oids.add(X509Extensions.KeyUsage);
        myCertTemplate.setExtensions(new X509Extensions(oids, values));
        CertRequest myCertRequest = new CertRequest(new DERInteger(4), myCertTemplate);
        CertReqMsg myCertReqMsg = new CertReqMsg(myCertRequest);
        ProofOfPossession myProofOfPossession = new ProofOfPossession(new DERNull(), 0);
        myCertReqMsg.setPop(myProofOfPossession);
        AttributeTypeAndValue av = new AttributeTypeAndValue(CRMFObjectIdentifiers.regCtrl_regToken, new DERUTF8String("foo123"));
        myCertReqMsg.addRegInfo(av);
        CertReqMessages myCertReqMessages = new CertReqMessages(myCertReqMsg);
        PKIHeader myPKIHeader = new PKIHeader(new DERInteger(2), new GeneralName(new X509Name("CN=bogusSubject")), new GeneralName(new X509Name("CN=bogusIssuer")));
        myPKIHeader.setMessageTime(new DERGeneralizedTime(new Date()));
        myPKIHeader.setSenderNonce(new DEROctetString(CmpMessageHelper.createSenderNonce()));
        myPKIHeader.setTransactionID(new DEROctetString(CmpMessageHelper.createSenderNonce()));
        PKIBody myPKIBody = new PKIBody(myCertReqMessages, 0);
        PKIMessage myPKIMessage = new PKIMessage(myPKIHeader, myPKIBody);
      // Create a bogus CrmfRequestMessage
View Full Code Here
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
    return genCertReq(issuerDN, userDN, "UPN=fooupn@bar.com,rfc822Name=fooemail@bar.com", keys, cacert, nonce, transid, raVerifiedPopo, extensions, notBefore, notAfter, customCertSerno);
  }
 
  protected PKIMessage genCertReq(String issuerDN, String userDN, String altNames, KeyPair keys, Certificate cacert, byte[] nonce, byte[] transid, boolean raVerifiedPopo, X509Extensions extensions, Date notBefore, Date notAfter, BigInteger customCertSerno) throws NoSuchAlgorithmException, NoSuchProviderException, IOException, InvalidKeyException, SignatureException {
    OptionalValidity myOptionalValidity = new OptionalValidity();
    org.bouncycastle.asn1.x509.Time nb = new org.bouncycastle.asn1.x509.Time(new DERGeneralizedTime("20030211002120Z"));
    if (notBefore != null) {
      nb = new org.bouncycastle.asn1.x509.Time(notBefore);
    }
    org.bouncycastle.asn1.x509.Time na = new org.bouncycastle.asn1.x509.Time(new Date());
    if (notAfter != null) {
      na = new org.bouncycastle.asn1.x509.Time(notAfter);
    }
    myOptionalValidity.setNotBefore(nb);
    myOptionalValidity.setNotAfter(na);
   
    CertTemplate myCertTemplate = new CertTemplate();
    myCertTemplate.setValidity( myOptionalValidity );
    myCertTemplate.setIssuer(new X509Name(issuerDN));
    myCertTemplate.setSubject(new X509Name(userDN));
    byte[]                  bytes = keys.getPublic().getEncoded();
        ByteArrayInputStream    bIn = new ByteArrayInputStream(bytes);
        ASN1InputStream         dIn = new ASN1InputStream(bIn);
        SubjectPublicKeyInfo keyInfo = new SubjectPublicKeyInfo((ASN1Sequence)dIn.readObject());
    myCertTemplate.setPublicKey(keyInfo);
    // If we did not pass any extensions as parameter, we will create some of our own, standard ones
        X509Extensions exts = extensions;
        if (exts == null) {
          // SubjectAltName
        // Some altNames
            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
            DEROutputStream         dOut = new DEROutputStream(bOut);
            Vector<X509Extension> values = new Vector<X509Extension>();
            Vector<DERObjectIdentifier> oids = new Vector<DERObjectIdentifier>();
          if (altNames != null) {
                GeneralNames san = CertTools.getGeneralNamesFromAltName(altNames);
                dOut.writeObject(san);
                byte[] value = bOut.toByteArray();
                X509Extension sanext = new X509Extension(false, new DEROctetString(value));
                values.add(sanext);
                oids.add(X509Extensions.SubjectAlternativeName);
          }
            // KeyUsage
            int bcku = 0;
            bcku = X509KeyUsage.digitalSignature | X509KeyUsage.keyEncipherment | X509KeyUsage.nonRepudiation;
            X509KeyUsage ku = new X509KeyUsage(bcku);
            bOut = new ByteArrayOutputStream();
            dOut = new DEROutputStream(bOut);
            dOut.writeObject(ku);
            byte[] value = bOut.toByteArray();
            X509Extension kuext = new X509Extension(false, new DEROctetString(value));
            values.add(kuext);
            oids.add(X509Extensions.KeyUsage);

            // Make the complete extension package
            exts = new X509Extensions(oids, values);
        }
        myCertTemplate.setExtensions(exts);
    if (customCertSerno != null) {
      // Add serialNumber to the certTemplate, it is defined as a MUST NOT be used in RFC4211, but we will use it anyway in order
      // to request a custom certificate serial number (something not standard anyway)
      myCertTemplate.setSerialNumber(new DERInteger(customCertSerno));
    }

        CertRequest myCertRequest = new CertRequest(new DERInteger(4), myCertTemplate);
        // myCertRequest.addControls(new
        // AttributeTypeAndValue(CRMFObjectIdentifiers.regInfo_utf8Pairs, new
        // DERInteger(12345)));
        CertReqMsg myCertReqMsg = new CertReqMsg(myCertRequest);

        // POPO
        /*
         * PKMACValue myPKMACValue = new PKMACValue( new AlgorithmIdentifier(new
         * DERObjectIdentifier("8.2.1.2.3.4"), new DERBitString(new byte[] { 8,
         * 1, 1, 2 })), new DERBitString(new byte[] { 12, 29, 37, 43 }));
         *
         * POPOPrivKey myPOPOPrivKey = new POPOPrivKey(new DERBitString(new
         * byte[] { 44 }), 2); //take choice pos tag 2
         *
         * POPOSigningKeyInput myPOPOSigningKeyInput = new POPOSigningKeyInput(
         * myPKMACValue, new SubjectPublicKeyInfo( new AlgorithmIdentifier(new
         * DERObjectIdentifier("9.3.3.9.2.2"), new DERBitString(new byte[] { 2,
         * 9, 7, 3 })), new byte[] { 7, 7, 7, 4, 5, 6, 7, 7, 7 }));
         */
        ProofOfPossession myProofOfPossession = null;
        if (raVerifiedPopo) {
            // raVerified POPO (meaning there is no POPO)
            myProofOfPossession = new ProofOfPossession(new DERNull(), 0);
        } else {
            ByteArrayOutputStream baos = new ByteArrayOutputStream();
            DEROutputStream mout = new DEROutputStream(baos);
            mout.writeObject(myCertRequest);
            mout.close();
            byte[] popoProtectionBytes = baos.toByteArray();
            Signature sig = Signature.getInstance(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), "BC");
            sig.initSign(keys.getPrivate());
            sig.update(popoProtectionBytes);

            DERBitString bs = new DERBitString(sig.sign());

            POPOSigningKey myPOPOSigningKey = new POPOSigningKey(new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption), bs);
            // myPOPOSigningKey.setPoposkInput( myPOPOSigningKeyInput );
            myProofOfPossession = new ProofOfPossession(myPOPOSigningKey, 1);
        }

        myCertReqMsg.setPop(myProofOfPossession);
        // myCertReqMsg.addRegInfo(new AttributeTypeAndValue(new
        // DERObjectIdentifier("1.3.6.2.2.2.2.3.1"), new
        // DERInteger(1122334455)));
        AttributeTypeAndValue av = new AttributeTypeAndValue(CRMFObjectIdentifiers.regCtrl_regToken, new DERUTF8String("foo123"));
        myCertReqMsg.addRegInfo(av);

        CertReqMessages myCertReqMessages = new CertReqMessages(myCertReqMsg);
        // myCertReqMessages.addCertReqMsg(myCertReqMsg);

        // log.debug("CAcert subject name: "+cacert.getSubjectDN().getName());
        PKIHeader myPKIHeader = new PKIHeader(new DERInteger(2), new GeneralName(new X509Name(userDN)), new GeneralName(new X509Name(((X509Certificate)cacert).getSubjectDN()
                .getName())));
        myPKIHeader.setMessageTime(new DERGeneralizedTime(new Date()));
        // senderNonce
        myPKIHeader.setSenderNonce(new DEROctetString(nonce));
        // TransactionId
        myPKIHeader.setTransactionID(new DEROctetString(transid));
        // myPKIHeader.setRecipNonce(new DEROctetString(new
View Full Code Here
TOP

Related Classes of com.maverick.crypto.asn1.DERGeneralizedTime

  • com.adito.boot.KeyStoreManager
  • com.drighetto.essai.bouncycastle.asn1.Token
  • com.maverick.crypto.asn1.ASN1EncodableVector
  • com.maverick.crypto.asn1.ASN1Sequence
  • com.maverick.crypto.asn1.DERBitString
  • com.maverick.crypto.asn1.DERBoolean
  • com.maverick.crypto.asn1.DERGeneralizedTime
  • com.maverick.crypto.asn1.DERInputStream
  • com.maverick.crypto.asn1.DERInteger
  • com.maverick.crypto.asn1.DERObjectIdentifier
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.