Package org.bouncycastle.asn1.crmf

Examples of org.bouncycastle.asn1.crmf.CertRequest

121
122
123
124
125
126
127
128
129
130
131
    byte[] value = bOut.toByteArray();
    X509Extension kuext = new X509Extension(false, new DEROctetString(value));
    values.add(kuext);
    oids.add(X509Extensions.KeyUsage);
        myCertTemplate.setExtensions(new X509Extensions(oids, values));
        CertRequest myCertRequest = new CertRequest(new DERInteger(4), myCertTemplate);
        CertReqMsg myCertReqMsg = new CertReqMsg(myCertRequest);
        ProofOfPossession myProofOfPossession = new ProofOfPossession(new DERNull(), 0);
        myCertReqMsg.setPop(myProofOfPossession);
        AttributeTypeAndValue av = new AttributeTypeAndValue(CRMFObjectIdentifiers.regCtrl_regToken, new DERUTF8String("foo123"));
        myCertReqMsg.addRegInfo(av);
View Full Code Here
956
957
958
959
960
961
962
963
964
965
966
967
      } else if (reqType == REQTYPE_CRMF) {
        byte[] request = Base64.decode(req.getBytes());
        ASN1InputStream in = new ASN1InputStream(request);
        ASN1Sequence    crmfSeq = (ASN1Sequence) in.readObject();
        ASN1Sequence reqSeq =  (ASN1Sequence) ((ASN1Sequence) crmfSeq.getObjectAt(0)).getObjectAt(0);
        CertRequest certReq = new CertRequest( reqSeq );
        SubjectPublicKeyInfo pKeyInfo = certReq.getCertTemplate().getPublicKey();
        KeyFactory keyFact = KeyFactory.getInstance("RSA", "BC");
        KeySpec keySpec = new X509EncodedKeySpec( pKeyInfo.getEncoded() );
        PublicKey pubKey = keyFact.generatePublic(keySpec); // just check it's ok
        imsg = new SimpleRequestMessage(pubKey, username, password);
        // a simple crmf is not a complete PKI message, as desired by the CrmfRequestMessage class
View Full Code Here
167
168
169
170
171
172
173
174
175
176
177
178
      } else if (reqType == SecConst.CERT_REQ_TYPE_CRMF) {
        byte[] request = Base64.decode(req.getBytes());
        ASN1InputStream in = new ASN1InputStream(request);
        ASN1Sequence    crmfSeq = (ASN1Sequence) in.readObject();
        ASN1Sequence reqSeq =  (ASN1Sequence) ((ASN1Sequence) crmfSeq.getObjectAt(0)).getObjectAt(0);
        CertRequest certReq = new CertRequest( reqSeq );
        SubjectPublicKeyInfo pKeyInfo = certReq.getCertTemplate().getPublicKey();
        KeyFactory keyFact = KeyFactory.getInstance("RSA", "BC");
        KeySpec keySpec = new X509EncodedKeySpec( pKeyInfo.getEncoded() );
        PublicKey pubKey = keyFact.generatePublic(keySpec); // just check it's ok
        imsg = new SimpleRequestMessage(pubKey, username, password);
        // a simple crmf is not a complete PKI message, as desired by the CrmfRequestMessage class
View Full Code Here
193
194
195
196
197
198
199
200
201
202
203
      // Add serialNumber to the certTemplate, it is defined as a MUST NOT be used in RFC4211, but we will use it anyway in order
      // to request a custom certificate serial number (something not standard anyway)
      myCertTemplate.setSerialNumber(new DERInteger(customCertSerno));
    }

        CertRequest myCertRequest = new CertRequest(new DERInteger(4), myCertTemplate);
        // myCertRequest.addControls(new
        // AttributeTypeAndValue(CRMFObjectIdentifiers.regInfo_utf8Pairs, new
        // DERInteger(12345)));
        CertReqMsg myCertReqMsg = new CertReqMsg(myCertRequest);
View Full Code Here
191
192
193
194
195
196
197
                // Make the complete extension package
                myCertTemplate.setExtensions(new X509Extensions(oids, values));
            } else {
                myCertTemplate.setExtensions(extensions);
            }
            return new CertRequest(new DERInteger(4), myCertTemplate);
        }
View Full Code Here
187
188
189
190
191
192
193
194
195
196
197
    setSender(header.getSender());
  }
 
  @Override
  public PublicKey getRequestPublicKey() throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException {
    final CertRequest request = getReq().getCertReq();
    final CertTemplate templ = request.getCertTemplate();
    final SubjectPublicKeyInfo keyInfo = templ.getPublicKey();
    final PublicKey pk = getPublicKey(keyInfo, "BC");
    return pk;
  }
View Full Code Here
333
334
335
336
337
338
339
340
341
342
343
344
   *
   * @return BigInteger the requested custom certificate serial number or null, normally this should return null.
   */
  public BigInteger getSubjectCertSerialNo() {
    BigInteger ret = null;
    final CertRequest request = getReq().getCertReq();
    final CertTemplate templ = request.getCertTemplate();
    final DERInteger serno = templ.getSerialNumber();
    if (serno != null) {
      ret = serno.getValue();     
    }
    return ret;
View Full Code Here
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
        } else {
          // Assume POPOSigningKeyInput with the public key and name, MUST be the same as in the request according to RFC4211
          if (log.isDebugEnabled()) {
            log.debug("Using POPOSigningKeyInput as POPO input.");
          }
          final CertRequest req = getReq().getCertReq();
          // If subject is present in cert template it must be the same as in POPOSigningKeyInput
          final X509Name subject = req.getCertTemplate().getSubject();
          if (subject != null && !subject.toString().equals(pski.getSender().getName().toString())) {
            log.info("Subject '"+subject.toString()+"̈́', is not equal to '"+pski.getSender().toString()+"'.");
            protObject = null// pski is not a valid protection object
          }
          // If public key is present in cert template it must be the same as in POPOSigningKeyInput
          final SubjectPublicKeyInfo pk = req.getCertTemplate().getPublicKey();
          if (pk != null && !Arrays.areEqual(pk.getEncoded(), pski.getPublicKey().getEncoded())) {
            log.info("Subject key in cert template, is not equal to subject key in POPOSigningKeyInput.");
            protObject = null// pski is not a valid protection object
          }
        }
View Full Code Here
279
280
281
282
283
284
285
286
287
288
289
290
291
                ASN1TaggedObject tagsig = (ASN1TaggedObject)signerInfo.getObjectAt(next);
                ASN1Sequence sseq = (ASN1Sequence)tagsig.getObject();
                ByteArrayOutputStream bOut = new ByteArrayOutputStream();           
                ASN1OutputStream dout = new ASN1OutputStream(bOut);
                try {
                    ASN1EncodableVector attribute = new ASN1EncodableVector();
                    for (int k = 0; k < sseq.size(); ++k) {
                        attribute.add(sseq.getObjectAt(k));
                    }
                    dout.writeObject(new DERSet(attribute));
                    dout.close();
                }
                catch (IOException ioe){}
View Full Code Here
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
                }
                digest = sig.sign();
            }
           
            // Create the set of Hash algorithms
            ASN1EncodableVector digestAlgorithms = new ASN1EncodableVector();
            for(Iterator it = digestalgos.iterator(); it.hasNext();) {
                ASN1EncodableVector algos = new ASN1EncodableVector();
                algos.add(new DERObjectIdentifier((String)it.next()));
                algos.add(DERNull.INSTANCE);
                digestAlgorithms.add(new DERSequence(algos));
            }
           
            // Create the contentInfo.
            ASN1EncodableVector v = new ASN1EncodableVector();
            v.add(new DERObjectIdentifier(ID_PKCS7_DATA));
            if (RSAdata != null)
                v.add(new DERTaggedObject(0, new DEROctetString(RSAdata)));
            DERSequence contentinfo = new DERSequence(v);
           
            // Get all the certificates
            //
            v = new ASN1EncodableVector();
            for (Iterator i = certs.iterator(); i.hasNext();) {
                ASN1InputStream tempstream = new ASN1InputStream(new ByteArrayInputStream(((X509Certificate)i.next()).getEncoded()));
                v.add(tempstream.readObject());
            }
           
            DERSet dercertificates = new DERSet(v);
           
            // Create signerinfo structure.
            //
            ASN1EncodableVector signerinfo = new ASN1EncodableVector();
           
            // Add the signerInfo version
            //
            signerinfo.add(new DERInteger(signerversion));
           
            v = new ASN1EncodableVector();
            v.add(getIssuer(signCert.getTBSCertificate()));
            v.add(new DERInteger(signCert.getSerialNumber()));
            signerinfo.add(new DERSequence(v));
           
            // Add the digestAlgorithm
            v = new ASN1EncodableVector();
            v.add(new DERObjectIdentifier(digestAlgorithm));
            v.add(new DERNull());
            signerinfo.add(new DERSequence(v));
           
            // add the authenticated attribute if present
            if (secondDigest != null && signingTime != null) {
                ASN1EncodableVector attribute = new ASN1EncodableVector();
                v = new ASN1EncodableVector();
                v.add(new DERObjectIdentifier(ID_CONTENT_TYPE));
                v.add(new DERSet(new DERObjectIdentifier(ID_PKCS7_DATA)));
                attribute.add(new DERSequence(v));
                v = new ASN1EncodableVector();
                v.add(new DERObjectIdentifier(ID_SIGNING_TIME));
                v.add(new DERSet(new DERUTCTime(signingTime.getTime())));
                attribute.add(new DERSequence(v));
                v = new ASN1EncodableVector();
                v.add(new DERObjectIdentifier(ID_MESSAGE_DIGEST));
                v.add(new DERSet(new DEROctetString(secondDigest)));
                attribute.add(new DERSequence(v));
                if (!crls.isEmpty()) {
                    v = new ASN1EncodableVector();
                    v.add(new DERObjectIdentifier(ID_ADBE_REVOCATION));
                    ASN1EncodableVector v2 = new ASN1EncodableVector();
                    for (Iterator i = crls.iterator();i.hasNext();) {
                        ASN1InputStream t = new ASN1InputStream(new ByteArrayInputStream(((X509CRL)i.next()).getEncoded()));
                        v2.add(t.readObject());
                    }
                    v.add(new DERSet(new DERSequence(new DERTaggedObject(true, 0, new DERSequence(v2)))));
                    attribute.add(new DERSequence(v));
                }               
                signerinfo.add(new DERTaggedObject(false, 0, new DERSet(attribute)));
            }
            // Add the digestEncryptionAlgorithm
            v = new ASN1EncodableVector();
            v.add(new DERObjectIdentifier(digestEncryptionAlgorithm));
            v.add(new DERNull());
            signerinfo.add(new DERSequence(v));
           
            // Add the digest
            signerinfo.add(new DEROctetString(digest));
           
           
            // Finally build the body out of all the components above
            ASN1EncodableVector body = new ASN1EncodableVector();
            body.add(new DERInteger(version));
            body.add(new DERSet(digestAlgorithms));
            body.add(contentinfo);
            body.add(new DERTaggedObject(false, 0, dercertificates));
           
            if (!crls.isEmpty()) {
                v = new ASN1EncodableVector();
                for (Iterator i = crls.iterator();i.hasNext();) {
                    ASN1InputStream t = new ASN1InputStream(new ByteArrayInputStream(((X509CRL)i.next()).getEncoded()));
                    v.add(t.readObject());
                }
                DERSet dercrls = new DERSet(v);
                body.add(new DERTaggedObject(false, 1, dercrls));
            }
           
            // Only allow one signerInfo
            body.add(new DERSet(new DERSequence(signerinfo)));
           
            // Now we have the body, wrap it in it's PKCS7Signed shell
            // and return it
            //
            ASN1EncodableVector whole = new ASN1EncodableVector();
            whole.add(new DERObjectIdentifier(ID_PKCS7_SIGNED_DATA));
            whole.add(new DERTaggedObject(0, new DERSequence(body)));
           
            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
           
            ASN1OutputStream dout = new ASN1OutputStream(bOut);
            dout.writeObject(new DERSequence(whole));
View Full Code Here
TOP

Related Classes of org.bouncycastle.asn1.crmf.CertRequest

  • org.bouncycastle.asn1.ASN1Encodable
  • org.bouncycastle.asn1.ASN1EncodableVector
  • org.bouncycastle.asn1.ASN1Integer
  • org.bouncycastle.asn1.ASN1SequenceParser
  • org.bouncycastle.asn1.ASN1SetParser
  • org.bouncycastle.asn1.BERSequence
  • org.bouncycastle.asn1.BERTaggedObject
  • org.bouncycastle.asn1.cms.AuthEnvelopedDataParser
  • org.bouncycastle.asn1.cms.CompressedData
  • org.bouncycastle.asn1.cms.EncryptedContentInfo
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.