diff options
Diffstat (limited to 'core/src/main/java/org/bouncycastle/asn1/crmf')
22 files changed, 2223 insertions, 0 deletions
diff --git a/core/src/main/java/org/bouncycastle/asn1/crmf/AttributeTypeAndValue.java b/core/src/main/java/org/bouncycastle/asn1/crmf/AttributeTypeAndValue.java new file mode 100644 index 00000000..ec7d2831 --- /dev/null +++ b/core/src/main/java/org/bouncycastle/asn1/crmf/AttributeTypeAndValue.java @@ -0,0 +1,80 @@ +package org.bouncycastle.asn1.crmf; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.DERSequence; + +public class AttributeTypeAndValue + extends ASN1Object +{ + private ASN1ObjectIdentifier type; + private ASN1Encodable value; + + private AttributeTypeAndValue(ASN1Sequence seq) + { + type = (ASN1ObjectIdentifier)seq.getObjectAt(0); + value = (ASN1Encodable)seq.getObjectAt(1); + } + + public static AttributeTypeAndValue getInstance(Object o) + { + if (o instanceof AttributeTypeAndValue) + { + return (AttributeTypeAndValue)o; + } + + if (o != null) + { + return new AttributeTypeAndValue(ASN1Sequence.getInstance(o)); + } + + return null; + } + + public AttributeTypeAndValue( + String oid, + ASN1Encodable value) + { + this(new ASN1ObjectIdentifier(oid), value); + } + + public AttributeTypeAndValue( + ASN1ObjectIdentifier type, + ASN1Encodable value) + { + this.type = type; + this.value = value; + } + + public ASN1ObjectIdentifier getType() + { + return type; + } + + public ASN1Encodable getValue() + { + return value; + } + + /** + * <pre> + * AttributeTypeAndValue ::= SEQUENCE { + * type OBJECT IDENTIFIER, + * value ANY DEFINED BY type } + * </pre> + * @return a basic ASN.1 object representation. + */ + public ASN1Primitive toASN1Primitive() + { + ASN1EncodableVector v = new ASN1EncodableVector(); + + v.add(type); + v.add(value); + + return new DERSequence(v); + } +} diff --git a/core/src/main/java/org/bouncycastle/asn1/crmf/CRMFObjectIdentifiers.java b/core/src/main/java/org/bouncycastle/asn1/crmf/CRMFObjectIdentifiers.java new file mode 100644 index 00000000..c36084db --- /dev/null +++ b/core/src/main/java/org/bouncycastle/asn1/crmf/CRMFObjectIdentifiers.java @@ -0,0 +1,21 @@ +package org.bouncycastle.asn1.crmf; + +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; + +public interface CRMFObjectIdentifiers +{ + static final ASN1ObjectIdentifier id_pkix = new ASN1ObjectIdentifier("1.3.6.1.5.5.7"); + + // arc for Internet X.509 PKI protocols and their components + + static final ASN1ObjectIdentifier id_pkip = id_pkix.branch("5"); + + static final ASN1ObjectIdentifier id_regCtrl = id_pkip.branch("1"); + static final ASN1ObjectIdentifier id_regCtrl_regToken = id_regCtrl.branch("1"); + static final ASN1ObjectIdentifier id_regCtrl_authenticator = id_regCtrl.branch("2"); + static final ASN1ObjectIdentifier id_regCtrl_pkiPublicationInfo = id_regCtrl.branch("3"); + static final ASN1ObjectIdentifier id_regCtrl_pkiArchiveOptions = id_regCtrl.branch("4"); + + static final ASN1ObjectIdentifier id_ct_encKeyWithID = new ASN1ObjectIdentifier(PKCSObjectIdentifiers.id_ct + ".21"); +} diff --git a/core/src/main/java/org/bouncycastle/asn1/crmf/CertId.java b/core/src/main/java/org/bouncycastle/asn1/crmf/CertId.java new file mode 100644 index 00000000..bd54c119 --- /dev/null +++ b/core/src/main/java/org/bouncycastle/asn1/crmf/CertId.java @@ -0,0 +1,84 @@ +package org.bouncycastle.asn1.crmf; + +import java.math.BigInteger; + +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.x509.GeneralName; + +public class CertId + extends ASN1Object +{ + private GeneralName issuer; + private ASN1Integer serialNumber; + + private CertId(ASN1Sequence seq) + { + issuer = GeneralName.getInstance(seq.getObjectAt(0)); + serialNumber = ASN1Integer.getInstance(seq.getObjectAt(1)); + } + + public static CertId getInstance(Object o) + { + if (o instanceof CertId) + { + return (CertId)o; + } + + if (o != null) + { + return new CertId(ASN1Sequence.getInstance(o)); + } + + return null; + } + + public static CertId getInstance(ASN1TaggedObject obj, boolean isExplicit) + { + return getInstance(ASN1Sequence.getInstance(obj, isExplicit)); + } + + public CertId(GeneralName issuer, BigInteger serialNumber) + { + this(issuer, new ASN1Integer(serialNumber)); + } + + public CertId(GeneralName issuer, ASN1Integer serialNumber) + { + this.issuer = issuer; + this.serialNumber = serialNumber; + } + + public GeneralName getIssuer() + { + return issuer; + } + + public ASN1Integer getSerialNumber() + { + return serialNumber; + } + + /** + * <pre> + * CertId ::= SEQUENCE { + * issuer GeneralName, + * serialNumber INTEGER } + * </pre> + * @return a basic ASN.1 object representation. + */ + public ASN1Primitive toASN1Primitive() + { + ASN1EncodableVector v = new ASN1EncodableVector(); + + v.add(issuer); + v.add(serialNumber); + + return new DERSequence(v); + } +} diff --git a/core/src/main/java/org/bouncycastle/asn1/crmf/CertReqMessages.java b/core/src/main/java/org/bouncycastle/asn1/crmf/CertReqMessages.java new file mode 100644 index 00000000..aa48a189 --- /dev/null +++ b/core/src/main/java/org/bouncycastle/asn1/crmf/CertReqMessages.java @@ -0,0 +1,74 @@ +package org.bouncycastle.asn1.crmf; + +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.DERSequence; + +public class CertReqMessages + extends ASN1Object +{ + private ASN1Sequence content; + + private CertReqMessages(ASN1Sequence seq) + { + content = seq; + } + + public static CertReqMessages getInstance(Object o) + { + if (o instanceof CertReqMessages) + { + return (CertReqMessages)o; + } + + if (o != null) + { + return new CertReqMessages(ASN1Sequence.getInstance(o)); + } + + return null; + } + + public CertReqMessages( + CertReqMsg msg) + { + content = new DERSequence(msg); + } + + public CertReqMessages( + CertReqMsg[] msgs) + { + ASN1EncodableVector v = new ASN1EncodableVector(); + for (int i = 0; i < msgs.length; i++) + { + v.add(msgs[i]); + } + content = new DERSequence(v); + } + + public CertReqMsg[] toCertReqMsgArray() + { + CertReqMsg[] result = new CertReqMsg[content.size()]; + + for (int i = 0; i != result.length; i++) + { + result[i] = CertReqMsg.getInstance(content.getObjectAt(i)); + } + + return result; + } + + /** + * <pre> + * CertReqMessages ::= SEQUENCE SIZE (1..MAX) OF CertReqMsg + * </pre> + * + * @return a basic ASN.1 object representation. + */ + public ASN1Primitive toASN1Primitive() + { + return content; + } +} diff --git a/core/src/main/java/org/bouncycastle/asn1/crmf/CertReqMsg.java b/core/src/main/java/org/bouncycastle/asn1/crmf/CertReqMsg.java new file mode 100644 index 00000000..38936630 --- /dev/null +++ b/core/src/main/java/org/bouncycastle/asn1/crmf/CertReqMsg.java @@ -0,0 +1,145 @@ +package org.bouncycastle.asn1.crmf; + +import java.util.Enumeration; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DERSequence; + +public class CertReqMsg + extends ASN1Object +{ + private CertRequest certReq; + private ProofOfPossession pop; + private ASN1Sequence regInfo; + + private CertReqMsg(ASN1Sequence seq) + { + Enumeration en = seq.getObjects(); + + certReq = CertRequest.getInstance(en.nextElement()); + while (en.hasMoreElements()) + { + Object o = en.nextElement(); + + if (o instanceof ASN1TaggedObject || o instanceof ProofOfPossession) + { + pop = ProofOfPossession.getInstance(o); + } + else + { + regInfo = ASN1Sequence.getInstance(o); + } + } + } + + public static CertReqMsg getInstance(Object o) + { + if (o instanceof CertReqMsg) + { + return (CertReqMsg)o; + } + else if (o != null) + { + return new CertReqMsg(ASN1Sequence.getInstance(o)); + } + + return null; + } + + /** + * Creates a new CertReqMsg. + * @param certReq CertRequest + * @param pop may be null + * @param regInfo may be null + */ + public CertReqMsg( + CertRequest certReq, + ProofOfPossession pop, + AttributeTypeAndValue[] regInfo) + { + if (certReq == null) + { + throw new IllegalArgumentException("'certReq' cannot be null"); + } + + this.certReq = certReq; + this.pop = pop; + + if (regInfo != null) + { + this.regInfo = new DERSequence(regInfo); + } + } + + public CertRequest getCertReq() + { + return certReq; + } + + + /** + * @deprecated use getPopo + */ + public ProofOfPossession getPop() + { + return pop; + } + + + public ProofOfPossession getPopo() + { + return pop; + } + + public AttributeTypeAndValue[] getRegInfo() + { + if (regInfo == null) + { + return null; + } + + AttributeTypeAndValue[] results = new AttributeTypeAndValue[regInfo.size()]; + + for (int i = 0; i != results.length; i++) + { + results[i] = AttributeTypeAndValue.getInstance(regInfo.getObjectAt(i)); + } + + return results; + } + + /** + * <pre> + * CertReqMsg ::= SEQUENCE { + * certReq CertRequest, + * popo ProofOfPossession OPTIONAL, + * -- content depends upon key type + * regInfo SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue OPTIONAL } + * </pre> + * @return a basic ASN.1 object representation. + */ + public ASN1Primitive toASN1Primitive() + { + ASN1EncodableVector v = new ASN1EncodableVector(); + + v.add(certReq); + + addOptional(v, pop); + addOptional(v, regInfo); + + return new DERSequence(v); + } + + private void addOptional(ASN1EncodableVector v, ASN1Encodable obj) + { + if (obj != null) + { + v.add(obj); + } + } +} diff --git a/core/src/main/java/org/bouncycastle/asn1/crmf/CertRequest.java b/core/src/main/java/org/bouncycastle/asn1/crmf/CertRequest.java new file mode 100644 index 00000000..70afe8ef --- /dev/null +++ b/core/src/main/java/org/bouncycastle/asn1/crmf/CertRequest.java @@ -0,0 +1,97 @@ +package org.bouncycastle.asn1.crmf; + +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.DERSequence; + +public class CertRequest + extends ASN1Object +{ + private ASN1Integer certReqId; + private CertTemplate certTemplate; + private Controls controls; + + private CertRequest(ASN1Sequence seq) + { + certReqId = new ASN1Integer(ASN1Integer.getInstance(seq.getObjectAt(0)).getValue()); + certTemplate = CertTemplate.getInstance(seq.getObjectAt(1)); + if (seq.size() > 2) + { + controls = Controls.getInstance(seq.getObjectAt(2)); + } + } + + public static CertRequest getInstance(Object o) + { + if (o instanceof CertRequest) + { + return (CertRequest)o; + } + else if (o != null) + { + return new CertRequest(ASN1Sequence.getInstance(o)); + } + + return null; + } + + public CertRequest( + int certReqId, + CertTemplate certTemplate, + Controls controls) + { + this(new ASN1Integer(certReqId), certTemplate, controls); + } + + public CertRequest( + ASN1Integer certReqId, + CertTemplate certTemplate, + Controls controls) + { + this.certReqId = certReqId; + this.certTemplate = certTemplate; + this.controls = controls; + } + + public ASN1Integer getCertReqId() + { + return certReqId; + } + + public CertTemplate getCertTemplate() + { + return certTemplate; + } + + public Controls getControls() + { + return controls; + } + + /** + * <pre> + * CertRequest ::= SEQUENCE { + * certReqId INTEGER, -- ID for matching request and reply + * certTemplate CertTemplate, -- Selected fields of cert to be issued + * controls Controls OPTIONAL } -- Attributes affecting issuance + * </pre> + * @return a basic ASN.1 object representation. + */ + public ASN1Primitive toASN1Primitive() + { + ASN1EncodableVector v = new ASN1EncodableVector(); + + v.add(certReqId); + v.add(certTemplate); + + if (controls != null) + { + v.add(controls); + } + + return new DERSequence(v); + } +} diff --git a/core/src/main/java/org/bouncycastle/asn1/crmf/CertTemplate.java b/core/src/main/java/org/bouncycastle/asn1/crmf/CertTemplate.java new file mode 100644 index 00000000..73412e9a --- /dev/null +++ b/core/src/main/java/org/bouncycastle/asn1/crmf/CertTemplate.java @@ -0,0 +1,163 @@ +package org.bouncycastle.asn1.crmf; + +import java.util.Enumeration; + +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DERBitString; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.Extensions; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; + +public class CertTemplate + extends ASN1Object +{ + private ASN1Sequence seq; + + private ASN1Integer version; + private ASN1Integer serialNumber; + private AlgorithmIdentifier signingAlg; + private X500Name issuer; + private OptionalValidity validity; + private X500Name subject; + private SubjectPublicKeyInfo publicKey; + private DERBitString issuerUID; + private DERBitString subjectUID; + private Extensions extensions; + + private CertTemplate(ASN1Sequence seq) + { + this.seq = seq; + + Enumeration en = seq.getObjects(); + while (en.hasMoreElements()) + { + ASN1TaggedObject tObj = (ASN1TaggedObject)en.nextElement(); + + switch (tObj.getTagNo()) + { + case 0: + version = ASN1Integer.getInstance(tObj, false); + break; + case 1: + serialNumber = ASN1Integer.getInstance(tObj, false); + break; + case 2: + signingAlg = AlgorithmIdentifier.getInstance(tObj, false); + break; + case 3: + issuer = X500Name.getInstance(tObj, true); // CHOICE + break; + case 4: + validity = OptionalValidity.getInstance(ASN1Sequence.getInstance(tObj, false)); + break; + case 5: + subject = X500Name.getInstance(tObj, true); // CHOICE + break; + case 6: + publicKey = SubjectPublicKeyInfo.getInstance(tObj, false); + break; + case 7: + issuerUID = DERBitString.getInstance(tObj, false); + break; + case 8: + subjectUID = DERBitString.getInstance(tObj, false); + break; + case 9: + extensions = Extensions.getInstance(tObj, false); + break; + default: + throw new IllegalArgumentException("unknown tag: " + tObj.getTagNo()); + } + } + } + + public static CertTemplate getInstance(Object o) + { + if (o instanceof CertTemplate) + { + return (CertTemplate)o; + } + else if (o != null) + { + return new CertTemplate(ASN1Sequence.getInstance(o)); + } + + return null; + } + + public int getVersion() + { + return version.getValue().intValue(); + } + + public ASN1Integer getSerialNumber() + { + return serialNumber; + } + + public AlgorithmIdentifier getSigningAlg() + { + return signingAlg; + } + + public X500Name getIssuer() + { + return issuer; + } + + public OptionalValidity getValidity() + { + return validity; + } + + public X500Name getSubject() + { + return subject; + } + + public SubjectPublicKeyInfo getPublicKey() + { + return publicKey; + } + + public DERBitString getIssuerUID() + { + return issuerUID; + } + + public DERBitString getSubjectUID() + { + return subjectUID; + } + + public Extensions getExtensions() + { + return extensions; + } + + /** + * <pre> + * CertTemplate ::= SEQUENCE { + * version [0] Version OPTIONAL, + * serialNumber [1] INTEGER OPTIONAL, + * signingAlg [2] AlgorithmIdentifier OPTIONAL, + * issuer [3] Name OPTIONAL, + * validity [4] OptionalValidity OPTIONAL, + * subject [5] Name OPTIONAL, + * publicKey [6] SubjectPublicKeyInfo OPTIONAL, + * issuerUID [7] UniqueIdentifier OPTIONAL, + * subjectUID [8] UniqueIdentifier OPTIONAL, + * extensions [9] Extensions OPTIONAL } + * </pre> + * @return a basic ASN.1 object representation. + */ + public ASN1Primitive toASN1Primitive() + { + return seq; + } +} diff --git a/core/src/main/java/org/bouncycastle/asn1/crmf/CertTemplateBuilder.java b/core/src/main/java/org/bouncycastle/asn1/crmf/CertTemplateBuilder.java new file mode 100644 index 00000000..be5cbe6a --- /dev/null +++ b/core/src/main/java/org/bouncycastle/asn1/crmf/CertTemplateBuilder.java @@ -0,0 +1,152 @@ +package org.bouncycastle.asn1.crmf; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.DERBitString; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.DERTaggedObject; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.Extensions; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.asn1.x509.X509Extensions; + +public class CertTemplateBuilder +{ + private ASN1Integer version; + private ASN1Integer serialNumber; + private AlgorithmIdentifier signingAlg; + private X500Name issuer; + private OptionalValidity validity; + private X500Name subject; + private SubjectPublicKeyInfo publicKey; + private DERBitString issuerUID; + private DERBitString subjectUID; + private Extensions extensions; + + /** Sets the X.509 version. Note: for X509v3, use 2 here. */ + public CertTemplateBuilder setVersion(int ver) + { + version = new ASN1Integer(ver); + + return this; + } + + public CertTemplateBuilder setSerialNumber(ASN1Integer ser) + { + serialNumber = ser; + + return this; + } + + public CertTemplateBuilder setSigningAlg(AlgorithmIdentifier aid) + { + signingAlg = aid; + + return this; + } + + public CertTemplateBuilder setIssuer(X500Name name) + { + issuer = name; + + return this; + } + + public CertTemplateBuilder setValidity(OptionalValidity v) + { + validity = v; + + return this; + } + + public CertTemplateBuilder setSubject(X500Name name) + { + subject = name; + + return this; + } + + public CertTemplateBuilder setPublicKey(SubjectPublicKeyInfo spki) + { + publicKey = spki; + + return this; + } + + /** Sets the issuer unique ID (deprecated in X.509v3) */ + public CertTemplateBuilder setIssuerUID(DERBitString uid) + { + issuerUID = uid; + + return this; + } + + /** Sets the subject unique ID (deprecated in X.509v3) */ + public CertTemplateBuilder setSubjectUID(DERBitString uid) + { + subjectUID = uid; + + return this; + } + + /** + * @deprecated use method taking Extensions + * @param extens + * @return + */ + public CertTemplateBuilder setExtensions(X509Extensions extens) + { + return setExtensions(Extensions.getInstance(extens)); + } + + public CertTemplateBuilder setExtensions(Extensions extens) + { + extensions = extens; + + return this; + } + + /** + * <pre> + * CertTemplate ::= SEQUENCE { + * version [0] Version OPTIONAL, + * serialNumber [1] INTEGER OPTIONAL, + * signingAlg [2] AlgorithmIdentifier OPTIONAL, + * issuer [3] Name OPTIONAL, + * validity [4] OptionalValidity OPTIONAL, + * subject [5] Name OPTIONAL, + * publicKey [6] SubjectPublicKeyInfo OPTIONAL, + * issuerUID [7] UniqueIdentifier OPTIONAL, + * subjectUID [8] UniqueIdentifier OPTIONAL, + * extensions [9] Extensions OPTIONAL } + * </pre> + * @return a basic ASN.1 object representation. + */ + public CertTemplate build() + { + ASN1EncodableVector v = new ASN1EncodableVector(); + + addOptional(v, 0, false, version); + addOptional(v, 1, false, serialNumber); + addOptional(v, 2, false, signingAlg); + addOptional(v, 3, true, issuer); // CHOICE + addOptional(v, 4, false, validity); + addOptional(v, 5, true, subject); // CHOICE + addOptional(v, 6, false, publicKey); + addOptional(v, 7, false, issuerUID); + addOptional(v, 8, false, subjectUID); + addOptional(v, 9, false, extensions); + + return CertTemplate.getInstance(new DERSequence(v)); + } + + private void addOptional(ASN1EncodableVector v, int tagNo, boolean isExplicit, ASN1Encodable obj) + { + if (obj != null) + { + v.add(new DERTaggedObject(isExplicit, tagNo, obj)); + } + } +} diff --git a/core/src/main/java/org/bouncycastle/asn1/crmf/Controls.java b/core/src/main/java/org/bouncycastle/asn1/crmf/Controls.java new file mode 100644 index 00000000..2e188fe9 --- /dev/null +++ b/core/src/main/java/org/bouncycastle/asn1/crmf/Controls.java @@ -0,0 +1,72 @@ +package org.bouncycastle.asn1.crmf; + +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.DERSequence; + +public class Controls + extends ASN1Object +{ + private ASN1Sequence content; + + private Controls(ASN1Sequence seq) + { + content = seq; + } + + public static Controls getInstance(Object o) + { + if (o instanceof Controls) + { + return (Controls)o; + } + + if (o != null) + { + return new Controls(ASN1Sequence.getInstance(o)); + } + + return null; + } + + public Controls(AttributeTypeAndValue atv) + { + content = new DERSequence(atv); + } + + public Controls(AttributeTypeAndValue[] atvs) + { + ASN1EncodableVector v = new ASN1EncodableVector(); + for (int i = 0; i < atvs.length; i++) + { + v.add(atvs[i]); + } + content = new DERSequence(v); + } + + public AttributeTypeAndValue[] toAttributeTypeAndValueArray() + { + AttributeTypeAndValue[] result = new AttributeTypeAndValue[content.size()]; + + for (int i = 0; i != result.length; i++) + { + result[i] = AttributeTypeAndValue.getInstance(content.getObjectAt(i)); + } + + return result; + } + + /** + * <pre> + * Controls ::= SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue + * </pre> + * + * @return a basic ASN.1 object representation. + */ + public ASN1Primitive toASN1Primitive() + { + return content; + } +} diff --git a/core/src/main/java/org/bouncycastle/asn1/crmf/EncKeyWithID.java b/core/src/main/java/org/bouncycastle/asn1/crmf/EncKeyWithID.java new file mode 100644 index 00000000..478a9185 --- /dev/null +++ b/core/src/main/java/org/bouncycastle/asn1/crmf/EncKeyWithID.java @@ -0,0 +1,117 @@ +package org.bouncycastle.asn1.crmf; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.DERUTF8String; +import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.asn1.x509.GeneralName; + +public class EncKeyWithID + extends ASN1Object +{ + private final PrivateKeyInfo privKeyInfo; + private final ASN1Encodable identifier; + + public static EncKeyWithID getInstance(Object o) + { + if (o instanceof EncKeyWithID) + { + return (EncKeyWithID)o; + } + else if (o != null) + { + return new EncKeyWithID(ASN1Sequence.getInstance(o)); + } + + return null; + } + + private EncKeyWithID(ASN1Sequence seq) + { + this.privKeyInfo = PrivateKeyInfo.getInstance(seq.getObjectAt(0)); + + if (seq.size() > 1) + { + if (!(seq.getObjectAt(1) instanceof DERUTF8String)) + { + this.identifier = GeneralName.getInstance(seq.getObjectAt(1)); + } + else + { + this.identifier = (ASN1Encodable)seq.getObjectAt(1); + } + } + else + { + this.identifier = null; + } + } + + public EncKeyWithID(PrivateKeyInfo privKeyInfo) + { + this.privKeyInfo = privKeyInfo; + this.identifier = null; + } + + public EncKeyWithID(PrivateKeyInfo privKeyInfo, DERUTF8String str) + { + this.privKeyInfo = privKeyInfo; + this.identifier = str; + } + + public EncKeyWithID(PrivateKeyInfo privKeyInfo, GeneralName generalName) + { + this.privKeyInfo = privKeyInfo; + this.identifier = generalName; + } + + public PrivateKeyInfo getPrivateKey() + { + return privKeyInfo; + } + + public boolean hasIdentifier() + { + return identifier != null; + } + + public boolean isIdentifierUTF8String() + { + return identifier instanceof DERUTF8String; + } + + public ASN1Encodable getIdentifier() + { + return identifier; + } + + /** + * <pre> + * EncKeyWithID ::= SEQUENCE { + * privateKey PrivateKeyInfo, + * identifier CHOICE { + * string UTF8String, + * generalName GeneralName + * } OPTIONAL + * } + * </pre> + * @return + */ + public ASN1Primitive toASN1Primitive() + { + ASN1EncodableVector v = new ASN1EncodableVector(); + + v.add(privKeyInfo); + + if (identifier != null) + { + v.add(identifier); + } + + return new DERSequence(v); + } +} diff --git a/core/src/main/java/org/bouncycastle/asn1/crmf/EncryptedKey.java b/core/src/main/java/org/bouncycastle/asn1/crmf/EncryptedKey.java new file mode 100644 index 00000000..10ae47b5 --- /dev/null +++ b/core/src/main/java/org/bouncycastle/asn1/crmf/EncryptedKey.java @@ -0,0 +1,81 @@ +package org.bouncycastle.asn1.crmf; + +import org.bouncycastle.asn1.ASN1Choice; +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DERTaggedObject; +import org.bouncycastle.asn1.cms.EnvelopedData; + +public class EncryptedKey + extends ASN1Object + implements ASN1Choice +{ + private EnvelopedData envelopedData; + private EncryptedValue encryptedValue; + + public static EncryptedKey getInstance(Object o) + { + if (o instanceof EncryptedKey) + { + return (EncryptedKey)o; + } + else if (o instanceof ASN1TaggedObject) + { + return new EncryptedKey(EnvelopedData.getInstance((ASN1TaggedObject)o, false)); + } + else if (o instanceof EncryptedValue) + { + return new EncryptedKey((EncryptedValue)o); + } + else + { + return new EncryptedKey(EncryptedValue.getInstance(o)); + } + } + + public EncryptedKey(EnvelopedData envelopedData) + { + this.envelopedData = envelopedData; + } + + public EncryptedKey(EncryptedValue encryptedValue) + { + this.encryptedValue = encryptedValue; + } + + public boolean isEncryptedValue() + { + return encryptedValue != null; + } + + public ASN1Encodable getValue() + { + if (encryptedValue != null) + { + return encryptedValue; + } + + return envelopedData; + } + + /** + * <pre> + * EncryptedKey ::= CHOICE { + * encryptedValue EncryptedValue, -- deprecated + * envelopedData [0] EnvelopedData } + * -- The encrypted private key MUST be placed in the envelopedData + * -- encryptedContentInfo encryptedContent OCTET STRING. + * </pre> + */ + public ASN1Primitive toASN1Primitive() + { + if (encryptedValue != null) + { + return encryptedValue.toASN1Primitive(); + } + + return new DERTaggedObject(false, 0, envelopedData); + } +} diff --git a/core/src/main/java/org/bouncycastle/asn1/crmf/EncryptedValue.java b/core/src/main/java/org/bouncycastle/asn1/crmf/EncryptedValue.java new file mode 100644 index 00000000..3aa54579 --- /dev/null +++ b/core/src/main/java/org/bouncycastle/asn1/crmf/EncryptedValue.java @@ -0,0 +1,164 @@ +package org.bouncycastle.asn1.crmf; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DERBitString; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.DERTaggedObject; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; + +public class EncryptedValue + extends ASN1Object +{ + private AlgorithmIdentifier intendedAlg; + private AlgorithmIdentifier symmAlg; + private DERBitString encSymmKey; + private AlgorithmIdentifier keyAlg; + private ASN1OctetString valueHint; + private DERBitString encValue; + + private EncryptedValue(ASN1Sequence seq) + { + int index = 0; + while (seq.getObjectAt(index) instanceof ASN1TaggedObject) + { + ASN1TaggedObject tObj = (ASN1TaggedObject)seq.getObjectAt(index); + + switch (tObj.getTagNo()) + { + case 0: + intendedAlg = AlgorithmIdentifier.getInstance(tObj, false); + break; + case 1: + symmAlg = AlgorithmIdentifier.getInstance(tObj, false); + break; + case 2: + encSymmKey = DERBitString.getInstance(tObj, false); + break; + case 3: + keyAlg = AlgorithmIdentifier.getInstance(tObj, false); + break; + case 4: + valueHint = ASN1OctetString.getInstance(tObj, false); + break; + } + index++; + } + + encValue = DERBitString.getInstance(seq.getObjectAt(index)); + } + + public static EncryptedValue getInstance(Object o) + { + if (o instanceof EncryptedValue) + { + return (EncryptedValue)o; + } + else if (o != null) + { + return new EncryptedValue(ASN1Sequence.getInstance(o)); + } + + return null; + } + + public EncryptedValue( + AlgorithmIdentifier intendedAlg, + AlgorithmIdentifier symmAlg, + DERBitString encSymmKey, + AlgorithmIdentifier keyAlg, + ASN1OctetString valueHint, + DERBitString encValue) + { + if (encValue == null) + { + throw new IllegalArgumentException("'encValue' cannot be null"); + } + + this.intendedAlg = intendedAlg; + this.symmAlg = symmAlg; + this.encSymmKey = encSymmKey; + this.keyAlg = keyAlg; + this.valueHint = valueHint; + this.encValue = encValue; + } + + public AlgorithmIdentifier getIntendedAlg() + { + return intendedAlg; + } + + public AlgorithmIdentifier getSymmAlg() + { + return symmAlg; + } + + public DERBitString getEncSymmKey() + { + return encSymmKey; + } + + public AlgorithmIdentifier getKeyAlg() + { + return keyAlg; + } + + public ASN1OctetString getValueHint() + { + return valueHint; + } + + public DERBitString getEncValue() + { + return encValue; + } + + /** + * <pre> + * EncryptedValue ::= SEQUENCE { + * intendedAlg [0] AlgorithmIdentifier OPTIONAL, + * -- the intended algorithm for which the value will be used + * symmAlg [1] AlgorithmIdentifier OPTIONAL, + * -- the symmetric algorithm used to encrypt the value + * encSymmKey [2] BIT STRING OPTIONAL, + * -- the (encrypted) symmetric key used to encrypt the value + * keyAlg [3] AlgorithmIdentifier OPTIONAL, + * -- algorithm used to encrypt the symmetric key + * valueHint [4] OCTET STRING OPTIONAL, + * -- a brief description or identifier of the encValue content + * -- (may be meaningful only to the sending entity, and used only + * -- if EncryptedValue might be re-examined by the sending entity + * -- in the future) + * encValue BIT STRING } + * -- the encrypted value itself + * </pre> + * @return a basic ASN.1 object representation. + */ + public ASN1Primitive toASN1Primitive() + { + ASN1EncodableVector v = new ASN1EncodableVector(); + + addOptional(v, 0, intendedAlg); + addOptional(v, 1, symmAlg); + addOptional(v, 2, encSymmKey); + addOptional(v, 3, keyAlg); + addOptional(v, 4, valueHint); + + v.add(encValue); + + return new DERSequence(v); + } + + private void addOptional(ASN1EncodableVector v, int tagNo, ASN1Encodable obj) + { + if (obj != null) + { + v.add(new DERTaggedObject(false, tagNo, obj)); + } + } +} diff --git a/core/src/main/java/org/bouncycastle/asn1/crmf/OptionalValidity.java b/core/src/main/java/org/bouncycastle/asn1/crmf/OptionalValidity.java new file mode 100644 index 00000000..9174b5f7 --- /dev/null +++ b/core/src/main/java/org/bouncycastle/asn1/crmf/OptionalValidity.java @@ -0,0 +1,98 @@ +package org.bouncycastle.asn1.crmf; + +import java.util.Enumeration; + +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.DERTaggedObject; +import org.bouncycastle.asn1.x509.Time; + +public class OptionalValidity + extends ASN1Object +{ + private Time notBefore; + private Time notAfter; + + private OptionalValidity(ASN1Sequence seq) + { + Enumeration en = seq.getObjects(); + while (en.hasMoreElements()) + { + ASN1TaggedObject tObj = (ASN1TaggedObject)en.nextElement(); + + if (tObj.getTagNo() == 0) + { + notBefore = Time.getInstance(tObj, true); + } + else + { + notAfter = Time.getInstance(tObj, true); + } + } + } + + public static OptionalValidity getInstance(Object o) + { + if (o instanceof OptionalValidity) + { + return (OptionalValidity)o; + } + + if (o != null) + { + return new OptionalValidity(ASN1Sequence.getInstance(o)); + } + + return null; + } + + public OptionalValidity(Time notBefore, Time notAfter) + { + if (notBefore == null && notAfter == null) + { + throw new IllegalArgumentException("at least one of notBefore/notAfter must not be null."); + } + + this.notBefore = notBefore; + this.notAfter = notAfter; + } + + public Time getNotBefore() + { + return notBefore; + } + + public Time getNotAfter() + { + return notAfter; + } + + /** + * <pre> + * OptionalValidity ::= SEQUENCE { + * notBefore [0] Time OPTIONAL, + * notAfter [1] Time OPTIONAL } --at least one MUST be present + * </pre> + * @return a basic ASN.1 object representation. + */ + public ASN1Primitive toASN1Primitive() + { + ASN1EncodableVector v = new ASN1EncodableVector(); + + if (notBefore != null) + { + v.add(new DERTaggedObject(true, 0, notBefore)); + } + + if (notAfter != null) + { + v.add(new DERTaggedObject(true, 1, notAfter)); + } + + return new DERSequence(v); + } +} diff --git a/core/src/main/java/org/bouncycastle/asn1/crmf/PKIArchiveOptions.java b/core/src/main/java/org/bouncycastle/asn1/crmf/PKIArchiveOptions.java new file mode 100644 index 00000000..46e0e44c --- /dev/null +++ b/core/src/main/java/org/bouncycastle/asn1/crmf/PKIArchiveOptions.java @@ -0,0 +1,116 @@ +package org.bouncycastle.asn1.crmf; + +import org.bouncycastle.asn1.ASN1Boolean; +import org.bouncycastle.asn1.ASN1Choice; +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DERTaggedObject; + +public class PKIArchiveOptions + extends ASN1Object + implements ASN1Choice +{ + public static final int encryptedPrivKey = 0; + public static final int keyGenParameters = 1; + public static final int archiveRemGenPrivKey = 2; + + private ASN1Encodable value; + + public static PKIArchiveOptions getInstance(Object o) + { + if (o == null || o instanceof PKIArchiveOptions) + { + return (PKIArchiveOptions)o; + } + else if (o instanceof ASN1TaggedObject) + { + return new PKIArchiveOptions((ASN1TaggedObject)o); + } + + throw new IllegalArgumentException("unknown object: " + o); + } + + private PKIArchiveOptions(ASN1TaggedObject tagged) + { + switch (tagged.getTagNo()) + { + case encryptedPrivKey: + value = EncryptedKey.getInstance(tagged.getObject()); + break; + case keyGenParameters: + value = ASN1OctetString.getInstance(tagged, false); + break; + case archiveRemGenPrivKey: + value = ASN1Boolean.getInstance(tagged, false); + break; + default: + throw new IllegalArgumentException("unknown tag number: " + tagged.getTagNo()); + } + } + + public PKIArchiveOptions(EncryptedKey encKey) + { + this.value = encKey; + } + + public PKIArchiveOptions(ASN1OctetString keyGenParameters) + { + this.value = keyGenParameters; + } + + public PKIArchiveOptions(boolean archiveRemGenPrivKey) + { + this.value = ASN1Boolean.getInstance(archiveRemGenPrivKey); + } + + public int getType() + { + if (value instanceof EncryptedKey) + { + return encryptedPrivKey; + } + + if (value instanceof ASN1OctetString) + { + return keyGenParameters; + } + + return archiveRemGenPrivKey; + } + + public ASN1Encodable getValue() + { + return value; + } + + /** + * <pre> + * PKIArchiveOptions ::= CHOICE { + * encryptedPrivKey [0] EncryptedKey, + * -- the actual value of the private key + * keyGenParameters [1] KeyGenParameters, + * -- parameters which allow the private key to be re-generated + * archiveRemGenPrivKey [2] BOOLEAN } + * -- set to TRUE if sender wishes receiver to archive the private + * -- key of a key pair that the receiver generates in response to + * -- this request; set to FALSE if no archival is desired. + * </pre> + */ + public ASN1Primitive toASN1Primitive() + { + if (value instanceof EncryptedKey) + { + return new DERTaggedObject(true, encryptedPrivKey, value); // choice + } + + if (value instanceof ASN1OctetString) + { + return new DERTaggedObject(false, keyGenParameters, value); + } + + return new DERTaggedObject(false, archiveRemGenPrivKey, value); + } +} diff --git a/core/src/main/java/org/bouncycastle/asn1/crmf/PKIPublicationInfo.java b/core/src/main/java/org/bouncycastle/asn1/crmf/PKIPublicationInfo.java new file mode 100644 index 00000000..dba0422d --- /dev/null +++ b/core/src/main/java/org/bouncycastle/asn1/crmf/PKIPublicationInfo.java @@ -0,0 +1,81 @@ +package org.bouncycastle.asn1.crmf; + +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.DERSequence; + +public class PKIPublicationInfo + extends ASN1Object +{ + private ASN1Integer action; + private ASN1Sequence pubInfos; + + private PKIPublicationInfo(ASN1Sequence seq) + { + action = ASN1Integer.getInstance(seq.getObjectAt(0)); + pubInfos = ASN1Sequence.getInstance(seq.getObjectAt(1)); + } + + public static PKIPublicationInfo getInstance(Object o) + { + if (o instanceof PKIPublicationInfo) + { + return (PKIPublicationInfo)o; + } + + if (o != null) + { + return new PKIPublicationInfo(ASN1Sequence.getInstance(o)); + } + + return null; + } + + public ASN1Integer getAction() + { + return action; + } + + public SinglePubInfo[] getPubInfos() + { + if (pubInfos == null) + { + return null; + } + + SinglePubInfo[] results = new SinglePubInfo[pubInfos.size()]; + + for (int i = 0; i != results.length; i++) + { + results[i] = SinglePubInfo.getInstance(pubInfos.getObjectAt(i)); + } + + return results; + } + + /** + * <pre> + * PKIPublicationInfo ::= SEQUENCE { + * action INTEGER { + * dontPublish (0), + * pleasePublish (1) }, + * pubInfos SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL } + * -- pubInfos MUST NOT be present if action is "dontPublish" + * -- (if action is "pleasePublish" and pubInfos is omitted, + * -- "dontCare" is assumed) + * </pre> + * @return a basic ASN.1 object representation. + */ + public ASN1Primitive toASN1Primitive() + { + ASN1EncodableVector v = new ASN1EncodableVector(); + + v.add(action); + v.add(pubInfos); + + return new DERSequence(v); + } +} diff --git a/core/src/main/java/org/bouncycastle/asn1/crmf/PKMACValue.java b/core/src/main/java/org/bouncycastle/asn1/crmf/PKMACValue.java new file mode 100644 index 00000000..ebbf2dcf --- /dev/null +++ b/core/src/main/java/org/bouncycastle/asn1/crmf/PKMACValue.java @@ -0,0 +1,104 @@ +package org.bouncycastle.asn1.crmf; + +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DERBitString; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.cmp.CMPObjectIdentifiers; +import org.bouncycastle.asn1.cmp.PBMParameter; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; + +/** + * Password-based MAC value for use with POPOSigningKeyInput. + */ +public class PKMACValue + extends ASN1Object +{ + private AlgorithmIdentifier algId; + private DERBitString value; + + private PKMACValue(ASN1Sequence seq) + { + algId = AlgorithmIdentifier.getInstance(seq.getObjectAt(0)); + value = DERBitString.getInstance(seq.getObjectAt(1)); + } + + public static PKMACValue getInstance(Object o) + { + if (o instanceof PKMACValue) + { + return (PKMACValue)o; + } + + if (o != null) + { + return new PKMACValue(ASN1Sequence.getInstance(o)); + } + + return null; + } + + public static PKMACValue getInstance(ASN1TaggedObject obj, boolean isExplicit) + { + return getInstance(ASN1Sequence.getInstance(obj, isExplicit)); + } + + /** + * Creates a new PKMACValue. + * @param params parameters for password-based MAC + * @param value MAC of the DER-encoded SubjectPublicKeyInfo + */ + public PKMACValue( + PBMParameter params, + DERBitString value) + { + this(new AlgorithmIdentifier( + CMPObjectIdentifiers.passwordBasedMac, params), value); + } + + /** + * Creates a new PKMACValue. + * @param aid CMPObjectIdentifiers.passwordBasedMAC, with PBMParameter + * @param value MAC of the DER-encoded SubjectPublicKeyInfo + */ + public PKMACValue( + AlgorithmIdentifier aid, + DERBitString value) + { + this.algId = aid; + this.value = value; + } + + public AlgorithmIdentifier getAlgId() + { + return algId; + } + + public DERBitString getValue() + { + return value; + } + + /** + * <pre> + * PKMACValue ::= SEQUENCE { + * algId AlgorithmIdentifier, + * -- algorithm value shall be PasswordBasedMac 1.2.840.113533.7.66.13 + * -- parameter value is PBMParameter + * value BIT STRING } + * </pre> + * @return a basic ASN.1 object representation. + */ + public ASN1Primitive toASN1Primitive() + { + ASN1EncodableVector v = new ASN1EncodableVector(); + + v.add(algId); + v.add(value); + + return new DERSequence(v); + } +} diff --git a/core/src/main/java/org/bouncycastle/asn1/crmf/POPOPrivKey.java b/core/src/main/java/org/bouncycastle/asn1/crmf/POPOPrivKey.java new file mode 100644 index 00000000..8c9db8ac --- /dev/null +++ b/core/src/main/java/org/bouncycastle/asn1/crmf/POPOPrivKey.java @@ -0,0 +1,104 @@ +package org.bouncycastle.asn1.crmf; + +import org.bouncycastle.asn1.ASN1Choice; +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DERBitString; +import org.bouncycastle.asn1.DERTaggedObject; +import org.bouncycastle.asn1.cms.EnvelopedData; + +public class POPOPrivKey + extends ASN1Object + implements ASN1Choice +{ + public static final int thisMessage = 0; + public static final int subsequentMessage = 1; + public static final int dhMAC = 2; + public static final int agreeMAC = 3; + public static final int encryptedKey = 4; + + private int tagNo; + private ASN1Encodable obj; + + private POPOPrivKey(ASN1TaggedObject obj) + { + this.tagNo = obj.getTagNo(); + + switch (tagNo) + { + case thisMessage: + this.obj = DERBitString.getInstance(obj, false); + break; + case subsequentMessage: + this.obj = SubsequentMessage.valueOf(ASN1Integer.getInstance(obj, false).getValue().intValue()); + break; + case dhMAC: + this.obj = DERBitString.getInstance(obj, false); + break; + case agreeMAC: + this.obj = PKMACValue.getInstance(obj, false); + break; + case encryptedKey: + this.obj = EnvelopedData.getInstance(obj, false); + break; + default: + throw new IllegalArgumentException("unknown tag in POPOPrivKey"); + } + } + + public static POPOPrivKey getInstance(Object obj) + { + if (obj instanceof POPOPrivKey) + { + return (POPOPrivKey)obj; + } + if (obj != null) + { + return new POPOPrivKey(ASN1TaggedObject.getInstance(obj)); + } + + return null; + } + + public static POPOPrivKey getInstance(ASN1TaggedObject obj, boolean explicit) + { + return getInstance(ASN1TaggedObject.getInstance(obj, explicit)); + } + + public POPOPrivKey(SubsequentMessage msg) + { + this.tagNo = subsequentMessage; + this.obj = msg; + } + + public int getType() + { + return tagNo; + } + + public ASN1Encodable getValue() + { + return obj; + } + + /** + * <pre> + * POPOPrivKey ::= CHOICE { + * thisMessage [0] BIT STRING, -- Deprecated + * -- possession is proven in this message (which contains the private + * -- key itself (encrypted for the CA)) + * subsequentMessage [1] SubsequentMessage, + * -- possession will be proven in a subsequent message + * dhMAC [2] BIT STRING, -- Deprecated + * agreeMAC [3] PKMACValue, + * encryptedKey [4] EnvelopedData } + * </pre> + */ + public ASN1Primitive toASN1Primitive() + { + return new DERTaggedObject(false, tagNo, obj); + } +} diff --git a/core/src/main/java/org/bouncycastle/asn1/crmf/POPOSigningKey.java b/core/src/main/java/org/bouncycastle/asn1/crmf/POPOSigningKey.java new file mode 100644 index 00000000..43dd05b0 --- /dev/null +++ b/core/src/main/java/org/bouncycastle/asn1/crmf/POPOSigningKey.java @@ -0,0 +1,127 @@ +package org.bouncycastle.asn1.crmf; + +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DERBitString; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.DERTaggedObject; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; + +public class POPOSigningKey + extends ASN1Object +{ + private POPOSigningKeyInput poposkInput; + private AlgorithmIdentifier algorithmIdentifier; + private DERBitString signature; + + private POPOSigningKey(ASN1Sequence seq) + { + int index = 0; + + if (seq.getObjectAt(index) instanceof ASN1TaggedObject) + { + ASN1TaggedObject tagObj + = (ASN1TaggedObject)seq.getObjectAt(index++); + if (tagObj.getTagNo() != 0) + { + throw new IllegalArgumentException( + "Unknown POPOSigningKeyInput tag: " + tagObj.getTagNo()); + } + poposkInput = POPOSigningKeyInput.getInstance(tagObj.getObject()); + } + algorithmIdentifier = AlgorithmIdentifier.getInstance(seq.getObjectAt(index++)); + signature = DERBitString.getInstance(seq.getObjectAt(index)); + } + + public static POPOSigningKey getInstance(Object o) + { + if (o instanceof POPOSigningKey) + { + return (POPOSigningKey)o; + } + + if (o != null) + { + return new POPOSigningKey(ASN1Sequence.getInstance(o)); + } + + return null; + } + + public static POPOSigningKey getInstance(ASN1TaggedObject obj, boolean explicit) + { + return getInstance(ASN1Sequence.getInstance(obj, explicit)); + } + + /** + * Creates a new Proof of Possession object for a signing key. + * + * @param poposkIn the POPOSigningKeyInput structure, or null if the + * CertTemplate includes both subject and publicKey values. + * @param aid the AlgorithmIdentifier used to sign the proof of possession. + * @param signature a signature over the DER-encoded value of poposkIn, + * or the DER-encoded value of certReq if poposkIn is null. + */ + public POPOSigningKey( + POPOSigningKeyInput poposkIn, + AlgorithmIdentifier aid, + DERBitString signature) + { + this.poposkInput = poposkIn; + this.algorithmIdentifier = aid; + this.signature = signature; + } + + public POPOSigningKeyInput getPoposkInput() + { + return poposkInput; + } + + public AlgorithmIdentifier getAlgorithmIdentifier() + { + return algorithmIdentifier; + } + + public DERBitString getSignature() + { + return signature; + } + + /** + * <pre> + * POPOSigningKey ::= SEQUENCE { + * poposkInput [0] POPOSigningKeyInput OPTIONAL, + * algorithmIdentifier AlgorithmIdentifier, + * signature BIT STRING } + * -- The signature (using "algorithmIdentifier") is on the + * -- DER-encoded value of poposkInput. NOTE: If the CertReqMsg + * -- certReq CertTemplate contains the subject and publicKey values, + * -- then poposkInput MUST be omitted and the signature MUST be + * -- computed on the DER-encoded value of CertReqMsg certReq. If + * -- the CertReqMsg certReq CertTemplate does not contain the public + * -- key and subject values, then poposkInput MUST be present and + * -- MUST be signed. This strategy ensures that the public key is + * -- not present in both the poposkInput and CertReqMsg certReq + * -- CertTemplate fields. + * </pre> + * + * @return a basic ASN.1 object representation. + */ + public ASN1Primitive toASN1Primitive() + { + ASN1EncodableVector v = new ASN1EncodableVector(); + + if (poposkInput != null) + { + v.add(new DERTaggedObject(false, 0, poposkInput)); + } + + v.add(algorithmIdentifier); + v.add(signature); + + return new DERSequence(v); + } +} diff --git a/core/src/main/java/org/bouncycastle/asn1/crmf/POPOSigningKeyInput.java b/core/src/main/java/org/bouncycastle/asn1/crmf/POPOSigningKeyInput.java new file mode 100644 index 00000000..54d828e8 --- /dev/null +++ b/core/src/main/java/org/bouncycastle/asn1/crmf/POPOSigningKeyInput.java @@ -0,0 +1,134 @@ +package org.bouncycastle.asn1.crmf; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.DERTaggedObject; +import org.bouncycastle.asn1.x509.GeneralName; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; + +public class POPOSigningKeyInput + extends ASN1Object +{ + private GeneralName sender; + private PKMACValue publicKeyMAC; + private SubjectPublicKeyInfo publicKey; + + private POPOSigningKeyInput(ASN1Sequence seq) + { + ASN1Encodable authInfo = (ASN1Encodable)seq.getObjectAt(0); + + if (authInfo instanceof ASN1TaggedObject) + { + ASN1TaggedObject tagObj = (ASN1TaggedObject)authInfo; + if (tagObj.getTagNo() != 0) + { + throw new IllegalArgumentException( + "Unknown authInfo tag: " + tagObj.getTagNo()); + } + sender = GeneralName.getInstance(tagObj.getObject()); + } + else + { + publicKeyMAC = PKMACValue.getInstance(authInfo); + } + + publicKey = SubjectPublicKeyInfo.getInstance(seq.getObjectAt(1)); + } + + public static POPOSigningKeyInput getInstance(Object o) + { + if (o instanceof POPOSigningKeyInput) + { + return (POPOSigningKeyInput)o; + } + + if (o != null) + { + return new POPOSigningKeyInput(ASN1Sequence.getInstance(o)); + } + + return null; + } + + /** + * Creates a new POPOSigningKeyInput with sender name as authInfo. + */ + public POPOSigningKeyInput( + GeneralName sender, + SubjectPublicKeyInfo spki) + { + this.sender = sender; + this.publicKey = spki; + } + + /** + * Creates a new POPOSigningKeyInput using password-based MAC. + */ + public POPOSigningKeyInput( + PKMACValue pkmac, + SubjectPublicKeyInfo spki) + { + this.publicKeyMAC = pkmac; + this.publicKey = spki; + } + + /** + * Returns the sender field, or null if authInfo is publicKeyMAC + */ + public GeneralName getSender() + { + return sender; + } + + /** + * Returns the publicKeyMAC field, or null if authInfo is sender + */ + public PKMACValue getPublicKeyMAC() + { + return publicKeyMAC; + } + + public SubjectPublicKeyInfo getPublicKey() + { + return publicKey; + } + + /** + * <pre> + * POPOSigningKeyInput ::= SEQUENCE { + * authInfo CHOICE { + * sender [0] GeneralName, + * -- used only if an authenticated identity has been + * -- established for the sender (e.g., a DN from a + * -- previously-issued and currently-valid certificate + * publicKeyMAC PKMACValue }, + * -- used if no authenticated GeneralName currently exists for + * -- the sender; publicKeyMAC contains a password-based MAC + * -- on the DER-encoded value of publicKey + * publicKey SubjectPublicKeyInfo } -- from CertTemplate + * </pre> + * @return a basic ASN.1 object representation. + */ + public ASN1Primitive toASN1Primitive() + { + ASN1EncodableVector v = new ASN1EncodableVector(); + + if (sender != null) + { + v.add(new DERTaggedObject(false, 0, sender)); + } + else + { + v.add(publicKeyMAC); + } + + v.add(publicKey); + + return new DERSequence(v); + } +} diff --git a/core/src/main/java/org/bouncycastle/asn1/crmf/ProofOfPossession.java b/core/src/main/java/org/bouncycastle/asn1/crmf/ProofOfPossession.java new file mode 100644 index 00000000..8ff23423 --- /dev/null +++ b/core/src/main/java/org/bouncycastle/asn1/crmf/ProofOfPossession.java @@ -0,0 +1,108 @@ +package org.bouncycastle.asn1.crmf; + +import org.bouncycastle.asn1.ASN1Choice; +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DERNull; +import org.bouncycastle.asn1.DERTaggedObject; + +public class ProofOfPossession + extends ASN1Object + implements ASN1Choice +{ + public static final int TYPE_RA_VERIFIED = 0; + public static final int TYPE_SIGNING_KEY = 1; + public static final int TYPE_KEY_ENCIPHERMENT = 2; + public static final int TYPE_KEY_AGREEMENT = 3; + + private int tagNo; + private ASN1Encodable obj; + + private ProofOfPossession(ASN1TaggedObject tagged) + { + tagNo = tagged.getTagNo(); + switch (tagNo) + { + case 0: + obj = DERNull.INSTANCE; + break; + case 1: + obj = POPOSigningKey.getInstance(tagged, false); + break; + case 2: + case 3: + obj = POPOPrivKey.getInstance(tagged, true); + break; + default: + throw new IllegalArgumentException("unknown tag: " + tagNo); + } + } + + public static ProofOfPossession getInstance(Object o) + { + if (o == null || o instanceof ProofOfPossession) + { + return (ProofOfPossession)o; + } + + if (o instanceof ASN1TaggedObject) + { + return new ProofOfPossession((ASN1TaggedObject)o); + } + + throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); + } + + /** Creates a ProofOfPossession with type raVerified. */ + public ProofOfPossession() + { + tagNo = TYPE_RA_VERIFIED; + obj = DERNull.INSTANCE; + } + + /** Creates a ProofOfPossession for a signing key. */ + public ProofOfPossession(POPOSigningKey poposk) + { + tagNo = TYPE_SIGNING_KEY; + obj = poposk; + } + + /** + * Creates a ProofOfPossession for key encipherment or agreement. + * @param type one of TYPE_KEY_ENCIPHERMENT or TYPE_KEY_AGREEMENT + */ + public ProofOfPossession(int type, POPOPrivKey privkey) + { + tagNo = type; + obj = privkey; + } + + public int getType() + { + return tagNo; + } + + public ASN1Encodable getObject() + { + return obj; + } + + /** + * <pre> + * ProofOfPossession ::= CHOICE { + * raVerified [0] NULL, + * -- used if the RA has already verified that the requester is in + * -- possession of the private key + * signature [1] POPOSigningKey, + * keyEncipherment [2] POPOPrivKey, + * keyAgreement [3] POPOPrivKey } + * </pre> + * @return a basic ASN.1 object representation. + */ + public ASN1Primitive toASN1Primitive() + { + return new DERTaggedObject(false, tagNo, obj); + } +} diff --git a/core/src/main/java/org/bouncycastle/asn1/crmf/SinglePubInfo.java b/core/src/main/java/org/bouncycastle/asn1/crmf/SinglePubInfo.java new file mode 100644 index 00000000..0237b3a6 --- /dev/null +++ b/core/src/main/java/org/bouncycastle/asn1/crmf/SinglePubInfo.java @@ -0,0 +1,72 @@ +package org.bouncycastle.asn1.crmf; + +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.x509.GeneralName; + +public class SinglePubInfo + extends ASN1Object +{ + private ASN1Integer pubMethod; + private GeneralName pubLocation; + + private SinglePubInfo(ASN1Sequence seq) + { + pubMethod = ASN1Integer.getInstance(seq.getObjectAt(0)); + + if (seq.size() == 2) + { + pubLocation = GeneralName.getInstance(seq.getObjectAt(1)); + } + } + + public static SinglePubInfo getInstance(Object o) + { + if (o instanceof SinglePubInfo) + { + return (SinglePubInfo)o; + } + + if (o != null) + { + return new SinglePubInfo(ASN1Sequence.getInstance(o)); + } + + return null; + } + + public GeneralName getPubLocation() + { + return pubLocation; + } + + /** + * <pre> + * SinglePubInfo ::= SEQUENCE { + * pubMethod INTEGER { + * dontCare (0), + * x500 (1), + * web (2), + * ldap (3) }, + * pubLocation GeneralName OPTIONAL } + * </pre> + * @return a basic ASN.1 object representation. + */ + public ASN1Primitive toASN1Primitive() + { + ASN1EncodableVector v = new ASN1EncodableVector(); + + v.add(pubMethod); + + if (pubLocation != null) + { + v.add(pubLocation); + } + + return new DERSequence(v); + } +} diff --git a/core/src/main/java/org/bouncycastle/asn1/crmf/SubsequentMessage.java b/core/src/main/java/org/bouncycastle/asn1/crmf/SubsequentMessage.java new file mode 100644 index 00000000..46917228 --- /dev/null +++ b/core/src/main/java/org/bouncycastle/asn1/crmf/SubsequentMessage.java @@ -0,0 +1,29 @@ +package org.bouncycastle.asn1.crmf; + +import org.bouncycastle.asn1.ASN1Integer; + +public class SubsequentMessage + extends ASN1Integer +{ + public static final SubsequentMessage encrCert = new SubsequentMessage(0); + public static final SubsequentMessage challengeResp = new SubsequentMessage(1); + + private SubsequentMessage(int value) + { + super(value); + } + + public static SubsequentMessage valueOf(int value) + { + if (value == 0) + { + return encrCert; + } + if (value == 1) + { + return challengeResp; + } + + throw new IllegalArgumentException("unknown value: " + value); + } +} |