Skip to content

Instantly share code, notes, and snippets.

View as1an's full-sized avatar

as1an

10 followers · 0 following
View GitHub Profile
@as1an
as1an / extension_der_encoding.txt
Last active December 11, 2024 08:21
Encoding nonce and Extension in general
nonce записывается в расширениях запроса https://datatracker.ietf.org/doc/html/rfc6960#page-35
TBSRequest ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
requestorName [1] EXPLICIT GeneralName OPTIONAL,
requestList SEQUENCE OF Request,
requestExtensions [2] EXPLICIT Extensions {{re-ocsp-nonce |
re-ocsp-response, ...,
re-ocsp-preferred-signature-algorithms}} OPTIONAL }
@as1an
as1an / PlusSignSubjectDN.java
Created June 30, 2024 01:04
Solutions for x509cert with a + symbol in a subjectdn
import javax.security.auth.x500.X500Principal;
import kz.gov.pki.kalkan.asn1.ASN1Object;
import kz.gov.pki.kalkan.asn1.ASN1Sequence;
import kz.gov.pki.kalkan.asn1.ASN1Set;
import kz.gov.pki.kalkan.asn1.DERObjectIdentifier;
import kz.gov.pki.kalkan.asn1.DERString;
import kz.gov.pki.kalkan.asn1.x509.X509Name;
import kz.gov.pki.provider.utils.X509Util;
public class PlusSignSubjectDN {
@as1an
as1an / JavaJwtSample.java
Created June 13, 2024 00:36
JWT with https://github.com/pkigovkz/java-jwt
package kz.gov.pki.jwt;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Provider;
import java.security.Security;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import com.auth0.jwt.JWT;
@as1an
as1an / JwtVerificationSample.java
Created February 13, 2024 12:04
package kz.sample.jwt;
import java.io.ByteArrayInputStream;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Base64;
import org.apache.commons.lang3.StringUtils;
import lombok.extern.slf4j.Slf4j;
@as1an
as1an / Client.java
Last active November 9, 2023 20:06
Sample for GBD UL\FL clients
package kz.gov.egg.sync.client;
import java.security.Security;
import java.util.HashMap;
import java.util.UUID;
import org.apache.cxf.ext.logging.LoggingFeature;
import org.apache.wss4j.common.crypto.WSProviderConfig;
import kz.gov.egg.sync.client.gbd.fl.UniFlSyncClient;
@as1an
as1an / CadesT.java
Created August 28, 2023 08:39
CMS with Timestamp token using knca-provider-util
package kz.gov.pki.sample;
import java.io.StringWriter;
import java.security.KeyStore;
import java.security.Provider;
import java.util.Enumeration;
import kz.gov.pki.kalkan.Storage;
import kz.gov.pki.kalkan.jce.provider.cms.CMSSignedData;
import kz.gov.pki.kalkan.openssl.PEMWriter;
import kz.gov.pki.provider.utils.CMSUtil;
@as1an
as1an / SimpleEnvelopedXml.java
Created November 22, 2022 20:36
Simple enveloped-signature via santuario
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
@as1an
as1an / QrMediator.java
Created October 16, 2022 20:41
A simplified utility class to scan, fetch and send QR-data defined by egov.kz
package kz.gov.pki.samples;
import java.awt.Graphics;
import java.awt.Image;
import java.awt.Toolkit;
import java.awt.datatransfer.DataFlavor;
import java.awt.datatransfer.Transferable;
import java.awt.datatransfer.UnsupportedFlavorException;
import java.awt.image.BufferedImage;
import java.io.ByteArrayInputStream;
@as1an
as1an / some_cert_info.c
Created August 15, 2022 08:33
Example of getting some information using Kalkancrypt (OpenSSL 1.0.x)
BIO *not_before_bio = BIO_new(BIO_s_mem());
ASN1_TIME_print(not_before_bio, X509_get_notBefore(cert)); // format MMM DD HH:MM:SS YYYY [GMT]
// ASN1_STRING_print_ex(not_before_bio, X509_get_notAfter(cert), ASN1_STRFLGS_UTF8_CONVERT); // UTC format YYMMDDHHMMSSZ
int not_before_len = BIO_number_written(not_before_bio);
unsigned char *not_before = (unsigned char *)calloc(not_before_len, sizeof(unsigned char));
BIO_read(not_before_bio, not_before, not_before_len);
NSLog(@"not before: %s", not_before);
BIO_free(not_before_bio);
@as1an
as1an / cms_sign.m
Last active July 18, 2022 19:56
CMS signing example with <openssl/cms.h>
BIO *in = NULL, *out = NULL;
CMS_ContentInfo *cms = NULL;
CMS_SignerInfo *si = NULL;
unsigned char *cms_pem = NULL;
int cms_flags = CMS_NOSMIMECAP | CMS_BINARY | CMS_PARTIAL | CMS_STREAM;
int cms_pem_len = 0;
NSString *nsstring = @"c2FtcGxl";
const unsigned char *cstring = (const unsigned char *) [nsstring UTF8String];