Example 21 with DERObject
use of org.bouncycastle.asn1.DERObject in project XobotOS by xamarin.
the class RFC3280CertPathUtilities method processCRLC.
/**
* If use-deltas is set, verify the issuer and scope of the delta CRL.
*
* @param deltaCRL The delta CRL.
* @param completeCRL The complete CRL.
* @param pkixParams The PKIX paramaters.
* @throws AnnotatedException if an exception occurs.
*/
protected static void processCRLC(X509CRL deltaCRL, X509CRL completeCRL, ExtendedPKIXParameters pkixParams) throws AnnotatedException {
if (deltaCRL == null) {
return;
}
IssuingDistributionPoint completeidp = null;
try {
completeidp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(completeCRL, RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT));
} catch (Exception e) {
throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e);
}
if (pkixParams.isUseDeltasEnabled()) {
// (c) (1)
if (!deltaCRL.getIssuerX500Principal().equals(completeCRL.getIssuerX500Principal())) {
throw new AnnotatedException("Complete CRL issuer does not match delta CRL issuer.");
}
// (c) (2)
IssuingDistributionPoint deltaidp = null;
try {
deltaidp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(deltaCRL, ISSUING_DISTRIBUTION_POINT));
} catch (Exception e) {
throw new AnnotatedException("Issuing distribution point extension from delta CRL could not be decoded.", e);
}
boolean match = false;
if (completeidp == null) {
if (deltaidp == null) {
match = true;
}
} else {
if (completeidp.equals(deltaidp)) {
match = true;
}
}
if (!match) {
throw new AnnotatedException("Issuing distribution point extension from delta CRL and complete CRL does not match.");
}
// (c) (3)
DERObject completeKeyIdentifier = null;
try {
completeKeyIdentifier = CertPathValidatorUtilities.getExtensionValue(completeCRL, AUTHORITY_KEY_IDENTIFIER);
} catch (AnnotatedException e) {
throw new AnnotatedException("Authority key identifier extension could not be extracted from complete CRL.", e);
}
DERObject deltaKeyIdentifier = null;
try {
deltaKeyIdentifier = CertPathValidatorUtilities.getExtensionValue(deltaCRL, AUTHORITY_KEY_IDENTIFIER);
} catch (AnnotatedException e) {
throw new AnnotatedException("Authority key identifier extension could not be extracted from delta CRL.", e);
}
if (completeKeyIdentifier == null) {
throw new AnnotatedException("CRL authority key identifier is null.");
}
if (deltaKeyIdentifier == null) {
throw new AnnotatedException("Delta CRL authority key identifier is null.");
}
if (!completeKeyIdentifier.equals(deltaKeyIdentifier)) {
throw new AnnotatedException("Delta CRL authority key identifier does not match complete CRL authority key identifier.");
}
}
}
Also used :
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
DERObject(org.bouncycastle.asn1.DERObject)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
Example 22 with DERObject
use of org.bouncycastle.asn1.DERObject in project XobotOS by xamarin.
the class RFC3280CertPathUtilities method processCRLB1.
/**
* If the DP includes cRLIssuer, then verify that the issuer field in the
* complete CRL matches cRLIssuer in the DP and that the complete CRL
* contains an issuing distribution point extension with the indirectCRL
* boolean asserted. Otherwise, verify that the CRL issuer matches the
* certificate issuer.
*
* @param dp The distribution point.
* @param cert The certificate ot attribute certificate.
* @param crl The CRL for <code>cert</code>.
* @throws AnnotatedException if one of the above conditions does not apply or an error
* occurs.
*/
protected static void processCRLB1(DistributionPoint dp, Object cert, X509CRL crl) throws AnnotatedException {
DERObject idp = CertPathValidatorUtilities.getExtensionValue(crl, ISSUING_DISTRIBUTION_POINT);
boolean isIndirect = false;
if (idp != null) {
if (IssuingDistributionPoint.getInstance(idp).isIndirectCRL()) {
isIndirect = true;
}
}
byte[] issuerBytes = CertPathValidatorUtilities.getIssuerPrincipal(crl).getEncoded();
boolean matchIssuer = false;
if (dp.getCRLIssuer() != null) {
GeneralName[] genNames = dp.getCRLIssuer().getNames();
for (int j = 0; j < genNames.length; j++) {
if (genNames[j].getTagNo() == GeneralName.directoryName) {
try {
if (Arrays.areEqual(genNames[j].getName().getDERObject().getEncoded(), issuerBytes)) {
matchIssuer = true;
}
} catch (IOException e) {
throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e);
}
}
}
if (matchIssuer && !isIndirect) {
throw new AnnotatedException("Distribution point contains cRLIssuer field but CRL is not indirect.");
}
if (!matchIssuer) {
throw new AnnotatedException("CRL issuer of CRL does not match CRL issuer of distribution point.");
}
} else {
if (CertPathValidatorUtilities.getIssuerPrincipal(crl).equals(CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert))) {
matchIssuer = true;
}
}
if (!matchIssuer) {
throw new AnnotatedException("Cannot find matching CRL issuer for certificate.");
}
}
Also used :
DERObject(org.bouncycastle.asn1.DERObject)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
IOException(java.io.IOException)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
Example 23 with DERObject
use of org.bouncycastle.asn1.DERObject in project XobotOS by xamarin.
the class PrivateKeyFactory method createKey.
/**
* Create a private key parameter from the passed in PKCS8 PrivateKeyInfo object.
*
* @param keyInfo the PrivateKeyInfo object containing the key material
* @return a suitable private key parameter
* @throws IOException on an error decoding the key
*/
public static AsymmetricKeyParameter createKey(PrivateKeyInfo keyInfo) throws IOException {
AlgorithmIdentifier algId = keyInfo.getAlgorithmId();
if (algId.getAlgorithm().equals(PKCSObjectIdentifiers.rsaEncryption)) {
RSAPrivateKeyStructure keyStructure = new RSAPrivateKeyStructure((ASN1Sequence) keyInfo.getPrivateKey());
return new RSAPrivateCrtKeyParameters(keyStructure.getModulus(), keyStructure.getPublicExponent(), keyStructure.getPrivateExponent(), keyStructure.getPrime1(), keyStructure.getPrime2(), keyStructure.getExponent1(), keyStructure.getExponent2(), keyStructure.getCoefficient());
} else // else if (algId.getObjectId().equals(X9ObjectIdentifiers.dhpublicnumber))
if (algId.getObjectId().equals(PKCSObjectIdentifiers.dhKeyAgreement)) {
DHParameter params = new DHParameter((ASN1Sequence) keyInfo.getAlgorithmId().getParameters());
DERInteger derX = (DERInteger) keyInfo.getPrivateKey();
BigInteger lVal = params.getL();
int l = lVal == null ? 0 : lVal.intValue();
DHParameters dhParams = new DHParameters(params.getP(), params.getG(), null, l);
return new DHPrivateKeyParameters(derX.getValue(), dhParams);
} else // END android-removed
if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa)) {
DERInteger derX = (DERInteger) keyInfo.getPrivateKey();
DEREncodable de = keyInfo.getAlgorithmId().getParameters();
DSAParameters parameters = null;
if (de != null) {
DSAParameter params = DSAParameter.getInstance(de.getDERObject());
parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
}
return new DSAPrivateKeyParameters(derX.getValue(), parameters);
} else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey)) {
X962Parameters params = new X962Parameters((DERObject) keyInfo.getAlgorithmId().getParameters());
ECDomainParameters dParams = null;
if (params.isNamedCurve()) {
DERObjectIdentifier oid = (DERObjectIdentifier) params.getParameters();
X9ECParameters ecP = X962NamedCurves.getByOID(oid);
if (ecP == null) {
ecP = SECNamedCurves.getByOID(oid);
if (ecP == null) {
ecP = NISTNamedCurves.getByOID(oid);
// BEGIN android-removed
// if (ecP == null)
// {
// ecP = TeleTrusTNamedCurves.getByOID(oid);
// }
// END android-removed
}
}
dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(), ecP.getH(), ecP.getSeed());
} else {
X9ECParameters ecP = new X9ECParameters((ASN1Sequence) params.getParameters());
dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(), ecP.getH(), ecP.getSeed());
}
ECPrivateKeyStructure ec = new ECPrivateKeyStructure((ASN1Sequence) keyInfo.getPrivateKey());
return new ECPrivateKeyParameters(ec.getKey(), dParams);
} else {
throw new RuntimeException("algorithm identifier in key not recognised");
}
}
Also used :
ECDomainParameters(org.bouncycastle.crypto.params.ECDomainParameters)
DHParameters(org.bouncycastle.crypto.params.DHParameters)
DHPrivateKeyParameters(org.bouncycastle.crypto.params.DHPrivateKeyParameters)
X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters)
ECPrivateKeyStructure(org.bouncycastle.asn1.sec.ECPrivateKeyStructure)
DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DERInteger(org.bouncycastle.asn1.DERInteger)
X962Parameters(org.bouncycastle.asn1.x9.X962Parameters)
ECPrivateKeyParameters(org.bouncycastle.crypto.params.ECPrivateKeyParameters)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DERObject(org.bouncycastle.asn1.DERObject)
RSAPrivateKeyStructure(org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure)
DEREncodable(org.bouncycastle.asn1.DEREncodable)
DSAPrivateKeyParameters(org.bouncycastle.crypto.params.DSAPrivateKeyParameters)
BigInteger(java.math.BigInteger)
DSAParameter(org.bouncycastle.asn1.x509.DSAParameter)
DHParameter(org.bouncycastle.asn1.pkcs.DHParameter)
DSAParameters(org.bouncycastle.crypto.params.DSAParameters)
RSAPrivateCrtKeyParameters(org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters)
Example 24 with DERObject
use of org.bouncycastle.asn1.DERObject in project XobotOS by xamarin.
the class NetscapeCertRequest method toASN1Object.
public DERObject toASN1Object() {
ASN1EncodableVector spkac = new ASN1EncodableVector();
ASN1EncodableVector pkac = new ASN1EncodableVector();
try {
pkac.add(getKeySpec());
} catch (Exception e) {
//ignore
}
pkac.add(new DERIA5String(challenge));
spkac.add(new DERSequence(pkac));
spkac.add(sigAlg);
spkac.add(new DERBitString(sigBits));
return new DERSequence(spkac);
}
Also used :
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
DERBitString(org.bouncycastle.asn1.DERBitString)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
SignatureException(java.security.SignatureException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
NoSuchProviderException(java.security.NoSuchProviderException)
Example 25 with DERObject
use of org.bouncycastle.asn1.DERObject in project XobotOS by xamarin.
the class CertPathValidatorUtilities method getObject.
private static DERObject getObject(String oid, byte[] ext) throws AnnotatedException {
try {
ASN1InputStream aIn = new ASN1InputStream(ext);
ASN1OctetString octs = (ASN1OctetString) aIn.readObject();
aIn = new ASN1InputStream(octs.getOctets());
return aIn.readObject();
} catch (Exception e) {
throw new AnnotatedException("exception processing extension " + oid, e);
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ParseException(java.text.ParseException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertStoreException(java.security.cert.CertStoreException)
CertificateParsingException(java.security.cert.CertificateParsingException)
StoreException(org.bouncycastle.util.StoreException)
IOException(java.io.IOException)
Aggregations
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)47
DERSequence (org.bouncycastle.asn1.DERSequence)42
DERObject (org.bouncycastle.asn1.DERObject)31
IOException (java.io.IOException)15
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)15
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)13
DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)12
PolicyRequiredException (org.nhindirect.policy.PolicyRequiredException)12
DERInteger (org.bouncycastle.asn1.DERInteger)11
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)10
ArrayList (java.util.ArrayList)8
DEREncodable (org.bouncycastle.asn1.DEREncodable)8
DEROctetString (org.bouncycastle.asn1.DEROctetString)8
DERBitString (org.bouncycastle.asn1.DERBitString)7
DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)7
GeneralSecurityException (java.security.GeneralSecurityException)5
CertPathValidatorException (java.security.cert.CertPathValidatorException)5
Enumeration (java.util.Enumeration)5
BERSequence (org.bouncycastle.asn1.BERSequence)5
PolicyProcessException (org.nhindirect.policy.PolicyProcessException)5
