Example 11 with Asn1Constructed
use of com.android.hotspot2.asn1.Asn1Constructed in project android_frameworks_base by AOSPA.
the class ESTHandler method unpackPkcs7.
private static List<X509Certificate> unpackPkcs7(ByteBuffer pkcs7) throws IOException, GeneralSecurityException {
Collection<Asn1Object> pkcs7Content = Asn1Decoder.decode(pkcs7);
if (pkcs7Content.size() != 1) {
throw new IOException("Unexpected pkcs 7 container: " + pkcs7Content.size());
}
Asn1Object data = pkcs7Content.iterator().next();
if (!data.isConstructed() || !data.matches(sSEQUENCE)) {
throw new IOException("Expected SEQ OF, got " + data.toSimpleString());
} else if (data.getChildren().size() != 2) {
throw new IOException("Expected content info to have two children, got " + data.getChildren().size());
}
Iterator<Asn1Object> children = data.getChildren().iterator();
Asn1Object contentType = children.next();
if (!contentType.equals(Asn1Oid.PKCS7SignedData)) {
throw new IOException("Content not PKCS7 signed data");
}
Asn1Object content = children.next();
if (!content.isConstructed() || !content.matches(sCTXT0)) {
throw new IOException("Expected [CONTEXT 0] with one child, got " + content.toSimpleString() + ", " + content.getChildren().size());
}
Asn1Object signedData = content.getChildren().iterator().next();
Map<Integer, Asn1Object> itemMap = new HashMap<>();
for (Asn1Object item : signedData.getChildren()) {
if (itemMap.put(item.getTag(), item) != null && item.getTag() != Asn1Decoder.TAG_SET) {
throw new IOException("Duplicate item in SignedData: " + item.toSimpleString());
}
}
Asn1Object versionObject = itemMap.get(Asn1Decoder.TAG_INTEGER);
if (versionObject == null || !(versionObject instanceof Asn1Integer)) {
throw new IOException("Bad or missing PKCS7 version: " + versionObject);
}
int pkcs7version = (int) ((Asn1Integer) versionObject).getValue();
Asn1Object innerContentInfo = itemMap.get(Asn1Decoder.TAG_SEQ);
if (innerContentInfo == null || !innerContentInfo.isConstructed() || !innerContentInfo.matches(sSEQUENCE) || innerContentInfo.getChildren().size() != 1) {
throw new IOException("Bad or missing PKCS7 contentInfo");
}
Asn1Object contentID = innerContentInfo.getChildren().iterator().next();
if (pkcs7version == PKCS7DataVersion && !contentID.equals(Asn1Oid.PKCS7Data) || pkcs7version == PKCS7SignedDataVersion && !contentID.equals(Asn1Oid.PKCS7SignedData)) {
throw new IOException("Inner PKCS7 content (" + contentID + ") not expected for version " + pkcs7version);
}
Asn1Object certWrapper = itemMap.get(0);
if (certWrapper == null || !certWrapper.isConstructed() || !certWrapper.matches(sCTXT0)) {
throw new IOException("Expected [CONTEXT 0], got: " + certWrapper);
}
List<X509Certificate> certList = new ArrayList<>(certWrapper.getChildren().size());
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
for (Asn1Object certObject : certWrapper.getChildren()) {
ByteBuffer certOctets = ((Asn1Constructed) certObject).getEncoding();
if (certOctets == null) {
throw new IOException("No cert payload in: " + certObject);
}
byte[] certBytes = new byte[certOctets.remaining()];
certOctets.get(certBytes);
certList.add((X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(certBytes)));
}
return certList;
}
Also used :
Asn1Constructed(com.android.hotspot2.asn1.Asn1Constructed)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
IOException(java.io.IOException)
CertificateFactory(java.security.cert.CertificateFactory)
ByteBuffer(java.nio.ByteBuffer)
X509Certificate(java.security.cert.X509Certificate)
Asn1Object(com.android.hotspot2.asn1.Asn1Object)
Asn1Integer(com.android.hotspot2.asn1.Asn1Integer)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Asn1Integer(com.android.hotspot2.asn1.Asn1Integer)
Example 12 with Asn1Constructed
use of com.android.hotspot2.asn1.Asn1Constructed in project android_frameworks_base by AOSPA.
the class SPVerifier method getExtension.
private static Asn1Object getExtension(X509Certificate certificate, String extension) throws GeneralSecurityException, IOException {
byte[] data = certificate.getExtensionValue(extension);
if (data == null) {
return null;
}
Asn1Octets octetString = (Asn1Octets) Asn1Decoder.decode(ByteBuffer.wrap(data)).iterator().next();
Asn1Constructed sequence = castObject(Asn1Decoder.decode(ByteBuffer.wrap(octetString.getOctets())).iterator().next(), Asn1Constructed.class);
Log.d(OSUManager.TAG, "Extension " + extension + ": " + sequence);
return sequence;
}
Also used :
Asn1Constructed(com.android.hotspot2.asn1.Asn1Constructed)
Asn1Octets(com.android.hotspot2.asn1.Asn1Octets)
Example 13 with Asn1Constructed
use of com.android.hotspot2.asn1.Asn1Constructed in project android_frameworks_base by crdroidandroid.
the class ESTHandler method execute.
public void execute(boolean reenroll) throws IOException, GeneralSecurityException {
URL caURL = new URL(mURL.getProtocol(), mURL.getHost(), mURL.getPort(), mURL.getFile() + CACERT_PATH);
HTTPResponse response;
try (HTTPHandler httpHandler = new HTTPHandler(StandardCharsets.ISO_8859_1, mSocketFactory, mUser, mPassword)) {
response = httpHandler.doGetHTTP(caURL);
if (!"application/pkcs7-mime".equals(response.getHeaders().get(HTTPMessage.ContentTypeHeader))) {
throw new IOException("Unexpected Content-Type: " + response.getHeaders().get(HTTPMessage.ContentTypeHeader));
}
ByteBuffer octetBuffer = response.getBinaryPayload();
Collection<Asn1Object> pkcs7Content1 = Asn1Decoder.decode(octetBuffer);
for (Asn1Object asn1Object : pkcs7Content1) {
Log.d(TAG, "---");
Log.d(TAG, asn1Object.toString());
}
Log.d(TAG, CACERT_PATH);
mCACerts.addAll(unpackPkcs7(octetBuffer));
for (X509Certificate certificate : mCACerts) {
Log.d(TAG, "CA-Cert: " + certificate.getSubjectX500Principal());
}
/*
byte[] octets = new byte[octetBuffer.remaining()];
octetBuffer.duplicate().get(octets);
for (byte b : octets) {
System.out.printf("%02x ", b & 0xff);
}
Log.d(TAG, );
*/
/* + BC
try {
byte[] octets = new byte[octetBuffer.remaining()];
octetBuffer.duplicate().get(octets);
ASN1InputStream asnin = new ASN1InputStream(octets);
for (int n = 0; n < 100; n++) {
ASN1Primitive object = asnin.readObject();
if (object == null) {
break;
}
parseObject(object, 0);
}
}
catch (Throwable t) {
t.printStackTrace();
}
Collection<Asn1Object> pkcs7Content = Asn1Decoder.decode(octetBuffer);
for (Asn1Object asn1Object : pkcs7Content) {
Log.d(TAG, asn1Object);
}
if (pkcs7Content.size() != 1) {
throw new IOException("Unexpected pkcs 7 container: " + pkcs7Content.size());
}
Asn1Constructed pkcs7Root = (Asn1Constructed) pkcs7Content.iterator().next();
Iterator<Asn1ID> certPath = Arrays.asList(Pkcs7CertPath).iterator();
Asn1Object certObject = pkcs7Root.findObject(certPath);
if (certObject == null || certPath.hasNext()) {
throw new IOException("Failed to find cert; returned object " + certObject +
", path " + (certPath.hasNext() ? "short" : "exhausted"));
}
ByteBuffer certOctets = certObject.getPayload();
if (certOctets == null) {
throw new IOException("No cert payload in: " + certObject);
}
byte[] certBytes = new byte[certOctets.remaining()];
certOctets.get(certBytes);
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
Certificate cert = certFactory.generateCertificate(new ByteArrayInputStream(certBytes));
Log.d(TAG, "EST Cert: " + cert);
*/
URL csrURL = new URL(mURL.getProtocol(), mURL.getHost(), mURL.getPort(), mURL.getFile() + CSR_PATH);
response = httpHandler.doGetHTTP(csrURL);
octetBuffer = response.getBinaryPayload();
byte[] csrData = buildCSR(octetBuffer, mOMADMAdapter, httpHandler);
/**/
Collection<Asn1Object> o = Asn1Decoder.decode(ByteBuffer.wrap(csrData));
Log.d(TAG, "CSR:");
Log.d(TAG, o.iterator().next().toString());
Log.d(TAG, "End CSR.");
/**/
URL enrollURL = new URL(mURL.getProtocol(), mURL.getHost(), mURL.getPort(), mURL.getFile() + (reenroll ? SIMPLE_REENROLL_PATH : SIMPLE_ENROLL_PATH));
String data = Base64.encodeToString(csrData, Base64.DEFAULT);
octetBuffer = httpHandler.exchangeBinary(enrollURL, data, "application/pkcs10");
Collection<Asn1Object> pkcs7Content2 = Asn1Decoder.decode(octetBuffer);
for (Asn1Object asn1Object : pkcs7Content2) {
Log.d(TAG, "---");
Log.d(TAG, asn1Object.toString());
}
mClientCerts.addAll(unpackPkcs7(octetBuffer));
for (X509Certificate cert : mClientCerts) {
Log.d(TAG, cert.toString());
}
}
}
Also used :
HTTPHandler(com.android.hotspot2.osu.HTTPHandler)
HTTPResponse(com.android.hotspot2.utils.HTTPResponse)
IOException(java.io.IOException)
DERBitString(com.android.org.bouncycastle.asn1.DERBitString)
DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString)
DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String)
ByteBuffer(java.nio.ByteBuffer)
URL(java.net.URL)
X509Certificate(java.security.cert.X509Certificate)
Asn1Object(com.android.hotspot2.asn1.Asn1Object)
Example 14 with Asn1Constructed
use of com.android.hotspot2.asn1.Asn1Constructed in project platform_frameworks_base by android.
the class ESTHandler method execute.
public void execute(boolean reenroll) throws IOException, GeneralSecurityException {
URL caURL = new URL(mURL.getProtocol(), mURL.getHost(), mURL.getPort(), mURL.getFile() + CACERT_PATH);
HTTPResponse response;
try (HTTPHandler httpHandler = new HTTPHandler(StandardCharsets.ISO_8859_1, mSocketFactory, mUser, mPassword)) {
response = httpHandler.doGetHTTP(caURL);
if (!"application/pkcs7-mime".equals(response.getHeaders().get(HTTPMessage.ContentTypeHeader))) {
throw new IOException("Unexpected Content-Type: " + response.getHeaders().get(HTTPMessage.ContentTypeHeader));
}
ByteBuffer octetBuffer = response.getBinaryPayload();
Collection<Asn1Object> pkcs7Content1 = Asn1Decoder.decode(octetBuffer);
for (Asn1Object asn1Object : pkcs7Content1) {
Log.d(TAG, "---");
Log.d(TAG, asn1Object.toString());
}
Log.d(TAG, CACERT_PATH);
mCACerts.addAll(unpackPkcs7(octetBuffer));
for (X509Certificate certificate : mCACerts) {
Log.d(TAG, "CA-Cert: " + certificate.getSubjectX500Principal());
}
/*
byte[] octets = new byte[octetBuffer.remaining()];
octetBuffer.duplicate().get(octets);
for (byte b : octets) {
System.out.printf("%02x ", b & 0xff);
}
Log.d(TAG, );
*/
/* + BC
try {
byte[] octets = new byte[octetBuffer.remaining()];
octetBuffer.duplicate().get(octets);
ASN1InputStream asnin = new ASN1InputStream(octets);
for (int n = 0; n < 100; n++) {
ASN1Primitive object = asnin.readObject();
if (object == null) {
break;
}
parseObject(object, 0);
}
}
catch (Throwable t) {
t.printStackTrace();
}
Collection<Asn1Object> pkcs7Content = Asn1Decoder.decode(octetBuffer);
for (Asn1Object asn1Object : pkcs7Content) {
Log.d(TAG, asn1Object);
}
if (pkcs7Content.size() != 1) {
throw new IOException("Unexpected pkcs 7 container: " + pkcs7Content.size());
}
Asn1Constructed pkcs7Root = (Asn1Constructed) pkcs7Content.iterator().next();
Iterator<Asn1ID> certPath = Arrays.asList(Pkcs7CertPath).iterator();
Asn1Object certObject = pkcs7Root.findObject(certPath);
if (certObject == null || certPath.hasNext()) {
throw new IOException("Failed to find cert; returned object " + certObject +
", path " + (certPath.hasNext() ? "short" : "exhausted"));
}
ByteBuffer certOctets = certObject.getPayload();
if (certOctets == null) {
throw new IOException("No cert payload in: " + certObject);
}
byte[] certBytes = new byte[certOctets.remaining()];
certOctets.get(certBytes);
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
Certificate cert = certFactory.generateCertificate(new ByteArrayInputStream(certBytes));
Log.d(TAG, "EST Cert: " + cert);
*/
URL csrURL = new URL(mURL.getProtocol(), mURL.getHost(), mURL.getPort(), mURL.getFile() + CSR_PATH);
response = httpHandler.doGetHTTP(csrURL);
octetBuffer = response.getBinaryPayload();
byte[] csrData = buildCSR(octetBuffer, mOMADMAdapter, httpHandler);
/**/
Collection<Asn1Object> o = Asn1Decoder.decode(ByteBuffer.wrap(csrData));
Log.d(TAG, "CSR:");
Log.d(TAG, o.iterator().next().toString());
Log.d(TAG, "End CSR.");
/**/
URL enrollURL = new URL(mURL.getProtocol(), mURL.getHost(), mURL.getPort(), mURL.getFile() + (reenroll ? SIMPLE_REENROLL_PATH : SIMPLE_ENROLL_PATH));
String data = Base64.encodeToString(csrData, Base64.DEFAULT);
octetBuffer = httpHandler.exchangeBinary(enrollURL, data, "application/pkcs10");
Collection<Asn1Object> pkcs7Content2 = Asn1Decoder.decode(octetBuffer);
for (Asn1Object asn1Object : pkcs7Content2) {
Log.d(TAG, "---");
Log.d(TAG, asn1Object.toString());
}
mClientCerts.addAll(unpackPkcs7(octetBuffer));
for (X509Certificate cert : mClientCerts) {
Log.d(TAG, cert.toString());
}
}
}
Also used :
HTTPHandler(com.android.hotspot2.osu.HTTPHandler)
HTTPResponse(com.android.hotspot2.utils.HTTPResponse)
IOException(java.io.IOException)
DERBitString(com.android.org.bouncycastle.asn1.DERBitString)
DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString)
DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String)
ByteBuffer(java.nio.ByteBuffer)
URL(java.net.URL)
X509Certificate(java.security.cert.X509Certificate)
Asn1Object(com.android.hotspot2.asn1.Asn1Object)
Example 15 with Asn1Constructed
use of com.android.hotspot2.asn1.Asn1Constructed in project platform_frameworks_base by android.
the class ESTHandler method unpackPkcs7.
private static List<X509Certificate> unpackPkcs7(ByteBuffer pkcs7) throws IOException, GeneralSecurityException {
Collection<Asn1Object> pkcs7Content = Asn1Decoder.decode(pkcs7);
if (pkcs7Content.size() != 1) {
throw new IOException("Unexpected pkcs 7 container: " + pkcs7Content.size());
}
Asn1Object data = pkcs7Content.iterator().next();
if (!data.isConstructed() || !data.matches(sSEQUENCE)) {
throw new IOException("Expected SEQ OF, got " + data.toSimpleString());
} else if (data.getChildren().size() != 2) {
throw new IOException("Expected content info to have two children, got " + data.getChildren().size());
}
Iterator<Asn1Object> children = data.getChildren().iterator();
Asn1Object contentType = children.next();
if (!contentType.equals(Asn1Oid.PKCS7SignedData)) {
throw new IOException("Content not PKCS7 signed data");
}
Asn1Object content = children.next();
if (!content.isConstructed() || !content.matches(sCTXT0)) {
throw new IOException("Expected [CONTEXT 0] with one child, got " + content.toSimpleString() + ", " + content.getChildren().size());
}
Asn1Object signedData = content.getChildren().iterator().next();
Map<Integer, Asn1Object> itemMap = new HashMap<>();
for (Asn1Object item : signedData.getChildren()) {
if (itemMap.put(item.getTag(), item) != null && item.getTag() != Asn1Decoder.TAG_SET) {
throw new IOException("Duplicate item in SignedData: " + item.toSimpleString());
}
}
Asn1Object versionObject = itemMap.get(Asn1Decoder.TAG_INTEGER);
if (versionObject == null || !(versionObject instanceof Asn1Integer)) {
throw new IOException("Bad or missing PKCS7 version: " + versionObject);
}
int pkcs7version = (int) ((Asn1Integer) versionObject).getValue();
Asn1Object innerContentInfo = itemMap.get(Asn1Decoder.TAG_SEQ);
if (innerContentInfo == null || !innerContentInfo.isConstructed() || !innerContentInfo.matches(sSEQUENCE) || innerContentInfo.getChildren().size() != 1) {
throw new IOException("Bad or missing PKCS7 contentInfo");
}
Asn1Object contentID = innerContentInfo.getChildren().iterator().next();
if (pkcs7version == PKCS7DataVersion && !contentID.equals(Asn1Oid.PKCS7Data) || pkcs7version == PKCS7SignedDataVersion && !contentID.equals(Asn1Oid.PKCS7SignedData)) {
throw new IOException("Inner PKCS7 content (" + contentID + ") not expected for version " + pkcs7version);
}
Asn1Object certWrapper = itemMap.get(0);
if (certWrapper == null || !certWrapper.isConstructed() || !certWrapper.matches(sCTXT0)) {
throw new IOException("Expected [CONTEXT 0], got: " + certWrapper);
}
List<X509Certificate> certList = new ArrayList<>(certWrapper.getChildren().size());
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
for (Asn1Object certObject : certWrapper.getChildren()) {
ByteBuffer certOctets = ((Asn1Constructed) certObject).getEncoding();
if (certOctets == null) {
throw new IOException("No cert payload in: " + certObject);
}
byte[] certBytes = new byte[certOctets.remaining()];
certOctets.get(certBytes);
certList.add((X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(certBytes)));
}
return certList;
}
Also used :
Asn1Constructed(com.android.hotspot2.asn1.Asn1Constructed)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
IOException(java.io.IOException)
CertificateFactory(java.security.cert.CertificateFactory)
ByteBuffer(java.nio.ByteBuffer)
X509Certificate(java.security.cert.X509Certificate)
Asn1Object(com.android.hotspot2.asn1.Asn1Object)
Asn1Integer(com.android.hotspot2.asn1.Asn1Integer)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Asn1Integer(com.android.hotspot2.asn1.Asn1Integer)
Aggregations
Asn1Constructed (com.android.hotspot2.asn1.Asn1Constructed)20
Asn1Object (com.android.hotspot2.asn1.Asn1Object)20
IOException (java.io.IOException)20
ByteBuffer (java.nio.ByteBuffer)10
X509Certificate (java.security.cert.X509Certificate)10
ArrayList (java.util.ArrayList)10
HashMap (java.util.HashMap)10
I18Name (com.android.anqp.I18Name)5
Asn1Integer (com.android.hotspot2.asn1.Asn1Integer)5
Asn1Octets (com.android.hotspot2.asn1.Asn1Octets)5
Asn1String (com.android.hotspot2.asn1.Asn1String)5
HTTPHandler (com.android.hotspot2.osu.HTTPHandler)5
HTTPResponse (com.android.hotspot2.utils.HTTPResponse)5
DERBitString (com.android.org.bouncycastle.asn1.DERBitString)5
DERIA5String (com.android.org.bouncycastle.asn1.DERIA5String)5
DERPrintableString (com.android.org.bouncycastle.asn1.DERPrintableString)5
ByteArrayInputStream (java.io.ByteArrayInputStream)5
URL (java.net.URL)5
CertificateFactory (java.security.cert.CertificateFactory)5
