Search in sources :

Example 51 with ASN1InputStream

use of com.android.org.bouncycastle.asn1.ASN1InputStream in project jruby-openssl by jruby.

the class PKey method readPrivateKey.

public static KeyPair readPrivateKey(final byte[] input, final String type) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
    KeySpec pubSpec;
    KeySpec privSpec;
    ASN1Sequence seq = (ASN1Sequence) new ASN1InputStream(input).readObject();
    if (type.equals("RSA")) {
        ASN1Integer mod = (ASN1Integer) seq.getObjectAt(1);
        ASN1Integer pubExp = (ASN1Integer) seq.getObjectAt(2);
        ASN1Integer privExp = (ASN1Integer) seq.getObjectAt(3);
        ASN1Integer p1 = (ASN1Integer) seq.getObjectAt(4);
        ASN1Integer p2 = (ASN1Integer) seq.getObjectAt(5);
        ASN1Integer exp1 = (ASN1Integer) seq.getObjectAt(6);
        ASN1Integer exp2 = (ASN1Integer) seq.getObjectAt(7);
        ASN1Integer crtCoef = (ASN1Integer) seq.getObjectAt(8);
        pubSpec = new RSAPublicKeySpec(mod.getValue(), pubExp.getValue());
        privSpec = new RSAPrivateCrtKeySpec(mod.getValue(), pubExp.getValue(), privExp.getValue(), p1.getValue(), p2.getValue(), exp1.getValue(), exp2.getValue(), crtCoef.getValue());
    } else if (type.equals("DSA")) {
        ASN1Integer p = (ASN1Integer) seq.getObjectAt(1);
        ASN1Integer q = (ASN1Integer) seq.getObjectAt(2);
        ASN1Integer g = (ASN1Integer) seq.getObjectAt(3);
        ASN1Integer y = (ASN1Integer) seq.getObjectAt(4);
        ASN1Integer x = (ASN1Integer) seq.getObjectAt(5);
        privSpec = new DSAPrivateKeySpec(x.getValue(), p.getValue(), q.getValue(), g.getValue());
        pubSpec = new DSAPublicKeySpec(y.getValue(), p.getValue(), q.getValue(), g.getValue());
    } else if (type.equals("ECDSA")) {
        return readECPrivateKey(input);
    } else {
        throw new IllegalStateException("unsupported type: " + type);
    }
    KeyFactory fact = SecurityHelper.getKeyFactory(type);
    return new KeyPair(fact.generatePublic(pubSpec), fact.generatePrivate(privSpec));
}
Also used : DSAPrivateKeySpec(java.security.spec.DSAPrivateKeySpec) RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) KeyPair(java.security.KeyPair) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec) ECPrivateKeySpec(java.security.spec.ECPrivateKeySpec) KeySpec(java.security.spec.KeySpec) DSAPrivateKeySpec(java.security.spec.DSAPrivateKeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec) ECPublicKeySpec(org.bouncycastle.jce.spec.ECPublicKeySpec) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) KeyFactory(java.security.KeyFactory) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)

Example 52 with ASN1InputStream

use of com.android.org.bouncycastle.asn1.ASN1InputStream in project jruby-openssl by jruby.

the class StoreContext method checkChainExtensions.

/**
 * c: check_chain_extensions
 */
public int checkChainExtensions() throws Exception {
    int ok, must_be_ca;
    X509AuxCertificate x;
    int proxy_path_length = 0;
    int allow_proxy_certs = (verifyParameter.flags & X509Utils.V_FLAG_ALLOW_PROXY_CERTS) != 0 ? 1 : 0;
    must_be_ca = -1;
    try {
        final String allowProxyCerts = System.getenv("OPENSSL_ALLOW_PROXY_CERTS");
        if (allowProxyCerts != null && !"false".equalsIgnoreCase(allowProxyCerts)) {
            allow_proxy_certs = 1;
        }
    } catch (SecurityException e) {
    /* ignore if we can't use System.getenv */
    }
    for (int i = 0; i < lastUntrusted; i++) {
        int ret;
        x = chain.get(i);
        if ((verifyParameter.flags & X509Utils.V_FLAG_IGNORE_CRITICAL) == 0 && unhandledCritical(x)) {
            error = X509Utils.V_ERR_UNHANDLED_CRITICAL_EXTENSION;
            errorDepth = i;
            currentCertificate = x;
            ok = verifyCallback.call(this, ZERO);
            if (ok == 0)
                return ok;
        }
        if (allow_proxy_certs == 0 && x.getExtensionValue("1.3.6.1.5.5.7.1.14") != null) {
            error = X509Utils.V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
            errorDepth = i;
            currentCertificate = x;
            ok = verifyCallback.call(this, ZERO);
            if (ok == 0)
                return ok;
        }
        ret = Purpose.checkCA(x);
        switch(must_be_ca) {
            case -1:
                if ((verifyParameter.flags & X509Utils.V_FLAG_X509_STRICT) != 0 && ret != 1 && ret != 0) {
                    ret = 0;
                    error = X509Utils.V_ERR_INVALID_CA;
                } else {
                    ret = 1;
                }
                break;
            case 0:
                if (ret != 0) {
                    ret = 0;
                    error = X509Utils.V_ERR_INVALID_NON_CA;
                } else {
                    ret = 1;
                }
                break;
            default:
                if (ret == 0 || ((verifyParameter.flags & X509Utils.V_FLAG_X509_STRICT) != 0 && ret != 1)) {
                    ret = 0;
                    error = X509Utils.V_ERR_INVALID_CA;
                } else {
                    ret = 1;
                }
                break;
        }
        if (ret == 0) {
            errorDepth = i;
            currentCertificate = x;
            ok = verifyCallback.call(this, ZERO);
            if (ok == 0)
                return ok;
        }
        if (verifyParameter.purpose > 0) {
            ret = Purpose.checkPurpose(x, verifyParameter.purpose, must_be_ca > 0 ? 1 : 0);
            if (ret == 0 || ((verifyParameter.flags & X509Utils.V_FLAG_X509_STRICT) != 0 && ret != 1)) {
                error = X509Utils.V_ERR_INVALID_PURPOSE;
                errorDepth = i;
                currentCertificate = x;
                ok = verifyCallback.call(this, ZERO);
                if (ok == 0) {
                    return ok;
                }
            }
        }
        if (i > 1 && x.getBasicConstraints() != -1 && x.getBasicConstraints() != Integer.MAX_VALUE && (i > (x.getBasicConstraints() + proxy_path_length + 1))) {
            error = X509Utils.V_ERR_PATH_LENGTH_EXCEEDED;
            errorDepth = i;
            currentCertificate = x;
            ok = verifyCallback.call(this, ZERO);
            if (ok == 0)
                return ok;
        }
        if (x.getExtensionValue("1.3.6.1.5.5.7.1.14") != null) {
            ASN1Sequence pci = (ASN1Sequence) new ASN1InputStream(x.getExtensionValue("1.3.6.1.5.5.7.1.14")).readObject();
            if (pci.size() > 0 && pci.getObjectAt(0) instanceof ASN1Integer) {
                int pcpathlen = ((ASN1Integer) pci.getObjectAt(0)).getValue().intValue();
                if (i > pcpathlen) {
                    error = X509Utils.V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
                    errorDepth = i;
                    currentCertificate = x;
                    ok = verifyCallback.call(this, ZERO);
                    if (ok == 0)
                        return ok;
                }
            }
            proxy_path_length++;
            must_be_ca = 0;
        } else {
            must_be_ca = 1;
        }
    }
    return 1;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) GeneralSecurityException(java.security.GeneralSecurityException) ASN1Integer(org.bouncycastle.asn1.ASN1Integer)

Example 53 with ASN1InputStream

use of com.android.org.bouncycastle.asn1.ASN1InputStream in project structr by structr.

the class SignedJarBuilder method writeSignatureBlock.

/**
 * Write the certificate file with a digital signature.
 */
private void writeSignatureBlock(final JarOutputStream jos, final CMSTypedData data, final X509Certificate publicKey, final PrivateKey privateKey) throws IOException, CertificateEncodingException, OperatorCreationException, CMSException {
    final List<X509Certificate> certList = new ArrayList<>();
    certList.add(publicKey);
    final JcaCertStore certs = new JcaCertStore(certList);
    final CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
    final ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1with" + privateKey.getAlgorithm()).build(privateKey);
    gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).setDirectSignature(true).build(sha1Signer, publicKey));
    gen.addCertificates(certs);
    final CMSSignedData sigData = gen.generate(data, false);
    final ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded());
    final DEROutputStream dos = new DEROutputStream(jos);
    dos.writeObject(asn1.readObject());
}
Also used : CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) JcaSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ArrayList(java.util.ArrayList) ContentSigner(org.bouncycastle.operator.ContentSigner) JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore) JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder) CMSSignedData(org.bouncycastle.cms.CMSSignedData) X509Certificate(java.security.cert.X509Certificate) DEROutputStream(org.bouncycastle.asn1.DEROutputStream)

Example 54 with ASN1InputStream

use of com.android.org.bouncycastle.asn1.ASN1InputStream in project BiglyBT by BiglySoftware.

the class Dump method main.

public static void main(String[] args) throws Exception {
    FileInputStream fIn = new FileInputStream(args[0]);
    ASN1InputStream bIn = new ASN1InputStream(fIn);
    Object obj = null;
    while ((obj = bIn.readObject()) != null) {
        System.out.println(ASN1Dump.dumpAsString(obj));
    }
}
Also used : ASN1InputStream(org.gudy.bouncycastle.asn1.ASN1InputStream) FileInputStream(java.io.FileInputStream)

Example 55 with ASN1InputStream

use of com.android.org.bouncycastle.asn1.ASN1InputStream in project BiglyBT by BiglySoftware.

the class X509NameEntryConverter method convertHexEncoded.

/**
 * Convert an inline encoded hex string rendition of an ASN.1
 * object back into its corresponding ASN.1 object.
 *
 * @param str the hex encoded object
 * @param off the index at which the encoding starts
 * @return the decoded object
 */
protected DERObject convertHexEncoded(String str, int off) throws IOException {
    str = Strings.toLowerCase(str);
    byte[] data = new byte[(str.length() - off) / 2];
    for (int index = 0; index != data.length; index++) {
        char left = str.charAt((index * 2) + off);
        char right = str.charAt((index * 2) + off + 1);
        if (left < 'a') {
            data[index] = (byte) ((left - '0') << 4);
        } else {
            data[index] = (byte) ((left - 'a' + 10) << 4);
        }
        if (right < 'a') {
            data[index] |= (byte) (right - '0');
        } else {
            data[index] |= (byte) (right - 'a' + 10);
        }
    }
    ASN1InputStream aIn = new ASN1InputStream(data);
    return aIn.readObject();
}
Also used : ASN1InputStream(org.gudy.bouncycastle.asn1.ASN1InputStream)

Aggregations

ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)108 IOException (java.io.IOException)90 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)36 ByteArrayInputStream (java.io.ByteArrayInputStream)35 X509Certificate (java.security.cert.X509Certificate)25 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)25 BigInteger (java.math.BigInteger)21 DEROctetString (org.bouncycastle.asn1.DEROctetString)21 ASN1InputStream (com.android.org.bouncycastle.asn1.ASN1InputStream)20 CertificateException (java.security.cert.CertificateException)20 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)18 CertificateParsingException (java.security.cert.CertificateParsingException)18 Enumeration (java.util.Enumeration)17 CertificateEncodingException (java.security.cert.CertificateEncodingException)16 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)16 InvalidKeyException (java.security.InvalidKeyException)14 CRLException (java.security.cert.CRLException)14 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)14 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)12 NoSuchProviderException (java.security.NoSuchProviderException)11