use of com.android.org.bouncycastle.asn1.ASN1InputStream in project jruby-openssl by jruby.
the class PKey method readPrivateKey.
public static KeyPair readPrivateKey(final byte[] input, final String type) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
KeySpec pubSpec;
KeySpec privSpec;
ASN1Sequence seq = (ASN1Sequence) new ASN1InputStream(input).readObject();
if (type.equals("RSA")) {
ASN1Integer mod = (ASN1Integer) seq.getObjectAt(1);
ASN1Integer pubExp = (ASN1Integer) seq.getObjectAt(2);
ASN1Integer privExp = (ASN1Integer) seq.getObjectAt(3);
ASN1Integer p1 = (ASN1Integer) seq.getObjectAt(4);
ASN1Integer p2 = (ASN1Integer) seq.getObjectAt(5);
ASN1Integer exp1 = (ASN1Integer) seq.getObjectAt(6);
ASN1Integer exp2 = (ASN1Integer) seq.getObjectAt(7);
ASN1Integer crtCoef = (ASN1Integer) seq.getObjectAt(8);
pubSpec = new RSAPublicKeySpec(mod.getValue(), pubExp.getValue());
privSpec = new RSAPrivateCrtKeySpec(mod.getValue(), pubExp.getValue(), privExp.getValue(), p1.getValue(), p2.getValue(), exp1.getValue(), exp2.getValue(), crtCoef.getValue());
} else if (type.equals("DSA")) {
ASN1Integer p = (ASN1Integer) seq.getObjectAt(1);
ASN1Integer q = (ASN1Integer) seq.getObjectAt(2);
ASN1Integer g = (ASN1Integer) seq.getObjectAt(3);
ASN1Integer y = (ASN1Integer) seq.getObjectAt(4);
ASN1Integer x = (ASN1Integer) seq.getObjectAt(5);
privSpec = new DSAPrivateKeySpec(x.getValue(), p.getValue(), q.getValue(), g.getValue());
pubSpec = new DSAPublicKeySpec(y.getValue(), p.getValue(), q.getValue(), g.getValue());
} else if (type.equals("ECDSA")) {
return readECPrivateKey(input);
} else {
throw new IllegalStateException("unsupported type: " + type);
}
KeyFactory fact = SecurityHelper.getKeyFactory(type);
return new KeyPair(fact.generatePublic(pubSpec), fact.generatePrivate(privSpec));
}
use of com.android.org.bouncycastle.asn1.ASN1InputStream in project jruby-openssl by jruby.
the class StoreContext method checkChainExtensions.
/**
* c: check_chain_extensions
*/
public int checkChainExtensions() throws Exception {
int ok, must_be_ca;
X509AuxCertificate x;
int proxy_path_length = 0;
int allow_proxy_certs = (verifyParameter.flags & X509Utils.V_FLAG_ALLOW_PROXY_CERTS) != 0 ? 1 : 0;
must_be_ca = -1;
try {
final String allowProxyCerts = System.getenv("OPENSSL_ALLOW_PROXY_CERTS");
if (allowProxyCerts != null && !"false".equalsIgnoreCase(allowProxyCerts)) {
allow_proxy_certs = 1;
}
} catch (SecurityException e) {
/* ignore if we can't use System.getenv */
}
for (int i = 0; i < lastUntrusted; i++) {
int ret;
x = chain.get(i);
if ((verifyParameter.flags & X509Utils.V_FLAG_IGNORE_CRITICAL) == 0 && unhandledCritical(x)) {
error = X509Utils.V_ERR_UNHANDLED_CRITICAL_EXTENSION;
errorDepth = i;
currentCertificate = x;
ok = verifyCallback.call(this, ZERO);
if (ok == 0)
return ok;
}
if (allow_proxy_certs == 0 && x.getExtensionValue("1.3.6.1.5.5.7.1.14") != null) {
error = X509Utils.V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
errorDepth = i;
currentCertificate = x;
ok = verifyCallback.call(this, ZERO);
if (ok == 0)
return ok;
}
ret = Purpose.checkCA(x);
switch(must_be_ca) {
case -1:
if ((verifyParameter.flags & X509Utils.V_FLAG_X509_STRICT) != 0 && ret != 1 && ret != 0) {
ret = 0;
error = X509Utils.V_ERR_INVALID_CA;
} else {
ret = 1;
}
break;
case 0:
if (ret != 0) {
ret = 0;
error = X509Utils.V_ERR_INVALID_NON_CA;
} else {
ret = 1;
}
break;
default:
if (ret == 0 || ((verifyParameter.flags & X509Utils.V_FLAG_X509_STRICT) != 0 && ret != 1)) {
ret = 0;
error = X509Utils.V_ERR_INVALID_CA;
} else {
ret = 1;
}
break;
}
if (ret == 0) {
errorDepth = i;
currentCertificate = x;
ok = verifyCallback.call(this, ZERO);
if (ok == 0)
return ok;
}
if (verifyParameter.purpose > 0) {
ret = Purpose.checkPurpose(x, verifyParameter.purpose, must_be_ca > 0 ? 1 : 0);
if (ret == 0 || ((verifyParameter.flags & X509Utils.V_FLAG_X509_STRICT) != 0 && ret != 1)) {
error = X509Utils.V_ERR_INVALID_PURPOSE;
errorDepth = i;
currentCertificate = x;
ok = verifyCallback.call(this, ZERO);
if (ok == 0) {
return ok;
}
}
}
if (i > 1 && x.getBasicConstraints() != -1 && x.getBasicConstraints() != Integer.MAX_VALUE && (i > (x.getBasicConstraints() + proxy_path_length + 1))) {
error = X509Utils.V_ERR_PATH_LENGTH_EXCEEDED;
errorDepth = i;
currentCertificate = x;
ok = verifyCallback.call(this, ZERO);
if (ok == 0)
return ok;
}
if (x.getExtensionValue("1.3.6.1.5.5.7.1.14") != null) {
ASN1Sequence pci = (ASN1Sequence) new ASN1InputStream(x.getExtensionValue("1.3.6.1.5.5.7.1.14")).readObject();
if (pci.size() > 0 && pci.getObjectAt(0) instanceof ASN1Integer) {
int pcpathlen = ((ASN1Integer) pci.getObjectAt(0)).getValue().intValue();
if (i > pcpathlen) {
error = X509Utils.V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
errorDepth = i;
currentCertificate = x;
ok = verifyCallback.call(this, ZERO);
if (ok == 0)
return ok;
}
}
proxy_path_length++;
must_be_ca = 0;
} else {
must_be_ca = 1;
}
}
return 1;
}
use of com.android.org.bouncycastle.asn1.ASN1InputStream in project structr by structr.
the class SignedJarBuilder method writeSignatureBlock.
/**
* Write the certificate file with a digital signature.
*/
private void writeSignatureBlock(final JarOutputStream jos, final CMSTypedData data, final X509Certificate publicKey, final PrivateKey privateKey) throws IOException, CertificateEncodingException, OperatorCreationException, CMSException {
final List<X509Certificate> certList = new ArrayList<>();
certList.add(publicKey);
final JcaCertStore certs = new JcaCertStore(certList);
final CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
final ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1with" + privateKey.getAlgorithm()).build(privateKey);
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).setDirectSignature(true).build(sha1Signer, publicKey));
gen.addCertificates(certs);
final CMSSignedData sigData = gen.generate(data, false);
final ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded());
final DEROutputStream dos = new DEROutputStream(jos);
dos.writeObject(asn1.readObject());
}
use of com.android.org.bouncycastle.asn1.ASN1InputStream in project BiglyBT by BiglySoftware.
the class Dump method main.
public static void main(String[] args) throws Exception {
FileInputStream fIn = new FileInputStream(args[0]);
ASN1InputStream bIn = new ASN1InputStream(fIn);
Object obj = null;
while ((obj = bIn.readObject()) != null) {
System.out.println(ASN1Dump.dumpAsString(obj));
}
}
use of com.android.org.bouncycastle.asn1.ASN1InputStream in project BiglyBT by BiglySoftware.
the class X509NameEntryConverter method convertHexEncoded.
/**
* Convert an inline encoded hex string rendition of an ASN.1
* object back into its corresponding ASN.1 object.
*
* @param str the hex encoded object
* @param off the index at which the encoding starts
* @return the decoded object
*/
protected DERObject convertHexEncoded(String str, int off) throws IOException {
str = Strings.toLowerCase(str);
byte[] data = new byte[(str.length() - off) / 2];
for (int index = 0; index != data.length; index++) {
char left = str.charAt((index * 2) + off);
char right = str.charAt((index * 2) + off + 1);
if (left < 'a') {
data[index] = (byte) ((left - '0') << 4);
} else {
data[index] = (byte) ((left - 'a' + 10) << 4);
}
if (right < 'a') {
data[index] |= (byte) (right - '0');
} else {
data[index] |= (byte) (right - 'a' + 10);
}
}
ASN1InputStream aIn = new ASN1InputStream(data);
return aIn.readObject();
}
Aggregations