Search in sources :

Example 56 with ASN1ObjectIdentifier

use of com.android.org.bouncycastle.asn1.ASN1ObjectIdentifier in project wildfly by wildfly.

the class KerberosTestUtils method generateSpnegoTokenInit.

/**
     * Generates SPNEGO init token with given initial ticket and supported mechanisms.
     *
     * @param ticket initial ticket for the preferred (the first) mechanism.
     * @param supMechOids object identifiers (OIDs) of supported mechanisms for the SPNEGO.
     * @return ASN.1 encoded SPNEGO init token
     */
public static byte[] generateSpnegoTokenInit(byte[] ticket, String... supMechOids) throws IOException {
    DEROctetString ticketForPreferredMech = new DEROctetString(ticket);
    ASN1EncodableVector mechSeq = new ASN1EncodableVector();
    for (String mech : supMechOids) {
        mechSeq.add(new ASN1ObjectIdentifier(mech));
    }
    DERTaggedObject taggedMechTypes = new DERTaggedObject(0, new DERSequence(mechSeq));
    DERTaggedObject taggedMechToken = new DERTaggedObject(2, ticketForPreferredMech);
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(taggedMechTypes);
    v.add(taggedMechToken);
    DERSequence seqNegTokenInit = new DERSequence(v);
    DERTaggedObject taggedSpnego = new DERTaggedObject(0, seqNegTokenInit);
    ASN1EncodableVector appVec = new ASN1EncodableVector();
    appVec.add(new ASN1ObjectIdentifier(OID_SPNEGO));
    appVec.add(taggedSpnego);
    DERApplicationSpecific app = new DERApplicationSpecific(0, appVec);
    return app.getEncoded();
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) DERApplicationSpecific(org.bouncycastle.asn1.DERApplicationSpecific) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) DEROctetString(org.bouncycastle.asn1.DEROctetString) DEROctetString(org.bouncycastle.asn1.DEROctetString) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 57 with ASN1ObjectIdentifier

use of com.android.org.bouncycastle.asn1.ASN1ObjectIdentifier in project XobotOS by xamarin.

the class X509Extensions method toASN1Object.

/**
     * <pre>
     *     Extensions        ::=   SEQUENCE SIZE (1..MAX) OF Extension
     *
     *     Extension         ::=   SEQUENCE {
     *        extnId            EXTENSION.&amp;id ({ExtensionSet}),
     *        critical          BOOLEAN DEFAULT FALSE,
     *        extnValue         OCTET STRING }
     * </pre>
     */
public DERObject toASN1Object() {
    ASN1EncodableVector vec = new ASN1EncodableVector();
    Enumeration e = ordering.elements();
    while (e.hasMoreElements()) {
        ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
        X509Extension ext = (X509Extension) extensions.get(oid);
        ASN1EncodableVector v = new ASN1EncodableVector();
        v.add(oid);
        if (ext.isCritical()) {
            // BEGIN android-changed
            v.add(DERBoolean.TRUE);
        // END android-changed
        }
        v.add(ext.getValue());
        vec.add(new DERSequence(v));
    }
    return new DERSequence(vec);
}
Also used : Enumeration(java.util.Enumeration) DERSequence(org.bouncycastle.asn1.DERSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 58 with ASN1ObjectIdentifier

use of com.android.org.bouncycastle.asn1.ASN1ObjectIdentifier in project XobotOS by xamarin.

the class BCStyle method atvAreEqual.

private boolean atvAreEqual(AttributeTypeAndValue atv1, AttributeTypeAndValue atv2) {
    if (atv1 == atv2) {
        return true;
    }
    if (atv1 == null) {
        return false;
    }
    if (atv2 == null) {
        return false;
    }
    ASN1ObjectIdentifier o1 = atv1.getType();
    ASN1ObjectIdentifier o2 = atv2.getType();
    if (!o1.equals(o2)) {
        return false;
    }
    String v1 = IETFUtils.canonicalize(IETFUtils.valueToString(atv1.getValue()));
    String v2 = IETFUtils.canonicalize(IETFUtils.valueToString(atv2.getValue()));
    if (!v1.equals(v2)) {
        return false;
    }
    return true;
}
Also used : DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 59 with ASN1ObjectIdentifier

use of com.android.org.bouncycastle.asn1.ASN1ObjectIdentifier in project android_frameworks_base by DirtyUnicorns.

the class AndroidKeyStoreKeyPairGeneratorSpi method generateSelfSignedCertificateWithFakeSignature.

@SuppressWarnings("deprecation")
private X509Certificate generateSelfSignedCertificateWithFakeSignature(PublicKey publicKey) throws IOException, CertificateParsingException {
    V3TBSCertificateGenerator tbsGenerator = new V3TBSCertificateGenerator();
    ASN1ObjectIdentifier sigAlgOid;
    AlgorithmIdentifier sigAlgId;
    byte[] signature;
    switch(mKeymasterAlgorithm) {
        case KeymasterDefs.KM_ALGORITHM_EC:
            sigAlgOid = X9ObjectIdentifiers.ecdsa_with_SHA256;
            sigAlgId = new AlgorithmIdentifier(sigAlgOid);
            ASN1EncodableVector v = new ASN1EncodableVector();
            v.add(new DERInteger(0));
            v.add(new DERInteger(0));
            signature = new DERSequence().getEncoded();
            break;
        case KeymasterDefs.KM_ALGORITHM_RSA:
            sigAlgOid = PKCSObjectIdentifiers.sha256WithRSAEncryption;
            sigAlgId = new AlgorithmIdentifier(sigAlgOid, DERNull.INSTANCE);
            signature = new byte[1];
            break;
        default:
            throw new ProviderException("Unsupported key algorithm: " + mKeymasterAlgorithm);
    }
    try (ASN1InputStream publicKeyInfoIn = new ASN1InputStream(publicKey.getEncoded())) {
        tbsGenerator.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(publicKeyInfoIn.readObject()));
    }
    tbsGenerator.setSerialNumber(new ASN1Integer(mSpec.getCertificateSerialNumber()));
    X509Principal subject = new X509Principal(mSpec.getCertificateSubject().getEncoded());
    tbsGenerator.setSubject(subject);
    tbsGenerator.setIssuer(subject);
    tbsGenerator.setStartDate(new Time(mSpec.getCertificateNotBefore()));
    tbsGenerator.setEndDate(new Time(mSpec.getCertificateNotAfter()));
    tbsGenerator.setSignature(sigAlgId);
    TBSCertificate tbsCertificate = tbsGenerator.generateTBSCertificate();
    ASN1EncodableVector result = new ASN1EncodableVector();
    result.add(tbsCertificate);
    result.add(sigAlgId);
    result.add(new DERBitString(signature));
    return new X509CertificateObject(Certificate.getInstance(new DERSequence(result)));
}
Also used : ASN1InputStream(com.android.org.bouncycastle.asn1.ASN1InputStream) ProviderException(java.security.ProviderException) Time(com.android.org.bouncycastle.asn1.x509.Time) DERBitString(com.android.org.bouncycastle.asn1.DERBitString) ASN1Integer(com.android.org.bouncycastle.asn1.ASN1Integer) AlgorithmIdentifier(com.android.org.bouncycastle.asn1.x509.AlgorithmIdentifier) DERInteger(com.android.org.bouncycastle.asn1.DERInteger) DERSequence(com.android.org.bouncycastle.asn1.DERSequence) X509CertificateObject(com.android.org.bouncycastle.jce.provider.X509CertificateObject) X509Principal(com.android.org.bouncycastle.jce.X509Principal) ASN1EncodableVector(com.android.org.bouncycastle.asn1.ASN1EncodableVector) V3TBSCertificateGenerator(com.android.org.bouncycastle.asn1.x509.V3TBSCertificateGenerator) TBSCertificate(com.android.org.bouncycastle.asn1.x509.TBSCertificate) ASN1ObjectIdentifier(com.android.org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 60 with ASN1ObjectIdentifier

use of com.android.org.bouncycastle.asn1.ASN1ObjectIdentifier in project poi by apache.

the class TSPTimeStampService method timeStamp.

@SuppressWarnings("unchecked")
public byte[] timeStamp(byte[] data, RevocationData revocationData) throws Exception {
    // digest the message
    MessageDigest messageDigest = CryptoFunctions.getMessageDigest(signatureConfig.getTspDigestAlgo());
    byte[] digest = messageDigest.digest(data);
    // generate the TSP request
    BigInteger nonce = new BigInteger(128, new SecureRandom());
    TimeStampRequestGenerator requestGenerator = new TimeStampRequestGenerator();
    requestGenerator.setCertReq(true);
    String requestPolicy = signatureConfig.getTspRequestPolicy();
    if (requestPolicy != null) {
        requestGenerator.setReqPolicy(new ASN1ObjectIdentifier(requestPolicy));
    }
    ASN1ObjectIdentifier digestAlgoOid = mapDigestAlgoToOID(signatureConfig.getTspDigestAlgo());
    TimeStampRequest request = requestGenerator.generate(digestAlgoOid, digest, nonce);
    byte[] encodedRequest = request.getEncoded();
    // create the HTTP POST request
    Proxy proxy = Proxy.NO_PROXY;
    if (signatureConfig.getProxyUrl() != null) {
        URL proxyUrl = new URL(signatureConfig.getProxyUrl());
        String host = proxyUrl.getHost();
        int port = proxyUrl.getPort();
        proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(InetAddress.getByName(host), (port == -1 ? 80 : port)));
    }
    HttpURLConnection huc = (HttpURLConnection) new URL(signatureConfig.getTspUrl()).openConnection(proxy);
    if (signatureConfig.getTspUser() != null) {
        String userPassword = signatureConfig.getTspUser() + ":" + signatureConfig.getTspPass();
        String encoding = DatatypeConverter.printBase64Binary(userPassword.getBytes(Charset.forName("iso-8859-1")));
        huc.setRequestProperty("Authorization", "Basic " + encoding);
    }
    huc.setRequestMethod("POST");
    huc.setConnectTimeout(20000);
    huc.setReadTimeout(20000);
    // also sets method to POST.
    huc.setDoOutput(true);
    huc.setRequestProperty("User-Agent", signatureConfig.getUserAgent());
    huc.setRequestProperty("Content-Type", signatureConfig.isTspOldProtocol() ? "application/timestamp-request" : // "; charset=ISO-8859-1");
    "application/timestamp-query");
    OutputStream hucOut = huc.getOutputStream();
    hucOut.write(encodedRequest);
    // invoke TSP service
    huc.connect();
    int statusCode = huc.getResponseCode();
    if (statusCode != 200) {
        LOG.log(POILogger.ERROR, "Error contacting TSP server ", signatureConfig.getTspUrl() + ", had status code " + statusCode + "/" + huc.getResponseMessage());
        throw new IOException("Error contacting TSP server " + signatureConfig.getTspUrl() + ", had status code " + statusCode + "/" + huc.getResponseMessage());
    }
    // HTTP input validation
    String contentType = huc.getHeaderField("Content-Type");
    if (null == contentType) {
        throw new RuntimeException("missing Content-Type header");
    }
    ByteArrayOutputStream bos = new ByteArrayOutputStream();
    IOUtils.copy(huc.getInputStream(), bos);
    LOG.log(POILogger.DEBUG, "response content: ", HexDump.dump(bos.toByteArray(), 0, 0));
    if (!contentType.startsWith(signatureConfig.isTspOldProtocol() ? "application/timestamp-response" : "application/timestamp-reply")) {
        throw new RuntimeException("invalid Content-Type: " + contentType + // dump the first few bytes
        ": " + HexDump.dump(bos.toByteArray(), 0, 0, 200));
    }
    if (bos.size() == 0) {
        throw new RuntimeException("Content-Length is zero");
    }
    // TSP response parsing and validation
    TimeStampResponse timeStampResponse = new TimeStampResponse(bos.toByteArray());
    timeStampResponse.validate(request);
    if (0 != timeStampResponse.getStatus()) {
        LOG.log(POILogger.DEBUG, "status: " + timeStampResponse.getStatus());
        LOG.log(POILogger.DEBUG, "status string: " + timeStampResponse.getStatusString());
        PKIFailureInfo failInfo = timeStampResponse.getFailInfo();
        if (null != failInfo) {
            LOG.log(POILogger.DEBUG, "fail info int value: " + failInfo.intValue());
            if (/*PKIFailureInfo.unacceptedPolicy*/
            (1 << 8) == failInfo.intValue()) {
                LOG.log(POILogger.DEBUG, "unaccepted policy");
            }
        }
        throw new RuntimeException("timestamp response status != 0: " + timeStampResponse.getStatus());
    }
    TimeStampToken timeStampToken = timeStampResponse.getTimeStampToken();
    SignerId signerId = timeStampToken.getSID();
    BigInteger signerCertSerialNumber = signerId.getSerialNumber();
    X500Name signerCertIssuer = signerId.getIssuer();
    LOG.log(POILogger.DEBUG, "signer cert serial number: " + signerCertSerialNumber);
    LOG.log(POILogger.DEBUG, "signer cert issuer: " + signerCertIssuer);
    // TSP signer certificates retrieval
    Collection<X509CertificateHolder> certificates = timeStampToken.getCertificates().getMatches(null);
    X509CertificateHolder signerCert = null;
    Map<X500Name, X509CertificateHolder> certificateMap = new HashMap<X500Name, X509CertificateHolder>();
    for (X509CertificateHolder certificate : certificates) {
        if (signerCertIssuer.equals(certificate.getIssuer()) && signerCertSerialNumber.equals(certificate.getSerialNumber())) {
            signerCert = certificate;
        }
        certificateMap.put(certificate.getSubject(), certificate);
    }
    // TSP signer cert path building
    if (signerCert == null) {
        throw new RuntimeException("TSP response token has no signer certificate");
    }
    List<X509Certificate> tspCertificateChain = new ArrayList<X509Certificate>();
    JcaX509CertificateConverter x509converter = new JcaX509CertificateConverter();
    x509converter.setProvider("BC");
    X509CertificateHolder certificate = signerCert;
    do {
        LOG.log(POILogger.DEBUG, "adding to certificate chain: " + certificate.getSubject());
        tspCertificateChain.add(x509converter.getCertificate(certificate));
        if (certificate.getSubject().equals(certificate.getIssuer())) {
            break;
        }
        certificate = certificateMap.get(certificate.getIssuer());
    } while (null != certificate);
    // verify TSP signer signature
    X509CertificateHolder holder = new X509CertificateHolder(tspCertificateChain.get(0).getEncoded());
    DefaultCMSSignatureAlgorithmNameGenerator nameGen = new DefaultCMSSignatureAlgorithmNameGenerator();
    DefaultSignatureAlgorithmIdentifierFinder sigAlgoFinder = new DefaultSignatureAlgorithmIdentifierFinder();
    DefaultDigestAlgorithmIdentifierFinder hashAlgoFinder = new DefaultDigestAlgorithmIdentifierFinder();
    BcDigestCalculatorProvider calculator = new BcDigestCalculatorProvider();
    BcRSASignerInfoVerifierBuilder verifierBuilder = new BcRSASignerInfoVerifierBuilder(nameGen, sigAlgoFinder, hashAlgoFinder, calculator);
    SignerInformationVerifier verifier = verifierBuilder.build(holder);
    timeStampToken.validate(verifier);
    // verify TSP signer certificate
    if (signatureConfig.getTspValidator() != null) {
        signatureConfig.getTspValidator().validate(tspCertificateChain, revocationData);
    }
    LOG.log(POILogger.DEBUG, "time-stamp token time: " + timeStampToken.getTimeStampInfo().getGenTime());
    return timeStampToken.getEncoded();
}
Also used : DefaultCMSSignatureAlgorithmNameGenerator(org.bouncycastle.cms.DefaultCMSSignatureAlgorithmNameGenerator) HashMap(java.util.HashMap) InetSocketAddress(java.net.InetSocketAddress) ByteArrayOutputStream(java.io.ByteArrayOutputStream) OutputStream(java.io.OutputStream) ArrayList(java.util.ArrayList) X500Name(org.bouncycastle.asn1.x500.X500Name) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) URL(java.net.URL) TimeStampResponse(org.bouncycastle.tsp.TimeStampResponse) Proxy(java.net.Proxy) HttpURLConnection(java.net.HttpURLConnection) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) MessageDigest(java.security.MessageDigest) SignerInformationVerifier(org.bouncycastle.cms.SignerInformationVerifier) BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider) SecureRandom(java.security.SecureRandom) IOException(java.io.IOException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) TimeStampRequest(org.bouncycastle.tsp.TimeStampRequest) X509Certificate(java.security.cert.X509Certificate) DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder) PKIFailureInfo(org.bouncycastle.asn1.cmp.PKIFailureInfo) SignerId(org.bouncycastle.cms.SignerId) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) TimeStampRequestGenerator(org.bouncycastle.tsp.TimeStampRequestGenerator) BcRSASignerInfoVerifierBuilder(org.bouncycastle.cms.bc.BcRSASignerInfoVerifierBuilder) TimeStampToken(org.bouncycastle.tsp.TimeStampToken) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)55 Enumeration (java.util.Enumeration)23 Extension (org.bouncycastle.asn1.x509.Extension)17 Extensions (org.bouncycastle.asn1.x509.Extensions)17 IOException (java.io.IOException)16 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)14 ASN1String (org.bouncycastle.asn1.ASN1String)12 DEROctetString (org.bouncycastle.asn1.DEROctetString)12 HashSet (java.util.HashSet)11 Set (java.util.Set)11 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)10 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)10 CertificateEncodingException (java.security.cert.CertificateEncodingException)9 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)8 DERSequence (org.bouncycastle.asn1.DERSequence)8 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)8 DERBitString (org.bouncycastle.asn1.DERBitString)7 DERIA5String (org.bouncycastle.asn1.DERIA5String)7 DERUniversalString (org.bouncycastle.asn1.DERUniversalString)7