Search in sources :

Example 41 with DERObjectIdentifier

use of com.android.org.bouncycastle.asn1.DERObjectIdentifier in project robovm by robovm.

the class RFC3280CertPathUtilities method prepareNextCertA.

protected static void prepareNextCertA(CertPath certPath, int index) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    //
    //
    // (a) check the policy mappings
    //
    ASN1Sequence pm = null;
    try {
        pm = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_MAPPINGS));
    } catch (AnnotatedException ex) {
        throw new ExtCertPathValidatorException("Policy mappings extension could not be decoded.", ex, certPath, index);
    }
    if (pm != null) {
        ASN1Sequence mappings = pm;
        for (int j = 0; j < mappings.size(); j++) {
            DERObjectIdentifier issuerDomainPolicy = null;
            DERObjectIdentifier subjectDomainPolicy = null;
            try {
                ASN1Sequence mapping = DERSequence.getInstance(mappings.getObjectAt(j));
                issuerDomainPolicy = DERObjectIdentifier.getInstance(mapping.getObjectAt(0));
                subjectDomainPolicy = DERObjectIdentifier.getInstance(mapping.getObjectAt(1));
            } catch (Exception e) {
                throw new ExtCertPathValidatorException("Policy mappings extension contents could not be decoded.", e, certPath, index);
            }
            if (RFC3280CertPathUtilities.ANY_POLICY.equals(issuerDomainPolicy.getId())) {
                throw new CertPathValidatorException("IssuerDomainPolicy is anyPolicy", null, certPath, index);
            }
            if (RFC3280CertPathUtilities.ANY_POLICY.equals(subjectDomainPolicy.getId())) {
                throw new CertPathValidatorException("SubjectDomainPolicy is anyPolicy,", null, certPath, index);
            }
        }
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) List(java.util.List) ArrayList(java.util.ArrayList) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) X509Certificate(java.security.cert.X509Certificate) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CertificateExpiredException(java.security.cert.CertificateExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException)

Example 42 with DERObjectIdentifier

use of com.android.org.bouncycastle.asn1.DERObjectIdentifier in project robovm by robovm.

the class JCEECPrivateKey method getEncoded.

/**
     * Return a PKCS8 representation of the key. The sequence returned
     * represents a full PrivateKeyInfo object.
     *
     * @return a PKCS8 representation of the key.
     */
public byte[] getEncoded() {
    X962Parameters params;
    if (ecSpec instanceof ECNamedCurveSpec) {
        DERObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec) ecSpec).getName());
        if (// guess it's the OID
        curveOid == null) {
            curveOid = new DERObjectIdentifier(((ECNamedCurveSpec) ecSpec).getName());
        }
        params = new X962Parameters(curveOid);
    } else if (ecSpec == null) {
        params = new X962Parameters(DERNull.INSTANCE);
    } else {
        ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
        X9ECParameters ecP = new X9ECParameters(curve, EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), ecSpec.getOrder(), BigInteger.valueOf(ecSpec.getCofactor()), ecSpec.getCurve().getSeed());
        params = new X962Parameters(ecP);
    }
    PrivateKeyInfo info;
    ECPrivateKeyStructure keyStructure;
    if (publicKey != null) {
        keyStructure = new ECPrivateKeyStructure(this.getS(), publicKey, params);
    } else {
        keyStructure = new ECPrivateKeyStructure(this.getS(), params);
    }
    try {
        // BEGIN android-removed
        // if (algorithm.equals("ECGOST3410"))
        // {
        //     info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive());
        // }
        // else
        // END android-removed
        {
            info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive());
        }
        return info.getEncoded(ASN1Encoding.DER);
    } catch (IOException e) {
        return null;
    }
}
Also used : X962Parameters(org.bouncycastle.asn1.x9.X962Parameters) X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters) ECCurve(org.bouncycastle.math.ec.ECCurve) ECPrivateKeyStructure(org.bouncycastle.asn1.sec.ECPrivateKeyStructure) IOException(java.io.IOException) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) ECNamedCurveSpec(org.bouncycastle.jce.spec.ECNamedCurveSpec) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 43 with DERObjectIdentifier

use of com.android.org.bouncycastle.asn1.DERObjectIdentifier in project zm-mailbox by Zimbra.

the class CertUtil method printSubjectAlternativeNames.

private void printSubjectAlternativeNames(PrintStream outStream) throws Exception {
    final String UPN_DISPLAY = "Principal Name";
    final String RFC822NAME_DISPLAY = "RFC822 Name";
    final String DNSNAME_DISPLAY = "DNS Name";
    outStream.format("X509v3 Subject Alternative Name: \n");
    ASN1InputStream decoder = null;
    try {
        Collection<List<?>> generalNames = cert.getSubjectAlternativeNames();
        // Check that the certificate includes the SubjectAltName extension
        if (generalNames == null) {
            return;
        }
        for (List<?> generalName : generalNames) {
            Integer tag = (Integer) generalName.get(0);
            if (GeneralName.otherName == tag.intValue()) {
                // Value is encoded using ASN.1
                decoder = new ASN1InputStream((byte[]) generalName.toArray()[1]);
                DEREncodable encoded = decoder.readObject();
                DERSequence derSeq = (DERSequence) encoded;
                DERObjectIdentifier typeId = DERObjectIdentifier.getInstance(derSeq.getObjectAt(0));
                String oid = typeId.getId();
                String value = null;
                ASN1TaggedObject otherNameValue = ASN1TaggedObject.getInstance(derSeq.getObjectAt(1));
                if (OID_UPN.equals(oid)) {
                    ASN1TaggedObject upnValue = ASN1TaggedObject.getInstance(otherNameValue.getObject());
                    DERUTF8String str = DERUTF8String.getInstance(upnValue.getObject());
                    value = str.getString();
                }
                outStream.format("    [%d] %s(%s) = %s\n", tag, oid, UPN_DISPLAY, value);
            } else if (GeneralName.rfc822Name == tag.intValue()) {
                String value = (String) generalName.get(1);
                outStream.format("    [%d] %s = %s\n", tag, RFC822NAME_DISPLAY, value);
            } else if (GeneralName.dNSName == tag.intValue()) {
                String value = (String) generalName.get(1);
                outStream.format("    [%d] %s = %s\n", tag, DNSNAME_DISPLAY, value);
            } else {
                outStream.format("    [%d] - not yet supported\n", tag);
            }
        }
    } catch (CertificateParsingException e) {
        e.printStackTrace();
    } finally {
        ByteUtil.closeStream(decoder);
    }
}
Also used : BigInteger(java.math.BigInteger) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERSequence(org.bouncycastle.asn1.DERSequence) CertificateParsingException(java.security.cert.CertificateParsingException) DEREncodable(org.bouncycastle.asn1.DEREncodable) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) List(java.util.List) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)

Example 44 with DERObjectIdentifier

use of com.android.org.bouncycastle.asn1.DERObjectIdentifier in project zm-mailbox by Zimbra.

the class CertUtil method getSubjectAltNameOtherNameUPN.

String getSubjectAltNameOtherNameUPN() {
    Collection<List<?>> generalNames = null;
    try {
        generalNames = cert.getSubjectAlternativeNames();
    } catch (CertificateParsingException e) {
        ZimbraLog.account.warn(LOG_PREFIX + "unable to get subject alternative names", e);
    }
    if (generalNames == null) {
        return null;
    }
    ASN1InputStream decoder = null;
    try {
        // Check that the certificate includes the SubjectAltName extension
        for (List<?> generalName : generalNames) {
            Integer tag = (Integer) generalName.get(0);
            if (GeneralName.otherName == tag.intValue()) {
                // Value is encoded using ASN.1
                decoder = new ASN1InputStream((byte[]) generalName.toArray()[1]);
                DEREncodable encoded = decoder.readObject();
                DERSequence derSeq = (DERSequence) encoded;
                DERObjectIdentifier typeId = DERObjectIdentifier.getInstance(derSeq.getObjectAt(0));
                String oid = typeId.getId();
                String value = null;
                ASN1TaggedObject otherNameValue = ASN1TaggedObject.getInstance(derSeq.getObjectAt(1));
                if (OID_UPN.equals(oid)) {
                    ASN1TaggedObject upnValue = ASN1TaggedObject.getInstance(otherNameValue.getObject());
                    DERUTF8String str = DERUTF8String.getInstance(upnValue.getObject());
                    value = str.getString();
                    return value;
                }
            }
        }
    } catch (IOException e) {
        ZimbraLog.account.warn(LOG_PREFIX + "unable to process ASN.1 data", e);
    } finally {
        ByteUtil.closeStream(decoder);
    }
    return null;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) CertificateParsingException(java.security.cert.CertificateParsingException) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) IOException(java.io.IOException) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) BigInteger(java.math.BigInteger) DERSequence(org.bouncycastle.asn1.DERSequence) DEREncodable(org.bouncycastle.asn1.DEREncodable) List(java.util.List)

Example 45 with DERObjectIdentifier

use of com.android.org.bouncycastle.asn1.DERObjectIdentifier in project nhin-d by DirectProject.

the class SplitProviderDirectSignedDataGenerator_generateTest method setupSigningInfo.

protected void setupSigningInfo(DirectSignedDataGenerator gen) throws Exception {
    final ASN1EncodableVector signedAttrs = new ASN1EncodableVector();
    final SMIMECapabilityVector caps = new SMIMECapabilityVector();
    caps.addCapability(SMIMECapability.dES_EDE3_CBC);
    caps.addCapability(SMIMECapability.rC2_CBC, 128);
    caps.addCapability(SMIMECapability.dES_CBC);
    caps.addCapability(new DERObjectIdentifier("1.2.840.113549.1.7.1"));
    caps.addCapability(SMIMECryptographerImpl.x509CertificateObjectsIdent);
    signedAttrs.add(new SMIMECapabilitiesAttribute(caps));
    // setup the certificates
    if (signerCert == null)
        signerCert = TestUtils.getInternalCert("user1");
    final List<X509Certificate> certList = new ArrayList<X509Certificate>();
    // add certificate
    gen.addSigner(((X509CertificateEx) signerCert).getPrivateKey(), signerCert, DigestAlgorithm.SHA256.getOID(), SMIMECryptographerImpl.createAttributeTable(signedAttrs), null);
    certList.add(signerCert);
    final CertStore certsAndcrls = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), CryptoExtensions.getJCEProviderNameForTypeAndAlgorithm("CertStore", "Collection"));
    gen.addCertificatesAndCRLs(certsAndcrls);
}
Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) SMIMECapabilityVector(org.bouncycastle.asn1.smime.SMIMECapabilityVector) ArrayList(java.util.ArrayList) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) SMIMECapabilitiesAttribute(org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute) CertStore(java.security.cert.CertStore) X509Certificate(java.security.cert.X509Certificate)

Aggregations

DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)43 IOException (java.io.IOException)21 Enumeration (java.util.Enumeration)18 ArrayList (java.util.ArrayList)17 HashSet (java.util.HashSet)17 Set (java.util.Set)17 List (java.util.List)16 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)15 X509Certificate (java.security.cert.X509Certificate)13 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)11 DEREncodable (org.bouncycastle.asn1.DEREncodable)10 DERObject (org.bouncycastle.asn1.DERObject)10 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)9 Iterator (java.util.Iterator)8 X962Parameters (org.bouncycastle.asn1.x9.X962Parameters)8 X9ECParameters (org.bouncycastle.asn1.x9.X9ECParameters)8 HashMap (java.util.HashMap)7 Map (java.util.Map)7 X500Principal (javax.security.auth.x500.X500Principal)7 X509Extension (org.bouncycastle.asn1.x509.X509Extension)7