use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project sshj by hierynomus.
the class DSAPrivateKeyInfoKeyPairConverter method getKeyPair.
/**
* Get PEM Key Pair calculating DSA Public Key from DSA Private Key Information
*
* @param privateKeyInfo DSA Private Key Information
* @return PEM Key Pair
* @throws IOException Thrown on Public Key parsing failures
*/
@Override
public PEMKeyPair getKeyPair(final PrivateKeyInfo privateKeyInfo) throws IOException {
Objects.requireNonNull(privateKeyInfo, "Private Key Info required");
final AlgorithmIdentifier algorithmIdentifier = privateKeyInfo.getPrivateKeyAlgorithm();
final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
if (X9ObjectIdentifiers.id_dsa.equals(algorithm)) {
logger.debug("DSA Algorithm Found [{}]", algorithm);
} else {
throw new IllegalArgumentException(String.format("DSA Algorithm OID required [%s]", algorithm));
}
final ASN1Integer encodedPublicKey = getEncodedPublicKey(privateKeyInfo);
final SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algorithmIdentifier, encodedPublicKey);
return new PEMKeyPair(subjectPublicKeyInfo, privateKeyInfo);
}
use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project sshj by hierynomus.
the class ECDSAPrivateKeyInfoKeyPairConverter method getKeyPair.
/**
* Get PEM Key Pair calculating ECDSA Public Key from ECDSA Private Key Information
*
* @param privateKeyInfo ECDSA Private Key Information
* @return PEM Key Pair
* @throws IOException Thrown on Public Key parsing failures
*/
@Override
public PEMKeyPair getKeyPair(final PrivateKeyInfo privateKeyInfo) throws IOException {
Objects.requireNonNull(privateKeyInfo, "Private Key Info required");
final AlgorithmIdentifier algorithmIdentifier = privateKeyInfo.getPrivateKeyAlgorithm();
final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
if (X9ObjectIdentifiers.id_ecPublicKey.equals(algorithm)) {
logger.debug("ECDSA Algorithm Found [{}]", algorithm);
} else {
throw new IllegalArgumentException(String.format("ECDSA Algorithm OID required [%s]", algorithm));
}
final byte[] encodedPublicKey = getEncodedPublicKey(privateKeyInfo);
final SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algorithmIdentifier, encodedPublicKey);
return new PEMKeyPair(subjectPublicKeyInfo, privateKeyInfo);
}
use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project sshj by hierynomus.
the class RSAPrivateKeyInfoKeyPairConverter method getKeyPair.
/**
* Get PEM Key Pair parsing RSA Public Key attributes from RSA Private Key Information
*
* @param privateKeyInfo RSA Private Key Information
* @return PEM Key Pair
* @throws IOException Thrown on Public Key parsing failures
*/
@Override
public PEMKeyPair getKeyPair(final PrivateKeyInfo privateKeyInfo) throws IOException {
Objects.requireNonNull(privateKeyInfo, "Private Key Info required");
final AlgorithmIdentifier algorithmIdentifier = privateKeyInfo.getPrivateKeyAlgorithm();
final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
if (PKCSObjectIdentifiers.rsaEncryption.equals(algorithm)) {
logger.debug("RSA Algorithm Found [{}]", algorithm);
} else {
throw new IllegalArgumentException(String.format("RSA Algorithm OID required [%s]", algorithm));
}
final RSAPublicKey rsaPublicKey = getRsaPublicKey(privateKeyInfo);
final SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algorithmIdentifier, rsaPublicKey);
return new PEMKeyPair(subjectPublicKeyInfo, privateKeyInfo);
}
use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project powerauth-webflow by wultra.
the class ICACertificateParser method parse.
/**
* Parse certificate in PEM format and return structured information about organization.
*
* @param certificatePem Certificate in PEM format.
* @return Structured certificate information.
* @throws CertificateException In case certificate cannot be parsed (or in rare case X.509 is not supported).
*/
public CertInfo parse(String certificatePem) throws CertificateException {
// Check for null certificate value
if (certificatePem == null) {
throw new CertificateException("Certificate in PEM format not found.");
}
// Handle the URL encoded certificates
if (certificatePem.startsWith("-----BEGIN%20CERTIFICATE-----")) {
// certificate is URL encoded by nginx.
try {
certificatePem = URLDecoder.decode(certificatePem, StandardCharsets.UTF_8.toString());
} catch (UnsupportedEncodingException e) {
throw new CertificateException("Unable to extract certificate in PEM format (nginx).");
}
}
// Replace spaces in Apache forwarded certificate by newlines correctly
certificatePem = certificatePem.replaceAll(" ", "\n").replace("-----BEGIN\nCERTIFICATE-----", "-----BEGIN CERTIFICATE-----").replace("-----END\nCERTIFICATE-----", "-----END CERTIFICATE-----");
final CertificateFactory cf = CertificateFactory.getInstance("X.509");
final ByteArrayInputStream bais = new ByteArrayInputStream(certificatePem.getBytes(StandardCharsets.UTF_8));
X509Certificate cert = (X509Certificate) cf.generateCertificate(bais);
try {
final byte[] qcStatement = cert.getExtensionValue("1.3.6.1.5.5.7.1.3");
if (qcStatement == null) {
throw new CertificateException("Unable to extract PSD2 mandates.");
}
final ASN1Primitive qcStatementAsn1Primitive = JcaX509ExtensionUtils.parseExtensionValue(qcStatement);
if (qcStatementAsn1Primitive == null) {
throw new CertificateException("Unable to extract PSD2 mandates from extension value.");
}
final DLSequence it = ((DLSequence) qcStatementAsn1Primitive);
Set<CertInfo.PSD2> psd2Mandates = new HashSet<>();
for (ASN1Encodable asn1Primitive : it) {
if (asn1Primitive instanceof DLSequence) {
DLSequence sequence = (DLSequence) asn1Primitive;
if (sequence.size() == 2) {
ASN1ObjectIdentifier id = (ASN1ObjectIdentifier) sequence.getObjectAt(0);
DLSequence mandates = (DLSequence) sequence.getObjectAt(1);
if (psd2.equals(id.getId())) {
for (ASN1Encodable mandate : mandates) {
if (mandate instanceof DLSequence) {
for (ASN1Encodable seq : (DLSequence) mandate) {
DLSequence a = (DLSequence) seq;
final ASN1ObjectIdentifier identifier = (ASN1ObjectIdentifier) ((DLSequence) seq).getObjectAt(0);
if (psp_as.equals(identifier.getId())) {
psd2Mandates.add(CertInfo.PSD2.PSP_AS);
}
if (psp_ai.equals(identifier.getId())) {
psd2Mandates.add(CertInfo.PSD2.PSP_AI);
}
if (psp_pi.equals(identifier.getId())) {
psd2Mandates.add(CertInfo.PSD2.PSP_PI);
}
if (psp_ic.equals(identifier.getId())) {
psd2Mandates.add(CertInfo.PSD2.PSP_IC);
}
}
}
}
}
}
}
}
final List<AVA> avaList = ((X500Name) cert.getSubjectDN()).allAvas();
String country = null;
String serialNumber = null;
String commonName = null;
String psd2License = null;
String organization = null;
String street = null;
String city = null;
String zipCode = null;
String region = null;
String website = null;
for (AVA ava : avaList) {
final String oid = ava.getObjectIdentifier().toString();
final String val = ava.getValueString();
switch(oid) {
case "2.5.4.6":
{
// C=CZ => 2.5.4.6
country = val;
break;
}
case "2.5.4.3":
{
// CN=cnb.cz => 2.5.4.3
commonName = val;
website = "https://" + val;
break;
}
case "2.5.4.10":
{
// O=ČESKÁ NÁRODNÍ BANKA => 2.5.4.10
organization = val;
break;
}
case "2.5.4.9":
{
// STREET=Na příkopě 864/28 => 2.5.4.9
street = val;
break;
}
case "2.5.4.7":
{
// L=Praha 1 => 2.5.4.7
city = val;
break;
}
case "2.5.4.17":
{
// OID.2.5.4.17=11000 => 2.5.4.17
zipCode = val;
break;
}
case "2.5.4.5":
{
// SERIALNUMBER=48136450 => 2.5.4.5
serialNumber = val;
break;
}
case "2.5.4.8":
{
// ST=Hlavní město Praha => 2.5.4.8
region = val;
break;
}
case "2.5.4.97":
{
// OID.2.5.4.97=PSDCZ-CNB-48136450 => 2.5.4.97
psd2License = val;
break;
}
}
}
return new CertInfo(serialNumber, commonName, psd2License, organization, street, city, zipCode, region, country, website, psd2Mandates);
} catch (Throwable e) {
// catch all errors that can occur
throw new CertificateException("Unable to extract PSD2 mandates.");
}
}
use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testDecodeValidityMalformedNotBefore.
/**
* Tests the behavior when trying to decode a certificate with a validity
* sequence whose first element is neither a UTCTime nor a GeneralizedTime.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testDecodeValidityMalformedNotBefore() throws Exception {
final long notBefore = System.currentTimeMillis();
final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1OctetString("malformed notBefore"), new ASN1UTCTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]))), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
new X509Certificate(valueSequence.encode());
}
Aggregations