Examples with ASN1Primitive - com.github.zhenwei.core.asn1.ASN1Primitive

Example 56 with ASN1Primitive

use of com.github.zhenwei.core.asn1.ASN1Primitive in project OpenPDF by LibrePDF.

the class PdfPublicKeySecurityHandler method getEncodedRecipient.

public byte[] getEncodedRecipient(int index) throws IOException, GeneralSecurityException {
    // Certificate certificate = recipient.getX509();
    PdfPublicKeyRecipient recipient = recipients.get(index);
    byte[] cms = recipient.getCms();
    if (cms != null)
        return cms;
    Certificate certificate = recipient.getCertificate();
    // PdfWriter.AllowCopy |
    int permission = recipient.getPermission();
    // PdfWriter.AllowPrinting |
    // PdfWriter.AllowScreenReaders |
    // PdfWriter.AllowAssembly;
    permission |= 0xfffff0c0;
    permission &= 0xfffffffc;
    permission += 1;
    byte[] pkcs7input = new byte[24];
    byte one = (byte) (permission);
    byte two = (byte) (permission >> 8);
    byte three = (byte) (permission >> 16);
    byte four = (byte) (permission >> 24);
    // put this seed in the pkcs7
    System.arraycopy(seed, 0, pkcs7input, 0, 20);
    // input
    pkcs7input[20] = four;
    pkcs7input[21] = three;
    pkcs7input[22] = two;
    pkcs7input[23] = one;
    ASN1Primitive obj = createDERForRecipient(pkcs7input, (X509Certificate) certificate);
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    final ASN1OutputStream derOutputStream = ASN1OutputStream.create(baos, ASN1Encoding.DER);
    derOutputStream.writeObject(obj);
    cms = baos.toByteArray();
    recipient.setCms(cms);
    return cms;
}

Also used : ByteArrayOutputStream(java.io.ByteArrayOutputStream) ASN1OutputStream(org.bouncycastle.asn1.ASN1OutputStream) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) X509Certificate(java.security.cert.X509Certificate) TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate) Certificate(java.security.cert.Certificate)

Example 57 with ASN1Primitive

use of com.github.zhenwei.core.asn1.ASN1Primitive in project ett by onc-healthit.

the class PartValidation method verifySignature.

/**
 * verify the signature (assuming the cert is contained in the message)
 */
@SuppressWarnings("rawtypes")
private void verifySignature(PartModel part, SMIMESigned s, String contentTypeMicalg) throws Exception {
    // DTS-164, SignedData exists for the message
    part.addNewDetailLine(signatureValidator.validateSignedData(s.getSignedContent()));
    // 
    // extract the information to verify the signatures.
    // 
    // 
    // certificates and crls passed in the signature
    // 
    Store certs = s.getCertificates();
    // 
    // SignerInfo blocks which contain the signatures
    // 
    SignerInformationStore signers = s.getSignerInfos();
    Collection c = signers.getSigners();
    Iterator it = c.iterator();
    String digestAlgOID = "";
    // DTS 167, SignedData.certificates must contain at least one certificate
    part.addNewDetailLine(signatureValidator.validateSignedDataAtLeastOneCertificate(c));
    // 
    while (it.hasNext()) {
        SignerInformation signer = (SignerInformation) it.next();
        // Get digest Algorihm OID
        digestAlgOID = signer.getDigestAlgOID();
        Collection certCollection = certs.getMatches(signer.getSID());
        Iterator certIt = certCollection.iterator();
        X509Certificate cert = null;
        try {
            cert = new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate((X509CertificateHolder) certIt.next());
        } catch (Exception e) {
            part.addNewDetailLine(new DetailModel("No DTS", "Certificate File", "Cannot extract the signing certificate", "", "-", Status.ERROR));
            throw e;
        }
        // DTS 158, Second MIME Part Body
        part.addNewDetailLine(directMessageValidator.validateSecondMIMEPartBody(""));
        // DTS 165, AlgorithmIdentifier.algorithm
        part.addNewDetailLine(new DetailModel("No DTS", "Encryption asymmetric algorithm", signer.getEncryptionAlgOID(), "AES 128 or AES 256 (or better)", "-", Status.INFO));
        part.addNewDetailLine(signatureValidator.validateDigestAlgorithmDirectMessage(digestAlgOID, contentTypeMicalg));
        // DTS 166, SignedData.encapContentInfo
        part.addNewDetailLine(signatureValidator.validateSignedDataEncapContentInfo(new String(cert.getSignature())));
        // DTS 222, tbsCertificate.signature.algorithm
        part.addNewDetailLine(signatureValidator.validateTbsCertificateSA(cert.getSigAlgName()));
        // needs signer.getDigestAlgorithmID(); and compare the two (needs to be the same)
        // DTS 225, tbsCertificate.subject
        part.addNewDetailLine(signatureValidator.validateTbsCertificateSubject(cert.getSubjectDN().toString()));
        // DTS 240, Extensions.subjectAltName
        // C-4 - cert/subjectAltName must contain either rfc822Name or dNSName extension
        // C-5 cert/subjectAltName/rfc822Name must be an email address - Conditional
        part.addNewDetailLine(signatureValidator.validateExtensionsSubjectAltName(cert.getSubjectAlternativeNames()));
        // C-2 - Key size <=2048
        // msgValidator.validateKeySize(er, new String(cert.getPublicKey()));
        // -------how to get other extension fields:
        // -------  cert.getExtensionValue("2.5.29.17")
        // verify that the sig is valid and that it was generated
        // when the certificate was current
        part.addNewDetailLine(signatureValidator.validateSignature(cert, signer, BouncyCastleProvider.PROVIDER_NAME));
        // verify and get the digests
        Attribute digAttr = signer.getSignedAttributes().get(CMSAttributes.messageDigest);
        ASN1Primitive hashObj = digAttr.getAttrValues().getObjectAt(0).toASN1Primitive();
        byte[] signedDigest = ((ASN1OctetString) hashObj).getOctets();
        String signedDigestHex = org.apache.commons.codec.binary.Hex.encodeHexString(signedDigest);
        String digestHex = "";
        try {
            signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(cert));
        } catch (Exception e) {
            logger.error("Signature failed to verify: " + e.getMessage());
        }
        // should have the computed digest now
        try {
            byte[] digest = signer.getContentDigest();
            digestHex = org.apache.commons.codec.binary.Hex.encodeHexString(digest);
        } catch (Exception e) {
            logger.error("Failed to get the computed digest: " + e.getMessage());
        }
        // System.out.println("\r\nComputed Message Digest: " + digestHex);
        part.addNewDetailLine(new DetailModel("No DTS", "Signature digest", "Signed Message Digest: " + signedDigestHex, "Computed Message Digest: " + digestHex, "-", Status.INFO));
    }
}

Also used : DetailModel(gov.nist.healthcare.ttt.model.logging.DetailModel) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) Attribute(org.bouncycastle.asn1.cms.Attribute) SignerInformationStore(org.bouncycastle.cms.SignerInformationStore) Store(org.bouncycastle.util.Store) SignerInformation(org.bouncycastle.cms.SignerInformation) JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) X509Certificate(java.security.cert.X509Certificate) MessagingException(javax.mail.MessagingException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) IOException(java.io.IOException) SignerInformationStore(org.bouncycastle.cms.SignerInformationStore) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) Iterator(java.util.Iterator) Collection(java.util.Collection) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)

Example 58 with ASN1Primitive

use of com.github.zhenwei.core.asn1.ASN1Primitive in project jmulticard by ctt-gob-es.

the class IETFUtils method canonicalize.

public static String canonicalize(String s) {
    if (s.length() > 0 && s.charAt(0) == '#') {
        ASN1Primitive obj = decodeObject(s);
        if (obj instanceof ASN1String) {
            s = ((ASN1String) obj).getString();
        }
    }
    s = Strings.toLowerCase(s);
    int length = s.length();
    if (length < 2) {
        return s;
    }
    int start = 0, last = length - 1;
    while (start < last && s.charAt(start) == '\\' && s.charAt(start + 1) == ' ') {
        start += 2;
    }
    int end = last, first = start + 1;
    while (end > first && s.charAt(end - 1) == '\\' && s.charAt(end) == ' ') {
        end -= 2;
    }
    if (start > 0 || end < last) {
        s = s.substring(start, end + 1);
    }
    return stripInternalSpaces(s);
}

Also used : ASN1String(org.bouncycastle.asn1.ASN1String) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)

Example 59 with ASN1Primitive

use of com.github.zhenwei.core.asn1.ASN1Primitive in project jmulticard by ctt-gob-es.

the class X509Name method equals.

/**
 * @param inOrder if true the order of both X509 names must be the same,
 * as well as the values associated with each element.
 */
public boolean equals(Object obj, boolean inOrder) {
    if (!inOrder) {
        return this.equals(obj);
    }
    if (obj == this) {
        return true;
    }
    if (!(obj instanceof X509Name || obj instanceof ASN1Sequence)) {
        return false;
    }
    ASN1Primitive derO = ((ASN1Encodable) obj).toASN1Primitive();
    if (this.toASN1Primitive().equals(derO)) {
        return true;
    }
    X509Name other;
    try {
        other = X509Name.getInstance(obj);
    } catch (IllegalArgumentException e) {
        return false;
    }
    int orderingSize = ordering.size();
    if (orderingSize != other.ordering.size()) {
        return false;
    }
    for (int i = 0; i < orderingSize; i++) {
        ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) ordering.elementAt(i);
        ASN1ObjectIdentifier oOid = (ASN1ObjectIdentifier) other.ordering.elementAt(i);
        if (oid.equals(oOid)) {
            String value = (String) values.elementAt(i);
            String oValue = (String) other.values.elementAt(i);
            if (!equivalentStrings(value, oValue)) {
                return false;
            }
        } else {
            return false;
        }
    }
    return true;
}

Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1UniversalString(org.bouncycastle.asn1.ASN1UniversalString) ASN1String(org.bouncycastle.asn1.ASN1String) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 60 with ASN1Primitive

use of com.github.zhenwei.core.asn1.ASN1Primitive in project jmulticard by ctt-gob-es.

the class X509Name method equals.

/**
 * test for equality - note: case is ignored.
 */
public boolean equals(Object obj) {
    if (obj == this) {
        return true;
    }
    if (!(obj instanceof X509Name || obj instanceof ASN1Sequence)) {
        return false;
    }
    ASN1Primitive derO = ((ASN1Encodable) obj).toASN1Primitive();
    if (this.toASN1Primitive().equals(derO)) {
        return true;
    }
    X509Name other;
    try {
        other = X509Name.getInstance(obj);
    } catch (IllegalArgumentException e) {
        return false;
    }
    int orderingSize = ordering.size();
    if (orderingSize != other.ordering.size()) {
        return false;
    }
    boolean[] indexes = new boolean[orderingSize];
    int start, end, delta;
    if (// guess forward
    ordering.elementAt(0).equals(other.ordering.elementAt(0))) {
        start = 0;
        end = orderingSize;
        delta = 1;
    } else // guess reversed - most common problem
    {
        start = orderingSize - 1;
        end = -1;
        delta = -1;
    }
    for (int i = start; i != end; i += delta) {
        boolean found = false;
        ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) ordering.elementAt(i);
        String value = (String) values.elementAt(i);
        for (int j = 0; j < orderingSize; j++) {
            if (indexes[j]) {
                continue;
            }
            ASN1ObjectIdentifier oOid = (ASN1ObjectIdentifier) other.ordering.elementAt(j);
            if (oid.equals(oOid)) {
                String oValue = (String) other.values.elementAt(j);
                if (equivalentStrings(value, oValue)) {
                    indexes[j] = true;
                    found = true;
                    break;
                }
            }
        }
        if (!found) {
            return false;
        }
    }
    return true;
}

Aggregations

ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)253 DERSequence (com.github.zhenwei.core.asn1.DERSequence)231 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)177 IOException (java.io.IOException)107 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)62 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)57 DERTaggedObject (com.github.zhenwei.core.asn1.DERTaggedObject)55 ASN1Integer (com.github.zhenwei.core.asn1.ASN1Integer)42 DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)38 ByteArrayInputStream (java.io.ByteArrayInputStream)38 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)32 ASN1Primitive (com.github.zhenwei.core.asn1.ASN1Primitive)31 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)31 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)30 DEROctetString (org.bouncycastle.asn1.DEROctetString)28 BigInteger (java.math.BigInteger)24 GeneralSecurityException (java.security.GeneralSecurityException)24 X509Certificate (java.security.cert.X509Certificate)24 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)23 DERIA5String (org.bouncycastle.asn1.DERIA5String)22