Examples with ASN1Primitive com.github.zhenwei.core.asn1.ASN1Primitive used on opensource projects

Example 16 with ASN1Primitive

use of com.github.zhenwei.core.asn1.ASN1Primitive in project documentproduction by qld-gov-au.

the class CertificateVerifier method downloadExtraCertificates.

/**
 * Download extra certificates from the URI mentioned in id-ad-caIssuers in the "authority
 * information access" extension. The method is lenient, i.e. catches all exceptions.
 *
 * @param ext an X509 object that can have extensions.
 *
 * @return a certificate set, never null.
 * @throws ExecutionException
 */
public static Set<X509Certificate> downloadExtraCertificates(X509Extension ext) throws ExecutionException {
    // https://tools.ietf.org/html/rfc2459#section-4.2.2.1
    // https://tools.ietf.org/html/rfc3280#section-4.2.2.1
    // https://tools.ietf.org/html/rfc4325
    Set<X509Certificate> resultSet = new HashSet<X509Certificate>();
    byte[] authorityExtensionValue = ext.getExtensionValue(Extension.authorityInfoAccess.getId());
    if (authorityExtensionValue == null) {
        return resultSet;
    }
    ASN1Primitive asn1Prim;
    try {
        asn1Prim = JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue);
    } catch (IOException ex) {
        LOG.warn(ex.getMessage(), ex);
        return resultSet;
    }
    if (!(asn1Prim instanceof ASN1Sequence)) {
        LOG.warn("ASN1Sequence expected, got " + asn1Prim.getClass().getSimpleName());
        return resultSet;
    }
    ASN1Sequence asn1Seq = (ASN1Sequence) asn1Prim;
    Enumeration<?> objects = asn1Seq.getObjects();
    while (objects.hasMoreElements()) {
        // AccessDescription
        ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
        ASN1Encodable oid = obj.getObjectAt(0);
        if (!X509ObjectIdentifiers.id_ad_caIssuers.equals(oid)) {
            continue;
        }
        ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
        ASN1OctetString uri = (ASN1OctetString) location.getObject();
        String urlString = new String(uri.getOctets());
        LOG.info("CA issuers URL: " + urlString);
        Collection<? extends Certificate> altCerts = ISSUER_CERTS.get(urlString);
        for (Certificate altCert : altCerts) {
            resultSet.add((X509Certificate) altCert);
        }
        LOG.info("CA issuers URL: " + altCerts.size() + " certificate(s) downloaded");
    }
    LOG.info("CA issuers: Downloaded " + resultSet.size() + " certificate(s) total");
    return resultSet;
}

Example 17 with ASN1Primitive

use of com.github.zhenwei.core.asn1.ASN1Primitive in project documentproduction by qld-gov-au.

the class CRLVerifier method getCrlDistributionPoints.

/**
 * Extracts all CRL distribution point URLs from the "CRL Distribution
 * Point" extension in a X.509 certificate. If CRL distribution point
 * extension is unavailable, returns an empty list.
 * @param cert
 * @return List of CRL distribution point URLs.
 * @throws java.io.IOException
 */
public static List<String> getCrlDistributionPoints(X509Certificate cert) throws IOException {
    byte[] crldpExt = cert.getExtensionValue(Extension.cRLDistributionPoints.getId());
    if (crldpExt == null) {
        return new ArrayList<String>();
    }
    ASN1InputStream oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(crldpExt));
    ASN1Primitive derObjCrlDP = oAsnInStream.readObject();
    ASN1OctetString dosCrlDP = (ASN1OctetString) derObjCrlDP;
    byte[] crldpExtOctets = dosCrlDP.getOctets();
    ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets));
    ASN1Primitive derObj2 = oAsnInStream2.readObject();
    CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2);
    List<String> crlUrls = new ArrayList<String>();
    for (DistributionPoint dp : distPoint.getDistributionPoints()) {
        DistributionPointName dpn = dp.getDistributionPoint();
        // Look for URIs in fullName
        if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) {
            // Look for an URI
            for (GeneralName genName : GeneralNames.getInstance(dpn.getName()).getNames()) {
                if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) {
                    String url = DERIA5String.getInstance(genName.getName()).getString();
                    crlUrls.add(url);
                }
            }
        }
    }
    return crlUrls;
}

Example 18 with ASN1Primitive

use of com.github.zhenwei.core.asn1.ASN1Primitive in project PdfBox-Android by TomRoush.

the class PublicKeySecurityHandler method createDERForRecipient.

private ASN1Primitive createDERForRecipient(byte[] in, X509Certificate cert) throws IOException, GeneralSecurityException {
    String algorithm = PKCSObjectIdentifiers.RC2_CBC.getId();
    AlgorithmParameterGenerator apg;
    KeyGenerator keygen;
    Cipher cipher;
    try {
        apg = AlgorithmParameterGenerator.getInstance(algorithm, SecurityProvider.getProvider());
        keygen = KeyGenerator.getInstance(algorithm, SecurityProvider.getProvider());
        cipher = Cipher.getInstance(algorithm, SecurityProvider.getProvider());
    } catch (NoSuchAlgorithmException e) {
        // happens when using the command line app .jar file
        throw new IOException("Could not find a suitable javax.crypto provider for algorithm " + algorithm + "; possible reason: using an unsigned .jar file", e);
    } catch (NoSuchPaddingException e) {
        // should never happen, if this happens throw IOException instead
        throw new RuntimeException("Could not find a suitable javax.crypto provider", e);
    }
    AlgorithmParameters parameters = apg.generateParameters();
    ASN1InputStream input = new ASN1InputStream(parameters.getEncoded("ASN.1"));
    ASN1Primitive object = input.readObject();
    input.close();
    keygen.init(128);
    SecretKey secretkey = keygen.generateKey();
    cipher.init(1, secretkey, parameters);
    byte[] bytes = cipher.doFinal(in);
    KeyTransRecipientInfo recipientInfo = computeRecipientInfo(cert, secretkey.getEncoded());
    DERSet set = new DERSet(new RecipientInfo(recipientInfo));
    AlgorithmIdentifier algorithmId = new AlgorithmIdentifier(new ASN1ObjectIdentifier(algorithm), object);
    EncryptedContentInfo encryptedInfo = new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmId, new DEROctetString(bytes));
    EnvelopedData enveloped = new EnvelopedData(null, set, encryptedInfo, (ASN1Set) null);
    ContentInfo contentInfo = new ContentInfo(PKCSObjectIdentifiers.envelopedData, enveloped);
    return contentInfo.toASN1Primitive();
}

Example 19 with ASN1Primitive

use of com.github.zhenwei.core.asn1.ASN1Primitive in project aws-greengrass-nucleus by aws-greengrass.

the class EncryptionUtilsTest method generatePkCS1PrivateKeyFile.

public static Path generatePkCS1PrivateKeyFile(int keySize, Path filepath) throws Exception {
    KeyPair pair = generateRSAKeyPair(keySize);
    byte[] privateKey = pair.getPrivate().getEncoded();
    PrivateKeyInfo keyInfo = PrivateKeyInfo.getInstance(privateKey);
    ASN1Encodable encodable = keyInfo.parsePrivateKey();
    ASN1Primitive primitive = encodable.toASN1Primitive();
    privateKey = primitive.getEncoded();
    writePemFile("RSA PRIVATE KEY", privateKey, filepath);
    return filepath;
}

Example 20 with ASN1Primitive

use of com.github.zhenwei.core.asn1.ASN1Primitive in project staplr by pridiltal.

the class PdfPKCS7 method getIssuer.

/**
 * Get the "issuer" from the TBSCertificate bytes that are passed in
 * @param enc a TBSCertificate in a byte array
 * @return a ASN1Primitive
 */
private static ASN1Primitive getIssuer(byte[] enc) {
    try {
        ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc));
        ASN1Sequence seq = (ASN1Sequence) in.readObject();
        return (ASN1Primitive) seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2);
    } catch (IOException e) {
        throw new ExceptionConverter(e);
    }
}