Examples with Sequence com.google.showcase.v1beta1.Sequence used on opensource projects

Search in sources :

Example 51 with Sequence

use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.

the class AuthenticatedSafes method getSafeContentsAt.

/**
 * Returns the SafeContents at the given index in the AuthenticatedSafes,
 * decrypting it if necessary.
 *
 * <p>The algorithm used to extract encrypted SafeContents does not
 *  conform to version 1.0 of the spec. Instead, it conforms to the
 *  draft 1.0 spec, because this is what Communicator and MSIE seem
 *  to conform to.  This looks like an implementation error that has
 *  become firmly entrenched to preserve interoperability. The draft
 *  spec dictates that the encrypted content in the EncryptedContentInfo
 *  is the DER encoding of a SafeContents.  This is simple enough.  The
 *  1.0 final spec says that the SafeContents is wrapped in a ContentInfo,
 *  then the ContentInfo is BER encoded, then the value octets (not the
 *  tag or length) are encrypted. No wonder people stayed with the old way.
 *
 * @param password The password to use to decrypt the SafeContents if
 *  it is encrypted.  If the SafeContents is known to not be encrypted,
 *  this parameter can be null. If the password is incorrect, the
 *  decoding will fail somehow, probably with an InvalidBERException,
 *  BadPaddingException, or IllegalBlockSizeException.
 * @param index The index of the SafeContents to extract.
 * @return A SafeContents object, which is merely a
 *      SEQUENCE of SafeBags.
 * @exception IllegalArgumentException If no password was provided,
 *      but the SafeContents is encrypted.
 */
public SEQUENCE getSafeContentsAt(Password password, int index) throws IllegalStateException, NotInitializedException, NoSuchAlgorithmException, InvalidBERException, IOException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, IllegalBlockSizeException, BadPaddingException {
    ContentInfo ci = (ContentInfo) sequence.elementAt(index);
    if (ci.getContentType().equals(ContentInfo.ENCRYPTED_DATA)) {
        if (password == null) {
            // can't decrypt if we don't have a password
            throw new IllegalStateException("No password to decode " + "encrypted SafeContents");
        }
        EncryptedContentInfo encCI = ((EncryptedData) ci.getInterpretedContent()).getEncryptedContentInfo();
        // this should be a BER-encoded SafeContents
        byte[] decrypted = encCI.decrypt(password, new PasswordConverter());
        try {
            SEQUENCE.OF_Template seqt = new SEQUENCE.OF_Template(SafeBag.getTemplate());
            return (SEQUENCE) ASN1Util.decode(seqt, decrypted);
        } catch (InvalidBERException e) {
            if (ACCEPT_SECURITY_DYNAMICS) {
                // try the security dynamics approach
                ContentInfo.Template cit = ContentInfo.getTemplate();
                ci = (ContentInfo) ASN1Util.decode(cit, decrypted);
                if (!ci.getContentType().equals(ContentInfo.DATA)) {
                    throw new InvalidBERException("");
                }
                OCTET_STRING os = (OCTET_STRING) ci.getInterpretedContent();
                SEQUENCE.OF_Template seqt = new SEQUENCE.OF_Template(SafeBag.getTemplate());
                return (SEQUENCE) ASN1Util.decode(seqt, os.toByteArray());
            } else {
                throw e;
            }
        }
    } else if (ci.getContentType().equals(ContentInfo.DATA)) {
        // This SafeContents is not encrypted
        SEQUENCE.OF_Template seqt = new SEQUENCE.OF_Template(SafeBag.getTemplate());
        return (SEQUENCE) ASN1Util.decode(seqt, ((OCTET_STRING) ci.getInterpretedContent()).toByteArray());
    } else {
        throw new InvalidBERException("AuthenticatedSafes element is" + " neither a Data or an EncryptedData");
    }
}
Also used : InvalidBERException(org.mozilla.jss.asn1.InvalidBERException) OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING) ContentInfo(org.mozilla.jss.pkcs7.ContentInfo) EncryptedContentInfo(org.mozilla.jss.pkcs7.EncryptedContentInfo) SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) EncryptedData(org.mozilla.jss.pkcs7.EncryptedData) EncryptedContentInfo(org.mozilla.jss.pkcs7.EncryptedContentInfo) ASN1Template(org.mozilla.jss.asn1.ASN1Template)

Example 52 with Sequence

use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.

the class SSLClientAuth method generateCerts.

private void generateCerts(CryptoManager cm, int serialNum) {
    // RSA Key with default exponent
    int keyLength = 4096;
    try {
        java.security.KeyPairGenerator kpg = java.security.KeyPairGenerator.getInstance("RSA", "Mozilla-JSS");
        kpg.initialize(keyLength);
        KeyPair caPair = kpg.genKeyPair();
        // Generate CA cert
        SEQUENCE extensions = new SEQUENCE();
        extensions.addElement(makeBasicConstraintsExtension());
        Certificate caCert = makeCert("CACert", "CACert", serialNum, caPair.getPrivate(), caPair.getPublic(), serialNum, extensions);
        X509Certificate nssCaCert = cm.importUserCACertPackage(ASN1Util.encode(caCert), "SSLCA-" + serialNum);
        InternalCertificate intern = (InternalCertificate) nssCaCert;
        intern.setSSLTrust(PK11Cert.TRUSTED_CA | PK11Cert.TRUSTED_CLIENT_CA | PK11Cert.VALID_CA);
        // generate server cert
        kpg.initialize(keyLength);
        KeyPair serverPair = kpg.genKeyPair();
        Certificate serverCert = makeCert("CACert", "localhost", serialNum + 1, caPair.getPrivate(), serverPair.getPublic(), serialNum, null);
        nssServerCert = cm.importCertPackage(ASN1Util.encode(serverCert), serverCertNick);
        // generate client auth cert
        kpg.initialize(keyLength);
        KeyPair clientPair = kpg.genKeyPair();
        Certificate clientCert = makeCert("CACert", "ClientCert", serialNum + 2, caPair.getPrivate(), clientPair.getPublic(), serialNum, null);
        nssClientCert = cm.importCertPackage(ASN1Util.encode(clientCert), clientCertNick);
    } catch (CertificateEncodingException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (NoSuchAlgorithmException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (NoSuchProviderException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (NicknameConflictException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (UserCertConflictException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (TokenException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (NoSuchItemOnTokenException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (Exception ex) {
        ex.printStackTrace();
        System.exit(1);
    }
}
Also used : UserCertConflictException(org.mozilla.jss.UserCertConflictException) KeyPair(java.security.KeyPair) NicknameConflictException(org.mozilla.jss.NicknameConflictException) NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException) CertificateEncodingException(java.security.cert.CertificateEncodingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) X509Certificate(org.mozilla.jss.crypto.X509Certificate) NicknameConflictException(org.mozilla.jss.NicknameConflictException) SocketException(java.net.SocketException) NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException) ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException) EOFException(java.io.EOFException) UserCertConflictException(org.mozilla.jss.UserCertConflictException) TokenException(org.mozilla.jss.crypto.TokenException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) NoSuchProviderException(java.security.NoSuchProviderException) CertificateEncodingException(java.security.cert.CertificateEncodingException) InternalCertificate(org.mozilla.jss.crypto.InternalCertificate) SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException) TokenException(org.mozilla.jss.crypto.TokenException) NoSuchProviderException(java.security.NoSuchProviderException) InternalCertificate(org.mozilla.jss.crypto.InternalCertificate) Certificate(org.mozilla.jss.pkix.cert.Certificate) X509Certificate(org.mozilla.jss.crypto.X509Certificate)

Example 53 with Sequence

use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.

the class ListCerts method main.

public static void main(String[] args) {
    try {
        if (args.length != 2) {
            System.out.println("Usage: ListCerts <dbdir> <nickname>");
            return;
        }
        String nickname = args[1];
        CryptoManager cm = CryptoManager.getInstance();
        X509Certificate[] certs = cm.findCertsByNickname(nickname);
        System.out.println(certs.length + " certs found with this nickname.");
        for (int i = 0; i < certs.length; i++) {
            System.out.println("\nSubject: " + certs[i].getSubjectDN());
            Certificate cert = (Certificate) ASN1Util.decode(Certificate.getTemplate(), certs[i].getEncoded());
            CertificateInfo info = cert.getInfo();
            OBJECT_IDENTIFIER sigalg = info.getSignatureAlgId().getOID();
            System.out.println("Signature oid " + info.getSignatureAlgId().getOID());
            SEQUENCE extensions = info.getExtensions();
            for (int j = 0; j < extensions.size(); j++) {
                Extension ext = (Extension) extensions.elementAt(i);
                OBJECT_IDENTIFIER oid = ext.getExtnId();
                OCTET_STRING value = ext.getExtnValue();
                System.out.println("Extension " + oid.toString());
                if (ext.getCritical()) {
                    System.out.println("Critical extension: " + oid.toString());
                } else {
                    System.out.println("NON Critical extension: " + oid.toString());
                }
            }
            System.out.println("Convert to JDK cert");
            // Convert to JDK certificate
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            ByteArrayInputStream bais = new ByteArrayInputStream(certs[i].getEncoded());
            java.security.cert.X509Certificate jdkCert = (java.security.cert.X509Certificate) cf.generateCertificate(bais);
            bais.close();
            System.out.println("Subject " + jdkCert.getSubjectX500Principal());
            System.out.println("Signature oid " + jdkCert.getSigAlgName());
            /* non critical extensions */
            Set<String> nonCritSet = jdkCert.getNonCriticalExtensionOIDs();
            if (nonCritSet != null && !nonCritSet.isEmpty()) {
                for (Iterator<String> j = nonCritSet.iterator(); j.hasNext(); ) {
                    String oid = j.next();
                    System.out.println(oid);
                }
            } else {
                System.out.println("no NON Critical Extensions");
            }
            /* critical extensions */
            Set<String> critSet = jdkCert.getCriticalExtensionOIDs();
            if (critSet != null && !critSet.isEmpty()) {
                System.out.println("Set of critical extensions:");
                for (Iterator<String> j = critSet.iterator(); j.hasNext(); ) {
                    String oid = j.next();
                    System.out.println(oid);
                }
            } else {
                System.out.println("no Critical Extensions");
            }
        }
        System.out.println("END");
    } catch (Exception e) {
        e.printStackTrace();
        System.exit(1);
    }
    System.exit(0);
}
Also used : OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER) CryptoManager(org.mozilla.jss.CryptoManager) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(org.mozilla.jss.crypto.X509Certificate) Extension(org.mozilla.jss.pkix.cert.Extension) OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING) ByteArrayInputStream(java.io.ByteArrayInputStream) SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) CertificateInfo(org.mozilla.jss.pkix.cert.CertificateInfo) Certificate(org.mozilla.jss.pkix.cert.Certificate) X509Certificate(org.mozilla.jss.crypto.X509Certificate)

Example 54 with Sequence

use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.

the class IssuingDistributionPoint method main.

public static void main(String[] args) {
    BufferedOutputStream bos = null;
    try {
        if (args.length != 1) {
            System.out.println("Usage: IssuingDistributionPoint <outfile>");
            System.exit(-1);
        }
        bos = new BufferedOutputStream(new FileOutputStream(args[0]));
        SEQUENCE idps = new SEQUENCE();
        IssuingDistributionPoint idp = new IssuingDistributionPoint();
        X500Name dn = new X500Name("CN=Skovw Wjasldk,E=nicolson@netscape.com" + ",OU=Certificate Server,O=Netscape,C=US");
        GeneralNames generalNames = new GeneralNames();
        generalNames.addElement(dn);
        idp.setFullName(generalNames);
        idps.addElement(idp);
        idp = new IssuingDistributionPoint();
        URIName uri = new URIName("http://www.mycrl.com/go/here");
        generalNames = new GeneralNames();
        generalNames.addElement(uri);
        idp.setFullName(generalNames);
        idp.setOnlyContainsUserCerts(true);
        idp.setOnlyContainsCACerts(true);
        idp.setIndirectCRL(true);
        BitArray ba = new BitArray(5, new byte[] { (byte) 0x28 });
        idp.setOnlySomeReasons(ba);
        idps.addElement(idp);
        idps.encode(bos);
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        if (bos != null) {
            try {
                bos.close();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }
}
Also used : FileOutputStream(java.io.FileOutputStream) SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) BitArray(org.mozilla.jss.netscape.security.util.BitArray) IOException(java.io.IOException) BufferedOutputStream(java.io.BufferedOutputStream) InvalidBERException(org.mozilla.jss.asn1.InvalidBERException) IOException(java.io.IOException)

Example 55 with Sequence

use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.

the class IssuingDistributionPoint method encode.

@Override
public void encode(Tag implicitTag, OutputStream ostream) throws IOException {
    SEQUENCE seq = new SEQUENCE();
    DerOutputStream derOut;
    try {
        // is a CHOICE, the [0] tag is forced to be EXPLICIT.
        if (fullName != null) {
            EXPLICIT distPoint = new EXPLICIT(Tag.get(0), fullNameEncoding);
            seq.addElement(distPoint);
        } else if (relativeName != null) {
            derOut = new DerOutputStream();
            relativeName.encode(derOut);
            ANY raw = new ANY(derOut.toByteArray());
            ByteArrayOutputStream bos = new ByteArrayOutputStream();
            raw.encodeWithAlternateTag(Tag.get(1), bos);
            ANY distPointName = new ANY(bos.toByteArray());
            EXPLICIT distPoint = new EXPLICIT(Tag.get(0), distPointName);
            seq.addElement(distPoint);
        }
        if (onlyContainsUserCerts != false) {
            seq.addElement(Tag.get(1), new BOOLEAN(true));
        }
        if (onlyContainsCACerts != false) {
            seq.addElement(Tag.get(2), new BOOLEAN(true));
        }
        // Encodes the ReasonFlags.
        if (onlySomeReasons != null) {
            derOut = new DerOutputStream();
            derOut.putUnalignedBitString(onlySomeReasons);
            ANY raw = new ANY(derOut.toByteArray());
            ByteArrayOutputStream bos = new ByteArrayOutputStream();
            raw.encodeWithAlternateTag(Tag.get(3), bos);
            ANY reasonEncoding = new ANY(bos.toByteArray());
            seq.addElement(reasonEncoding);
        }
        if (indirectCRL != false) {
            seq.addElement(Tag.get(4), new BOOLEAN(true));
        }
        seq.encode(implicitTag, ostream);
    } catch (InvalidBERException e) {
        // the Sun encoding classes
        throw new IOException(e.toString());
    }
}
Also used : InvalidBERException(org.mozilla.jss.asn1.InvalidBERException) DerOutputStream(org.mozilla.jss.netscape.security.util.DerOutputStream) SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) ANY(org.mozilla.jss.asn1.ANY) EXPLICIT(org.mozilla.jss.asn1.EXPLICIT) BOOLEAN(org.mozilla.jss.asn1.BOOLEAN)

Aggregations

SEQUENCE (org.mozilla.jss.asn1.SEQUENCE)50 OCTET_STRING (org.mozilla.jss.asn1.OCTET_STRING)16 Sequence (org.sbolstandard.core2.Sequence)11 SET (org.mozilla.jss.asn1.SET)9 ANY (org.mozilla.jss.asn1.ANY)8 InvalidBERException (org.mozilla.jss.asn1.InvalidBERException)8 OBJECT_IDENTIFIER (org.mozilla.jss.asn1.OBJECT_IDENTIFIER)8 URI (java.net.URI)7 BMPString (org.mozilla.jss.asn1.BMPString)7 CryptoToken (org.mozilla.jss.crypto.CryptoToken)7 ASN1Value (org.mozilla.jss.asn1.ASN1Value)6 INTEGER (org.mozilla.jss.asn1.INTEGER)6 AuthenticatedSafes (org.mozilla.jss.pkcs12.AuthenticatedSafes)6 FileOutputStream (java.io.FileOutputStream)5 IOException (java.io.IOException)5 SignatureException (java.security.SignatureException)5 EXPLICIT (org.mozilla.jss.asn1.EXPLICIT)5 SafeBag (org.mozilla.jss.pkcs12.SafeBag)5 Certificate (org.mozilla.jss.pkix.cert.Certificate)5 ComponentDefinition (org.sbolstandard.core2.ComponentDefinition)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial