use of com.mindbright.asn1.ASN1Object in project OpenUnison by TremoloSecurity.
the class X509ExtensionParsingUtil method extractExtensionValue.
/**
* Extract a {@link ASN1OctetString} that represents the value of a given extension
*
* @param cert is X509 certificate out of which an extension should be extracted
* @param Oid is the Object IDentifier for the extension
* @return a {@link ASN1OctetString} that represents an extension or {@code null} if no such
* extension is found.
* @throws CertificateParsingException if a parsing error occurs
*/
public static ASN1OctetString extractExtensionValue(X509Certificate cert, String Oid) throws CertificateParsingException {
byte[] extensionValue = cert.getExtensionValue(Oid);
if (extensionValue == null || extensionValue.length == 0) {
// Did not find extension
return null;
}
ASN1Object asn1Object = getAsn1Object(extensionValue);
if (asn1Object == null || !(asn1Object instanceof ASN1OctetString)) {
throw new CertificateParsingException("Expected ASN1OctetString.");
}
return (ASN1OctetString) asn1Object;
}
use of com.mindbright.asn1.ASN1Object in project OpenUnison by TremoloSecurity.
the class U2fAttestation method Parse.
/**
* Parses a transport extension from an attestation certificate and returns
* a List of HardwareFeatures supported by the security key. The specification of
* the HardwareFeatures in the certificate should match their internal definition in
* device_auth.proto
*
* <p>The expected transport extension value is a BIT STRING containing the enabled
* transports:
*
* <p>FIDOU2FTransports ::= BIT STRING {
* bluetoothRadio(0), -- Bluetooth Classic
* bluetoothLowEnergyRadio(1),
* uSB(2),
* nFC(3)
* }
*
* <p>Note that the BIT STRING must be wrapped in an OCTET STRING.
* An extension that encodes BT, BLE, and NFC then looks as follows:
*
* <p>SEQUENCE (2 elem)
* OBJECT IDENTIFIER 1.3.6.1.4.1.45724.2.1.1
* OCTET STRING (1 elem)
* BIT STRING (4 bits) 1101
*
* @param cert the certificate to parse for extension
* @return the supported transports as a List of HardwareFeatures or null if no extension
* was found
* @throws CertificateParsingException
*/
public static U2fAttestation Parse(X509Certificate cert) throws CertificateParsingException {
ASN1OctetString extValue = X509ExtensionParsingUtil.extractExtensionValue(cert, TRANSPORT_EXTENSION_OID);
if (extValue == null) {
// No Transport extension was found
return new U2fAttestation(null);
}
// Read out the BitString
ASN1Object asn1Object = X509ExtensionParsingUtil.getAsn1Object(extValue.getOctets());
if (asn1Object == null || !(asn1Object instanceof DERBitString)) {
throw new CertificateParsingException("No BitString found in transports extension");
}
DERBitString bitString = (DERBitString) asn1Object;
byte[] values = bitString.getBytes();
BitSet bitSet = BitSet.valueOf(values);
// We might have more defined transports than used by the extension
List<Transports> transports = new ArrayList<Transports>();
for (int i = 0; i < BITS_IN_A_BYTE; i++) {
if (bitSet.get(BITS_IN_A_BYTE - i - 1)) {
transports.add(Transports.values()[i]);
}
}
return new U2fAttestation(transports);
}
use of com.mindbright.asn1.ASN1Object in project laverca by laverca.
the class Pkcs7 method bytesToPkcs7SignedData.
/**
* Convert a byte array to a PKCS7 SignedData object
* @param bytes byte array
* @return PKCS7 SignedData object
*/
public static SignedData bytesToPkcs7SignedData(byte[] bytes) {
if (bytes == null) {
throw new IllegalArgumentException("null bytes");
}
ASN1InputStream ais = new ASN1InputStream(bytes);
ASN1Object asn1 = null;
try {
asn1 = ais.readObject();
} catch (IOException ioe) {
throw new IllegalArgumentException("not a pkcs7 signature");
} finally {
try {
ais.close();
} catch (IOException e) {
// Ignore
}
}
ContentInfo ci = ContentInfo.getInstance(asn1);
ASN1ObjectIdentifier typeId = ci.getContentType();
if (!typeId.equals(PKCSObjectIdentifiers.signedData)) {
throw new IllegalArgumentException("not a pkcs7 signature");
}
return SignedData.getInstance(ci.getContent());
}
use of com.mindbright.asn1.ASN1Object in project SpringRemote by HaleyWang.
the class X509Certificate method getExtensions.
public String getExtensions() {
StringBuilder sb = new StringBuilder();
try {
Extensions es = certificate.tbsCertificate.extensions;
for (int i = 0; i < es.getCount(); i++) {
Extension e = (Extension) es.getComponent(i);
String oid = e.extnID.getString();
String crit = e.critical.getValue() ? "yes" : "no ";
String val = null;
ASN1Object o;
try {
o = getExtensionWithOID(oid, ASN1OIDRegistry.lookupType(oid));
if (o != null)
val = o.toString();
if (val != null && val.indexOf(':') == -1)
val = ASN1OIDRegistry.lookupName(oid) + ": " + val;
} catch (Throwable tt) {
}
if (val == null) {
try {
// Oh well... let's try with a generic string
o = getExtensionWithOID(oid, ASN1IA5String.class);
if (o != null)
val = o.toString();
if (val != null && val.indexOf(':') == -1)
val = ASN1OIDRegistry.lookupName(oid) + ": " + val;
} catch (Throwable tt) {
}
}
if (val == null) {
val = ASN1OIDRegistry.lookupName(oid);
if (val == null)
val = oid;
val += ": ...";
}
sb.append(" critical: ").append(crit).append(" ").append(val).append("\n");
}
} catch (Throwable t) {
}
return sb.toString();
}
use of com.mindbright.asn1.ASN1Object in project pdf-sign-check by spapas.
the class SigUtils method extractTimeStampTokenFromSignerInformation.
public static TimeStampToken extractTimeStampTokenFromSignerInformation(SignerInformation signerInformation) throws CMSException, IOException, TSPException {
if (signerInformation.getUnsignedAttributes() == null) {
return null;
}
AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes();
// https://stackoverflow.com/questions/1647759/how-to-validate-if-a-signed-jar-contains-a-timestamp
Attribute attribute = unsignedAttributes.get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken);
if (attribute == null) {
return null;
}
ASN1Object obj = (ASN1Object) attribute.getAttrValues().getObjectAt(0);
CMSSignedData signedTSTData = new CMSSignedData(obj.getEncoded());
return new TimeStampToken(signedTSTData);
}
Aggregations