Search in sources :

Example 31 with ASN1Object

use of com.mindbright.asn1.ASN1Object in project xipki by xipki.

the class ProxyP11Slot method getCertificate.

private X509Cert getCertificate(P11ObjectIdentifier objectId) throws P11TokenException {
    ASN1Object req = new SlotIdAndObjectId(asn1SlotId, new ObjectIdentifier(objectId));
    byte[] resp = module.send(P11ProxyConstants.ACTION_GET_CERT, req);
    if (resp == null) {
        return null;
    }
    try {
        return X509Util.parseCert(resp);
    } catch (CertificateException ex) {
        throw new P11TokenException("could not parse certificate:" + ex.getMessage(), ex);
    }
}
Also used : CertificateException(java.security.cert.CertificateException) ASN1Object(org.bouncycastle.asn1.ASN1Object) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 32 with ASN1Object

use of com.mindbright.asn1.ASN1Object in project platform_frameworks_base by android.

the class ESTHandler method execute.

public void execute(boolean reenroll) throws IOException, GeneralSecurityException {
    URL caURL = new URL(mURL.getProtocol(), mURL.getHost(), mURL.getPort(), mURL.getFile() + CACERT_PATH);
    HTTPResponse response;
    try (HTTPHandler httpHandler = new HTTPHandler(StandardCharsets.ISO_8859_1, mSocketFactory, mUser, mPassword)) {
        response = httpHandler.doGetHTTP(caURL);
        if (!"application/pkcs7-mime".equals(response.getHeaders().get(HTTPMessage.ContentTypeHeader))) {
            throw new IOException("Unexpected Content-Type: " + response.getHeaders().get(HTTPMessage.ContentTypeHeader));
        }
        ByteBuffer octetBuffer = response.getBinaryPayload();
        Collection<Asn1Object> pkcs7Content1 = Asn1Decoder.decode(octetBuffer);
        for (Asn1Object asn1Object : pkcs7Content1) {
            Log.d(TAG, "---");
            Log.d(TAG, asn1Object.toString());
        }
        Log.d(TAG, CACERT_PATH);
        mCACerts.addAll(unpackPkcs7(octetBuffer));
        for (X509Certificate certificate : mCACerts) {
            Log.d(TAG, "CA-Cert: " + certificate.getSubjectX500Principal());
        }
        /*
            byte[] octets = new byte[octetBuffer.remaining()];
            octetBuffer.duplicate().get(octets);
            for (byte b : octets) {
                System.out.printf("%02x ", b & 0xff);
            }
            Log.d(TAG, );
            */
        /* + BC
            try {
                byte[] octets = new byte[octetBuffer.remaining()];
                octetBuffer.duplicate().get(octets);
                ASN1InputStream asnin = new ASN1InputStream(octets);
                for (int n = 0; n < 100; n++) {
                    ASN1Primitive object = asnin.readObject();
                    if (object == null) {
                        break;
                    }
                    parseObject(object, 0);
                }
            }
            catch (Throwable t) {
                t.printStackTrace();
            }

            Collection<Asn1Object> pkcs7Content = Asn1Decoder.decode(octetBuffer);
            for (Asn1Object asn1Object : pkcs7Content) {
                Log.d(TAG, asn1Object);
            }

            if (pkcs7Content.size() != 1) {
                throw new IOException("Unexpected pkcs 7 container: " + pkcs7Content.size());
            }

            Asn1Constructed pkcs7Root = (Asn1Constructed) pkcs7Content.iterator().next();
            Iterator<Asn1ID> certPath = Arrays.asList(Pkcs7CertPath).iterator();
            Asn1Object certObject = pkcs7Root.findObject(certPath);
            if (certObject == null || certPath.hasNext()) {
                throw new IOException("Failed to find cert; returned object " + certObject +
                        ", path " + (certPath.hasNext() ? "short" : "exhausted"));
            }

            ByteBuffer certOctets = certObject.getPayload();
            if (certOctets == null) {
                throw new IOException("No cert payload in: " + certObject);
            }

            byte[] certBytes = new byte[certOctets.remaining()];
            certOctets.get(certBytes);

            CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
            Certificate cert = certFactory.generateCertificate(new ByteArrayInputStream(certBytes));
            Log.d(TAG, "EST Cert: " + cert);
            */
        URL csrURL = new URL(mURL.getProtocol(), mURL.getHost(), mURL.getPort(), mURL.getFile() + CSR_PATH);
        response = httpHandler.doGetHTTP(csrURL);
        octetBuffer = response.getBinaryPayload();
        byte[] csrData = buildCSR(octetBuffer, mOMADMAdapter, httpHandler);
        /**/
        Collection<Asn1Object> o = Asn1Decoder.decode(ByteBuffer.wrap(csrData));
        Log.d(TAG, "CSR:");
        Log.d(TAG, o.iterator().next().toString());
        Log.d(TAG, "End CSR.");
        /**/
        URL enrollURL = new URL(mURL.getProtocol(), mURL.getHost(), mURL.getPort(), mURL.getFile() + (reenroll ? SIMPLE_REENROLL_PATH : SIMPLE_ENROLL_PATH));
        String data = Base64.encodeToString(csrData, Base64.DEFAULT);
        octetBuffer = httpHandler.exchangeBinary(enrollURL, data, "application/pkcs10");
        Collection<Asn1Object> pkcs7Content2 = Asn1Decoder.decode(octetBuffer);
        for (Asn1Object asn1Object : pkcs7Content2) {
            Log.d(TAG, "---");
            Log.d(TAG, asn1Object.toString());
        }
        mClientCerts.addAll(unpackPkcs7(octetBuffer));
        for (X509Certificate cert : mClientCerts) {
            Log.d(TAG, cert.toString());
        }
    }
}
Also used : HTTPHandler(com.android.hotspot2.osu.HTTPHandler) HTTPResponse(com.android.hotspot2.utils.HTTPResponse) IOException(java.io.IOException) DERBitString(com.android.org.bouncycastle.asn1.DERBitString) DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString) DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String) ByteBuffer(java.nio.ByteBuffer) URL(java.net.URL) X509Certificate(java.security.cert.X509Certificate) Asn1Object(com.android.hotspot2.asn1.Asn1Object)

Example 33 with ASN1Object

use of com.mindbright.asn1.ASN1Object in project platform_frameworks_base by android.

the class ESTHandler method unpackPkcs7.

private static List<X509Certificate> unpackPkcs7(ByteBuffer pkcs7) throws IOException, GeneralSecurityException {
    Collection<Asn1Object> pkcs7Content = Asn1Decoder.decode(pkcs7);
    if (pkcs7Content.size() != 1) {
        throw new IOException("Unexpected pkcs 7 container: " + pkcs7Content.size());
    }
    Asn1Object data = pkcs7Content.iterator().next();
    if (!data.isConstructed() || !data.matches(sSEQUENCE)) {
        throw new IOException("Expected SEQ OF, got " + data.toSimpleString());
    } else if (data.getChildren().size() != 2) {
        throw new IOException("Expected content info to have two children, got " + data.getChildren().size());
    }
    Iterator<Asn1Object> children = data.getChildren().iterator();
    Asn1Object contentType = children.next();
    if (!contentType.equals(Asn1Oid.PKCS7SignedData)) {
        throw new IOException("Content not PKCS7 signed data");
    }
    Asn1Object content = children.next();
    if (!content.isConstructed() || !content.matches(sCTXT0)) {
        throw new IOException("Expected [CONTEXT 0] with one child, got " + content.toSimpleString() + ", " + content.getChildren().size());
    }
    Asn1Object signedData = content.getChildren().iterator().next();
    Map<Integer, Asn1Object> itemMap = new HashMap<>();
    for (Asn1Object item : signedData.getChildren()) {
        if (itemMap.put(item.getTag(), item) != null && item.getTag() != Asn1Decoder.TAG_SET) {
            throw new IOException("Duplicate item in SignedData: " + item.toSimpleString());
        }
    }
    Asn1Object versionObject = itemMap.get(Asn1Decoder.TAG_INTEGER);
    if (versionObject == null || !(versionObject instanceof Asn1Integer)) {
        throw new IOException("Bad or missing PKCS7 version: " + versionObject);
    }
    int pkcs7version = (int) ((Asn1Integer) versionObject).getValue();
    Asn1Object innerContentInfo = itemMap.get(Asn1Decoder.TAG_SEQ);
    if (innerContentInfo == null || !innerContentInfo.isConstructed() || !innerContentInfo.matches(sSEQUENCE) || innerContentInfo.getChildren().size() != 1) {
        throw new IOException("Bad or missing PKCS7 contentInfo");
    }
    Asn1Object contentID = innerContentInfo.getChildren().iterator().next();
    if (pkcs7version == PKCS7DataVersion && !contentID.equals(Asn1Oid.PKCS7Data) || pkcs7version == PKCS7SignedDataVersion && !contentID.equals(Asn1Oid.PKCS7SignedData)) {
        throw new IOException("Inner PKCS7 content (" + contentID + ") not expected for version " + pkcs7version);
    }
    Asn1Object certWrapper = itemMap.get(0);
    if (certWrapper == null || !certWrapper.isConstructed() || !certWrapper.matches(sCTXT0)) {
        throw new IOException("Expected [CONTEXT 0], got: " + certWrapper);
    }
    List<X509Certificate> certList = new ArrayList<>(certWrapper.getChildren().size());
    CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
    for (Asn1Object certObject : certWrapper.getChildren()) {
        ByteBuffer certOctets = ((Asn1Constructed) certObject).getEncoding();
        if (certOctets == null) {
            throw new IOException("No cert payload in: " + certObject);
        }
        byte[] certBytes = new byte[certOctets.remaining()];
        certOctets.get(certBytes);
        certList.add((X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(certBytes)));
    }
    return certList;
}
Also used : Asn1Constructed(com.android.hotspot2.asn1.Asn1Constructed) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) IOException(java.io.IOException) CertificateFactory(java.security.cert.CertificateFactory) ByteBuffer(java.nio.ByteBuffer) X509Certificate(java.security.cert.X509Certificate) Asn1Object(com.android.hotspot2.asn1.Asn1Object) Asn1Integer(com.android.hotspot2.asn1.Asn1Integer) ByteArrayInputStream(java.io.ByteArrayInputStream) Asn1Integer(com.android.hotspot2.asn1.Asn1Integer)

Example 34 with ASN1Object

use of com.mindbright.asn1.ASN1Object in project platform_frameworks_base by android.

the class SPVerifier method getImageData.

private static List<LogoTypeImage> getImageData(Asn1Object logoExtension) throws IOException {
    Asn1Constructed logo = castObject(logoExtension, Asn1Constructed.class);
    Asn1Constructed communityLogo = castObject(logo.getChildren().iterator().next(), Asn1Constructed.class);
    if (communityLogo.getTag() != 0) {
        throw new IOException("Expected tag [0] for communityLogos");
    }
    List<LogoTypeImage> images = new ArrayList<>();
    Asn1Constructed communityLogoSeq = castObject(communityLogo.getChildren().iterator().next(), Asn1Constructed.class);
    for (Asn1Object logoTypeData : communityLogoSeq.getChildren()) {
        if (logoTypeData.getTag() != 0) {
            throw new IOException("Expected tag [0] for LogotypeData");
        }
        for (Asn1Object logoTypeImage : castObject(logoTypeData.getChildren().iterator().next(), Asn1Constructed.class).getChildren()) {
            // only read the image SEQUENCE and skip any audio [1] tags
            if (logoTypeImage.getAsn1Class() == Asn1Class.Universal) {
                images.add(new LogoTypeImage(castObject(logoTypeImage, Asn1Constructed.class)));
            }
        }
    }
    return images;
}
Also used : Asn1Constructed(com.android.hotspot2.asn1.Asn1Constructed) ArrayList(java.util.ArrayList) IOException(java.io.IOException) Asn1Object(com.android.hotspot2.asn1.Asn1Object)

Example 35 with ASN1Object

use of com.mindbright.asn1.ASN1Object in project platform_frameworks_base by android.

the class SPVerifier method checkName.

private void checkName(Asn1Constructed altName) throws IOException {
    Map<String, I18Name> friendlyNames = new HashMap<>();
    for (Asn1Object name : altName.getChildren()) {
        if (name.getAsn1Class() == Asn1Class.Context && name.getTag() == OtherName) {
            Asn1Constructed otherName = (Asn1Constructed) name;
            Iterator<Asn1Object> children = otherName.getChildren().iterator();
            if (children.hasNext()) {
                Asn1Object oidObject = children.next();
                if (OidMappings.sIdWfaHotspotFriendlyName.equals(oidObject) && children.hasNext()) {
                    Asn1Constructed value = castObject(children.next(), Asn1Constructed.class);
                    String text = castObject(value.getChildren().iterator().next(), Asn1String.class).getString();
                    I18Name friendlyName = new I18Name(text);
                    friendlyNames.put(friendlyName.getLanguage(), friendlyName);
                }
            }
        }
    }
    Log.d(OSUManager.TAG, "Friendly names: " + friendlyNames.values());
    for (I18Name osuName : mOSUInfo.getOSUProvider().getNames()) {
        I18Name friendlyName = friendlyNames.get(osuName.getLanguage());
        if (!osuName.equals(friendlyName)) {
            throw new IOException("Friendly name '" + osuName + " not in certificate");
        }
    }
}
Also used : Asn1Constructed(com.android.hotspot2.asn1.Asn1Constructed) HashMap(java.util.HashMap) I18Name(com.android.anqp.I18Name) Asn1String(com.android.hotspot2.asn1.Asn1String) Asn1String(com.android.hotspot2.asn1.Asn1String) IOException(java.io.IOException) Asn1Object(com.android.hotspot2.asn1.Asn1Object)

Aggregations

IOException (java.io.IOException)35 Asn1Object (com.android.hotspot2.asn1.Asn1Object)25 ASN1Object (org.bouncycastle.asn1.ASN1Object)20 ArrayList (java.util.ArrayList)16 Asn1Constructed (com.android.hotspot2.asn1.Asn1Constructed)15 HashMap (java.util.HashMap)15 Asn1Object (io.churchkey.asn1.Asn1Object)13 DerParser (io.churchkey.asn1.DerParser)12 X509Certificate (java.security.cert.X509Certificate)12 Asn1Integer (com.android.hotspot2.asn1.Asn1Integer)10 DERBitString (com.android.org.bouncycastle.asn1.DERBitString)10 DERIA5String (com.android.org.bouncycastle.asn1.DERIA5String)10 DERPrintableString (com.android.org.bouncycastle.asn1.DERPrintableString)10 ByteBuffer (java.nio.ByteBuffer)10 Key (io.churchkey.Key)8 ByteArrayInputStream (java.io.ByteArrayInputStream)7 I18Name (com.android.anqp.I18Name)5 Asn1Oid (com.android.hotspot2.asn1.Asn1Oid)5 Asn1String (com.android.hotspot2.asn1.Asn1String)5 OidMappings (com.android.hotspot2.asn1.OidMappings)5