Example 31 with ASN1Object
use of com.mindbright.asn1.ASN1Object in project xipki by xipki.
the class ProxyP11Slot method getCertificate.
private X509Cert getCertificate(P11ObjectIdentifier objectId) throws P11TokenException {
ASN1Object req = new SlotIdAndObjectId(asn1SlotId, new ObjectIdentifier(objectId));
byte[] resp = module.send(P11ProxyConstants.ACTION_GET_CERT, req);
if (resp == null) {
return null;
}
try {
return X509Util.parseCert(resp);
} catch (CertificateException ex) {
throw new P11TokenException("could not parse certificate:" + ex.getMessage(), ex);
}
}
Also used :
CertificateException(java.security.cert.CertificateException)
ASN1Object(org.bouncycastle.asn1.ASN1Object)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 32 with ASN1Object
use of com.mindbright.asn1.ASN1Object in project platform_frameworks_base by android.
the class ESTHandler method execute.
public void execute(boolean reenroll) throws IOException, GeneralSecurityException {
URL caURL = new URL(mURL.getProtocol(), mURL.getHost(), mURL.getPort(), mURL.getFile() + CACERT_PATH);
HTTPResponse response;
try (HTTPHandler httpHandler = new HTTPHandler(StandardCharsets.ISO_8859_1, mSocketFactory, mUser, mPassword)) {
response = httpHandler.doGetHTTP(caURL);
if (!"application/pkcs7-mime".equals(response.getHeaders().get(HTTPMessage.ContentTypeHeader))) {
throw new IOException("Unexpected Content-Type: " + response.getHeaders().get(HTTPMessage.ContentTypeHeader));
}
ByteBuffer octetBuffer = response.getBinaryPayload();
Collection<Asn1Object> pkcs7Content1 = Asn1Decoder.decode(octetBuffer);
for (Asn1Object asn1Object : pkcs7Content1) {
Log.d(TAG, "---");
Log.d(TAG, asn1Object.toString());
}
Log.d(TAG, CACERT_PATH);
mCACerts.addAll(unpackPkcs7(octetBuffer));
for (X509Certificate certificate : mCACerts) {
Log.d(TAG, "CA-Cert: " + certificate.getSubjectX500Principal());
}
/*
byte[] octets = new byte[octetBuffer.remaining()];
octetBuffer.duplicate().get(octets);
for (byte b : octets) {
System.out.printf("%02x ", b & 0xff);
}
Log.d(TAG, );
*/
/* + BC
try {
byte[] octets = new byte[octetBuffer.remaining()];
octetBuffer.duplicate().get(octets);
ASN1InputStream asnin = new ASN1InputStream(octets);
for (int n = 0; n < 100; n++) {
ASN1Primitive object = asnin.readObject();
if (object == null) {
break;
}
parseObject(object, 0);
}
}
catch (Throwable t) {
t.printStackTrace();
}
Collection<Asn1Object> pkcs7Content = Asn1Decoder.decode(octetBuffer);
for (Asn1Object asn1Object : pkcs7Content) {
Log.d(TAG, asn1Object);
}
if (pkcs7Content.size() != 1) {
throw new IOException("Unexpected pkcs 7 container: " + pkcs7Content.size());
}
Asn1Constructed pkcs7Root = (Asn1Constructed) pkcs7Content.iterator().next();
Iterator<Asn1ID> certPath = Arrays.asList(Pkcs7CertPath).iterator();
Asn1Object certObject = pkcs7Root.findObject(certPath);
if (certObject == null || certPath.hasNext()) {
throw new IOException("Failed to find cert; returned object " + certObject +
", path " + (certPath.hasNext() ? "short" : "exhausted"));
}
ByteBuffer certOctets = certObject.getPayload();
if (certOctets == null) {
throw new IOException("No cert payload in: " + certObject);
}
byte[] certBytes = new byte[certOctets.remaining()];
certOctets.get(certBytes);
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
Certificate cert = certFactory.generateCertificate(new ByteArrayInputStream(certBytes));
Log.d(TAG, "EST Cert: " + cert);
*/
URL csrURL = new URL(mURL.getProtocol(), mURL.getHost(), mURL.getPort(), mURL.getFile() + CSR_PATH);
response = httpHandler.doGetHTTP(csrURL);
octetBuffer = response.getBinaryPayload();
byte[] csrData = buildCSR(octetBuffer, mOMADMAdapter, httpHandler);
/**/
Collection<Asn1Object> o = Asn1Decoder.decode(ByteBuffer.wrap(csrData));
Log.d(TAG, "CSR:");
Log.d(TAG, o.iterator().next().toString());
Log.d(TAG, "End CSR.");
/**/
URL enrollURL = new URL(mURL.getProtocol(), mURL.getHost(), mURL.getPort(), mURL.getFile() + (reenroll ? SIMPLE_REENROLL_PATH : SIMPLE_ENROLL_PATH));
String data = Base64.encodeToString(csrData, Base64.DEFAULT);
octetBuffer = httpHandler.exchangeBinary(enrollURL, data, "application/pkcs10");
Collection<Asn1Object> pkcs7Content2 = Asn1Decoder.decode(octetBuffer);
for (Asn1Object asn1Object : pkcs7Content2) {
Log.d(TAG, "---");
Log.d(TAG, asn1Object.toString());
}
mClientCerts.addAll(unpackPkcs7(octetBuffer));
for (X509Certificate cert : mClientCerts) {
Log.d(TAG, cert.toString());
}
}
}
Also used :
HTTPHandler(com.android.hotspot2.osu.HTTPHandler)
HTTPResponse(com.android.hotspot2.utils.HTTPResponse)
IOException(java.io.IOException)
DERBitString(com.android.org.bouncycastle.asn1.DERBitString)
DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString)
DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String)
ByteBuffer(java.nio.ByteBuffer)
URL(java.net.URL)
X509Certificate(java.security.cert.X509Certificate)
Asn1Object(com.android.hotspot2.asn1.Asn1Object)
Example 33 with ASN1Object
use of com.mindbright.asn1.ASN1Object in project platform_frameworks_base by android.
the class ESTHandler method unpackPkcs7.
private static List<X509Certificate> unpackPkcs7(ByteBuffer pkcs7) throws IOException, GeneralSecurityException {
Collection<Asn1Object> pkcs7Content = Asn1Decoder.decode(pkcs7);
if (pkcs7Content.size() != 1) {
throw new IOException("Unexpected pkcs 7 container: " + pkcs7Content.size());
}
Asn1Object data = pkcs7Content.iterator().next();
if (!data.isConstructed() || !data.matches(sSEQUENCE)) {
throw new IOException("Expected SEQ OF, got " + data.toSimpleString());
} else if (data.getChildren().size() != 2) {
throw new IOException("Expected content info to have two children, got " + data.getChildren().size());
}
Iterator<Asn1Object> children = data.getChildren().iterator();
Asn1Object contentType = children.next();
if (!contentType.equals(Asn1Oid.PKCS7SignedData)) {
throw new IOException("Content not PKCS7 signed data");
}
Asn1Object content = children.next();
if (!content.isConstructed() || !content.matches(sCTXT0)) {
throw new IOException("Expected [CONTEXT 0] with one child, got " + content.toSimpleString() + ", " + content.getChildren().size());
}
Asn1Object signedData = content.getChildren().iterator().next();
Map<Integer, Asn1Object> itemMap = new HashMap<>();
for (Asn1Object item : signedData.getChildren()) {
if (itemMap.put(item.getTag(), item) != null && item.getTag() != Asn1Decoder.TAG_SET) {
throw new IOException("Duplicate item in SignedData: " + item.toSimpleString());
}
}
Asn1Object versionObject = itemMap.get(Asn1Decoder.TAG_INTEGER);
if (versionObject == null || !(versionObject instanceof Asn1Integer)) {
throw new IOException("Bad or missing PKCS7 version: " + versionObject);
}
int pkcs7version = (int) ((Asn1Integer) versionObject).getValue();
Asn1Object innerContentInfo = itemMap.get(Asn1Decoder.TAG_SEQ);
if (innerContentInfo == null || !innerContentInfo.isConstructed() || !innerContentInfo.matches(sSEQUENCE) || innerContentInfo.getChildren().size() != 1) {
throw new IOException("Bad or missing PKCS7 contentInfo");
}
Asn1Object contentID = innerContentInfo.getChildren().iterator().next();
if (pkcs7version == PKCS7DataVersion && !contentID.equals(Asn1Oid.PKCS7Data) || pkcs7version == PKCS7SignedDataVersion && !contentID.equals(Asn1Oid.PKCS7SignedData)) {
throw new IOException("Inner PKCS7 content (" + contentID + ") not expected for version " + pkcs7version);
}
Asn1Object certWrapper = itemMap.get(0);
if (certWrapper == null || !certWrapper.isConstructed() || !certWrapper.matches(sCTXT0)) {
throw new IOException("Expected [CONTEXT 0], got: " + certWrapper);
}
List<X509Certificate> certList = new ArrayList<>(certWrapper.getChildren().size());
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
for (Asn1Object certObject : certWrapper.getChildren()) {
ByteBuffer certOctets = ((Asn1Constructed) certObject).getEncoding();
if (certOctets == null) {
throw new IOException("No cert payload in: " + certObject);
}
byte[] certBytes = new byte[certOctets.remaining()];
certOctets.get(certBytes);
certList.add((X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(certBytes)));
}
return certList;
}
Also used :
Asn1Constructed(com.android.hotspot2.asn1.Asn1Constructed)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
IOException(java.io.IOException)
CertificateFactory(java.security.cert.CertificateFactory)
ByteBuffer(java.nio.ByteBuffer)
X509Certificate(java.security.cert.X509Certificate)
Asn1Object(com.android.hotspot2.asn1.Asn1Object)
Asn1Integer(com.android.hotspot2.asn1.Asn1Integer)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Asn1Integer(com.android.hotspot2.asn1.Asn1Integer)
Example 34 with ASN1Object
use of com.mindbright.asn1.ASN1Object in project platform_frameworks_base by android.
the class SPVerifier method getImageData.
private static List<LogoTypeImage> getImageData(Asn1Object logoExtension) throws IOException {
Asn1Constructed logo = castObject(logoExtension, Asn1Constructed.class);
Asn1Constructed communityLogo = castObject(logo.getChildren().iterator().next(), Asn1Constructed.class);
if (communityLogo.getTag() != 0) {
throw new IOException("Expected tag [0] for communityLogos");
}
List<LogoTypeImage> images = new ArrayList<>();
Asn1Constructed communityLogoSeq = castObject(communityLogo.getChildren().iterator().next(), Asn1Constructed.class);
for (Asn1Object logoTypeData : communityLogoSeq.getChildren()) {
if (logoTypeData.getTag() != 0) {
throw new IOException("Expected tag [0] for LogotypeData");
}
for (Asn1Object logoTypeImage : castObject(logoTypeData.getChildren().iterator().next(), Asn1Constructed.class).getChildren()) {
// only read the image SEQUENCE and skip any audio [1] tags
if (logoTypeImage.getAsn1Class() == Asn1Class.Universal) {
images.add(new LogoTypeImage(castObject(logoTypeImage, Asn1Constructed.class)));
}
}
}
return images;
}
Also used :
Asn1Constructed(com.android.hotspot2.asn1.Asn1Constructed)
ArrayList(java.util.ArrayList)
IOException(java.io.IOException)
Asn1Object(com.android.hotspot2.asn1.Asn1Object)
Example 35 with ASN1Object
use of com.mindbright.asn1.ASN1Object in project platform_frameworks_base by android.
the class SPVerifier method checkName.
private void checkName(Asn1Constructed altName) throws IOException {
Map<String, I18Name> friendlyNames = new HashMap<>();
for (Asn1Object name : altName.getChildren()) {
if (name.getAsn1Class() == Asn1Class.Context && name.getTag() == OtherName) {
Asn1Constructed otherName = (Asn1Constructed) name;
Iterator<Asn1Object> children = otherName.getChildren().iterator();
if (children.hasNext()) {
Asn1Object oidObject = children.next();
if (OidMappings.sIdWfaHotspotFriendlyName.equals(oidObject) && children.hasNext()) {
Asn1Constructed value = castObject(children.next(), Asn1Constructed.class);
String text = castObject(value.getChildren().iterator().next(), Asn1String.class).getString();
I18Name friendlyName = new I18Name(text);
friendlyNames.put(friendlyName.getLanguage(), friendlyName);
}
}
}
}
Log.d(OSUManager.TAG, "Friendly names: " + friendlyNames.values());
for (I18Name osuName : mOSUInfo.getOSUProvider().getNames()) {
I18Name friendlyName = friendlyNames.get(osuName.getLanguage());
if (!osuName.equals(friendlyName)) {
throw new IOException("Friendly name '" + osuName + " not in certificate");
}
}
}
Also used :
Asn1Constructed(com.android.hotspot2.asn1.Asn1Constructed)
HashMap(java.util.HashMap)
I18Name(com.android.anqp.I18Name)
Asn1String(com.android.hotspot2.asn1.Asn1String)
Asn1String(com.android.hotspot2.asn1.Asn1String)
IOException(java.io.IOException)
Asn1Object(com.android.hotspot2.asn1.Asn1Object)
Aggregations
IOException (java.io.IOException)35
Asn1Object (com.android.hotspot2.asn1.Asn1Object)25
ASN1Object (org.bouncycastle.asn1.ASN1Object)20
ArrayList (java.util.ArrayList)16
Asn1Constructed (com.android.hotspot2.asn1.Asn1Constructed)15
HashMap (java.util.HashMap)15
Asn1Object (io.churchkey.asn1.Asn1Object)13
DerParser (io.churchkey.asn1.DerParser)12
X509Certificate (java.security.cert.X509Certificate)12
Asn1Integer (com.android.hotspot2.asn1.Asn1Integer)10
DERBitString (com.android.org.bouncycastle.asn1.DERBitString)10
DERIA5String (com.android.org.bouncycastle.asn1.DERIA5String)10
DERPrintableString (com.android.org.bouncycastle.asn1.DERPrintableString)10
ByteBuffer (java.nio.ByteBuffer)10
Key (io.churchkey.Key)8
ByteArrayInputStream (java.io.ByteArrayInputStream)7
I18Name (com.android.anqp.I18Name)5
Asn1Oid (com.android.hotspot2.asn1.Asn1Oid)5
Asn1String (com.android.hotspot2.asn1.Asn1String)5
OidMappings (com.android.hotspot2.asn1.OidMappings)5
