Search in sources :

Example 41 with ASN1Object

use of com.mindbright.asn1.ASN1Object in project android_frameworks_base by DirtyUnicorns.

the class ESTHandler method buildCSR.

private byte[] buildCSR(ByteBuffer octetBuffer, OMADMAdapter omadmAdapter, HTTPHandler httpHandler) throws IOException, GeneralSecurityException {
    //Security.addProvider(new BouncyCastleProvider());
    Log.d(TAG, "/csrattrs:");
    /*
        byte[] octets = new byte[octetBuffer.remaining()];
        octetBuffer.duplicate().get(octets);
        for (byte b : octets) {
            System.out.printf("%02x ", b & 0xff);
        }
        */
    Collection<Asn1Object> csrs = Asn1Decoder.decode(octetBuffer);
    for (Asn1Object asn1Object : csrs) {
        Log.d(TAG, asn1Object.toString());
    }
    if (csrs.size() != 1) {
        throw new IOException("Unexpected object count in CSR attributes response: " + csrs.size());
    }
    Asn1Object sequence = csrs.iterator().next();
    if (sequence.getClass() != Asn1Constructed.class) {
        throw new IOException("Unexpected CSR attribute container: " + sequence);
    }
    String keyAlgo = null;
    Asn1Oid keyAlgoOID = null;
    String sigAlgo = null;
    String curveName = null;
    Asn1Oid pubCrypto = null;
    int keySize = -1;
    Map<Asn1Oid, ASN1Encodable> idAttributes = new HashMap<>();
    for (Asn1Object child : sequence.getChildren()) {
        if (child.getTag() == Asn1Decoder.TAG_OID) {
            Asn1Oid oid = (Asn1Oid) child;
            OidMappings.SigEntry sigEntry = OidMappings.getSigEntry(oid);
            if (sigEntry != null) {
                sigAlgo = sigEntry.getSigAlgo();
                keyAlgoOID = sigEntry.getKeyAlgo();
                keyAlgo = OidMappings.getJCEName(keyAlgoOID);
            } else if (oid.equals(OidMappings.sPkcs9AtChallengePassword)) {
                byte[] tlsUnique = httpHandler.getTLSUnique();
                if (tlsUnique != null) {
                    idAttributes.put(oid, new DERPrintableString(Base64.encodeToString(tlsUnique, Base64.DEFAULT)));
                } else {
                    Log.w(TAG, "Cannot retrieve TLS unique channel binding");
                }
            }
        } else if (child.getTag() == Asn1Decoder.TAG_SEQ) {
            Asn1Oid oid = null;
            Set<Asn1Oid> oidValues = new HashSet<>();
            List<Asn1Object> values = new ArrayList<>();
            for (Asn1Object attributeSeq : child.getChildren()) {
                if (attributeSeq.getTag() == Asn1Decoder.TAG_OID) {
                    oid = (Asn1Oid) attributeSeq;
                } else if (attributeSeq.getTag() == Asn1Decoder.TAG_SET) {
                    for (Asn1Object value : attributeSeq.getChildren()) {
                        if (value.getTag() == Asn1Decoder.TAG_OID) {
                            oidValues.add((Asn1Oid) value);
                        } else {
                            values.add(value);
                        }
                    }
                }
            }
            if (oid == null) {
                throw new IOException("Invalid attribute, no OID");
            }
            if (oid.equals(OidMappings.sExtensionRequest)) {
                for (Asn1Oid subOid : oidValues) {
                    if (OidMappings.isIDAttribute(subOid)) {
                        if (subOid.equals(OidMappings.sMAC)) {
                            idAttributes.put(subOid, new DERIA5String(omadmAdapter.getMAC()));
                        } else if (subOid.equals(OidMappings.sIMEI)) {
                            idAttributes.put(subOid, new DERIA5String(omadmAdapter.getImei()));
                        } else if (subOid.equals(OidMappings.sMEID)) {
                            idAttributes.put(subOid, new DERBitString(omadmAdapter.getMeid()));
                        } else if (subOid.equals(OidMappings.sDevID)) {
                            idAttributes.put(subOid, new DERPrintableString(omadmAdapter.getDevID()));
                        }
                    }
                }
            } else if (OidMappings.getCryptoID(oid) != null) {
                pubCrypto = oid;
                if (!values.isEmpty()) {
                    for (Asn1Object value : values) {
                        if (value.getTag() == Asn1Decoder.TAG_INTEGER) {
                            keySize = (int) ((Asn1Integer) value).getValue();
                        }
                    }
                }
                if (oid.equals(OidMappings.sAlgo_EC)) {
                    if (oidValues.isEmpty()) {
                        throw new IOException("No ECC curve name provided");
                    }
                    for (Asn1Oid value : oidValues) {
                        curveName = OidMappings.getJCEName(value);
                        if (curveName != null) {
                            break;
                        }
                    }
                    if (curveName == null) {
                        throw new IOException("Found no ECC curve for " + oidValues);
                    }
                }
            }
        }
    }
    if (keyAlgoOID == null) {
        throw new IOException("No public key algorithm specified");
    }
    if (pubCrypto != null && !pubCrypto.equals(keyAlgoOID)) {
        throw new IOException("Mismatching key algorithms");
    }
    if (keyAlgoOID.equals(OidMappings.sAlgo_RSA)) {
        if (keySize < MinRSAKeySize) {
            if (keySize >= 0) {
                Log.i(TAG, "Upgrading suggested RSA key size from " + keySize + " to " + MinRSAKeySize);
            }
            keySize = MinRSAKeySize;
        }
    }
    Log.d(TAG, String.format("pub key '%s', signature '%s', ECC curve '%s', id-atts %s", keyAlgo, sigAlgo, curveName, idAttributes));
    /*
          Ruckus:
            SEQUENCE:
              OID=1.2.840.113549.1.1.11 (algo_id_sha256WithRSAEncryption)

          RFC-7030:
            SEQUENCE:
              OID=1.2.840.113549.1.9.7 (challengePassword)
              SEQUENCE:
                OID=1.2.840.10045.2.1 (algo_id_ecPublicKey)
                SET:
                  OID=1.3.132.0.34 (secp384r1)
              SEQUENCE:
                OID=1.2.840.113549.1.9.14 (extensionRequest)
                SET:
                  OID=1.3.6.1.1.1.1.22 (mac-address)
              OID=1.2.840.10045.4.3.3 (eccdaWithSHA384)

              1L, 3L, 6L, 1L, 1L, 1L, 1L, 22
         */
    // ECC Does not appear to be supported currently
    KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgo);
    if (curveName != null) {
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(keyAlgo);
        algorithmParameters.init(new ECNamedCurveGenParameterSpec(curveName));
        kpg.initialize(algorithmParameters.getParameterSpec(ECNamedCurveGenParameterSpec.class));
    } else {
        kpg.initialize(keySize);
    }
    KeyPair kp = kpg.generateKeyPair();
    X500Principal subject = new X500Principal("CN=Android, O=Google, C=US");
    mClientKey = kp.getPrivate();
    // !!! Map the idAttributes into an ASN1Set of values to pass to
    // the PKCS10CertificationRequest - this code is using outdated BC classes and
    // has *not* been tested.
    ASN1Set attributes;
    if (!idAttributes.isEmpty()) {
        ASN1EncodableVector payload = new DEREncodableVector();
        for (Map.Entry<Asn1Oid, ASN1Encodable> entry : idAttributes.entrySet()) {
            DERObjectIdentifier type = new DERObjectIdentifier(entry.getKey().toOIDString());
            ASN1Set values = new DERSet(entry.getValue());
            Attribute attribute = new Attribute(type, values);
            payload.add(attribute);
        }
        attributes = new DERSet(payload);
    } else {
        attributes = null;
    }
    return new PKCS10CertificationRequest(sigAlgo, subject, kp.getPublic(), attributes, mClientKey).getEncoded();
}
Also used : DERSet(com.android.org.bouncycastle.asn1.DERSet) ASN1Set(com.android.org.bouncycastle.asn1.ASN1Set) Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) Attribute(com.android.org.bouncycastle.asn1.x509.Attribute) DERBitString(com.android.org.bouncycastle.asn1.DERBitString) DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString) DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String) DERSet(com.android.org.bouncycastle.asn1.DERSet) DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String) Asn1Integer(com.android.hotspot2.asn1.Asn1Integer) DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString) ASN1EncodableVector(com.android.org.bouncycastle.asn1.ASN1EncodableVector) List(java.util.List) ArrayList(java.util.ArrayList) ASN1Encodable(com.android.org.bouncycastle.asn1.ASN1Encodable) PKCS10CertificationRequest(com.android.org.bouncycastle.jce.PKCS10CertificationRequest) Asn1Oid(com.android.hotspot2.asn1.Asn1Oid) KeyPair(java.security.KeyPair) ECNamedCurveGenParameterSpec(com.android.org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec) DEREncodableVector(com.android.org.bouncycastle.asn1.DEREncodableVector) DERBitString(com.android.org.bouncycastle.asn1.DERBitString) IOException(java.io.IOException) KeyPairGenerator(java.security.KeyPairGenerator) DERObjectIdentifier(com.android.org.bouncycastle.asn1.DERObjectIdentifier) Asn1Object(com.android.hotspot2.asn1.Asn1Object) OidMappings(com.android.hotspot2.asn1.OidMappings) ASN1Set(com.android.org.bouncycastle.asn1.ASN1Set) X500Principal(javax.security.auth.x500.X500Principal) Map(java.util.Map) HashMap(java.util.HashMap) AlgorithmParameters(java.security.AlgorithmParameters)

Example 42 with ASN1Object

use of com.mindbright.asn1.ASN1Object in project android_frameworks_base by crdroidandroid.

the class SPVerifier method checkName.

private void checkName(Asn1Constructed altName) throws IOException {
    Map<String, I18Name> friendlyNames = new HashMap<>();
    for (Asn1Object name : altName.getChildren()) {
        if (name.getAsn1Class() == Asn1Class.Context && name.getTag() == OtherName) {
            Asn1Constructed otherName = (Asn1Constructed) name;
            Iterator<Asn1Object> children = otherName.getChildren().iterator();
            if (children.hasNext()) {
                Asn1Object oidObject = children.next();
                if (OidMappings.sIdWfaHotspotFriendlyName.equals(oidObject) && children.hasNext()) {
                    Asn1Constructed value = castObject(children.next(), Asn1Constructed.class);
                    String text = castObject(value.getChildren().iterator().next(), Asn1String.class).getString();
                    I18Name friendlyName = new I18Name(text);
                    friendlyNames.put(friendlyName.getLanguage(), friendlyName);
                }
            }
        }
    }
    Log.d(OSUManager.TAG, "Friendly names: " + friendlyNames.values());
    for (I18Name osuName : mOSUInfo.getOSUProvider().getNames()) {
        I18Name friendlyName = friendlyNames.get(osuName.getLanguage());
        if (!osuName.equals(friendlyName)) {
            throw new IOException("Friendly name '" + osuName + " not in certificate");
        }
    }
}
Also used : Asn1Constructed(com.android.hotspot2.asn1.Asn1Constructed) HashMap(java.util.HashMap) I18Name(com.android.anqp.I18Name) Asn1String(com.android.hotspot2.asn1.Asn1String) Asn1String(com.android.hotspot2.asn1.Asn1String) IOException(java.io.IOException) Asn1Object(com.android.hotspot2.asn1.Asn1Object)

Example 43 with ASN1Object

use of com.mindbright.asn1.ASN1Object in project android_frameworks_base by crdroidandroid.

the class ESTHandler method execute.

public void execute(boolean reenroll) throws IOException, GeneralSecurityException {
    URL caURL = new URL(mURL.getProtocol(), mURL.getHost(), mURL.getPort(), mURL.getFile() + CACERT_PATH);
    HTTPResponse response;
    try (HTTPHandler httpHandler = new HTTPHandler(StandardCharsets.ISO_8859_1, mSocketFactory, mUser, mPassword)) {
        response = httpHandler.doGetHTTP(caURL);
        if (!"application/pkcs7-mime".equals(response.getHeaders().get(HTTPMessage.ContentTypeHeader))) {
            throw new IOException("Unexpected Content-Type: " + response.getHeaders().get(HTTPMessage.ContentTypeHeader));
        }
        ByteBuffer octetBuffer = response.getBinaryPayload();
        Collection<Asn1Object> pkcs7Content1 = Asn1Decoder.decode(octetBuffer);
        for (Asn1Object asn1Object : pkcs7Content1) {
            Log.d(TAG, "---");
            Log.d(TAG, asn1Object.toString());
        }
        Log.d(TAG, CACERT_PATH);
        mCACerts.addAll(unpackPkcs7(octetBuffer));
        for (X509Certificate certificate : mCACerts) {
            Log.d(TAG, "CA-Cert: " + certificate.getSubjectX500Principal());
        }
        /*
            byte[] octets = new byte[octetBuffer.remaining()];
            octetBuffer.duplicate().get(octets);
            for (byte b : octets) {
                System.out.printf("%02x ", b & 0xff);
            }
            Log.d(TAG, );
            */
        /* + BC
            try {
                byte[] octets = new byte[octetBuffer.remaining()];
                octetBuffer.duplicate().get(octets);
                ASN1InputStream asnin = new ASN1InputStream(octets);
                for (int n = 0; n < 100; n++) {
                    ASN1Primitive object = asnin.readObject();
                    if (object == null) {
                        break;
                    }
                    parseObject(object, 0);
                }
            }
            catch (Throwable t) {
                t.printStackTrace();
            }

            Collection<Asn1Object> pkcs7Content = Asn1Decoder.decode(octetBuffer);
            for (Asn1Object asn1Object : pkcs7Content) {
                Log.d(TAG, asn1Object);
            }

            if (pkcs7Content.size() != 1) {
                throw new IOException("Unexpected pkcs 7 container: " + pkcs7Content.size());
            }

            Asn1Constructed pkcs7Root = (Asn1Constructed) pkcs7Content.iterator().next();
            Iterator<Asn1ID> certPath = Arrays.asList(Pkcs7CertPath).iterator();
            Asn1Object certObject = pkcs7Root.findObject(certPath);
            if (certObject == null || certPath.hasNext()) {
                throw new IOException("Failed to find cert; returned object " + certObject +
                        ", path " + (certPath.hasNext() ? "short" : "exhausted"));
            }

            ByteBuffer certOctets = certObject.getPayload();
            if (certOctets == null) {
                throw new IOException("No cert payload in: " + certObject);
            }

            byte[] certBytes = new byte[certOctets.remaining()];
            certOctets.get(certBytes);

            CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
            Certificate cert = certFactory.generateCertificate(new ByteArrayInputStream(certBytes));
            Log.d(TAG, "EST Cert: " + cert);
            */
        URL csrURL = new URL(mURL.getProtocol(), mURL.getHost(), mURL.getPort(), mURL.getFile() + CSR_PATH);
        response = httpHandler.doGetHTTP(csrURL);
        octetBuffer = response.getBinaryPayload();
        byte[] csrData = buildCSR(octetBuffer, mOMADMAdapter, httpHandler);
        /**/
        Collection<Asn1Object> o = Asn1Decoder.decode(ByteBuffer.wrap(csrData));
        Log.d(TAG, "CSR:");
        Log.d(TAG, o.iterator().next().toString());
        Log.d(TAG, "End CSR.");
        /**/
        URL enrollURL = new URL(mURL.getProtocol(), mURL.getHost(), mURL.getPort(), mURL.getFile() + (reenroll ? SIMPLE_REENROLL_PATH : SIMPLE_ENROLL_PATH));
        String data = Base64.encodeToString(csrData, Base64.DEFAULT);
        octetBuffer = httpHandler.exchangeBinary(enrollURL, data, "application/pkcs10");
        Collection<Asn1Object> pkcs7Content2 = Asn1Decoder.decode(octetBuffer);
        for (Asn1Object asn1Object : pkcs7Content2) {
            Log.d(TAG, "---");
            Log.d(TAG, asn1Object.toString());
        }
        mClientCerts.addAll(unpackPkcs7(octetBuffer));
        for (X509Certificate cert : mClientCerts) {
            Log.d(TAG, cert.toString());
        }
    }
}
Also used : HTTPHandler(com.android.hotspot2.osu.HTTPHandler) HTTPResponse(com.android.hotspot2.utils.HTTPResponse) IOException(java.io.IOException) DERBitString(com.android.org.bouncycastle.asn1.DERBitString) DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString) DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String) ByteBuffer(java.nio.ByteBuffer) URL(java.net.URL) X509Certificate(java.security.cert.X509Certificate) Asn1Object(com.android.hotspot2.asn1.Asn1Object)

Example 44 with ASN1Object

use of com.mindbright.asn1.ASN1Object in project android_frameworks_base by crdroidandroid.

the class ESTHandler method buildCSR.

private byte[] buildCSR(ByteBuffer octetBuffer, OMADMAdapter omadmAdapter, HTTPHandler httpHandler) throws IOException, GeneralSecurityException {
    //Security.addProvider(new BouncyCastleProvider());
    Log.d(TAG, "/csrattrs:");
    /*
        byte[] octets = new byte[octetBuffer.remaining()];
        octetBuffer.duplicate().get(octets);
        for (byte b : octets) {
            System.out.printf("%02x ", b & 0xff);
        }
        */
    Collection<Asn1Object> csrs = Asn1Decoder.decode(octetBuffer);
    for (Asn1Object asn1Object : csrs) {
        Log.d(TAG, asn1Object.toString());
    }
    if (csrs.size() != 1) {
        throw new IOException("Unexpected object count in CSR attributes response: " + csrs.size());
    }
    Asn1Object sequence = csrs.iterator().next();
    if (sequence.getClass() != Asn1Constructed.class) {
        throw new IOException("Unexpected CSR attribute container: " + sequence);
    }
    String keyAlgo = null;
    Asn1Oid keyAlgoOID = null;
    String sigAlgo = null;
    String curveName = null;
    Asn1Oid pubCrypto = null;
    int keySize = -1;
    Map<Asn1Oid, ASN1Encodable> idAttributes = new HashMap<>();
    for (Asn1Object child : sequence.getChildren()) {
        if (child.getTag() == Asn1Decoder.TAG_OID) {
            Asn1Oid oid = (Asn1Oid) child;
            OidMappings.SigEntry sigEntry = OidMappings.getSigEntry(oid);
            if (sigEntry != null) {
                sigAlgo = sigEntry.getSigAlgo();
                keyAlgoOID = sigEntry.getKeyAlgo();
                keyAlgo = OidMappings.getJCEName(keyAlgoOID);
            } else if (oid.equals(OidMappings.sPkcs9AtChallengePassword)) {
                byte[] tlsUnique = httpHandler.getTLSUnique();
                if (tlsUnique != null) {
                    idAttributes.put(oid, new DERPrintableString(Base64.encodeToString(tlsUnique, Base64.DEFAULT)));
                } else {
                    Log.w(TAG, "Cannot retrieve TLS unique channel binding");
                }
            }
        } else if (child.getTag() == Asn1Decoder.TAG_SEQ) {
            Asn1Oid oid = null;
            Set<Asn1Oid> oidValues = new HashSet<>();
            List<Asn1Object> values = new ArrayList<>();
            for (Asn1Object attributeSeq : child.getChildren()) {
                if (attributeSeq.getTag() == Asn1Decoder.TAG_OID) {
                    oid = (Asn1Oid) attributeSeq;
                } else if (attributeSeq.getTag() == Asn1Decoder.TAG_SET) {
                    for (Asn1Object value : attributeSeq.getChildren()) {
                        if (value.getTag() == Asn1Decoder.TAG_OID) {
                            oidValues.add((Asn1Oid) value);
                        } else {
                            values.add(value);
                        }
                    }
                }
            }
            if (oid == null) {
                throw new IOException("Invalid attribute, no OID");
            }
            if (oid.equals(OidMappings.sExtensionRequest)) {
                for (Asn1Oid subOid : oidValues) {
                    if (OidMappings.isIDAttribute(subOid)) {
                        if (subOid.equals(OidMappings.sMAC)) {
                            idAttributes.put(subOid, new DERIA5String(omadmAdapter.getMAC()));
                        } else if (subOid.equals(OidMappings.sIMEI)) {
                            idAttributes.put(subOid, new DERIA5String(omadmAdapter.getImei()));
                        } else if (subOid.equals(OidMappings.sMEID)) {
                            idAttributes.put(subOid, new DERBitString(omadmAdapter.getMeid()));
                        } else if (subOid.equals(OidMappings.sDevID)) {
                            idAttributes.put(subOid, new DERPrintableString(omadmAdapter.getDevID()));
                        }
                    }
                }
            } else if (OidMappings.getCryptoID(oid) != null) {
                pubCrypto = oid;
                if (!values.isEmpty()) {
                    for (Asn1Object value : values) {
                        if (value.getTag() == Asn1Decoder.TAG_INTEGER) {
                            keySize = (int) ((Asn1Integer) value).getValue();
                        }
                    }
                }
                if (oid.equals(OidMappings.sAlgo_EC)) {
                    if (oidValues.isEmpty()) {
                        throw new IOException("No ECC curve name provided");
                    }
                    for (Asn1Oid value : oidValues) {
                        curveName = OidMappings.getJCEName(value);
                        if (curveName != null) {
                            break;
                        }
                    }
                    if (curveName == null) {
                        throw new IOException("Found no ECC curve for " + oidValues);
                    }
                }
            }
        }
    }
    if (keyAlgoOID == null) {
        throw new IOException("No public key algorithm specified");
    }
    if (pubCrypto != null && !pubCrypto.equals(keyAlgoOID)) {
        throw new IOException("Mismatching key algorithms");
    }
    if (keyAlgoOID.equals(OidMappings.sAlgo_RSA)) {
        if (keySize < MinRSAKeySize) {
            if (keySize >= 0) {
                Log.i(TAG, "Upgrading suggested RSA key size from " + keySize + " to " + MinRSAKeySize);
            }
            keySize = MinRSAKeySize;
        }
    }
    Log.d(TAG, String.format("pub key '%s', signature '%s', ECC curve '%s', id-atts %s", keyAlgo, sigAlgo, curveName, idAttributes));
    /*
          Ruckus:
            SEQUENCE:
              OID=1.2.840.113549.1.1.11 (algo_id_sha256WithRSAEncryption)

          RFC-7030:
            SEQUENCE:
              OID=1.2.840.113549.1.9.7 (challengePassword)
              SEQUENCE:
                OID=1.2.840.10045.2.1 (algo_id_ecPublicKey)
                SET:
                  OID=1.3.132.0.34 (secp384r1)
              SEQUENCE:
                OID=1.2.840.113549.1.9.14 (extensionRequest)
                SET:
                  OID=1.3.6.1.1.1.1.22 (mac-address)
              OID=1.2.840.10045.4.3.3 (eccdaWithSHA384)

              1L, 3L, 6L, 1L, 1L, 1L, 1L, 22
         */
    // ECC Does not appear to be supported currently
    KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgo);
    if (curveName != null) {
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(keyAlgo);
        algorithmParameters.init(new ECNamedCurveGenParameterSpec(curveName));
        kpg.initialize(algorithmParameters.getParameterSpec(ECNamedCurveGenParameterSpec.class));
    } else {
        kpg.initialize(keySize);
    }
    KeyPair kp = kpg.generateKeyPair();
    X500Principal subject = new X500Principal("CN=Android, O=Google, C=US");
    mClientKey = kp.getPrivate();
    // !!! Map the idAttributes into an ASN1Set of values to pass to
    // the PKCS10CertificationRequest - this code is using outdated BC classes and
    // has *not* been tested.
    ASN1Set attributes;
    if (!idAttributes.isEmpty()) {
        ASN1EncodableVector payload = new DEREncodableVector();
        for (Map.Entry<Asn1Oid, ASN1Encodable> entry : idAttributes.entrySet()) {
            DERObjectIdentifier type = new DERObjectIdentifier(entry.getKey().toOIDString());
            ASN1Set values = new DERSet(entry.getValue());
            Attribute attribute = new Attribute(type, values);
            payload.add(attribute);
        }
        attributes = new DERSet(payload);
    } else {
        attributes = null;
    }
    return new PKCS10CertificationRequest(sigAlgo, subject, kp.getPublic(), attributes, mClientKey).getEncoded();
}
Also used : DERSet(com.android.org.bouncycastle.asn1.DERSet) ASN1Set(com.android.org.bouncycastle.asn1.ASN1Set) Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) Attribute(com.android.org.bouncycastle.asn1.x509.Attribute) DERBitString(com.android.org.bouncycastle.asn1.DERBitString) DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString) DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String) DERSet(com.android.org.bouncycastle.asn1.DERSet) DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String) Asn1Integer(com.android.hotspot2.asn1.Asn1Integer) DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString) ASN1EncodableVector(com.android.org.bouncycastle.asn1.ASN1EncodableVector) List(java.util.List) ArrayList(java.util.ArrayList) ASN1Encodable(com.android.org.bouncycastle.asn1.ASN1Encodable) PKCS10CertificationRequest(com.android.org.bouncycastle.jce.PKCS10CertificationRequest) Asn1Oid(com.android.hotspot2.asn1.Asn1Oid) KeyPair(java.security.KeyPair) ECNamedCurveGenParameterSpec(com.android.org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec) DEREncodableVector(com.android.org.bouncycastle.asn1.DEREncodableVector) DERBitString(com.android.org.bouncycastle.asn1.DERBitString) IOException(java.io.IOException) KeyPairGenerator(java.security.KeyPairGenerator) DERObjectIdentifier(com.android.org.bouncycastle.asn1.DERObjectIdentifier) Asn1Object(com.android.hotspot2.asn1.Asn1Object) OidMappings(com.android.hotspot2.asn1.OidMappings) ASN1Set(com.android.org.bouncycastle.asn1.ASN1Set) X500Principal(javax.security.auth.x500.X500Principal) Map(java.util.Map) HashMap(java.util.HashMap) AlgorithmParameters(java.security.AlgorithmParameters)

Example 45 with ASN1Object

use of com.mindbright.asn1.ASN1Object in project candlepin by candlepin.

the class X509CRLStreamWriter method offsetNextUpdate.

/**
 * Write a new nextUpdate time that is the same amount of time ahead of the new thisUpdate
 * time as the old nextUpdate was from the old thisUpdate.
 *
 * @param out
 * @param tagNo
 * @param oldThisUpdate
 * @throws IOException
 */
protected void offsetNextUpdate(OutputStream out, int tagNo, Date oldThisUpdate) throws IOException {
    int originalLength = readLength(crlIn, null);
    byte[] oldBytes = new byte[originalLength];
    readFullyAndTrack(crlIn, oldBytes, null);
    ASN1Object oldTime = null;
    if (tagNo == UTC_TIME) {
        ASN1TaggedObject t = new DERTaggedObject(UTC_TIME, new DEROctetString(oldBytes));
        oldTime = ASN1UTCTime.getInstance(t, false);
    } else {
        ASN1TaggedObject t = new DERTaggedObject(GENERALIZED_TIME, new DEROctetString(oldBytes));
        oldTime = ASN1GeneralizedTime.getInstance(t, false);
    }
    /* Determine the time between the old thisUpdate and old nextUpdate and add it
        /* to the new nextUpdate. */
    Date oldNextUpdate = Time.getInstance(oldTime).getDate();
    long delta = oldNextUpdate.getTime() - oldThisUpdate.getTime();
    Date newNextUpdate = new Date(new Date().getTime() + delta);
    ASN1Object newTime = null;
    if (tagNo == UTC_TIME) {
        newTime = new DERUTCTime(newNextUpdate);
    } else {
        newTime = new DERGeneralizedTime(newNextUpdate);
    }
    writeNewTime(out, newTime, originalLength);
}
Also used : DERGeneralizedTime(org.bouncycastle.asn1.DERGeneralizedTime) DERUTCTime(org.bouncycastle.asn1.DERUTCTime) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) ASN1Object(org.bouncycastle.asn1.ASN1Object) DEROctetString(org.bouncycastle.asn1.DEROctetString) Date(java.util.Date)

Aggregations

IOException (java.io.IOException)35 Asn1Object (com.android.hotspot2.asn1.Asn1Object)25 ASN1Object (org.bouncycastle.asn1.ASN1Object)20 ArrayList (java.util.ArrayList)16 Asn1Constructed (com.android.hotspot2.asn1.Asn1Constructed)15 HashMap (java.util.HashMap)15 Asn1Object (io.churchkey.asn1.Asn1Object)13 DerParser (io.churchkey.asn1.DerParser)12 X509Certificate (java.security.cert.X509Certificate)12 Asn1Integer (com.android.hotspot2.asn1.Asn1Integer)10 DERBitString (com.android.org.bouncycastle.asn1.DERBitString)10 DERIA5String (com.android.org.bouncycastle.asn1.DERIA5String)10 DERPrintableString (com.android.org.bouncycastle.asn1.DERPrintableString)10 ByteBuffer (java.nio.ByteBuffer)10 Key (io.churchkey.Key)8 ByteArrayInputStream (java.io.ByteArrayInputStream)7 I18Name (com.android.anqp.I18Name)5 Asn1Oid (com.android.hotspot2.asn1.Asn1Oid)5 Asn1String (com.android.hotspot2.asn1.Asn1String)5 OidMappings (com.android.hotspot2.asn1.OidMappings)5