Examples with ASN1ObjectIdentifier com.unboundid.asn1.ASN1ObjectIdentifier used on opensource projects

Example 6 with ASN1ObjectIdentifier

use of com.unboundid.asn1.ASN1ObjectIdentifier in project sshj by hierynomus.

the class DSAPrivateKeyInfoKeyPairConverter method getKeyPair.

/**
 * Get PEM Key Pair calculating DSA Public Key from DSA Private Key Information
 *
 * @param privateKeyInfo DSA Private Key Information
 * @return PEM Key Pair
 * @throws IOException Thrown on Public Key parsing failures
 */
@Override
public PEMKeyPair getKeyPair(final PrivateKeyInfo privateKeyInfo) throws IOException {
    Objects.requireNonNull(privateKeyInfo, "Private Key Info required");
    final AlgorithmIdentifier algorithmIdentifier = privateKeyInfo.getPrivateKeyAlgorithm();
    final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
    if (X9ObjectIdentifiers.id_dsa.equals(algorithm)) {
        logger.debug("DSA Algorithm Found [{}]", algorithm);
    } else {
        throw new IllegalArgumentException(String.format("DSA Algorithm OID required [%s]", algorithm));
    }
    final ASN1Integer encodedPublicKey = getEncodedPublicKey(privateKeyInfo);
    final SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algorithmIdentifier, encodedPublicKey);
    return new PEMKeyPair(subjectPublicKeyInfo, privateKeyInfo);
}

Example 7 with ASN1ObjectIdentifier

use of com.unboundid.asn1.ASN1ObjectIdentifier in project sshj by hierynomus.

the class ECDSAPrivateKeyInfoKeyPairConverter method getKeyPair.

/**
 * Get PEM Key Pair calculating ECDSA Public Key from ECDSA Private Key Information
 *
 * @param privateKeyInfo ECDSA Private Key Information
 * @return PEM Key Pair
 * @throws IOException Thrown on Public Key parsing failures
 */
@Override
public PEMKeyPair getKeyPair(final PrivateKeyInfo privateKeyInfo) throws IOException {
    Objects.requireNonNull(privateKeyInfo, "Private Key Info required");
    final AlgorithmIdentifier algorithmIdentifier = privateKeyInfo.getPrivateKeyAlgorithm();
    final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
    if (X9ObjectIdentifiers.id_ecPublicKey.equals(algorithm)) {
        logger.debug("ECDSA Algorithm Found [{}]", algorithm);
    } else {
        throw new IllegalArgumentException(String.format("ECDSA Algorithm OID required [%s]", algorithm));
    }
    final byte[] encodedPublicKey = getEncodedPublicKey(privateKeyInfo);
    final SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algorithmIdentifier, encodedPublicKey);
    return new PEMKeyPair(subjectPublicKeyInfo, privateKeyInfo);
}

Example 8 with ASN1ObjectIdentifier

use of com.unboundid.asn1.ASN1ObjectIdentifier in project sshj by hierynomus.

the class RSAPrivateKeyInfoKeyPairConverter method getKeyPair.

/**
 * Get PEM Key Pair parsing RSA Public Key attributes from RSA Private Key Information
 *
 * @param privateKeyInfo RSA Private Key Information
 * @return PEM Key Pair
 * @throws IOException Thrown on Public Key parsing failures
 */
@Override
public PEMKeyPair getKeyPair(final PrivateKeyInfo privateKeyInfo) throws IOException {
    Objects.requireNonNull(privateKeyInfo, "Private Key Info required");
    final AlgorithmIdentifier algorithmIdentifier = privateKeyInfo.getPrivateKeyAlgorithm();
    final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
    if (PKCSObjectIdentifiers.rsaEncryption.equals(algorithm)) {
        logger.debug("RSA Algorithm Found [{}]", algorithm);
    } else {
        throw new IllegalArgumentException(String.format("RSA Algorithm OID required [%s]", algorithm));
    }
    final RSAPublicKey rsaPublicKey = getRsaPublicKey(privateKeyInfo);
    final SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algorithmIdentifier, rsaPublicKey);
    return new PEMKeyPair(subjectPublicKeyInfo, privateKeyInfo);
}

Example 9 with ASN1ObjectIdentifier

use of com.unboundid.asn1.ASN1ObjectIdentifier in project powerauth-webflow by wultra.

the class ICACertificateParser method parse.

/**
 * Parse certificate in PEM format and return structured information about organization.
 *
 * @param certificatePem Certificate in PEM format.
 * @return Structured certificate information.
 * @throws CertificateException In case certificate cannot be parsed (or in rare case X.509 is not supported).
 */
public CertInfo parse(String certificatePem) throws CertificateException {
    // Check for null certificate value
    if (certificatePem == null) {
        throw new CertificateException("Certificate in PEM format not found.");
    }
    // Handle the URL encoded certificates
    if (certificatePem.startsWith("-----BEGIN%20CERTIFICATE-----")) {
        // certificate is URL encoded by nginx.
        try {
            certificatePem = URLDecoder.decode(certificatePem, StandardCharsets.UTF_8.toString());
        } catch (UnsupportedEncodingException e) {
            throw new CertificateException("Unable to extract certificate in PEM format (nginx).");
        }
    }
    // Replace spaces in Apache forwarded certificate by newlines correctly
    certificatePem = certificatePem.replaceAll(" ", "\n").replace("-----BEGIN\nCERTIFICATE-----", "-----BEGIN CERTIFICATE-----").replace("-----END\nCERTIFICATE-----", "-----END CERTIFICATE-----");
    final CertificateFactory cf = CertificateFactory.getInstance("X.509");
    final ByteArrayInputStream bais = new ByteArrayInputStream(certificatePem.getBytes(StandardCharsets.UTF_8));
    X509Certificate cert = (X509Certificate) cf.generateCertificate(bais);
    try {
        final byte[] qcStatement = cert.getExtensionValue("1.3.6.1.5.5.7.1.3");
        if (qcStatement == null) {
            throw new CertificateException("Unable to extract PSD2 mandates.");
        }
        final ASN1Primitive qcStatementAsn1Primitive = JcaX509ExtensionUtils.parseExtensionValue(qcStatement);
        if (qcStatementAsn1Primitive == null) {
            throw new CertificateException("Unable to extract PSD2 mandates from extension value.");
        }
        final DLSequence it = ((DLSequence) qcStatementAsn1Primitive);
        Set<CertInfo.PSD2> psd2Mandates = new HashSet<>();
        for (ASN1Encodable asn1Primitive : it) {
            if (asn1Primitive instanceof DLSequence) {
                DLSequence sequence = (DLSequence) asn1Primitive;
                if (sequence.size() == 2) {
                    ASN1ObjectIdentifier id = (ASN1ObjectIdentifier) sequence.getObjectAt(0);
                    DLSequence mandates = (DLSequence) sequence.getObjectAt(1);
                    if (psd2.equals(id.getId())) {
                        for (ASN1Encodable mandate : mandates) {
                            if (mandate instanceof DLSequence) {
                                for (ASN1Encodable seq : (DLSequence) mandate) {
                                    DLSequence a = (DLSequence) seq;
                                    final ASN1ObjectIdentifier identifier = (ASN1ObjectIdentifier) ((DLSequence) seq).getObjectAt(0);
                                    if (psp_as.equals(identifier.getId())) {
                                        psd2Mandates.add(CertInfo.PSD2.PSP_AS);
                                    }
                                    if (psp_ai.equals(identifier.getId())) {
                                        psd2Mandates.add(CertInfo.PSD2.PSP_AI);
                                    }
                                    if (psp_pi.equals(identifier.getId())) {
                                        psd2Mandates.add(CertInfo.PSD2.PSP_PI);
                                    }
                                    if (psp_ic.equals(identifier.getId())) {
                                        psd2Mandates.add(CertInfo.PSD2.PSP_IC);
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
        final List<AVA> avaList = ((X500Name) cert.getSubjectDN()).allAvas();
        String country = null;
        String serialNumber = null;
        String commonName = null;
        String psd2License = null;
        String organization = null;
        String street = null;
        String city = null;
        String zipCode = null;
        String region = null;
        String website = null;
        for (AVA ava : avaList) {
            final String oid = ava.getObjectIdentifier().toString();
            final String val = ava.getValueString();
            switch(oid) {
                case "2.5.4.6":
                    {
                        // C=CZ => 2.5.4.6
                        country = val;
                        break;
                    }
                case "2.5.4.3":
                    {
                        // CN=cnb.cz => 2.5.4.3
                        commonName = val;
                        website = "https://" + val;
                        break;
                    }
                case "2.5.4.10":
                    {
                        // O=ČESKÁ NÁRODNÍ BANKA => 2.5.4.10
                        organization = val;
                        break;
                    }
                case "2.5.4.9":
                    {
                        // STREET=Na příkopě 864/28 => 2.5.4.9
                        street = val;
                        break;
                    }
                case "2.5.4.7":
                    {
                        // L=Praha 1 => 2.5.4.7
                        city = val;
                        break;
                    }
                case "2.5.4.17":
                    {
                        // OID.2.5.4.17=11000 => 2.5.4.17
                        zipCode = val;
                        break;
                    }
                case "2.5.4.5":
                    {
                        // SERIALNUMBER=48136450 => 2.5.4.5
                        serialNumber = val;
                        break;
                    }
                case "2.5.4.8":
                    {
                        // ST=Hlavní město Praha => 2.5.4.8
                        region = val;
                        break;
                    }
                case "2.5.4.97":
                    {
                        // OID.2.5.4.97=PSDCZ-CNB-48136450 => 2.5.4.97
                        psd2License = val;
                        break;
                    }
            }
        }
        return new CertInfo(serialNumber, commonName, psd2License, organization, street, city, zipCode, region, country, website, psd2Mandates);
    } catch (Throwable e) {
        // catch all errors that can occur
        throw new CertificateException("Unable to extract PSD2 mandates.");
    }
}

Example 10 with ASN1ObjectIdentifier

use of com.unboundid.asn1.ASN1ObjectIdentifier in project ldapsdk by pingidentity.

the class X509CertificateTestCase method testDecodeValidityMalformedNotBefore.

/**
 * Tests the behavior when trying to decode a certificate with a validity
 * sequence whose first element is neither a UTCTime nor a GeneralizedTime.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test(expectedExceptions = { CertException.class })
public void testDecodeValidityMalformedNotBefore() throws Exception {
    final long notBefore = System.currentTimeMillis();
    final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
    final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1OctetString("malformed notBefore"), new ASN1UTCTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]))), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
    new X509Certificate(valueSequence.encode());
}