Search in sources :

Example 6 with ASN1ObjectIdentifier

use of com.unboundid.asn1.ASN1ObjectIdentifier in project sshj by hierynomus.

the class DSAPrivateKeyInfoKeyPairConverter method getKeyPair.

/**
 * Get PEM Key Pair calculating DSA Public Key from DSA Private Key Information
 *
 * @param privateKeyInfo DSA Private Key Information
 * @return PEM Key Pair
 * @throws IOException Thrown on Public Key parsing failures
 */
@Override
public PEMKeyPair getKeyPair(final PrivateKeyInfo privateKeyInfo) throws IOException {
    Objects.requireNonNull(privateKeyInfo, "Private Key Info required");
    final AlgorithmIdentifier algorithmIdentifier = privateKeyInfo.getPrivateKeyAlgorithm();
    final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
    if (X9ObjectIdentifiers.id_dsa.equals(algorithm)) {
        logger.debug("DSA Algorithm Found [{}]", algorithm);
    } else {
        throw new IllegalArgumentException(String.format("DSA Algorithm OID required [%s]", algorithm));
    }
    final ASN1Integer encodedPublicKey = getEncodedPublicKey(privateKeyInfo);
    final SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algorithmIdentifier, encodedPublicKey);
    return new PEMKeyPair(subjectPublicKeyInfo, privateKeyInfo);
}
Also used : PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 7 with ASN1ObjectIdentifier

use of com.unboundid.asn1.ASN1ObjectIdentifier in project sshj by hierynomus.

the class ECDSAPrivateKeyInfoKeyPairConverter method getKeyPair.

/**
 * Get PEM Key Pair calculating ECDSA Public Key from ECDSA Private Key Information
 *
 * @param privateKeyInfo ECDSA Private Key Information
 * @return PEM Key Pair
 * @throws IOException Thrown on Public Key parsing failures
 */
@Override
public PEMKeyPair getKeyPair(final PrivateKeyInfo privateKeyInfo) throws IOException {
    Objects.requireNonNull(privateKeyInfo, "Private Key Info required");
    final AlgorithmIdentifier algorithmIdentifier = privateKeyInfo.getPrivateKeyAlgorithm();
    final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
    if (X9ObjectIdentifiers.id_ecPublicKey.equals(algorithm)) {
        logger.debug("ECDSA Algorithm Found [{}]", algorithm);
    } else {
        throw new IllegalArgumentException(String.format("ECDSA Algorithm OID required [%s]", algorithm));
    }
    final byte[] encodedPublicKey = getEncodedPublicKey(privateKeyInfo);
    final SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algorithmIdentifier, encodedPublicKey);
    return new PEMKeyPair(subjectPublicKeyInfo, privateKeyInfo);
}
Also used : PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 8 with ASN1ObjectIdentifier

use of com.unboundid.asn1.ASN1ObjectIdentifier in project sshj by hierynomus.

the class RSAPrivateKeyInfoKeyPairConverter method getKeyPair.

/**
 * Get PEM Key Pair parsing RSA Public Key attributes from RSA Private Key Information
 *
 * @param privateKeyInfo RSA Private Key Information
 * @return PEM Key Pair
 * @throws IOException Thrown on Public Key parsing failures
 */
@Override
public PEMKeyPair getKeyPair(final PrivateKeyInfo privateKeyInfo) throws IOException {
    Objects.requireNonNull(privateKeyInfo, "Private Key Info required");
    final AlgorithmIdentifier algorithmIdentifier = privateKeyInfo.getPrivateKeyAlgorithm();
    final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
    if (PKCSObjectIdentifiers.rsaEncryption.equals(algorithm)) {
        logger.debug("RSA Algorithm Found [{}]", algorithm);
    } else {
        throw new IllegalArgumentException(String.format("RSA Algorithm OID required [%s]", algorithm));
    }
    final RSAPublicKey rsaPublicKey = getRsaPublicKey(privateKeyInfo);
    final SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algorithmIdentifier, rsaPublicKey);
    return new PEMKeyPair(subjectPublicKeyInfo, privateKeyInfo);
}
Also used : RSAPublicKey(org.bouncycastle.asn1.pkcs.RSAPublicKey) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 9 with ASN1ObjectIdentifier

use of com.unboundid.asn1.ASN1ObjectIdentifier in project powerauth-webflow by wultra.

the class ICACertificateParser method parse.

/**
 * Parse certificate in PEM format and return structured information about organization.
 *
 * @param certificatePem Certificate in PEM format.
 * @return Structured certificate information.
 * @throws CertificateException In case certificate cannot be parsed (or in rare case X.509 is not supported).
 */
public CertInfo parse(String certificatePem) throws CertificateException {
    // Check for null certificate value
    if (certificatePem == null) {
        throw new CertificateException("Certificate in PEM format not found.");
    }
    // Handle the URL encoded certificates
    if (certificatePem.startsWith("-----BEGIN%20CERTIFICATE-----")) {
        // certificate is URL encoded by nginx.
        try {
            certificatePem = URLDecoder.decode(certificatePem, StandardCharsets.UTF_8.toString());
        } catch (UnsupportedEncodingException e) {
            throw new CertificateException("Unable to extract certificate in PEM format (nginx).");
        }
    }
    // Replace spaces in Apache forwarded certificate by newlines correctly
    certificatePem = certificatePem.replaceAll(" ", "\n").replace("-----BEGIN\nCERTIFICATE-----", "-----BEGIN CERTIFICATE-----").replace("-----END\nCERTIFICATE-----", "-----END CERTIFICATE-----");
    final CertificateFactory cf = CertificateFactory.getInstance("X.509");
    final ByteArrayInputStream bais = new ByteArrayInputStream(certificatePem.getBytes(StandardCharsets.UTF_8));
    X509Certificate cert = (X509Certificate) cf.generateCertificate(bais);
    try {
        final byte[] qcStatement = cert.getExtensionValue("1.3.6.1.5.5.7.1.3");
        if (qcStatement == null) {
            throw new CertificateException("Unable to extract PSD2 mandates.");
        }
        final ASN1Primitive qcStatementAsn1Primitive = JcaX509ExtensionUtils.parseExtensionValue(qcStatement);
        if (qcStatementAsn1Primitive == null) {
            throw new CertificateException("Unable to extract PSD2 mandates from extension value.");
        }
        final DLSequence it = ((DLSequence) qcStatementAsn1Primitive);
        Set<CertInfo.PSD2> psd2Mandates = new HashSet<>();
        for (ASN1Encodable asn1Primitive : it) {
            if (asn1Primitive instanceof DLSequence) {
                DLSequence sequence = (DLSequence) asn1Primitive;
                if (sequence.size() == 2) {
                    ASN1ObjectIdentifier id = (ASN1ObjectIdentifier) sequence.getObjectAt(0);
                    DLSequence mandates = (DLSequence) sequence.getObjectAt(1);
                    if (psd2.equals(id.getId())) {
                        for (ASN1Encodable mandate : mandates) {
                            if (mandate instanceof DLSequence) {
                                for (ASN1Encodable seq : (DLSequence) mandate) {
                                    DLSequence a = (DLSequence) seq;
                                    final ASN1ObjectIdentifier identifier = (ASN1ObjectIdentifier) ((DLSequence) seq).getObjectAt(0);
                                    if (psp_as.equals(identifier.getId())) {
                                        psd2Mandates.add(CertInfo.PSD2.PSP_AS);
                                    }
                                    if (psp_ai.equals(identifier.getId())) {
                                        psd2Mandates.add(CertInfo.PSD2.PSP_AI);
                                    }
                                    if (psp_pi.equals(identifier.getId())) {
                                        psd2Mandates.add(CertInfo.PSD2.PSP_PI);
                                    }
                                    if (psp_ic.equals(identifier.getId())) {
                                        psd2Mandates.add(CertInfo.PSD2.PSP_IC);
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
        final List<AVA> avaList = ((X500Name) cert.getSubjectDN()).allAvas();
        String country = null;
        String serialNumber = null;
        String commonName = null;
        String psd2License = null;
        String organization = null;
        String street = null;
        String city = null;
        String zipCode = null;
        String region = null;
        String website = null;
        for (AVA ava : avaList) {
            final String oid = ava.getObjectIdentifier().toString();
            final String val = ava.getValueString();
            switch(oid) {
                case "2.5.4.6":
                    {
                        // C=CZ => 2.5.4.6
                        country = val;
                        break;
                    }
                case "2.5.4.3":
                    {
                        // CN=cnb.cz => 2.5.4.3
                        commonName = val;
                        website = "https://" + val;
                        break;
                    }
                case "2.5.4.10":
                    {
                        // O=ČESKÁ NÁRODNÍ BANKA => 2.5.4.10
                        organization = val;
                        break;
                    }
                case "2.5.4.9":
                    {
                        // STREET=Na příkopě 864/28 => 2.5.4.9
                        street = val;
                        break;
                    }
                case "2.5.4.7":
                    {
                        // L=Praha 1 => 2.5.4.7
                        city = val;
                        break;
                    }
                case "2.5.4.17":
                    {
                        // OID.2.5.4.17=11000 => 2.5.4.17
                        zipCode = val;
                        break;
                    }
                case "2.5.4.5":
                    {
                        // SERIALNUMBER=48136450 => 2.5.4.5
                        serialNumber = val;
                        break;
                    }
                case "2.5.4.8":
                    {
                        // ST=Hlavní město Praha => 2.5.4.8
                        region = val;
                        break;
                    }
                case "2.5.4.97":
                    {
                        // OID.2.5.4.97=PSDCZ-CNB-48136450 => 2.5.4.97
                        psd2License = val;
                        break;
                    }
            }
        }
        return new CertInfo(serialNumber, commonName, psd2License, organization, street, city, zipCode, region, country, website, psd2Mandates);
    } catch (Throwable e) {
        // catch all errors that can occur
        throw new CertificateException("Unable to extract PSD2 mandates.");
    }
}
Also used : UnsupportedEncodingException(java.io.UnsupportedEncodingException) CertificateException(java.security.cert.CertificateException) X500Name(sun.security.x509.X500Name) AVA(sun.security.x509.AVA) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate) DLSequence(org.bouncycastle.asn1.DLSequence) ByteArrayInputStream(java.io.ByteArrayInputStream) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) HashSet(java.util.HashSet)

Example 10 with ASN1ObjectIdentifier

use of com.unboundid.asn1.ASN1ObjectIdentifier in project ldapsdk by pingidentity.

the class X509CertificateTestCase method testDecodeValidityMalformedNotBefore.

/**
 * Tests the behavior when trying to decode a certificate with a validity
 * sequence whose first element is neither a UTCTime nor a GeneralizedTime.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test(expectedExceptions = { CertException.class })
public void testDecodeValidityMalformedNotBefore() throws Exception {
    final long notBefore = System.currentTimeMillis();
    final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
    final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1OctetString("malformed notBefore"), new ASN1UTCTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]))), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
    new X509Certificate(valueSequence.encode());
}
Also used : ASN1OctetString(com.unboundid.asn1.ASN1OctetString) ASN1UTCTime(com.unboundid.asn1.ASN1UTCTime) ASN1BigInteger(com.unboundid.asn1.ASN1BigInteger) DN(com.unboundid.ldap.sdk.DN) ASN1Integer(com.unboundid.asn1.ASN1Integer) OID(com.unboundid.util.OID) ASN1BitString(com.unboundid.asn1.ASN1BitString) ASN1Sequence(com.unboundid.asn1.ASN1Sequence) ASN1Element(com.unboundid.asn1.ASN1Element) ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier) ASN1Null(com.unboundid.asn1.ASN1Null) Test(org.testng.annotations.Test)

Aggregations

ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)545 IOException (java.io.IOException)155 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)126 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)87 DEROctetString (org.bouncycastle.asn1.DEROctetString)87 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)71 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)71 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)70 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)69 Enumeration (java.util.Enumeration)65 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)64 BigInteger (java.math.BigInteger)60 DERSequence (org.bouncycastle.asn1.DERSequence)60 ArrayList (java.util.ArrayList)55 HashSet (java.util.HashSet)52 DERIA5String (org.bouncycastle.asn1.DERIA5String)52 X500Name (org.bouncycastle.asn1.x500.X500Name)52 X509Certificate (java.security.cert.X509Certificate)49 Extension (org.bouncycastle.asn1.x509.Extension)46 ASN1String (org.bouncycastle.asn1.ASN1String)43