Examples with ASN1ObjectIdentifier com.unboundid.asn1.ASN1ObjectIdentifier used on opensource projects

Search in sources :

Example 21 with ASN1ObjectIdentifier

use of com.unboundid.asn1.ASN1ObjectIdentifier in project ldapsdk by pingidentity.

the class X509CertificateTestCase method testDecodeSignatureAlgorithmMismatch.

/**
 * Tests the behavior when trying to decode a certificate with a mismatch in
 * the signature algorithm between the TBSCertificate and Certificate
 * sequences.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test(expectedExceptions = { CertException.class })
public void testDecodeSignatureAlgorithmMismatch() throws Exception {
    final long notBefore = System.currentTimeMillis();
    final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
    final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1GeneralizedTime(notBefore), new ASN1GeneralizedTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]))), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1OctetString());
    new X509Certificate(valueSequence.encode());
}
Also used : ASN1OctetString(com.unboundid.asn1.ASN1OctetString) ASN1BigInteger(com.unboundid.asn1.ASN1BigInteger) DN(com.unboundid.ldap.sdk.DN) ASN1GeneralizedTime(com.unboundid.asn1.ASN1GeneralizedTime) ASN1Integer(com.unboundid.asn1.ASN1Integer) OID(com.unboundid.util.OID) ASN1BitString(com.unboundid.asn1.ASN1BitString) ASN1Sequence(com.unboundid.asn1.ASN1Sequence) ASN1Element(com.unboundid.asn1.ASN1Element) ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier) ASN1Null(com.unboundid.asn1.ASN1Null) Test(org.testng.annotations.Test)

Example 22 with ASN1ObjectIdentifier

use of com.unboundid.asn1.ASN1ObjectIdentifier in project ldapsdk by pingidentity.

the class X509CertificateTestCase method testValidCertificateWithECKeyAllOptionalElements.

/**
 * Tests a valid X.509 certificate with an elliptic curve public key and all
 * optional elements, including all supported types of extensions (and an
 * unsupported type of extension).
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testValidCertificateWithECKeyAllOptionalElements() throws Exception {
    final long notBefore = System.currentTimeMillis();
    final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
    final EllipticCurvePublicKey publicKey = new EllipticCurvePublicKey(BigInteger.valueOf(1234567890L), BigInteger.valueOf(9876543210L));
    final boolean[] issuerUniqueIDBits = { true, false, true, false, true };
    final boolean[] subjectUniqueIDBits = { false, true, false, true, false };
    X509Certificate c = new X509Certificate(X509CertificateVersion.V3, BigInteger.valueOf(987654321L), SignatureAlgorithmIdentifier.SHA_256_WITH_ECDSA.getOID(), new ASN1Null(), new ASN1BitString(new boolean[256]), new DN("CN=Issuer,O=Example Corp,C=US"), notBefore, notAfter, new DN("CN=ldap.example.com,O=Example Corp,C=US"), PublicKeyAlgorithmIdentifier.EC.getOID(), new ASN1ObjectIdentifier(NamedCurve.SECP256R1.getOID()), publicKey.encode(), publicKey, new ASN1BitString(issuerUniqueIDBits), new ASN1BitString(subjectUniqueIDBits), new X509CertificateExtension(new OID("1.2.3.4"), true, "foo".getBytes("UTF-8")), new AuthorityKeyIdentifierExtension(false, new ASN1OctetString("authority-key-identifier"), null, null), new BasicConstraintsExtension(false, false, null), new CRLDistributionPointsExtension(false, Collections.singletonList(new CRLDistributionPoint(new GeneralNamesBuilder().addDNSName("crl.example.com").build(), null, null))), new ExtendedKeyUsageExtension(false, Arrays.asList(ExtendedKeyUsageID.TLS_SERVER_AUTHENTICATION.getOID(), ExtendedKeyUsageID.TLS_CLIENT_AUTHENTICATION.getOID())), new IssuerAlternativeNameExtension(false, new GeneralNamesBuilder().addDNSName("issuer.example.com").build()), new KeyUsageExtension(false, true, true, true, true, true, true, true, true, true), new SubjectAlternativeNameExtension(false, new GeneralNamesBuilder().addDNSName("ldap.example.com").build()), new SubjectKeyIdentifierExtension(false, new ASN1OctetString("subject-key-identifier")));
    assertNotNull(c.getX509CertificateBytes());
    c = new X509Certificate(c.encode().encode());
    assertNotNull(c.getVersion());
    assertEquals(c.getVersion(), X509CertificateVersion.V3);
    assertNotNull(c.getSerialNumber());
    assertEquals(c.getSerialNumber(), BigInteger.valueOf(987654321L));
    assertNotNull(c.getSignatureAlgorithmOID());
    assertEquals(c.getSignatureAlgorithmOID(), SignatureAlgorithmIdentifier.SHA_256_WITH_ECDSA.getOID());
    assertNotNull(c.getSignatureAlgorithmName());
    assertEquals(c.getSignatureAlgorithmName(), "SHA-256 with ECDSA");
    assertNotNull(c.getSignatureAlgorithmNameOrOID());
    assertEquals(c.getSignatureAlgorithmNameOrOID(), "SHA-256 with ECDSA");
    assertNotNull(c.getSignatureAlgorithmParameters());
    assertNotNull(c.getIssuerDN());
    assertEquals(c.getIssuerDN(), new DN("CN=Issuer,O=Example Corp,C=US"));
    // NOTE:  For some moronic reasons, certificates tend to use UTCTime instead
    // of generalized time when encoding notBefore and notAfter values, despite
    // the spec allowing either one, and despite UTCTime only supporting a
    // two-digit year and no sub-second component.  So we can't check for
    // exact equivalence  of the notBefore and notAfter values.  Instead, just
    // make sure that the values are within 2000 milliseconds of the expected
    // value.
    assertTrue(Math.abs(c.getNotBeforeTime() - notBefore) < 2000L);
    assertNotNull(c.getNotBeforeDate());
    assertEquals(c.getNotBeforeDate(), new Date(c.getNotBeforeTime()));
    assertTrue(Math.abs(c.getNotAfterTime() - notAfter) < 2000L);
    assertNotNull(c.getNotAfterDate());
    assertEquals(c.getNotAfterDate(), new Date(c.getNotAfterTime()));
    assertNotNull(c.getSubjectDN());
    assertEquals(c.getSubjectDN(), new DN("CN=ldap.example.com,O=Example Corp,C=US"));
    assertNotNull(c.getPublicKeyAlgorithmOID());
    assertEquals(c.getPublicKeyAlgorithmOID(), PublicKeyAlgorithmIdentifier.EC.getOID());
    assertNotNull(c.getPublicKeyAlgorithmName());
    assertEquals(c.getPublicKeyAlgorithmName(), "EC");
    assertNotNull(c.getPublicKeyAlgorithmNameOrOID());
    assertEquals(c.getPublicKeyAlgorithmNameOrOID(), "EC");
    assertNotNull(c.getPublicKeyAlgorithmParameters());
    assertEquals(c.getPublicKeyAlgorithmParameters().decodeAsObjectIdentifier().getOID(), NamedCurve.SECP256R1.getOID());
    assertNotNull(c.getEncodedPublicKey());
    assertNotNull(c.getDecodedPublicKey());
    assertTrue(c.getDecodedPublicKey() instanceof EllipticCurvePublicKey);
    assertNotNull(c.getIssuerUniqueID());
    assertTrue(Arrays.equals(c.getIssuerUniqueID().getBits(), issuerUniqueIDBits));
    assertNotNull(c.getSubjectUniqueID());
    assertTrue(Arrays.equals(c.getSubjectUniqueID().getBits(), subjectUniqueIDBits));
    final List<X509CertificateExtension> extensions = c.getExtensions();
    assertNotNull(extensions);
    assertFalse(extensions.isEmpty());
    assertEquals(extensions.size(), 9);
    assertEquals(extensions.get(0).getOID(), new OID("1.2.3.4"));
    assertTrue(extensions.get(1) instanceof AuthorityKeyIdentifierExtension);
    assertTrue(extensions.get(2) instanceof BasicConstraintsExtension);
    assertTrue(extensions.get(3) instanceof CRLDistributionPointsExtension);
    assertTrue(extensions.get(4) instanceof ExtendedKeyUsageExtension);
    assertTrue(extensions.get(5) instanceof IssuerAlternativeNameExtension);
    assertTrue(extensions.get(6) instanceof KeyUsageExtension);
    assertTrue(extensions.get(7) instanceof SubjectAlternativeNameExtension);
    assertTrue(extensions.get(8) instanceof SubjectKeyIdentifierExtension);
    assertNotNull(c.getSignatureValue());
    assertNotNull(c.toString());
    assertNotNull(c.toPEM());
    assertFalse(c.toPEM().isEmpty());
    assertNotNull(c.toPEMString());
    assertNotNull(c.getX509CertificateBytes());
    assertNotNull(c.getSHA1Fingerprint());
    assertNotNull(c.getSHA256Fingerprint());
    assertNotNull(c.toCertificate());
}
Also used : ASN1OctetString(com.unboundid.asn1.ASN1OctetString) DN(com.unboundid.ldap.sdk.DN) OID(com.unboundid.util.OID) ASN1BitString(com.unboundid.asn1.ASN1BitString) Date(java.util.Date) ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier) ASN1Null(com.unboundid.asn1.ASN1Null) Test(org.testng.annotations.Test)

Example 23 with ASN1ObjectIdentifier

use of com.unboundid.asn1.ASN1ObjectIdentifier in project ldapsdk by pingidentity.

the class X509CertificateTestCase method testDecodeSignatureAlgorithmElementNotSequence.

/**
 * Tests the behavior when trying to decode a certificate with a signature
 * algorithm element that is not a valid sequence.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test(expectedExceptions = { CertException.class })
public void testDecodeSignatureAlgorithmElementNotSequence() throws Exception {
    final long notBefore = System.currentTimeMillis();
    final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
    final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1OctetString("not a valid sequence"), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1UTCTime(notBefore), new ASN1UTCTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]))), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
    new X509Certificate(valueSequence.encode());
}
Also used : ASN1OctetString(com.unboundid.asn1.ASN1OctetString) ASN1UTCTime(com.unboundid.asn1.ASN1UTCTime) ASN1BigInteger(com.unboundid.asn1.ASN1BigInteger) DN(com.unboundid.ldap.sdk.DN) ASN1Integer(com.unboundid.asn1.ASN1Integer) OID(com.unboundid.util.OID) ASN1BitString(com.unboundid.asn1.ASN1BitString) ASN1Sequence(com.unboundid.asn1.ASN1Sequence) ASN1Element(com.unboundid.asn1.ASN1Element) ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier) ASN1Null(com.unboundid.asn1.ASN1Null) Test(org.testng.annotations.Test)

Example 24 with ASN1ObjectIdentifier

use of com.unboundid.asn1.ASN1ObjectIdentifier in project ldapsdk by pingidentity.

the class CRLDistributionPoint method encode.

/**
 * Encodes this CRL distribution point to an ASN.1 element.
 *
 * @return  The encoded CRL distribution point.
 *
 * @throws  CertException  If a problem is encountered while encoding this
 *                         CRL distribution point.
 */
@NotNull()
ASN1Element encode() throws CertException {
    final ArrayList<ASN1Element> elements = new ArrayList<>(3);
    ASN1Element distributionPointElement = null;
    if (fullName != null) {
        distributionPointElement = new ASN1Element(TYPE_FULL_NAME, fullName.encode().getValue());
    } else if (nameRelativeToCRLIssuer != null) {
        final Schema schema;
        try {
            schema = Schema.getDefaultStandardSchema();
        } catch (final Exception e) {
            Debug.debugException(e);
            throw new CertException(ERR_CRL_DP_ENCODE_CANNOT_GET_SCHEMA.get(toString(), String.valueOf(nameRelativeToCRLIssuer), StaticUtils.getExceptionMessage(e)), e);
        }
        final String[] names = nameRelativeToCRLIssuer.getAttributeNames();
        final String[] values = nameRelativeToCRLIssuer.getAttributeValues();
        final ArrayList<ASN1Element> rdnElements = new ArrayList<>(names.length);
        for (int i = 0; i < names.length; i++) {
            final AttributeTypeDefinition at = schema.getAttributeType(names[i]);
            if (at == null) {
                throw new CertException(ERR_CRL_DP_ENCODE_UNKNOWN_ATTR_TYPE.get(toString(), String.valueOf(nameRelativeToCRLIssuer), names[i]));
            }
            try {
                rdnElements.add(new ASN1Sequence(new ASN1ObjectIdentifier(at.getOID()), new ASN1UTF8String(values[i])));
            } catch (final Exception e) {
                Debug.debugException(e);
                throw new CertException(ERR_CRL_DP_ENCODE_ERROR.get(toString(), String.valueOf(nameRelativeToCRLIssuer), StaticUtils.getExceptionMessage(e)), e);
            }
        }
        distributionPointElement = new ASN1Set(TYPE_NAME_RELATIVE_TO_CRL_ISSUER, rdnElements);
    }
    if (distributionPointElement != null) {
        elements.add(new ASN1Element(TYPE_DISTRIBUTION_POINT, distributionPointElement.encode()));
    }
    if (!revocationReasons.equals(EnumSet.allOf(CRLDistributionPointRevocationReason.class))) {
        elements.add(CRLDistributionPointRevocationReason.toBitString(TYPE_REASONS, revocationReasons));
    }
    if (crlIssuer != null) {
        elements.add(new ASN1Element(TYPE_CRL_ISSUER, crlIssuer.encode().getValue()));
    }
    return new ASN1Sequence(elements);
}
Also used : AttributeTypeDefinition(com.unboundid.ldap.sdk.schema.AttributeTypeDefinition) ASN1Sequence(com.unboundid.asn1.ASN1Sequence) ASN1Set(com.unboundid.asn1.ASN1Set) ASN1UTF8String(com.unboundid.asn1.ASN1UTF8String) ASN1Element(com.unboundid.asn1.ASN1Element) Schema(com.unboundid.ldap.sdk.schema.Schema) ArrayList(java.util.ArrayList) ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier) NotNull(com.unboundid.util.NotNull)

Example 25 with ASN1ObjectIdentifier

use of com.unboundid.asn1.ASN1ObjectIdentifier in project OpenUnison by TremoloSecurity.

the class UpnExtractor method loadNTPrincipal.

private String loadNTPrincipal(X509Certificate[] certs) throws CertificateParsingException, IOException {
    X509Certificate cert = certs[0];
    Collection<List<?>> subjectAlternativeNames = cert.getSubjectAlternativeNames();
    if (subjectAlternativeNames != null && !subjectAlternativeNames.isEmpty()) {
        for (List<?> subjectAltName : subjectAlternativeNames) {
            if (((Integer) subjectAltName.get(0)) == GeneralName.otherName) {
                ASN1InputStream asn1Input = new ASN1InputStream((byte[]) subjectAltName.get(1));
                ASN1Primitive derObject = asn1Input.readObject();
                DLSequence seq = (DLSequence) derObject;
                ASN1ObjectIdentifier id = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0));
                if (id.getId().equals("1.3.6.1.4.1.311.20.2.3")) {
                    ASN1TaggedObject obj = (ASN1TaggedObject) seq.getObjectAt(1);
                    DERUTF8String str = null;
                    while (str == null) {
                        if (obj.getObject() instanceof DERTaggedObject) {
                            obj = (ASN1TaggedObject) obj.getObject();
                        } else if (obj.getObject() instanceof DERUTF8String) {
                            str = (DERUTF8String) obj.getObject();
                        } else {
                            asn1Input.close();
                            return null;
                        }
                    }
                    asn1Input.close();
                    return str.getString();
                }
            }
        }
    }
    return null;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DLSequence(org.bouncycastle.asn1.DLSequence) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) List(java.util.List) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) X509Certificate(java.security.cert.X509Certificate) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)545 IOException (java.io.IOException)155 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)126 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)87 DEROctetString (org.bouncycastle.asn1.DEROctetString)87 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)71 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)71 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)70 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)69 Enumeration (java.util.Enumeration)65 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)64 BigInteger (java.math.BigInteger)60 DERSequence (org.bouncycastle.asn1.DERSequence)60 ArrayList (java.util.ArrayList)55 HashSet (java.util.HashSet)52 DERIA5String (org.bouncycastle.asn1.DERIA5String)52 X500Name (org.bouncycastle.asn1.x500.X500Name)52 X509Certificate (java.security.cert.X509Certificate)49 Extension (org.bouncycastle.asn1.x509.Extension)46 ASN1String (org.bouncycastle.asn1.ASN1String)43
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial