Example 1 with Asn1Encodable
use of de.rub.nds.asn1.Asn1Encodable in project X-Road by nordic-institute.
the class DigestList method concatDigests.
/**
* Takes as input a sequence of hashes and combines them using DigestList
* data structure.
*/
static byte[] concatDigests(DigestValue... items) throws Exception {
ASN1Encodable[] digestList = new ASN1Encodable[items.length];
for (int i = 0; i < items.length; ++i) {
digestList[i] = singleDigest(items[i].getDigestMethod(), items[i].getDigestValue());
}
DERSequence step = new DERSequence(digestList);
return step.getEncoded(DER);
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Example 2 with Asn1Encodable
use of de.rub.nds.asn1.Asn1Encodable in project powerauth-webflow by wultra.
the class ICACertificateParser method parse.
/**
* Parse certificate in PEM format and return structured information about organization.
*
* @param certificatePem Certificate in PEM format.
* @return Structured certificate information.
* @throws CertificateException In case certificate cannot be parsed (or in rare case X.509 is not supported).
*/
public CertInfo parse(String certificatePem) throws CertificateException {
// Check for null certificate value
if (certificatePem == null) {
throw new CertificateException("Certificate in PEM format not found.");
}
// Handle the URL encoded certificates
if (certificatePem.startsWith("-----BEGIN%20CERTIFICATE-----")) {
// certificate is URL encoded by nginx.
try {
certificatePem = URLDecoder.decode(certificatePem, StandardCharsets.UTF_8.toString());
} catch (UnsupportedEncodingException e) {
throw new CertificateException("Unable to extract certificate in PEM format (nginx).");
}
}
// Replace spaces in Apache forwarded certificate by newlines correctly
certificatePem = certificatePem.replaceAll(" ", "\n").replace("-----BEGIN\nCERTIFICATE-----", "-----BEGIN CERTIFICATE-----").replace("-----END\nCERTIFICATE-----", "-----END CERTIFICATE-----");
final CertificateFactory cf = CertificateFactory.getInstance("X.509");
final ByteArrayInputStream bais = new ByteArrayInputStream(certificatePem.getBytes(StandardCharsets.UTF_8));
X509Certificate cert = (X509Certificate) cf.generateCertificate(bais);
try {
final byte[] qcStatement = cert.getExtensionValue("1.3.6.1.5.5.7.1.3");
if (qcStatement == null) {
throw new CertificateException("Unable to extract PSD2 mandates.");
}
final ASN1Primitive qcStatementAsn1Primitive = JcaX509ExtensionUtils.parseExtensionValue(qcStatement);
if (qcStatementAsn1Primitive == null) {
throw new CertificateException("Unable to extract PSD2 mandates from extension value.");
}
final DLSequence it = ((DLSequence) qcStatementAsn1Primitive);
Set<CertInfo.PSD2> psd2Mandates = new HashSet<>();
for (ASN1Encodable asn1Primitive : it) {
if (asn1Primitive instanceof DLSequence) {
DLSequence sequence = (DLSequence) asn1Primitive;
if (sequence.size() == 2) {
ASN1ObjectIdentifier id = (ASN1ObjectIdentifier) sequence.getObjectAt(0);
DLSequence mandates = (DLSequence) sequence.getObjectAt(1);
if (psd2.equals(id.getId())) {
for (ASN1Encodable mandate : mandates) {
if (mandate instanceof DLSequence) {
for (ASN1Encodable seq : (DLSequence) mandate) {
DLSequence a = (DLSequence) seq;
final ASN1ObjectIdentifier identifier = (ASN1ObjectIdentifier) ((DLSequence) seq).getObjectAt(0);
if (psp_as.equals(identifier.getId())) {
psd2Mandates.add(CertInfo.PSD2.PSP_AS);
}
if (psp_ai.equals(identifier.getId())) {
psd2Mandates.add(CertInfo.PSD2.PSP_AI);
}
if (psp_pi.equals(identifier.getId())) {
psd2Mandates.add(CertInfo.PSD2.PSP_PI);
}
if (psp_ic.equals(identifier.getId())) {
psd2Mandates.add(CertInfo.PSD2.PSP_IC);
}
}
}
}
}
}
}
}
final List<AVA> avaList = ((X500Name) cert.getSubjectDN()).allAvas();
String country = null;
String serialNumber = null;
String commonName = null;
String psd2License = null;
String organization = null;
String street = null;
String city = null;
String zipCode = null;
String region = null;
String website = null;
for (AVA ava : avaList) {
final String oid = ava.getObjectIdentifier().toString();
final String val = ava.getValueString();
switch(oid) {
case "2.5.4.6":
{
// C=CZ => 2.5.4.6
country = val;
break;
}
case "2.5.4.3":
{
// CN=cnb.cz => 2.5.4.3
commonName = val;
website = "https://" + val;
break;
}
case "2.5.4.10":
{
// O=ČESKÁ NÁRODNÍ BANKA => 2.5.4.10
organization = val;
break;
}
case "2.5.4.9":
{
// STREET=Na příkopě 864/28 => 2.5.4.9
street = val;
break;
}
case "2.5.4.7":
{
// L=Praha 1 => 2.5.4.7
city = val;
break;
}
case "2.5.4.17":
{
// OID.2.5.4.17=11000 => 2.5.4.17
zipCode = val;
break;
}
case "2.5.4.5":
{
// SERIALNUMBER=48136450 => 2.5.4.5
serialNumber = val;
break;
}
case "2.5.4.8":
{
// ST=Hlavní město Praha => 2.5.4.8
region = val;
break;
}
case "2.5.4.97":
{
// OID.2.5.4.97=PSDCZ-CNB-48136450 => 2.5.4.97
psd2License = val;
break;
}
}
}
return new CertInfo(serialNumber, commonName, psd2License, organization, street, city, zipCode, region, country, website, psd2Mandates);
} catch (Throwable e) {
// catch all errors that can occur
throw new CertificateException("Unable to extract PSD2 mandates.");
}
}
Also used :
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
CertificateException(java.security.cert.CertificateException)
X500Name(sun.security.x509.X500Name)
AVA(sun.security.x509.AVA)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
DLSequence(org.bouncycastle.asn1.DLSequence)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
HashSet(java.util.HashSet)
Example 3 with Asn1Encodable
use of de.rub.nds.asn1.Asn1Encodable in project OpenUnison by TremoloSecurity.
the class X509ExtensionParsingUtil method extractTaggedObjects.
/**
* Returns a {@link HashMap} whose keys represent the tags and whose values represent the values
* of a {@link DLSequence}.
*/
public static HashMap<Integer, ASN1Primitive> extractTaggedObjects(ASN1Sequence asn1Sequence) throws CertificateParsingException {
HashMap<Integer, ASN1Primitive> taggedObjects = new HashMap<Integer, ASN1Primitive>();
for (ASN1Encodable asn1EncodablePurpose : asn1Sequence.toArray()) {
if (asn1EncodablePurpose == null || !(asn1EncodablePurpose instanceof ASN1TaggedObject)) {
throw new CertificateParsingException("Expected DERTagged object");
}
ASN1TaggedObject asn1TaggedObject = (ASN1TaggedObject) asn1EncodablePurpose;
taggedObjects.put(Integer.valueOf(asn1TaggedObject.getTagNo()), asn1TaggedObject.getObject());
}
return taggedObjects;
}
Also used :
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
BigInteger(java.math.BigInteger)
CertificateParsingException(java.security.cert.CertificateParsingException)
HashMap(java.util.HashMap)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
Example 4 with Asn1Encodable
use of de.rub.nds.asn1.Asn1Encodable in project AttestationServer by GrapheneOS.
the class AttestationApplicationId method parseAttestationPackageInfos.
private List<AttestationPackageInfo> parseAttestationPackageInfos(ASN1Encodable asn1Encodable) throws CertificateParsingException {
if (!(asn1Encodable instanceof ASN1Set)) {
throw new CertificateParsingException("Expected set for AttestationApplicationsInfos, found " + asn1Encodable.getClass().getName());
}
ASN1Set set = (ASN1Set) asn1Encodable;
List<AttestationPackageInfo> result = new ArrayList<>();
for (ASN1Encodable e : set) {
result.add(new AttestationPackageInfo(e));
}
return result;
}
Also used :
CertificateParsingException(java.security.cert.CertificateParsingException)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
ArrayList(java.util.ArrayList)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Example 5 with Asn1Encodable
use of de.rub.nds.asn1.Asn1Encodable in project gdmatrix by gdmatrix.
the class P7MUtils method recoverTSTInfo.
public static TSTInfo recoverTSTInfo(ContentInfo contentInfo) throws IOException {
SignedData sd = SignedData.getInstance(contentInfo.getContent());
ASN1Encodable content = sd.getEncapContentInfo().getContent();
// TSTInfo tstInfo = new TSTInfo((ASN1Sequence)
// new ASN1InputStream(((DEROctetString)content).getOctets()).readObject());
TSTInfo tstInfo = TSTInfo.getInstance(((ASN1OctetString) content).getOctets());
return tstInfo;
}
Also used :
TSTInfo(org.bouncycastle.asn1.tsp.TSTInfo)
SignedData(org.bouncycastle.asn1.cms.SignedData)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Aggregations
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)209
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)89
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)76
IOException (java.io.IOException)63
ASN1Encodable (com.github.zhenwei.core.asn1.ASN1Encodable)58
DEROctetString (org.bouncycastle.asn1.DEROctetString)43
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)42
ArrayList (java.util.ArrayList)39
DERSequence (org.bouncycastle.asn1.DERSequence)35
BigInteger (java.math.BigInteger)31
ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)30
DERIA5String (org.bouncycastle.asn1.DERIA5String)30
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)29
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)29
X509Certificate (java.security.cert.X509Certificate)27
GeneralName (org.bouncycastle.asn1.x509.GeneralName)26
ASN1TaggedObject (org.bouncycastle.asn1.ASN1TaggedObject)23
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)22
HashSet (java.util.HashSet)22
X500Name (org.bouncycastle.asn1.x500.X500Name)22
