Search in sources :

Example 1 with Asn1Object

use of io.churchkey.asn1.Asn1Object in project OpenUnison by TremoloSecurity.

the class X509ExtensionParsingUtil method extractExtensionValue.

/**
 * Extract a {@link ASN1OctetString} that represents the value of a given extension
 *
 * @param cert is X509 certificate out of which an extension should be extracted
 * @param Oid is the Object IDentifier for the extension
 * @return a {@link ASN1OctetString} that represents an extension or {@code null} if no such
 * extension is found.
 * @throws CertificateParsingException if a parsing error occurs
 */
public static ASN1OctetString extractExtensionValue(X509Certificate cert, String Oid) throws CertificateParsingException {
    byte[] extensionValue = cert.getExtensionValue(Oid);
    if (extensionValue == null || extensionValue.length == 0) {
        // Did not find extension
        return null;
    }
    ASN1Object asn1Object = getAsn1Object(extensionValue);
    if (asn1Object == null || !(asn1Object instanceof ASN1OctetString)) {
        throw new CertificateParsingException("Expected ASN1OctetString.");
    }
    return (ASN1OctetString) asn1Object;
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) CertificateParsingException(java.security.cert.CertificateParsingException) ASN1Object(org.bouncycastle.asn1.ASN1Object)

Example 2 with Asn1Object

use of io.churchkey.asn1.Asn1Object in project OpenUnison by TremoloSecurity.

the class U2fAttestation method Parse.

/**
 * Parses a transport extension from an attestation certificate and returns
 * a List of HardwareFeatures supported by the security key. The specification of
 * the HardwareFeatures in the certificate should match their internal definition in
 * device_auth.proto
 *
 * <p>The expected transport extension value is a BIT STRING containing the enabled
 * transports:
 *
 *  <p>FIDOU2FTransports ::= BIT STRING {
 *       bluetoothRadio(0), -- Bluetooth Classic
 *       bluetoothLowEnergyRadio(1),
 *       uSB(2),
 *       nFC(3)
 *     }
 *
 *   <p>Note that the BIT STRING must be wrapped in an OCTET STRING.
 *   An extension that encodes BT, BLE, and NFC then looks as follows:
 *
 *   <p>SEQUENCE (2 elem)
 *      OBJECT IDENTIFIER 1.3.6.1.4.1.45724.2.1.1
 *      OCTET STRING (1 elem)
 *        BIT STRING (4 bits) 1101
 *
 * @param cert the certificate to parse for extension
 * @return the supported transports as a List of HardwareFeatures or null if no extension
 * was found
 * @throws CertificateParsingException
 */
public static U2fAttestation Parse(X509Certificate cert) throws CertificateParsingException {
    ASN1OctetString extValue = X509ExtensionParsingUtil.extractExtensionValue(cert, TRANSPORT_EXTENSION_OID);
    if (extValue == null) {
        // No Transport extension was found
        return new U2fAttestation(null);
    }
    // Read out the BitString
    ASN1Object asn1Object = X509ExtensionParsingUtil.getAsn1Object(extValue.getOctets());
    if (asn1Object == null || !(asn1Object instanceof DERBitString)) {
        throw new CertificateParsingException("No BitString found in transports extension");
    }
    DERBitString bitString = (DERBitString) asn1Object;
    byte[] values = bitString.getBytes();
    BitSet bitSet = BitSet.valueOf(values);
    // We might have more defined transports than used by the extension
    List<Transports> transports = new ArrayList<Transports>();
    for (int i = 0; i < BITS_IN_A_BYTE; i++) {
        if (bitSet.get(BITS_IN_A_BYTE - i - 1)) {
            transports.add(Transports.values()[i]);
        }
    }
    return new U2fAttestation(transports);
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) CertificateParsingException(java.security.cert.CertificateParsingException) Transports(com.google.u2f.server.data.SecurityKeyData.Transports) BitSet(java.util.BitSet) ArrayList(java.util.ArrayList) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1Object(org.bouncycastle.asn1.ASN1Object)

Example 3 with Asn1Object

use of io.churchkey.asn1.Asn1Object in project laverca by laverca.

the class Pkcs7 method bytesToPkcs7SignedData.

/**
 * Convert a byte array to a PKCS7 SignedData object
 * @param bytes byte array
 * @return PKCS7 SignedData object
 */
public static SignedData bytesToPkcs7SignedData(byte[] bytes) {
    if (bytes == null) {
        throw new IllegalArgumentException("null bytes");
    }
    ASN1InputStream ais = new ASN1InputStream(bytes);
    ASN1Object asn1 = null;
    try {
        asn1 = ais.readObject();
    } catch (IOException ioe) {
        throw new IllegalArgumentException("not a pkcs7 signature");
    } finally {
        try {
            ais.close();
        } catch (IOException e) {
        // Ignore
        }
    }
    ContentInfo ci = ContentInfo.getInstance(asn1);
    ASN1ObjectIdentifier typeId = ci.getContentType();
    if (!typeId.equals(PKCSObjectIdentifiers.signedData)) {
        throw new IllegalArgumentException("not a pkcs7 signature");
    }
    return SignedData.getInstance(ci.getContent());
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ContentInfo(org.bouncycastle.asn1.pkcs.ContentInfo) IOException(java.io.IOException) ASN1Object(org.bouncycastle.asn1.ASN1Object) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 4 with Asn1Object

use of io.churchkey.asn1.Asn1Object in project SpringRemote by HaleyWang.

the class X509Certificate method getExtensions.

public String getExtensions() {
    StringBuilder sb = new StringBuilder();
    try {
        Extensions es = certificate.tbsCertificate.extensions;
        for (int i = 0; i < es.getCount(); i++) {
            Extension e = (Extension) es.getComponent(i);
            String oid = e.extnID.getString();
            String crit = e.critical.getValue() ? "yes" : "no ";
            String val = null;
            ASN1Object o;
            try {
                o = getExtensionWithOID(oid, ASN1OIDRegistry.lookupType(oid));
                if (o != null)
                    val = o.toString();
                if (val != null && val.indexOf(':') == -1)
                    val = ASN1OIDRegistry.lookupName(oid) + ": " + val;
            } catch (Throwable tt) {
            }
            if (val == null) {
                try {
                    // Oh well... let's try with a generic string
                    o = getExtensionWithOID(oid, ASN1IA5String.class);
                    if (o != null)
                        val = o.toString();
                    if (val != null && val.indexOf(':') == -1)
                        val = ASN1OIDRegistry.lookupName(oid) + ": " + val;
                } catch (Throwable tt) {
                }
            }
            if (val == null) {
                val = ASN1OIDRegistry.lookupName(oid);
                if (val == null)
                    val = oid;
                val += ": ...";
            }
            sb.append("  critical: ").append(crit).append(" ").append(val).append("\n");
        }
    } catch (Throwable t) {
    }
    return sb.toString();
}
Also used : ASN1IA5String(com.mindbright.asn1.ASN1IA5String) ASN1IA5String(com.mindbright.asn1.ASN1IA5String) ASN1Object(com.mindbright.asn1.ASN1Object)

Example 5 with Asn1Object

use of io.churchkey.asn1.Asn1Object in project pdf-sign-check by spapas.

the class SigUtils method extractTimeStampTokenFromSignerInformation.

public static TimeStampToken extractTimeStampTokenFromSignerInformation(SignerInformation signerInformation) throws CMSException, IOException, TSPException {
    if (signerInformation.getUnsignedAttributes() == null) {
        return null;
    }
    AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes();
    // https://stackoverflow.com/questions/1647759/how-to-validate-if-a-signed-jar-contains-a-timestamp
    Attribute attribute = unsignedAttributes.get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken);
    if (attribute == null) {
        return null;
    }
    ASN1Object obj = (ASN1Object) attribute.getAttrValues().getObjectAt(0);
    CMSSignedData signedTSTData = new CMSSignedData(obj.getEncoded());
    return new TimeStampToken(signedTSTData);
}
Also used : Attribute(org.bouncycastle.asn1.cms.Attribute) AttributeTable(org.bouncycastle.asn1.cms.AttributeTable) ASN1Object(org.bouncycastle.asn1.ASN1Object) TimeStampToken(org.bouncycastle.tsp.TimeStampToken) CMSSignedData(org.bouncycastle.cms.CMSSignedData)

Aggregations

IOException (java.io.IOException)35 Asn1Object (com.android.hotspot2.asn1.Asn1Object)25 ASN1Object (org.bouncycastle.asn1.ASN1Object)20 ArrayList (java.util.ArrayList)16 Asn1Constructed (com.android.hotspot2.asn1.Asn1Constructed)15 HashMap (java.util.HashMap)15 Asn1Object (io.churchkey.asn1.Asn1Object)13 DerParser (io.churchkey.asn1.DerParser)12 X509Certificate (java.security.cert.X509Certificate)12 Asn1Integer (com.android.hotspot2.asn1.Asn1Integer)10 DERBitString (com.android.org.bouncycastle.asn1.DERBitString)10 DERIA5String (com.android.org.bouncycastle.asn1.DERIA5String)10 DERPrintableString (com.android.org.bouncycastle.asn1.DERPrintableString)10 ByteBuffer (java.nio.ByteBuffer)10 Key (io.churchkey.Key)8 ByteArrayInputStream (java.io.ByteArrayInputStream)7 I18Name (com.android.anqp.I18Name)5 Asn1Oid (com.android.hotspot2.asn1.Asn1Oid)5 Asn1String (com.android.hotspot2.asn1.Asn1String)5 OidMappings (com.android.hotspot2.asn1.OidMappings)5