Search in sources :

Example 11 with ASN1Sequence

use of org.apache.harmony.security.asn1.ASN1Sequence in project XobotOS by xamarin.

the class RFC3280CertPathUtilities method prepareNextCertA.

protected static void prepareNextCertA(CertPath certPath, int index) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    //
    //
    // (a) check the policy mappings
    //
    ASN1Sequence pm = null;
    try {
        pm = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_MAPPINGS));
    } catch (AnnotatedException ex) {
        throw new ExtCertPathValidatorException("Policy mappings extension could not be decoded.", ex, certPath, index);
    }
    if (pm != null) {
        ASN1Sequence mappings = pm;
        for (int j = 0; j < mappings.size(); j++) {
            DERObjectIdentifier issuerDomainPolicy = null;
            DERObjectIdentifier subjectDomainPolicy = null;
            try {
                ASN1Sequence mapping = DERSequence.getInstance(mappings.getObjectAt(j));
                issuerDomainPolicy = DERObjectIdentifier.getInstance(mapping.getObjectAt(0));
                subjectDomainPolicy = DERObjectIdentifier.getInstance(mapping.getObjectAt(1));
            } catch (Exception e) {
                throw new ExtCertPathValidatorException("Policy mappings extension contents could not be decoded.", e, certPath, index);
            }
            if (RFC3280CertPathUtilities.ANY_POLICY.equals(issuerDomainPolicy.getId())) {
                throw new CertPathValidatorException("IssuerDomainPolicy is anyPolicy", null, certPath, index);
            }
            if (RFC3280CertPathUtilities.ANY_POLICY.equals(subjectDomainPolicy.getId())) {
                throw new CertPathValidatorException("SubjectDomainPolicy is anyPolicy,", null, certPath, index);
            }
        }
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) List(java.util.List) ArrayList(java.util.ArrayList) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) X509Certificate(java.security.cert.X509Certificate) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CertificateExpiredException(java.security.cert.CertificateExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException)

Example 12 with ASN1Sequence

use of org.apache.harmony.security.asn1.ASN1Sequence in project XobotOS by xamarin.

the class RFC3280CertPathUtilities method prepareNextCertI2.

protected static int prepareNextCertI2(CertPath certPath, int index, int policyMapping) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    //
    // (i)
    //
    ASN1Sequence pc = null;
    try {
        pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_CONSTRAINTS));
    } catch (Exception e) {
        throw new ExtCertPathValidatorException("Policy constraints extension cannot be decoded.", e, certPath, index);
    }
    int tmpInt;
    if (pc != null) {
        Enumeration policyConstraints = pc.getObjects();
        while (policyConstraints.hasMoreElements()) {
            try {
                ASN1TaggedObject constraint = ASN1TaggedObject.getInstance(policyConstraints.nextElement());
                if (constraint.getTagNo() == 1) {
                    tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
                    if (tmpInt < policyMapping) {
                        return tmpInt;
                    }
                    break;
                }
            } catch (IllegalArgumentException e) {
                throw new ExtCertPathValidatorException("Policy constraints extension contents cannot be decoded.", e, certPath, index);
            }
        }
    }
    return policyMapping;
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) Enumeration(java.util.Enumeration) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) List(java.util.List) ArrayList(java.util.ArrayList) X509Certificate(java.security.cert.X509Certificate) CertificateExpiredException(java.security.cert.CertificateExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)

Example 13 with ASN1Sequence

use of org.apache.harmony.security.asn1.ASN1Sequence in project Resurrection_packages_apps_Settings by ResurrectionRemix.

the class CertInstallerHelper method isCa.

private boolean isCa(X509Certificate cert) {
    try {
        byte[] asn1EncodedBytes = cert.getExtensionValue("2.5.29.19");
        if (asn1EncodedBytes == null) {
            return false;
        }
        DEROctetString derOctetString = (DEROctetString) new ASN1InputStream(asn1EncodedBytes).readObject();
        byte[] octets = derOctetString.getOctets();
        ASN1Sequence sequence = (ASN1Sequence) new ASN1InputStream(octets).readObject();
        return BasicConstraints.getInstance(sequence).isCA();
    } catch (IOException e) {
        return false;
    }
}
Also used : ASN1InputStream(com.android.org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(com.android.org.bouncycastle.asn1.ASN1Sequence) IOException(java.io.IOException) DEROctetString(com.android.org.bouncycastle.asn1.DEROctetString)

Example 14 with ASN1Sequence

use of org.apache.harmony.security.asn1.ASN1Sequence in project nhin-d by DirectProject.

the class CertGenerator method createCertFromCSR.

public static X509Certificate createCertFromCSR(PKCS10CertificationRequest certReq, CertCreateFields signerCert) throws Exception {
    certReq.verify();
    final CertificationRequestInfo reqInfo = certReq.getCertificationRequestInfo();
    final X509V3CertificateGenerator v1CertGen = new X509V3CertificateGenerator();
    final Calendar start = Calendar.getInstance();
    final Calendar end = Calendar.getInstance();
    end.add(Calendar.YEAR, 3);
    v1CertGen.setSerialNumber(BigInteger.valueOf(generatePositiveRandom()));
    // issuer is the parent cert
    v1CertGen.setIssuerDN(signerCert.getSignerCert().getSubjectX500Principal());
    v1CertGen.setNotBefore(start.getTime());
    v1CertGen.setNotAfter(end.getTime());
    v1CertGen.setSubjectDN(new X509Principal(reqInfo.getSubject().toString()));
    v1CertGen.setPublicKey(certReq.getPublicKey());
    v1CertGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
    final ASN1Set attributesAsn1Set = reqInfo.getAttributes();
    X509Extensions certificateRequestExtensions = null;
    for (int i = 0; i < attributesAsn1Set.size(); ++i) {
        // There should be only only one attribute in the set. (that is, only
        // the `Extension Request`, but loop through to find it properly)
        final DEREncodable derEncodable = attributesAsn1Set.getObjectAt(i);
        if (derEncodable instanceof DERSequence) {
            final Attribute attribute = new Attribute((DERSequence) attributesAsn1Set.getObjectAt(i));
            if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
                // The `Extension Request` attribute is present.
                final ASN1Set attributeValues = attribute.getAttrValues();
                // Assume that it is the first value of the set.
                if (attributeValues.size() >= 1) {
                    certificateRequestExtensions = new X509Extensions((ASN1Sequence) attributeValues.getObjectAt(0));
                // No need to search any more.
                //break;
                }
            }
        }
    }
    @SuppressWarnings("unchecked") Enumeration<DERObjectIdentifier> oids = certificateRequestExtensions.oids();
    while (oids.hasMoreElements()) {
        DERObjectIdentifier oid = oids.nextElement();
        X509Extension ex = certificateRequestExtensions.getExtension(oid);
        v1CertGen.addExtension(oid, ex.isCritical(), X509Extension.convertValueToObject(ex));
    }
    return v1CertGen.generate((PrivateKey) signerCert.getSignerKey(), CryptoExtensions.getJCEProviderName());
}
Also used : CertificationRequestInfo(org.bouncycastle.asn1.pkcs.CertificationRequestInfo) Attribute(org.bouncycastle.asn1.cms.Attribute) X509Extension(org.bouncycastle.asn1.x509.X509Extension) Calendar(java.util.Calendar) X509Extensions(org.bouncycastle.asn1.x509.X509Extensions) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator) DERSequence(org.bouncycastle.asn1.DERSequence) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1Set(org.bouncycastle.asn1.ASN1Set) X509Principal(org.bouncycastle.jce.X509Principal) DEREncodable(org.bouncycastle.asn1.DEREncodable)

Example 15 with ASN1Sequence

use of org.apache.harmony.security.asn1.ASN1Sequence in project XobotOS by xamarin.

the class PrivateKeyFactory method createKey.

/**
     * Create a private key parameter from the passed in PKCS8 PrivateKeyInfo object.
     * 
     * @param keyInfo the PrivateKeyInfo object containing the key material
     * @return a suitable private key parameter
     * @throws IOException on an error decoding the key
     */
public static AsymmetricKeyParameter createKey(PrivateKeyInfo keyInfo) throws IOException {
    AlgorithmIdentifier algId = keyInfo.getAlgorithmId();
    if (algId.getAlgorithm().equals(PKCSObjectIdentifiers.rsaEncryption)) {
        RSAPrivateKeyStructure keyStructure = new RSAPrivateKeyStructure((ASN1Sequence) keyInfo.getPrivateKey());
        return new RSAPrivateCrtKeyParameters(keyStructure.getModulus(), keyStructure.getPublicExponent(), keyStructure.getPrivateExponent(), keyStructure.getPrime1(), keyStructure.getPrime2(), keyStructure.getExponent1(), keyStructure.getExponent2(), keyStructure.getCoefficient());
    } else //      else if (algId.getObjectId().equals(X9ObjectIdentifiers.dhpublicnumber))
    if (algId.getObjectId().equals(PKCSObjectIdentifiers.dhKeyAgreement)) {
        DHParameter params = new DHParameter((ASN1Sequence) keyInfo.getAlgorithmId().getParameters());
        DERInteger derX = (DERInteger) keyInfo.getPrivateKey();
        BigInteger lVal = params.getL();
        int l = lVal == null ? 0 : lVal.intValue();
        DHParameters dhParams = new DHParameters(params.getP(), params.getG(), null, l);
        return new DHPrivateKeyParameters(derX.getValue(), dhParams);
    } else // END android-removed
    if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa)) {
        DERInteger derX = (DERInteger) keyInfo.getPrivateKey();
        DEREncodable de = keyInfo.getAlgorithmId().getParameters();
        DSAParameters parameters = null;
        if (de != null) {
            DSAParameter params = DSAParameter.getInstance(de.getDERObject());
            parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
        }
        return new DSAPrivateKeyParameters(derX.getValue(), parameters);
    } else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey)) {
        X962Parameters params = new X962Parameters((DERObject) keyInfo.getAlgorithmId().getParameters());
        ECDomainParameters dParams = null;
        if (params.isNamedCurve()) {
            DERObjectIdentifier oid = (DERObjectIdentifier) params.getParameters();
            X9ECParameters ecP = X962NamedCurves.getByOID(oid);
            if (ecP == null) {
                ecP = SECNamedCurves.getByOID(oid);
                if (ecP == null) {
                    ecP = NISTNamedCurves.getByOID(oid);
                // BEGIN android-removed
                // if (ecP == null)
                // {
                //     ecP = TeleTrusTNamedCurves.getByOID(oid);
                // }
                // END android-removed
                }
            }
            dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(), ecP.getH(), ecP.getSeed());
        } else {
            X9ECParameters ecP = new X9ECParameters((ASN1Sequence) params.getParameters());
            dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(), ecP.getH(), ecP.getSeed());
        }
        ECPrivateKeyStructure ec = new ECPrivateKeyStructure((ASN1Sequence) keyInfo.getPrivateKey());
        return new ECPrivateKeyParameters(ec.getKey(), dParams);
    } else {
        throw new RuntimeException("algorithm identifier in key not recognised");
    }
}
Also used : ECDomainParameters(org.bouncycastle.crypto.params.ECDomainParameters) DHParameters(org.bouncycastle.crypto.params.DHParameters) DHPrivateKeyParameters(org.bouncycastle.crypto.params.DHPrivateKeyParameters) X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters) ECPrivateKeyStructure(org.bouncycastle.asn1.sec.ECPrivateKeyStructure) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) DERInteger(org.bouncycastle.asn1.DERInteger) X962Parameters(org.bouncycastle.asn1.x9.X962Parameters) ECPrivateKeyParameters(org.bouncycastle.crypto.params.ECPrivateKeyParameters) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERObject(org.bouncycastle.asn1.DERObject) RSAPrivateKeyStructure(org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure) DEREncodable(org.bouncycastle.asn1.DEREncodable) DSAPrivateKeyParameters(org.bouncycastle.crypto.params.DSAPrivateKeyParameters) BigInteger(java.math.BigInteger) DSAParameter(org.bouncycastle.asn1.x509.DSAParameter) DHParameter(org.bouncycastle.asn1.pkcs.DHParameter) DSAParameters(org.bouncycastle.crypto.params.DSAParameters) RSAPrivateCrtKeyParameters(org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters)

Aggregations

ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)57 IOException (java.io.IOException)31 ArrayList (java.util.ArrayList)29 List (java.util.List)26 Enumeration (java.util.Enumeration)23 X509Certificate (java.security.cert.X509Certificate)22 ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)20 CertPathValidatorException (java.security.cert.CertPathValidatorException)18 CertificateExpiredException (java.security.cert.CertificateExpiredException)17 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)17 GeneralSecurityException (java.security.GeneralSecurityException)16 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)16 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)16 IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)16 DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)15 CertPathBuilderException (java.security.cert.CertPathBuilderException)14 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)13 Iterator (java.util.Iterator)10 HashSet (java.util.HashSet)9 Set (java.util.Set)9