Example 6 with AttributeTypeAndValue
use of org.apache.harmony.security.x501.AttributeTypeAndValue in project XobotOS by xamarin.
the class DNParser method parse.
/**
* Parses DN
*
* @return a list of Relative Distinguished Names(RND),
* each RDN is represented as a list of AttributeTypeAndValue objects
*/
public List<List<AttributeTypeAndValue>> parse() throws IOException {
List<List<AttributeTypeAndValue>> list = new ArrayList<List<AttributeTypeAndValue>>();
String attType = nextAT();
if (attType == null) {
//empty list of RDNs
return list;
}
List<AttributeTypeAndValue> atav = new ArrayList<AttributeTypeAndValue>();
while (true) {
if (pos == chars.length) {
//empty Attribute Value
atav.add(new AttributeTypeAndValue(attType, new AttributeValue("", false)));
list.add(0, atav);
return list;
}
switch(chars[pos]) {
case '"':
atav.add(new AttributeTypeAndValue(attType, new AttributeValue(quotedAV(), hasQE)));
break;
case '#':
atav.add(new AttributeTypeAndValue(attType, new AttributeValue(hexAV(), encoded)));
break;
case '+':
case ',':
case // compatibility with RFC 1779: semicolon can separate RDNs
';':
//empty attribute value
atav.add(new AttributeTypeAndValue(attType, new AttributeValue("", false)));
break;
default:
atav.add(new AttributeTypeAndValue(attType, new AttributeValue(escapedAV(), hasQE)));
}
if (pos >= chars.length) {
list.add(0, atav);
return list;
}
if (chars[pos] == ',' || chars[pos] == ';') {
list.add(0, atav);
atav = new ArrayList<AttributeTypeAndValue>();
} else if (chars[pos] != '+') {
throw new IOException("Invalid distinguished name string");
}
pos++;
attType = nextAT();
if (attType == null) {
throw new IOException("Invalid distinguished name string");
}
}
}
Also used :
AttributeValue(org.apache.harmony.security.x501.AttributeValue)
ArrayList(java.util.ArrayList)
List(java.util.List)
ArrayList(java.util.ArrayList)
IOException(java.io.IOException)
AttributeTypeAndValue(org.apache.harmony.security.x501.AttributeTypeAndValue)
Example 7 with AttributeTypeAndValue
use of org.apache.harmony.security.x501.AttributeTypeAndValue in project j2objc by google.
the class DNParser method parse.
/**
* Parses DN
*
* @return a list of Relative Distinguished Names(RDN),
* each RDN is represented as a list of AttributeTypeAndValue objects
*/
public List<List<AttributeTypeAndValue>> parse() throws IOException {
List<List<AttributeTypeAndValue>> list = new ArrayList<List<AttributeTypeAndValue>>();
String attType = nextAT();
if (attType == null) {
//empty list of RDNs
return list;
}
ObjectIdentifier oid = AttributeTypeAndValue.getObjectIdentifier(attType);
List<AttributeTypeAndValue> atav = new ArrayList<AttributeTypeAndValue>();
while (true) {
if (pos == chars.length) {
//empty Attribute Value
atav.add(new AttributeTypeAndValue(oid, new AttributeValue("", false, oid)));
list.add(0, atav);
return list;
}
switch(chars[pos]) {
case '"':
atav.add(new AttributeTypeAndValue(oid, new AttributeValue(quotedAV(), hasQE, oid)));
break;
case '#':
atav.add(new AttributeTypeAndValue(oid, new AttributeValue(hexAV(), encoded)));
break;
case '+':
case ',':
case // compatibility with RFC 1779: semicolon can separate RDNs
';':
//empty attribute value
atav.add(new AttributeTypeAndValue(oid, new AttributeValue("", false, oid)));
break;
default:
atav.add(new AttributeTypeAndValue(oid, new AttributeValue(escapedAV(), hasQE, oid)));
}
if (pos >= chars.length) {
list.add(0, atav);
return list;
}
if (chars[pos] == ',' || chars[pos] == ';') {
list.add(0, atav);
atav = new ArrayList<AttributeTypeAndValue>();
} else if (chars[pos] != '+') {
throw new IOException("Invalid distinguished name string");
}
pos++;
attType = nextAT();
if (attType == null) {
throw new IOException("Invalid distinguished name string");
}
oid = AttributeTypeAndValue.getObjectIdentifier(attType);
}
}
Also used :
AttributeValue(org.apache.harmony.security.x501.AttributeValue)
ArrayList(java.util.ArrayList)
List(java.util.List)
ArrayList(java.util.ArrayList)
IOException(java.io.IOException)
AttributeTypeAndValue(org.apache.harmony.security.x501.AttributeTypeAndValue)
ObjectIdentifier(org.apache.harmony.security.utils.ObjectIdentifier)
Example 8 with AttributeTypeAndValue
use of org.apache.harmony.security.x501.AttributeTypeAndValue in project XobotOS by xamarin.
the class JarUtils method verifySignature.
/**
* This method handle all the work with PKCS7, ASN1 encoding, signature verifying,
* and certification path building.
* See also PKCS #7: Cryptographic Message Syntax Standard:
* http://www.ietf.org/rfc/rfc2315.txt
* @param signature - the input stream of signature file to be verified
* @param signatureBlock - the input stream of corresponding signature block file
* @return array of certificates used to verify the signature file
* @throws IOException - if some errors occurs during reading from the stream
* @throws GeneralSecurityException - if signature verification process fails
*/
public static Certificate[] verifySignature(InputStream signature, InputStream signatureBlock) throws IOException, GeneralSecurityException {
BerInputStream bis = new BerInputStream(signatureBlock);
ContentInfo info = (ContentInfo) ContentInfo.ASN1.decode(bis);
SignedData signedData = info.getSignedData();
if (signedData == null) {
throw new IOException("No SignedData found");
}
Collection<org.apache.harmony.security.x509.Certificate> encCerts = signedData.getCertificates();
if (encCerts.isEmpty()) {
return null;
}
X509Certificate[] certs = new X509Certificate[encCerts.size()];
int i = 0;
for (org.apache.harmony.security.x509.Certificate encCert : encCerts) {
certs[i++] = new X509CertImpl(encCert);
}
List<SignerInfo> sigInfos = signedData.getSignerInfos();
SignerInfo sigInfo;
if (!sigInfos.isEmpty()) {
sigInfo = sigInfos.get(0);
} else {
return null;
}
// Issuer
X500Principal issuer = sigInfo.getIssuer();
// Certificate serial number
BigInteger snum = sigInfo.getSerialNumber();
// Locate the certificate
int issuerSertIndex = 0;
for (i = 0; i < certs.length; i++) {
if (issuer.equals(certs[i].getIssuerDN()) && snum.equals(certs[i].getSerialNumber())) {
issuerSertIndex = i;
break;
}
}
if (i == certs.length) {
// No issuer certificate found
return null;
}
if (certs[issuerSertIndex].hasUnsupportedCriticalExtension()) {
throw new SecurityException("Can not recognize a critical extension");
}
// Get Signature instance
Signature sig = null;
String da = sigInfo.getDigestAlgorithm();
String dea = sigInfo.getDigestEncryptionAlgorithm();
String alg = null;
if (da != null && dea != null) {
alg = da + "with" + dea;
try {
sig = OpenSSLSignature.getInstance(alg);
} catch (NoSuchAlgorithmException e) {
}
}
if (sig == null) {
alg = da;
if (alg == null) {
return null;
}
try {
sig = OpenSSLSignature.getInstance(alg);
} catch (NoSuchAlgorithmException e) {
return null;
}
}
sig.initVerify(certs[issuerSertIndex]);
// If the authenticatedAttributes field of SignerInfo contains more than zero attributes,
// compute the message digest on the ASN.1 DER encoding of the Attributes value.
// Otherwise, compute the message digest on the data.
List<AttributeTypeAndValue> atr = sigInfo.getAuthenticatedAttributes();
byte[] sfBytes = new byte[signature.available()];
signature.read(sfBytes);
if (atr == null) {
sig.update(sfBytes);
} else {
sig.update(sigInfo.getEncodedAuthenticatedAttributes());
// If the authenticatedAttributes field contains the message-digest attribute,
// verify that it equals the computed digest of the signature file
byte[] existingDigest = null;
for (AttributeTypeAndValue a : atr) {
if (Arrays.equals(a.getType().getOid(), MESSAGE_DIGEST_OID)) {
//TODO value existingDigest = a.AttributeValue;
}
}
if (existingDigest != null) {
MessageDigest md = MessageDigest.getInstance(sigInfo.getDigestAlgorithm());
byte[] computedDigest = md.digest(sfBytes);
if (!Arrays.equals(existingDigest, computedDigest)) {
throw new SecurityException("Incorrect MD");
}
}
}
if (!sig.verify(sigInfo.getEncryptedDigest())) {
throw new SecurityException("Incorrect signature");
}
return createChain(certs[issuerSertIndex], certs);
}
Also used :
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ContentInfo(org.apache.harmony.security.pkcs7.ContentInfo)
X509CertImpl(org.apache.harmony.security.provider.cert.X509CertImpl)
BerInputStream(org.apache.harmony.security.asn1.BerInputStream)
MessageDigest(java.security.MessageDigest)
SignedData(org.apache.harmony.security.pkcs7.SignedData)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
AttributeTypeAndValue(org.apache.harmony.security.x501.AttributeTypeAndValue)
SignerInfo(org.apache.harmony.security.pkcs7.SignerInfo)
Signature(java.security.Signature)
OpenSSLSignature(org.apache.harmony.xnet.provider.jsse.OpenSSLSignature)
X500Principal(javax.security.auth.x500.X500Principal)
BigInteger(java.math.BigInteger)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 9 with AttributeTypeAndValue
use of org.apache.harmony.security.x501.AttributeTypeAndValue in project jmeter by apache.
the class SMIMEAssertion method getEmailFromCert.
/**
* Extract email addresses from a certificate
*
* @param cert the X509 certificate holder
* @return a List of all email addresses found
* @throws CertificateException
*/
private static List<String> getEmailFromCert(X509CertificateHolder cert) throws CertificateException {
List<String> res = new ArrayList<>();
X500Name subject = cert.getSubject();
for (RDN emails : subject.getRDNs(BCStyle.EmailAddress)) {
for (AttributeTypeAndValue emailAttr : emails.getTypesAndValues()) {
if (log.isDebugEnabled()) {
log.debug("Add email from RDN: {}", IETFUtils.valueToString(emailAttr.getValue()));
}
res.add(IETFUtils.valueToString(emailAttr.getValue()));
}
}
Extension subjectAlternativeNames = cert.getExtension(Extension.subjectAlternativeName);
if (subjectAlternativeNames != null) {
for (GeneralName name : GeneralNames.getInstance(subjectAlternativeNames.getParsedValue()).getNames()) {
if (name.getTagNo() == GeneralName.rfc822Name) {
String email = IETFUtils.valueToString(name.getName());
log.debug("Add email from subjectAlternativeName: {}", email);
res.add(email);
}
}
}
return res;
}
Also used :
Extension(org.bouncycastle.asn1.x509.Extension)
ArrayList(java.util.ArrayList)
X500Name(org.bouncycastle.asn1.x500.X500Name)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
RDN(org.bouncycastle.asn1.x500.RDN)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
Aggregations
IOException (java.io.IOException)7
AttributeTypeAndValue (org.apache.harmony.security.x501.AttributeTypeAndValue)6
ArrayList (java.util.ArrayList)5
List (java.util.List)4
BigInteger (java.math.BigInteger)3
GeneralSecurityException (java.security.GeneralSecurityException)3
MessageDigest (java.security.MessageDigest)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
Signature (java.security.Signature)3
Certificate (java.security.cert.Certificate)3
X509Certificate (java.security.cert.X509Certificate)3
X500Principal (javax.security.auth.x500.X500Principal)3
BerInputStream (org.apache.harmony.security.asn1.BerInputStream)3
ContentInfo (org.apache.harmony.security.pkcs7.ContentInfo)3
SignedData (org.apache.harmony.security.pkcs7.SignedData)3
SignerInfo (org.apache.harmony.security.pkcs7.SignerInfo)3
AttributeValue (org.apache.harmony.security.x501.AttributeValue)3
AttributeTypeAndValue (org.bouncycastle.asn1.x500.AttributeTypeAndValue)3
RDN (org.bouncycastle.asn1.x500.RDN)3
X500Name (org.bouncycastle.asn1.x500.X500Name)3
