Search in sources :

Example 1 with ASN1BitString

use of org.bouncycastle.asn1.ASN1BitString in project keystore-explorer by kaikramer.

the class Asn1Dump method dumpBitString.

private String dumpBitString(DERBitString asn1BitString) throws IOException {
    StringBuilder sb = new StringBuilder();
    byte[] bytes = asn1BitString.getBytes();
    sb.append(indentSequence.toString(indentLevel));
    sb.append("BIT STRING");
    try {
        String dump = dump(bytes);
        sb.append(", encapsulates:");
        sb.append(NEWLINE);
        sb.append(dump);
    } catch (Exception e) {
        sb.append("=");
        // print short bit strings as string of bits and long ones as hex dump
        if (bytes.length < 8) {
            sb.append(new BigInteger(1, bytes).toString(2));
        } else {
            sb.append(NEWLINE);
            sb.append(dumpHexClear(bytes));
        }
    }
    sb.append(NEWLINE);
    return sb.toString();
}
Also used : BigInteger(java.math.BigInteger) DERNumericString(org.bouncycastle.asn1.DERNumericString) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERGeneralString(org.bouncycastle.asn1.DERGeneralString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERT61String(org.bouncycastle.asn1.DERT61String) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERVisibleString(org.bouncycastle.asn1.DERVisibleString) ASN1String(org.bouncycastle.asn1.ASN1String) DERUniversalString(org.bouncycastle.asn1.DERUniversalString) ParseException(java.text.ParseException) IOException(java.io.IOException) CRLException(java.security.cert.CRLException) CertificateEncodingException(java.security.cert.CertificateEncodingException)

Example 2 with ASN1BitString

use of org.bouncycastle.asn1.ASN1BitString in project candlepin by candlepin.

the class X509CRLStreamWriter method write.

/**
 * Write a modified CRL to the given output stream.  This method will add each entry provided
 * via the add() method.
 *
 * @param out OutputStream to write to
 * @throws IOException if something goes wrong
 */
public void write(OutputStream out) throws IOException {
    if (!locked || !preScanned) {
        throw new IllegalStateException("The instance must be preScanned and locked before writing.");
    }
    if (emptyCrl) {
        /* An empty CRL is going to be missing the revokedCertificates sequence
             * and would require a lot of special casing during the streaming process.
             * Instead, it is easier to construct the CRL in the normal fashion using
             * BouncyCastle.  Performance should be acceptable as long as the number of
             * CRL entries being added are reasonable in number.  Something less than a
             * thousand or so should yield adequate performance.
             */
        writeToEmptyCrl(out);
        return;
    }
    originalLength = handleHeader(out);
    int tag;
    int tagNo;
    int length;
    while (originalLength > count.get()) {
        tag = readTag(crlIn, count);
        tagNo = readTagNumber(crlIn, tag, count);
        length = readLength(crlIn, count);
        byte[] entryBytes = new byte[length];
        readFullyAndTrack(crlIn, entryBytes, count);
        // We only need the serial number and not the rest of the stuff in the entry
        ASN1Integer serial = (ASN1Integer) new ASN1InputStream(entryBytes).readObject();
        if (deletedEntriesLength == 0 || !deletedEntries.contains(serial.getValue())) {
            writeTag(out, tag, tagNo, signer);
            writeLength(out, length, signer);
            writeValue(out, entryBytes, signer);
        }
    }
    // Write the new entries into the new CRL
    for (ASN1Sequence entry : newEntries) {
        writeBytes(out, entry.getEncoded(), signer);
    }
    // Copy the old extensions over
    if (newExtensions != null) {
        out.write(newExtensions);
        signer.getOutputStream().write(newExtensions, 0, newExtensions.length);
    }
    out.write(signingAlg.getEncoded());
    try {
        byte[] signature = signer.getSignature();
        ASN1BitString signatureBits = new DERBitString(signature);
        out.write(signatureBits.getEncoded());
    } catch (DataLengthException e) {
        throw new IOException("Could not sign", e);
    }
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DataLengthException(org.bouncycastle.crypto.DataLengthException) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) ASN1BitString(org.bouncycastle.asn1.ASN1BitString)

Example 3 with ASN1BitString

use of org.bouncycastle.asn1.ASN1BitString in project candlepin by candlepin.

the class X509CRLStreamWriter method preScan.

public synchronized X509CRLStreamWriter preScan(InputStream crlToChange, CRLEntryValidator validator) throws IOException {
    if (locked) {
        throw new IllegalStateException("Cannot modify a locked stream.");
    }
    if (preScanned) {
        throw new IllegalStateException("preScan has already been run.");
    }
    X509CRLEntryStream reaperStream = null;
    ASN1InputStream asn1In = null;
    try {
        reaperStream = new X509CRLEntryStream(crlToChange);
        if (!reaperStream.hasNext()) {
            emptyCrl = true;
            preScanned = true;
            return this;
        }
        while (reaperStream.hasNext()) {
            CRLEntry entry = reaperStream.next();
            if (validator != null && validator.shouldDelete(entry)) {
                // Get the serial number
                deletedEntries.add(entry.getUserCertificate().getValue());
                deletedEntriesLength += entry.getEncoded().length;
            }
        }
        /* At this point, crlToChange is at the point where the crlExtensions would
             * be.  RFC 5280 says that "Conforming CRL issuers are REQUIRED to include
             * the authority key identifier (Section 5.2.1) and the CRL number (Section 5.2.3)
             * extensions in all CRLs issued.
             */
        byte[] oldExtensions = null;
        ASN1Primitive o;
        asn1In = new ASN1InputStream(crlToChange);
        while ((o = asn1In.readObject()) != null) {
            if (o instanceof ASN1Sequence) {
                // Now we are at the signatureAlgorithm
                ASN1Sequence seq = (ASN1Sequence) o;
                if (seq.getObjectAt(0) instanceof ASN1ObjectIdentifier) {
                    // It's possible an algorithm has already been set using setSigningAlgorithm()
                    if (signingAlg == null) {
                        signingAlg = AlgorithmIdentifier.getInstance(seq);
                    }
                    try {
                        // Build the signer
                        this.signer = createContentSigner(signingAlg, key);
                    } catch (OperatorCreationException e) {
                        throw new IOException("Could not create ContentSigner for " + signingAlg.getAlgorithm());
                    }
                }
            } else if (o instanceof ASN1BitString) {
                oldSigLength = o.getEncoded().length;
            } else {
                if (oldExtensions != null) {
                    throw new IllegalStateException("Already read in CRL extensions.");
                }
                oldExtensions = o.getEncoded();
            }
        }
        if (oldExtensions == null) {
            /* v1 CRLs (defined in RFC 1422) don't require extensions but all new
                 * CRLs should be v2 (defined in RFC 5280).  In the extremely unlikely
                 * event that someone is working with a v1 CRL, we handle it here although
                 * we print a warning.
                 */
            preScanned = true;
            newExtensions = null;
            extensionsDelta = 0;
            log.warn("The CRL you are modifying is a version 1 CRL." + " Please investigate moving to a version 2 CRL by adding the CRL Number" + " and Authority Key Identifier extensions.");
            return this;
        }
        newExtensions = updateExtensions(oldExtensions);
        // newExtension and oldExtensions have already been converted to DER so any difference
        // in the length of the L bytes will be accounted for in the overall difference between
        // the length of the two byte arrays.
        extensionsDelta = newExtensions.length - oldExtensions.length;
    } finally {
        if (reaperStream != null) {
            reaperStream.close();
        }
        IOUtils.closeQuietly(asn1In);
    }
    preScanned = true;
    return this;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) CRLEntry(org.bouncycastle.asn1.x509.TBSCertList.CRLEntry) IOException(java.io.IOException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ASN1BitString(org.bouncycastle.asn1.ASN1BitString)

Aggregations

IOException (java.io.IOException)3 ASN1BitString (org.bouncycastle.asn1.ASN1BitString)2 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)2 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)2 DERBitString (org.bouncycastle.asn1.DERBitString)2 BigInteger (java.math.BigInteger)1 CRLException (java.security.cert.CRLException)1 CertificateEncodingException (java.security.cert.CertificateEncodingException)1 ParseException (java.text.ParseException)1 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)1 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)1 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)1 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)1 ASN1String (org.bouncycastle.asn1.ASN1String)1 DERBMPString (org.bouncycastle.asn1.DERBMPString)1 DERGeneralString (org.bouncycastle.asn1.DERGeneralString)1 DERIA5String (org.bouncycastle.asn1.DERIA5String)1 DERNumericString (org.bouncycastle.asn1.DERNumericString)1 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)1 DERT61String (org.bouncycastle.asn1.DERT61String)1