Example 51 with ASN1InputStream
use of org.bouncycastle.asn1.ASN1InputStream in project XobotOS by xamarin.
the class JDKX509CertificateFactory method engineGenerateCertificate.
/**
* Generates a certificate object and initializes it with the data
* read from the input stream inStream.
*/
public Certificate engineGenerateCertificate(InputStream in) throws CertificateException {
if (currentStream == null) {
currentStream = in;
sData = null;
sDataObjectCount = 0;
} else if (// reset if input stream has changed
currentStream != in) {
currentStream = in;
sData = null;
sDataObjectCount = 0;
}
try {
if (sData != null) {
if (sDataObjectCount != sData.size()) {
return getCertificate();
} else {
sData = null;
sDataObjectCount = 0;
return null;
}
}
int limit = ProviderUtil.getReadLimit(in);
PushbackInputStream pis = new PushbackInputStream(in);
int tag = pis.read();
if (tag == -1) {
return null;
}
pis.unread(tag);
if (// assume ascii PEM encoded.
tag != 0x30) {
return readPEMCertificate(pis);
} else {
return readDERCertificate(new ASN1InputStream(pis, limit));
}
} catch (Exception e) {
throw new CertificateException(e);
}
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
PushbackInputStream(java.io.PushbackInputStream)
CertificateException(java.security.cert.CertificateException)
CertificateParsingException(java.security.cert.CertificateParsingException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
CRLException(java.security.cert.CRLException)
Example 52 with ASN1InputStream
use of org.bouncycastle.asn1.ASN1InputStream in project XobotOS by xamarin.
the class PKCS12BagAttributeCarrierImpl method readObject.
public void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException {
Object obj = in.readObject();
if (obj instanceof Hashtable) {
this.pkcs12Attributes = (Hashtable) obj;
this.pkcs12Ordering = (Vector) in.readObject();
} else {
ASN1InputStream aIn = new ASN1InputStream((byte[]) obj);
DERObjectIdentifier oid;
while ((oid = (DERObjectIdentifier) aIn.readObject()) != null) {
this.setBagAttribute(oid, aIn.readObject());
}
}
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
Hashtable(java.util.Hashtable)
DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)
Example 53 with ASN1InputStream
use of org.bouncycastle.asn1.ASN1InputStream in project XobotOS by xamarin.
the class CertPathValidatorUtilities method getCRLIssuersFromDistributionPoint.
/**
* Add the CRL issuers from the cRLIssuer field of the distribution point or
* from the certificate if not given to the issuer criterion of the
* <code>selector</code>.
* <p>
* The <code>issuerPrincipals</code> are a collection with a single
* <code>X500Principal</code> for <code>X509Certificate</code>s. For
* {@link X509AttributeCertificate}s the issuer may contain more than one
* <code>X500Principal</code>.
*
* @param dp The distribution point.
* @param issuerPrincipals The issuers of the certificate or attribute
* certificate which contains the distribution point.
* @param selector The CRL selector.
* @param pkixParams The PKIX parameters containing the cert stores.
* @throws AnnotatedException if an exception occurs while processing.
* @throws ClassCastException if <code>issuerPrincipals</code> does not
* contain only <code>X500Principal</code>s.
*/
protected static void getCRLIssuersFromDistributionPoint(DistributionPoint dp, Collection issuerPrincipals, X509CRLSelector selector, ExtendedPKIXParameters pkixParams) throws AnnotatedException {
List issuers = new ArrayList();
// indirect CRL
if (dp.getCRLIssuer() != null) {
GeneralName[] genNames = dp.getCRLIssuer().getNames();
// look for a DN
for (int j = 0; j < genNames.length; j++) {
if (genNames[j].getTagNo() == GeneralName.directoryName) {
try {
issuers.add(new X500Principal(genNames[j].getName().getDERObject().getEncoded()));
} catch (IOException e) {
throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e);
}
}
}
} else {
/*
* certificate issuer is CRL issuer, distributionPoint field MUST be
* present.
*/
if (dp.getDistributionPoint() == null) {
throw new AnnotatedException("CRL issuer is omitted from distribution point but no distributionPoint field present.");
}
// add and check issuer principals
for (Iterator it = issuerPrincipals.iterator(); it.hasNext(); ) {
issuers.add((X500Principal) it.next());
}
}
// TODO: is not found although this should correctly add the rel name. selector of Sun is buggy here or PKI test case is invalid
// distributionPoint
// if (dp.getDistributionPoint() != null)
// {
// // look for nameRelativeToCRLIssuer
// if (dp.getDistributionPoint().getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER)
// {
// // append fragment to issuer, only one
// // issuer can be there, if this is given
// if (issuers.size() != 1)
// {
// throw new AnnotatedException(
// "nameRelativeToCRLIssuer field is given but more than one CRL issuer is given.");
// }
// DEREncodable relName = dp.getDistributionPoint().getName();
// Iterator it = issuers.iterator();
// List issuersTemp = new ArrayList(issuers.size());
// while (it.hasNext())
// {
// Enumeration e = null;
// try
// {
// e = ASN1Sequence.getInstance(
// new ASN1InputStream(((X500Principal) it.next())
// .getEncoded()).readObject()).getObjects();
// }
// catch (IOException ex)
// {
// throw new AnnotatedException(
// "Cannot decode CRL issuer information.", ex);
// }
// ASN1EncodableVector v = new ASN1EncodableVector();
// while (e.hasMoreElements())
// {
// v.add((DEREncodable) e.nextElement());
// }
// v.add(relName);
// issuersTemp.add(new X500Principal(new DERSequence(v)
// .getDEREncoded()));
// }
// issuers.clear();
// issuers.addAll(issuersTemp);
// }
// }
Iterator it = issuers.iterator();
while (it.hasNext()) {
try {
selector.addIssuerName(((X500Principal) it.next()).getEncoded());
} catch (IOException ex) {
throw new AnnotatedException("Cannot decode CRL issuer information.", ex);
}
}
}
Also used :
ArrayList(java.util.ArrayList)
Iterator(java.util.Iterator)
X500Principal(javax.security.auth.x500.X500Principal)
List(java.util.List)
ArrayList(java.util.ArrayList)
CertificateList(org.bouncycastle.asn1.x509.CertificateList)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
IOException(java.io.IOException)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
Example 54 with ASN1InputStream
use of org.bouncycastle.asn1.ASN1InputStream in project XobotOS by xamarin.
the class RFC3280CertPathUtilities method checkCRLs.
/**
* Checks a certificate if it is revoked.
*
* @param paramsPKIX PKIX parameters.
* @param cert Certificate to check if it is revoked.
* @param validDate The date when the certificate revocation status should be
* checked.
* @param sign The issuer certificate of the certificate <code>cert</code>.
* @param workingPublicKey The public key of the issuer certificate <code>sign</code>.
* @param certPathCerts The certificates of the certification path.
* @throws AnnotatedException if the certificate is revoked or the status cannot be checked
* or some error occurs.
*/
protected static void checkCRLs(ExtendedPKIXParameters paramsPKIX, X509Certificate cert, Date validDate, X509Certificate sign, PublicKey workingPublicKey, List certPathCerts) throws AnnotatedException {
AnnotatedException lastException = null;
CRLDistPoint crldp = null;
try {
crldp = CRLDistPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.CRL_DISTRIBUTION_POINTS));
} catch (Exception e) {
throw new AnnotatedException("CRL distribution point extension could not be read.", e);
}
try {
CertPathValidatorUtilities.addAdditionalStoresFromCRLDistributionPoint(crldp, paramsPKIX);
} catch (AnnotatedException e) {
throw new AnnotatedException("No additional CRL locations could be decoded from CRL distribution point extension.", e);
}
CertStatus certStatus = new CertStatus();
ReasonsMask reasonsMask = new ReasonsMask();
boolean validCrlFound = false;
// for each distribution point
if (crldp != null) {
DistributionPoint[] dps = null;
try {
dps = crldp.getDistributionPoints();
} catch (Exception e) {
throw new AnnotatedException("Distribution points could not be read.", e);
}
if (dps != null) {
for (int i = 0; i < dps.length && certStatus.getCertStatus() == CertStatus.UNREVOKED && !reasonsMask.isAllReasons(); i++) {
ExtendedPKIXParameters paramsPKIXClone = (ExtendedPKIXParameters) paramsPKIX.clone();
try {
checkCRL(dps[i], paramsPKIXClone, cert, validDate, sign, workingPublicKey, certStatus, reasonsMask, certPathCerts);
validCrlFound = true;
} catch (AnnotatedException e) {
lastException = e;
}
}
}
}
if (certStatus.getCertStatus() == CertStatus.UNREVOKED && !reasonsMask.isAllReasons()) {
try {
/*
* assume a DP with both the reasons and the cRLIssuer fields
* omitted and a distribution point name of the certificate
* issuer.
*/
DERObject issuer = null;
try {
issuer = new ASN1InputStream(CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert).getEncoded()).readObject();
} catch (Exception e) {
throw new AnnotatedException("Issuer from certificate for CRL could not be reencoded.", e);
}
DistributionPoint dp = new DistributionPoint(new DistributionPointName(0, new GeneralNames(new GeneralName(GeneralName.directoryName, issuer))), null, null);
ExtendedPKIXParameters paramsPKIXClone = (ExtendedPKIXParameters) paramsPKIX.clone();
checkCRL(dp, paramsPKIXClone, cert, validDate, sign, workingPublicKey, certStatus, reasonsMask, certPathCerts);
validCrlFound = true;
} catch (AnnotatedException e) {
lastException = e;
}
}
if (!validCrlFound) {
if (lastException instanceof AnnotatedException) {
throw lastException;
}
throw new AnnotatedException("No valid CRL found.", lastException);
}
if (certStatus.getCertStatus() != CertStatus.UNREVOKED) {
String message = "Certificate revocation after " + certStatus.getRevocationDate();
message += ", reason: " + crlReasons[certStatus.getCertStatus()];
throw new AnnotatedException(message);
}
if (!reasonsMask.isAllReasons() && certStatus.getCertStatus() == CertStatus.UNREVOKED) {
certStatus.setCertStatus(CertStatus.UNDETERMINED);
}
if (certStatus.getCertStatus() == CertStatus.UNDETERMINED) {
throw new AnnotatedException("Certificate status could not be determined.");
}
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
DERObject(org.bouncycastle.asn1.DERObject)
ExtendedPKIXParameters(org.bouncycastle.x509.ExtendedPKIXParameters)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
Example 55 with ASN1InputStream
use of org.bouncycastle.asn1.ASN1InputStream in project android_frameworks_base by DirtyUnicorns.
the class AndroidKeyStoreKeyPairGeneratorSpi method generateSelfSignedCertificateWithFakeSignature.
@SuppressWarnings("deprecation")
private X509Certificate generateSelfSignedCertificateWithFakeSignature(PublicKey publicKey) throws IOException, CertificateParsingException {
V3TBSCertificateGenerator tbsGenerator = new V3TBSCertificateGenerator();
ASN1ObjectIdentifier sigAlgOid;
AlgorithmIdentifier sigAlgId;
byte[] signature;
switch(mKeymasterAlgorithm) {
case KeymasterDefs.KM_ALGORITHM_EC:
sigAlgOid = X9ObjectIdentifiers.ecdsa_with_SHA256;
sigAlgId = new AlgorithmIdentifier(sigAlgOid);
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new DERInteger(0));
v.add(new DERInteger(0));
signature = new DERSequence().getEncoded();
break;
case KeymasterDefs.KM_ALGORITHM_RSA:
sigAlgOid = PKCSObjectIdentifiers.sha256WithRSAEncryption;
sigAlgId = new AlgorithmIdentifier(sigAlgOid, DERNull.INSTANCE);
signature = new byte[1];
break;
default:
throw new ProviderException("Unsupported key algorithm: " + mKeymasterAlgorithm);
}
try (ASN1InputStream publicKeyInfoIn = new ASN1InputStream(publicKey.getEncoded())) {
tbsGenerator.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(publicKeyInfoIn.readObject()));
}
tbsGenerator.setSerialNumber(new ASN1Integer(mSpec.getCertificateSerialNumber()));
X509Principal subject = new X509Principal(mSpec.getCertificateSubject().getEncoded());
tbsGenerator.setSubject(subject);
tbsGenerator.setIssuer(subject);
tbsGenerator.setStartDate(new Time(mSpec.getCertificateNotBefore()));
tbsGenerator.setEndDate(new Time(mSpec.getCertificateNotAfter()));
tbsGenerator.setSignature(sigAlgId);
TBSCertificate tbsCertificate = tbsGenerator.generateTBSCertificate();
ASN1EncodableVector result = new ASN1EncodableVector();
result.add(tbsCertificate);
result.add(sigAlgId);
result.add(new DERBitString(signature));
return new X509CertificateObject(Certificate.getInstance(new DERSequence(result)));
}
Also used :
ASN1InputStream(com.android.org.bouncycastle.asn1.ASN1InputStream)
ProviderException(java.security.ProviderException)
Time(com.android.org.bouncycastle.asn1.x509.Time)
DERBitString(com.android.org.bouncycastle.asn1.DERBitString)
ASN1Integer(com.android.org.bouncycastle.asn1.ASN1Integer)
AlgorithmIdentifier(com.android.org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DERInteger(com.android.org.bouncycastle.asn1.DERInteger)
DERSequence(com.android.org.bouncycastle.asn1.DERSequence)
X509CertificateObject(com.android.org.bouncycastle.jce.provider.X509CertificateObject)
X509Principal(com.android.org.bouncycastle.jce.X509Principal)
ASN1EncodableVector(com.android.org.bouncycastle.asn1.ASN1EncodableVector)
V3TBSCertificateGenerator(com.android.org.bouncycastle.asn1.x509.V3TBSCertificateGenerator)
TBSCertificate(com.android.org.bouncycastle.asn1.x509.TBSCertificate)
ASN1ObjectIdentifier(com.android.org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)53
IOException (java.io.IOException)44
CertificateParsingException (java.security.cert.CertificateParsingException)18
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)17
CertificateException (java.security.cert.CertificateException)16
Enumeration (java.util.Enumeration)16
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)14
CRLException (java.security.cert.CRLException)13
CertificateEncodingException (java.security.cert.CertificateEncodingException)13
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)13
NoSuchProviderException (java.security.NoSuchProviderException)11
InvalidKeyException (java.security.InvalidKeyException)10
SignatureException (java.security.SignatureException)10
CertificateExpiredException (java.security.cert.CertificateExpiredException)10
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)10
X509Certificate (java.security.cert.X509Certificate)9
List (java.util.List)9
ArrayList (java.util.ArrayList)8
ASN1InputStream (com.android.org.bouncycastle.asn1.ASN1InputStream)7
ByteArrayInputStream (java.io.ByteArrayInputStream)7
