Example 31 with ASN1Integer
use of org.bouncycastle.asn1.ASN1Integer in project keystore-explorer by kaikramer.
the class CryptoFileUtil method detectKeyStoreType.
/**
* Detect the KeyStore type contained in the supplied file.
*
* @param is
* Input stream to detect type for
* @return KeyStore type or null if none matched
* @throws IOException
* If an I/O problem occurred
*/
public static KeyStoreType detectKeyStoreType(InputStream is) throws IOException {
byte[] contents = ReadUtil.readFully(is);
try (DataInputStream dis = new DataInputStream(new ByteArrayInputStream(contents))) {
// If less than 4 bytes are available it isn't a KeyStore
if (dis.available() < 4) {
return null;
}
// Read first integer (4 bytes)
int i1 = dis.readInt();
// Test for JKS - starts with appropriate magic number
if (i1 == JKS_MAGIC_NUMBER) {
return JKS;
}
// Test for JCEKS - starts with appropriate magic number
if (i1 == JCEKS_MAGIC_NUMBER) {
return JCEKS;
}
// Both start with a version number of 0, 1 or 2
if ((i1 == 0) || (i1 == 1) || (i1 == 2)) {
if (contents.length < 26) {
// Insufficient bytes to be BKS or UBER
return null;
}
// Skip to 21st from last byte (file length minus 21 and the 4 bytes already read)
dis.skip(contents.length - 25);
// Read what may be the null byte
if (dis.readByte() == 0) {
// Found null byte - BKS/BKS-V1
if (i1 == 1) {
return BKS_V1;
} else {
return BKS;
}
} else {
// No null byte - UBER
return UBER;
}
}
}
// @formatter:off
/*
* Test for PKCS #12. ASN.1 should look like this:
*
* PFX ::= ASN1Sequence { version ASN1Integer {v3(3)}(v3,...), authSafe
* ContentInfo, macData MacData OPTIONAL
*/
// @formatter:on
ASN1Primitive pfx = null;
try {
pfx = ASN1Primitive.fromByteArray(contents);
} catch (IOException e) {
// if it cannot be parsed as ASN1, it is certainly not a pfx key store
return null;
}
// Is a sequence...
if ((pfx != null) && (pfx instanceof ASN1Sequence)) {
// Has two or three components...
ASN1Sequence sequence = (ASN1Sequence) pfx;
if ((sequence.size() == 2) || (sequence.size() == 3)) {
// ...the first of which is a version of 3
ASN1Encodable firstComponent = sequence.getObjectAt(0);
if (firstComponent instanceof ASN1Integer) {
ASN1Integer version = (ASN1Integer) firstComponent;
if (version.getValue().intValue() == 3) {
return PKCS12;
}
}
}
}
// KeyStore type not recognised
return null;
}
Also used :
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ByteArrayInputStream(java.io.ByteArrayInputStream)
IOException(java.io.IOException)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
DataInputStream(java.io.DataInputStream)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
Example 32 with ASN1Integer
use of org.bouncycastle.asn1.ASN1Integer in project xipki by xipki.
the class XmlX509CertprofileUtil method buildPolicyConstrains.
// method buildGeneralSubtree
public static ASN1Sequence buildPolicyConstrains(PolicyConstraints type) throws CertprofileException {
ParamUtil.requireNonNull("type", type);
Integer requireExplicitPolicy = type.getRequireExplicitPolicy();
if (requireExplicitPolicy != null && requireExplicitPolicy < 0) {
throw new CertprofileException("negative requireExplicitPolicy is not allowed: " + requireExplicitPolicy);
}
Integer inhibitPolicyMapping = type.getInhibitPolicyMapping();
if (inhibitPolicyMapping != null && inhibitPolicyMapping < 0) {
throw new CertprofileException("negative inhibitPolicyMapping is not allowed: " + inhibitPolicyMapping);
}
if (requireExplicitPolicy == null && inhibitPolicyMapping == null) {
return null;
}
final boolean explicit = false;
ASN1EncodableVector vec = new ASN1EncodableVector();
if (requireExplicitPolicy != null) {
vec.add(new DERTaggedObject(explicit, 0, new ASN1Integer(BigInteger.valueOf(requireExplicitPolicy))));
}
if (inhibitPolicyMapping != null) {
vec.add(new DERTaggedObject(explicit, 1, new ASN1Integer(BigInteger.valueOf(inhibitPolicyMapping))));
}
return new DERSequence(vec);
}
Also used :
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
BigInteger(java.math.BigInteger)
DERSequence(org.bouncycastle.asn1.DERSequence)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
Example 33 with ASN1Integer
use of org.bouncycastle.asn1.ASN1Integer in project xipki by xipki.
the class BaseX509Certprofile method checkPublicKey.
@Override
public SubjectPublicKeyInfo checkPublicKey(SubjectPublicKeyInfo publicKey) throws BadCertTemplateException {
ParamUtil.requireNonNull("publicKey", publicKey);
Map<ASN1ObjectIdentifier, KeyParametersOption> keyAlgorithms = getKeyAlgorithms();
if (CollectionUtil.isEmpty(keyAlgorithms)) {
return publicKey;
}
ASN1ObjectIdentifier keyType = publicKey.getAlgorithm().getAlgorithm();
if (!keyAlgorithms.containsKey(keyType)) {
throw new BadCertTemplateException("key type " + keyType.getId() + " is not permitted");
}
KeyParametersOption keyParamsOption = keyAlgorithms.get(keyType);
if (keyParamsOption instanceof AllowAllParametersOption) {
return publicKey;
} else if (keyParamsOption instanceof ECParamatersOption) {
ECParamatersOption ecOption = (ECParamatersOption) keyParamsOption;
// parameters
ASN1Encodable algParam = publicKey.getAlgorithm().getParameters();
ASN1ObjectIdentifier curveOid;
if (algParam instanceof ASN1ObjectIdentifier) {
curveOid = (ASN1ObjectIdentifier) algParam;
if (!ecOption.allowsCurve(curveOid)) {
throw new BadCertTemplateException(String.format("EC curve %s (OID: %s) is not allowed", AlgorithmUtil.getCurveName(curveOid), curveOid.getId()));
}
} else {
throw new BadCertTemplateException("only namedCurve EC public key is supported");
}
// point encoding
if (ecOption.pointEncodings() != null) {
byte[] keyData = publicKey.getPublicKeyData().getBytes();
if (keyData.length < 1) {
throw new BadCertTemplateException("invalid publicKeyData");
}
byte pointEncoding = keyData[0];
if (!ecOption.pointEncodings().contains(pointEncoding)) {
throw new BadCertTemplateException(String.format("not accepted EC point encoding '%s'", pointEncoding));
}
}
byte[] keyData = publicKey.getPublicKeyData().getBytes();
try {
checkEcSubjectPublicKeyInfo(curveOid, keyData);
} catch (BadCertTemplateException ex) {
throw ex;
} catch (Exception ex) {
LogUtil.warn(LOG, ex, "checkEcSubjectPublicKeyInfo");
throw new BadCertTemplateException(String.format("invalid public key: %s", ex.getMessage()));
}
return publicKey;
} else if (keyParamsOption instanceof RSAParametersOption) {
RSAParametersOption rsaOption = (RSAParametersOption) keyParamsOption;
ASN1Integer modulus;
try {
ASN1Sequence seq = ASN1Sequence.getInstance(publicKey.getPublicKeyData().getBytes());
modulus = ASN1Integer.getInstance(seq.getObjectAt(0));
} catch (IllegalArgumentException ex) {
throw new BadCertTemplateException("invalid publicKeyData");
}
int modulusLength = modulus.getPositiveValue().bitLength();
if ((rsaOption.allowsModulusLength(modulusLength))) {
return publicKey;
}
} else if (keyParamsOption instanceof DSAParametersOption) {
DSAParametersOption dsaOption = (DSAParametersOption) keyParamsOption;
ASN1Encodable params = publicKey.getAlgorithm().getParameters();
if (params == null) {
throw new BadCertTemplateException("null Dss-Parms is not permitted");
}
int plength;
int qlength;
try {
ASN1Sequence seq = ASN1Sequence.getInstance(params);
ASN1Integer rsaP = ASN1Integer.getInstance(seq.getObjectAt(0));
ASN1Integer rsaQ = ASN1Integer.getInstance(seq.getObjectAt(1));
plength = rsaP.getPositiveValue().bitLength();
qlength = rsaQ.getPositiveValue().bitLength();
} catch (IllegalArgumentException | ArrayIndexOutOfBoundsException ex) {
throw new BadCertTemplateException("illegal Dss-Parms");
}
boolean match = dsaOption.allowsPlength(plength);
if (match) {
match = dsaOption.allowsQlength(qlength);
}
if (match) {
return publicKey;
}
} else {
throw new RuntimeException(String.format("should not reach here, unknown KeyParametersOption %s", keyParamsOption));
}
throw new BadCertTemplateException("the given publicKey is not permitted");
}
Also used :
ECParamatersOption(org.xipki.ca.api.profile.KeyParametersOption.ECParamatersOption)
DSAParametersOption(org.xipki.ca.api.profile.KeyParametersOption.DSAParametersOption)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
KeyParametersOption(org.xipki.ca.api.profile.KeyParametersOption)
RSAParametersOption(org.xipki.ca.api.profile.KeyParametersOption.RSAParametersOption)
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
AllowAllParametersOption(org.xipki.ca.api.profile.KeyParametersOption.AllowAllParametersOption)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 34 with ASN1Integer
use of org.bouncycastle.asn1.ASN1Integer in project xipki by xipki.
the class AlgorithmUtil method createPSSRSAParams.
// CHECKSTYLE:SKIP
private static RSASSAPSSparams createPSSRSAParams(HashAlgo digestAlg) throws NoSuchAlgorithmException {
ParamUtil.requireNonNull("digestAlg", digestAlg);
int saltSize = digestAlg.getLength();
AlgorithmIdentifier digAlgId = new AlgorithmIdentifier(digestAlg.getOid(), DERNull.INSTANCE);
return new RSASSAPSSparams(digAlgId, new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, digAlgId), new ASN1Integer(saltSize), RSASSAPSSparams.DEFAULT_TRAILER_FIELD);
}
Also used :
RSASSAPSSparams(org.bouncycastle.asn1.pkcs.RSASSAPSSparams)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 35 with ASN1Integer
use of org.bouncycastle.asn1.ASN1Integer in project xipki by xipki.
the class SignerUtil method dsaSigPlainToX962.
// CHECKSTYLE:SKIP
public static byte[] dsaSigPlainToX962(byte[] signature) throws XiSecurityException {
ParamUtil.requireNonNull("signature", signature);
if (signature.length % 2 != 0) {
throw new XiSecurityException("signature.lenth must be even, but is odd");
}
byte[] ba = new byte[signature.length / 2];
ASN1EncodableVector sigder = new ASN1EncodableVector();
System.arraycopy(signature, 0, ba, 0, ba.length);
sigder.add(new ASN1Integer(new BigInteger(1, ba)));
System.arraycopy(signature, ba.length, ba, 0, ba.length);
sigder.add(new ASN1Integer(new BigInteger(1, ba)));
DERSequence seq = new DERSequence(sigder);
try {
return seq.getEncoded();
} catch (IOException ex) {
throw new XiSecurityException("IOException, message: " + ex.getMessage(), ex);
}
}
Also used :
XiSecurityException(org.xipki.security.exception.XiSecurityException)
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
BigInteger(java.math.BigInteger)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
Aggregations
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)121
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)54
BigInteger (java.math.BigInteger)49
DERSequence (org.bouncycastle.asn1.DERSequence)48
IOException (java.io.IOException)43
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)40
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)29
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)21
DEROctetString (org.bouncycastle.asn1.DEROctetString)21
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)20
ArrayList (java.util.ArrayList)18
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)17
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)15
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)15
X509Certificate (java.security.cert.X509Certificate)14
Date (java.util.Date)12
DLSequence (org.bouncycastle.asn1.DLSequence)12
ByteArrayInputStream (java.io.ByteArrayInputStream)11
KeyPair (java.security.KeyPair)11
HashMap (java.util.HashMap)11
