Search in sources :

Example 71 with ASN1OctetString

use of org.bouncycastle.asn1.ASN1OctetString in project oxAuth by GluuFederation.

the class OCSPCertificateVerifier method getExtensionValue.

/**
	 * @param certificate
	 *            the certificate from which we need the ExtensionValue
	 * @param oid
	 *            the Object Identifier value for the extension.
	 * @return the extension value as an ASN1Primitive object
	 * @throws IOException
	 */
private static ASN1Primitive getExtensionValue(X509Certificate certificate, String oid) throws IOException {
    byte[] bytes = certificate.getExtensionValue(oid);
    if (bytes == null) {
        return null;
    }
    ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
    ASN1OctetString octs = (ASN1OctetString) aIn.readObject();
    aIn = new ASN1InputStream(new ByteArrayInputStream(octs.getOctets()));
    return aIn.readObject();
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ByteArrayInputStream(java.io.ByteArrayInputStream)

Example 72 with ASN1OctetString

use of org.bouncycastle.asn1.ASN1OctetString in project oxCore by GluuFederation.

the class OperationsFacade method search.

public SearchResult search(String dn, Filter filter, SearchScope scope, BatchOperation<?> batchOperation, int startIndex, int searchLimit, int sizeLimit, Control[] controls, String... attributes) throws LDAPSearchException {
    SearchRequest searchRequest;
    if (log.isTraceEnabled()) {
        // Find whole tree search
        if (StringHelper.equalsIgnoreCase(dn, "o=gluu")) {
            log.trace("Search in whole LDAP tree", new Exception());
        }
    }
    if (attributes == null) {
        searchRequest = new SearchRequest(dn, scope.getLdapSearchScope(), filter);
    } else {
        searchRequest = new SearchRequest(dn, scope.getLdapSearchScope(), filter, attributes);
    }
    boolean useSizeLimit = sizeLimit > 0;
    if (useSizeLimit) {
        // Use paged result to limit search
        searchLimit = sizeLimit;
    }
    SearchResult searchResult = null;
    List<SearchResult> searchResultList = new ArrayList<SearchResult>();
    List<SearchResultEntry> searchResultEntries = new ArrayList<SearchResultEntry>();
    List<SearchResultReference> searchResultReferences = new ArrayList<SearchResultReference>();
    if ((searchLimit > 0) || (startIndex > 0)) {
        if (searchLimit == 0) {
            // Default page size
            searchLimit = 100;
        }
        ASN1OctetString cookie = null;
        if (startIndex > 0) {
            try {
                cookie = scrollSimplePagedResultsControl(dn, filter, scope, controls, startIndex);
            } catch (InvalidSimplePageControlException ex) {
                throw new LDAPSearchException(ResultCode.OPERATIONS_ERROR, "Failed to scroll to specified startIndex", ex);
            }
        }
        if (batchOperation != null) {
            cookie = batchOperation.getCookie();
        }
        do {
            searchRequest.setControls(new Control[] { new SimplePagedResultsControl(searchLimit, cookie) });
            setControls(searchRequest, controls);
            if (batchOperation != null) {
                searchResult = batchOperation.getLdapConnection().search(searchRequest);
            } else {
                searchResult = getConnectionPool().search(searchRequest);
            }
            searchResultList.add(searchResult);
            searchResultEntries.addAll(searchResult.getSearchEntries());
            searchResultReferences.addAll(searchResult.getSearchReferences());
            cookie = null;
            try {
                SimplePagedResultsControl c = SimplePagedResultsControl.get(searchResult);
                if (c != null) {
                    cookie = c.getCookie();
                    if (batchOperation != null) {
                        batchOperation.setCookie(cookie);
                        batchOperation.setMoreResultsToReturn(c.moreResultsToReturn());
                    }
                }
            } catch (LDAPException ex) {
                log.error("Error while accessing cookies" + ex.getMessage());
            }
            if (useSizeLimit) {
                break;
            }
        } while ((cookie != null) && (cookie.getValueLength() > 0));
        SearchResult searchResultTemp = searchResultList.get(0);
        searchResult = new SearchResult(searchResultTemp.getMessageID(), searchResultTemp.getResultCode(), searchResultTemp.getDiagnosticMessage(), searchResultTemp.getMatchedDN(), searchResultTemp.getReferralURLs(), searchResultEntries, searchResultReferences, searchResultEntries.size(), searchResultReferences.size(), searchResultTemp.getResponseControls());
    } else {
        setControls(searchRequest, controls);
        searchResult = getConnectionPool().search(searchRequest);
    }
    return searchResult;
}
Also used : ASN1OctetString(com.unboundid.asn1.ASN1OctetString) InvalidSimplePageControlException(org.gluu.site.ldap.exception.InvalidSimplePageControlException) MappingException(org.gluu.site.ldap.persistence.exception.MappingException) DuplicateEntryException(org.gluu.site.ldap.exception.DuplicateEntryException) ConnectionException(org.gluu.site.ldap.exception.ConnectionException) InvalidArgumentException(org.gluu.site.ldap.persistence.exception.InvalidArgumentException) InvalidSimplePageControlException(org.gluu.site.ldap.exception.InvalidSimplePageControlException)

Example 73 with ASN1OctetString

use of org.bouncycastle.asn1.ASN1OctetString in project nhin-d by DirectProject.

the class SigTest method testCreateVerifySig.

public void testCreateVerifySig() throws Exception {
    X509CertificateEx internalCert = TestUtils.getInternalCert("user1");
    X509Certificate caCert = TestUtils.getExternalCert("cacert");
    String testMessage = TestUtils.readResource("MultipartMimeMessage.txt");
    MimeMessage entity = EntitySerializer.Default.deserialize(testMessage);
    Message message = new Message(entity);
    MimeEntity entityToSig = message.extractEntityForSignature(true);
    // Serialize message out as ASCII encoded...
    byte[] messageBytes = EntitySerializer.Default.serializeToBytes(entityToSig);
    MimeBodyPart partToSign = null;
    try {
        partToSign = new MimeBodyPart(new ByteArrayInputStream(messageBytes));
    } catch (Exception e) {
    }
    SMIMESignedGenerator gen = new SMIMESignedGenerator();
    ASN1EncodableVector signedAttrs = new ASN1EncodableVector();
    SMIMECapabilityVector caps = new SMIMECapabilityVector();
    caps.addCapability(SMIMECapability.dES_EDE3_CBC);
    caps.addCapability(SMIMECapability.rC2_CBC, 128);
    caps.addCapability(SMIMECapability.dES_CBC);
    caps.addCapability(new DERObjectIdentifier("1.2.840.113549.1.7.1"));
    caps.addCapability(PKCSObjectIdentifiers.x509Certificate);
    signedAttrs.add(new SMIMECapabilitiesAttribute(caps));
    List certList = new ArrayList();
    gen.addSigner(internalCert.getPrivateKey(), internalCert, SMIMESignedGenerator.DIGEST_SHA1, new AttributeTable(signedAttrs), null);
    //SMIMESignedGenerator.DIGEST_SHA1, null, null);
    certList.add(internalCert);
    MimeMultipart retVal = null;
    CertStore certsAndcrls = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), CryptoExtensions.getJCEProviderName());
    gen.addCertificatesAndCRLs(certsAndcrls);
    _certStores.add(certsAndcrls);
    _signers.add(new Signer(internalCert.getPrivateKey(), internalCert, SMIMESignedGenerator.DIGEST_SHA1, new AttributeTable(signedAttrs), null));
    retVal = generate(partToSign, CryptoExtensions.getJCEProviderName());
    for (int i = 0; i < 10; ++i) {
        ByteArrayOutputStream oStream = new ByteArrayOutputStream();
        retVal.writeTo(oStream);
        oStream.flush();
        byte[] serialzedBytes = oStream.toByteArray();
        //System.out.println(new String(serialzedBytes, "ASCII") + "\r\n\r\n\r\n\r\n\r\n");
        ByteArrayDataSource dataSource = new ByteArrayDataSource(serialzedBytes, retVal.getContentType());
        MimeMultipart verifyMM = new MimeMultipart(dataSource);
        CMSSignedData signed = null;
        //CMSSignedData signeddata = new CMSSignedData(new CMSProcessableBodyPartInbound(verifyMM.getBodyPart(0)), verifyMM.getBodyPart(1).getInputStream());			
        CMSSignedData signeddata = new CMSSignedData(new CMSProcessableBodyPartInbound(partToSign), verifyMM.getBodyPart(1).getInputStream());
        int verified = 0;
        CertStore certs = signeddata.getCertificatesAndCRLs("Collection", CryptoExtensions.getJCEProviderName());
        SignerInformationStore signers = signeddata.getSignerInfos();
        Collection c = signers.getSigners();
        Iterator it = c.iterator();
        while (it.hasNext()) {
            SignerInformation signer = (SignerInformation) it.next();
            Collection certCollection = certs.getCertificates(signer.getSID());
            Attribute dig = signer.getSignedAttributes().get(CMSAttributes.messageDigest);
            DERObject hashObj = dig.getAttrValues().getObjectAt(0).getDERObject();
            byte[] signedHash = ((ASN1OctetString) hashObj).getOctets();
            System.out.print("value of signedHash: \r\n\tvalue: ");
            for (byte bt : signedHash) {
                System.out.print(bt + " ");
            }
            System.out.println();
            Iterator certIt = certCollection.iterator();
            try {
                assertTrue(signer.verify(internalCert, CryptoExtensions.getJCEProviderName()));
            } catch (Exception e) {
                e.printStackTrace();
            }
            byte[] bytes = signer.getContentDigest();
            /*
	    		  X509Certificate cert = (X509Certificate)certIt.next();
	    		  
    		      if (signer.verify(cert.getPublicKey()))
    		      {
    		          verified++;
    		      }
	    		  */
            verified++;
        }
    }
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) CMSProcessableBodyPartInbound(org.bouncycastle.mail.smime.CMSProcessableBodyPartInbound) Message(org.nhindirect.stagent.mail.Message) MimeMessage(javax.mail.internet.MimeMessage) Attribute(org.bouncycastle.asn1.cms.Attribute) SMIMECapabilitiesAttribute(org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute) ArrayList(java.util.ArrayList) AttributeTable(org.bouncycastle.asn1.cms.AttributeTable) SMIMESignedGenerator(org.bouncycastle.mail.smime.SMIMESignedGenerator) SignerInformation(org.bouncycastle.cms.SignerInformation) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) DERObject(org.bouncycastle.asn1.DERObject) MimeMessage(javax.mail.internet.MimeMessage) SMIMECapabilityVector(org.bouncycastle.asn1.smime.SMIMECapabilityVector) MimeMultipart(javax.mail.internet.MimeMultipart) SignerInformationStore(org.bouncycastle.cms.SignerInformationStore) Iterator(java.util.Iterator) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) List(java.util.List) ArrayList(java.util.ArrayList) SMIMECapabilitiesAttribute(org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute) ByteArrayDataSource(javax.mail.util.ByteArrayDataSource) ByteArrayOutputStream(java.io.ByteArrayOutputStream) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) CMSSignedData(org.bouncycastle.cms.CMSSignedData) X509Certificate(java.security.cert.X509Certificate) MessagingException(javax.mail.MessagingException) CertStoreException(java.security.cert.CertStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) CMSException(org.bouncycastle.cms.CMSException) IOException(java.io.IOException) SMIMEException(org.bouncycastle.mail.smime.SMIMEException) NoSuchProviderException(java.security.NoSuchProviderException) X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx) ByteArrayInputStream(java.io.ByteArrayInputStream) MimeEntity(org.nhindirect.stagent.mail.MimeEntity) Collection(java.util.Collection) MimeBodyPart(javax.mail.internet.MimeBodyPart) CertStore(java.security.cert.CertStore)

Example 74 with ASN1OctetString

use of org.bouncycastle.asn1.ASN1OctetString in project nhin-d by DirectProject.

the class DefaultMessageSignatureImpl method logDigests.

private void logDigests(SignerInformation sigInfo) {
    // will fail
    if (this.m_logDigest && sigInfo != null) {
        try {
            //get the digests
            final Attribute digAttr = sigInfo.getSignedAttributes().get(CMSAttributes.messageDigest);
            final DERObject hashObj = digAttr.getAttrValues().getObjectAt(0).getDERObject();
            final byte[] signedDigest = ((ASN1OctetString) hashObj).getOctets();
            final String signedDigestHex = org.apache.commons.codec.binary.Hex.encodeHexString(signedDigest);
            LOGGER.info("Signed Message Digest: " + signedDigestHex);
            // should have the computed digest now
            final byte[] digest = sigInfo.getContentDigest();
            final String digestHex = org.apache.commons.codec.binary.Hex.encodeHexString(digest);
            LOGGER.info("Computed Message Digest: " + digestHex);
        } catch (Throwable t) {
        /* no-op.... logging digests is a quiet operation */
        }
    }
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERObject(org.bouncycastle.asn1.DERObject) Attribute(org.bouncycastle.asn1.cms.Attribute) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)

Example 75 with ASN1OctetString

use of org.bouncycastle.asn1.ASN1OctetString in project nhin-d by DirectProject.

the class CRLRevocationManager method getObject.

private static DERObject getObject(String oid, byte[] ext) throws AnnotatedException {
    ASN1InputStream aIn = null;
    try {
        aIn = new ASN1InputStream(ext);
        ASN1OctetString octs = (ASN1OctetString) aIn.readObject();
        IOUtils.closeQuietly(aIn);
        aIn = new ASN1InputStream(octs.getOctets());
        return aIn.readObject();
    } catch (Exception e) {
        throw new NHINDException("exception processing extension " + oid, e);
    } finally {
        IOUtils.closeQuietly(aIn);
    }
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) NHINDException(org.nhindirect.stagent.NHINDException) AnnotatedException(org.bouncycastle.jce.provider.AnnotatedException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NHINDException(org.nhindirect.stagent.NHINDException) CRLException(java.security.cert.CRLException) NoSuchProviderException(java.security.NoSuchProviderException)

Aggregations

ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)89 IOException (java.io.IOException)40 DEROctetString (org.bouncycastle.asn1.DEROctetString)26 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)24 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)24 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)23 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)17 ByteArrayInputStream (java.io.ByteArrayInputStream)16 X509Certificate (java.security.cert.X509Certificate)16 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)16 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)15 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)15 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)12 CertificateException (java.security.cert.CertificateException)12 Enumeration (java.util.Enumeration)12 ASN1TaggedObject (org.bouncycastle.asn1.ASN1TaggedObject)12 DERBitString (org.bouncycastle.asn1.DERBitString)12 DERBMPString (org.bouncycastle.asn1.DERBMPString)11 DERIA5String (org.bouncycastle.asn1.DERIA5String)11 DERSequence (org.bouncycastle.asn1.DERSequence)11