Search in sources :

Example 86 with ASN1OctetString

use of org.bouncycastle.asn1.ASN1OctetString in project xipki by xipki.

the class CmpUtil method addProtection.

public static PKIMessage addProtection(PKIMessage pkiMessage, ConcurrentContentSigner signer, GeneralName signerName, boolean addSignerCert) throws CMPException, NoIdleSignerException {
    ParamUtil.requireNonNull("pkiMessage", pkiMessage);
    ParamUtil.requireNonNull("signer", signer);
    final GeneralName tmpSignerName;
    if (signerName != null) {
        tmpSignerName = signerName;
    } else {
        if (signer.getCertificate() == null) {
            throw new IllegalArgumentException("signer without certificate is not allowed");
        }
        X500Name x500Name = X500Name.getInstance(signer.getCertificate().getSubjectX500Principal().getEncoded());
        tmpSignerName = new GeneralName(x500Name);
    }
    PKIHeader header = pkiMessage.getHeader();
    ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(tmpSignerName, header.getRecipient());
    PKIFreeText freeText = header.getFreeText();
    if (freeText != null) {
        builder.setFreeText(freeText);
    }
    InfoTypeAndValue[] generalInfo = header.getGeneralInfo();
    if (generalInfo != null) {
        for (InfoTypeAndValue gi : generalInfo) {
            builder.addGeneralInfo(gi);
        }
    }
    ASN1OctetString octet = header.getRecipKID();
    if (octet != null) {
        builder.setRecipKID(octet.getOctets());
    }
    octet = header.getRecipNonce();
    if (octet != null) {
        builder.setRecipNonce(octet.getOctets());
    }
    octet = header.getSenderKID();
    if (octet != null) {
        builder.setSenderKID(octet.getOctets());
    }
    octet = header.getSenderNonce();
    if (octet != null) {
        builder.setSenderNonce(octet.getOctets());
    }
    octet = header.getTransactionID();
    if (octet != null) {
        builder.setTransactionID(octet.getOctets());
    }
    if (header.getMessageTime() != null) {
        builder.setMessageTime(new Date());
    }
    builder.setBody(pkiMessage.getBody());
    if (addSignerCert) {
        X509CertificateHolder signerCert = signer.getBcCertificate();
        builder.addCMPCertificate(signerCert);
    }
    ConcurrentBagEntrySigner signer0 = signer.borrowSigner();
    ProtectedPKIMessage signedMessage;
    try {
        signedMessage = builder.build(signer0.value());
    } finally {
        signer.requiteSigner(signer0);
    }
    return signedMessage.toASN1Structure();
}
Also used : PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) X500Name(org.bouncycastle.asn1.x500.X500Name) ConcurrentBagEntrySigner(org.xipki.security.ConcurrentBagEntrySigner) Date(java.util.Date) PKIFreeText(org.bouncycastle.asn1.cmp.PKIFreeText) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ProtectedPKIMessageBuilder(org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder)

Example 87 with ASN1OctetString

use of org.bouncycastle.asn1.ASN1OctetString in project candlepin by candlepin.

the class X509CRLStreamWriter method writeToEmptyCrl.

protected void writeToEmptyCrl(OutputStream out) throws IOException {
    ASN1InputStream asn1in = null;
    try {
        asn1in = new ASN1InputStream(crlIn);
        ASN1Sequence certListSeq = (ASN1Sequence) asn1in.readObject();
        CertificateList certList = CertificateList.getInstance(certListSeq);
        X509CRLHolder oldCrl = new X509CRLHolder(certList);
        X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(oldCrl.getIssuer(), new Date());
        crlBuilder.addCRL(oldCrl);
        Date now = new Date();
        Date oldNextUpdate = certList.getNextUpdate().getDate();
        Date oldThisUpdate = certList.getThisUpdate().getDate();
        Date nextUpdate = new Date(now.getTime() + (oldNextUpdate.getTime() - oldThisUpdate.getTime()));
        crlBuilder.setNextUpdate(nextUpdate);
        for (Object o : oldCrl.getExtensionOIDs()) {
            ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) o;
            Extension ext = oldCrl.getExtension(oid);
            if (oid.equals(Extension.cRLNumber)) {
                ASN1OctetString octet = ext.getExtnValue();
                ASN1Integer currentNumber = (ASN1Integer) new ASN1InputStream(octet.getOctets()).readObject();
                ASN1Integer nextNumber = new ASN1Integer(currentNumber.getValue().add(BigInteger.ONE));
                crlBuilder.addExtension(oid, ext.isCritical(), nextNumber);
            } else if (oid.equals(Extension.authorityKeyIdentifier)) {
                crlBuilder.addExtension(oid, ext.isCritical(), ext.getParsedValue());
            }
        }
        for (DERSequence entry : newEntries) {
            // XXX: This is all a bit messy considering the user already passed in the serial, date
            // and reason.
            BigInteger serial = ((ASN1Integer) entry.getObjectAt(0)).getValue();
            Date revokeDate = ((Time) entry.getObjectAt(1)).getDate();
            int reason = CRLReason.unspecified;
            if (entry.size() == 3) {
                Extensions extensions = (Extensions) entry.getObjectAt(2);
                Extension reasonExt = extensions.getExtension(Extension.reasonCode);
                if (reasonExt != null) {
                    reason = ((ASN1Enumerated) reasonExt.getParsedValue()).getValue().intValue();
                }
            }
            crlBuilder.addCRLEntry(serial, revokeDate, reason);
        }
        if (signingAlg == null) {
            signingAlg = oldCrl.toASN1Structure().getSignatureAlgorithm();
        }
        ContentSigner s;
        try {
            s = createContentSigner(signingAlg, key);
            X509CRLHolder newCrl = crlBuilder.build(s);
            out.write(newCrl.getEncoded());
        } catch (OperatorCreationException e) {
            throw new IOException("Could not sign CRL", e);
        }
    } finally {
        IOUtils.closeQuietly(asn1in);
    }
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) CertificateList(org.bouncycastle.asn1.x509.CertificateList) ContentSigner(org.bouncycastle.operator.ContentSigner) DERGeneralizedTime(org.bouncycastle.asn1.DERGeneralizedTime) ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) DERUTCTime(org.bouncycastle.asn1.DERUTCTime) Time(org.bouncycastle.asn1.x509.Time) ASN1UTCTime(org.bouncycastle.asn1.ASN1UTCTime) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) Extensions(org.bouncycastle.asn1.x509.Extensions) Date(java.util.Date) Extension(org.bouncycastle.asn1.x509.Extension) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERSequence(org.bouncycastle.asn1.DERSequence) ASN1Enumerated(org.bouncycastle.asn1.ASN1Enumerated) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) ASN1Object(org.bouncycastle.asn1.ASN1Object) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 88 with ASN1OctetString

use of org.bouncycastle.asn1.ASN1OctetString in project candlepin by candlepin.

the class X509CRLStreamWriter method updateExtensions.

/**
 * This method updates the crlNumber and authorityKeyIdentifier extensions.  Any
 * other extensions are copied over unchanged.
 * @param obj
 * @return
 * @throws IOException
 */
@SuppressWarnings("rawtypes")
protected byte[] updateExtensions(byte[] obj) throws IOException {
    ASN1TaggedObject taggedExts = (ASN1TaggedObject) new ASN1InputStream(obj).readObject();
    ASN1Sequence seq = (ASN1Sequence) taggedExts.getObject();
    ASN1EncodableVector modifiedExts = new ASN1EncodableVector();
    // Now we need to read the extensions and find the CRL number and increment it,
    // and determine if its length changed.
    Enumeration objs = seq.getObjects();
    while (objs.hasMoreElements()) {
        ASN1Sequence ext = (ASN1Sequence) objs.nextElement();
        ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) ext.getObjectAt(0);
        if (Extension.cRLNumber.equals(oid)) {
            ASN1OctetString s = (ASN1OctetString) ext.getObjectAt(1);
            ASN1Integer i = (ASN1Integer) new ASN1InputStream(s.getOctets()).readObject();
            ASN1Integer newCrlNumber = new ASN1Integer(i.getValue().add(BigInteger.ONE));
            Extension newNumberExt = new Extension(Extension.cRLNumber, false, new DEROctetString(newCrlNumber.getEncoded()));
            ASN1EncodableVector crlNumber = new ASN1EncodableVector();
            crlNumber.add(Extension.cRLNumber);
            crlNumber.add(newNumberExt.getExtnValue());
            modifiedExts.add(new DERSequence(crlNumber));
        } else if (Extension.authorityKeyIdentifier.equals(oid)) {
            Extension newAuthorityKeyExt = new Extension(Extension.authorityKeyIdentifier, false, aki.getEncoded());
            ASN1EncodableVector aki = new ASN1EncodableVector();
            aki.add(Extension.authorityKeyIdentifier);
            aki.add(newAuthorityKeyExt.getExtnValue());
            modifiedExts.add(new DERSequence(aki));
        } else {
            modifiedExts.add(ext);
        }
    }
    ASN1Sequence seqOut = new DERSequence(modifiedExts);
    ASN1TaggedObject out = new DERTaggedObject(true, 0, seqOut);
    return out.getEncoded();
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) Extension(org.bouncycastle.asn1.x509.Extension) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) Enumeration(java.util.Enumeration) DERSequence(org.bouncycastle.asn1.DERSequence) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 89 with ASN1OctetString

use of org.bouncycastle.asn1.ASN1OctetString in project keystore-explorer by kaikramer.

the class X509Ext method getStringValue.

/**
 * Get extension value as a string.
 *
 * @return X509Extension value as a string
 * @throws IOException If an ASN.1 coding problem occurs
 * @throws IOException If an I/O problem occurs
 */
public String getStringValue() throws IOException {
    // Convert value from DER encoded octet string value to binary DER encoding
    ASN1OctetString octetString = ASN1OctetString.getInstance(ASN1Primitive.fromByteArray(value));
    byte[] octets = octetString.getOctets();
    X509ExtensionType type = X509ExtensionType.resolveOid(oid.getId());
    // handle unknown OID
    if (type == null) {
        return HexUtil.getHexClearDump(octets);
    }
    switch(type) {
        case ENTRUST_VERSION_INFORMATION:
            return getEntrustVersionInformationStringValue(octets);
        case AUTHORITY_INFORMATION_ACCESS:
            return getAuthorityInformationAccessStringValue(octets);
        case SUBJECT_INFORMATION_ACCESS:
            return getSubjectInformationAccessStringValue(octets);
        case SUBJECT_DIRECTORY_ATTRIBUTES:
            return getSubjectDirectoryAttributesStringValue(octets);
        case SUBJECT_KEY_IDENTIFIER:
            return getSubjectKeyIndentifierStringValue(octets);
        case KEY_USAGE:
            return getKeyUsageStringValue(octets);
        case PRIVATE_KEY_USAGE_PERIOD:
            return getPrivateKeyUsagePeriodStringValue(octets);
        case SUBJECT_ALTERNATIVE_NAME:
            return getSubjectAlternativeNameStringValue(octets);
        case ISSUER_ALTERNATIVE_NAME:
            return getIssuerAlternativeNameStringValue(octets);
        case BASIC_CONSTRAINTS:
            return getBasicConstraintsStringValue(octets);
        case CRL_NUMBER:
            return getCrlNumberStringValue(octets);
        case REASON_CODE:
            return getReasonCodeStringValue(octets);
        case HOLD_INSTRUCTION_CODE:
            return getHoldInstructionCodeStringValue(octets);
        case INVALIDITY_DATE:
            return getInvalidityDateStringValue(octets);
        case DELTA_CRL_INDICATOR:
            return getDeltaCrlIndicatorStringValue(octets);
        case ISSUING_DISTRIBUTION_POINT:
            return getIssuingDistributionPointStringValue(octets);
        case CERTIFICATE_ISSUER:
            return getCertificateIssuerStringValue(octets);
        case NAME_CONSTRAINTS:
            return getNameConstraintsStringValue(octets);
        case CRL_DISTRIBUTION_POINTS:
            return getCrlDistributionPointsStringValue(octets);
        case CERTIFICATE_POLICIES:
            return getCertificatePoliciesStringValue(octets);
        case POLICY_MAPPINGS:
            return getPolicyMappingsStringValue(octets);
        case AUTHORITY_KEY_IDENTIFIER:
            return getAuthorityKeyIdentifierStringValue(octets);
        case POLICY_CONSTRAINTS:
            return getPolicyConstraintsStringValue(octets);
        case EXTENDED_KEY_USAGE:
            return getExtendedKeyUsageStringValue(octets);
        case FRESHEST_CRL:
            return getFreshestCrlStringValue(octets);
        case INHIBIT_ANY_POLICY:
            return getInhibitAnyPolicyStringValue(octets);
        case NETSCAPE_CERTIFICATE_TYPE:
            return getNetscapeCertificateTypeStringValue(octets);
        case NETSCAPE_BASE_URL:
            return getNetscapeBaseUrlStringValue(octets);
        case NETSCAPE_REVOCATION_URL:
            return getNetscapeRevocationUrlStringValue(octets);
        case NETSCAPE_CA_REVOCATION_URL:
            return getNetscapeCaRevocationUrlStringValue(octets);
        case NETSCAPE_CERTIFICATE_RENEWAL_URL:
            return getNetscapeCertificateRenewalStringValue(octets);
        case NETSCAPE_CA_POLICY_URL:
            return getNetscapeCaPolicyUrlStringValue(octets);
        case NETSCAPE_SSL_SERVER_NAME:
            return getNetscapeSslServerNameStringValue(octets);
        case NETSCAPE_COMMENT:
            return getNetscapeCommentStringValue(octets);
        case BIOMETRIC_INFO:
            return getBiometricInfoStringValue(octets);
        case QC_STATEMENTS:
            return getQcStatementsStringValue(octets);
        case OCSP_NO_CHECK:
            return getOcspNoCheckStringValue(octets);
        case LIABILITY_LIMITATION_FLAG:
            return getLiabilityLimitationFlagStringValue(octets);
        case DATE_OF_CERT_GEN:
            return getDateOfCertGenStringValue(octets);
        case PROCURATION:
            return getProcurationStringValue(octets);
        case ADMISSION:
            return getAdmissionStringValue(octets);
        case MONETARY_LIMIT:
            return getMonetaryLimitStringValue(octets);
        case DECLARATION_OF_MAJORITY:
            return getDeclarationOfMajorityStringValue(octets);
        case ICCSN:
            return getICCSNStringValue(octets);
        case RESTRICTION:
            return getRestrictionStringValue(octets);
        case ADDITIONAL_INFORMATION:
            return getAdditionalInformationStringValue(octets);
        case VALIDITY_MODEL:
            return getValidityModelStringValue(octets);
        case MS_ENROLL_CERT_TYPE_EXTENSION:
            return getMsCertTypeStringValue(octets);
        case MS_CA_VERSION:
            return getMsCaVersionStringValue(octets);
        case MS_CRL_NEXT_PUBLISH:
            return getMsCrlNextPublishStringValue(octets);
        case MS_CERTIFICATE_TEMPLATE:
            return getMsCertificateTemplateStringValue(octets);
        case MS_APPLICATION_POLICIES:
            return HexUtil.getHexClearDump(octets);
        case SMIME_CAPABILITIES:
            return getSMIMECapabilitiesStringValue(octets);
        case VS_CZAG:
        case VS_FIDELITY_TOKEN:
        case VS_IN_BOX_V1:
        case VS_IN_BOX_V2:
        case VS_SERIAL_NUMBER_ROLLOVER:
        case VS_ON_SITE_JURISDICTION_HASH:
            // most VeriSign extensions contain just an IA5STRING
            return DERIA5String.getInstance(octets).getString();
        case VS_TOKEN_TYPE:
        case VS_UNKNOWN:
            return getBitString(octets);
        case VS_NON_VERIFIED:
            return getVeriSignNonVerified(octets);
        default:
            // X509Extension not recognized or means to output it not defined - just dump out hex and clear text
            return HexUtil.getHexClearDump(octets);
    }
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)

Example 90 with ASN1OctetString

use of org.bouncycastle.asn1.ASN1OctetString in project keystore-explorer by kaikramer.

the class X509Ext method getBiometricInfoStringValue.

private String getBiometricInfoStringValue(byte[] octets) {
    // @formatter:off
    /*
			BiometricSyntax ::= SEQUENCE OF BiometricData
			BiometricData ::= SEQUENCE
			{
				typeOfBiometricData TypeOfBiometricData,
				hashAlgorithm AlgorithmIdentifier,
				biometricDataHash OCTET STRING,
				sourceDataUri IA5String OPTIONAL
			}
			TypeOfBiometricData ::= CHOICE
			{
				predefinedBiometricType PredefinedBiometricType,
				biometricDataId OBJECT IDENTIIFER
			}
			PredefinedBiometricType ::= INTEGER
			{
				picture(0),
				handwritten-signature(1)
			}
		 */
    // @formatter:on
    StringBuilder sb = new StringBuilder();
    int biometricDataNr = 0;
    ASN1Sequence asn1Sequence = ASN1Sequence.getInstance(octets);
    for (ASN1Encodable asn1Encodable : asn1Sequence.toArray()) {
        BiometricData biometricData = BiometricData.getInstance(asn1Encodable);
        TypeOfBiometricData typeOfBiometricData = biometricData.getTypeOfBiometricData();
        AlgorithmIdentifier hashAlgorithm = biometricData.getHashAlgorithm();
        ASN1OctetString biometricDataHash = biometricData.getBiometricDataHash();
        DERIA5String sourceDataUri = biometricData.getSourceDataUri();
        sb.append(MessageFormat.format(res.getString("BiometricInfo.BiometricData"), biometricDataNr));
        sb.append(NEWLINE);
        sb.append(INDENT);
        if (typeOfBiometricData.isPredefined()) {
            int type = typeOfBiometricData.getPredefinedBiometricType();
            sb.append(MessageFormat.format(res.getString("BiometricInfo.TypeOfBiometricData"), type));
        } else {
            String biometricDataOid = typeOfBiometricData.getBiometricDataOid().getId();
            sb.append(MessageFormat.format(res.getString("BiometricInfo.TypeOfBiometricData"), biometricDataOid));
        }
        sb.append(NEWLINE);
        sb.append(INDENT);
        sb.append(MessageFormat.format(res.getString("BiometricInfo.HashAlgorithm"), hashAlgorithm.getAlgorithm().getId()));
        sb.append(NEWLINE);
        sb.append(INDENT);
        sb.append(MessageFormat.format(res.getString("BiometricInfo.BiometricDataHash"), HexUtil.getHexString(biometricDataHash.getOctets())));
        sb.append(NEWLINE);
        if (sourceDataUri != null) {
            // optional
            sb.append(INDENT);
            sb.append(MessageFormat.format(res.getString("BiometricInfo.SourceDataUri"), sourceDataUri.toString()));
            sb.append(NEWLINE);
        }
    }
    return sb.toString();
}
Also used : TypeOfBiometricData(org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData) BiometricData(org.bouncycastle.asn1.x509.qualified.BiometricData) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERIA5String(org.bouncycastle.asn1.DERIA5String) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERGeneralString(org.bouncycastle.asn1.DERGeneralString) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERIA5String(org.bouncycastle.asn1.DERIA5String) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) TypeOfBiometricData(org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Aggregations

ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)89 IOException (java.io.IOException)40 DEROctetString (org.bouncycastle.asn1.DEROctetString)26 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)24 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)24 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)23 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)17 ByteArrayInputStream (java.io.ByteArrayInputStream)16 X509Certificate (java.security.cert.X509Certificate)16 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)16 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)15 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)15 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)12 CertificateException (java.security.cert.CertificateException)12 Enumeration (java.util.Enumeration)12 ASN1TaggedObject (org.bouncycastle.asn1.ASN1TaggedObject)12 DERBitString (org.bouncycastle.asn1.DERBitString)12 DERBMPString (org.bouncycastle.asn1.DERBMPString)11 DERIA5String (org.bouncycastle.asn1.DERIA5String)11 DERSequence (org.bouncycastle.asn1.DERSequence)11