Example 11 with ASN1OctetString
use of org.bouncycastle.asn1.ASN1OctetString in project oxCore by GluuFederation.
the class LdapEntryManager method countEntries.
public <T> int countEntries(String baseDN, Class<T> entryClass, Filter filter) {
if (StringHelper.isEmptyString(baseDN)) {
throw new MappingException("Base DN to find entries is null");
}
// Check entry class
checkEntryClass(entryClass, false);
String[] objectClasses = getTypeObjectClasses(entryClass);
// Don't load
String[] ldapReturnAttributes = new String[] { "" };
// attributes
// Find entries
Filter searchFilter;
if (objectClasses.length > 0) {
searchFilter = addObjectClassFilter(filter, objectClasses);
} else {
searchFilter = filter;
}
int countEntries = 0;
ASN1OctetString cookie = null;
SearchResult searchResult = null;
do {
Control[] controls = new Control[] { new SimplePagedResultsControl(100, cookie) };
try {
searchResult = this.ldapOperationService.search(baseDN, searchFilter, 0, 0, controls, ldapReturnAttributes);
if (!ResultCode.SUCCESS.equals(searchResult.getResultCode())) {
throw new EntryPersistenceException(String.format("Failed to calculate count entries with baseDN: %s, filter: %s", baseDN, searchFilter));
}
} catch (Exception ex) {
throw new EntryPersistenceException(String.format("Failed to calculate count entries with baseDN: %s, filter: %s", baseDN, searchFilter), ex);
}
countEntries += searchResult.getEntryCount();
// list
if ((countEntries == 0) || ((countEntries % 100) != 0)) {
break;
}
cookie = null;
for (Control control : searchResult.getResponseControls()) {
if (control instanceof SimplePagedResultsControl) {
cookie = ((SimplePagedResultsControl) control).getCookie();
break;
}
}
} while (cookie != null);
return countEntries;
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
SimplePagedResultsControl(com.unboundid.ldap.sdk.controls.SimplePagedResultsControl)
EmptyEntryPersistenceException(org.gluu.site.ldap.persistence.exception.EmptyEntryPersistenceException)
EntryPersistenceException(org.gluu.site.ldap.persistence.exception.EntryPersistenceException)
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
SimplePagedResultsControl(com.unboundid.ldap.sdk.controls.SimplePagedResultsControl)
EmptyEntryPersistenceException(org.gluu.site.ldap.persistence.exception.EmptyEntryPersistenceException)
MappingException(org.gluu.site.ldap.persistence.exception.MappingException)
AuthenticationException(org.gluu.site.ldap.persistence.exception.AuthenticationException)
InvalidArgumentException(org.gluu.site.ldap.persistence.exception.InvalidArgumentException)
ParseException(java.text.ParseException)
EntryPersistenceException(org.gluu.site.ldap.persistence.exception.EntryPersistenceException)
ConnectionException(org.gluu.site.ldap.exception.ConnectionException)
MappingException(org.gluu.site.ldap.persistence.exception.MappingException)
Example 12 with ASN1OctetString
use of org.bouncycastle.asn1.ASN1OctetString in project oxCore by GluuFederation.
the class OperationsFacade method scrollSimplePagedResultsControl.
private ASN1OctetString scrollSimplePagedResultsControl(String dn, Filter filter, SearchScope scope, Control[] controls, int startIndex) throws LDAPSearchException, InvalidSimplePageControlException {
SearchRequest searchRequest = new SearchRequest(dn, scope.getLdapSearchScope(), filter, "dn");
int currentStartIndex = startIndex;
ASN1OctetString cookie = null;
do {
int pageSize = Math.min(currentStartIndex, 100);
searchRequest.setControls(new Control[] { new SimplePagedResultsControl(pageSize, cookie, true) });
setControls(searchRequest, controls);
SearchResult searchResult = getConnectionPool().search(searchRequest);
currentStartIndex -= searchResult.getEntryCount();
try {
SimplePagedResultsControl c = SimplePagedResultsControl.get(searchResult);
if (c != null) {
cookie = c.getCookie();
}
} catch (LDAPException ex) {
log.error("Error while accessing cookie" + ex.getMessage());
throw new InvalidSimplePageControlException("Error while accessing cookie");
}
} while ((cookie != null) && (cookie.getValueLength() > 0) && (currentStartIndex > 0));
return cookie;
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
InvalidSimplePageControlException(org.gluu.site.ldap.exception.InvalidSimplePageControlException)
Example 13 with ASN1OctetString
use of org.bouncycastle.asn1.ASN1OctetString in project oxAuth by GluuFederation.
the class RSASigner method validateSignature.
@Override
public boolean validateSignature(String signingInput, String signature) throws SignatureException {
if (getSignatureAlgorithm() == null) {
throw new SignatureException("The signature algorithm is null");
}
if (rsaPublicKey == null) {
throw new SignatureException("The RSA public key is null");
}
if (signingInput == null) {
throw new SignatureException("The signing input is null");
}
String algorithm = null;
switch(getSignatureAlgorithm()) {
case RS256:
algorithm = "SHA-256";
break;
case RS384:
algorithm = "SHA-384";
break;
case RS512:
algorithm = "SHA-512";
break;
default:
throw new SignatureException("Unsupported signature algorithm");
}
ASN1InputStream aIn = null;
try {
byte[] sigBytes = Base64Util.base64urldecode(signature);
byte[] sigInBytes = signingInput.getBytes(Util.UTF8_STRING_ENCODING);
RSAPublicKeySpec rsaPublicKeySpec = new RSAPublicKeySpec(rsaPublicKey.getModulus(), rsaPublicKey.getPublicExponent());
KeyFactory keyFactory = KeyFactory.getInstance("RSA", "BC");
PublicKey publicKey = keyFactory.generatePublic(rsaPublicKeySpec);
Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
cipher.init(Cipher.DECRYPT_MODE, publicKey);
byte[] decSig = cipher.doFinal(sigBytes);
aIn = new ASN1InputStream(decSig);
ASN1Sequence seq = (ASN1Sequence) aIn.readObject();
MessageDigest hash = MessageDigest.getInstance(algorithm, "BC");
hash.update(sigInBytes);
ASN1OctetString sigHash = (ASN1OctetString) seq.getObjectAt(1);
return MessageDigest.isEqual(hash.digest(), sigHash.getOctets());
} catch (IOException e) {
throw new SignatureException(e);
} catch (NoSuchAlgorithmException e) {
throw new SignatureException(e);
} catch (InvalidKeyException e) {
throw new SignatureException(e);
} catch (InvalidKeySpecException e) {
throw new SignatureException(e);
} catch (NoSuchPaddingException e) {
throw new SignatureException(e);
} catch (BadPaddingException e) {
throw new SignatureException(e);
} catch (NoSuchProviderException e) {
throw new SignatureException(e);
} catch (IllegalBlockSizeException e) {
throw new SignatureException(e);
} catch (Exception e) {
throw new SignatureException(e);
} finally {
IOUtils.closeQuietly(aIn);
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
RSAPublicKey(org.xdi.oxauth.model.crypto.signature.RSAPublicKey)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec)
IOException(java.io.IOException)
BadPaddingException(javax.crypto.BadPaddingException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
IOException(java.io.IOException)
BadPaddingException(javax.crypto.BadPaddingException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
Cipher(javax.crypto.Cipher)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
Example 14 with ASN1OctetString
use of org.bouncycastle.asn1.ASN1OctetString in project poi by apache.
the class XAdESXLSignatureFacet method postSign.
@Override
public void postSign(Document document) throws MarshalException {
LOG.log(POILogger.DEBUG, "XAdES-X-L post sign phase");
QualifyingPropertiesDocument qualDoc = null;
QualifyingPropertiesType qualProps = null;
// check for XAdES-BES
NodeList qualNl = document.getElementsByTagNameNS(XADES_132_NS, "QualifyingProperties");
if (qualNl.getLength() == 1) {
try {
qualDoc = QualifyingPropertiesDocument.Factory.parse(qualNl.item(0), DEFAULT_XML_OPTIONS);
} catch (XmlException e) {
throw new MarshalException(e);
}
qualProps = qualDoc.getQualifyingProperties();
} else {
throw new MarshalException("no XAdES-BES extension present");
}
// create basic XML container structure
UnsignedPropertiesType unsignedProps = qualProps.getUnsignedProperties();
if (unsignedProps == null) {
unsignedProps = qualProps.addNewUnsignedProperties();
}
UnsignedSignaturePropertiesType unsignedSigProps = unsignedProps.getUnsignedSignatureProperties();
if (unsignedSigProps == null) {
unsignedSigProps = unsignedProps.addNewUnsignedSignatureProperties();
}
// create the XAdES-T time-stamp
NodeList nlSigVal = document.getElementsByTagNameNS(XML_DIGSIG_NS, "SignatureValue");
if (nlSigVal.getLength() != 1) {
throw new IllegalArgumentException("SignatureValue is not set.");
}
RevocationData tsaRevocationDataXadesT = new RevocationData();
LOG.log(POILogger.DEBUG, "creating XAdES-T time-stamp");
XAdESTimeStampType signatureTimeStamp = createXAdESTimeStamp(Collections.singletonList(nlSigVal.item(0)), tsaRevocationDataXadesT);
// marshal the XAdES-T extension
unsignedSigProps.addNewSignatureTimeStamp().set(signatureTimeStamp);
// xadesv141::TimeStampValidationData
if (tsaRevocationDataXadesT.hasRevocationDataEntries()) {
ValidationDataType validationData = createValidationData(tsaRevocationDataXadesT);
insertXChild(unsignedSigProps, validationData);
}
if (signatureConfig.getRevocationDataService() == null) {
/*
* Without revocation data service we cannot construct the XAdES-C
* extension.
*/
return;
}
// XAdES-C: complete certificate refs
CompleteCertificateRefsType completeCertificateRefs = unsignedSigProps.addNewCompleteCertificateRefs();
CertIDListType certIdList = completeCertificateRefs.addNewCertRefs();
/*
* We skip the signing certificate itself according to section
* 4.4.3.2 of the XAdES 1.4.1 specification.
*/
List<X509Certificate> certChain = signatureConfig.getSigningCertificateChain();
int chainSize = certChain.size();
if (chainSize > 1) {
for (X509Certificate cert : certChain.subList(1, chainSize)) {
CertIDType certId = certIdList.addNewCert();
XAdESSignatureFacet.setCertID(certId, signatureConfig, false, cert);
}
}
// XAdES-C: complete revocation refs
CompleteRevocationRefsType completeRevocationRefs = unsignedSigProps.addNewCompleteRevocationRefs();
RevocationData revocationData = signatureConfig.getRevocationDataService().getRevocationData(certChain);
if (revocationData.hasCRLs()) {
CRLRefsType crlRefs = completeRevocationRefs.addNewCRLRefs();
completeRevocationRefs.setCRLRefs(crlRefs);
for (byte[] encodedCrl : revocationData.getCRLs()) {
CRLRefType crlRef = crlRefs.addNewCRLRef();
X509CRL crl;
try {
crl = (X509CRL) this.certificateFactory.generateCRL(new ByteArrayInputStream(encodedCrl));
} catch (CRLException e) {
throw new RuntimeException("CRL parse error: " + e.getMessage(), e);
}
CRLIdentifierType crlIdentifier = crlRef.addNewCRLIdentifier();
String issuerName = crl.getIssuerDN().getName().replace(",", ", ");
crlIdentifier.setIssuer(issuerName);
Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("Z"), Locale.ROOT);
cal.setTime(crl.getThisUpdate());
crlIdentifier.setIssueTime(cal);
crlIdentifier.setNumber(getCrlNumber(crl));
DigestAlgAndValueType digestAlgAndValue = crlRef.addNewDigestAlgAndValue();
XAdESSignatureFacet.setDigestAlgAndValue(digestAlgAndValue, encodedCrl, signatureConfig.getDigestAlgo());
}
}
if (revocationData.hasOCSPs()) {
OCSPRefsType ocspRefs = completeRevocationRefs.addNewOCSPRefs();
for (byte[] ocsp : revocationData.getOCSPs()) {
try {
OCSPRefType ocspRef = ocspRefs.addNewOCSPRef();
DigestAlgAndValueType digestAlgAndValue = ocspRef.addNewDigestAlgAndValue();
XAdESSignatureFacet.setDigestAlgAndValue(digestAlgAndValue, ocsp, signatureConfig.getDigestAlgo());
OCSPIdentifierType ocspIdentifier = ocspRef.addNewOCSPIdentifier();
OCSPResp ocspResp = new OCSPResp(ocsp);
BasicOCSPResp basicOcspResp = (BasicOCSPResp) ocspResp.getResponseObject();
Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("Z"), Locale.ROOT);
cal.setTime(basicOcspResp.getProducedAt());
ocspIdentifier.setProducedAt(cal);
ResponderIDType responderId = ocspIdentifier.addNewResponderID();
RespID respId = basicOcspResp.getResponderId();
ResponderID ocspResponderId = respId.toASN1Primitive();
DERTaggedObject derTaggedObject = (DERTaggedObject) ocspResponderId.toASN1Primitive();
if (2 == derTaggedObject.getTagNo()) {
ASN1OctetString keyHashOctetString = (ASN1OctetString) derTaggedObject.getObject();
byte[] key = keyHashOctetString.getOctets();
responderId.setByKey(key);
} else {
X500Name name = X500Name.getInstance(derTaggedObject.getObject());
String nameStr = name.toString();
responderId.setByName(nameStr);
}
} catch (Exception e) {
throw new RuntimeException("OCSP decoding error: " + e.getMessage(), e);
}
}
}
// marshal XAdES-C
// XAdES-X Type 1 timestamp
List<Node> timeStampNodesXadesX1 = new ArrayList<Node>();
timeStampNodesXadesX1.add(nlSigVal.item(0));
timeStampNodesXadesX1.add(signatureTimeStamp.getDomNode());
timeStampNodesXadesX1.add(completeCertificateRefs.getDomNode());
timeStampNodesXadesX1.add(completeRevocationRefs.getDomNode());
RevocationData tsaRevocationDataXadesX1 = new RevocationData();
LOG.log(POILogger.DEBUG, "creating XAdES-X time-stamp");
XAdESTimeStampType timeStampXadesX1 = createXAdESTimeStamp(timeStampNodesXadesX1, tsaRevocationDataXadesX1);
if (tsaRevocationDataXadesX1.hasRevocationDataEntries()) {
ValidationDataType timeStampXadesX1ValidationData = createValidationData(tsaRevocationDataXadesX1);
insertXChild(unsignedSigProps, timeStampXadesX1ValidationData);
}
// marshal XAdES-X
unsignedSigProps.addNewSigAndRefsTimeStamp().set(timeStampXadesX1);
// XAdES-X-L
CertificateValuesType certificateValues = unsignedSigProps.addNewCertificateValues();
for (X509Certificate certificate : certChain) {
EncapsulatedPKIDataType encapsulatedPKIDataType = certificateValues.addNewEncapsulatedX509Certificate();
try {
encapsulatedPKIDataType.setByteArrayValue(certificate.getEncoded());
} catch (CertificateEncodingException e) {
throw new RuntimeException("certificate encoding error: " + e.getMessage(), e);
}
}
RevocationValuesType revocationValues = unsignedSigProps.addNewRevocationValues();
createRevocationValues(revocationValues, revocationData);
// marshal XAdES-X-L
Node n = document.importNode(qualProps.getDomNode(), true);
qualNl.item(0).getParentNode().replaceChild(n, qualNl.item(0));
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
MarshalException(javax.xml.crypto.MarshalException)
X509CRL(java.security.cert.X509CRL)
ValidationDataType(org.etsi.uri.x01903.v14.ValidationDataType)
Node(org.w3c.dom.Node)
ResponderID(org.bouncycastle.asn1.ocsp.ResponderID)
ArrayList(java.util.ArrayList)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
X500Name(org.bouncycastle.asn1.x500.X500Name)
OCSPResp(org.bouncycastle.cert.ocsp.OCSPResp)
BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp)
CRLException(java.security.cert.CRLException)
RevocationData(org.apache.poi.poifs.crypt.dsig.services.RevocationData)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
NodeList(org.w3c.dom.NodeList)
Calendar(java.util.Calendar)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X509Certificate(java.security.cert.X509Certificate)
MarshalException(javax.xml.crypto.MarshalException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
XmlException(org.apache.xmlbeans.XmlException)
CRLException(java.security.cert.CRLException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
XmlException(org.apache.xmlbeans.XmlException)
BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp)
RespID(org.bouncycastle.cert.ocsp.RespID)
Example 15 with ASN1OctetString
use of org.bouncycastle.asn1.ASN1OctetString in project poi by apache.
the class XAdESXLSignatureFacet method getCrlNumber.
private BigInteger getCrlNumber(X509CRL crl) {
byte[] crlNumberExtensionValue = crl.getExtensionValue(Extension.cRLNumber.getId());
if (null == crlNumberExtensionValue) {
return null;
}
try {
ASN1InputStream asn1IS1 = null, asn1IS2 = null;
try {
asn1IS1 = new ASN1InputStream(crlNumberExtensionValue);
ASN1OctetString octetString = (ASN1OctetString) asn1IS1.readObject();
byte[] octets = octetString.getOctets();
asn1IS2 = new ASN1InputStream(octets);
ASN1Integer integer = (ASN1Integer) asn1IS2.readObject();
return integer.getPositiveValue();
} finally {
IOUtils.closeQuietly(asn1IS2);
IOUtils.closeQuietly(asn1IS1);
}
} catch (IOException e) {
throw new RuntimeException("I/O error: " + e.getMessage(), e);
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
Aggregations
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)84
IOException (java.io.IOException)39
DEROctetString (org.bouncycastle.asn1.DEROctetString)26
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)24
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)22
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)20
ByteArrayInputStream (java.io.ByteArrayInputStream)16
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)16
X509Certificate (java.security.cert.X509Certificate)15
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)15
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)15
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)14
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)12
Enumeration (java.util.Enumeration)12
DERBitString (org.bouncycastle.asn1.DERBitString)12
CertificateException (java.security.cert.CertificateException)11
DERBMPString (org.bouncycastle.asn1.DERBMPString)11
DERIA5String (org.bouncycastle.asn1.DERIA5String)11
DERSequence (org.bouncycastle.asn1.DERSequence)11
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)11
