Example 21 with ASN1OctetString
use of org.bouncycastle.asn1.ASN1OctetString in project robovm by robovm.
the class CertPathValidatorUtilities method getObject.
private static ASN1Primitive getObject(String oid, byte[] ext) throws AnnotatedException {
try {
ASN1InputStream aIn = new ASN1InputStream(ext);
ASN1OctetString octs = (ASN1OctetString) aIn.readObject();
aIn = new ASN1InputStream(octs.getOctets());
return aIn.readObject();
} catch (Exception e) {
throw new AnnotatedException("exception processing extension " + oid, e);
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ParseException(java.text.ParseException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertStoreException(java.security.cert.CertStoreException)
CRLException(java.security.cert.CRLException)
CertificateParsingException(java.security.cert.CertificateParsingException)
StoreException(org.bouncycastle.util.StoreException)
IOException(java.io.IOException)
Example 22 with ASN1OctetString
use of org.bouncycastle.asn1.ASN1OctetString in project robovm by robovm.
the class IvAlgorithmParameters method engineInit.
protected void engineInit(byte[] params) throws IOException {
//
if ((params.length % 8) != 0 && params[0] == 0x04 && params[1] == params.length - 2) {
ASN1OctetString oct = (ASN1OctetString) ASN1Primitive.fromByteArray(params);
params = oct.getOctets();
}
this.iv = Arrays.clone(params);
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
Example 23 with ASN1OctetString
use of org.bouncycastle.asn1.ASN1OctetString in project ddf by codice.
the class LoginFilter method validateHolderOfKeyConfirmation.
private void validateHolderOfKeyConfirmation(SamlAssertionWrapper assertion, X509Certificate[] x509Certs) throws SecurityServiceException {
List<String> confirmationMethods = assertion.getConfirmationMethods();
boolean hasHokMethod = false;
for (String method : confirmationMethods) {
if (OpenSAMLUtil.isMethodHolderOfKey(method)) {
hasHokMethod = true;
}
}
if (hasHokMethod) {
if (x509Certs != null && x509Certs.length > 0) {
List<SubjectConfirmation> subjectConfirmations = assertion.getSaml2().getSubject().getSubjectConfirmations();
for (SubjectConfirmation subjectConfirmation : subjectConfirmations) {
if (OpenSAMLUtil.isMethodHolderOfKey(subjectConfirmation.getMethod())) {
Element dom = subjectConfirmation.getSubjectConfirmationData().getDOM();
Node keyInfo = dom.getFirstChild();
Node x509Data = keyInfo.getFirstChild();
Node dataNode = x509Data.getFirstChild();
Node dataText = dataNode.getFirstChild();
X509Certificate tlsCertificate = x509Certs[0];
if (dataNode.getLocalName().equals("X509Certificate")) {
String textContent = dataText.getTextContent();
byte[] byteValue = Base64.getMimeDecoder().decode(textContent);
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(byteValue));
//check that the certificate is still valid
cert.checkValidity();
//if the certs aren't the same, verify
if (!tlsCertificate.equals(cert)) {
//verify that the cert was signed by the same private key as the TLS cert
cert.verify(tlsCertificate.getPublicKey());
}
} catch (CertificateException | NoSuchAlgorithmException | InvalidKeyException | SignatureException | NoSuchProviderException e) {
throw new SecurityServiceException("Unable to validate Holder of Key assertion with certificate.");
}
} else if (dataNode.getLocalName().equals("X509SubjectName")) {
String textContent = dataText.getTextContent();
//If, however, the relying party does not trust the certificate issuer to issue such a DN, the attesting entity is not confirmed and the relying party SHOULD disregard the assertion.
if (!tlsCertificate.getSubjectDN().getName().equals(textContent)) {
throw new SecurityServiceException("Unable to validate Holder of Key assertion with subject DN.");
}
} else if (dataNode.getLocalName().equals("X509IssuerSerial")) {
//we have no way to support this confirmation type so we have to throw an error
throw new SecurityServiceException("Unable to validate Holder of Key assertion with issuer serial. NOT SUPPORTED");
} else if (dataNode.getLocalName().equals("X509SKI")) {
String textContent = dataText.getTextContent();
byte[] tlsSKI = tlsCertificate.getExtensionValue("2.5.29.14");
byte[] assertionSKI = Base64.getMimeDecoder().decode(textContent);
if (tlsSKI != null && tlsSKI.length > 0) {
ASN1OctetString tlsOs = ASN1OctetString.getInstance(tlsSKI);
ASN1OctetString assertionOs = ASN1OctetString.getInstance(assertionSKI);
SubjectKeyIdentifier tlsSubjectKeyIdentifier = SubjectKeyIdentifier.getInstance(tlsOs.getOctets());
SubjectKeyIdentifier assertSubjectKeyIdentifier = SubjectKeyIdentifier.getInstance(assertionOs.getOctets());
//the attesting entity is not confirmed and the relying party SHOULD disregard the assertion.
if (!Arrays.equals(tlsSubjectKeyIdentifier.getKeyIdentifier(), assertSubjectKeyIdentifier.getKeyIdentifier())) {
throw new SecurityServiceException("Unable to validate Holder of Key assertion with subject key identifier.");
}
} else {
throw new SecurityServiceException("Unable to validate Holder of Key assertion with subject key identifier.");
}
}
}
}
} else {
throw new SecurityServiceException("Holder of Key assertion, must be used with 2-way TLS.");
}
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
SecurityServiceException(ddf.security.service.SecurityServiceException)
Element(org.w3c.dom.Element)
Node(org.w3c.dom.Node)
CertificateException(java.security.cert.CertificateException)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SignatureException(java.security.SignatureException)
SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)
InvalidKeyException(java.security.InvalidKeyException)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
SubjectConfirmation(org.opensaml.saml.saml2.core.SubjectConfirmation)
ByteArrayInputStream(java.io.ByteArrayInputStream)
NoSuchProviderException(java.security.NoSuchProviderException)
Example 24 with ASN1OctetString
use of org.bouncycastle.asn1.ASN1OctetString in project oxCore by GluuFederation.
the class LdapOperationsServiceImpl method scrollSimplePagedResultsControl.
private ASN1OctetString scrollSimplePagedResultsControl(LDAPConnection ldapConnection, String dn, Filter filter, SearchScope scope, Control[] controls, int startIndex) throws LDAPException, InvalidSimplePageControlException {
SearchRequest searchRequest = new SearchRequest(dn, scope, filter, "dn");
int currentStartIndex = startIndex;
ASN1OctetString cookie = null;
do {
int pageSize = Math.min(currentStartIndex, 100);
searchRequest.setControls(new Control[] { new SimplePagedResultsControl(pageSize, cookie, true) });
setControls(searchRequest, controls);
SearchResult searchResult = ldapConnection.search(searchRequest);
currentStartIndex -= searchResult.getEntryCount();
try {
SimplePagedResultsControl c = SimplePagedResultsControl.get(searchResult);
if (c != null) {
cookie = c.getCookie();
}
} catch (LDAPException ex) {
LOG.error("Error while accessing cookie", ex);
throw new InvalidSimplePageControlException(ex.getResultCode(), "Error while accessing cookie");
}
} while ((cookie != null) && (cookie.getValueLength() > 0) && (currentStartIndex > 0));
return cookie;
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
SearchRequest(com.unboundid.ldap.sdk.SearchRequest)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
SearchResult(com.unboundid.ldap.sdk.SearchResult)
SimplePagedResultsControl(com.unboundid.ldap.sdk.controls.SimplePagedResultsControl)
InvalidSimplePageControlException(org.gluu.persist.ldap.exception.InvalidSimplePageControlException)
Example 25 with ASN1OctetString
use of org.bouncycastle.asn1.ASN1OctetString in project keystore-explorer by kaikramer.
the class OpenSslPvkUtil method getEncryptionType.
/**
* Detect if a OpenSSL private key is encrypted or not.
*
* @param is
* Input stream containing OpenSSL private key
* @return Encryption type or null if not a valid OpenSSL private key
* @throws IOException
* If an I/O problem occurred
*/
public static EncryptionType getEncryptionType(InputStream is) throws IOException {
byte[] openSsl = ReadUtil.readFully(is);
// In PEM format?
PemInfo pemInfo = PemUtil.decode(new ByteArrayInputStream(openSsl));
if (pemInfo != null) {
String pemType = pemInfo.getType();
// PEM type of OpenSSL?
if (OPENSSL_RSA_PVK_PEM_TYPE.equals(pemType) || OPENSSL_DSA_PVK_PEM_TYPE.equals(pemType) || OPENSSL_EC_PVK_PEM_TYPE.equals(pemType)) {
// Encrypted? It is if PEM contains appropriate header attributes/values
PemAttributes pemAttributes = pemInfo.getAttributes();
if ((pemAttributes != null) && (pemAttributes.get(PROC_TYPE_ATTR_NAME) != null) && (pemAttributes.get(PROC_TYPE_ATTR_NAME).getValue().equals(PROC_TYPE_ATTR_VALUE)) && (pemAttributes.get(DEK_INFO_ATTR_NAME) != null)) {
return ENCRYPTED;
} else {
return UNENCRYPTED;
}
}
}
// In ASN.1 format?
try {
// If OpenSSL will be a sequence of 9 (RSA) or 6 (DSA) integers or 2-4 mixed elements (EC)
ASN1Primitive key = ASN1Primitive.fromByteArray(openSsl);
if (key instanceof ASN1Sequence) {
ASN1Sequence seq = (ASN1Sequence) key;
// }
if ((seq.size() >= 2) && (seq.size() <= 4) && seq.getObjectAt(0) instanceof ASN1Integer) {
BigInteger version = ((ASN1Integer) seq.getObjectAt(0)).getValue();
if (version.equals(VERSION_EC)) {
if (seq.getObjectAt(1) instanceof ASN1OctetString) {
// ASN.1 OpenSSL is always unencrypted
return UNENCRYPTED;
} else {
// Not OpenSSL
return null;
}
}
}
for (int i = 0; i < seq.size(); i++) {
if (!(seq.getObjectAt(i) instanceof ASN1Integer)) {
// Not OpenSSL
return null;
}
}
if ((seq.size() == 9) || (seq.size() == 6)) {
// ASN.1 OpenSSL is always unencrypted
return UNENCRYPTED;
}
}
} catch (IOException ex) {
// Not an OpenSSL file
return null;
}
// Not an OpenSSL file
return null;
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ByteArrayInputStream(java.io.ByteArrayInputStream)
PemInfo(org.kse.utilities.pem.PemInfo)
PemAttributes(org.kse.utilities.pem.PemAttributes)
BigInteger(java.math.BigInteger)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
Aggregations
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)84
IOException (java.io.IOException)39
DEROctetString (org.bouncycastle.asn1.DEROctetString)26
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)24
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)22
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)20
ByteArrayInputStream (java.io.ByteArrayInputStream)16
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)16
X509Certificate (java.security.cert.X509Certificate)15
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)15
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)15
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)14
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)12
Enumeration (java.util.Enumeration)12
DERBitString (org.bouncycastle.asn1.DERBitString)12
CertificateException (java.security.cert.CertificateException)11
DERBMPString (org.bouncycastle.asn1.DERBMPString)11
DERIA5String (org.bouncycastle.asn1.DERIA5String)11
DERSequence (org.bouncycastle.asn1.DERSequence)11
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)11
