Examples with ASN1OctetString org.bouncycastle.asn1.ASN1OctetString used on opensource projects

Example 26 with ASN1OctetString

use of org.bouncycastle.asn1.ASN1OctetString in project keystore-explorer by kaikramer.

the class Pkcs8Util method getEncryptionType.

/**
 * Detect if a PKCS #8 private key is encrypted or not.
 *
 * @param is
 *            Input stream containing PKCS #8 private key
 * @return Encryption type or null if not a valid PKCS #8 private key
 * @throws IOException
 *             If an I/O problem occurred
 */
public static EncryptionType getEncryptionType(InputStream is) throws IOException {
    byte[] pkcs8 = ReadUtil.readFully(is);
    PemInfo pemInfo = PemUtil.decode(new ByteArrayInputStream(pkcs8));
    // PEM encoded?
    if (pemInfo != null) {
        String pemType = pemInfo.getType();
        // Encrypted in pem format?
        if (pemType.equals(Pkcs8Util.PKCS8_ENC_PVK_PEM_TYPE)) {
            return ENCRYPTED;
        } else // Unencrypted in pem format?
        if (pemType.equals(Pkcs8Util.PKCS8_UNENC_PVK_PEM_TYPE)) {
            return UNENCRYPTED;
        }
    }
    // In ASN.1 format?
    try {
        // Read in an ASN.1 and check structure against the following
        ASN1Primitive key = ASN1Primitive.fromByteArray(pkcs8);
        if (key instanceof ASN1Sequence) {
            ASN1Sequence sequence = (ASN1Sequence) key;
            // May be unencrypted
            if ((sequence.size() == 3) || (sequence.size() == 4)) {
                // @formatter:off
                /*
					 * Unencrypted PKCS #8 Private Key:
					 *
					 * PrivateKeyInfo ::= ASN1Sequence { version Version,
					 * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
					 * privateKey PrivateKey, attributes [0] IMPLICIT Attributes
					 * OPTIONAL }
					 *
					 * Version ::= ASN1Integer PrivateKeyAlgorithmIdentifier ::=
					 * AlgorithmIdentifier PrivateKey ::= OCTET STRING
					 * Attributes ::= SET OF Attribute
					 */
                // @formatter:on
                Object obj1 = sequence.getObjectAt(0);
                Object obj2 = sequence.getObjectAt(1);
                Object obj3 = sequence.getObjectAt(2);
                if (!(obj1 instanceof ASN1Integer)) {
                    return null;
                }
                ASN1Integer version = (ASN1Integer) obj1;
                if (!version.getValue().equals(BigInteger.ZERO)) {
                    return null;
                }
                if (!(obj2 instanceof ASN1Sequence)) {
                    return null;
                }
                if (!sequenceIsAlgorithmIdentifier((ASN1Sequence) obj2)) {
                    return null;
                }
                if (!(obj3 instanceof ASN1OctetString)) {
                    return null;
                }
                return UNENCRYPTED;
            } else // May be encrypted
            if (sequence.size() == 2) {
                // @formatter:off
                /*
					 * Encrypted PKCS #8 Private Key:
					 *
					 * EncryptedPrivateKeyInfo ::= ASN1Sequence {
					 * encryptionAlgorithm EncryptionAlgorithmIdentifier,
					 * encryptedData EncryptedData }
					 *
					 * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
					 * EncryptedData ::= OCTET STRING
					 */
                // @formatter:on
                Object obj1 = sequence.getObjectAt(0);
                Object obj2 = sequence.getObjectAt(1);
                if (!(obj1 instanceof ASN1Sequence)) {
                    return null;
                }
                if (!sequenceIsAlgorithmIdentifier((ASN1Sequence) obj1)) {
                    return null;
                }
                if (!(obj2 instanceof ASN1OctetString)) {
                    return null;
                }
                return ENCRYPTED;
            }
        }
    } catch (Exception ex) {
        // Structure not as expected for PKCS #8
        return null;
    }
    return null;
}

Example 27 with ASN1OctetString

use of org.bouncycastle.asn1.ASN1OctetString in project keystore-explorer by kaikramer.

the class Asn1Dump method dumpOctetString.

private String dumpOctetString(ASN1OctetString asn1OctetString) throws IOException {
    StringBuilder sb = new StringBuilder();
    byte[] bytes = asn1OctetString.getOctets();
    sb.append(indentSequence.toString(indentLevel));
    sb.append("OCTET STRING");
    try {
        String encapsulated = dump(bytes);
        sb.append(", encapsulates:");
        sb.append(NEWLINE);
        sb.append(encapsulated);
    } catch (Exception e) {
        sb.append("=");
        if (bytes.length < 8) {
            sb.append(HexUtil.getHexString(bytes));
        } else {
            sb.append(NEWLINE);
            sb.append(dumpHexClear(bytes));
        }
    }
    sb.append(NEWLINE);
    return sb.toString();
}

Example 28 with ASN1OctetString

use of org.bouncycastle.asn1.ASN1OctetString in project keystore-explorer by kaikramer.

the class Asn1Dump method dump.

/**
 * Get dump of the supplied X.509 extension.
 *
 * @param extension
 *            X.509 extension
 * @return Dump of extension
 * @throws Asn1Exception
 *             A problem was encountered getting the ASN.1 dump
 * @throws IOException
 *             If an I/O problem occurred
 */
public String dump(X509Ext extension) throws Asn1Exception, IOException {
    try {
        ASN1OctetString octetString = ASN1OctetString.getInstance(extension.getValue());
        byte[] octets = octetString.getOctets();
        return dump(octets);
    } catch (IOException ex) {
        throw new Asn1Exception(res.getString("NoAsn1DumpObject.exception.message"), ex);
    }
}

Example 29 with ASN1OctetString

use of org.bouncycastle.asn1.ASN1OctetString in project xipki by xipki.

the class CmpCaClient method transmit.

private PKIMessage transmit(ProtectedPKIMessage request) throws Exception {
    byte[] encodedResponse = send(request.toASN1Structure().getEncoded());
    GeneralPKIMessage response = new GeneralPKIMessage(encodedResponse);
    PKIHeader reqHeader = request.getHeader();
    PKIHeader respHeader = response.getHeader();
    ASN1OctetString tid = reqHeader.getTransactionID();
    if (!tid.equals(respHeader.getTransactionID())) {
        throw new Exception("response.transactionId != request.transactionId");
    }
    ASN1OctetString senderNonce = reqHeader.getSenderNonce();
    if (!senderNonce.equals(respHeader.getRecipNonce())) {
        throw new Exception("response.recipientNonce != request.senderNonce");
    }
    GeneralName rec = respHeader.getRecipient();
    if (!requestorSubject.equals(rec)) {
        throw new Exception("unknown CMP requestor " + rec.toString());
    }
    if (!response.hasProtection()) {
        PKIBody respBody = response.getBody();
        int bodyType = respBody.getType();
        if (bodyType != PKIBody.TYPE_ERROR) {
            throw new Exception("response is not signed");
        }
    }
    if (verifyProtection(response)) {
        return response.toASN1Structure();
    }
    throw new Exception("invalid signature in PKI protection");
}

Example 30 with ASN1OctetString

use of org.bouncycastle.asn1.ASN1OctetString in project xipki by xipki.

the class CmpResponder method buildErrorPkiMessage.

// method addProtection
protected PKIMessage buildErrorPkiMessage(ASN1OctetString tid, PKIHeader requestHeader, int failureCode, String statusText) {
    GeneralName respRecipient = requestHeader.getSender();
    PKIHeaderBuilder respHeader = new PKIHeaderBuilder(requestHeader.getPvno().getValue().intValue(), getSender(), respRecipient);
    respHeader.setMessageTime(new ASN1GeneralizedTime(new Date()));
    if (tid != null) {
        respHeader.setTransactionID(tid);
    }
    ASN1OctetString senderNonce = requestHeader.getSenderNonce();
    if (senderNonce != null) {
        respHeader.setRecipNonce(senderNonce);
    }
    PKIStatusInfo status = generateRejectionStatus(failureCode, statusText);
    ErrorMsgContent error = new ErrorMsgContent(status);
    PKIBody body = new PKIBody(PKIBody.TYPE_ERROR, error);
    return new PKIMessage(respHeader.build(), body);
}