Search in sources :

Example 46 with DERBitString

use of org.bouncycastle.asn1.DERBitString in project android_frameworks_base by AOSPA.

the class ESTHandler method buildCSR.

private byte[] buildCSR(ByteBuffer octetBuffer, OMADMAdapter omadmAdapter, HTTPHandler httpHandler) throws IOException, GeneralSecurityException {
    //Security.addProvider(new BouncyCastleProvider());
    Log.d(TAG, "/csrattrs:");
    /*
        byte[] octets = new byte[octetBuffer.remaining()];
        octetBuffer.duplicate().get(octets);
        for (byte b : octets) {
            System.out.printf("%02x ", b & 0xff);
        }
        */
    Collection<Asn1Object> csrs = Asn1Decoder.decode(octetBuffer);
    for (Asn1Object asn1Object : csrs) {
        Log.d(TAG, asn1Object.toString());
    }
    if (csrs.size() != 1) {
        throw new IOException("Unexpected object count in CSR attributes response: " + csrs.size());
    }
    Asn1Object sequence = csrs.iterator().next();
    if (sequence.getClass() != Asn1Constructed.class) {
        throw new IOException("Unexpected CSR attribute container: " + sequence);
    }
    String keyAlgo = null;
    Asn1Oid keyAlgoOID = null;
    String sigAlgo = null;
    String curveName = null;
    Asn1Oid pubCrypto = null;
    int keySize = -1;
    Map<Asn1Oid, ASN1Encodable> idAttributes = new HashMap<>();
    for (Asn1Object child : sequence.getChildren()) {
        if (child.getTag() == Asn1Decoder.TAG_OID) {
            Asn1Oid oid = (Asn1Oid) child;
            OidMappings.SigEntry sigEntry = OidMappings.getSigEntry(oid);
            if (sigEntry != null) {
                sigAlgo = sigEntry.getSigAlgo();
                keyAlgoOID = sigEntry.getKeyAlgo();
                keyAlgo = OidMappings.getJCEName(keyAlgoOID);
            } else if (oid.equals(OidMappings.sPkcs9AtChallengePassword)) {
                byte[] tlsUnique = httpHandler.getTLSUnique();
                if (tlsUnique != null) {
                    idAttributes.put(oid, new DERPrintableString(Base64.encodeToString(tlsUnique, Base64.DEFAULT)));
                } else {
                    Log.w(TAG, "Cannot retrieve TLS unique channel binding");
                }
            }
        } else if (child.getTag() == Asn1Decoder.TAG_SEQ) {
            Asn1Oid oid = null;
            Set<Asn1Oid> oidValues = new HashSet<>();
            List<Asn1Object> values = new ArrayList<>();
            for (Asn1Object attributeSeq : child.getChildren()) {
                if (attributeSeq.getTag() == Asn1Decoder.TAG_OID) {
                    oid = (Asn1Oid) attributeSeq;
                } else if (attributeSeq.getTag() == Asn1Decoder.TAG_SET) {
                    for (Asn1Object value : attributeSeq.getChildren()) {
                        if (value.getTag() == Asn1Decoder.TAG_OID) {
                            oidValues.add((Asn1Oid) value);
                        } else {
                            values.add(value);
                        }
                    }
                }
            }
            if (oid == null) {
                throw new IOException("Invalid attribute, no OID");
            }
            if (oid.equals(OidMappings.sExtensionRequest)) {
                for (Asn1Oid subOid : oidValues) {
                    if (OidMappings.isIDAttribute(subOid)) {
                        if (subOid.equals(OidMappings.sMAC)) {
                            idAttributes.put(subOid, new DERIA5String(omadmAdapter.getMAC()));
                        } else if (subOid.equals(OidMappings.sIMEI)) {
                            idAttributes.put(subOid, new DERIA5String(omadmAdapter.getImei()));
                        } else if (subOid.equals(OidMappings.sMEID)) {
                            idAttributes.put(subOid, new DERBitString(omadmAdapter.getMeid()));
                        } else if (subOid.equals(OidMappings.sDevID)) {
                            idAttributes.put(subOid, new DERPrintableString(omadmAdapter.getDevID()));
                        }
                    }
                }
            } else if (OidMappings.getCryptoID(oid) != null) {
                pubCrypto = oid;
                if (!values.isEmpty()) {
                    for (Asn1Object value : values) {
                        if (value.getTag() == Asn1Decoder.TAG_INTEGER) {
                            keySize = (int) ((Asn1Integer) value).getValue();
                        }
                    }
                }
                if (oid.equals(OidMappings.sAlgo_EC)) {
                    if (oidValues.isEmpty()) {
                        throw new IOException("No ECC curve name provided");
                    }
                    for (Asn1Oid value : oidValues) {
                        curveName = OidMappings.getJCEName(value);
                        if (curveName != null) {
                            break;
                        }
                    }
                    if (curveName == null) {
                        throw new IOException("Found no ECC curve for " + oidValues);
                    }
                }
            }
        }
    }
    if (keyAlgoOID == null) {
        throw new IOException("No public key algorithm specified");
    }
    if (pubCrypto != null && !pubCrypto.equals(keyAlgoOID)) {
        throw new IOException("Mismatching key algorithms");
    }
    if (keyAlgoOID.equals(OidMappings.sAlgo_RSA)) {
        if (keySize < MinRSAKeySize) {
            if (keySize >= 0) {
                Log.i(TAG, "Upgrading suggested RSA key size from " + keySize + " to " + MinRSAKeySize);
            }
            keySize = MinRSAKeySize;
        }
    }
    Log.d(TAG, String.format("pub key '%s', signature '%s', ECC curve '%s', id-atts %s", keyAlgo, sigAlgo, curveName, idAttributes));
    /*
          Ruckus:
            SEQUENCE:
              OID=1.2.840.113549.1.1.11 (algo_id_sha256WithRSAEncryption)

          RFC-7030:
            SEQUENCE:
              OID=1.2.840.113549.1.9.7 (challengePassword)
              SEQUENCE:
                OID=1.2.840.10045.2.1 (algo_id_ecPublicKey)
                SET:
                  OID=1.3.132.0.34 (secp384r1)
              SEQUENCE:
                OID=1.2.840.113549.1.9.14 (extensionRequest)
                SET:
                  OID=1.3.6.1.1.1.1.22 (mac-address)
              OID=1.2.840.10045.4.3.3 (eccdaWithSHA384)

              1L, 3L, 6L, 1L, 1L, 1L, 1L, 22
         */
    // ECC Does not appear to be supported currently
    KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgo);
    if (curveName != null) {
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(keyAlgo);
        algorithmParameters.init(new ECNamedCurveGenParameterSpec(curveName));
        kpg.initialize(algorithmParameters.getParameterSpec(ECNamedCurveGenParameterSpec.class));
    } else {
        kpg.initialize(keySize);
    }
    KeyPair kp = kpg.generateKeyPair();
    X500Principal subject = new X500Principal("CN=Android, O=Google, C=US");
    mClientKey = kp.getPrivate();
    // !!! Map the idAttributes into an ASN1Set of values to pass to
    // the PKCS10CertificationRequest - this code is using outdated BC classes and
    // has *not* been tested.
    ASN1Set attributes;
    if (!idAttributes.isEmpty()) {
        ASN1EncodableVector payload = new DEREncodableVector();
        for (Map.Entry<Asn1Oid, ASN1Encodable> entry : idAttributes.entrySet()) {
            DERObjectIdentifier type = new DERObjectIdentifier(entry.getKey().toOIDString());
            ASN1Set values = new DERSet(entry.getValue());
            Attribute attribute = new Attribute(type, values);
            payload.add(attribute);
        }
        attributes = new DERSet(payload);
    } else {
        attributes = null;
    }
    return new PKCS10CertificationRequest(sigAlgo, subject, kp.getPublic(), attributes, mClientKey).getEncoded();
}
Also used : DERSet(com.android.org.bouncycastle.asn1.DERSet) ASN1Set(com.android.org.bouncycastle.asn1.ASN1Set) Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) Attribute(com.android.org.bouncycastle.asn1.x509.Attribute) DERBitString(com.android.org.bouncycastle.asn1.DERBitString) DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString) DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String) DERSet(com.android.org.bouncycastle.asn1.DERSet) DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String) Asn1Integer(com.android.hotspot2.asn1.Asn1Integer) DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString) ASN1EncodableVector(com.android.org.bouncycastle.asn1.ASN1EncodableVector) List(java.util.List) ArrayList(java.util.ArrayList) ASN1Encodable(com.android.org.bouncycastle.asn1.ASN1Encodable) PKCS10CertificationRequest(com.android.org.bouncycastle.jce.PKCS10CertificationRequest) Asn1Oid(com.android.hotspot2.asn1.Asn1Oid) KeyPair(java.security.KeyPair) ECNamedCurveGenParameterSpec(com.android.org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec) DEREncodableVector(com.android.org.bouncycastle.asn1.DEREncodableVector) DERBitString(com.android.org.bouncycastle.asn1.DERBitString) IOException(java.io.IOException) KeyPairGenerator(java.security.KeyPairGenerator) DERObjectIdentifier(com.android.org.bouncycastle.asn1.DERObjectIdentifier) Asn1Object(com.android.hotspot2.asn1.Asn1Object) OidMappings(com.android.hotspot2.asn1.OidMappings) ASN1Set(com.android.org.bouncycastle.asn1.ASN1Set) X500Principal(javax.security.auth.x500.X500Principal) Map(java.util.Map) HashMap(java.util.HashMap) AlgorithmParameters(java.security.AlgorithmParameters)

Example 47 with DERBitString

use of org.bouncycastle.asn1.DERBitString in project robovm by robovm.

the class BCECPublicKey method populateFromPubKeyInfo.

private void populateFromPubKeyInfo(SubjectPublicKeyInfo info) {
    X962Parameters params = new X962Parameters((ASN1Primitive) info.getAlgorithm().getParameters());
    ECCurve curve;
    EllipticCurve ellipticCurve;
    if (params.isNamedCurve()) {
        ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) params.getParameters();
        X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid);
        curve = ecP.getCurve();
        ellipticCurve = EC5Util.convertCurve(curve, ecP.getSeed());
        ecSpec = new ECNamedCurveSpec(ECUtil.getCurveName(oid), ellipticCurve, new ECPoint(ecP.getG().getX().toBigInteger(), ecP.getG().getY().toBigInteger()), ecP.getN(), ecP.getH());
    } else if (params.isImplicitlyCA()) {
        ecSpec = null;
        curve = configuration.getEcImplicitlyCa().getCurve();
    } else {
        X9ECParameters ecP = X9ECParameters.getInstance(params.getParameters());
        curve = ecP.getCurve();
        ellipticCurve = EC5Util.convertCurve(curve, ecP.getSeed());
        this.ecSpec = new ECParameterSpec(ellipticCurve, new ECPoint(ecP.getG().getX().toBigInteger(), ecP.getG().getY().toBigInteger()), ecP.getN(), ecP.getH().intValue());
    }
    DERBitString bits = info.getPublicKeyData();
    byte[] data = bits.getBytes();
    ASN1OctetString key = new DEROctetString(data);
    //
    if (data[0] == 0x04 && data[1] == data.length - 2 && (data[2] == 0x02 || data[2] == 0x03)) {
        int qLength = new X9IntegerConverter().getByteLength(curve);
        if (qLength >= data.length - 3) {
            try {
                key = (ASN1OctetString) ASN1Primitive.fromByteArray(data);
            } catch (IOException ex) {
                throw new IllegalArgumentException("error recovering public key");
            }
        }
    }
    X9ECPoint derQ = new X9ECPoint(curve, key);
    this.q = derQ.getPoint();
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters) X9IntegerConverter(org.bouncycastle.asn1.x9.X9IntegerConverter) DERBitString(org.bouncycastle.asn1.DERBitString) IOException(java.io.IOException) X9ECPoint(org.bouncycastle.asn1.x9.X9ECPoint) ECPoint(java.security.spec.ECPoint) DEROctetString(org.bouncycastle.asn1.DEROctetString) X9ECPoint(org.bouncycastle.asn1.x9.X9ECPoint) ECPoint(java.security.spec.ECPoint) X962Parameters(org.bouncycastle.asn1.x9.X962Parameters) EllipticCurve(java.security.spec.EllipticCurve) ECParameterSpec(java.security.spec.ECParameterSpec) X9ECPoint(org.bouncycastle.asn1.x9.X9ECPoint) ECCurve(org.bouncycastle.math.ec.ECCurve) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ECNamedCurveSpec(org.bouncycastle.jce.spec.ECNamedCurveSpec)

Example 48 with DERBitString

use of org.bouncycastle.asn1.DERBitString in project robovm by robovm.

the class PKCS10CertificationRequest method getPublicKey.

public PublicKey getPublicKey(String provider) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException {
    SubjectPublicKeyInfo subjectPKInfo = reqInfo.getSubjectPublicKeyInfo();
    try {
        X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString(subjectPKInfo).getBytes());
        AlgorithmIdentifier keyAlg = subjectPKInfo.getAlgorithm();
        try {
            if (provider == null) {
                return KeyFactory.getInstance(keyAlg.getAlgorithm().getId()).generatePublic(xspec);
            } else {
                return KeyFactory.getInstance(keyAlg.getAlgorithm().getId(), provider).generatePublic(xspec);
            }
        } catch (NoSuchAlgorithmException e) {
            //
            if (keyAlgorithms.get(keyAlg.getObjectId()) != null) {
                String keyAlgorithm = (String) keyAlgorithms.get(keyAlg.getObjectId());
                if (provider == null) {
                    return KeyFactory.getInstance(keyAlgorithm).generatePublic(xspec);
                } else {
                    return KeyFactory.getInstance(keyAlgorithm, provider).generatePublic(xspec);
                }
            }
            throw e;
        }
    } catch (InvalidKeySpecException e) {
        throw new InvalidKeyException("error decoding public key");
    } catch (IOException e) {
        throw new InvalidKeyException("error decoding public key");
    }
}
Also used : X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) DERBitString(org.bouncycastle.asn1.DERBitString) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) DERBitString(org.bouncycastle.asn1.DERBitString) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) IOException(java.io.IOException) InvalidKeyException(java.security.InvalidKeyException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 49 with DERBitString

use of org.bouncycastle.asn1.DERBitString in project robovm by robovm.

the class NetscapeCertRequest method toASN1Primitive.

public ASN1Primitive toASN1Primitive() {
    ASN1EncodableVector spkac = new ASN1EncodableVector();
    ASN1EncodableVector pkac = new ASN1EncodableVector();
    try {
        pkac.add(getKeySpec());
    } catch (Exception e) {
    //ignore
    }
    pkac.add(new DERIA5String(challenge));
    spkac.add(new DERSequence(pkac));
    spkac.add(sigAlg);
    spkac.add(new DERBitString(sigBits));
    return new DERSequence(spkac);
}
Also used : DERIA5String(org.bouncycastle.asn1.DERIA5String) DERSequence(org.bouncycastle.asn1.DERSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) DERBitString(org.bouncycastle.asn1.DERBitString) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) SignatureException(java.security.SignatureException) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) NoSuchProviderException(java.security.NoSuchProviderException)

Example 50 with DERBitString

use of org.bouncycastle.asn1.DERBitString in project robovm by robovm.

the class X509CertificateObject method getSubjectUniqueID.

public boolean[] getSubjectUniqueID() {
    DERBitString id = c.getTBSCertificate().getSubjectUniqueId();
    if (id != null) {
        byte[] bytes = id.getBytes();
        boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()];
        for (int i = 0; i != boolId.length; i++) {
            boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
        }
        return boolId;
    }
    return null;
}
Also used : DERBitString(org.bouncycastle.asn1.DERBitString)

Aggregations

DERBitString (org.bouncycastle.asn1.DERBitString)54 IOException (java.io.IOException)22 DERSequence (org.bouncycastle.asn1.DERSequence)19 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)17 DERIA5String (org.bouncycastle.asn1.DERIA5String)14 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)12 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11 DEROctetString (org.bouncycastle.asn1.DEROctetString)11 ASN1EncodableVector (com.android.org.bouncycastle.asn1.ASN1EncodableVector)10 DERBitString (com.android.org.bouncycastle.asn1.DERBitString)10 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)9 InvalidKeyException (java.security.InvalidKeyException)7 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)7 KeyPair (java.security.KeyPair)6 KeyPairGenerator (java.security.KeyPairGenerator)6 ArrayList (java.util.ArrayList)6 X500Principal (javax.security.auth.x500.X500Principal)6 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)6 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)5