Search in sources :

Example 66 with DERTaggedObject

use of org.bouncycastle.asn1.DERTaggedObject in project candlepin by candlepin.

the class X509CRLStreamWriter method updateExtensions.

/**
 * This method updates the crlNumber and authorityKeyIdentifier extensions.  Any
 * other extensions are copied over unchanged.
 * @param obj
 * @return
 * @throws IOException
 */
@SuppressWarnings("rawtypes")
protected byte[] updateExtensions(byte[] obj) throws IOException {
    ASN1TaggedObject taggedExts = (ASN1TaggedObject) new ASN1InputStream(obj).readObject();
    ASN1Sequence seq = (ASN1Sequence) taggedExts.getObject();
    ASN1EncodableVector modifiedExts = new ASN1EncodableVector();
    // Now we need to read the extensions and find the CRL number and increment it,
    // and determine if its length changed.
    Enumeration objs = seq.getObjects();
    while (objs.hasMoreElements()) {
        ASN1Sequence ext = (ASN1Sequence) objs.nextElement();
        ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) ext.getObjectAt(0);
        if (Extension.cRLNumber.equals(oid)) {
            ASN1OctetString s = (ASN1OctetString) ext.getObjectAt(1);
            ASN1Integer i = (ASN1Integer) new ASN1InputStream(s.getOctets()).readObject();
            ASN1Integer newCrlNumber = new ASN1Integer(i.getValue().add(BigInteger.ONE));
            Extension newNumberExt = new Extension(Extension.cRLNumber, false, new DEROctetString(newCrlNumber.getEncoded()));
            ASN1EncodableVector crlNumber = new ASN1EncodableVector();
            crlNumber.add(Extension.cRLNumber);
            crlNumber.add(newNumberExt.getExtnValue());
            modifiedExts.add(new DERSequence(crlNumber));
        } else if (Extension.authorityKeyIdentifier.equals(oid)) {
            Extension newAuthorityKeyExt = new Extension(Extension.authorityKeyIdentifier, false, aki.getEncoded());
            ASN1EncodableVector aki = new ASN1EncodableVector();
            aki.add(Extension.authorityKeyIdentifier);
            aki.add(newAuthorityKeyExt.getExtnValue());
            modifiedExts.add(new DERSequence(aki));
        } else {
            modifiedExts.add(ext);
        }
    }
    ASN1Sequence seqOut = new DERSequence(modifiedExts);
    ASN1TaggedObject out = new DERTaggedObject(true, 0, seqOut);
    return out.getEncoded();
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) Extension(org.bouncycastle.asn1.x509.Extension) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) Enumeration(java.util.Enumeration) DERSequence(org.bouncycastle.asn1.DERSequence) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 67 with DERTaggedObject

use of org.bouncycastle.asn1.DERTaggedObject in project candlepin by candlepin.

the class X509CRLStreamWriter method readAndReplaceTime.

/**
 * Replace a time in the ASN1 with the current time.
 *
 * @param out
 * @param tagNo
 * @return the time that was replaced
 * @throws IOException
 */
protected Date readAndReplaceTime(OutputStream out, int tagNo) throws IOException {
    int originalLength = readLength(crlIn, null);
    byte[] oldBytes = new byte[originalLength];
    readFullyAndTrack(crlIn, oldBytes, null);
    ASN1Object oldTime;
    ASN1Object newTime;
    if (tagNo == UTC_TIME) {
        ASN1TaggedObject t = new DERTaggedObject(UTC_TIME, new DEROctetString(oldBytes));
        oldTime = ASN1UTCTime.getInstance(t, false);
        newTime = new DERUTCTime(new Date());
    } else {
        ASN1TaggedObject t = new DERTaggedObject(GENERALIZED_TIME, new DEROctetString(oldBytes));
        oldTime = ASN1GeneralizedTime.getInstance(t, false);
        newTime = new DERGeneralizedTime(new Date());
    }
    writeNewTime(out, newTime, originalLength);
    return Time.getInstance(oldTime).getDate();
}
Also used : DERGeneralizedTime(org.bouncycastle.asn1.DERGeneralizedTime) DERUTCTime(org.bouncycastle.asn1.DERUTCTime) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) ASN1Object(org.bouncycastle.asn1.ASN1Object) DEROctetString(org.bouncycastle.asn1.DEROctetString) Date(java.util.Date)

Example 68 with DERTaggedObject

use of org.bouncycastle.asn1.DERTaggedObject in project keystore-explorer by kaikramer.

the class EccUtilTest method convertToECPrivateKeyStructure.

@ParameterizedTest
@ValueSource(strings = { // SEC curves
"secp112r1", "secp112r2", "secp128r1", "secp128r2", "secp160k1", "secp160r1", "secp160r2", "secp192k1", /* "secp192r1", = prime192v1 */
"secp224k1", "secp224r1", "secp256k1", /* "secp256r1", = prime256v1 */
"secp384r1", "secp521r1", "sect113r1", "sect113r2", "sect131r1", "sect131r2", "sect163k1", "sect163r1", "sect163r2", "sect193r1", "sect193r2", "sect233k1", "sect233r1", "sect239k1", "sect283k1", "sect283r1", "sect409k1", "sect409r1", "sect571k1", "sect571r1", // ANSI X9.62 curves
"prime192v1", "prime192v2", "prime192v3", "prime239v1", "prime239v2", "prime239v3", "prime256v1", "c2pnb163v1", "c2pnb163v2", "c2pnb163v3", "c2pnb176w1", "c2tnb191v1", "c2tnb191v2", "c2tnb191v3", "c2tnb239v1", "c2tnb239v2", "c2tnb239v3", "c2tnb359v1", "c2tnb431r1", "c2pnb208w1", "c2pnb272w1", "c2pnb304w1", "c2pnb368w1", // Brainpool curves
"brainpoolP160r1", "brainpoolP160t1", "brainpoolP192r1", "brainpoolP192t1", "brainpoolP224r1", "brainpoolP224t1", "brainpoolP256r1", "brainpoolP256t1", "brainpoolP320r1", "brainpoolP320t1", "brainpoolP384r1", "brainpoolP384t1", "brainpoolP512r1", "brainpoolP512t1" // NIST curves are a subset of SEC curves (not explicitly tested here)
})
public void convertToECPrivateKeyStructure(String curveName) throws Exception {
    KeyPair keyPair = KeyPairUtil.generateECKeyPair(curveName, BC);
    ECPrivateKey ecPrivateKey = (ECPrivateKey) keyPair.getPrivate();
    byte[] encoded = EccUtil.convertToECPrivateKeyStructure(ecPrivateKey).toASN1Primitive().getEncoded();
    // verify ASN.1 structure "ECPrivateKey" from RFC 5915:
    // 
    // ECPrivateKey ::= SEQUENCE {
    // version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
    // privateKey     OCTET STRING,
    // parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
    // publicKey  [1] BIT STRING OPTIONAL
    // }
    // 
    // ECParameters ::= CHOICE {
    // namedCurve         OBJECT IDENTIFIER
    // -- implicitCurve   NULL
    // -- specifiedCurve  SpecifiedECDomain
    // }
    // RFC 5480:
    // -- implicitCurve and specifiedCurve MUST NOT be used in PKIX.
    ASN1Sequence sequence = ASN1Sequence.getInstance(encoded);
    // check version of data structure
    BigInteger version = ((ASN1Integer) sequence.getObjectAt(0)).getValue();
    assertThat(version).isEqualTo(BigInteger.ONE);
    // next is an octet string with the key
    assertThat(sequence.getObjectAt(1)).isInstanceOf(ASN1OctetString.class);
    // check for existence of (optional) EC parameters
    ASN1Encodable tagged0 = sequence.getObjectAt(2);
    DERTaggedObject derTaggedObject = (DERTaggedObject) tagged0;
    assertThat(derTaggedObject.getTagNo()).isEqualTo(0);
    // check that EC parameters contain the right curve name
    ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) derTaggedObject.getObject();
    String resolvedCurveName = ObjectIdUtil.toString(oid);
    assertThat(resolvedCurveName).containsIgnoringCase(curveName);
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) KeyPair(java.security.KeyPair) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) BigInteger(java.math.BigInteger) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ValueSource(org.junit.jupiter.params.provider.ValueSource) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 69 with DERTaggedObject

use of org.bouncycastle.asn1.DERTaggedObject in project pdfbox by apache.

the class CertInformationHelper method getCrlUrlFromExtensionValue.

/**
 * Gets the first CRL Url from given extension value. Structure has to be build as in 4.2.1.14
 * CRL Distribution Points of RFC 2459.
 *
 * @param extensionValue to get the extension value from
 * @return first CRL- URL or null
 * @throws IOException when there is a problem with the extensionValue
 */
protected static String getCrlUrlFromExtensionValue(byte[] extensionValue) throws IOException {
    ASN1Sequence asn1Seq = (ASN1Sequence) X509ExtensionUtil.fromExtensionValue(extensionValue);
    Enumeration<?> objects = asn1Seq.getObjects();
    while (objects.hasMoreElements()) {
        DLSequence obj = (DLSequence) objects.nextElement();
        DERTaggedObject derTagged = (DERTaggedObject) obj.getObjectAt(0);
        derTagged = (DERTaggedObject) derTagged.getObject();
        derTagged = (DERTaggedObject) derTagged.getObject();
        DEROctetString uri = (DEROctetString) derTagged.getObject();
        String url = new String(uri.getOctets());
        // return first http(s)-Url for crl
        if (url.startsWith("http")) {
            return url;
        }
    }
    return null;
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DLSequence(org.bouncycastle.asn1.DLSequence) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) DEROctetString(org.bouncycastle.asn1.DEROctetString) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 70 with DERTaggedObject

use of org.bouncycastle.asn1.DERTaggedObject in project keepass2android by PhilippC.

the class SignedData method toASN1Object.

/**
 * Produce an object suitable for an ASN1OutputStream.
 * <pre>
 *  SignedData ::= SEQUENCE {
 *      version Version,
 *      digestAlgorithms DigestAlgorithmIdentifiers,
 *      contentInfo ContentInfo,
 *      certificates
 *          [0] IMPLICIT ExtendedCertificatesAndCertificates
 *                   OPTIONAL,
 *      crls
 *          [1] IMPLICIT CertificateRevocationLists OPTIONAL,
 *      signerInfos SignerInfos }
 * </pre>
 */
public DERObject toASN1Object() {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(version);
    v.add(digestAlgorithms);
    v.add(contentInfo);
    if (certificates != null) {
        v.add(new DERTaggedObject(false, 0, certificates));
    }
    if (crls != null) {
        v.add(new DERTaggedObject(false, 1, crls));
    }
    v.add(signerInfos);
    return new BERSequence(v);
}
Also used : DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) BERSequence(org.bouncycastle.asn1.BERSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)

Aggregations

DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)73 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)42 DERSequence (org.bouncycastle.asn1.DERSequence)40 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)22 DEROctetString (org.bouncycastle.asn1.DEROctetString)21 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)18 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)16 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)16 DLSequence (org.bouncycastle.asn1.DLSequence)14 IOException (java.io.IOException)11 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)11 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11 DERIA5String (org.bouncycastle.asn1.DERIA5String)10 GeneralName (org.bouncycastle.asn1.x509.GeneralName)10 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)9 BigInteger (java.math.BigInteger)7 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)7 BERSequence (org.bouncycastle.asn1.BERSequence)6 DERGeneralizedTime (org.bouncycastle.asn1.DERGeneralizedTime)6 DERSet (org.bouncycastle.asn1.DERSet)6