Examples with DERTaggedObject org.bouncycastle.asn1.DERTaggedObject used on opensource projects

Example 41 with DERTaggedObject

use of org.bouncycastle.asn1.DERTaggedObject in project xabber-android by redsolution.

the class CustomDomainVerifier method parseOtherName.

private static Pair<String, String> parseOtherName(byte[] otherName) {
    try {
        ASN1Primitive asn1Primitive = ASN1Primitive.fromByteArray(otherName);
        if (asn1Primitive instanceof DERTaggedObject) {
            ASN1Primitive inner = ((DERTaggedObject) asn1Primitive).getObject();
            if (inner instanceof DLSequence) {
                DLSequence sequence = (DLSequence) inner;
                if (sequence.size() >= 2 && sequence.getObjectAt(1) instanceof DERTaggedObject) {
                    String oid = sequence.getObjectAt(0).toString();
                    ASN1Primitive value = ((DERTaggedObject) sequence.getObjectAt(1)).getObject();
                    if (value instanceof DERUTF8String) {
                        return new Pair<>(oid, ((DERUTF8String) value).getString());
                    } else if (value instanceof DERIA5String) {
                        return new Pair<>(oid, ((DERIA5String) value).getString());
                    }
                }
            }
        }
        return null;
    } catch (IOException e) {
        return null;
    }
}

Example 42 with DERTaggedObject

use of org.bouncycastle.asn1.DERTaggedObject in project Openfire by igniterealtime.

the class CertificateManager method createSigningRequest.

/**
 * Creates and returns the content of a new singing request for the specified certificate. Signing
 * requests are required by Certificate Authorities as part of their signing process. The signing request
 * contains information about the certificate issuer, subject DN, subject alternative names and public key.
 * Private keys are not included. After the Certificate Authority verified and signed the certificate a new
 * certificate is going to be returned.
 *
 * @param cert the certificate to create a signing request.
 * @param privKey the private key of the certificate.
 * @return the content of a new singing request for the specified certificate.
 * @throws OperatorCreationException if there was a problem creating the CSR
 * @throws IOException if there was a problem creating the CSR
 * @throws CertificateParsingException if there was a problem creating the CSR
 */
public static String createSigningRequest(X509Certificate cert, PrivateKey privKey) throws OperatorCreationException, IOException, CertificateParsingException {
    JcaPKCS10CertificationRequestBuilder csrBuilder = new // 
    JcaPKCS10CertificationRequestBuilder(// 
    cert.getSubjectX500Principal(), // 
    cert.getPublicKey());
    // Add SubjectAlternativeNames (SANs)
    final ASN1EncodableVector subjectAlternativeNames = new ASN1EncodableVector();
    final Collection<List<?>> certSans = cert.getSubjectAlternativeNames();
    if (certSans != null) {
        for (final List<?> certSan : certSans) {
            final int nameType = (Integer) certSan.get(0);
            // this is either a string, or a byte-array that represents the ASN.1 DER encoded form.
            final Object value = certSan.get(1);
            switch(nameType) {
                case 0:
                    // OtherName: search for "id-on-xmppAddr" or 'sRVName' or 'userPrincipalName'
                    try (final ASN1InputStream decoder = new ASN1InputStream((byte[]) value)) {
                        // By specification, OtherName instances must always be an ASN.1 Sequence.
                        final ASN1Primitive object = decoder.readObject();
                        final ASN1Sequence otherNameSeq = (ASN1Sequence) object;
                        // By specification, an OtherName instance consists of:
                        // - the type-id (which is an Object Identifier), followed by:
                        // - a tagged value, of which the tag number is 0 (zero) and the value is defined by the type-id.
                        final ASN1ObjectIdentifier typeId = (ASN1ObjectIdentifier) otherNameSeq.getObjectAt(0);
                        final ASN1TaggedObject taggedValue = (ASN1TaggedObject) otherNameSeq.getObjectAt(1);
                        final int tagNo = taggedValue.getTagNo();
                        if (tagNo != 0) {
                            throw new IllegalArgumentException("subjectAltName 'otherName' sequence's second object is expected to be a tagged value of which the tag number is 0. The tag number that was detected: " + tagNo);
                        }
                        subjectAlternativeNames.add(new DERTaggedObject(false, GeneralName.otherName, new DERSequence(new ASN1Encodable[] { typeId, taggedValue })));
                    } catch (Exception e) {
                        Log.warn("Unable to parse certificate SAN 'otherName' value", e);
                    }
                    break;
                case 2:
                    // DNS
                    subjectAlternativeNames.add(new GeneralName(GeneralName.dNSName, (String) value));
                    break;
                case 6:
                    // URI
                    subjectAlternativeNames.add(new GeneralName(GeneralName.uniformResourceIdentifier, (String) value));
                    break;
                default:
                    // Not applicable to XMPP, so silently ignore them
                    break;
            }
        }
    }
    final GeneralNames subjectAltNames = GeneralNames.getInstance(new DERSequence(subjectAlternativeNames));
    final ExtensionsGenerator extGen = new ExtensionsGenerator();
    extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
    csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
    String signatureAlgorithm = "SHA256WITH" + cert.getPublicKey().getAlgorithm();
    ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(privKey);
    PKCS10CertificationRequest csr = csrBuilder.build(signer);
    StringWriter string = new StringWriter();
    PemWriter pemWriter = new PemWriter(string);
    PemObjectGenerator objGen = new MiscPEMGenerator(csr);
    pemWriter.writeObject(objGen);
    pemWriter.close();
    return string.toString();
}

Example 43 with DERTaggedObject

use of org.bouncycastle.asn1.DERTaggedObject in project robovm by robovm.

the class V3TBSCertificateGenerator method generateTBSCertificate.

public TBSCertificate generateTBSCertificate() {
    if ((serialNumber == null) || (signature == null) || (issuer == null) || (startDate == null) || (endDate == null) || (subject == null && !altNamePresentAndCritical) || (subjectPublicKeyInfo == null)) {
        throw new IllegalStateException("not all mandatory fields set in V3 TBScertificate generator");
    }
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(version);
    v.add(serialNumber);
    v.add(signature);
    v.add(issuer);
    //
    // before and after dates
    //
    ASN1EncodableVector validity = new ASN1EncodableVector();
    validity.add(startDate);
    validity.add(endDate);
    v.add(new DERSequence(validity));
    if (subject != null) {
        v.add(subject);
    } else {
        v.add(new DERSequence());
    }
    v.add(subjectPublicKeyInfo);
    if (issuerUniqueID != null) {
        v.add(new DERTaggedObject(false, 1, issuerUniqueID));
    }
    if (subjectUniqueID != null) {
        v.add(new DERTaggedObject(false, 2, subjectUniqueID));
    }
    if (extensions != null) {
        v.add(new DERTaggedObject(true, 3, extensions));
    }
    return TBSCertificate.getInstance(new DERSequence(v));
}

Example 44 with DERTaggedObject

use of org.bouncycastle.asn1.DERTaggedObject in project robovm by robovm.

the class GeneralSubtree method toASN1Primitive.

/**
     * Produce an object suitable for an ASN1OutputStream.
     * 
     * Returns:
     * 
     * <pre>
     *       GeneralSubtree ::= SEQUENCE 
     *       {
     *         base                    GeneralName,
     *         minimum         [0]     BaseDistance DEFAULT 0,
     *         maximum         [1]     BaseDistance OPTIONAL 
     *       }
     * </pre>
     * 
     * @return a ASN1Primitive
     */
public ASN1Primitive toASN1Primitive() {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(base);
    if (minimum != null && !minimum.getValue().equals(ZERO)) {
        v.add(new DERTaggedObject(false, 0, minimum));
    }
    if (maximum != null) {
        v.add(new DERTaggedObject(false, 1, maximum));
    }
    return new DERSequence(v);
}

Example 45 with DERTaggedObject

use of org.bouncycastle.asn1.DERTaggedObject in project XobotOS by xamarin.

the class SignedData method toASN1Object.

/**
     * Produce an object suitable for an ASN1OutputStream.
     * <pre>
     *  SignedData ::= SEQUENCE {
     *      version Version,
     *      digestAlgorithms DigestAlgorithmIdentifiers,
     *      contentInfo ContentInfo,
     *      certificates
     *          [0] IMPLICIT ExtendedCertificatesAndCertificates
     *                   OPTIONAL,
     *      crls
     *          [1] IMPLICIT CertificateRevocationLists OPTIONAL,
     *      signerInfos SignerInfos }
     * </pre>
     */
public DERObject toASN1Object() {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(version);
    v.add(digestAlgorithms);
    v.add(contentInfo);
    if (certificates != null) {
        v.add(new DERTaggedObject(false, 0, certificates));
    }
    if (crls != null) {
        v.add(new DERTaggedObject(false, 1, crls));
    }
    v.add(signerInfos);
    return new BERSequence(v);
}