Search in sources :

Example 41 with DERTaggedObject

use of org.bouncycastle.asn1.DERTaggedObject in project xabber-android by redsolution.

the class CustomDomainVerifier method parseOtherName.

private static Pair<String, String> parseOtherName(byte[] otherName) {
    try {
        ASN1Primitive asn1Primitive = ASN1Primitive.fromByteArray(otherName);
        if (asn1Primitive instanceof DERTaggedObject) {
            ASN1Primitive inner = ((DERTaggedObject) asn1Primitive).getObject();
            if (inner instanceof DLSequence) {
                DLSequence sequence = (DLSequence) inner;
                if (sequence.size() >= 2 && sequence.getObjectAt(1) instanceof DERTaggedObject) {
                    String oid = sequence.getObjectAt(0).toString();
                    ASN1Primitive value = ((DERTaggedObject) sequence.getObjectAt(1)).getObject();
                    if (value instanceof DERUTF8String) {
                        return new Pair<>(oid, ((DERUTF8String) value).getString());
                    } else if (value instanceof DERIA5String) {
                        return new Pair<>(oid, ((DERIA5String) value).getString());
                    }
                }
            }
        }
        return null;
    } catch (IOException e) {
        return null;
    }
}
Also used : DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERIA5String(org.bouncycastle.asn1.DERIA5String) DLSequence(org.bouncycastle.asn1.DLSequence) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) IOException(java.io.IOException) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) Pair(android.util.Pair)

Example 42 with DERTaggedObject

use of org.bouncycastle.asn1.DERTaggedObject in project Openfire by igniterealtime.

the class CertificateManager method createSigningRequest.

/**
 * Creates and returns the content of a new singing request for the specified certificate. Signing
 * requests are required by Certificate Authorities as part of their signing process. The signing request
 * contains information about the certificate issuer, subject DN, subject alternative names and public key.
 * Private keys are not included. After the Certificate Authority verified and signed the certificate a new
 * certificate is going to be returned.
 *
 * @param cert the certificate to create a signing request.
 * @param privKey the private key of the certificate.
 * @return the content of a new singing request for the specified certificate.
 * @throws OperatorCreationException if there was a problem creating the CSR
 * @throws IOException if there was a problem creating the CSR
 * @throws CertificateParsingException if there was a problem creating the CSR
 */
public static String createSigningRequest(X509Certificate cert, PrivateKey privKey) throws OperatorCreationException, IOException, CertificateParsingException {
    JcaPKCS10CertificationRequestBuilder csrBuilder = new // 
    JcaPKCS10CertificationRequestBuilder(// 
    cert.getSubjectX500Principal(), // 
    cert.getPublicKey());
    // Add SubjectAlternativeNames (SANs)
    final ASN1EncodableVector subjectAlternativeNames = new ASN1EncodableVector();
    final Collection<List<?>> certSans = cert.getSubjectAlternativeNames();
    if (certSans != null) {
        for (final List<?> certSan : certSans) {
            final int nameType = (Integer) certSan.get(0);
            // this is either a string, or a byte-array that represents the ASN.1 DER encoded form.
            final Object value = certSan.get(1);
            switch(nameType) {
                case 0:
                    // OtherName: search for "id-on-xmppAddr" or 'sRVName' or 'userPrincipalName'
                    try (final ASN1InputStream decoder = new ASN1InputStream((byte[]) value)) {
                        // By specification, OtherName instances must always be an ASN.1 Sequence.
                        final ASN1Primitive object = decoder.readObject();
                        final ASN1Sequence otherNameSeq = (ASN1Sequence) object;
                        // By specification, an OtherName instance consists of:
                        // - the type-id (which is an Object Identifier), followed by:
                        // - a tagged value, of which the tag number is 0 (zero) and the value is defined by the type-id.
                        final ASN1ObjectIdentifier typeId = (ASN1ObjectIdentifier) otherNameSeq.getObjectAt(0);
                        final ASN1TaggedObject taggedValue = (ASN1TaggedObject) otherNameSeq.getObjectAt(1);
                        final int tagNo = taggedValue.getTagNo();
                        if (tagNo != 0) {
                            throw new IllegalArgumentException("subjectAltName 'otherName' sequence's second object is expected to be a tagged value of which the tag number is 0. The tag number that was detected: " + tagNo);
                        }
                        subjectAlternativeNames.add(new DERTaggedObject(false, GeneralName.otherName, new DERSequence(new ASN1Encodable[] { typeId, taggedValue })));
                    } catch (Exception e) {
                        Log.warn("Unable to parse certificate SAN 'otherName' value", e);
                    }
                    break;
                case 2:
                    // DNS
                    subjectAlternativeNames.add(new GeneralName(GeneralName.dNSName, (String) value));
                    break;
                case 6:
                    // URI
                    subjectAlternativeNames.add(new GeneralName(GeneralName.uniformResourceIdentifier, (String) value));
                    break;
                default:
                    // Not applicable to XMPP, so silently ignore them
                    break;
            }
        }
    }
    final GeneralNames subjectAltNames = GeneralNames.getInstance(new DERSequence(subjectAlternativeNames));
    final ExtensionsGenerator extGen = new ExtensionsGenerator();
    extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
    csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
    String signatureAlgorithm = "SHA256WITH" + cert.getPublicKey().getAlgorithm();
    ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(privKey);
    PKCS10CertificationRequest csr = csrBuilder.build(signer);
    StringWriter string = new StringWriter();
    PemWriter pemWriter = new PemWriter(string);
    PemObjectGenerator objGen = new MiscPEMGenerator(csr);
    pemWriter.writeObject(objGen);
    pemWriter.close();
    return string.toString();
}
Also used : JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) PemObjectGenerator(org.bouncycastle.util.io.pem.PemObjectGenerator) CopyOnWriteArrayList(java.util.concurrent.CopyOnWriteArrayList) PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) PemWriter(org.bouncycastle.util.io.pem.PemWriter) ContentSigner(org.bouncycastle.operator.ContentSigner) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) CertException(org.bouncycastle.cert.CertException) CertificateParsingException(java.security.cert.CertificateParsingException) PKCSException(org.bouncycastle.pkcs.PKCSException) CertificateException(java.security.cert.CertificateException) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator) BigInteger(java.math.BigInteger) JcaMiscPEMGenerator(org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) GeneralName(org.bouncycastle.asn1.x509.GeneralName)

Example 43 with DERTaggedObject

use of org.bouncycastle.asn1.DERTaggedObject in project robovm by robovm.

the class V3TBSCertificateGenerator method generateTBSCertificate.

public TBSCertificate generateTBSCertificate() {
    if ((serialNumber == null) || (signature == null) || (issuer == null) || (startDate == null) || (endDate == null) || (subject == null && !altNamePresentAndCritical) || (subjectPublicKeyInfo == null)) {
        throw new IllegalStateException("not all mandatory fields set in V3 TBScertificate generator");
    }
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(version);
    v.add(serialNumber);
    v.add(signature);
    v.add(issuer);
    //
    // before and after dates
    //
    ASN1EncodableVector validity = new ASN1EncodableVector();
    validity.add(startDate);
    validity.add(endDate);
    v.add(new DERSequence(validity));
    if (subject != null) {
        v.add(subject);
    } else {
        v.add(new DERSequence());
    }
    v.add(subjectPublicKeyInfo);
    if (issuerUniqueID != null) {
        v.add(new DERTaggedObject(false, 1, issuerUniqueID));
    }
    if (subjectUniqueID != null) {
        v.add(new DERTaggedObject(false, 2, subjectUniqueID));
    }
    if (extensions != null) {
        v.add(new DERTaggedObject(true, 3, extensions));
    }
    return TBSCertificate.getInstance(new DERSequence(v));
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)

Example 44 with DERTaggedObject

use of org.bouncycastle.asn1.DERTaggedObject in project robovm by robovm.

the class GeneralSubtree method toASN1Primitive.

/**
     * Produce an object suitable for an ASN1OutputStream.
     * 
     * Returns:
     * 
     * <pre>
     *       GeneralSubtree ::= SEQUENCE 
     *       {
     *         base                    GeneralName,
     *         minimum         [0]     BaseDistance DEFAULT 0,
     *         maximum         [1]     BaseDistance OPTIONAL 
     *       }
     * </pre>
     * 
     * @return a ASN1Primitive
     */
public ASN1Primitive toASN1Primitive() {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(base);
    if (minimum != null && !minimum.getValue().equals(ZERO)) {
        v.add(new DERTaggedObject(false, 0, minimum));
    }
    if (maximum != null) {
        v.add(new DERTaggedObject(false, 1, maximum));
    }
    return new DERSequence(v);
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)

Example 45 with DERTaggedObject

use of org.bouncycastle.asn1.DERTaggedObject in project XobotOS by xamarin.

the class SignedData method toASN1Object.

/**
     * Produce an object suitable for an ASN1OutputStream.
     * <pre>
     *  SignedData ::= SEQUENCE {
     *      version Version,
     *      digestAlgorithms DigestAlgorithmIdentifiers,
     *      contentInfo ContentInfo,
     *      certificates
     *          [0] IMPLICIT ExtendedCertificatesAndCertificates
     *                   OPTIONAL,
     *      crls
     *          [1] IMPLICIT CertificateRevocationLists OPTIONAL,
     *      signerInfos SignerInfos }
     * </pre>
     */
public DERObject toASN1Object() {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(version);
    v.add(digestAlgorithms);
    v.add(contentInfo);
    if (certificates != null) {
        v.add(new DERTaggedObject(false, 0, certificates));
    }
    if (crls != null) {
        v.add(new DERTaggedObject(false, 1, crls));
    }
    v.add(signerInfos);
    return new BERSequence(v);
}
Also used : DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) BERSequence(org.bouncycastle.asn1.BERSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)

Aggregations

DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)73 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)42 DERSequence (org.bouncycastle.asn1.DERSequence)40 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)22 DEROctetString (org.bouncycastle.asn1.DEROctetString)21 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)18 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)16 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)16 DLSequence (org.bouncycastle.asn1.DLSequence)14 IOException (java.io.IOException)11 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)11 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11 DERIA5String (org.bouncycastle.asn1.DERIA5String)10 GeneralName (org.bouncycastle.asn1.x509.GeneralName)10 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)9 BigInteger (java.math.BigInteger)7 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)7 BERSequence (org.bouncycastle.asn1.BERSequence)6 DERGeneralizedTime (org.bouncycastle.asn1.DERGeneralizedTime)6 DERSet (org.bouncycastle.asn1.DERSet)6