Search in sources :

Example 1 with AttributeTypeAndValue

use of org.bouncycastle.asn1.x500.AttributeTypeAndValue in project OpenAttestation by OpenAttestation.

the class X509AttributeCertificate method valueOf.

/**
     *
     * @param encodedCertificate
     * @return
     */
@JsonCreator
public static X509AttributeCertificate valueOf(@JsonProperty("encoded") byte[] encodedCertificate) {
    X509AttributeCertificate result = new X509AttributeCertificate(encodedCertificate);
    X509AttributeCertificateHolder cert;
    try {
        cert = new X509AttributeCertificateHolder(encodedCertificate);
    } catch (IOException e) {
        throw new IllegalArgumentException(e);
    }
    // calls toString() on each X500Name so we get the default representation; we can do it ourselves for custom display;  output example: CN=Attr CA,OU=CPG,OU=DCSG,O=Intel,ST=CA,C=US
    log.debug("issuer: {}", StringUtils.join(cert.getIssuer().getNames(), "; "));
    // but expected to be only one
    result.issuer = StringUtils.join(cert.getIssuer().getNames(), "; ");
    // output example:   1
    log.debug("serial number: {}", cert.getSerialNumber().toString());
    result.serialNumber = cert.getSerialNumber();
    // output example:  2.25=#041092a71a228c174522a18bfd3ed3d00b39
    log.debug("holder: {}", StringUtils.join(cert.getHolder().getEntityNames(), ", "));
    // now let's get the UUID specifically out of this
    log.debug("holder has {} entity names", cert.getHolder().getEntityNames().length);
    for (X500Name entityName : cert.getHolder().getEntityNames()) {
        log.debug("holder entity name has {} rdns", entityName.getRDNs().length);
        for (RDN rdn : entityName.getRDNs()) {
            log.debug("entity rdn is multivalued? {}", rdn.isMultiValued());
            AttributeTypeAndValue attr = rdn.getFirst();
            if (attr.getType().toString().equals(OID.HOST_UUID)) {
                UUID uuid = UUID.valueOf(DEROctetString.getInstance(attr.getValue()).getOctets());
                log.debug("holder uuid: {}", uuid);
                // example: 33766a63-5c55-4461-8a84-5936577df450
                result.subject = uuid.toString();
            }
        }
    }
    // if we ddin't identify the UUID,  just display the subject same way we did the issuer... concat all the entity names. example: 2.25=#041033766a635c5544618a845936577df450  (notice that in the value, there's a #0410 prepended to the uuid 33766a635c5544618a845936577df450)
    if (result.subject == null) {
        result.subject = StringUtils.join(cert.getHolder().getEntityNames(), "; ");
    }
    // output example: Thu Aug 08 15:21:13 PDT 2013
    log.debug("not before: {}", cert.getNotBefore());
    // output example: Sun Sep 08 15:21:13 PDT 2013
    log.debug("not after: {}", cert.getNotAfter());
    result.notBefore = cert.getNotBefore();
    result.notAfter = cert.getNotAfter();
    Attribute[] attributes = cert.getAttributes();
    result.tags1 = new ArrayList<UTF8NameValueMicroformat>();
    result.tags2 = new ArrayList<UTF8NameValueSequence>();
    result.tagsOther = new ArrayList<ASN1Encodable>();
    for (Attribute attr : attributes) {
        log.debug("attr {} is {}", attr.hashCode(), attr.toString());
        result.attributes.add(attr);
        for (ASN1Encodable value : attr.getAttributeValues()) {
            //                result.tags.add(new AttributeOidAndValue(attr.getAttrType().toString(), DERUTF8String.getInstance(value).getString()));
            if (attr.getAttrType().toString().equals(UTF8NameValueMicroformat.OID)) {
                // our values are just UTF-8 strings  but if you use new String(value.getEncoded())  you will get two extra spaces at the beginning of the string                    
                log.debug("name-value microformat attribute: {}", DERUTF8String.getInstance(value).getString());
                UTF8NameValueMicroformat microformat = new UTF8NameValueMicroformat(DERUTF8String.getInstance(value));
                log.debug("name-value microformat attribute (2)  name {} value {}", microformat.getName(), microformat.getValue());
                result.tags1.add(microformat);
            } else if (attr.getAttrType().toString().equals(UTF8NameValueSequence.OID)) {
                UTF8NameValueSequence sequence = new UTF8NameValueSequence(ASN1Sequence.getInstance(value));
                String name = sequence.getName();
                List<String> values = sequence.getValues();
                log.debug("name-values asn.1 attribute {} values {}", name, values);
                result.tags2.add(sequence);
            } else {
                log.debug("unrecognzied attribute type {}", attr.getAttrType().toString());
                result.tagsOther.add(value);
            }
        /*
                 * output examples:
                 * attribute: 1.3.6.1.4.1.99999.1.1.1.1 is US
                 * attribute: 1.3.6.1.4.1.99999.2.2.2.2 is CA
                 * attribute: 1.3.6.1.4.1.99999.3.3.3.3 is Folsom
                 */
        }
    }
    log.debug("valueOf ok");
    return result;
}
Also used : Attribute(org.bouncycastle.asn1.x509.Attribute) X509AttributeCertificateHolder(org.bouncycastle.cert.X509AttributeCertificateHolder) IOException(java.io.IOException) X500Name(org.bouncycastle.asn1.x500.X500Name) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue) ArrayList(java.util.ArrayList) List(java.util.List) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) UUID(com.intel.mtwilson.util.io.UUID) RDN(org.bouncycastle.asn1.x500.RDN) JsonCreator(org.codehaus.jackson.annotate.JsonCreator)

Example 2 with AttributeTypeAndValue

use of org.bouncycastle.asn1.x500.AttributeTypeAndValue in project OpenAttestation by OpenAttestation.

the class X509AttrBuilder method subjectUuid.

/*
     public X509AttrBuilder subjectName(sun.security.x509.X500Name subjectName) {
     return subjectName(subjectName.getRFC2253Name());
     }
     */
public X509AttrBuilder subjectUuid(UUID uuid) {
    DEROctetString uuidText = new DEROctetString(uuid.toByteArray().getBytes());
    ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(OID.HOST_UUID);
    AttributeTypeAndValue attr = new AttributeTypeAndValue(oid, uuidText);
    RDN rdn = new RDN(attr);
    subjectName = new X500Name(new RDN[] { rdn });
    return this;
}
Also used : X500Name(org.bouncycastle.asn1.x500.X500Name) RDN(org.bouncycastle.asn1.x500.RDN) DEROctetString(org.bouncycastle.asn1.DEROctetString) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)

Example 3 with AttributeTypeAndValue

use of org.bouncycastle.asn1.x500.AttributeTypeAndValue in project robovm by robovm.

the class JarUtils method verifySignature.

/**
     * This method handle all the work with  PKCS7, ASN1 encoding, signature verifying,
     * and certification path building.
     * See also PKCS #7: Cryptographic Message Syntax Standard:
     * http://www.ietf.org/rfc/rfc2315.txt
     * @param signature - the input stream of signature file to be verified
     * @param signatureBlock - the input stream of corresponding signature block file
     * @return array of certificates used to verify the signature file
     * @throws IOException - if some errors occurs during reading from the stream
     * @throws GeneralSecurityException - if signature verification process fails
     */
public static Certificate[] verifySignature(InputStream signature, InputStream signatureBlock) throws IOException, GeneralSecurityException {
    BerInputStream bis = new BerInputStream(signatureBlock);
    ContentInfo info = (ContentInfo) ContentInfo.ASN1.decode(bis);
    SignedData signedData = info.getSignedData();
    if (signedData == null) {
        throw new IOException("No SignedData found");
    }
    Collection<org.apache.harmony.security.x509.Certificate> encCerts = signedData.getCertificates();
    if (encCerts.isEmpty()) {
        return null;
    }
    X509Certificate[] certs = new X509Certificate[encCerts.size()];
    int i = 0;
    for (org.apache.harmony.security.x509.Certificate encCert : encCerts) {
        certs[i++] = new X509CertImpl(encCert);
    }
    List<SignerInfo> sigInfos = signedData.getSignerInfos();
    SignerInfo sigInfo;
    if (!sigInfos.isEmpty()) {
        sigInfo = sigInfos.get(0);
    } else {
        return null;
    }
    // Issuer
    X500Principal issuer = sigInfo.getIssuer();
    // Certificate serial number
    BigInteger snum = sigInfo.getSerialNumber();
    // Locate the certificate
    int issuerSertIndex = 0;
    for (i = 0; i < certs.length; i++) {
        if (issuer.equals(certs[i].getIssuerDN()) && snum.equals(certs[i].getSerialNumber())) {
            issuerSertIndex = i;
            break;
        }
    }
    if (i == certs.length) {
        // No issuer certificate found
        return null;
    }
    if (certs[issuerSertIndex].hasUnsupportedCriticalExtension()) {
        throw new SecurityException("Can not recognize a critical extension");
    }
    // Get Signature instance
    final String daOid = sigInfo.getDigestAlgorithm();
    final String daName = sigInfo.getDigestAlgorithmName();
    final String deaOid = sigInfo.getDigestEncryptionAlgorithm();
    String alg = null;
    Signature sig = null;
    if (daOid != null && deaOid != null) {
        alg = daOid + "with" + deaOid;
        try {
            sig = Signature.getInstance(alg);
        } catch (NoSuchAlgorithmException e) {
        }
        // Try to convert to names instead of OID.
        if (sig == null) {
            final String deaName = sigInfo.getDigestEncryptionAlgorithmName();
            alg = daName + "with" + deaName;
            try {
                sig = Signature.getInstance(alg);
            } catch (NoSuchAlgorithmException e) {
            }
        }
    }
    /*
         * TODO figure out the case in which we'd only use digestAlgorithm and
         * add a test for it.
         */
    if (sig == null && daOid != null) {
        alg = daOid;
        try {
            sig = Signature.getInstance(alg);
        } catch (NoSuchAlgorithmException e) {
        }
        if (sig == null && daName != null) {
            alg = daName;
            try {
                sig = Signature.getInstance(alg);
            } catch (NoSuchAlgorithmException e) {
            }
        }
    }
    // We couldn't find a valid Signature type.
    if (sig == null) {
        return null;
    }
    sig.initVerify(certs[issuerSertIndex]);
    // If the authenticatedAttributes field of SignerInfo contains more than zero attributes,
    // compute the message digest on the ASN.1 DER encoding of the Attributes value.
    // Otherwise, compute the message digest on the data.
    List<AttributeTypeAndValue> atr = sigInfo.getAuthenticatedAttributes();
    byte[] sfBytes = new byte[signature.available()];
    signature.read(sfBytes);
    if (atr == null) {
        sig.update(sfBytes);
    } else {
        sig.update(sigInfo.getEncodedAuthenticatedAttributes());
        // If the authenticatedAttributes field contains the message-digest attribute,
        // verify that it equals the computed digest of the signature file
        byte[] existingDigest = null;
        for (AttributeTypeAndValue a : atr) {
            if (Arrays.equals(a.getType().getOid(), MESSAGE_DIGEST_OID)) {
                if (existingDigest != null) {
                    throw new SecurityException("Too many MessageDigest attributes");
                }
                Collection<?> entries = a.getValue().getValues(ASN1OctetString.getInstance());
                if (entries.size() != 1) {
                    throw new SecurityException("Too many values for MessageDigest attribute");
                }
                existingDigest = (byte[]) entries.iterator().next();
            }
        }
        // message digest entry.
        if (existingDigest == null) {
            throw new SecurityException("Missing MessageDigest in Authenticated Attributes");
        }
        MessageDigest md = null;
        if (daOid != null) {
            md = MessageDigest.getInstance(daOid);
        }
        if (md == null && daName != null) {
            md = MessageDigest.getInstance(daName);
        }
        if (md == null) {
            return null;
        }
        byte[] computedDigest = md.digest(sfBytes);
        if (!Arrays.equals(existingDigest, computedDigest)) {
            throw new SecurityException("Incorrect MD");
        }
    }
    if (!sig.verify(sigInfo.getEncryptedDigest())) {
        throw new SecurityException("Incorrect signature");
    }
    return createChain(certs[issuerSertIndex], certs);
}
Also used : ASN1OctetString(org.apache.harmony.security.asn1.ASN1OctetString) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ContentInfo(org.apache.harmony.security.pkcs7.ContentInfo) X509CertImpl(org.apache.harmony.security.provider.cert.X509CertImpl) BerInputStream(org.apache.harmony.security.asn1.BerInputStream) MessageDigest(java.security.MessageDigest) SignedData(org.apache.harmony.security.pkcs7.SignedData) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) AttributeTypeAndValue(org.apache.harmony.security.x501.AttributeTypeAndValue) SignerInfo(org.apache.harmony.security.pkcs7.SignerInfo) Signature(java.security.Signature) X500Principal(javax.security.auth.x500.X500Principal) BigInteger(java.math.BigInteger) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 4 with AttributeTypeAndValue

use of org.bouncycastle.asn1.x500.AttributeTypeAndValue in project robovm by robovm.

the class DNParser method parse.

/**
     * Parses DN
     *
     * @return a list of Relative Distinguished Names(RDN),
     *         each RDN is represented as a list of AttributeTypeAndValue objects
     */
public List<List<AttributeTypeAndValue>> parse() throws IOException {
    List<List<AttributeTypeAndValue>> list = new ArrayList<List<AttributeTypeAndValue>>();
    String attType = nextAT();
    if (attType == null) {
        //empty list of RDNs
        return list;
    }
    ObjectIdentifier oid = AttributeTypeAndValue.getObjectIdentifier(attType);
    List<AttributeTypeAndValue> atav = new ArrayList<AttributeTypeAndValue>();
    while (true) {
        if (pos == chars.length) {
            //empty Attribute Value
            atav.add(new AttributeTypeAndValue(oid, new AttributeValue("", false, oid)));
            list.add(0, atav);
            return list;
        }
        switch(chars[pos]) {
            case '"':
                atav.add(new AttributeTypeAndValue(oid, new AttributeValue(quotedAV(), hasQE, oid)));
                break;
            case '#':
                atav.add(new AttributeTypeAndValue(oid, new AttributeValue(hexAV(), encoded)));
                break;
            case '+':
            case ',':
            case // compatibility with RFC 1779: semicolon can separate RDNs
            ';':
                //empty attribute value
                atav.add(new AttributeTypeAndValue(oid, new AttributeValue("", false, oid)));
                break;
            default:
                atav.add(new AttributeTypeAndValue(oid, new AttributeValue(escapedAV(), hasQE, oid)));
        }
        if (pos >= chars.length) {
            list.add(0, atav);
            return list;
        }
        if (chars[pos] == ',' || chars[pos] == ';') {
            list.add(0, atav);
            atav = new ArrayList<AttributeTypeAndValue>();
        } else if (chars[pos] != '+') {
            throw new IOException("Invalid distinguished name string");
        }
        pos++;
        attType = nextAT();
        if (attType == null) {
            throw new IOException("Invalid distinguished name string");
        }
        oid = AttributeTypeAndValue.getObjectIdentifier(attType);
    }
}
Also used : AttributeValue(org.apache.harmony.security.x501.AttributeValue) ArrayList(java.util.ArrayList) List(java.util.List) ArrayList(java.util.ArrayList) IOException(java.io.IOException) AttributeTypeAndValue(org.apache.harmony.security.x501.AttributeTypeAndValue) ObjectIdentifier(org.apache.harmony.security.utils.ObjectIdentifier)

Example 5 with AttributeTypeAndValue

use of org.bouncycastle.asn1.x500.AttributeTypeAndValue in project robovm by robovm.

the class AttributeTypeAndValue method toASN1Primitive.

/**
     * <pre>
     * AttributeTypeAndValue ::= SEQUENCE {
     *           type         OBJECT IDENTIFIER,
     *           value        ANY DEFINED BY type }
     * </pre>
     * @return a basic ASN.1 object representation.
     */
public ASN1Primitive toASN1Primitive() {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(type);
    v.add(value);
    return new DERSequence(v);
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)

Aggregations

IOException (java.io.IOException)7 AttributeTypeAndValue (org.apache.harmony.security.x501.AttributeTypeAndValue)6 ArrayList (java.util.ArrayList)5 List (java.util.List)4 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)4 BigInteger (java.math.BigInteger)3 GeneralSecurityException (java.security.GeneralSecurityException)3 MessageDigest (java.security.MessageDigest)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 Signature (java.security.Signature)3 Certificate (java.security.cert.Certificate)3 X509Certificate (java.security.cert.X509Certificate)3 X500Principal (javax.security.auth.x500.X500Principal)3 BerInputStream (org.apache.harmony.security.asn1.BerInputStream)3 ContentInfo (org.apache.harmony.security.pkcs7.ContentInfo)3 SignedData (org.apache.harmony.security.pkcs7.SignedData)3 SignerInfo (org.apache.harmony.security.pkcs7.SignerInfo)3 AttributeValue (org.apache.harmony.security.x501.AttributeValue)3 ASN1String (org.bouncycastle.asn1.ASN1String)3 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)3