Example 6 with AttributeTypeAndValue
use of org.bouncycastle.asn1.x500.AttributeTypeAndValue in project robovm by robovm.
the class IETFUtils method appendTypeAndValue.
public static void appendTypeAndValue(StringBuffer buf, AttributeTypeAndValue typeAndValue, Hashtable oidSymbols) {
String sym = (String) oidSymbols.get(typeAndValue.getType());
if (sym != null) {
buf.append(sym);
} else {
buf.append(typeAndValue.getType().getId());
}
buf.append('=');
buf.append(valueToString(typeAndValue.getValue()));
}
Also used :
ASN1String(org.bouncycastle.asn1.ASN1String)
DERUniversalString(org.bouncycastle.asn1.DERUniversalString)
Example 7 with AttributeTypeAndValue
use of org.bouncycastle.asn1.x500.AttributeTypeAndValue in project j2objc by google.
the class JarUtils method verifySignature.
/**
* This method handle all the work with PKCS7, ASN1 encoding, signature verifying,
* and certification path building.
* See also PKCS #7: Cryptographic Message Syntax Standard:
* http://www.ietf.org/rfc/rfc2315.txt
* @param signature - the input stream of signature file to be verified
* @param signatureBlock - the input stream of corresponding signature block file
* @return array of certificates used to verify the signature file
* @throws IOException - if some errors occurs during reading from the stream
* @throws GeneralSecurityException - if signature verification process fails
*/
public static Certificate[] verifySignature(InputStream signature, InputStream signatureBlock) throws IOException, GeneralSecurityException {
BerInputStream bis = new BerInputStream(signatureBlock);
ContentInfo info = (ContentInfo) ContentInfo.ASN1.decode(bis);
SignedData signedData = info.getSignedData();
if (signedData == null) {
throw new IOException("No SignedData found");
}
Collection<org.apache.harmony.security.x509.Certificate> encCerts = signedData.getCertificates();
if (encCerts.isEmpty()) {
return null;
}
X509Certificate[] certs = new X509Certificate[encCerts.size()];
CertificateFactory cf = CertificateFactory.getInstance("X.509");
int i = 0;
for (org.apache.harmony.security.x509.Certificate encCert : encCerts) {
final byte[] encoded = encCert.getEncoded();
final InputStream is = new ByteArrayInputStream(encoded);
certs[i++] = new VerbatimX509Certificate((X509Certificate) cf.generateCertificate(is), encoded);
}
List<SignerInfo> sigInfos = signedData.getSignerInfos();
SignerInfo sigInfo;
if (!sigInfos.isEmpty()) {
sigInfo = sigInfos.get(0);
} else {
return null;
}
// Issuer
X500Principal issuer = sigInfo.getIssuer();
// Certificate serial number
BigInteger snum = sigInfo.getSerialNumber();
// Locate the certificate
int issuerSertIndex = 0;
for (i = 0; i < certs.length; i++) {
if (issuer.equals(certs[i].getIssuerDN()) && snum.equals(certs[i].getSerialNumber())) {
issuerSertIndex = i;
break;
}
}
if (i == certs.length) {
// No issuer certificate found
return null;
}
if (certs[issuerSertIndex].hasUnsupportedCriticalExtension()) {
throw new SecurityException("Can not recognize a critical extension");
}
// Get Signature instance
final String daOid = sigInfo.getDigestAlgorithm();
final String daName = sigInfo.getDigestAlgorithmName();
final String deaOid = sigInfo.getDigestEncryptionAlgorithm();
final String deaName = sigInfo.getDigestEncryptionAlgorithmName();
String alg = null;
Signature sig = null;
if (daOid != null && deaOid != null) {
alg = daOid + "with" + deaOid;
try {
sig = Signature.getInstance(alg);
} catch (NoSuchAlgorithmException e) {
}
// Try to convert to names instead of OID.
if (sig == null && daName != null && deaName != null) {
alg = daName + "with" + deaName;
try {
sig = Signature.getInstance(alg);
} catch (NoSuchAlgorithmException e) {
}
}
}
if (sig == null && deaOid != null) {
alg = deaOid;
try {
sig = Signature.getInstance(alg);
} catch (NoSuchAlgorithmException e) {
}
if (sig == null) {
alg = deaName;
try {
sig = Signature.getInstance(alg);
} catch (NoSuchAlgorithmException e) {
}
}
}
// We couldn't find a valid Signature type.
if (sig == null) {
return null;
}
sig.initVerify(certs[issuerSertIndex]);
// If the authenticatedAttributes field of SignerInfo contains more than zero attributes,
// compute the message digest on the ASN.1 DER encoding of the Attributes value.
// Otherwise, compute the message digest on the data.
List<AttributeTypeAndValue> atr = sigInfo.getAuthenticatedAttributes();
byte[] sfBytes = new byte[signature.available()];
signature.read(sfBytes);
if (atr == null) {
sig.update(sfBytes);
} else {
sig.update(sigInfo.getEncodedAuthenticatedAttributes());
// If the authenticatedAttributes field contains the message-digest attribute,
// verify that it equals the computed digest of the signature file
byte[] existingDigest = null;
for (AttributeTypeAndValue a : atr) {
if (Arrays.equals(a.getType().getOid(), MESSAGE_DIGEST_OID)) {
if (existingDigest != null) {
throw new SecurityException("Too many MessageDigest attributes");
}
Collection<?> entries = a.getValue().getValues(ASN1OctetString.getInstance());
if (entries.size() != 1) {
throw new SecurityException("Too many values for MessageDigest attribute");
}
existingDigest = (byte[]) entries.iterator().next();
}
}
// must have a message-digest attribute.
if (existingDigest == null) {
throw new SecurityException("Missing MessageDigest in Authenticated Attributes");
}
MessageDigest md = null;
if (daOid != null) {
md = MessageDigest.getInstance(daOid);
}
if (md == null && daName != null) {
md = MessageDigest.getInstance(daName);
}
if (md == null) {
return null;
}
byte[] computedDigest = md.digest(sfBytes);
if (!Arrays.equals(existingDigest, computedDigest)) {
throw new SecurityException("Incorrect MD");
}
}
if (!sig.verify(sigInfo.getEncryptedDigest())) {
throw new SecurityException("Incorrect signature");
}
return createChain(certs[issuerSertIndex], certs);
}
Also used :
ASN1OctetString(org.apache.harmony.security.asn1.ASN1OctetString)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CertificateFactory(java.security.cert.CertificateFactory)
ContentInfo(org.apache.harmony.security.pkcs7.ContentInfo)
BerInputStream(org.apache.harmony.security.asn1.BerInputStream)
MessageDigest(java.security.MessageDigest)
SignedData(org.apache.harmony.security.pkcs7.SignedData)
BerInputStream(org.apache.harmony.security.asn1.BerInputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
AttributeTypeAndValue(org.apache.harmony.security.x501.AttributeTypeAndValue)
SignerInfo(org.apache.harmony.security.pkcs7.SignerInfo)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Signature(java.security.Signature)
X500Principal(javax.security.auth.x500.X500Principal)
BigInteger(java.math.BigInteger)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 8 with AttributeTypeAndValue
use of org.bouncycastle.asn1.x500.AttributeTypeAndValue in project XobotOS by xamarin.
the class AttributeTypeAndValue method toASN1Object.
/**
* <pre>
* AttributeTypeAndValue ::= SEQUENCE {
* type OBJECT IDENTIFIER,
* value ANY DEFINED BY type }
* </pre>
* @return a basic ASN.1 object representation.
*/
public DERObject toASN1Object() {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(type);
v.add(value);
return new DERSequence(v);
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
Example 9 with AttributeTypeAndValue
use of org.bouncycastle.asn1.x500.AttributeTypeAndValue in project XobotOS by xamarin.
the class IETFUtils method appendTypeAndValue.
public static void appendTypeAndValue(StringBuffer buf, AttributeTypeAndValue typeAndValue, Hashtable oidSymbols) {
String sym = (String) oidSymbols.get(typeAndValue.getType());
if (sym != null) {
buf.append(sym);
} else {
buf.append(typeAndValue.getType().getId());
}
buf.append('=');
buf.append(valueToString(typeAndValue.getValue()));
}
Also used :
ASN1String(org.bouncycastle.asn1.ASN1String)
DERUniversalString(org.bouncycastle.asn1.DERUniversalString)
Example 10 with AttributeTypeAndValue
use of org.bouncycastle.asn1.x500.AttributeTypeAndValue in project XobotOS by xamarin.
the class RFC4519Style method atvAreEqual.
private boolean atvAreEqual(AttributeTypeAndValue atv1, AttributeTypeAndValue atv2) {
if (atv1 == atv2) {
return true;
}
if (atv1 == null) {
return false;
}
if (atv2 == null) {
return false;
}
ASN1ObjectIdentifier o1 = atv1.getType();
ASN1ObjectIdentifier o2 = atv2.getType();
if (!o1.equals(o2)) {
return false;
}
String v1 = IETFUtils.canonicalize(IETFUtils.valueToString(atv1.getValue()));
String v2 = IETFUtils.canonicalize(IETFUtils.valueToString(atv2.getValue()));
if (!v1.equals(v2)) {
return false;
}
return true;
}
Also used :
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
IOException (java.io.IOException)7
AttributeTypeAndValue (org.apache.harmony.security.x501.AttributeTypeAndValue)6
ArrayList (java.util.ArrayList)5
List (java.util.List)4
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)4
BigInteger (java.math.BigInteger)3
GeneralSecurityException (java.security.GeneralSecurityException)3
MessageDigest (java.security.MessageDigest)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
Signature (java.security.Signature)3
Certificate (java.security.cert.Certificate)3
X509Certificate (java.security.cert.X509Certificate)3
X500Principal (javax.security.auth.x500.X500Principal)3
BerInputStream (org.apache.harmony.security.asn1.BerInputStream)3
ContentInfo (org.apache.harmony.security.pkcs7.ContentInfo)3
SignedData (org.apache.harmony.security.pkcs7.SignedData)3
SignerInfo (org.apache.harmony.security.pkcs7.SignerInfo)3
AttributeValue (org.apache.harmony.security.x501.AttributeValue)3
ASN1String (org.bouncycastle.asn1.ASN1String)3
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)3
