Search in sources :

Example 51 with ASN1InputStream

use of org.gudy.bouncycastle.asn1.ASN1InputStream in project candlepin by candlepin.

the class X509CRLStreamWriter method write.

/**
 * Write a modified CRL to the given output stream.  This method will add each entry provided
 * via the add() method.
 *
 * @param out OutputStream to write to
 * @throws IOException if something goes wrong
 */
public void write(OutputStream out) throws IOException {
    if (!locked || !preScanned) {
        throw new IllegalStateException("The instance must be preScanned and locked before writing.");
    }
    if (emptyCrl) {
        /* An empty CRL is going to be missing the revokedCertificates sequence
             * and would require a lot of special casing during the streaming process.
             * Instead, it is easier to construct the CRL in the normal fashion using
             * BouncyCastle.  Performance should be acceptable as long as the number of
             * CRL entries being added are reasonable in number.  Something less than a
             * thousand or so should yield adequate performance.
             */
        writeToEmptyCrl(out);
        return;
    }
    originalLength = handleHeader(out);
    int tag;
    int tagNo;
    int length;
    while (originalLength > count.get()) {
        tag = readTag(crlIn, count);
        tagNo = readTagNumber(crlIn, tag, count);
        length = readLength(crlIn, count);
        byte[] entryBytes = new byte[length];
        readFullyAndTrack(crlIn, entryBytes, count);
        // We only need the serial number and not the rest of the stuff in the entry
        ASN1Integer serial = (ASN1Integer) new ASN1InputStream(entryBytes).readObject();
        if (deletedEntriesLength == 0 || !deletedEntries.contains(serial.getValue())) {
            writeTag(out, tag, tagNo, signer);
            writeLength(out, length, signer);
            writeValue(out, entryBytes, signer);
        }
    }
    // Write the new entries into the new CRL
    for (ASN1Sequence entry : newEntries) {
        writeBytes(out, entry.getEncoded(), signer);
    }
    // Copy the old extensions over
    if (newExtensions != null) {
        out.write(newExtensions);
        signer.getOutputStream().write(newExtensions, 0, newExtensions.length);
    }
    out.write(signingAlg.getEncoded());
    try {
        byte[] signature = signer.getSignature();
        ASN1BitString signatureBits = new DERBitString(signature);
        out.write(signatureBits.getEncoded());
    } catch (DataLengthException e) {
        throw new IOException("Could not sign", e);
    }
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DataLengthException(org.bouncycastle.crypto.DataLengthException) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) ASN1BitString(org.bouncycastle.asn1.ASN1BitString)

Example 52 with ASN1InputStream

use of org.gudy.bouncycastle.asn1.ASN1InputStream in project candlepin by candlepin.

the class BouncyCastlePKIUtility method decodeDERValue.

@Override
public String decodeDERValue(byte[] value) {
    ASN1InputStream vis = null;
    ASN1InputStream decoded = null;
    try {
        vis = new ASN1InputStream(value);
        decoded = new ASN1InputStream(((DEROctetString) vis.readObject()).getOctets());
        return decoded.readObject().toString();
    } catch (IOException e) {
        throw new RuntimeException(e);
    } finally {
        if (vis != null) {
            try {
                vis.close();
            } catch (IOException e) {
                log.warn("failed to close ASN1 stream", e);
            }
        }
        if (decoded != null) {
            try {
                decoded.close();
            } catch (IOException e) {
                log.warn("failed to close ASN1 stream", e);
            }
        }
    }
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) IOException(java.io.IOException) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 53 with ASN1InputStream

use of org.gudy.bouncycastle.asn1.ASN1InputStream in project jruby-openssl by jruby.

the class PEMInputOutput method readPKCS7.

/**
 * Reads in a PKCS7 object. This returns a ContentInfo object suitable for use with the CMS
 * API.
 *
 * @return the X509Certificate
 * @throws IOException if an I/O error occured
 */
private static CMSSignedData readPKCS7(BufferedReader in, char[] p, String endMarker) throws IOException {
    ByteArrayOutputStream bytes = new ByteArrayOutputStream();
    String line;
    StringBuilder buffer = new StringBuilder();
    while ((line = in.readLine()) != null) {
        if (line.contains(endMarker))
            break;
        buffer.append(line.trim());
        final int len = buffer.length();
        Base64.decode(buffer.substring(0, (len / 4) * 4), bytes);
        buffer.delete(0, (len / 4) * 4);
    }
    if (buffer.length() != 0) {
        throw new IOException("base64 data appears to be truncated");
    }
    if (line == null)
        throw new IOException(endMarker + " not found");
    try {
        ASN1InputStream aIn = new ASN1InputStream(bytes.toByteArray());
        return new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
    } catch (CMSException e) {
        throw new IOException("problem parsing PKCS7 object: " + e, e);
    }
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ByteArrayOutputStream(org.jruby.ext.openssl.util.ByteArrayOutputStream) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DEROctetString(org.bouncycastle.asn1.DEROctetString) IOException(java.io.IOException) CMSSignedData(org.bouncycastle.cms.CMSSignedData) CMSException(org.bouncycastle.cms.CMSException)

Example 54 with ASN1InputStream

use of org.gudy.bouncycastle.asn1.ASN1InputStream in project jruby-openssl by jruby.

the class PKey method readRSAPrivateKey.

public static KeyPair readRSAPrivateKey(final KeyFactory rsaFactory, final byte[] input) throws IOException, InvalidKeySpecException {
    ASN1Sequence seq = (ASN1Sequence) new ASN1InputStream(input).readObject();
    if (seq.size() == 9) {
        BigInteger mod = ((ASN1Integer) seq.getObjectAt(1)).getValue();
        BigInteger pubexp = ((ASN1Integer) seq.getObjectAt(2)).getValue();
        BigInteger privexp = ((ASN1Integer) seq.getObjectAt(3)).getValue();
        BigInteger primep = ((ASN1Integer) seq.getObjectAt(4)).getValue();
        BigInteger primeq = ((ASN1Integer) seq.getObjectAt(5)).getValue();
        BigInteger primeep = ((ASN1Integer) seq.getObjectAt(6)).getValue();
        BigInteger primeeq = ((ASN1Integer) seq.getObjectAt(7)).getValue();
        BigInteger crtcoeff = ((ASN1Integer) seq.getObjectAt(8)).getValue();
        PrivateKey priv = rsaFactory.generatePrivate(new RSAPrivateCrtKeySpec(mod, pubexp, privexp, primep, primeq, primeep, primeeq, crtcoeff));
        PublicKey pub = rsaFactory.generatePublic(new RSAPublicKeySpec(mod, pubexp));
        return new KeyPair(pub, priv);
    }
    return null;
}
Also used : RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) KeyPair(java.security.KeyPair) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DSAPrivateKey(java.security.interfaces.DSAPrivateKey) ECPrivateKey(java.security.interfaces.ECPrivateKey) PrivateKey(java.security.PrivateKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) DSAPublicKey(java.security.interfaces.DSAPublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) BigInteger(java.math.BigInteger) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec)

Example 55 with ASN1InputStream

use of org.gudy.bouncycastle.asn1.ASN1InputStream in project jruby-openssl by jruby.

the class PKey method readRSAPublicKey.

public static PublicKey readRSAPublicKey(final KeyFactory rsaFactory, final byte[] input) throws IOException, InvalidKeySpecException {
    ASN1Sequence seq = (ASN1Sequence) new ASN1InputStream(input).readObject();
    if (seq.size() == 2) {
        BigInteger mod = ((ASN1Integer) seq.getObjectAt(0)).getValue();
        BigInteger pubexp = ((ASN1Integer) seq.getObjectAt(1)).getValue();
        return rsaFactory.generatePublic(new RSAPublicKeySpec(mod, pubexp));
    }
    return null;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) BigInteger(java.math.BigInteger) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec)

Aggregations

ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)99 IOException (java.io.IOException)81 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)34 ByteArrayInputStream (java.io.ByteArrayInputStream)28 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)22 BigInteger (java.math.BigInteger)20 ASN1InputStream (com.android.org.bouncycastle.asn1.ASN1InputStream)19 CertificateException (java.security.cert.CertificateException)19 X509Certificate (java.security.cert.X509Certificate)19 DEROctetString (org.bouncycastle.asn1.DEROctetString)19 CertificateParsingException (java.security.cert.CertificateParsingException)18 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)17 Enumeration (java.util.Enumeration)17 CertificateEncodingException (java.security.cert.CertificateEncodingException)16 InvalidKeyException (java.security.InvalidKeyException)14 CRLException (java.security.cert.CRLException)14 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)14 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)12 NoSuchProviderException (java.security.NoSuchProviderException)11 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)11