Example 16 with NULL
use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.
the class CRLDistributionPoint method setFullName.
/**
* Sets the <code>fullName</code> of the <code>DistributionPointName</code>. It may be set to <code>null</code>.
* If it is set to a non-null value, <code>relativeName</code> will be
* set to <code>null</code>, because at most one of these two attributes
* can be specified at a time.
*
* @exception GeneralNamesException If an error occurs encoding the
* name.
*/
public void setFullName(GeneralNames fullName) throws GeneralNamesException, IOException {
this.fullName = fullName;
if (fullName != null) {
// encode the name to catch any problems with it
DerOutputStream derOut = new DerOutputStream();
fullName.encode(derOut);
try {
ANY raw = new ANY(derOut.toByteArray());
ByteArrayOutputStream bos = new ByteArrayOutputStream();
raw.encodeWithAlternateTag(Tag.get(0), bos);
fullNameEncoding = new ANY(bos.toByteArray());
} catch (InvalidBERException e) {
// in DerOutputStream
throw new GeneralNamesException(e.toString());
}
this.relativeName = null;
}
}
Also used :
InvalidBERException(org.mozilla.jss.asn1.InvalidBERException)
DerOutputStream(org.mozilla.jss.netscape.security.util.DerOutputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
ANY(org.mozilla.jss.asn1.ANY)
Example 17 with NULL
use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.
the class PKCS12Util method getKeyInfo.
/**
* Loads key bags (for IMPORT and other operations on existing
* PKCS #12 files). Does not decrypt EncryptedPrivateKeyInfo
* values, but stores them in PKCS12KeyInfo objects for possible
* later use.
*/
public PKCS12KeyInfo getKeyInfo(SafeBag bag, Password password) throws Exception {
PKCS12KeyInfo keyInfo = new PKCS12KeyInfo(bag.getBagContent().getEncoded());
// get key attributes
SET bagAttrs = bag.getBagAttributes();
for (int i = 0; bagAttrs != null && i < bagAttrs.size(); i++) {
Attribute attr = (Attribute) bagAttrs.elementAt(i);
OBJECT_IDENTIFIER oid = attr.getType();
if (oid.equals(SafeBag.FRIENDLY_NAME)) {
SET values = attr.getValues();
ANY value = (ANY) values.elementAt(0);
ByteArrayInputStream bis = new ByteArrayInputStream(value.getEncoded());
BMPString friendlyName = (BMPString) new BMPString.Template().decode(bis);
keyInfo.setFriendlyName(friendlyName.toString());
logger.debug(" Friendly name: " + keyInfo.getFriendlyName());
} else if (oid.equals(SafeBag.LOCAL_KEY_ID)) {
SET values = attr.getValues();
ANY value = (ANY) values.elementAt(0);
ByteArrayInputStream bis = new ByteArrayInputStream(value.getEncoded());
OCTET_STRING keyIdAsn1 = (OCTET_STRING) new OCTET_STRING.Template().decode(bis);
byte[] keyID = keyIdAsn1.toByteArray();
keyInfo.setID(keyID);
} else {
logger.warn(" " + oid + ": " + attr.getValues());
}
}
return keyInfo;
}
Also used :
SET(org.mozilla.jss.asn1.SET)
OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING)
Attribute(org.mozilla.jss.pkix.primitive.Attribute)
ByteArrayInputStream(java.io.ByteArrayInputStream)
OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER)
ANY(org.mozilla.jss.asn1.ANY)
BMPString(org.mozilla.jss.asn1.BMPString)
Example 18 with NULL
use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.
the class PKCS12Util method createCertInfoFromNSS.
public PKCS12CertInfo createCertInfoFromNSS(X509Certificate cert, String friendlyName) throws Exception {
// generate cert ID from SHA-1 hash of cert data
byte[] id = SafeBag.getLocalKeyIDFromCert(cert.getEncoded());
if (friendlyName == null) {
friendlyName = cert.getNickname();
}
X509CertImpl certImpl = new X509CertImpl(cert.getEncoded());
PK11Cert p11Cert = (PK11Cert) cert;
String trustFlags = p11Cert.getTrustFlags();
PKCS12CertInfo certInfo = new PKCS12CertInfo();
certInfo.setID(id);
certInfo.setFriendlyName(friendlyName);
certInfo.setCert(certImpl);
certInfo.setTrustFlags(trustFlags);
return certInfo;
}
Also used :
X509CertImpl(org.mozilla.jss.netscape.security.x509.X509CertImpl)
BMPString(org.mozilla.jss.asn1.BMPString)
PK11Cert(org.mozilla.jss.pkcs11.PK11Cert)
Example 19 with NULL
use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.
the class CMCStatusInfo method encode.
@Override
public void encode(Tag implicitTag, OutputStream ostream) throws IOException {
SEQUENCE seq = new SEQUENCE();
seq.addElement(status);
seq.addElement(bodyList);
if (statusString != null) {
seq.addElement(statusString);
}
if (otherInfo != null) {
seq.addElement(otherInfo);
}
seq.encode(implicitTag, ostream);
}
Also used :
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
Example 20 with NULL
use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.
the class SignerInfo method verifyWithAuthenticatedAttributes.
/**
* Verifies a SignerInfo with authenticated attributes. If authenticated
* attributes are present, then two particular attributes must
* be present: <ul>
* <li>PKCS #9 Content-Type, the type of content that is being signed.
* This must match the contentType parameter.
* <li>PKCS #9 Message-Digest, the digest of the content that is being
* signed. This must match the messageDigest parameter.
* </ul>
* After these two attributes are verified to be both present and correct,
* the encryptedDigest field of the SignerInfo is verified to be the
* signature of the contents octets of the DER encoding of the
* authenticatedAttributes field.
*/
private void verifyWithAuthenticatedAttributes(byte[] messageDigest, OBJECT_IDENTIFIER contentType, PublicKey pubkey) throws NotInitializedException, NoSuchAlgorithmException, InvalidKeyException, TokenException, SignatureException {
int numAttrib = authenticatedAttributes.size();
if (numAttrib < 2) {
throw new SignatureException("At least two authenticated attributes must be present:" + " content-type and message-digest");
}
// go through the authenticated attributes, verifying the
// interesting ones
boolean foundContentType = false;
boolean foundMessageDigest = false;
for (int i = 0; i < numAttrib; i++) {
if (!(authenticatedAttributes.elementAt(i) instanceof Attribute)) {
throw new SignatureException("Element of authenticatedAttributes is not an Attribute");
}
Attribute attrib = (Attribute) authenticatedAttributes.elementAt(i);
if (attrib.getType().equals(CONTENT_TYPE)) {
// content-type. Compare with what was passed in.
SET vals = attrib.getValues();
if (vals.size() != 1) {
throw new SignatureException("Content-Type attribute " + " does not have exactly one value");
}
ASN1Value val = vals.elementAt(0);
OBJECT_IDENTIFIER ctype;
try {
if (val instanceof OBJECT_IDENTIFIER) {
ctype = (OBJECT_IDENTIFIER) val;
} else if (val instanceof ANY) {
ctype = (OBJECT_IDENTIFIER) ((ANY) val).decodeWith(OBJECT_IDENTIFIER.getTemplate());
} else {
// what the heck is it? not what it's supposed to be
throw new InvalidBERException("Content-Type authenticated attribute has unexpected" + " content type");
}
} catch (InvalidBERException e) {
throw new SignatureException("Content-Type authenticated attribute does not have " + "OBJECT IDENTIFIER value");
}
// contentType parameter
if (!ctype.equals(contentType)) {
throw new SignatureException("Content-type in authenticated attributes does not " + "match content-type being verified");
}
// content type is A-OK
foundContentType = true;
} else if (attrib.getType().equals(MESSAGE_DIGEST)) {
SET vals = attrib.getValues();
if (vals.size() != 1) {
throw new SignatureException("Message-digest attribute does not have" + " exactly one value");
}
ASN1Value val = vals.elementAt(0);
byte[] mdigest;
try {
if (val instanceof OCTET_STRING) {
mdigest = ((OCTET_STRING) val).toByteArray();
} else if (val instanceof ANY) {
OCTET_STRING os;
os = (OCTET_STRING) ((ANY) val).decodeWith(OCTET_STRING.getTemplate());
mdigest = os.toByteArray();
} else {
// what the heck is it? not what it's supposed to be
throw new InvalidBERException("Content-Type authenticated attribute has unexpected" + " content type");
}
} catch (InvalidBERException e) {
throw new SignatureException("Message-digest attribute does not" + " have OCTET STRING value");
}
// message digest being verified
if (!byteArraysAreSame(mdigest, messageDigest)) {
throw new SignatureException("Message-digest attribute does not" + " match message digest being verified");
}
// message digest is A-OK
foundMessageDigest = true;
}
// we don't care about other attributes
}
if (!foundContentType) {
throw new SignatureException("Authenticated attributes does not contain" + " PKCS #9 content-type attribute");
}
if (!foundMessageDigest) {
throw new SignatureException("Authenticate attributes does not contain" + " PKCS #9 message-digest attribute");
}
SignatureAlgorithm sigAlg = SignatureAlgorithm.fromOID(digestEncryptionAlgorithm.getOID());
// All the authenticated attributes are present and correct.
// Now verify the signature.
CryptoToken token = CryptoManager.getInstance().getInternalCryptoToken();
Signature sig = token.getSignatureContext(sigAlg);
sig.initVerify(pubkey);
// verify the contents octets of the DER encoded authenticated attribs
byte[] toBeDigested;
toBeDigested = ASN1Util.encode(authenticatedAttributes);
MessageDigest md = MessageDigest.getInstance(DigestAlgorithm.fromOID(digestAlgorithm.getOID()).toString());
byte[] digest = md.digest(toBeDigested);
byte[] toBeVerified;
if (sigAlg.getRawAlg() == SignatureAlgorithm.RSASignature) {
// create DigestInfo structure
SEQUENCE digestInfo = new SEQUENCE();
digestInfo.addElement(new AlgorithmIdentifier(digestAlgorithm.getOID(), null));
digestInfo.addElement(new OCTET_STRING(digest));
toBeVerified = ASN1Util.encode(digestInfo);
} else {
toBeVerified = digest;
}
sig.update(toBeVerified);
if (!sig.verify(encryptedDigest.toByteArray())) {
// signature is invalid
throw new SignatureException("encryptedDigest was not the correct" + " signature of the contents octets of the DER-encoded" + " authenticated attributes");
}
// SUCCESSFULLY VERIFIED
}
Also used :
SET(org.mozilla.jss.asn1.SET)
CryptoToken(org.mozilla.jss.crypto.CryptoToken)
OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER)
SignatureAlgorithm(org.mozilla.jss.crypto.SignatureAlgorithm)
SignatureException(java.security.SignatureException)
ANY(org.mozilla.jss.asn1.ANY)
AlgorithmIdentifier(org.mozilla.jss.pkix.primitive.AlgorithmIdentifier)
InvalidBERException(org.mozilla.jss.asn1.InvalidBERException)
ASN1Value(org.mozilla.jss.asn1.ASN1Value)
OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING)
Signature(org.mozilla.jss.crypto.Signature)
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
MessageDigest(java.security.MessageDigest)
Aggregations
SEQUENCE (org.mozilla.jss.asn1.SEQUENCE)33
OCTET_STRING (org.mozilla.jss.asn1.OCTET_STRING)19
InvalidBERException (org.mozilla.jss.asn1.InvalidBERException)17
ANY (org.mozilla.jss.asn1.ANY)14
CryptoToken (org.mozilla.jss.crypto.CryptoToken)14
AlgorithmIdentifier (org.mozilla.jss.pkix.primitive.AlgorithmIdentifier)11
IOException (java.io.IOException)10
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)10
ASN1Value (org.mozilla.jss.asn1.ASN1Value)10
BMPString (org.mozilla.jss.asn1.BMPString)10
CryptoManager (org.mozilla.jss.CryptoManager)9
SET (org.mozilla.jss.asn1.SET)9
ByteArrayOutputStream (java.io.ByteArrayOutputStream)8
AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)8
OBJECT_IDENTIFIER (org.mozilla.jss.asn1.OBJECT_IDENTIFIER)8
EncryptionAlgorithm (org.mozilla.jss.crypto.EncryptionAlgorithm)8
FileOutputStream (java.io.FileOutputStream)7
Cipher (org.mozilla.jss.crypto.Cipher)7
CertificateException (java.security.cert.CertificateException)6
BadPaddingException (javax.crypto.BadPaddingException)6
