Example 11 with OBJECT_IDENTIFIER
use of org.mozilla.jss.asn1.OBJECT_IDENTIFIER in project jss by dogtagpki.
the class PKCS12Util method getCertInfo.
public PKCS12CertInfo getCertInfo(SafeBag bag) throws Exception {
PKCS12CertInfo certInfo = new PKCS12CertInfo();
CertBag certBag = (CertBag) bag.getInterpretedBagContent();
OCTET_STRING certStr = (OCTET_STRING) certBag.getInterpretedCert();
byte[] x509cert = certStr.toByteArray();
// generate cert ID from SHA-1 hash of cert data
byte[] id = SafeBag.getLocalKeyIDFromCert(x509cert);
certInfo.setID(id);
logger.debug(" Certificate ID: " + Utils.HexEncode(id));
X509CertImpl cert = new X509CertImpl(x509cert);
certInfo.setCert(cert);
X500Principal subjectDN = cert.getSubjectX500Principal();
logger.debug(" Subject DN: " + subjectDN);
SET bagAttrs = bag.getBagAttributes();
for (int i = 0; bagAttrs != null && i < bagAttrs.size(); i++) {
Attribute attr = (Attribute) bagAttrs.elementAt(i);
OBJECT_IDENTIFIER oid = attr.getType();
if (oid.equals(SafeBag.FRIENDLY_NAME)) {
SET values = attr.getValues();
ANY value = (ANY) values.elementAt(0);
ByteArrayInputStream bis = new ByteArrayInputStream(value.getEncoded());
BMPString friendlyName = (BMPString) (new BMPString.Template()).decode(bis);
certInfo.setFriendlyName(friendlyName.toString());
logger.debug(" Friendly name: " + certInfo.getFriendlyName());
} else if (oid.equals(SafeBag.LOCAL_KEY_ID)) {
SET values = attr.getValues();
ANY value = (ANY) values.elementAt(0);
ByteArrayInputStream bis = new ByteArrayInputStream(value.getEncoded());
OCTET_STRING keyIdAsn1 = (OCTET_STRING) new OCTET_STRING.Template().decode(bis);
byte[] keyID = keyIdAsn1.toByteArray();
certInfo.setKeyID(keyID);
logger.debug(" Key ID: " + Utils.HexEncode(keyID));
} else if (oid.equals(PKCS12.CERT_TRUST_FLAGS_OID) && trustFlagsEnabled) {
SET values = attr.getValues();
ANY value = (ANY) values.elementAt(0);
ByteArrayInputStream is = new ByteArrayInputStream(value.getEncoded());
BMPString trustFlagsAsn1 = (BMPString) (new BMPString.Template()).decode(is);
String trustFlags = trustFlagsAsn1.toString();
certInfo.setTrustFlags(trustFlags);
logger.debug(" Trust flags: " + trustFlags);
} else {
logger.warn(" " + oid + ": " + attr.getValues());
}
}
if (certInfo.getFriendlyName() == null) {
logger.debug(" Generating new friendly name");
LdapName dn = new LdapName(subjectDN.getName());
ArrayList<String> values = new ArrayList<>();
// The getRdns method returns the list in reverse order
// therefore, we must traverse in reverse order.
List<Rdn> rdns = dn.getRdns();
for (int i = rdns.size() - 1; i >= 0; i--) {
Rdn rdn = rdns.get(i);
values.add(rdn.getValue().toString());
}
String friendlyName = StringUtils.join(values, " - ");
certInfo.setFriendlyName(friendlyName);
logger.debug(" Friendly name: " + friendlyName);
}
return certInfo;
}
Also used :
SET(org.mozilla.jss.asn1.SET)
Attribute(org.mozilla.jss.pkix.primitive.Attribute)
ArrayList(java.util.ArrayList)
OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER)
BMPString(org.mozilla.jss.asn1.BMPString)
ANY(org.mozilla.jss.asn1.ANY)
LdapName(javax.naming.ldap.LdapName)
CertBag(org.mozilla.jss.pkcs12.CertBag)
OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING)
ByteArrayInputStream(java.io.ByteArrayInputStream)
X509CertImpl(org.mozilla.jss.netscape.security.x509.X509CertImpl)
X500Principal(javax.security.auth.x500.X500Principal)
BMPString(org.mozilla.jss.asn1.BMPString)
Rdn(javax.naming.ldap.Rdn)
Example 12 with OBJECT_IDENTIFIER
use of org.mozilla.jss.asn1.OBJECT_IDENTIFIER in project jss by dogtagpki.
the class PK11KeyPairGenerator method getECCurve.
/*
* getECCurve
* maps curvecode to the actual oid of the curve and
* returns the PK11ParameterSpec
*/
private AlgorithmParameterSpec getECCurve(int curvecode) throws InvalidParameterException {
OBJECT_IDENTIFIER oid;
oid = mECCurve_CodeToCurve.get(curvecode);
if (oid == null)
throw new IllegalArgumentException("curvecode =" + curvecode);
return new PK11ParameterSpec(ASN1Util.encode(oid));
}
Also used :
OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER)
Example 13 with OBJECT_IDENTIFIER
use of org.mozilla.jss.asn1.OBJECT_IDENTIFIER in project jss by dogtagpki.
the class SignerInfo method verifyWithoutAuthenticatedAttributes.
/**
* Verifies that the message digest passed in, when encrypted with the
* given public key, matches the encrypted digest in the SignerInfo.
*/
private void verifyWithoutAuthenticatedAttributes(byte[] messageDigest, OBJECT_IDENTIFIER contentType, PublicKey pubkey) throws NotInitializedException, NoSuchAlgorithmException, InvalidKeyException, TokenException, SignatureException {
if (!contentType.equals(ContentInfo.DATA)) {
// to go into authenticatedAttributes.
throw new SignatureException("Content-Type is not DATA, but there are" + " no authenticated attributes");
}
SignatureAlgorithm sigAlg = SignatureAlgorithm.fromOID(digestEncryptionAlgorithm.getOID());
byte[] toBeVerified;
if (sigAlg.getRawAlg() == SignatureAlgorithm.RSASignature) {
// create DigestInfo structure
SEQUENCE digestInfo = new SEQUENCE();
digestInfo.addElement(new AlgorithmIdentifier(digestAlgorithm.getOID(), null));
digestInfo.addElement(new OCTET_STRING(messageDigest));
toBeVerified = ASN1Util.encode(digestInfo);
} else {
toBeVerified = messageDigest;
}
CryptoToken token = CryptoManager.getInstance().getInternalCryptoToken();
Signature sig = token.getSignatureContext(sigAlg);
sig.initVerify(pubkey);
sig.update(toBeVerified);
if (sig.verify(encryptedDigest.toByteArray())) {
// success
return;
} else {
throw new SignatureException("Encrypted message digest parameter does not " + "match encrypted digest in SignerInfo");
}
}
Also used :
OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING)
CryptoToken(org.mozilla.jss.crypto.CryptoToken)
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
Signature(org.mozilla.jss.crypto.Signature)
SignatureAlgorithm(org.mozilla.jss.crypto.SignatureAlgorithm)
SignatureException(java.security.SignatureException)
AlgorithmIdentifier(org.mozilla.jss.pkix.primitive.AlgorithmIdentifier)
Example 14 with OBJECT_IDENTIFIER
use of org.mozilla.jss.asn1.OBJECT_IDENTIFIER in project jss by dogtagpki.
the class ListCerts method main.
public static void main(String[] args) {
try {
if (args.length != 2) {
System.out.println("Usage: ListCerts <dbdir> <nickname>");
return;
}
String nickname = args[1];
CryptoManager cm = CryptoManager.getInstance();
X509Certificate[] certs = cm.findCertsByNickname(nickname);
System.out.println(certs.length + " certs found with this nickname.");
for (int i = 0; i < certs.length; i++) {
System.out.println("\nSubject: " + certs[i].getSubjectDN());
Certificate cert = (Certificate) ASN1Util.decode(Certificate.getTemplate(), certs[i].getEncoded());
CertificateInfo info = cert.getInfo();
OBJECT_IDENTIFIER sigalg = info.getSignatureAlgId().getOID();
System.out.println("Signature oid " + info.getSignatureAlgId().getOID());
SEQUENCE extensions = info.getExtensions();
for (int j = 0; j < extensions.size(); j++) {
Extension ext = (Extension) extensions.elementAt(i);
OBJECT_IDENTIFIER oid = ext.getExtnId();
OCTET_STRING value = ext.getExtnValue();
System.out.println("Extension " + oid.toString());
if (ext.getCritical()) {
System.out.println("Critical extension: " + oid.toString());
} else {
System.out.println("NON Critical extension: " + oid.toString());
}
}
System.out.println("Convert to JDK cert");
// Convert to JDK certificate
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bais = new ByteArrayInputStream(certs[i].getEncoded());
java.security.cert.X509Certificate jdkCert = (java.security.cert.X509Certificate) cf.generateCertificate(bais);
bais.close();
System.out.println("Subject " + jdkCert.getSubjectX500Principal());
System.out.println("Signature oid " + jdkCert.getSigAlgName());
/* non critical extensions */
Set<String> nonCritSet = jdkCert.getNonCriticalExtensionOIDs();
if (nonCritSet != null && !nonCritSet.isEmpty()) {
for (Iterator<String> j = nonCritSet.iterator(); j.hasNext(); ) {
String oid = j.next();
System.out.println(oid);
}
} else {
System.out.println("no NON Critical Extensions");
}
/* critical extensions */
Set<String> critSet = jdkCert.getCriticalExtensionOIDs();
if (critSet != null && !critSet.isEmpty()) {
System.out.println("Set of critical extensions:");
for (Iterator<String> j = critSet.iterator(); j.hasNext(); ) {
String oid = j.next();
System.out.println(oid);
}
} else {
System.out.println("no Critical Extensions");
}
}
System.out.println("END");
} catch (Exception e) {
e.printStackTrace();
System.exit(1);
}
System.exit(0);
}
Also used :
OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER)
CryptoManager(org.mozilla.jss.CryptoManager)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
Extension(org.mozilla.jss.pkix.cert.Extension)
OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING)
ByteArrayInputStream(java.io.ByteArrayInputStream)
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
CertificateInfo(org.mozilla.jss.pkix.cert.CertificateInfo)
Certificate(org.mozilla.jss.pkix.cert.Certificate)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
Example 15 with OBJECT_IDENTIFIER
use of org.mozilla.jss.asn1.OBJECT_IDENTIFIER in project jss by dogtagpki.
the class Name method main.
public static void main(String[] args) {
try {
if (args.length == 0) {
Name name = new Name();
OBJECT_IDENTIFIER oid;
oid = new OBJECT_IDENTIFIER(new long[] { 2, 5, 4, 10 });
AVA ava = new AVA(oid, new PrintableString("Netscape"));
name.addElement(ava);
oid = new OBJECT_IDENTIFIER(new long[] { 2, 5, 4, 3 });
ava = new AVA(oid, new PrintableString("moi"));
name.addElement(ava);
name.encode(System.out);
} else {
Name.Template temp = new Name.Template();
Name name;
FileInputStream fis = new FileInputStream(args[0]);
try (BufferedInputStream bis = new BufferedInputStream(fis)) {
name = (Name) temp.decode(bis);
}
System.out.println("Got name.");
for (int i = 0; i < name.size(); i++) {
AVA a = name.elementAt(i).at(0);
PrintableString.Template pst = new PrintableString.Template();
PrintableString ps = (PrintableString) pst.decode(new ByteArrayInputStream(a.getValue().getEncoded()));
System.out.println("OID: " + a.getOID() + ", String: " + ps);
}
System.out.println("End of name");
}
} catch (Exception e) {
e.printStackTrace();
}
}
Also used :
PrintableString(org.mozilla.jss.asn1.PrintableString)
BufferedInputStream(java.io.BufferedInputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER)
FileInputStream(java.io.FileInputStream)
InvalidBERException(org.mozilla.jss.asn1.InvalidBERException)
IOException(java.io.IOException)
CharConversionException(java.io.CharConversionException)
ASN1Template(org.mozilla.jss.asn1.ASN1Template)
Aggregations
OBJECT_IDENTIFIER (org.mozilla.jss.asn1.OBJECT_IDENTIFIER)14
SEQUENCE (org.mozilla.jss.asn1.SEQUENCE)10
OCTET_STRING (org.mozilla.jss.asn1.OCTET_STRING)8
ByteArrayInputStream (java.io.ByteArrayInputStream)4
SignatureException (java.security.SignatureException)4
ANY (org.mozilla.jss.asn1.ANY)4
SET (org.mozilla.jss.asn1.SET)4
CryptoToken (org.mozilla.jss.crypto.CryptoToken)4
Signature (org.mozilla.jss.crypto.Signature)4
SignatureAlgorithm (org.mozilla.jss.crypto.SignatureAlgorithm)4
ASN1Value (org.mozilla.jss.asn1.ASN1Value)3
InvalidBERException (org.mozilla.jss.asn1.InvalidBERException)3
Extension (org.mozilla.jss.pkix.cert.Extension)3
AlgorithmIdentifier (org.mozilla.jss.pkix.primitive.AlgorithmIdentifier)3
Attribute (org.mozilla.jss.pkix.primitive.Attribute)3
BMPString (org.mozilla.jss.asn1.BMPString)2
BOOLEAN (org.mozilla.jss.asn1.BOOLEAN)2
PrintableString (org.mozilla.jss.asn1.PrintableString)2
AuthenticatedSafes (org.mozilla.jss.pkcs12.AuthenticatedSafes)2
SafeBag (org.mozilla.jss.pkcs12.SafeBag)2
