Search in sources :

Example 61 with ASN1Integer

use of org.openecard.bouncycastle.asn1.ASN1Integer in project jruby-openssl by jruby.

the class X509Extension method value.

@JRubyMethod
public RubyString value(final ThreadContext context) {
    if (this.value instanceof RubyString) {
        // return the same as set
        return (RubyString) this.value;
    }
    final Ruby runtime = context.runtime;
    final String oid = getRealObjectID().getId();
    try {
        if (oid.equals("2.5.29.19")) {
            // basicConstraints
            ASN1Sequence seq2 = (ASN1Sequence) ASN1.readObject(getRealValueEncoded());
            final ByteList val = new ByteList(32);
            if (seq2.size() > 0) {
                val.append(CA_);
                ASN1Encodable obj0 = seq2.getObjectAt(0);
                final boolean bool;
                if (obj0 instanceof ASN1Boolean) {
                    bool = ((ASN1Boolean) obj0).isTrue();
                } else {
                    // NOTE: keep it due BC <= 1.50
                    bool = ((DERBoolean) obj0).isTrue();
                }
                val.append(bool ? TRUE : FALSE);
            }
            if (seq2.size() > 1) {
                val.append(", pathlen:".getBytes());
                val.append(seq2.getObjectAt(1).toString().getBytes());
            }
            return runtime.newString(val);
        }
        if (oid.equals("2.5.29.15")) {
            // keyUsage
            final byte[] enc = getRealValueEncoded();
            byte b3 = 0;
            byte b2 = enc[2];
            if (enc.length > 3)
                b3 = enc[3];
            final ByteList val = new ByteList(64);
            byte[] sep = _;
            if ((b2 & (byte) 128) != 0) {
                val.append(sep);
                val.append(Decipher_Only);
                sep = SEP;
            }
            if ((b3 & (byte) 128) != 0) {
                val.append(sep);
                val.append(Digital_Signature);
                sep = SEP;
            }
            if ((b3 & (byte) 64) != 0) {
                val.append(sep);
                val.append(Non_Repudiation);
                sep = SEP;
            }
            if ((b3 & (byte) 32) != 0) {
                val.append(sep);
                val.append(Key_Encipherment);
                sep = SEP;
            }
            if ((b3 & (byte) 16) != 0) {
                val.append(sep);
                val.append(Data_Encipherment);
                sep = SEP;
            }
            if ((b3 & (byte) 8) != 0) {
                val.append(sep);
                val.append(Key_Agreement);
                sep = SEP;
            }
            if ((b3 & (byte) 4) != 0) {
                val.append(sep);
                val.append(Certificate_Sign);
                sep = SEP;
            }
            if ((b3 & (byte) 2) != 0) {
                val.append(sep);
                val.append(CRL_Sign);
                sep = SEP;
            }
            if ((b3 & (byte) 1) != 0) {
                // sep = SEP;
                val.append(sep);
                // sep = SEP;
                val.append(Encipher_Only);
            }
            return runtime.newString(val);
        }
        if (oid.equals("2.16.840.1.113730.1.1")) {
            // nsCertType
            final byte b0 = getRealValueEncoded()[0];
            final ByteList val = new ByteList(64);
            byte[] sep = _;
            if ((b0 & (byte) 128) != 0) {
                val.append(sep);
                val.append(SSL_Client);
                sep = SEP;
            }
            if ((b0 & (byte) 64) != 0) {
                val.append(sep);
                val.append(SSL_Server);
                sep = SEP;
            }
            if ((b0 & (byte) 32) != 0) {
                val.append(sep);
                val.append(SMIME);
                sep = SEP;
            }
            if ((b0 & (byte) 16) != 0) {
                val.append(sep);
                val.append(Object_Signing);
                sep = SEP;
            }
            if ((b0 & (byte) 8) != 0) {
                val.append(sep);
                val.append(Unused);
                sep = SEP;
            }
            if ((b0 & (byte) 4) != 0) {
                val.append(sep);
                val.append(SSL_CA);
                sep = SEP;
            }
            if ((b0 & (byte) 2) != 0) {
                val.append(sep);
                val.append(SMIME_CA);
                sep = SEP;
            }
            if ((b0 & (byte) 1) != 0) {
                val.append(sep);
                val.append(Object_Signing_CA);
            }
            return runtime.newString(val);
        }
        if (oid.equals("2.5.29.14")) {
            // subjectKeyIdentifier
            ASN1Encodable value = getRealValue();
            if (value instanceof ASN1OctetString) {
                byte[] octets = ((ASN1OctetString) value).getOctets();
                if (octets.length > 0 && octets[0] == BERTags.OCTET_STRING) {
                    // read nested octets
                    value = ASN1.readObject(octets);
                }
            }
            return runtime.newString(hexBytes(keyidBytes(value.toASN1Primitive()), 0));
        }
        if (oid.equals("2.5.29.35")) {
            // authorityKeyIdentifier
            ASN1Encodable value = getRealValue();
            if (value instanceof ASN1OctetString) {
                value = ASN1.readObject(((ASN1OctetString) value).getOctets());
            }
            final ByteList val = new ByteList(72);
            val.append(keyid_);
            if (value instanceof ASN1Sequence) {
                final ASN1Sequence seq = (ASN1Sequence) value;
                final int size = seq.size();
                if (size == 0)
                    return RubyString.newEmptyString(runtime);
                ASN1Primitive keyid = seq.getObjectAt(0).toASN1Primitive();
                hexBytes(keyidBytes(keyid), val).append('\n');
                for (int i = 1; i < size; i++) {
                    final ASN1Encodable issuer = seq.getObjectAt(i);
                    // NOTE: blindly got OpenSSL tests passing (likely in-complete) :
                    if (issuer instanceof ASN1TaggedObject) {
                        ASN1Primitive obj = ((ASN1TaggedObject) issuer).getObject();
                        switch(((ASN1TaggedObject) issuer).getTagNo()) {
                            case 1:
                                if (obj instanceof ASN1TaggedObject) {
                                    formatGeneralName(GeneralName.getInstance(obj), val, true);
                                }
                                break;
                            case // serial
                            2:
                                val.append(new byte[] { 's', 'e', 'r', 'i', 'a', 'l', ':' });
                                if (obj instanceof ASN1Integer) {
                                    hexBytes(((ASN1Integer) obj).getValue().toByteArray(), val);
                                } else {
                                    hexBytes(((ASN1OctetString) obj).getOctets(), val);
                                }
                                break;
                        }
                    }
                    val.append('\n');
                }
                return runtime.newString(val);
            }
            hexBytes(keyidBytes(value.toASN1Primitive()), val).append('\n');
            return runtime.newString(val);
        }
        if (oid.equals("2.5.29.21")) {
            // CRLReason
            final IRubyObject value = getValue(runtime);
            switch(RubyNumeric.fix2int(value)) {
                case 0:
                    return runtime.newString(new ByteList(Unspecified));
                case 1:
                    return RubyString.newString(runtime, "Key Compromise");
                case 2:
                    return RubyString.newString(runtime, "CA Compromise");
                case 3:
                    return RubyString.newString(runtime, "Affiliation Changed");
                case 4:
                    return RubyString.newString(runtime, "Superseded");
                case 5:
                    return RubyString.newString(runtime, "Cessation Of Operation");
                case 6:
                    return RubyString.newString(runtime, "Certificate Hold");
                case 8:
                    return RubyString.newString(runtime, "Remove From CRL");
                case 9:
                    return RubyString.newString(runtime, "Privilege Withdrawn");
                default:
                    return runtime.newString(new ByteList(Unspecified));
            }
        }
        if (oid.equals("2.5.29.17") || oid.equals("2.5.29.18")) {
            // subjectAltName || issuerAltName
            try {
                ASN1Encodable value = getRealValue();
                final ByteList val = new ByteList(64);
                if (value instanceof ASN1TaggedObject) {
                    formatGeneralName(GeneralName.getInstance(value), val, false);
                    return runtime.newString(val);
                }
                if (value instanceof GeneralName) {
                    formatGeneralName((GeneralName) value, val, false);
                    return runtime.newString(val);
                }
                if (value instanceof ASN1OctetString) {
                    // decoded octets will end up as an ASN1Sequence instance :
                    value = ASN1.readObject(((ASN1OctetString) value).getOctets());
                }
                if (value instanceof ASN1TaggedObject) {
                    // DERTaggedObject (issuerAltName wrapping)
                    formatGeneralName(GeneralName.getInstance(value), val, false);
                    return runtime.newString(val);
                }
                final GeneralName[] names = GeneralNames.getInstance(value).getNames();
                for (int i = 0; i < names.length; i++) {
                    boolean other = formatGeneralName(names[i], val, false);
                    if (i < names.length - 1) {
                        if (other)
                            val.append(';');
                        else
                            val.append(',').append(' ');
                    }
                }
                return runtime.newString(val);
            } catch (IllegalArgumentException e) {
                debugStackTrace(runtime, e);
                return rawValueAsString(context);
            }
        }
        if (oid.equals("2.5.29.37")) {
            // extendedKeyUsage
            final ByteList val = new ByteList(64);
            if (this.value instanceof ASN1Sequence) {
                // opt "short" path
                final ASN1Sequence seq = (ASN1Sequence) this.value;
                final int size = seq.size();
                for (int i = 0; i < size; i++) {
                    ASN1Encodable o = seq.getObjectAt(i);
                    String name = o.toString();
                    Integer nid = ASN1.oid2nid(runtime, new ASN1ObjectIdentifier(name));
                    if (nid != null)
                        name = ASN1.nid2ln(runtime, nid);
                    if (name == null)
                        name = o.toString();
                    val.append(ByteList.plain(name));
                    if (i < size - 1)
                        val.append(',').append(' ');
                }
                return runtime.newString(val);
            }
            final IRubyObject value = getValue(runtime);
            if (value instanceof RubyArray) {
                final RubyArray arr = (RubyArray) value;
                final int size = arr.size();
                for (int i = 0; i < size; i++) {
                    IRubyObject entry = arr.eltInternal(i);
                    if ("ObjectId".equals(entry.getMetaClass().getBaseName())) {
                        entry = entry.callMethod(context, "ln");
                    } else if (entry.respondsTo("value")) {
                        entry = entry.callMethod(context, "value");
                    }
                    val.append(entry.asString().getByteList());
                    if (i < size - 1)
                        val.append(',').append(' ');
                }
            }
            return runtime.newString(val);
        }
        return rawValueAsString(context);
    } catch (IOException e) {
        debugStackTrace(runtime, e);
        throw newExtensionError(runtime, e);
    }
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ByteList(org.jruby.util.ByteList) RubyArray(org.jruby.RubyArray) RubyString(org.jruby.RubyString) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) RubyString(org.jruby.RubyString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) ASN1String(org.bouncycastle.asn1.ASN1String) DERUniversalString(org.bouncycastle.asn1.DERUniversalString) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) IRubyObject(org.jruby.runtime.builtin.IRubyObject) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1Boolean(org.bouncycastle.asn1.ASN1Boolean) GeneralName(org.bouncycastle.asn1.x509.GeneralName) Ruby(org.jruby.Ruby) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) JRubyMethod(org.jruby.anno.JRubyMethod)

Example 62 with ASN1Integer

use of org.openecard.bouncycastle.asn1.ASN1Integer in project jruby-openssl by jruby.

the class PKey method readRSAPrivateKey.

public static KeyPair readRSAPrivateKey(final KeyFactory rsaFactory, final byte[] input) throws IOException, InvalidKeySpecException {
    ASN1Sequence seq = (ASN1Sequence) new ASN1InputStream(input).readObject();
    if (seq.size() == 9) {
        BigInteger mod = ((ASN1Integer) seq.getObjectAt(1)).getValue();
        BigInteger pubexp = ((ASN1Integer) seq.getObjectAt(2)).getValue();
        BigInteger privexp = ((ASN1Integer) seq.getObjectAt(3)).getValue();
        BigInteger primep = ((ASN1Integer) seq.getObjectAt(4)).getValue();
        BigInteger primeq = ((ASN1Integer) seq.getObjectAt(5)).getValue();
        BigInteger primeep = ((ASN1Integer) seq.getObjectAt(6)).getValue();
        BigInteger primeeq = ((ASN1Integer) seq.getObjectAt(7)).getValue();
        BigInteger crtcoeff = ((ASN1Integer) seq.getObjectAt(8)).getValue();
        PrivateKey priv = rsaFactory.generatePrivate(new RSAPrivateCrtKeySpec(mod, pubexp, privexp, primep, primeq, primeep, primeeq, crtcoeff));
        PublicKey pub = rsaFactory.generatePublic(new RSAPublicKeySpec(mod, pubexp));
        return new KeyPair(pub, priv);
    }
    return null;
}
Also used : RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) KeyPair(java.security.KeyPair) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DSAPrivateKey(java.security.interfaces.DSAPrivateKey) ECPrivateKey(java.security.interfaces.ECPrivateKey) PrivateKey(java.security.PrivateKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) DSAPublicKey(java.security.interfaces.DSAPublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) BigInteger(java.math.BigInteger) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec)

Example 63 with ASN1Integer

use of org.openecard.bouncycastle.asn1.ASN1Integer in project jruby-openssl by jruby.

the class PKey method readRSAPublicKey.

public static PublicKey readRSAPublicKey(final KeyFactory rsaFactory, final byte[] input) throws IOException, InvalidKeySpecException {
    ASN1Sequence seq = (ASN1Sequence) new ASN1InputStream(input).readObject();
    if (seq.size() == 2) {
        BigInteger mod = ((ASN1Integer) seq.getObjectAt(0)).getValue();
        BigInteger pubexp = ((ASN1Integer) seq.getObjectAt(1)).getValue();
        return rsaFactory.generatePublic(new RSAPublicKeySpec(mod, pubexp));
    }
    return null;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) BigInteger(java.math.BigInteger) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec)

Example 64 with ASN1Integer

use of org.openecard.bouncycastle.asn1.ASN1Integer in project jruby-openssl by jruby.

the class PKey method toDerRSAKey.

public static byte[] toDerRSAKey(RSAPublicKey pubKey, RSAPrivateCrtKey privKey) throws IOException {
    ASN1EncodableVector vec = new ASN1EncodableVector();
    if (pubKey != null && privKey == null) {
        vec.add(new ASN1Integer(pubKey.getModulus()));
        vec.add(new ASN1Integer(pubKey.getPublicExponent()));
    } else {
        vec.add(new ASN1Integer(BigInteger.ZERO));
        vec.add(new ASN1Integer(privKey.getModulus()));
        vec.add(new ASN1Integer(privKey.getPublicExponent()));
        vec.add(new ASN1Integer(privKey.getPrivateExponent()));
        vec.add(new ASN1Integer(privKey.getPrimeP()));
        vec.add(new ASN1Integer(privKey.getPrimeQ()));
        vec.add(new ASN1Integer(privKey.getPrimeExponentP()));
        vec.add(new ASN1Integer(privKey.getPrimeExponentQ()));
        vec.add(new ASN1Integer(privKey.getCrtCoefficient()));
    }
    return new DLSequence(vec).getEncoded();
}
Also used : DLSequence(org.bouncycastle.asn1.DLSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1Integer(org.bouncycastle.asn1.ASN1Integer)

Example 65 with ASN1Integer

use of org.openecard.bouncycastle.asn1.ASN1Integer in project jruby-openssl by jruby.

the class PKey method readPrivateKey.

public static KeyPair readPrivateKey(final byte[] input, final String type) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
    KeySpec pubSpec;
    KeySpec privSpec;
    ASN1Sequence seq = (ASN1Sequence) new ASN1InputStream(input).readObject();
    if (type.equals("RSA")) {
        ASN1Integer mod = (ASN1Integer) seq.getObjectAt(1);
        ASN1Integer pubExp = (ASN1Integer) seq.getObjectAt(2);
        ASN1Integer privExp = (ASN1Integer) seq.getObjectAt(3);
        ASN1Integer p1 = (ASN1Integer) seq.getObjectAt(4);
        ASN1Integer p2 = (ASN1Integer) seq.getObjectAt(5);
        ASN1Integer exp1 = (ASN1Integer) seq.getObjectAt(6);
        ASN1Integer exp2 = (ASN1Integer) seq.getObjectAt(7);
        ASN1Integer crtCoef = (ASN1Integer) seq.getObjectAt(8);
        pubSpec = new RSAPublicKeySpec(mod.getValue(), pubExp.getValue());
        privSpec = new RSAPrivateCrtKeySpec(mod.getValue(), pubExp.getValue(), privExp.getValue(), p1.getValue(), p2.getValue(), exp1.getValue(), exp2.getValue(), crtCoef.getValue());
    } else if (type.equals("DSA")) {
        ASN1Integer p = (ASN1Integer) seq.getObjectAt(1);
        ASN1Integer q = (ASN1Integer) seq.getObjectAt(2);
        ASN1Integer g = (ASN1Integer) seq.getObjectAt(3);
        ASN1Integer y = (ASN1Integer) seq.getObjectAt(4);
        ASN1Integer x = (ASN1Integer) seq.getObjectAt(5);
        privSpec = new DSAPrivateKeySpec(x.getValue(), p.getValue(), q.getValue(), g.getValue());
        pubSpec = new DSAPublicKeySpec(y.getValue(), p.getValue(), q.getValue(), g.getValue());
    } else if (type.equals("ECDSA")) {
        return readECPrivateKey(input);
    } else {
        throw new IllegalStateException("unsupported type: " + type);
    }
    KeyFactory fact = SecurityHelper.getKeyFactory(type);
    return new KeyPair(fact.generatePublic(pubSpec), fact.generatePrivate(privSpec));
}
Also used : DSAPrivateKeySpec(java.security.spec.DSAPrivateKeySpec) RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) KeyPair(java.security.KeyPair) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec) ECPrivateKeySpec(java.security.spec.ECPrivateKeySpec) KeySpec(java.security.spec.KeySpec) DSAPrivateKeySpec(java.security.spec.DSAPrivateKeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec) ECPublicKeySpec(org.bouncycastle.jce.spec.ECPublicKeySpec) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) KeyFactory(java.security.KeyFactory) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)

Aggregations

ASN1Integer (org.bouncycastle.asn1.ASN1Integer)120 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)54 DERSequence (org.bouncycastle.asn1.DERSequence)48 IOException (java.io.IOException)43 BigInteger (java.math.BigInteger)43 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)39 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)28 DEROctetString (org.bouncycastle.asn1.DEROctetString)21 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)20 ArrayList (java.util.ArrayList)18 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)18 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)15 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)15 X509Certificate (java.security.cert.X509Certificate)14 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)14 Date (java.util.Date)12 DLSequence (org.bouncycastle.asn1.DLSequence)12 KeyPair (java.security.KeyPair)11 HashMap (java.util.HashMap)11 HashSet (java.util.HashSet)11