Example 41 with ASN1OctetString
use of org.openecard.bouncycastle.asn1.ASN1OctetString in project xipki by xipki.
the class ProxyP11Identity method sign0.
@Override
protected byte[] sign0(long mechanism, P11Params parameters, byte[] content) throws P11TokenException {
Asn1P11EntityIdentifier asn1EntityId = new Asn1P11EntityIdentifier(identityId);
Asn1P11Params p11Param = null;
if (parameters != null) {
if (parameters instanceof P11RSAPkcsPssParams) {
p11Param = new Asn1P11Params(Asn1P11Params.TAG_RSA_PKCS_PSS, new Asn1RSAPkcsPssParams((P11RSAPkcsPssParams) parameters));
} else if (parameters instanceof P11ByteArrayParams) {
byte[] bytes = ((P11ByteArrayParams) parameters).getBytes();
p11Param = new Asn1P11Params(Asn1P11Params.TAG_OPAQUE, new DEROctetString(bytes));
} else if (parameters instanceof P11IVParams) {
p11Param = new Asn1P11Params(Asn1P11Params.TAG_IV, new DEROctetString(((P11IVParams) parameters).getIV()));
} else {
throw new IllegalArgumentException("unkown parameter 'parameters'");
}
}
Asn1SignTemplate signTemplate = new Asn1SignTemplate(asn1EntityId, mechanism, p11Param, content);
byte[] result = ((ProxyP11Slot) slot).getModule().send(P11ProxyConstants.ACTION_SIGN, signTemplate);
ASN1OctetString octetString;
try {
octetString = DEROctetString.getInstance(result);
} catch (IllegalArgumentException ex) {
throw new P11TokenException("the returned result is not OCTET STRING");
}
return (octetString == null) ? null : octetString.getOctets();
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)
Asn1P11Params(org.xipki.p11proxy.msg.Asn1P11Params)
P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams)
Asn1SignTemplate(org.xipki.p11proxy.msg.Asn1SignTemplate)
P11TokenException(org.xipki.security.exception.P11TokenException)
Asn1RSAPkcsPssParams(org.xipki.p11proxy.msg.Asn1RSAPkcsPssParams)
P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11RSAPkcsPssParams)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
P11IVParams(org.xipki.security.pkcs11.P11IVParams)
Example 42 with ASN1OctetString
use of org.openecard.bouncycastle.asn1.ASN1OctetString in project xipki by xipki.
the class ProxyP11Identity method digestSecretKey0.
@Override
protected byte[] digestSecretKey0(long mechanism) throws P11TokenException {
Asn1P11EntityIdentifier asn1EntityId = new Asn1P11EntityIdentifier(identityId);
Asn1DigestSecretKeyTemplate template = new Asn1DigestSecretKeyTemplate(asn1EntityId, mechanism);
byte[] result = ((ProxyP11Slot) slot).getModule().send(P11ProxyConstants.ACTION_DIGEST_SECRETKEY, template);
ASN1OctetString octetString;
try {
octetString = DEROctetString.getInstance(result);
} catch (IllegalArgumentException ex) {
throw new P11TokenException("the returned result is not OCTET STRING");
}
return (octetString == null) ? null : octetString.getOctets();
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)
Asn1DigestSecretKeyTemplate(org.xipki.p11proxy.msg.Asn1DigestSecretKeyTemplate)
P11TokenException(org.xipki.security.exception.P11TokenException)
Example 43 with ASN1OctetString
use of org.openecard.bouncycastle.asn1.ASN1OctetString in project fabric-sdk-java by hyperledger.
the class HFCAClientIT method testCertificateRevoke.
// Tests revoking a certificate
@Test
public void testCertificateRevoke() throws Exception {
SampleUser user = getTestUser(TEST_USER1_ORG);
if (!user.isRegistered()) {
RegistrationRequest rr = new RegistrationRequest(user.getName(), TEST_USER1_AFFILIATION);
String password = "testUserRevoke";
rr.setSecret(password);
rr.addAttribute(new Attribute("user.role", "department lead"));
rr.addAttribute(new Attribute(HFCAClient.HFCA_ATTRIBUTE_HFREVOKER, "true"));
// Admin can register other users.
user.setEnrollmentSecret(client.register(rr, admin));
if (!user.getEnrollmentSecret().equals(password)) {
fail("Secret returned from RegistrationRequest not match : " + user.getEnrollmentSecret());
}
}
if (!user.isEnrolled()) {
EnrollmentRequest req = new EnrollmentRequest(DEFAULT_PROFILE_NAME, "label 2", null);
req.addHost("example3.ibm.com");
user.setEnrollment(client.enroll(user.getName(), user.getEnrollmentSecret(), req));
}
// verify
String cert = user.getEnrollment().getCert();
BufferedInputStream pem = new BufferedInputStream(new ByteArrayInputStream(cert.getBytes()));
CertificateFactory certFactory = CertificateFactory.getInstance(Config.getConfig().getCertificateFormat());
X509Certificate certificate = (X509Certificate) certFactory.generateCertificate(pem);
// get its serial number
String serial = DatatypeConverter.printHexBinary(certificate.getSerialNumber().toByteArray());
// get its aki
// 2.5.29.35 : AuthorityKeyIdentifier
byte[] extensionValue = certificate.getExtensionValue(Extension.authorityKeyIdentifier.getId());
ASN1OctetString akiOc = ASN1OctetString.getInstance(extensionValue);
String aki = DatatypeConverter.printHexBinary(AuthorityKeyIdentifier.getInstance(akiOc.getOctets()).getKeyIdentifier());
int startedWithRevokes = -1;
if (!testConfig.isRunningAgainstFabric10()) {
// prevent clock skewing. make sure we request started with revokes.
Thread.sleep(1000);
// one more after we do this revoke.
startedWithRevokes = getRevokes(null).length;
// prevent clock skewing. make sure we request started with revokes.
Thread.sleep(1000);
}
// revoke all enrollment of this user
client.revoke(admin, serial, aki, "revoke certificate");
if (!testConfig.isRunningAgainstFabric10()) {
final int newRevokes = getRevokes(null).length;
assertEquals(format("Expected one more revocation %d, but got %d", startedWithRevokes + 1, newRevokes), startedWithRevokes + 1, newRevokes);
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
EnrollmentRequest(org.hyperledger.fabric_ca.sdk.EnrollmentRequest)
Attribute(org.hyperledger.fabric_ca.sdk.Attribute)
BufferedInputStream(java.io.BufferedInputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
RegistrationRequest(org.hyperledger.fabric_ca.sdk.RegistrationRequest)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
SampleUser(org.hyperledger.fabric.sdkintegration.SampleUser)
Test(org.junit.Test)
Example 44 with ASN1OctetString
use of org.openecard.bouncycastle.asn1.ASN1OctetString in project jruby-openssl by jruby.
the class X509Extension method value.
@JRubyMethod
public RubyString value(final ThreadContext context) {
if (this.value instanceof RubyString) {
// return the same as set
return (RubyString) this.value;
}
final Ruby runtime = context.runtime;
final String oid = getRealObjectID().getId();
try {
if (oid.equals("2.5.29.19")) {
// basicConstraints
ASN1Sequence seq2 = (ASN1Sequence) ASN1.readObject(getRealValueEncoded());
final ByteList val = new ByteList(32);
if (seq2.size() > 0) {
val.append(CA_);
ASN1Encodable obj0 = seq2.getObjectAt(0);
final boolean bool;
if (obj0 instanceof ASN1Boolean) {
bool = ((ASN1Boolean) obj0).isTrue();
} else {
// NOTE: keep it due BC <= 1.50
bool = ((DERBoolean) obj0).isTrue();
}
val.append(bool ? TRUE : FALSE);
}
if (seq2.size() > 1) {
val.append(", pathlen:".getBytes());
val.append(seq2.getObjectAt(1).toString().getBytes());
}
return runtime.newString(val);
}
if (oid.equals("2.5.29.15")) {
// keyUsage
final byte[] enc = getRealValueEncoded();
byte b3 = 0;
byte b2 = enc[2];
if (enc.length > 3)
b3 = enc[3];
final ByteList val = new ByteList(64);
byte[] sep = _;
if ((b2 & (byte) 128) != 0) {
val.append(sep);
val.append(Decipher_Only);
sep = SEP;
}
if ((b3 & (byte) 128) != 0) {
val.append(sep);
val.append(Digital_Signature);
sep = SEP;
}
if ((b3 & (byte) 64) != 0) {
val.append(sep);
val.append(Non_Repudiation);
sep = SEP;
}
if ((b3 & (byte) 32) != 0) {
val.append(sep);
val.append(Key_Encipherment);
sep = SEP;
}
if ((b3 & (byte) 16) != 0) {
val.append(sep);
val.append(Data_Encipherment);
sep = SEP;
}
if ((b3 & (byte) 8) != 0) {
val.append(sep);
val.append(Key_Agreement);
sep = SEP;
}
if ((b3 & (byte) 4) != 0) {
val.append(sep);
val.append(Certificate_Sign);
sep = SEP;
}
if ((b3 & (byte) 2) != 0) {
val.append(sep);
val.append(CRL_Sign);
sep = SEP;
}
if ((b3 & (byte) 1) != 0) {
// sep = SEP;
val.append(sep);
// sep = SEP;
val.append(Encipher_Only);
}
return runtime.newString(val);
}
if (oid.equals("2.16.840.1.113730.1.1")) {
// nsCertType
final byte b0 = getRealValueEncoded()[0];
final ByteList val = new ByteList(64);
byte[] sep = _;
if ((b0 & (byte) 128) != 0) {
val.append(sep);
val.append(SSL_Client);
sep = SEP;
}
if ((b0 & (byte) 64) != 0) {
val.append(sep);
val.append(SSL_Server);
sep = SEP;
}
if ((b0 & (byte) 32) != 0) {
val.append(sep);
val.append(SMIME);
sep = SEP;
}
if ((b0 & (byte) 16) != 0) {
val.append(sep);
val.append(Object_Signing);
sep = SEP;
}
if ((b0 & (byte) 8) != 0) {
val.append(sep);
val.append(Unused);
sep = SEP;
}
if ((b0 & (byte) 4) != 0) {
val.append(sep);
val.append(SSL_CA);
sep = SEP;
}
if ((b0 & (byte) 2) != 0) {
val.append(sep);
val.append(SMIME_CA);
sep = SEP;
}
if ((b0 & (byte) 1) != 0) {
val.append(sep);
val.append(Object_Signing_CA);
}
return runtime.newString(val);
}
if (oid.equals("2.5.29.14")) {
// subjectKeyIdentifier
ASN1Encodable value = getRealValue();
if (value instanceof ASN1OctetString) {
byte[] octets = ((ASN1OctetString) value).getOctets();
if (octets.length > 0 && octets[0] == BERTags.OCTET_STRING) {
// read nested octets
value = ASN1.readObject(octets);
}
}
return runtime.newString(hexBytes(keyidBytes(value.toASN1Primitive()), 0));
}
if (oid.equals("2.5.29.35")) {
// authorityKeyIdentifier
ASN1Encodable value = getRealValue();
if (value instanceof ASN1OctetString) {
value = ASN1.readObject(((ASN1OctetString) value).getOctets());
}
final ByteList val = new ByteList(72);
val.append(keyid_);
if (value instanceof ASN1Sequence) {
final ASN1Sequence seq = (ASN1Sequence) value;
final int size = seq.size();
if (size == 0)
return RubyString.newEmptyString(runtime);
ASN1Primitive keyid = seq.getObjectAt(0).toASN1Primitive();
hexBytes(keyidBytes(keyid), val).append('\n');
for (int i = 1; i < size; i++) {
final ASN1Encodable issuer = seq.getObjectAt(i);
// NOTE: blindly got OpenSSL tests passing (likely in-complete) :
if (issuer instanceof ASN1TaggedObject) {
ASN1Primitive obj = ((ASN1TaggedObject) issuer).getObject();
switch(((ASN1TaggedObject) issuer).getTagNo()) {
case 1:
if (obj instanceof ASN1TaggedObject) {
formatGeneralName(GeneralName.getInstance(obj), val, true);
}
break;
case // serial
2:
val.append(new byte[] { 's', 'e', 'r', 'i', 'a', 'l', ':' });
if (obj instanceof ASN1Integer) {
hexBytes(((ASN1Integer) obj).getValue().toByteArray(), val);
} else {
hexBytes(((ASN1OctetString) obj).getOctets(), val);
}
break;
}
}
val.append('\n');
}
return runtime.newString(val);
}
hexBytes(keyidBytes(value.toASN1Primitive()), val).append('\n');
return runtime.newString(val);
}
if (oid.equals("2.5.29.21")) {
// CRLReason
final IRubyObject value = getValue(runtime);
switch(RubyNumeric.fix2int(value)) {
case 0:
return runtime.newString(new ByteList(Unspecified));
case 1:
return RubyString.newString(runtime, "Key Compromise");
case 2:
return RubyString.newString(runtime, "CA Compromise");
case 3:
return RubyString.newString(runtime, "Affiliation Changed");
case 4:
return RubyString.newString(runtime, "Superseded");
case 5:
return RubyString.newString(runtime, "Cessation Of Operation");
case 6:
return RubyString.newString(runtime, "Certificate Hold");
case 8:
return RubyString.newString(runtime, "Remove From CRL");
case 9:
return RubyString.newString(runtime, "Privilege Withdrawn");
default:
return runtime.newString(new ByteList(Unspecified));
}
}
if (oid.equals("2.5.29.17") || oid.equals("2.5.29.18")) {
// subjectAltName || issuerAltName
try {
ASN1Encodable value = getRealValue();
final ByteList val = new ByteList(64);
if (value instanceof ASN1TaggedObject) {
formatGeneralName(GeneralName.getInstance(value), val, false);
return runtime.newString(val);
}
if (value instanceof GeneralName) {
formatGeneralName((GeneralName) value, val, false);
return runtime.newString(val);
}
if (value instanceof ASN1OctetString) {
// decoded octets will end up as an ASN1Sequence instance :
value = ASN1.readObject(((ASN1OctetString) value).getOctets());
}
if (value instanceof ASN1TaggedObject) {
// DERTaggedObject (issuerAltName wrapping)
formatGeneralName(GeneralName.getInstance(value), val, false);
return runtime.newString(val);
}
final GeneralName[] names = GeneralNames.getInstance(value).getNames();
for (int i = 0; i < names.length; i++) {
boolean other = formatGeneralName(names[i], val, false);
if (i < names.length - 1) {
if (other)
val.append(';');
else
val.append(',').append(' ');
}
}
return runtime.newString(val);
} catch (IllegalArgumentException e) {
debugStackTrace(runtime, e);
return rawValueAsString(context);
}
}
if (oid.equals("2.5.29.37")) {
// extendedKeyUsage
final ByteList val = new ByteList(64);
if (this.value instanceof ASN1Sequence) {
// opt "short" path
final ASN1Sequence seq = (ASN1Sequence) this.value;
final int size = seq.size();
for (int i = 0; i < size; i++) {
ASN1Encodable o = seq.getObjectAt(i);
String name = o.toString();
Integer nid = ASN1.oid2nid(runtime, new ASN1ObjectIdentifier(name));
if (nid != null)
name = ASN1.nid2ln(runtime, nid);
if (name == null)
name = o.toString();
val.append(ByteList.plain(name));
if (i < size - 1)
val.append(',').append(' ');
}
return runtime.newString(val);
}
final IRubyObject value = getValue(runtime);
if (value instanceof RubyArray) {
final RubyArray arr = (RubyArray) value;
final int size = arr.size();
for (int i = 0; i < size; i++) {
IRubyObject entry = arr.eltInternal(i);
if ("ObjectId".equals(entry.getMetaClass().getBaseName())) {
entry = entry.callMethod(context, "ln");
} else if (entry.respondsTo("value")) {
entry = entry.callMethod(context, "value");
}
val.append(entry.asString().getByteList());
if (i < size - 1)
val.append(',').append(' ');
}
}
return runtime.newString(val);
}
return rawValueAsString(context);
} catch (IOException e) {
debugStackTrace(runtime, e);
throw newExtensionError(runtime, e);
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ByteList(org.jruby.util.ByteList)
RubyArray(org.jruby.RubyArray)
RubyString(org.jruby.RubyString)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
RubyString(org.jruby.RubyString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
ASN1String(org.bouncycastle.asn1.ASN1String)
DERUniversalString(org.bouncycastle.asn1.DERUniversalString)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
IRubyObject(org.jruby.runtime.builtin.IRubyObject)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1Boolean(org.bouncycastle.asn1.ASN1Boolean)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Ruby(org.jruby.Ruby)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
JRubyMethod(org.jruby.anno.JRubyMethod)
Example 45 with ASN1OctetString
use of org.openecard.bouncycastle.asn1.ASN1OctetString in project jruby-openssl by jruby.
the class X509Extension method formatGeneralName.
@SuppressWarnings("unchecked")
private static boolean formatGeneralName(final GeneralName name, final ByteList out, final boolean slashed) {
final ASN1Encodable obj = name.getName();
String val;
boolean tagged = false;
switch(name.getTagNo()) {
case GeneralName.rfc822Name:
if (!tagged)
out.append('e').append('m').append('a').append('i').append('l').append(':');
tagged = true;
case GeneralName.dNSName:
if (!tagged)
out.append('D').append('N').append('S').append(':');
tagged = true;
case GeneralName.uniformResourceIdentifier:
if (!tagged)
out.append('U').append('R').append('I').append(':');
val = DERIA5String.getInstance(obj).getString();
out.append(ByteList.plain(val));
break;
case GeneralName.directoryName:
out.append('D').append('i').append('r').append('N').append('a').append('m').append('e').append(':');
final X500Name dirName = X500Name.getInstance(obj);
if (slashed) {
final RDN[] rdns = dirName.getRDNs();
final Hashtable defaultSymbols = getDefaultSymbols();
for (int i = 0; i < rdns.length; i++) {
appendRDN(out.append('/'), rdns[i], defaultSymbols);
}
} else {
out.append(ByteList.plain(dirName.toString()));
}
break;
case GeneralName.iPAddress:
out.append('I').append('P').append(':');
final byte[] ip = ((ASN1OctetString) name.getName()).getOctets();
int len = ip.length;
boolean ip4 = len == 4;
if (ip4) {
for (int i = 0; i < ip.length; i++) {
out.append(ConvertBytes.intToCharBytes(((int) ip[i]) & 0xff));
if (i != len - 1)
out.append('.');
}
} else {
for (int i = 0; i < ip.length; i += 2) {
out.append(ConvertBytes.intToHexBytes(((ip[i] & 0xff) << 8 | (ip[i + 1] & 0xff))));
if (i != len - 2)
out.append(':');
}
}
break;
case GeneralName.otherName:
out.append('o').append('t').append('h').append('e').append('r').append('N').append('a').append('m').append('e').append(':');
out.append(ByteList.plain(obj.toString()));
return true;
// tagged = true;
case GeneralName.registeredID:
out.append('R').append('I').append('D').append(':');
// tagged = true;
default:
out.append(ByteList.plain(obj.toString()));
}
return false;
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
Hashtable(java.util.Hashtable)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
RubyString(org.jruby.RubyString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
ASN1String(org.bouncycastle.asn1.ASN1String)
DERUniversalString(org.bouncycastle.asn1.DERUniversalString)
X500Name(org.bouncycastle.asn1.x500.X500Name)
RDN(org.bouncycastle.asn1.x500.RDN)
Aggregations
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)79
IOException (java.io.IOException)37
DEROctetString (org.bouncycastle.asn1.DEROctetString)25
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)23
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)19
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)19
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)15
X509Certificate (java.security.cert.X509Certificate)14
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)14
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)14
ByteArrayInputStream (java.io.ByteArrayInputStream)12
Enumeration (java.util.Enumeration)12
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)12
DERBitString (org.bouncycastle.asn1.DERBitString)12
DERBMPString (org.bouncycastle.asn1.DERBMPString)11
DERIA5String (org.bouncycastle.asn1.DERIA5String)11
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)11
ASN1OctetString (com.unboundid.asn1.ASN1OctetString)10
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)10
CertificateException (java.security.cert.CertificateException)10
