use of org.openecard.bouncycastle.asn1.ASN1Sequence in project keystore-explorer by kaikramer.
the class PolicyMappingsTableModel method load.
/**
* Load the PolicyMappingsTableModel with policy mappings.
*
* @param policyMappings
* The policy mappings
*/
public void load(PolicyMappings policyMappings) {
ASN1Sequence policyMappingsSeq = (ASN1Sequence) policyMappings.toASN1Primitive();
// convert and sort
ASN1Encodable[] asn1EncArray = policyMappingsSeq.toArray();
PolicyMapping[] policyMappingsArray = new PolicyMapping[asn1EncArray.length];
for (int i = 0; i < asn1EncArray.length; i++) {
policyMappingsArray[i] = PolicyMapping.getInstance(asn1EncArray[i]);
}
Arrays.sort(policyMappingsArray, new IssuerDomainPolicyComparator());
data = new Object[policyMappingsArray.length][2];
int i = 0;
for (PolicyMapping policyMapping : policyMappingsArray) {
data[i][0] = policyMapping;
data[i][1] = policyMapping;
i++;
}
fireTableDataChanged();
}
use of org.openecard.bouncycastle.asn1.ASN1Sequence in project keystore-explorer by kaikramer.
the class OpenSslPvkUtil method load.
/**
* Load an unencrypted OpenSSL private key from the stream. The encoding of
* the private key may be PEM or DER.
*
* @param is
* Stream to load the unencrypted private key from
* @return The private key
* @throws PrivateKeyEncryptedException
* If private key is encrypted
* @throws CryptoException
* Problem encountered while loading the private key
* @throws IOException
* An I/O error occurred
*/
public static PrivateKey load(InputStream is) throws CryptoException, IOException {
byte[] streamContents = ReadUtil.readFully(is);
EncryptionType encType = getEncryptionType(new ByteArrayInputStream(streamContents));
if (encType == null) {
throw new CryptoException(res.getString("NotValidOpenSsl.exception.message"));
}
if (encType == ENCRYPTED) {
throw new PrivateKeyEncryptedException(res.getString("OpenSslIsEncrypted.exception.message"));
}
// Check if stream is PEM encoded
PemInfo pemInfo = PemUtil.decode(new ByteArrayInputStream(streamContents));
if (pemInfo != null) {
// It is - get DER from PEM
streamContents = pemInfo.getContent();
}
try {
// Read OpenSSL DER structure
ASN1InputStream asn1InputStream = new ASN1InputStream(streamContents);
ASN1Primitive openSsl = asn1InputStream.readObject();
asn1InputStream.close();
if (openSsl instanceof ASN1Sequence) {
ASN1Sequence seq = (ASN1Sequence) openSsl;
if (seq.size() == 9) {
// RSA private key
BigInteger version = ((ASN1Integer) seq.getObjectAt(0)).getValue();
BigInteger modulus = ((ASN1Integer) seq.getObjectAt(1)).getValue();
BigInteger publicExponent = ((ASN1Integer) seq.getObjectAt(2)).getValue();
BigInteger privateExponent = ((ASN1Integer) seq.getObjectAt(3)).getValue();
BigInteger primeP = ((ASN1Integer) seq.getObjectAt(4)).getValue();
BigInteger primeQ = ((ASN1Integer) seq.getObjectAt(5)).getValue();
BigInteger primeExponentP = ((ASN1Integer) seq.getObjectAt(6)).getValue();
BigInteger primeExponenetQ = ((ASN1Integer) seq.getObjectAt(7)).getValue();
BigInteger crtCoefficient = ((ASN1Integer) seq.getObjectAt(8)).getValue();
if (!version.equals(VERSION)) {
throw new CryptoException(MessageFormat.format(res.getString("OpenSslVersionIncorrect.exception.message"), "" + VERSION.intValue(), "" + version.intValue()));
}
RSAPrivateCrtKeySpec rsaPrivateCrtKeySpec = new RSAPrivateCrtKeySpec(modulus, publicExponent, privateExponent, primeP, primeQ, primeExponentP, primeExponenetQ, crtCoefficient);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
return keyFactory.generatePrivate(rsaPrivateCrtKeySpec);
} else if (seq.size() == 6) {
// DSA private key
BigInteger version = ((ASN1Integer) seq.getObjectAt(0)).getValue();
BigInteger primeModulusP = ((ASN1Integer) seq.getObjectAt(1)).getValue();
BigInteger primeQ = ((ASN1Integer) seq.getObjectAt(2)).getValue();
BigInteger generatorG = ((ASN1Integer) seq.getObjectAt(3)).getValue();
// publicExponentY not req for pvk: sequence.getObjectAt(4);
BigInteger secretExponentX = ((ASN1Integer) seq.getObjectAt(5)).getValue();
if (!version.equals(VERSION)) {
throw new CryptoException(MessageFormat.format(res.getString("OpenSslVersionIncorrect.exception.message"), "" + VERSION.intValue(), "" + version.intValue()));
}
DSAPrivateKeySpec dsaPrivateKeySpec = new DSAPrivateKeySpec(secretExponentX, primeModulusP, primeQ, generatorG);
KeyFactory keyFactory = KeyFactory.getInstance("DSA");
return keyFactory.generatePrivate(dsaPrivateKeySpec);
} else if (seq.size() >= 2) {
// EC private key (RFC 5915)
org.bouncycastle.asn1.sec.ECPrivateKey pKey = org.bouncycastle.asn1.sec.ECPrivateKey.getInstance(seq);
AlgorithmIdentifier algId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, pKey.getParameters());
PrivateKeyInfo privInfo = new PrivateKeyInfo(algId, pKey);
return new JcaPEMKeyConverter().getPrivateKey(privInfo);
} else {
throw new CryptoException(MessageFormat.format(res.getString("OpenSslSequenceIncorrectSize.exception.message"), "" + seq.size()));
}
} else {
throw new CryptoException(res.getString("OpenSslSequenceNotFound.exception.message"));
}
} catch (Exception ex) {
throw new CryptoException(res.getString("NoLoadOpenSslPrivateKey.exception.message"), ex);
}
}
use of org.openecard.bouncycastle.asn1.ASN1Sequence in project keystore-explorer by kaikramer.
the class OpenSslPvkUtil method getEncryptionType.
/**
* Detect if a OpenSSL private key is encrypted or not.
*
* @param is
* Input stream containing OpenSSL private key
* @return Encryption type or null if not a valid OpenSSL private key
* @throws IOException
* If an I/O problem occurred
*/
public static EncryptionType getEncryptionType(InputStream is) throws IOException {
byte[] openSsl = ReadUtil.readFully(is);
// In PEM format?
PemInfo pemInfo = PemUtil.decode(new ByteArrayInputStream(openSsl));
if (pemInfo != null) {
String pemType = pemInfo.getType();
// PEM type of OpenSSL?
if (OPENSSL_RSA_PVK_PEM_TYPE.equals(pemType) || OPENSSL_DSA_PVK_PEM_TYPE.equals(pemType) || OPENSSL_EC_PVK_PEM_TYPE.equals(pemType)) {
// Encrypted? It is if PEM contains appropriate header attributes/values
PemAttributes pemAttributes = pemInfo.getAttributes();
if ((pemAttributes != null) && (pemAttributes.get(PROC_TYPE_ATTR_NAME) != null) && (pemAttributes.get(PROC_TYPE_ATTR_NAME).getValue().equals(PROC_TYPE_ATTR_VALUE)) && (pemAttributes.get(DEK_INFO_ATTR_NAME) != null)) {
return ENCRYPTED;
} else {
return UNENCRYPTED;
}
}
}
// In ASN.1 format?
try {
// If OpenSSL will be a sequence of 9 (RSA) or 6 (DSA) integers or 2-4 mixed elements (EC)
ASN1Primitive key = ASN1Primitive.fromByteArray(openSsl);
if (key instanceof ASN1Sequence) {
ASN1Sequence seq = (ASN1Sequence) key;
// }
if ((seq.size() >= 2) && (seq.size() <= 4) && seq.getObjectAt(0) instanceof ASN1Integer) {
BigInteger version = ((ASN1Integer) seq.getObjectAt(0)).getValue();
if (version.equals(VERSION_EC)) {
if (seq.getObjectAt(1) instanceof ASN1OctetString) {
// ASN.1 OpenSSL is always unencrypted
return UNENCRYPTED;
} else {
// Not OpenSSL
return null;
}
}
}
for (int i = 0; i < seq.size(); i++) {
if (!(seq.getObjectAt(i) instanceof ASN1Integer)) {
// Not OpenSSL
return null;
}
}
if ((seq.size() == 9) || (seq.size() == 6)) {
// ASN.1 OpenSSL is always unencrypted
return UNENCRYPTED;
}
}
} catch (IOException ex) {
// Not an OpenSSL file
return null;
}
// Not an OpenSSL file
return null;
}
use of org.openecard.bouncycastle.asn1.ASN1Sequence in project keystore-explorer by kaikramer.
the class Pkcs8Util method getEncryptionType.
/**
* Detect if a PKCS #8 private key is encrypted or not.
*
* @param is
* Input stream containing PKCS #8 private key
* @return Encryption type or null if not a valid PKCS #8 private key
* @throws IOException
* If an I/O problem occurred
*/
public static EncryptionType getEncryptionType(InputStream is) throws IOException {
byte[] pkcs8 = ReadUtil.readFully(is);
PemInfo pemInfo = PemUtil.decode(new ByteArrayInputStream(pkcs8));
// PEM encoded?
if (pemInfo != null) {
String pemType = pemInfo.getType();
// Encrypted in pem format?
if (pemType.equals(Pkcs8Util.PKCS8_ENC_PVK_PEM_TYPE)) {
return ENCRYPTED;
} else // Unencrypted in pem format?
if (pemType.equals(Pkcs8Util.PKCS8_UNENC_PVK_PEM_TYPE)) {
return UNENCRYPTED;
}
}
// In ASN.1 format?
try {
// Read in an ASN.1 and check structure against the following
ASN1Primitive key = ASN1Primitive.fromByteArray(pkcs8);
if (key instanceof ASN1Sequence) {
ASN1Sequence sequence = (ASN1Sequence) key;
// May be unencrypted
if ((sequence.size() == 3) || (sequence.size() == 4)) {
// @formatter:off
/*
* Unencrypted PKCS #8 Private Key:
*
* PrivateKeyInfo ::= ASN1Sequence { version Version,
* privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
* privateKey PrivateKey, attributes [0] IMPLICIT Attributes
* OPTIONAL }
*
* Version ::= ASN1Integer PrivateKeyAlgorithmIdentifier ::=
* AlgorithmIdentifier PrivateKey ::= OCTET STRING
* Attributes ::= SET OF Attribute
*/
// @formatter:on
Object obj1 = sequence.getObjectAt(0);
Object obj2 = sequence.getObjectAt(1);
Object obj3 = sequence.getObjectAt(2);
if (!(obj1 instanceof ASN1Integer)) {
return null;
}
ASN1Integer version = (ASN1Integer) obj1;
if (!version.getValue().equals(BigInteger.ZERO)) {
return null;
}
if (!(obj2 instanceof ASN1Sequence)) {
return null;
}
if (!sequenceIsAlgorithmIdentifier((ASN1Sequence) obj2)) {
return null;
}
if (!(obj3 instanceof ASN1OctetString)) {
return null;
}
return UNENCRYPTED;
} else // May be encrypted
if (sequence.size() == 2) {
// @formatter:off
/*
* Encrypted PKCS #8 Private Key:
*
* EncryptedPrivateKeyInfo ::= ASN1Sequence {
* encryptionAlgorithm EncryptionAlgorithmIdentifier,
* encryptedData EncryptedData }
*
* EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
* EncryptedData ::= OCTET STRING
*/
// @formatter:on
Object obj1 = sequence.getObjectAt(0);
Object obj2 = sequence.getObjectAt(1);
if (!(obj1 instanceof ASN1Sequence)) {
return null;
}
if (!sequenceIsAlgorithmIdentifier((ASN1Sequence) obj1)) {
return null;
}
if (!(obj2 instanceof ASN1OctetString)) {
return null;
}
return ENCRYPTED;
}
}
} catch (Exception ex) {
// Structure not as expected for PKCS #8
return null;
}
return null;
}
use of org.openecard.bouncycastle.asn1.ASN1Sequence in project keystore-explorer by kaikramer.
the class Spkac method decodeSpkac.
private void decodeSpkac(byte[] der) throws SpkacException {
try {
ASN1Sequence signedPublicKeyAndChallenge = ASN1Sequence.getInstance(der);
ASN1Sequence publicKeyAndChallenge = (ASN1Sequence) signedPublicKeyAndChallenge.getObjectAt(0);
ASN1Sequence signatureAlgorithm = (ASN1Sequence) signedPublicKeyAndChallenge.getObjectAt(1);
DERBitString signature = (DERBitString) signedPublicKeyAndChallenge.getObjectAt(2);
ASN1ObjectIdentifier signatureAlgorithmOid = (ASN1ObjectIdentifier) signatureAlgorithm.getObjectAt(0);
ASN1Sequence spki = (ASN1Sequence) publicKeyAndChallenge.getObjectAt(0);
DERIA5String challenge = (DERIA5String) publicKeyAndChallenge.getObjectAt(1);
ASN1Sequence publicKeyAlgorithm = (ASN1Sequence) spki.getObjectAt(0);
DERBitString publicKey = (DERBitString) spki.getObjectAt(1);
ASN1ObjectIdentifier publicKeyAlgorithmOid = (ASN1ObjectIdentifier) publicKeyAlgorithm.getObjectAt(0);
ASN1Primitive algorithmParameters = publicKeyAlgorithm.getObjectAt(1).toASN1Primitive();
this.challenge = challenge.getString();
this.publicKey = decodePublicKeyFromBitString(publicKeyAlgorithmOid, algorithmParameters, publicKey);
this.signatureAlgorithm = getSignatureAlgorithm(signatureAlgorithmOid);
this.signature = signature.getBytes();
} catch (Exception ex) {
throw new SpkacException(res.getString("NoDecodeSpkac.exception.message"), ex);
}
}
Aggregations