Search in sources :

Example 16 with ASN1Set

use of org.openecard.bouncycastle.asn1.ASN1Set in project xipki by xipki.

the class ExtractCertFromCrlCmd method execute0.

@Override
protected Object execute0() throws Exception {
    X509CRL crl = X509Util.parseCrl(crlFile);
    String oidExtnCerts = ObjectIdentifiers.id_xipki_ext_crlCertset.getId();
    byte[] extnValue = crl.getExtensionValue(oidExtnCerts);
    if (extnValue == null) {
        throw new IllegalCmdParamException("no certificate is contained in " + crlFile);
    }
    extnValue = removingTagAndLenFromExtensionValue(extnValue);
    ASN1Set asn1Set = DERSet.getInstance(extnValue);
    final int n = asn1Set.size();
    if (n == 0) {
        throw new CmdFailure("no certificate is contained in " + crlFile);
    }
    ByteArrayOutputStream out = new ByteArrayOutputStream();
    ZipOutputStream zip = new ZipOutputStream(out);
    for (int i = 0; i < n; i++) {
        ASN1Encodable asn1 = asn1Set.getObjectAt(i);
        Certificate cert;
        try {
            ASN1Sequence seq = ASN1Sequence.getInstance(asn1);
            cert = Certificate.getInstance(seq.getObjectAt(0));
        } catch (IllegalArgumentException ex) {
            // backwards compatibility
            cert = Certificate.getInstance(asn1);
        }
        byte[] certBytes = cert.getEncoded();
        String sha1FpCert = HashAlgo.SHA1.hexHash(certBytes);
        ZipEntry certZipEntry = new ZipEntry(sha1FpCert + ".der");
        zip.putNextEntry(certZipEntry);
        try {
            zip.write(certBytes);
        } finally {
            zip.closeEntry();
        }
    }
    zip.flush();
    zip.close();
    saveVerbose("extracted " + n + " certificates to", new File(outFile), out.toByteArray());
    return null;
}
Also used : X509CRL(java.security.cert.X509CRL) ZipEntry(java.util.zip.ZipEntry) DEROctetString(org.bouncycastle.asn1.DEROctetString) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1Set(org.bouncycastle.asn1.ASN1Set) CmdFailure(org.xipki.console.karaf.CmdFailure) ZipOutputStream(java.util.zip.ZipOutputStream) IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) File(java.io.File) Certificate(org.bouncycastle.asn1.x509.Certificate)

Example 17 with ASN1Set

use of org.openecard.bouncycastle.asn1.ASN1Set in project keepass2android by PhilippC.

the class ASN1Dump method _dumpAsString.

/**
 * dump a DER object as a formatted string with indentation
 *
 * @param obj the DERObject to be dumped out.
 */
static void _dumpAsString(String indent, boolean verbose, DERObject obj, StringBuffer buf) {
    String nl = System.getProperty("line.separator");
    if (obj instanceof ASN1Sequence) {
        Enumeration e = ((ASN1Sequence) obj).getObjects();
        String tab = indent + TAB;
        buf.append(indent);
        if (obj instanceof BERConstructedSequence) {
            buf.append("BER ConstructedSequence");
        } else if (obj instanceof DERConstructedSequence) {
            buf.append("DER ConstructedSequence");
        } else if (obj instanceof BERSequence) {
            buf.append("BER Sequence");
        } else if (obj instanceof DERSequence) {
            buf.append("DER Sequence");
        } else {
            buf.append("Sequence");
        }
        buf.append(nl);
        while (e.hasMoreElements()) {
            Object o = e.nextElement();
            if (o == null || o.equals(new DERNull())) {
                buf.append(tab);
                buf.append("NULL");
                buf.append(nl);
            } else if (o instanceof DERObject) {
                _dumpAsString(tab, verbose, (DERObject) o, buf);
            } else {
                _dumpAsString(tab, verbose, ((DEREncodable) o).getDERObject(), buf);
            }
        }
    } else if (obj instanceof DERTaggedObject) {
        String tab = indent + TAB;
        buf.append(indent);
        if (obj instanceof BERTaggedObject) {
            buf.append("BER Tagged [");
        } else {
            buf.append("Tagged [");
        }
        DERTaggedObject o = (DERTaggedObject) obj;
        buf.append(Integer.toString(o.getTagNo()));
        buf.append(']');
        if (!o.isExplicit()) {
            buf.append(" IMPLICIT ");
        }
        buf.append(nl);
        if (o.isEmpty()) {
            buf.append(tab);
            buf.append("EMPTY");
            buf.append(nl);
        } else {
            _dumpAsString(tab, verbose, o.getObject(), buf);
        }
    } else if (obj instanceof DERConstructedSet) {
        Enumeration e = ((ASN1Set) obj).getObjects();
        String tab = indent + TAB;
        buf.append(indent);
        buf.append("ConstructedSet");
        buf.append(nl);
        while (e.hasMoreElements()) {
            Object o = e.nextElement();
            if (o == null) {
                buf.append(tab);
                buf.append("NULL");
                buf.append(nl);
            } else if (o instanceof DERObject) {
                _dumpAsString(tab, verbose, (DERObject) o, buf);
            } else {
                _dumpAsString(tab, verbose, ((DEREncodable) o).getDERObject(), buf);
            }
        }
    } else if (obj instanceof BERSet) {
        Enumeration e = ((ASN1Set) obj).getObjects();
        String tab = indent + TAB;
        buf.append(indent);
        buf.append("BER Set");
        buf.append(nl);
        while (e.hasMoreElements()) {
            Object o = e.nextElement();
            if (o == null) {
                buf.append(tab);
                buf.append("NULL");
                buf.append(nl);
            } else if (o instanceof DERObject) {
                _dumpAsString(tab, verbose, (DERObject) o, buf);
            } else {
                _dumpAsString(tab, verbose, ((DEREncodable) o).getDERObject(), buf);
            }
        }
    } else if (obj instanceof DERSet) {
        Enumeration e = ((ASN1Set) obj).getObjects();
        String tab = indent + TAB;
        buf.append(indent);
        buf.append("DER Set");
        buf.append(nl);
        while (e.hasMoreElements()) {
            Object o = e.nextElement();
            if (o == null) {
                buf.append(tab);
                buf.append("NULL");
                buf.append(nl);
            } else if (o instanceof DERObject) {
                _dumpAsString(tab, verbose, (DERObject) o, buf);
            } else {
                _dumpAsString(tab, verbose, ((DEREncodable) o).getDERObject(), buf);
            }
        }
    } else if (obj instanceof DERObjectIdentifier) {
        buf.append(indent + "ObjectIdentifier(" + ((DERObjectIdentifier) obj).getId() + ")" + nl);
    } else if (obj instanceof DERBoolean) {
        buf.append(indent + "Boolean(" + ((DERBoolean) obj).isTrue() + ")" + nl);
    } else if (obj instanceof DERInteger) {
        buf.append(indent + "Integer(" + ((DERInteger) obj).getValue() + ")" + nl);
    } else if (obj instanceof BERConstructedOctetString) {
        ASN1OctetString oct = (ASN1OctetString) obj;
        buf.append(indent + "BER Constructed Octet String" + "[" + oct.getOctets().length + "] ");
        if (verbose) {
            buf.append(dumpBinaryDataAsString(indent, oct.getOctets()));
        } else {
            buf.append(nl);
        }
    } else if (obj instanceof DEROctetString) {
        ASN1OctetString oct = (ASN1OctetString) obj;
        buf.append(indent + "DER Octet String" + "[" + oct.getOctets().length + "] ");
        if (verbose) {
            buf.append(dumpBinaryDataAsString(indent, oct.getOctets()));
        } else {
            buf.append(nl);
        }
    } else if (obj instanceof DERBitString) {
        DERBitString bt = (DERBitString) obj;
        buf.append(indent + "DER Bit String" + "[" + bt.getBytes().length + ", " + bt.getPadBits() + "] ");
        if (verbose) {
            buf.append(dumpBinaryDataAsString(indent, bt.getBytes()));
        } else {
            buf.append(nl);
        }
    } else if (obj instanceof DERIA5String) {
        buf.append(indent + "IA5String(" + ((DERIA5String) obj).getString() + ") " + nl);
    } else if (obj instanceof DERUTF8String) {
        buf.append(indent + "UTF8String(" + ((DERUTF8String) obj).getString() + ") " + nl);
    } else if (obj instanceof DERPrintableString) {
        buf.append(indent + "PrintableString(" + ((DERPrintableString) obj).getString() + ") " + nl);
    } else if (obj instanceof DERVisibleString) {
        buf.append(indent + "VisibleString(" + ((DERVisibleString) obj).getString() + ") " + nl);
    } else if (obj instanceof DERBMPString) {
        buf.append(indent + "BMPString(" + ((DERBMPString) obj).getString() + ") " + nl);
    } else if (obj instanceof DERT61String) {
        buf.append(indent + "T61String(" + ((DERT61String) obj).getString() + ") " + nl);
    } else if (obj instanceof DERUTCTime) {
        buf.append(indent + "UTCTime(" + ((DERUTCTime) obj).getTime() + ") " + nl);
    } else if (obj instanceof DERGeneralizedTime) {
        buf.append(indent + "GeneralizedTime(" + ((DERGeneralizedTime) obj).getTime() + ") " + nl);
    } else if (obj instanceof DERUnknownTag) {
        buf.append(indent + "Unknown " + Integer.toString(((DERUnknownTag) obj).getTag(), 16) + " " + new String(Hex.encode(((DERUnknownTag) obj).getData())) + nl);
    } else if (obj instanceof BERApplicationSpecific) {
        buf.append(outputApplicationSpecific("BER", indent, verbose, obj, nl));
    } else if (obj instanceof DERApplicationSpecific) {
        buf.append(outputApplicationSpecific("DER", indent, verbose, obj, nl));
    } else if (obj instanceof DEREnumerated) {
        DEREnumerated en = (DEREnumerated) obj;
        buf.append(indent + "DER Enumerated(" + en.getValue() + ")" + nl);
    } else if (obj instanceof DERExternal) {
        DERExternal ext = (DERExternal) obj;
        buf.append(indent + "External " + nl);
        String tab = indent + TAB;
        if (ext.getDirectReference() != null) {
            buf.append(tab + "Direct Reference: " + ext.getDirectReference().getId() + nl);
        }
        if (ext.getIndirectReference() != null) {
            buf.append(tab + "Indirect Reference: " + ext.getIndirectReference().toString() + nl);
        }
        if (ext.getDataValueDescriptor() != null) {
            _dumpAsString(tab, verbose, ext.getDataValueDescriptor(), buf);
        }
        buf.append(tab + "Encoding: " + ext.getEncoding() + nl);
        _dumpAsString(tab, verbose, ext.getExternalContent(), buf);
    } else {
        buf.append(indent + obj.toString() + nl);
    }
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERApplicationSpecific(org.bouncycastle.asn1.DERApplicationSpecific) DERBitString(org.bouncycastle.asn1.DERBitString) BERConstructedOctetString(org.bouncycastle.asn1.BERConstructedOctetString) DEROctetString(org.bouncycastle.asn1.DEROctetString) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERT61String(org.bouncycastle.asn1.DERT61String) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERVisibleString(org.bouncycastle.asn1.DERVisibleString) DERSet(org.bouncycastle.asn1.DERSet) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERInteger(org.bouncycastle.asn1.DERInteger) DERSequence(org.bouncycastle.asn1.DERSequence) DERObject(org.bouncycastle.asn1.DERObject) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERGeneralizedTime(org.bouncycastle.asn1.DERGeneralizedTime) DERConstructedSet(org.bouncycastle.asn1.DERConstructedSet) DERUTCTime(org.bouncycastle.asn1.DERUTCTime) DERNull(org.bouncycastle.asn1.DERNull) DERExternal(org.bouncycastle.asn1.DERExternal) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERVisibleString(org.bouncycastle.asn1.DERVisibleString) BERTaggedObject(org.bouncycastle.asn1.BERTaggedObject) BERApplicationSpecific(org.bouncycastle.asn1.BERApplicationSpecific) BERConstructedOctetString(org.bouncycastle.asn1.BERConstructedOctetString) DERBoolean(org.bouncycastle.asn1.DERBoolean) BERSet(org.bouncycastle.asn1.BERSet) Enumeration(java.util.Enumeration) DERBMPString(org.bouncycastle.asn1.DERBMPString) BERConstructedSequence(org.bouncycastle.asn1.BERConstructedSequence) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) BERSequence(org.bouncycastle.asn1.BERSequence) DERBitString(org.bouncycastle.asn1.DERBitString) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) DERUnknownTag(org.bouncycastle.asn1.DERUnknownTag) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DEREnumerated(org.bouncycastle.asn1.DEREnumerated) ASN1Set(org.bouncycastle.asn1.ASN1Set) DERT61String(org.bouncycastle.asn1.DERT61String) DEREncodable(org.bouncycastle.asn1.DEREncodable) DERObject(org.bouncycastle.asn1.DERObject) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) BERTaggedObject(org.bouncycastle.asn1.BERTaggedObject) DERConstructedSequence(org.bouncycastle.asn1.DERConstructedSequence)

Example 18 with ASN1Set

use of org.openecard.bouncycastle.asn1.ASN1Set in project xipki by xipki.

the class CheckCertCmd method execute0.

@Override
protected Object execute0() throws Exception {
    Set<String> issuerNames = qaSystemManager.getIssuerNames();
    if (isEmpty(issuerNames)) {
        throw new IllegalCmdParamException("no issuer is configured");
    }
    if (issuerName == null) {
        if (issuerNames.size() != 1) {
            throw new IllegalCmdParamException("no issuer is specified");
        }
        issuerName = issuerNames.iterator().next();
    }
    if (!issuerNames.contains(issuerName)) {
        throw new IllegalCmdParamException("issuer " + issuerName + " is not within the configured issuers " + issuerNames);
    }
    X509IssuerInfo issuerInfo = qaSystemManager.getIssuer(issuerName);
    X509CertprofileQa qa = qaSystemManager.getCertprofile(profileName);
    if (qa == null) {
        throw new IllegalCmdParamException("found no certificate profile named '" + profileName + "'");
    }
    CertificationRequest csr = CertificationRequest.getInstance(IoUtil.read(csrFile));
    Extensions extensions = null;
    CertificationRequestInfo reqInfo = csr.getCertificationRequestInfo();
    ASN1Set attrs = reqInfo.getAttributes();
    for (int i = 0; i < attrs.size(); i++) {
        Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
        if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
            extensions = Extensions.getInstance(attr.getAttributeValues()[0]);
        }
    }
    byte[] certBytes = IoUtil.read(certFile);
    ValidationResult result = qa.checkCert(certBytes, issuerInfo, reqInfo.getSubject(), reqInfo.getSubjectPublicKeyInfo(), extensions);
    StringBuilder sb = new StringBuilder();
    sb.append(certFile).append(" (certprofile ").append(profileName).append(")\n");
    sb.append("\tcertificate is ");
    sb.append(result.isAllSuccessful() ? "valid" : "invalid");
    if (verbose.booleanValue()) {
        for (ValidationIssue issue : result.getValidationIssues()) {
            sb.append("\n");
            format(issue, "    ", sb);
        }
    }
    println(sb.toString());
    if (!result.isAllSuccessful()) {
        throw new CmdFailure("certificate is invalid");
    }
    return null;
}
Also used : X509CertprofileQa(org.xipki.ca.qa.X509CertprofileQa) CertificationRequestInfo(org.bouncycastle.asn1.pkcs.CertificationRequestInfo) Attribute(org.bouncycastle.asn1.pkcs.Attribute) X509IssuerInfo(org.xipki.ca.qa.X509IssuerInfo) Extensions(org.bouncycastle.asn1.x509.Extensions) ValidationResult(org.xipki.common.qa.ValidationResult) ValidationIssue(org.xipki.common.qa.ValidationIssue) ASN1Set(org.bouncycastle.asn1.ASN1Set) CmdFailure(org.xipki.console.karaf.CmdFailure) IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException) CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest)

Example 19 with ASN1Set

use of org.openecard.bouncycastle.asn1.ASN1Set in project jruby-openssl by jruby.

the class X509Request method initialize.

@JRubyMethod(name = "initialize", rest = true, visibility = Visibility.PRIVATE)
public IRubyObject initialize(final ThreadContext context, final IRubyObject[] args) {
    final Ruby runtime = context.runtime;
    if (Arity.checkArgumentCount(runtime, args, 0, 1) == 0)
        return this;
    try {
        request = new PKCS10Request(StringHelper.readX509PEM(context, args[0]));
    } catch (RuntimeException e) {
        debugStackTrace(runtime, e);
        throw newRequestError(runtime, "invalid certificate request data", e);
    }
    final String algorithm;
    final byte[] encoded;
    try {
        final PublicKey pkey = request.generatePublicKey();
        algorithm = pkey.getAlgorithm();
        encoded = pkey.getEncoded();
    } catch (IOException e) {
        throw newRequestError(runtime, e);
    } catch (GeneralSecurityException e) {
        throw newRequestError(runtime, e);
    }
    final RubyString enc = RubyString.newString(runtime, encoded);
    if ("RSA".equalsIgnoreCase(algorithm)) {
        this.public_key = newPKeyImplInstance(context, "RSA", enc);
    } else if ("DSA".equalsIgnoreCase(algorithm)) {
        this.public_key = newPKeyImplInstance(context, "DSA", enc);
    } else {
        throw runtime.newNotImplementedError("public key algorithm: " + algorithm);
    }
    this.subject = newName(context, request.getSubject());
    final Attribute[] attrs = request.getAttributes();
    try {
        // final RubyModule _ASN1 = _ASN1(runtime);
        if (attrs != null) {
            for (final Attribute attr : attrs) {
                final ASN1ObjectIdentifier type = attr.getAttrType();
                final ASN1Set values = attr.getAttrValues();
                attributes.add(newAttribute(context, type, values));
            }
        }
    } catch (IOException e) {
        throw newRequestError(runtime, e);
    }
    return this;
}
Also used : PKCS10Request(org.jruby.ext.openssl.impl.PKCS10Request) Attribute(org.bouncycastle.asn1.pkcs.Attribute) PublicKey(java.security.PublicKey) GeneralSecurityException(java.security.GeneralSecurityException) RubyString(org.jruby.RubyString) RubyString(org.jruby.RubyString) IOException(java.io.IOException) ASN1Set(org.bouncycastle.asn1.ASN1Set) Ruby(org.jruby.Ruby) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) JRubyMethod(org.jruby.anno.JRubyMethod)

Example 20 with ASN1Set

use of org.openecard.bouncycastle.asn1.ASN1Set in project jruby-openssl by jruby.

the class Envelope method recipientInfosFromASN1Set.

private static Collection<RecipInfo> recipientInfosFromASN1Set(ASN1Encodable content) {
    ASN1Set set = (ASN1Set) content;
    Collection<RecipInfo> result = new ArrayList<RecipInfo>();
    for (Enumeration<?> e = set.getObjects(); e.hasMoreElements(); ) {
        result.add(RecipInfo.fromASN1((ASN1Encodable) e.nextElement()));
    }
    return result;
}
Also used : ASN1Set(org.bouncycastle.asn1.ASN1Set) ArrayList(java.util.ArrayList) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)

Aggregations

ASN1Set (org.bouncycastle.asn1.ASN1Set)41 IOException (java.io.IOException)18 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)14 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)13 ArrayList (java.util.ArrayList)11 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)11 DEROctetString (org.bouncycastle.asn1.DEROctetString)9 Enumeration (java.util.Enumeration)8 List (java.util.List)8 CertificateException (java.security.cert.CertificateException)7 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)7 KeyPair (java.security.KeyPair)6 X509Certificate (java.security.cert.X509Certificate)6 Asn1Integer (com.android.hotspot2.asn1.Asn1Integer)5 Asn1Object (com.android.hotspot2.asn1.Asn1Object)5 Asn1Oid (com.android.hotspot2.asn1.Asn1Oid)5 OidMappings (com.android.hotspot2.asn1.OidMappings)5 ASN1Encodable (com.android.org.bouncycastle.asn1.ASN1Encodable)5 ASN1EncodableVector (com.android.org.bouncycastle.asn1.ASN1EncodableVector)5 ASN1Set (com.android.org.bouncycastle.asn1.ASN1Set)5