use of org.openecard.bouncycastle.asn1.ASN1Set in project keystore-explorer by kaikramer.
the class Asn1Dump method dumpSetOrSequence.
private String dumpSetOrSequence(ASN1Encodable asn1ConstructedType) throws Asn1Exception, IOException {
StringBuilder sb = new StringBuilder();
sb.append(indentSequence.toString(indentLevel));
Enumeration<?> components;
// Sequence or Set?
if (asn1ConstructedType instanceof ASN1Sequence) {
sb.append("SEQUENCE");
ASN1Sequence sequence = (ASN1Sequence) asn1ConstructedType;
components = sequence.getObjects();
} else {
// == SET
sb.append("SET");
ASN1Set set = (ASN1Set) asn1ConstructedType;
components = set.getObjects();
}
sb.append(NEWLINE);
sb.append(indentSequence.toString(indentLevel));
sb.append("{");
sb.append(NEWLINE);
while (components.hasMoreElements()) {
ASN1Primitive component = (ASN1Primitive) components.nextElement();
sb.append(dump(component));
}
sb.append(indentSequence.toString(indentLevel));
sb.append("}");
sb.append(NEWLINE);
return sb.toString();
}
use of org.openecard.bouncycastle.asn1.ASN1Set in project open-ecard by ecsec.
the class EFCardAccess method decodeSecurityInfos.
/**
* Decode the SecurityInfos.
*/
private void decodeSecurityInfos() {
final ASN1Set securityinfos = sis.getSecurityInfos();
final int length = securityinfos.size();
psi = new PACESecurityInfos();
tsi = new TASecurityInfos();
csi = new CASecurityInfos();
for (int i = 0; i < length; i++) {
ASN1Sequence securityInfo = (ASN1Sequence) securityinfos.getObjectAt(i);
String oid = securityInfo.getObjectAt(0).toString();
// PACEInfo (REQUIRED)
if (PACEInfo.isPACEObjectIdentifer(oid)) {
_logger.debug("Found PACEInfo object identifier");
PACEInfo pi = new PACEInfo(securityInfo);
psi.addPACEInfo(pi);
} else // PACEDoaminParameterInfo (CONDITIONAL)
if (PACEDomainParameterInfo.isPACEObjectIdentifer(oid)) {
_logger.debug("Found PACEDomainParameterInfo object identifier");
PACEDomainParameterInfo pdp = new PACEDomainParameterInfo(securityInfo);
psi.addPACEDomainParameterInfo(pdp);
} else // ChipAuthenticationInfo (CONDITIONAL)
if (CAInfo.isObjectIdentifier(oid)) {
_logger.debug("Found ChipAuthenticationInfo object identifier");
CAInfo ci = new CAInfo(securityInfo);
csi.addCAInfo(ci);
} else // ChipAuthenticationDomainParameterInfo (CONDITIONAL)
if (CADomainParameterInfo.isObjectIdentifier(oid)) {
_logger.debug("Found ChipAuthenticationDomainParameterInfo object identifier");
CADomainParameterInfo cdp = new CADomainParameterInfo(securityInfo);
csi.addCADomainParameterInfo(cdp);
} else // TerminalAuthenticationInfo (CONDITIONAL)
if (EACObjectIdentifier.id_TA.equals(oid)) {
_logger.debug("Found TerminalAuthenticationInfo object identifier");
TAInfo ta = new TAInfo(securityInfo);
tsi.addTAInfo(ta);
} else // CardInfoLocator (RECOMMENDED)
if (EACObjectIdentifier.id_CI.equals(oid)) {
_logger.debug("Found CardInfoLocator object identifier");
cil = CardInfoLocator.getInstance(securityInfo);
} else // PrivilegedTerminalInfo (CONDITIONAL)
if (EACObjectIdentifier.id_PT.equals(oid)) {
_logger.debug("Found PrivilegedTerminalInfo object identifier");
pti = PrivilegedTerminalInfo.getInstance(securityInfo);
} else {
_logger.debug("Found unknown object identifier: {}", oid.toString());
}
}
}
use of org.openecard.bouncycastle.asn1.ASN1Set in project jruby-openssl by jruby.
the class ASN1 method decodeObject.
// ObjectId
static IRubyObject decodeObject(final ThreadContext context, final RubyModule ASN1, final org.bouncycastle.asn1.ASN1Encodable obj) throws IOException, IllegalArgumentException {
final Ruby runtime = context.runtime;
if (obj instanceof ASN1Integer) {
final BN val = BN.newBN(runtime, ((ASN1Integer) obj).getValue());
return ASN1.getClass("Integer").callMethod(context, "new", val);
}
if (obj instanceof DERInteger) {
final BN val = BN.newBN(runtime, ((DERInteger) obj).getValue());
return ASN1.getClass("Integer").callMethod(context, "new", val);
}
if (obj instanceof DERBitString) {
final DERBitString derObj = (DERBitString) obj;
RubyString str = runtime.newString(new ByteList(derObj.getBytes(), false));
IRubyObject bitString = ASN1.getClass("BitString").callMethod(context, "new", str);
bitString.callMethod(context, "unused_bits=", runtime.newFixnum(derObj.getPadBits()));
return bitString;
}
if (obj instanceof ASN1String) {
final Integer typeId = typeId(obj.getClass());
String type = typeId == null ? null : (String) (ASN1_INFO[typeId][2]);
final ByteList bytes;
if (obj instanceof DERUTF8String) {
if (type == null)
type = "UTF8String";
bytes = new ByteList(((DERUTF8String) obj).getString().getBytes("UTF-8"), false);
} else {
if (type == null) {
if (obj instanceof DERNumericString) {
type = "NumericString";
} else if (obj instanceof DERPrintableString) {
type = "PrintableString";
} else if (obj instanceof DERIA5String) {
type = "IA5String";
} else if (obj instanceof DERT61String) {
type = "T61String";
} else if (obj instanceof DERGeneralString) {
type = "GeneralString";
} else if (obj instanceof DERUniversalString) {
type = "UniversalString";
} else if (obj instanceof DERBMPString) {
type = "BMPString";
} else {
// NOTE "VideotexString", "GraphicString", "ISO64String" not-handled in BC !
throw new IllegalArgumentException("could not handle ASN1 string type: " + obj + " (" + obj.getClass().getName() + ")");
}
}
bytes = ByteList.create(((ASN1String) obj).getString());
}
return ASN1.getClass(type).callMethod(context, "new", runtime.newString(bytes));
}
if (obj instanceof ASN1OctetString) {
final ByteList octets = new ByteList(((ASN1OctetString) obj).getOctets(), false);
// final ByteList octets = new ByteList(((ASN1OctetString) obj).getEncoded(ASN1Encoding.DER), false);
return ASN1.getClass("OctetString").callMethod(context, "new", runtime.newString(octets));
}
if (obj instanceof ASN1Null) {
return ASN1.getClass("Null").callMethod(context, "new", runtime.getNil());
}
if (obj instanceof ASN1Boolean) {
final boolean val = ((ASN1Boolean) obj).isTrue();
return ASN1.getClass("Boolean").callMethod(context, "new", runtime.newBoolean(val));
}
// DERBoolean extends ASN1Boolean only since 1.51 (<= 1.50 the other way around)
if (obj instanceof DERBoolean) {
final boolean val = ((DERBoolean) obj).isTrue();
return ASN1.getClass("Boolean").callMethod(context, "new", runtime.newBoolean(val));
}
if (obj instanceof ASN1UTCTime) {
final Date adjustedTime;
try {
adjustedTime = ((ASN1UTCTime) obj).getAdjustedDate();
} catch (ParseException e) {
throw new IOException(e);
}
final RubyTime time = RubyTime.newTime(runtime, adjustedTime.getTime());
return ASN1.getClass("UTCTime").callMethod(context, "new", time);
}
// NOTE: keep for BC versions compatibility ... extends ASN1UTCTime (since BC 1.51)
if (obj instanceof DERUTCTime) {
final Date adjustedTime;
try {
adjustedTime = ((DERUTCTime) obj).getAdjustedDate();
} catch (ParseException e) {
throw new IOException(e);
}
final RubyTime time = RubyTime.newTime(runtime, adjustedTime.getTime());
return ASN1.getClass("UTCTime").callMethod(context, "new", time);
}
if (obj instanceof ASN1GeneralizedTime) {
final Date generalTime;
try {
generalTime = ((ASN1GeneralizedTime) obj).getDate();
} catch (ParseException e) {
throw new IOException(e);
}
final RubyTime time = RubyTime.newTime(runtime, generalTime.getTime());
return ASN1.getClass("GeneralizedTime").callMethod(context, "new", time);
}
// NOTE: keep for BC versions compatibility ... extends ASN1GeneralizedTime (since BC 1.51)
if (obj instanceof DERGeneralizedTime) {
final Date generalTime;
try {
generalTime = ((DERGeneralizedTime) obj).getDate();
} catch (ParseException e) {
throw new IOException(e);
}
final RubyTime time = RubyTime.newTime(runtime, generalTime.getTime());
return ASN1.getClass("GeneralizedTime").callMethod(context, "new", time);
}
if (obj instanceof ASN1ObjectIdentifier) {
final String objId = ((ASN1ObjectIdentifier) obj).getId();
return ASN1.getClass("ObjectId").callMethod(context, "new", runtime.newString(objId));
}
// DERObjectIdentifier extends ASN1ObjectIdentifier = 1.51
if (obj instanceof DERObjectIdentifier) {
final String objId = ((DERObjectIdentifier) obj).getId();
return ASN1.getClass("ObjectId").callMethod(context, "new", runtime.newString(objId));
}
if (obj instanceof ASN1TaggedObject) {
final ASN1TaggedObject taggedObj = (ASN1TaggedObject) obj;
IRubyObject val = decodeObject(context, ASN1, taggedObj.getObject());
IRubyObject tag = runtime.newFixnum(taggedObj.getTagNo());
IRubyObject tag_class = runtime.newSymbol("CONTEXT_SPECIFIC");
final RubyArray valArr = runtime.newArray(val);
return ASN1.getClass("ASN1Data").callMethod(context, "new", new IRubyObject[] { valArr, tag, tag_class });
}
if (obj instanceof DERApplicationSpecific) {
final DERApplicationSpecific appSpecific = (DERApplicationSpecific) obj;
IRubyObject tag = runtime.newFixnum(appSpecific.getApplicationTag());
IRubyObject tag_class = runtime.newSymbol("APPLICATION");
final ASN1Sequence sequence = (ASN1Sequence) appSpecific.getObject(SEQUENCE);
@SuppressWarnings("unchecked") final RubyArray valArr = decodeObjects(context, ASN1, sequence.getObjects());
return ASN1.getClass("ASN1Data").callMethod(context, "new", new IRubyObject[] { valArr, tag, tag_class });
}
if (obj instanceof ASN1Sequence) {
@SuppressWarnings("unchecked") RubyArray arr = decodeObjects(context, ASN1, ((ASN1Sequence) obj).getObjects());
return ASN1.getClass("Sequence").callMethod(context, "new", arr);
}
if (obj instanceof ASN1Set) {
@SuppressWarnings("unchecked") RubyArray arr = decodeObjects(context, ASN1, ((ASN1Set) obj).getObjects());
return ASN1.getClass("Set").callMethod(context, "new", arr);
}
if (obj instanceof ASN1Enumerated) {
final RubyInteger value = RubyBignum.bignorm(runtime, ((ASN1Enumerated) obj).getValue());
return ASN1.getClass("Enumerated").callMethod(context, "new", value);
}
throw new IllegalArgumentException("unable to decode object: " + obj + " (" + (obj == null ? "" : obj.getClass().getName()) + ")");
}
use of org.openecard.bouncycastle.asn1.ASN1Set in project jruby-openssl by jruby.
the class PKCS7 method signatureVerify.
/* c: PKCS7_signatureVerify
*
*/
public void signatureVerify(BIO bio, SignerInfoWithPkey si, X509AuxCertificate x509) throws PKCS7Exception {
if (!isSigned() && !isSignedAndEnveloped()) {
throw new PKCS7Exception(F_PKCS7_SIGNATUREVERIFY, R_WRONG_PKCS7_TYPE);
}
final int md_type = ASN1Registry.oid2nid(si.getDigestAlgorithm().getAlgorithm());
BIO btmp = bio;
MessageDigest mdc = null;
for (; ; ) {
if (btmp == null || (btmp = bio.findType(BIO.TYPE_MD)) == null) {
throw new PKCS7Exception(F_PKCS7_SIGNATUREVERIFY, R_UNABLE_TO_FIND_MESSAGE_DIGEST);
}
mdc = ((MessageDigestBIOFilter) btmp).getMessageDigest();
if (null == mdc) {
throw new PKCS7Exception(F_PKCS7_SIGNATUREVERIFY, -1);
}
if (EVP.type(mdc) == md_type)
break;
btmp = btmp.next();
}
MessageDigest mdc_tmp = null;
try {
mdc_tmp = (MessageDigest) mdc.clone();
} catch (Exception e) {
}
byte[] currentData = new byte[0];
ASN1Set sk = si.getAuthenticatedAttributes();
try {
if (sk != null && sk.size() > 0) {
byte[] md_dat = mdc_tmp.digest();
ASN1OctetString message_digest = digestFromAttributes(sk);
if (message_digest == null) {
throw new PKCS7Exception(F_PKCS7_SIGNATUREVERIFY, R_UNABLE_TO_FIND_MESSAGE_DIGEST);
}
if (!Arrays.equals(md_dat, message_digest.getOctets())) {
throw new NotVerifiedPKCS7Exception();
}
currentData = sk.getEncoded();
}
ASN1OctetString os = si.getEncryptedDigest();
PublicKey pkey = x509.getPublicKey();
Signature sign = SecurityHelper.getSignature(EVP.signatureAlgorithm(mdc_tmp, pkey));
sign.initVerify(pkey);
if (currentData.length > 0) {
sign.update(currentData);
}
if (!sign.verify(os.getOctets())) {
throw new NotVerifiedPKCS7Exception();
}
} catch (NotVerifiedPKCS7Exception e) {
throw e;
} catch (Exception e) {
System.err.println("Other exception");
e.printStackTrace(System.err);
throw new NotVerifiedPKCS7Exception();
}
}
use of org.openecard.bouncycastle.asn1.ASN1Set in project jruby-openssl by jruby.
the class PKCS7 method dataFinal.
/**
* c: PKCS7_dataFinal
*/
public int dataFinal(BIO bio) throws PKCS7Exception {
Collection<SignerInfoWithPkey> siSk = null;
BIO btmp;
byte[] buf;
MessageDigest mdc = null;
MessageDigest ctx_tmp = null;
ASN1Set sk;
int i = this.data.getType();
switch(i) {
case ASN1Registry.NID_pkcs7_signedAndEnveloped:
siSk = getSignedAndEnveloped().getSignerInfo();
break;
case ASN1Registry.NID_pkcs7_signed:
siSk = getSign().getSignerInfo();
break;
case ASN1Registry.NID_pkcs7_digest:
break;
default:
break;
}
if (siSk != null) {
for (SignerInfoWithPkey si : siSk) {
if (si.getPkey() == null) {
continue;
}
int j = ASN1Registry.oid2nid(si.getDigestAlgorithm().getAlgorithm());
btmp = bio;
MessageDigest[] _mdc = new MessageDigest[] { mdc };
btmp = findDigest(_mdc, btmp, j);
mdc = _mdc[0];
if (btmp == null) {
return 0;
}
try {
ctx_tmp = (MessageDigest) mdc.clone();
} catch (CloneNotSupportedException e) {
throw new RuntimeException(e);
}
sk = si.getAuthenticatedAttributes();
Signature sign = null;
try {
if (sk != null && sk.size() > 0) {
/* Add signing time if not already present */
if (null == si.getSignedAttribute(ASN1Registry.NID_pkcs9_signingTime)) {
DERUTCTime signTime = new DERUTCTime(Calendar.getInstance(TimeZone.getTimeZone("UTC")).getTime());
si.addSignedAttribute(ASN1Registry.NID_pkcs9_signingTime, signTime);
}
byte[] md_data = ctx_tmp.digest();
ASN1OctetString digest = new DEROctetString(md_data);
si.addSignedAttribute(ASN1Registry.NID_pkcs9_messageDigest, digest);
sk = si.getAuthenticatedAttributes();
sign = SecurityHelper.getSignature(EVP.signatureAlgorithm(ctx_tmp, si.getPkey()));
sign.initSign(si.getPkey());
byte[] abuf = sk.getEncoded();
sign.update(abuf);
}
if (sign != null) {
byte[] out = sign.sign();
si.setEncryptedDigest(new DEROctetString(out));
}
} catch (Exception e) {
throw new PKCS7Exception(F_PKCS7_DATAFINAL, -1, e);
}
}
} else if (i == ASN1Registry.NID_pkcs7_digest) {
int nid = ASN1Registry.oid2nid(getDigest().getMd().getAlgorithm());
MessageDigest[] _mdc = new MessageDigest[] { mdc };
bio = findDigest(_mdc, bio, nid);
mdc = _mdc[0];
byte[] md_data = mdc.digest();
ASN1OctetString digest = new DEROctetString(md_data);
getDigest().setDigest(digest);
}
if (!isDetached()) {
btmp = bio.findType(BIO.TYPE_MEM);
if (null == btmp) {
throw new PKCS7Exception(F_PKCS7_DATAFINAL, R_UNABLE_TO_FIND_MEM_BIO);
}
buf = ((MemBIO) btmp).getMemCopy();
switch(i) {
case ASN1Registry.NID_pkcs7_signedAndEnveloped:
getSignedAndEnveloped().getEncData().setEncData(new DEROctetString(buf));
break;
case ASN1Registry.NID_pkcs7_enveloped:
getEnveloped().getEncData().setEncData(new DEROctetString(buf));
break;
case ASN1Registry.NID_pkcs7_signed:
if (getSign().getContents().isData() && getDetached() != 0) {
getSign().getContents().setData(null);
} else {
getSign().getContents().setData(new DEROctetString(buf));
}
break;
case ASN1Registry.NID_pkcs7_digest:
if (getDigest().getContents().isData() && getDetached() != 0) {
getDigest().getContents().setData(null);
} else {
getDigest().getContents().setData(new DEROctetString(buf));
}
break;
}
}
return 1;
}
Aggregations