Search in sources :

Example 11 with AttributeTypeAndValue

use of org.openecard.bouncycastle.asn1.x500.AttributeTypeAndValue in project open-ecard by ecsec.

the class ListCertificates method getUniqueIdentifier.

private String getUniqueIdentifier(X509Certificate cert) {
    // try to get SERIALNUMBER from subject
    X500Name sub = X500Name.getInstance(cert.getSubjectX500Principal().getEncoded());
    RDN[] serials = sub.getRDNs(BCStyle.SERIALNUMBER);
    if (serials.length >= 1) {
        AttributeTypeAndValue serialValueType = serials[0].getFirst();
        ASN1Encodable serialValue = serialValueType.getValue();
        if (ASN1String.class.isInstance(serialValue)) {
            return ASN1String.class.cast(serialValue).getString();
        }
    }
    // no SERIALNUMBER, hash subject and cross fingers that this is unique across replacement cards
    try {
        SHA256Digest digest = new SHA256Digest();
        byte[] subData = sub.getEncoded();
        digest.update(subData, 0, subData.length);
        byte[] hashResult = new byte[digest.getDigestSize()];
        digest.doFinal(hashResult, 0);
        String hashedSub = ByteUtils.toWebSafeBase64String(hashResult);
        return hashedSub;
    } catch (IOException ex) {
        throw new RuntimeException("Failed to encode subject.", ex);
    }
}
Also used : SHA256Digest(org.openecard.bouncycastle.crypto.digests.SHA256Digest) X500Name(org.openecard.bouncycastle.asn1.x500.X500Name) ASN1Encodable(org.openecard.bouncycastle.asn1.ASN1Encodable) ASN1String(org.openecard.bouncycastle.asn1.ASN1String) ASN1String(org.openecard.bouncycastle.asn1.ASN1String) ASN1OctetString(org.openecard.bouncycastle.asn1.ASN1OctetString) IOException(java.io.IOException) RDN(org.openecard.bouncycastle.asn1.x500.RDN) AttributeTypeAndValue(org.openecard.bouncycastle.asn1.x500.AttributeTypeAndValue)

Example 12 with AttributeTypeAndValue

use of org.openecard.bouncycastle.asn1.x500.AttributeTypeAndValue in project jruby-openssl by jruby.

the class X509Name method fromRDNElement.

private void fromRDNElement(final RDN rdn) {
    final Ruby runtime = getRuntime();
    for (AttributeTypeAndValue tv : rdn.getTypesAndValues()) {
        oids.add(tv.getType());
        final ASN1Encodable val = tv.getValue();
        addValue(val);
        addType(runtime, val);
    }
}
Also used : ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) Ruby(org.jruby.Ruby) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)

Example 13 with AttributeTypeAndValue

use of org.openecard.bouncycastle.asn1.x500.AttributeTypeAndValue in project j2objc by google.

the class DNParser method parse.

/**
     * Parses DN
     *
     * @return a list of Relative Distinguished Names(RDN),
     *         each RDN is represented as a list of AttributeTypeAndValue objects
     */
public List<List<AttributeTypeAndValue>> parse() throws IOException {
    List<List<AttributeTypeAndValue>> list = new ArrayList<List<AttributeTypeAndValue>>();
    String attType = nextAT();
    if (attType == null) {
        //empty list of RDNs
        return list;
    }
    ObjectIdentifier oid = AttributeTypeAndValue.getObjectIdentifier(attType);
    List<AttributeTypeAndValue> atav = new ArrayList<AttributeTypeAndValue>();
    while (true) {
        if (pos == chars.length) {
            //empty Attribute Value
            atav.add(new AttributeTypeAndValue(oid, new AttributeValue("", false, oid)));
            list.add(0, atav);
            return list;
        }
        switch(chars[pos]) {
            case '"':
                atav.add(new AttributeTypeAndValue(oid, new AttributeValue(quotedAV(), hasQE, oid)));
                break;
            case '#':
                atav.add(new AttributeTypeAndValue(oid, new AttributeValue(hexAV(), encoded)));
                break;
            case '+':
            case ',':
            case // compatibility with RFC 1779: semicolon can separate RDNs
            ';':
                //empty attribute value
                atav.add(new AttributeTypeAndValue(oid, new AttributeValue("", false, oid)));
                break;
            default:
                atav.add(new AttributeTypeAndValue(oid, new AttributeValue(escapedAV(), hasQE, oid)));
        }
        if (pos >= chars.length) {
            list.add(0, atav);
            return list;
        }
        if (chars[pos] == ',' || chars[pos] == ';') {
            list.add(0, atav);
            atav = new ArrayList<AttributeTypeAndValue>();
        } else if (chars[pos] != '+') {
            throw new IOException("Invalid distinguished name string");
        }
        pos++;
        attType = nextAT();
        if (attType == null) {
            throw new IOException("Invalid distinguished name string");
        }
        oid = AttributeTypeAndValue.getObjectIdentifier(attType);
    }
}
Also used : AttributeValue(org.apache.harmony.security.x501.AttributeValue) ArrayList(java.util.ArrayList) List(java.util.List) ArrayList(java.util.ArrayList) IOException(java.io.IOException) AttributeTypeAndValue(org.apache.harmony.security.x501.AttributeTypeAndValue) ObjectIdentifier(org.apache.harmony.security.utils.ObjectIdentifier)

Example 14 with AttributeTypeAndValue

use of org.openecard.bouncycastle.asn1.x500.AttributeTypeAndValue in project XobotOS by xamarin.

the class JarUtils method verifySignature.

/**
     * This method handle all the work with  PKCS7, ASN1 encoding, signature verifying,
     * and certification path building.
     * See also PKCS #7: Cryptographic Message Syntax Standard:
     * http://www.ietf.org/rfc/rfc2315.txt
     * @param signature - the input stream of signature file to be verified
     * @param signatureBlock - the input stream of corresponding signature block file
     * @return array of certificates used to verify the signature file
     * @throws IOException - if some errors occurs during reading from the stream
     * @throws GeneralSecurityException - if signature verification process fails
     */
public static Certificate[] verifySignature(InputStream signature, InputStream signatureBlock) throws IOException, GeneralSecurityException {
    BerInputStream bis = new BerInputStream(signatureBlock);
    ContentInfo info = (ContentInfo) ContentInfo.ASN1.decode(bis);
    SignedData signedData = info.getSignedData();
    if (signedData == null) {
        throw new IOException("No SignedData found");
    }
    Collection<org.apache.harmony.security.x509.Certificate> encCerts = signedData.getCertificates();
    if (encCerts.isEmpty()) {
        return null;
    }
    X509Certificate[] certs = new X509Certificate[encCerts.size()];
    int i = 0;
    for (org.apache.harmony.security.x509.Certificate encCert : encCerts) {
        certs[i++] = new X509CertImpl(encCert);
    }
    List<SignerInfo> sigInfos = signedData.getSignerInfos();
    SignerInfo sigInfo;
    if (!sigInfos.isEmpty()) {
        sigInfo = sigInfos.get(0);
    } else {
        return null;
    }
    // Issuer
    X500Principal issuer = sigInfo.getIssuer();
    // Certificate serial number
    BigInteger snum = sigInfo.getSerialNumber();
    // Locate the certificate
    int issuerSertIndex = 0;
    for (i = 0; i < certs.length; i++) {
        if (issuer.equals(certs[i].getIssuerDN()) && snum.equals(certs[i].getSerialNumber())) {
            issuerSertIndex = i;
            break;
        }
    }
    if (i == certs.length) {
        // No issuer certificate found
        return null;
    }
    if (certs[issuerSertIndex].hasUnsupportedCriticalExtension()) {
        throw new SecurityException("Can not recognize a critical extension");
    }
    // Get Signature instance
    Signature sig = null;
    String da = sigInfo.getDigestAlgorithm();
    String dea = sigInfo.getDigestEncryptionAlgorithm();
    String alg = null;
    if (da != null && dea != null) {
        alg = da + "with" + dea;
        try {
            sig = OpenSSLSignature.getInstance(alg);
        } catch (NoSuchAlgorithmException e) {
        }
    }
    if (sig == null) {
        alg = da;
        if (alg == null) {
            return null;
        }
        try {
            sig = OpenSSLSignature.getInstance(alg);
        } catch (NoSuchAlgorithmException e) {
            return null;
        }
    }
    sig.initVerify(certs[issuerSertIndex]);
    // If the authenticatedAttributes field of SignerInfo contains more than zero attributes,
    // compute the message digest on the ASN.1 DER encoding of the Attributes value.
    // Otherwise, compute the message digest on the data.
    List<AttributeTypeAndValue> atr = sigInfo.getAuthenticatedAttributes();
    byte[] sfBytes = new byte[signature.available()];
    signature.read(sfBytes);
    if (atr == null) {
        sig.update(sfBytes);
    } else {
        sig.update(sigInfo.getEncodedAuthenticatedAttributes());
        // If the authenticatedAttributes field contains the message-digest attribute,
        // verify that it equals the computed digest of the signature file
        byte[] existingDigest = null;
        for (AttributeTypeAndValue a : atr) {
            if (Arrays.equals(a.getType().getOid(), MESSAGE_DIGEST_OID)) {
            //TODO value                    existingDigest = a.AttributeValue;
            }
        }
        if (existingDigest != null) {
            MessageDigest md = MessageDigest.getInstance(sigInfo.getDigestAlgorithm());
            byte[] computedDigest = md.digest(sfBytes);
            if (!Arrays.equals(existingDigest, computedDigest)) {
                throw new SecurityException("Incorrect MD");
            }
        }
    }
    if (!sig.verify(sigInfo.getEncryptedDigest())) {
        throw new SecurityException("Incorrect signature");
    }
    return createChain(certs[issuerSertIndex], certs);
}
Also used : NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ContentInfo(org.apache.harmony.security.pkcs7.ContentInfo) X509CertImpl(org.apache.harmony.security.provider.cert.X509CertImpl) BerInputStream(org.apache.harmony.security.asn1.BerInputStream) MessageDigest(java.security.MessageDigest) SignedData(org.apache.harmony.security.pkcs7.SignedData) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) AttributeTypeAndValue(org.apache.harmony.security.x501.AttributeTypeAndValue) SignerInfo(org.apache.harmony.security.pkcs7.SignerInfo) Signature(java.security.Signature) OpenSSLSignature(org.apache.harmony.xnet.provider.jsse.OpenSSLSignature) X500Principal(javax.security.auth.x500.X500Principal) BigInteger(java.math.BigInteger) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 15 with AttributeTypeAndValue

use of org.openecard.bouncycastle.asn1.x500.AttributeTypeAndValue in project jmeter by apache.

the class SMIMEAssertion method getEmailFromCert.

/**
     * Extract email addresses from a certificate
     * 
     * @param cert the X509 certificate holder
     * @return a List of all email addresses found
     * @throws CertificateException
     */
private static List<String> getEmailFromCert(X509CertificateHolder cert) throws CertificateException {
    List<String> res = new ArrayList<>();
    X500Name subject = cert.getSubject();
    for (RDN emails : subject.getRDNs(BCStyle.EmailAddress)) {
        for (AttributeTypeAndValue emailAttr : emails.getTypesAndValues()) {
            if (log.isDebugEnabled()) {
                log.debug("Add email from RDN: {}", IETFUtils.valueToString(emailAttr.getValue()));
            }
            res.add(IETFUtils.valueToString(emailAttr.getValue()));
        }
    }
    Extension subjectAlternativeNames = cert.getExtension(Extension.subjectAlternativeName);
    if (subjectAlternativeNames != null) {
        for (GeneralName name : GeneralNames.getInstance(subjectAlternativeNames.getParsedValue()).getNames()) {
            if (name.getTagNo() == GeneralName.rfc822Name) {
                String email = IETFUtils.valueToString(name.getName());
                log.debug("Add email from subjectAlternativeName: {}", email);
                res.add(email);
            }
        }
    }
    return res;
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) ArrayList(java.util.ArrayList) X500Name(org.bouncycastle.asn1.x500.X500Name) GeneralName(org.bouncycastle.asn1.x509.GeneralName) RDN(org.bouncycastle.asn1.x500.RDN) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)

Aggregations

AttributeTypeAndValue (org.bouncycastle.asn1.x500.AttributeTypeAndValue)13 RDN (org.bouncycastle.asn1.x500.RDN)12 IOException (java.io.IOException)8 ArrayList (java.util.ArrayList)8 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)7 X500Name (org.bouncycastle.asn1.x500.X500Name)7 AttributeTypeAndValue (org.apache.harmony.security.x501.AttributeTypeAndValue)6 BigInteger (java.math.BigInteger)5 List (java.util.List)5 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)5 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)5 GeneralSecurityException (java.security.GeneralSecurityException)3 MessageDigest (java.security.MessageDigest)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 Signature (java.security.Signature)3 Certificate (java.security.cert.Certificate)3 X509Certificate (java.security.cert.X509Certificate)3 LinkedList (java.util.LinkedList)3 X500Principal (javax.security.auth.x500.X500Principal)3 BerInputStream (org.apache.harmony.security.asn1.BerInputStream)3