Example 11 with AttributeTypeAndValue
use of org.openecard.bouncycastle.asn1.x500.AttributeTypeAndValue in project open-ecard by ecsec.
the class ListCertificates method getUniqueIdentifier.
private String getUniqueIdentifier(X509Certificate cert) {
// try to get SERIALNUMBER from subject
X500Name sub = X500Name.getInstance(cert.getSubjectX500Principal().getEncoded());
RDN[] serials = sub.getRDNs(BCStyle.SERIALNUMBER);
if (serials.length >= 1) {
AttributeTypeAndValue serialValueType = serials[0].getFirst();
ASN1Encodable serialValue = serialValueType.getValue();
if (ASN1String.class.isInstance(serialValue)) {
return ASN1String.class.cast(serialValue).getString();
}
}
// no SERIALNUMBER, hash subject and cross fingers that this is unique across replacement cards
try {
SHA256Digest digest = new SHA256Digest();
byte[] subData = sub.getEncoded();
digest.update(subData, 0, subData.length);
byte[] hashResult = new byte[digest.getDigestSize()];
digest.doFinal(hashResult, 0);
String hashedSub = ByteUtils.toWebSafeBase64String(hashResult);
return hashedSub;
} catch (IOException ex) {
throw new RuntimeException("Failed to encode subject.", ex);
}
}
Also used :
SHA256Digest(org.openecard.bouncycastle.crypto.digests.SHA256Digest)
X500Name(org.openecard.bouncycastle.asn1.x500.X500Name)
ASN1Encodable(org.openecard.bouncycastle.asn1.ASN1Encodable)
ASN1String(org.openecard.bouncycastle.asn1.ASN1String)
ASN1String(org.openecard.bouncycastle.asn1.ASN1String)
ASN1OctetString(org.openecard.bouncycastle.asn1.ASN1OctetString)
IOException(java.io.IOException)
RDN(org.openecard.bouncycastle.asn1.x500.RDN)
AttributeTypeAndValue(org.openecard.bouncycastle.asn1.x500.AttributeTypeAndValue)
Example 12 with AttributeTypeAndValue
use of org.openecard.bouncycastle.asn1.x500.AttributeTypeAndValue in project jruby-openssl by jruby.
the class X509Name method fromRDNElement.
private void fromRDNElement(final RDN rdn) {
final Ruby runtime = getRuntime();
for (AttributeTypeAndValue tv : rdn.getTypesAndValues()) {
oids.add(tv.getType());
final ASN1Encodable val = tv.getValue();
addValue(val);
addType(runtime, val);
}
}
Also used :
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Ruby(org.jruby.Ruby)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
Example 13 with AttributeTypeAndValue
use of org.openecard.bouncycastle.asn1.x500.AttributeTypeAndValue in project j2objc by google.
the class DNParser method parse.
/**
* Parses DN
*
* @return a list of Relative Distinguished Names(RDN),
* each RDN is represented as a list of AttributeTypeAndValue objects
*/
public List<List<AttributeTypeAndValue>> parse() throws IOException {
List<List<AttributeTypeAndValue>> list = new ArrayList<List<AttributeTypeAndValue>>();
String attType = nextAT();
if (attType == null) {
//empty list of RDNs
return list;
}
ObjectIdentifier oid = AttributeTypeAndValue.getObjectIdentifier(attType);
List<AttributeTypeAndValue> atav = new ArrayList<AttributeTypeAndValue>();
while (true) {
if (pos == chars.length) {
//empty Attribute Value
atav.add(new AttributeTypeAndValue(oid, new AttributeValue("", false, oid)));
list.add(0, atav);
return list;
}
switch(chars[pos]) {
case '"':
atav.add(new AttributeTypeAndValue(oid, new AttributeValue(quotedAV(), hasQE, oid)));
break;
case '#':
atav.add(new AttributeTypeAndValue(oid, new AttributeValue(hexAV(), encoded)));
break;
case '+':
case ',':
case // compatibility with RFC 1779: semicolon can separate RDNs
';':
//empty attribute value
atav.add(new AttributeTypeAndValue(oid, new AttributeValue("", false, oid)));
break;
default:
atav.add(new AttributeTypeAndValue(oid, new AttributeValue(escapedAV(), hasQE, oid)));
}
if (pos >= chars.length) {
list.add(0, atav);
return list;
}
if (chars[pos] == ',' || chars[pos] == ';') {
list.add(0, atav);
atav = new ArrayList<AttributeTypeAndValue>();
} else if (chars[pos] != '+') {
throw new IOException("Invalid distinguished name string");
}
pos++;
attType = nextAT();
if (attType == null) {
throw new IOException("Invalid distinguished name string");
}
oid = AttributeTypeAndValue.getObjectIdentifier(attType);
}
}
Also used :
AttributeValue(org.apache.harmony.security.x501.AttributeValue)
ArrayList(java.util.ArrayList)
List(java.util.List)
ArrayList(java.util.ArrayList)
IOException(java.io.IOException)
AttributeTypeAndValue(org.apache.harmony.security.x501.AttributeTypeAndValue)
ObjectIdentifier(org.apache.harmony.security.utils.ObjectIdentifier)
Example 14 with AttributeTypeAndValue
use of org.openecard.bouncycastle.asn1.x500.AttributeTypeAndValue in project XobotOS by xamarin.
the class JarUtils method verifySignature.
/**
* This method handle all the work with PKCS7, ASN1 encoding, signature verifying,
* and certification path building.
* See also PKCS #7: Cryptographic Message Syntax Standard:
* http://www.ietf.org/rfc/rfc2315.txt
* @param signature - the input stream of signature file to be verified
* @param signatureBlock - the input stream of corresponding signature block file
* @return array of certificates used to verify the signature file
* @throws IOException - if some errors occurs during reading from the stream
* @throws GeneralSecurityException - if signature verification process fails
*/
public static Certificate[] verifySignature(InputStream signature, InputStream signatureBlock) throws IOException, GeneralSecurityException {
BerInputStream bis = new BerInputStream(signatureBlock);
ContentInfo info = (ContentInfo) ContentInfo.ASN1.decode(bis);
SignedData signedData = info.getSignedData();
if (signedData == null) {
throw new IOException("No SignedData found");
}
Collection<org.apache.harmony.security.x509.Certificate> encCerts = signedData.getCertificates();
if (encCerts.isEmpty()) {
return null;
}
X509Certificate[] certs = new X509Certificate[encCerts.size()];
int i = 0;
for (org.apache.harmony.security.x509.Certificate encCert : encCerts) {
certs[i++] = new X509CertImpl(encCert);
}
List<SignerInfo> sigInfos = signedData.getSignerInfos();
SignerInfo sigInfo;
if (!sigInfos.isEmpty()) {
sigInfo = sigInfos.get(0);
} else {
return null;
}
// Issuer
X500Principal issuer = sigInfo.getIssuer();
// Certificate serial number
BigInteger snum = sigInfo.getSerialNumber();
// Locate the certificate
int issuerSertIndex = 0;
for (i = 0; i < certs.length; i++) {
if (issuer.equals(certs[i].getIssuerDN()) && snum.equals(certs[i].getSerialNumber())) {
issuerSertIndex = i;
break;
}
}
if (i == certs.length) {
// No issuer certificate found
return null;
}
if (certs[issuerSertIndex].hasUnsupportedCriticalExtension()) {
throw new SecurityException("Can not recognize a critical extension");
}
// Get Signature instance
Signature sig = null;
String da = sigInfo.getDigestAlgorithm();
String dea = sigInfo.getDigestEncryptionAlgorithm();
String alg = null;
if (da != null && dea != null) {
alg = da + "with" + dea;
try {
sig = OpenSSLSignature.getInstance(alg);
} catch (NoSuchAlgorithmException e) {
}
}
if (sig == null) {
alg = da;
if (alg == null) {
return null;
}
try {
sig = OpenSSLSignature.getInstance(alg);
} catch (NoSuchAlgorithmException e) {
return null;
}
}
sig.initVerify(certs[issuerSertIndex]);
// If the authenticatedAttributes field of SignerInfo contains more than zero attributes,
// compute the message digest on the ASN.1 DER encoding of the Attributes value.
// Otherwise, compute the message digest on the data.
List<AttributeTypeAndValue> atr = sigInfo.getAuthenticatedAttributes();
byte[] sfBytes = new byte[signature.available()];
signature.read(sfBytes);
if (atr == null) {
sig.update(sfBytes);
} else {
sig.update(sigInfo.getEncodedAuthenticatedAttributes());
// If the authenticatedAttributes field contains the message-digest attribute,
// verify that it equals the computed digest of the signature file
byte[] existingDigest = null;
for (AttributeTypeAndValue a : atr) {
if (Arrays.equals(a.getType().getOid(), MESSAGE_DIGEST_OID)) {
//TODO value existingDigest = a.AttributeValue;
}
}
if (existingDigest != null) {
MessageDigest md = MessageDigest.getInstance(sigInfo.getDigestAlgorithm());
byte[] computedDigest = md.digest(sfBytes);
if (!Arrays.equals(existingDigest, computedDigest)) {
throw new SecurityException("Incorrect MD");
}
}
}
if (!sig.verify(sigInfo.getEncryptedDigest())) {
throw new SecurityException("Incorrect signature");
}
return createChain(certs[issuerSertIndex], certs);
}
Also used :
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ContentInfo(org.apache.harmony.security.pkcs7.ContentInfo)
X509CertImpl(org.apache.harmony.security.provider.cert.X509CertImpl)
BerInputStream(org.apache.harmony.security.asn1.BerInputStream)
MessageDigest(java.security.MessageDigest)
SignedData(org.apache.harmony.security.pkcs7.SignedData)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
AttributeTypeAndValue(org.apache.harmony.security.x501.AttributeTypeAndValue)
SignerInfo(org.apache.harmony.security.pkcs7.SignerInfo)
Signature(java.security.Signature)
OpenSSLSignature(org.apache.harmony.xnet.provider.jsse.OpenSSLSignature)
X500Principal(javax.security.auth.x500.X500Principal)
BigInteger(java.math.BigInteger)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 15 with AttributeTypeAndValue
use of org.openecard.bouncycastle.asn1.x500.AttributeTypeAndValue in project jmeter by apache.
the class SMIMEAssertion method getEmailFromCert.
/**
* Extract email addresses from a certificate
*
* @param cert the X509 certificate holder
* @return a List of all email addresses found
* @throws CertificateException
*/
private static List<String> getEmailFromCert(X509CertificateHolder cert) throws CertificateException {
List<String> res = new ArrayList<>();
X500Name subject = cert.getSubject();
for (RDN emails : subject.getRDNs(BCStyle.EmailAddress)) {
for (AttributeTypeAndValue emailAttr : emails.getTypesAndValues()) {
if (log.isDebugEnabled()) {
log.debug("Add email from RDN: {}", IETFUtils.valueToString(emailAttr.getValue()));
}
res.add(IETFUtils.valueToString(emailAttr.getValue()));
}
}
Extension subjectAlternativeNames = cert.getExtension(Extension.subjectAlternativeName);
if (subjectAlternativeNames != null) {
for (GeneralName name : GeneralNames.getInstance(subjectAlternativeNames.getParsedValue()).getNames()) {
if (name.getTagNo() == GeneralName.rfc822Name) {
String email = IETFUtils.valueToString(name.getName());
log.debug("Add email from subjectAlternativeName: {}", email);
res.add(email);
}
}
}
return res;
}
Also used :
Extension(org.bouncycastle.asn1.x509.Extension)
ArrayList(java.util.ArrayList)
X500Name(org.bouncycastle.asn1.x500.X500Name)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
RDN(org.bouncycastle.asn1.x500.RDN)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
Aggregations
AttributeTypeAndValue (org.bouncycastle.asn1.x500.AttributeTypeAndValue)13
RDN (org.bouncycastle.asn1.x500.RDN)12
IOException (java.io.IOException)8
ArrayList (java.util.ArrayList)8
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)7
X500Name (org.bouncycastle.asn1.x500.X500Name)7
AttributeTypeAndValue (org.apache.harmony.security.x501.AttributeTypeAndValue)6
BigInteger (java.math.BigInteger)5
List (java.util.List)5
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)5
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)5
GeneralSecurityException (java.security.GeneralSecurityException)3
MessageDigest (java.security.MessageDigest)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
Signature (java.security.Signature)3
Certificate (java.security.cert.Certificate)3
X509Certificate (java.security.cert.X509Certificate)3
LinkedList (java.util.LinkedList)3
X500Principal (javax.security.auth.x500.X500Principal)3
BerInputStream (org.apache.harmony.security.asn1.BerInputStream)3
