Search in sources :

Example 56 with ASN1InputStream

use of org.spongycastle.asn1.ASN1InputStream in project jruby-openssl by jruby.

the class PKey method readPrivateKey.

public static KeyPair readPrivateKey(final byte[] input, final String type) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
    KeySpec pubSpec;
    KeySpec privSpec;
    ASN1Sequence seq = (ASN1Sequence) new ASN1InputStream(input).readObject();
    if (type.equals("RSA")) {
        ASN1Integer mod = (ASN1Integer) seq.getObjectAt(1);
        ASN1Integer pubExp = (ASN1Integer) seq.getObjectAt(2);
        ASN1Integer privExp = (ASN1Integer) seq.getObjectAt(3);
        ASN1Integer p1 = (ASN1Integer) seq.getObjectAt(4);
        ASN1Integer p2 = (ASN1Integer) seq.getObjectAt(5);
        ASN1Integer exp1 = (ASN1Integer) seq.getObjectAt(6);
        ASN1Integer exp2 = (ASN1Integer) seq.getObjectAt(7);
        ASN1Integer crtCoef = (ASN1Integer) seq.getObjectAt(8);
        pubSpec = new RSAPublicKeySpec(mod.getValue(), pubExp.getValue());
        privSpec = new RSAPrivateCrtKeySpec(mod.getValue(), pubExp.getValue(), privExp.getValue(), p1.getValue(), p2.getValue(), exp1.getValue(), exp2.getValue(), crtCoef.getValue());
    } else if (type.equals("DSA")) {
        ASN1Integer p = (ASN1Integer) seq.getObjectAt(1);
        ASN1Integer q = (ASN1Integer) seq.getObjectAt(2);
        ASN1Integer g = (ASN1Integer) seq.getObjectAt(3);
        ASN1Integer y = (ASN1Integer) seq.getObjectAt(4);
        ASN1Integer x = (ASN1Integer) seq.getObjectAt(5);
        privSpec = new DSAPrivateKeySpec(x.getValue(), p.getValue(), q.getValue(), g.getValue());
        pubSpec = new DSAPublicKeySpec(y.getValue(), p.getValue(), q.getValue(), g.getValue());
    } else if (type.equals("ECDSA")) {
        return readECPrivateKey(input);
    } else {
        throw new IllegalStateException("unsupported type: " + type);
    }
    KeyFactory fact = SecurityHelper.getKeyFactory(type);
    return new KeyPair(fact.generatePublic(pubSpec), fact.generatePrivate(privSpec));
}
Also used : DSAPrivateKeySpec(java.security.spec.DSAPrivateKeySpec) RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) KeyPair(java.security.KeyPair) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec) ECPrivateKeySpec(java.security.spec.ECPrivateKeySpec) KeySpec(java.security.spec.KeySpec) DSAPrivateKeySpec(java.security.spec.DSAPrivateKeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec) ECPublicKeySpec(org.bouncycastle.jce.spec.ECPublicKeySpec) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) KeyFactory(java.security.KeyFactory) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)

Example 57 with ASN1InputStream

use of org.spongycastle.asn1.ASN1InputStream in project jruby-openssl by jruby.

the class StoreContext method checkChainExtensions.

/**
 * c: check_chain_extensions
 */
public int checkChainExtensions() throws Exception {
    int ok, must_be_ca;
    X509AuxCertificate x;
    int proxy_path_length = 0;
    int allow_proxy_certs = (verifyParameter.flags & X509Utils.V_FLAG_ALLOW_PROXY_CERTS) != 0 ? 1 : 0;
    must_be_ca = -1;
    try {
        final String allowProxyCerts = System.getenv("OPENSSL_ALLOW_PROXY_CERTS");
        if (allowProxyCerts != null && !"false".equalsIgnoreCase(allowProxyCerts)) {
            allow_proxy_certs = 1;
        }
    } catch (SecurityException e) {
    /* ignore if we can't use System.getenv */
    }
    for (int i = 0; i < lastUntrusted; i++) {
        int ret;
        x = chain.get(i);
        if ((verifyParameter.flags & X509Utils.V_FLAG_IGNORE_CRITICAL) == 0 && unhandledCritical(x)) {
            error = X509Utils.V_ERR_UNHANDLED_CRITICAL_EXTENSION;
            errorDepth = i;
            currentCertificate = x;
            ok = verifyCallback.call(this, ZERO);
            if (ok == 0)
                return ok;
        }
        if (allow_proxy_certs == 0 && x.getExtensionValue("1.3.6.1.5.5.7.1.14") != null) {
            error = X509Utils.V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
            errorDepth = i;
            currentCertificate = x;
            ok = verifyCallback.call(this, ZERO);
            if (ok == 0)
                return ok;
        }
        ret = Purpose.checkCA(x);
        switch(must_be_ca) {
            case -1:
                if ((verifyParameter.flags & X509Utils.V_FLAG_X509_STRICT) != 0 && ret != 1 && ret != 0) {
                    ret = 0;
                    error = X509Utils.V_ERR_INVALID_CA;
                } else {
                    ret = 1;
                }
                break;
            case 0:
                if (ret != 0) {
                    ret = 0;
                    error = X509Utils.V_ERR_INVALID_NON_CA;
                } else {
                    ret = 1;
                }
                break;
            default:
                if (ret == 0 || ((verifyParameter.flags & X509Utils.V_FLAG_X509_STRICT) != 0 && ret != 1)) {
                    ret = 0;
                    error = X509Utils.V_ERR_INVALID_CA;
                } else {
                    ret = 1;
                }
                break;
        }
        if (ret == 0) {
            errorDepth = i;
            currentCertificate = x;
            ok = verifyCallback.call(this, ZERO);
            if (ok == 0)
                return ok;
        }
        if (verifyParameter.purpose > 0) {
            ret = Purpose.checkPurpose(x, verifyParameter.purpose, must_be_ca > 0 ? 1 : 0);
            if (ret == 0 || ((verifyParameter.flags & X509Utils.V_FLAG_X509_STRICT) != 0 && ret != 1)) {
                error = X509Utils.V_ERR_INVALID_PURPOSE;
                errorDepth = i;
                currentCertificate = x;
                ok = verifyCallback.call(this, ZERO);
                if (ok == 0) {
                    return ok;
                }
            }
        }
        if (i > 1 && x.getBasicConstraints() != -1 && x.getBasicConstraints() != Integer.MAX_VALUE && (i > (x.getBasicConstraints() + proxy_path_length + 1))) {
            error = X509Utils.V_ERR_PATH_LENGTH_EXCEEDED;
            errorDepth = i;
            currentCertificate = x;
            ok = verifyCallback.call(this, ZERO);
            if (ok == 0)
                return ok;
        }
        if (x.getExtensionValue("1.3.6.1.5.5.7.1.14") != null) {
            ASN1Sequence pci = (ASN1Sequence) new ASN1InputStream(x.getExtensionValue("1.3.6.1.5.5.7.1.14")).readObject();
            if (pci.size() > 0 && pci.getObjectAt(0) instanceof ASN1Integer) {
                int pcpathlen = ((ASN1Integer) pci.getObjectAt(0)).getValue().intValue();
                if (i > pcpathlen) {
                    error = X509Utils.V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
                    errorDepth = i;
                    currentCertificate = x;
                    ok = verifyCallback.call(this, ZERO);
                    if (ok == 0)
                        return ok;
                }
            }
            proxy_path_length++;
            must_be_ca = 0;
        } else {
            must_be_ca = 1;
        }
    }
    return 1;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) GeneralSecurityException(java.security.GeneralSecurityException) ASN1Integer(org.bouncycastle.asn1.ASN1Integer)

Example 58 with ASN1InputStream

use of org.spongycastle.asn1.ASN1InputStream in project structr by structr.

the class SignedJarBuilder method writeSignatureBlock.

/**
 * Write the certificate file with a digital signature.
 */
private void writeSignatureBlock(final JarOutputStream jos, final CMSTypedData data, final X509Certificate publicKey, final PrivateKey privateKey) throws IOException, CertificateEncodingException, OperatorCreationException, CMSException {
    final List<X509Certificate> certList = new ArrayList<>();
    certList.add(publicKey);
    final JcaCertStore certs = new JcaCertStore(certList);
    final CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
    final ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1with" + privateKey.getAlgorithm()).build(privateKey);
    gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).setDirectSignature(true).build(sha1Signer, publicKey));
    gen.addCertificates(certs);
    final CMSSignedData sigData = gen.generate(data, false);
    final ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded());
    final DEROutputStream dos = new DEROutputStream(jos);
    dos.writeObject(asn1.readObject());
}
Also used : CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) JcaSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ArrayList(java.util.ArrayList) ContentSigner(org.bouncycastle.operator.ContentSigner) JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore) JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder) CMSSignedData(org.bouncycastle.cms.CMSSignedData) X509Certificate(java.security.cert.X509Certificate) DEROutputStream(org.bouncycastle.asn1.DEROutputStream)

Example 59 with ASN1InputStream

use of org.spongycastle.asn1.ASN1InputStream in project walle by Meituan-Dianping.

the class V1SchemeSigner method generateSignatureBlock.

private static byte[] generateSignatureBlock(SignerConfig signerConfig, byte[] signatureFileBytes) throws InvalidKeyException, CertificateEncodingException, SignatureException {
    JcaCertStore certs = new JcaCertStore(signerConfig.certificates);
    X509Certificate signerCert = signerConfig.certificates.get(0);
    String jcaSignatureAlgorithm = getJcaSignatureAlgorithm(signerCert.getPublicKey(), signerConfig.signatureDigestAlgorithm);
    try {
        ContentSigner signer = new JcaContentSignerBuilder(jcaSignatureAlgorithm).build(signerConfig.privateKey);
        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
        gen.addSignerInfoGenerator(new SignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build(), SignerInfoSignatureAlgorithmFinder.INSTANCE).setDirectSignature(true).build(signer, new JcaX509CertificateHolder(signerCert)));
        gen.addCertificates(certs);
        CMSSignedData sigData = gen.generate(new CMSProcessableByteArray(signatureFileBytes), false);
        ByteArrayOutputStream out = new ByteArrayOutputStream();
        try (ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded())) {
            DEROutputStream dos = new DEROutputStream(out);
            dos.writeObject(asn1.readObject());
        }
        return out.toByteArray();
    } catch (OperatorCreationException | CMSException | IOException e) {
        throw new SignatureException("Failed to generate signature", e);
    }
}
Also used : CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator) CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) SignatureException(java.security.SignatureException) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) CMSSignedData(org.bouncycastle.cms.CMSSignedData) X509Certificate(java.security.cert.X509Certificate) SignerInfoGeneratorBuilder(org.bouncycastle.cms.SignerInfoGeneratorBuilder) JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) DEROutputStream(org.bouncycastle.asn1.DEROutputStream) CMSException(org.bouncycastle.cms.CMSException)

Example 60 with ASN1InputStream

use of org.spongycastle.asn1.ASN1InputStream in project atlas by alibaba.

the class LocalSignedJarBuilder method writeSignatureBlock.

/**
     * Write the certificate file with a digital signature.
     */
private void writeSignatureBlock(CMSTypedData data, X509Certificate publicKey, PrivateKey privateKey) throws IOException, CertificateEncodingException, OperatorCreationException, CMSException {
    ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
    certList.add(publicKey);
    JcaCertStore certs = new JcaCertStore(certList);
    CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
    ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1with" + privateKey.getAlgorithm()).build(privateKey);
    gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).setDirectSignature(true).build(sha1Signer, publicKey));
    gen.addCertificates(certs);
    CMSSignedData sigData = gen.generate(data, false);
    ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded());
    DEROutputStream dos = new DEROutputStream(mOutputJar);
    dos.writeObject(asn1.readObject());
    dos.flush();
    dos.close();
    asn1.close();
}
Also used : CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) JcaSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ArrayList(java.util.ArrayList) ContentSigner(org.bouncycastle.operator.ContentSigner) JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore) JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder) CMSSignedData(org.bouncycastle.cms.CMSSignedData) X509Certificate(java.security.cert.X509Certificate) DEROutputStream(org.bouncycastle.asn1.DEROutputStream)

Aggregations

ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)99 IOException (java.io.IOException)81 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)34 ByteArrayInputStream (java.io.ByteArrayInputStream)28 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)22 BigInteger (java.math.BigInteger)20 ASN1InputStream (com.android.org.bouncycastle.asn1.ASN1InputStream)19 CertificateException (java.security.cert.CertificateException)19 X509Certificate (java.security.cert.X509Certificate)19 DEROctetString (org.bouncycastle.asn1.DEROctetString)19 CertificateParsingException (java.security.cert.CertificateParsingException)18 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)17 Enumeration (java.util.Enumeration)17 CertificateEncodingException (java.security.cert.CertificateEncodingException)16 InvalidKeyException (java.security.InvalidKeyException)14 CRLException (java.security.cert.CRLException)14 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)14 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)12 NoSuchProviderException (java.security.NoSuchProviderException)11 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)11