Example 71 with ASN1Integer
use of org.spongycastle.asn1.ASN1Integer in project jruby-openssl by jruby.
the class StoreContext method checkChainExtensions.
/**
* c: check_chain_extensions
*/
public int checkChainExtensions() throws Exception {
int ok, must_be_ca;
X509AuxCertificate x;
int proxy_path_length = 0;
int allow_proxy_certs = (verifyParameter.flags & X509Utils.V_FLAG_ALLOW_PROXY_CERTS) != 0 ? 1 : 0;
must_be_ca = -1;
try {
final String allowProxyCerts = System.getenv("OPENSSL_ALLOW_PROXY_CERTS");
if (allowProxyCerts != null && !"false".equalsIgnoreCase(allowProxyCerts)) {
allow_proxy_certs = 1;
}
} catch (SecurityException e) {
/* ignore if we can't use System.getenv */
}
for (int i = 0; i < lastUntrusted; i++) {
int ret;
x = chain.get(i);
if ((verifyParameter.flags & X509Utils.V_FLAG_IGNORE_CRITICAL) == 0 && unhandledCritical(x)) {
error = X509Utils.V_ERR_UNHANDLED_CRITICAL_EXTENSION;
errorDepth = i;
currentCertificate = x;
ok = verifyCallback.call(this, ZERO);
if (ok == 0)
return ok;
}
if (allow_proxy_certs == 0 && x.getExtensionValue("1.3.6.1.5.5.7.1.14") != null) {
error = X509Utils.V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
errorDepth = i;
currentCertificate = x;
ok = verifyCallback.call(this, ZERO);
if (ok == 0)
return ok;
}
ret = Purpose.checkCA(x);
switch(must_be_ca) {
case -1:
if ((verifyParameter.flags & X509Utils.V_FLAG_X509_STRICT) != 0 && ret != 1 && ret != 0) {
ret = 0;
error = X509Utils.V_ERR_INVALID_CA;
} else {
ret = 1;
}
break;
case 0:
if (ret != 0) {
ret = 0;
error = X509Utils.V_ERR_INVALID_NON_CA;
} else {
ret = 1;
}
break;
default:
if (ret == 0 || ((verifyParameter.flags & X509Utils.V_FLAG_X509_STRICT) != 0 && ret != 1)) {
ret = 0;
error = X509Utils.V_ERR_INVALID_CA;
} else {
ret = 1;
}
break;
}
if (ret == 0) {
errorDepth = i;
currentCertificate = x;
ok = verifyCallback.call(this, ZERO);
if (ok == 0)
return ok;
}
if (verifyParameter.purpose > 0) {
ret = Purpose.checkPurpose(x, verifyParameter.purpose, must_be_ca > 0 ? 1 : 0);
if (ret == 0 || ((verifyParameter.flags & X509Utils.V_FLAG_X509_STRICT) != 0 && ret != 1)) {
error = X509Utils.V_ERR_INVALID_PURPOSE;
errorDepth = i;
currentCertificate = x;
ok = verifyCallback.call(this, ZERO);
if (ok == 0) {
return ok;
}
}
}
if (i > 1 && x.getBasicConstraints() != -1 && x.getBasicConstraints() != Integer.MAX_VALUE && (i > (x.getBasicConstraints() + proxy_path_length + 1))) {
error = X509Utils.V_ERR_PATH_LENGTH_EXCEEDED;
errorDepth = i;
currentCertificate = x;
ok = verifyCallback.call(this, ZERO);
if (ok == 0)
return ok;
}
if (x.getExtensionValue("1.3.6.1.5.5.7.1.14") != null) {
ASN1Sequence pci = (ASN1Sequence) new ASN1InputStream(x.getExtensionValue("1.3.6.1.5.5.7.1.14")).readObject();
if (pci.size() > 0 && pci.getObjectAt(0) instanceof ASN1Integer) {
int pcpathlen = ((ASN1Integer) pci.getObjectAt(0)).getValue().intValue();
if (i > pcpathlen) {
error = X509Utils.V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
errorDepth = i;
currentCertificate = x;
ok = verifyCallback.call(this, ZERO);
if (ok == 0)
return ok;
}
}
proxy_path_length++;
must_be_ca = 0;
} else {
must_be_ca = 1;
}
}
return 1;
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
GeneralSecurityException(java.security.GeneralSecurityException)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
Example 72 with ASN1Integer
use of org.spongycastle.asn1.ASN1Integer in project robovm by robovm.
the class PublicKeyFactory method createKey.
/**
* Create a public key from the passed in SubjectPublicKeyInfo
*
* @param keyInfo the SubjectPublicKeyInfo containing the key data
* @return the appropriate key parameter
* @throws IOException on an error decoding the key
*/
public static AsymmetricKeyParameter createKey(SubjectPublicKeyInfo keyInfo) throws IOException {
AlgorithmIdentifier algId = keyInfo.getAlgorithm();
if (algId.getAlgorithm().equals(PKCSObjectIdentifiers.rsaEncryption) || algId.getAlgorithm().equals(X509ObjectIdentifiers.id_ea_rsa)) {
RSAPublicKey pubKey = RSAPublicKey.getInstance(keyInfo.parsePublicKey());
return new RSAKeyParameters(false, pubKey.getModulus(), pubKey.getPublicExponent());
} else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.dhpublicnumber)) {
DHPublicKey dhPublicKey = DHPublicKey.getInstance(keyInfo.parsePublicKey());
BigInteger y = dhPublicKey.getY().getValue();
DHDomainParameters dhParams = DHDomainParameters.getInstance(algId.getParameters());
BigInteger p = dhParams.getP().getValue();
BigInteger g = dhParams.getG().getValue();
BigInteger q = dhParams.getQ().getValue();
BigInteger j = null;
if (dhParams.getJ() != null) {
j = dhParams.getJ().getValue();
}
DHValidationParameters validation = null;
DHValidationParms dhValidationParms = dhParams.getValidationParms();
if (dhValidationParms != null) {
byte[] seed = dhValidationParms.getSeed().getBytes();
BigInteger pgenCounter = dhValidationParms.getPgenCounter().getValue();
// TODO Check pgenCounter size?
validation = new DHValidationParameters(seed, pgenCounter.intValue());
}
return new DHPublicKeyParameters(y, new DHParameters(p, g, q, j, validation));
} else if (algId.getAlgorithm().equals(PKCSObjectIdentifiers.dhKeyAgreement)) {
DHParameter params = DHParameter.getInstance(algId.getParameters());
ASN1Integer derY = (ASN1Integer) keyInfo.parsePublicKey();
BigInteger lVal = params.getL();
int l = lVal == null ? 0 : lVal.intValue();
DHParameters dhParams = new DHParameters(params.getP(), params.getG(), null, l);
return new DHPublicKeyParameters(derY.getValue(), dhParams);
} else // END android-removed
if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa) || algId.getAlgorithm().equals(OIWObjectIdentifiers.dsaWithSHA1)) {
ASN1Integer derY = (ASN1Integer) keyInfo.parsePublicKey();
ASN1Encodable de = algId.getParameters();
DSAParameters parameters = null;
if (de != null) {
DSAParameter params = DSAParameter.getInstance(de.toASN1Primitive());
parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
}
return new DSAPublicKeyParameters(derY.getValue(), parameters);
} else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_ecPublicKey)) {
X962Parameters params = new X962Parameters((ASN1Primitive) algId.getParameters());
X9ECParameters x9;
if (params.isNamedCurve()) {
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) params.getParameters();
x9 = X962NamedCurves.getByOID(oid);
if (x9 == null) {
x9 = SECNamedCurves.getByOID(oid);
if (x9 == null) {
x9 = NISTNamedCurves.getByOID(oid);
// BEGIN android-removed
// if (x9 == null)
// {
// x9 = TeleTrusTNamedCurves.getByOID(oid);
// }
// END android-removed
}
}
} else {
x9 = X9ECParameters.getInstance(params.getParameters());
}
ASN1OctetString key = new DEROctetString(keyInfo.getPublicKeyData().getBytes());
X9ECPoint derQ = new X9ECPoint(x9.getCurve(), key);
// TODO We lose any named parameters here
ECDomainParameters dParams = new ECDomainParameters(x9.getCurve(), x9.getG(), x9.getN(), x9.getH(), x9.getSeed());
return new ECPublicKeyParameters(derQ.getPoint(), dParams);
} else {
throw new RuntimeException("algorithm identifier in key not recognised");
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DHPublicKeyParameters(org.bouncycastle.crypto.params.DHPublicKeyParameters)
ECDomainParameters(org.bouncycastle.crypto.params.ECDomainParameters)
DHPublicKey(org.bouncycastle.asn1.x9.DHPublicKey)
X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters)
DHValidationParms(org.bouncycastle.asn1.x9.DHValidationParms)
ECPublicKeyParameters(org.bouncycastle.crypto.params.ECPublicKeyParameters)
RSAKeyParameters(org.bouncycastle.crypto.params.RSAKeyParameters)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
X962Parameters(org.bouncycastle.asn1.x9.X962Parameters)
RSAPublicKey(org.bouncycastle.asn1.pkcs.RSAPublicKey)
DHValidationParameters(org.bouncycastle.crypto.params.DHValidationParameters)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
DSAParameter(org.bouncycastle.asn1.x509.DSAParameter)
DHParameter(org.bouncycastle.asn1.pkcs.DHParameter)
DSAPublicKeyParameters(org.bouncycastle.crypto.params.DSAPublicKeyParameters)
DHParameters(org.bouncycastle.crypto.params.DHParameters)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
X9ECPoint(org.bouncycastle.asn1.x9.X9ECPoint)
X9ECPoint(org.bouncycastle.asn1.x9.X9ECPoint)
BigInteger(java.math.BigInteger)
DHDomainParameters(org.bouncycastle.asn1.x9.DHDomainParameters)
DSAParameters(org.bouncycastle.crypto.params.DSAParameters)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 73 with ASN1Integer
use of org.spongycastle.asn1.ASN1Integer in project robovm by robovm.
the class BCDHPublicKey method isPKCSParam.
private boolean isPKCSParam(ASN1Sequence seq) {
if (seq.size() == 2) {
return true;
}
if (seq.size() > 3) {
return false;
}
ASN1Integer l = ASN1Integer.getInstance(seq.getObjectAt(2));
ASN1Integer p = ASN1Integer.getInstance(seq.getObjectAt(0));
if (l.getValue().compareTo(BigInteger.valueOf(p.getValue().bitLength())) > 0) {
return false;
}
return true;
}
Also used :
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
Example 74 with ASN1Integer
use of org.spongycastle.asn1.ASN1Integer in project robovm by robovm.
the class X9ECParameters method toASN1Primitive.
/**
* Produce an object suitable for an ASN1OutputStream.
* <pre>
* ECParameters ::= SEQUENCE {
* version INTEGER { ecpVer1(1) } (ecpVer1),
* fieldID FieldID {{FieldTypes}},
* curve X9Curve,
* base X9ECPoint,
* order INTEGER,
* cofactor INTEGER OPTIONAL
* }
* </pre>
*/
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new ASN1Integer(1));
v.add(fieldID);
v.add(new X9Curve(curve, seed));
v.add(new X9ECPoint(g));
v.add(new ASN1Integer(n));
if (h != null) {
v.add(new ASN1Integer(h));
}
return new DERSequence(v);
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
Example 75 with ASN1Integer
use of org.spongycastle.asn1.ASN1Integer in project robovm by robovm.
the class RSAPublicKeyStructure method toASN1Primitive.
/**
* This outputs the key in PKCS1v2 format.
* <pre>
* RSAPublicKey ::= SEQUENCE {
* modulus INTEGER, -- n
* publicExponent INTEGER, -- e
* }
* </pre>
* <p>
*/
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new ASN1Integer(getModulus()));
v.add(new ASN1Integer(getPublicExponent()));
return new DERSequence(v);
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
Aggregations
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)120
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)54
DERSequence (org.bouncycastle.asn1.DERSequence)48
IOException (java.io.IOException)43
BigInteger (java.math.BigInteger)43
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)39
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)28
DEROctetString (org.bouncycastle.asn1.DEROctetString)21
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)20
ArrayList (java.util.ArrayList)18
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)18
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)15
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)15
X509Certificate (java.security.cert.X509Certificate)14
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)14
Date (java.util.Date)12
DLSequence (org.bouncycastle.asn1.DLSequence)12
KeyPair (java.security.KeyPair)11
HashMap (java.util.HashMap)11
HashSet (java.util.HashSet)11
