Search in sources :

Example 91 with DEROctetString

use of org.spongycastle.asn1.DEROctetString in project jruby-openssl by jruby.

the class X509AuxCertificate method getNsCertType.

public Integer getNsCertType() throws CertificateException {
    final String NS_CERT_TYPE_OID = "2.16.840.1.113730.1.1";
    final byte[] bytes = getExtensionValue(NS_CERT_TYPE_OID);
    if (bytes == null)
        return null;
    try {
        Object o = new ASN1InputStream(bytes).readObject();
        if (o instanceof DERBitString) {
            return ((DERBitString) o).intValue();
        }
        if (o instanceof DEROctetString) {
            // just reads initial object for nsCertType definition and ignores trailing objects.
            ASN1InputStream in = new ASN1InputStream(((DEROctetString) o).getOctets());
            o = in.readObject();
            return ((DERBitString) o).intValue();
        } else {
            throw new CertificateException("unknown type from ASN1InputStream.readObject: " + o);
        }
    } catch (IOException ioe) {
        throw new CertificateEncodingException(ioe.getMessage(), ioe);
    }
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) X509CertificateObject(org.bouncycastle.jce.provider.X509CertificateObject) DERBitString(org.bouncycastle.asn1.DERBitString) CertificateException(java.security.cert.CertificateException) CertificateEncodingException(java.security.cert.CertificateEncodingException) DERBitString(org.bouncycastle.asn1.DERBitString) DEROctetString(org.bouncycastle.asn1.DEROctetString) IOException(java.io.IOException) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 92 with DEROctetString

use of org.spongycastle.asn1.DEROctetString in project jruby-openssl by jruby.

the class X509Extension method initialize.

@JRubyMethod(name = "initialize", rest = true, visibility = Visibility.PRIVATE)
public IRubyObject initialize(final ThreadContext context, final IRubyObject[] args) {
    if (args.length == 1) {
        final byte[] bytes = to_der_if_possible(context, args[0]).asString().getBytes();
        try {
            ASN1Sequence seq = (ASN1Sequence) ASN1.readObject(bytes);
            setRealObjectID((ASN1ObjectIdentifier) seq.getObjectAt(0));
            final ASN1Encodable criticalOrValue = seq.getObjectAt(1);
            if (criticalOrValue instanceof ASN1Boolean) {
                setRealCritical(((ASN1Boolean) criticalOrValue).isTrue());
                // byte[]
                this.value = ((DEROctetString) seq.getObjectAt(2)).getOctets();
            } else if (criticalOrValue instanceof DERBoolean) {
                // NOTE: keep it due BC <= 1.50
                setRealCritical(((DERBoolean) criticalOrValue).isTrue());
                // byte[]
                this.value = ((DEROctetString) seq.getObjectAt(2)).getOctets();
            } else {
                // byte[]
                this.value = ((DEROctetString) criticalOrValue).getOctets();
            }
        } catch (IOException e) {
            throw newExtensionError(context.runtime, e);
        }
    } else if (args.length > 1) {
        setRealObjectID(ASN1.getObjectID(context.runtime, args[0].toString()));
        // a RubyString
        this.value = args[1];
    } else {
        // args.length < 1
        throw context.runtime.newArgumentError("wrong number of arguments (0 for 1..3)");
    }
    if (args.length > 2)
        setRealCritical(args[2].isTrue());
    return this;
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1Boolean(org.bouncycastle.asn1.ASN1Boolean) IOException(java.io.IOException) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERBoolean(org.bouncycastle.asn1.DERBoolean) JRubyMethod(org.jruby.anno.JRubyMethod)

Example 93 with DEROctetString

use of org.spongycastle.asn1.DEROctetString in project jruby-openssl by jruby.

the class X509Extension method toASN1Sequence.

ASN1Sequence toASN1Sequence() throws IOException {
    final ASN1EncodableVector vec = new ASN1EncodableVector();
    vec.add(getRealObjectID());
    if (critical)
        vec.add(DERBoolean.TRUE);
    vec.add(new DEROctetString(getRealValueEncoded()));
    return new DLSequence(vec);
}
Also used : DLSequence(org.bouncycastle.asn1.DLSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 94 with DEROctetString

use of org.spongycastle.asn1.DEROctetString in project jruby-openssl by jruby.

the class PKCS7 method dataInit.

/**
 * c: PKCS7_dataInit
 */
public BIO dataInit(BIO bio) throws PKCS7Exception {
    Collection<AlgorithmIdentifier> mdSk = null;
    ASN1OctetString os = null;
    int i = this.data.getType();
    Collection<RecipInfo> rsk = null;
    AlgorithmIdentifier xa = null;
    CipherSpec evpCipher = null;
    BIO out = null;
    BIO btmp = null;
    EncContent enc = null;
    switch(i) {
        case ASN1Registry.NID_pkcs7_signed:
            mdSk = getSign().getMdAlgs();
            os = getSign().getContents().getOctetString();
            break;
        case ASN1Registry.NID_pkcs7_signedAndEnveloped:
            rsk = getSignedAndEnveloped().getRecipientInfo();
            mdSk = getSignedAndEnveloped().getMdAlgs();
            enc = getSignedAndEnveloped().getEncData();
            evpCipher = getSignedAndEnveloped().getEncData().getCipher();
            if (null == evpCipher) {
                throw new PKCS7Exception(F_PKCS7_DATAINIT, R_CIPHER_NOT_INITIALIZED);
            }
            break;
        case ASN1Registry.NID_pkcs7_enveloped:
            rsk = getEnveloped().getRecipientInfo();
            enc = getEnveloped().getEncData();
            evpCipher = getEnveloped().getEncData().getCipher();
            if (null == evpCipher) {
                throw new PKCS7Exception(F_PKCS7_DATAINIT, R_CIPHER_NOT_INITIALIZED);
            }
            break;
        case ASN1Registry.NID_pkcs7_digest:
            xa = getDigest().getMd();
            os = getDigest().getContents().getOctetString();
            break;
        default:
            throw new PKCS7Exception(F_PKCS7_DATAINIT, R_UNSUPPORTED_CONTENT_TYPE);
    }
    if (mdSk != null) {
        for (AlgorithmIdentifier ai : mdSk) {
            if ((out = bioAddDigest(out, ai)) == null) {
                return null;
            }
        }
    }
    if (xa != null && (out = bioAddDigest(out, xa)) == null) {
        return null;
    }
    if (evpCipher != null) {
        byte[] tmp;
        btmp = BIO.cipherFilter(evpCipher.getCipher());
        String algoBase = evpCipher.getCipher().getAlgorithm();
        if (algoBase.indexOf('/') != -1) {
            algoBase = algoBase.split("/")[0];
        }
        try {
            KeyGenerator gen = SecurityHelper.getKeyGenerator(algoBase);
            gen.init(evpCipher.getKeyLenInBits(), SecurityHelper.getSecureRandom());
            SecretKey key = gen.generateKey();
            evpCipher.getCipher().init(Cipher.ENCRYPT_MODE, key);
            if (null != rsk) {
                for (RecipInfo ri : rsk) {
                    PublicKey pkey = ri.getCert().getPublicKey();
                    Cipher cipher = SecurityHelper.getCipher(CipherSpec.getWrappingAlgorithm(pkey.getAlgorithm()));
                    cipher.init(Cipher.ENCRYPT_MODE, pkey);
                    tmp = cipher.doFinal(key.getEncoded());
                    ri.setEncKey(new DEROctetString(tmp));
                }
            }
        } catch (Exception e) {
            e.printStackTrace(System.err);
            throw new PKCS7Exception(F_PKCS7_DATAINIT, R_ERROR_SETTING_CIPHER, e);
        }
        ASN1ObjectIdentifier encAlgo = ASN1Registry.sym2oid(evpCipher.getOsslName());
        if (encAlgo == null) {
            throw new PKCS7Exception(F_PKCS7_DATAINIT, R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
        }
        if (evpCipher.getCipher().getIV() != null) {
            enc.setAlgorithm(new AlgorithmIdentifier(encAlgo, new DEROctetString(evpCipher.getCipher().getIV())));
        } else {
            enc.setAlgorithm(new AlgorithmIdentifier(encAlgo));
        }
        if (out == null) {
            out = btmp;
        } else {
            out.push(btmp);
        }
    }
    if (bio == null) {
        if (isDetached()) {
            bio = BIO.nullSink();
        } else if (os != null && os.getOctets().length > 0) {
            bio = BIO.memBuf(os.getOctets());
        }
        if (bio == null) {
            bio = BIO.mem();
            bio.setMemEofReturn(0);
        }
    }
    if (out != null) {
        out.push(bio);
    } else {
        out = bio;
    }
    return out;
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) PublicKey(java.security.PublicKey) DEROctetString(org.bouncycastle.asn1.DEROctetString) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DEROctetString(org.bouncycastle.asn1.DEROctetString) PKCSException(org.bouncycastle.pkcs.PKCSException) IOException(java.io.IOException) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) SecretKey(javax.crypto.SecretKey) Cipher(javax.crypto.Cipher) KeyGenerator(javax.crypto.KeyGenerator) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 95 with DEROctetString

use of org.spongycastle.asn1.DEROctetString in project jruby-openssl by jruby.

the class PKCS7 method dataFinal.

/**
 * c: PKCS7_dataFinal
 */
public int dataFinal(BIO bio) throws PKCS7Exception {
    Collection<SignerInfoWithPkey> siSk = null;
    BIO btmp;
    byte[] buf;
    MessageDigest mdc = null;
    MessageDigest ctx_tmp = null;
    ASN1Set sk;
    int i = this.data.getType();
    switch(i) {
        case ASN1Registry.NID_pkcs7_signedAndEnveloped:
            siSk = getSignedAndEnveloped().getSignerInfo();
            break;
        case ASN1Registry.NID_pkcs7_signed:
            siSk = getSign().getSignerInfo();
            break;
        case ASN1Registry.NID_pkcs7_digest:
            break;
        default:
            break;
    }
    if (siSk != null) {
        for (SignerInfoWithPkey si : siSk) {
            if (si.getPkey() == null) {
                continue;
            }
            int j = ASN1Registry.oid2nid(si.getDigestAlgorithm().getAlgorithm());
            btmp = bio;
            MessageDigest[] _mdc = new MessageDigest[] { mdc };
            btmp = findDigest(_mdc, btmp, j);
            mdc = _mdc[0];
            if (btmp == null) {
                return 0;
            }
            try {
                ctx_tmp = (MessageDigest) mdc.clone();
            } catch (CloneNotSupportedException e) {
                throw new RuntimeException(e);
            }
            sk = si.getAuthenticatedAttributes();
            Signature sign = null;
            try {
                if (sk != null && sk.size() > 0) {
                    /* Add signing time if not already present */
                    if (null == si.getSignedAttribute(ASN1Registry.NID_pkcs9_signingTime)) {
                        DERUTCTime signTime = new DERUTCTime(Calendar.getInstance(TimeZone.getTimeZone("UTC")).getTime());
                        si.addSignedAttribute(ASN1Registry.NID_pkcs9_signingTime, signTime);
                    }
                    byte[] md_data = ctx_tmp.digest();
                    ASN1OctetString digest = new DEROctetString(md_data);
                    si.addSignedAttribute(ASN1Registry.NID_pkcs9_messageDigest, digest);
                    sk = si.getAuthenticatedAttributes();
                    sign = SecurityHelper.getSignature(EVP.signatureAlgorithm(ctx_tmp, si.getPkey()));
                    sign.initSign(si.getPkey());
                    byte[] abuf = sk.getEncoded();
                    sign.update(abuf);
                }
                if (sign != null) {
                    byte[] out = sign.sign();
                    si.setEncryptedDigest(new DEROctetString(out));
                }
            } catch (Exception e) {
                throw new PKCS7Exception(F_PKCS7_DATAFINAL, -1, e);
            }
        }
    } else if (i == ASN1Registry.NID_pkcs7_digest) {
        int nid = ASN1Registry.oid2nid(getDigest().getMd().getAlgorithm());
        MessageDigest[] _mdc = new MessageDigest[] { mdc };
        bio = findDigest(_mdc, bio, nid);
        mdc = _mdc[0];
        byte[] md_data = mdc.digest();
        ASN1OctetString digest = new DEROctetString(md_data);
        getDigest().setDigest(digest);
    }
    if (!isDetached()) {
        btmp = bio.findType(BIO.TYPE_MEM);
        if (null == btmp) {
            throw new PKCS7Exception(F_PKCS7_DATAFINAL, R_UNABLE_TO_FIND_MEM_BIO);
        }
        buf = ((MemBIO) btmp).getMemCopy();
        switch(i) {
            case ASN1Registry.NID_pkcs7_signedAndEnveloped:
                getSignedAndEnveloped().getEncData().setEncData(new DEROctetString(buf));
                break;
            case ASN1Registry.NID_pkcs7_enveloped:
                getEnveloped().getEncData().setEncData(new DEROctetString(buf));
                break;
            case ASN1Registry.NID_pkcs7_signed:
                if (getSign().getContents().isData() && getDetached() != 0) {
                    getSign().getContents().setData(null);
                } else {
                    getSign().getContents().setData(new DEROctetString(buf));
                }
                break;
            case ASN1Registry.NID_pkcs7_digest:
                if (getDigest().getContents().isData() && getDetached() != 0) {
                    getDigest().getContents().setData(null);
                } else {
                    getDigest().getContents().setData(new DEROctetString(buf));
                }
                break;
        }
    }
    return 1;
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DEROctetString(org.bouncycastle.asn1.DEROctetString) PKCSException(org.bouncycastle.pkcs.PKCSException) IOException(java.io.IOException) ASN1Set(org.bouncycastle.asn1.ASN1Set) DERUTCTime(org.bouncycastle.asn1.DERUTCTime) Signature(java.security.Signature) MessageDigest(java.security.MessageDigest)

Aggregations

DEROctetString (org.bouncycastle.asn1.DEROctetString)84 IOException (java.io.IOException)38 DERSequence (org.bouncycastle.asn1.DERSequence)29 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)28 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)26 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)21 DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)19 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)18 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)16 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)16 Extension (org.bouncycastle.asn1.x509.Extension)16 BigInteger (java.math.BigInteger)13 Date (java.util.Date)11 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)11 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)11 DERSet (org.bouncycastle.asn1.DERSet)10 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)10 Extensions (org.bouncycastle.asn1.x509.Extensions)10 X509Certificate (java.security.cert.X509Certificate)8 ArrayList (java.util.ArrayList)8