use of org.spongycastle.asn1.DEROctetString in project jruby-openssl by jruby.
the class X509AuxCertificate method getNsCertType.
public Integer getNsCertType() throws CertificateException {
final String NS_CERT_TYPE_OID = "2.16.840.1.113730.1.1";
final byte[] bytes = getExtensionValue(NS_CERT_TYPE_OID);
if (bytes == null)
return null;
try {
Object o = new ASN1InputStream(bytes).readObject();
if (o instanceof DERBitString) {
return ((DERBitString) o).intValue();
}
if (o instanceof DEROctetString) {
// just reads initial object for nsCertType definition and ignores trailing objects.
ASN1InputStream in = new ASN1InputStream(((DEROctetString) o).getOctets());
o = in.readObject();
return ((DERBitString) o).intValue();
} else {
throw new CertificateException("unknown type from ASN1InputStream.readObject: " + o);
}
} catch (IOException ioe) {
throw new CertificateEncodingException(ioe.getMessage(), ioe);
}
}
use of org.spongycastle.asn1.DEROctetString in project jruby-openssl by jruby.
the class X509Extension method initialize.
@JRubyMethod(name = "initialize", rest = true, visibility = Visibility.PRIVATE)
public IRubyObject initialize(final ThreadContext context, final IRubyObject[] args) {
if (args.length == 1) {
final byte[] bytes = to_der_if_possible(context, args[0]).asString().getBytes();
try {
ASN1Sequence seq = (ASN1Sequence) ASN1.readObject(bytes);
setRealObjectID((ASN1ObjectIdentifier) seq.getObjectAt(0));
final ASN1Encodable criticalOrValue = seq.getObjectAt(1);
if (criticalOrValue instanceof ASN1Boolean) {
setRealCritical(((ASN1Boolean) criticalOrValue).isTrue());
// byte[]
this.value = ((DEROctetString) seq.getObjectAt(2)).getOctets();
} else if (criticalOrValue instanceof DERBoolean) {
// NOTE: keep it due BC <= 1.50
setRealCritical(((DERBoolean) criticalOrValue).isTrue());
// byte[]
this.value = ((DEROctetString) seq.getObjectAt(2)).getOctets();
} else {
// byte[]
this.value = ((DEROctetString) criticalOrValue).getOctets();
}
} catch (IOException e) {
throw newExtensionError(context.runtime, e);
}
} else if (args.length > 1) {
setRealObjectID(ASN1.getObjectID(context.runtime, args[0].toString()));
// a RubyString
this.value = args[1];
} else {
// args.length < 1
throw context.runtime.newArgumentError("wrong number of arguments (0 for 1..3)");
}
if (args.length > 2)
setRealCritical(args[2].isTrue());
return this;
}
use of org.spongycastle.asn1.DEROctetString in project jruby-openssl by jruby.
the class X509Extension method toASN1Sequence.
ASN1Sequence toASN1Sequence() throws IOException {
final ASN1EncodableVector vec = new ASN1EncodableVector();
vec.add(getRealObjectID());
if (critical)
vec.add(DERBoolean.TRUE);
vec.add(new DEROctetString(getRealValueEncoded()));
return new DLSequence(vec);
}
use of org.spongycastle.asn1.DEROctetString in project jruby-openssl by jruby.
the class PKCS7 method dataInit.
/**
* c: PKCS7_dataInit
*/
public BIO dataInit(BIO bio) throws PKCS7Exception {
Collection<AlgorithmIdentifier> mdSk = null;
ASN1OctetString os = null;
int i = this.data.getType();
Collection<RecipInfo> rsk = null;
AlgorithmIdentifier xa = null;
CipherSpec evpCipher = null;
BIO out = null;
BIO btmp = null;
EncContent enc = null;
switch(i) {
case ASN1Registry.NID_pkcs7_signed:
mdSk = getSign().getMdAlgs();
os = getSign().getContents().getOctetString();
break;
case ASN1Registry.NID_pkcs7_signedAndEnveloped:
rsk = getSignedAndEnveloped().getRecipientInfo();
mdSk = getSignedAndEnveloped().getMdAlgs();
enc = getSignedAndEnveloped().getEncData();
evpCipher = getSignedAndEnveloped().getEncData().getCipher();
if (null == evpCipher) {
throw new PKCS7Exception(F_PKCS7_DATAINIT, R_CIPHER_NOT_INITIALIZED);
}
break;
case ASN1Registry.NID_pkcs7_enveloped:
rsk = getEnveloped().getRecipientInfo();
enc = getEnveloped().getEncData();
evpCipher = getEnveloped().getEncData().getCipher();
if (null == evpCipher) {
throw new PKCS7Exception(F_PKCS7_DATAINIT, R_CIPHER_NOT_INITIALIZED);
}
break;
case ASN1Registry.NID_pkcs7_digest:
xa = getDigest().getMd();
os = getDigest().getContents().getOctetString();
break;
default:
throw new PKCS7Exception(F_PKCS7_DATAINIT, R_UNSUPPORTED_CONTENT_TYPE);
}
if (mdSk != null) {
for (AlgorithmIdentifier ai : mdSk) {
if ((out = bioAddDigest(out, ai)) == null) {
return null;
}
}
}
if (xa != null && (out = bioAddDigest(out, xa)) == null) {
return null;
}
if (evpCipher != null) {
byte[] tmp;
btmp = BIO.cipherFilter(evpCipher.getCipher());
String algoBase = evpCipher.getCipher().getAlgorithm();
if (algoBase.indexOf('/') != -1) {
algoBase = algoBase.split("/")[0];
}
try {
KeyGenerator gen = SecurityHelper.getKeyGenerator(algoBase);
gen.init(evpCipher.getKeyLenInBits(), SecurityHelper.getSecureRandom());
SecretKey key = gen.generateKey();
evpCipher.getCipher().init(Cipher.ENCRYPT_MODE, key);
if (null != rsk) {
for (RecipInfo ri : rsk) {
PublicKey pkey = ri.getCert().getPublicKey();
Cipher cipher = SecurityHelper.getCipher(CipherSpec.getWrappingAlgorithm(pkey.getAlgorithm()));
cipher.init(Cipher.ENCRYPT_MODE, pkey);
tmp = cipher.doFinal(key.getEncoded());
ri.setEncKey(new DEROctetString(tmp));
}
}
} catch (Exception e) {
e.printStackTrace(System.err);
throw new PKCS7Exception(F_PKCS7_DATAINIT, R_ERROR_SETTING_CIPHER, e);
}
ASN1ObjectIdentifier encAlgo = ASN1Registry.sym2oid(evpCipher.getOsslName());
if (encAlgo == null) {
throw new PKCS7Exception(F_PKCS7_DATAINIT, R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
}
if (evpCipher.getCipher().getIV() != null) {
enc.setAlgorithm(new AlgorithmIdentifier(encAlgo, new DEROctetString(evpCipher.getCipher().getIV())));
} else {
enc.setAlgorithm(new AlgorithmIdentifier(encAlgo));
}
if (out == null) {
out = btmp;
} else {
out.push(btmp);
}
}
if (bio == null) {
if (isDetached()) {
bio = BIO.nullSink();
} else if (os != null && os.getOctets().length > 0) {
bio = BIO.memBuf(os.getOctets());
}
if (bio == null) {
bio = BIO.mem();
bio.setMemEofReturn(0);
}
}
if (out != null) {
out.push(bio);
} else {
out = bio;
}
return out;
}
use of org.spongycastle.asn1.DEROctetString in project jruby-openssl by jruby.
the class PKCS7 method dataFinal.
/**
* c: PKCS7_dataFinal
*/
public int dataFinal(BIO bio) throws PKCS7Exception {
Collection<SignerInfoWithPkey> siSk = null;
BIO btmp;
byte[] buf;
MessageDigest mdc = null;
MessageDigest ctx_tmp = null;
ASN1Set sk;
int i = this.data.getType();
switch(i) {
case ASN1Registry.NID_pkcs7_signedAndEnveloped:
siSk = getSignedAndEnveloped().getSignerInfo();
break;
case ASN1Registry.NID_pkcs7_signed:
siSk = getSign().getSignerInfo();
break;
case ASN1Registry.NID_pkcs7_digest:
break;
default:
break;
}
if (siSk != null) {
for (SignerInfoWithPkey si : siSk) {
if (si.getPkey() == null) {
continue;
}
int j = ASN1Registry.oid2nid(si.getDigestAlgorithm().getAlgorithm());
btmp = bio;
MessageDigest[] _mdc = new MessageDigest[] { mdc };
btmp = findDigest(_mdc, btmp, j);
mdc = _mdc[0];
if (btmp == null) {
return 0;
}
try {
ctx_tmp = (MessageDigest) mdc.clone();
} catch (CloneNotSupportedException e) {
throw new RuntimeException(e);
}
sk = si.getAuthenticatedAttributes();
Signature sign = null;
try {
if (sk != null && sk.size() > 0) {
/* Add signing time if not already present */
if (null == si.getSignedAttribute(ASN1Registry.NID_pkcs9_signingTime)) {
DERUTCTime signTime = new DERUTCTime(Calendar.getInstance(TimeZone.getTimeZone("UTC")).getTime());
si.addSignedAttribute(ASN1Registry.NID_pkcs9_signingTime, signTime);
}
byte[] md_data = ctx_tmp.digest();
ASN1OctetString digest = new DEROctetString(md_data);
si.addSignedAttribute(ASN1Registry.NID_pkcs9_messageDigest, digest);
sk = si.getAuthenticatedAttributes();
sign = SecurityHelper.getSignature(EVP.signatureAlgorithm(ctx_tmp, si.getPkey()));
sign.initSign(si.getPkey());
byte[] abuf = sk.getEncoded();
sign.update(abuf);
}
if (sign != null) {
byte[] out = sign.sign();
si.setEncryptedDigest(new DEROctetString(out));
}
} catch (Exception e) {
throw new PKCS7Exception(F_PKCS7_DATAFINAL, -1, e);
}
}
} else if (i == ASN1Registry.NID_pkcs7_digest) {
int nid = ASN1Registry.oid2nid(getDigest().getMd().getAlgorithm());
MessageDigest[] _mdc = new MessageDigest[] { mdc };
bio = findDigest(_mdc, bio, nid);
mdc = _mdc[0];
byte[] md_data = mdc.digest();
ASN1OctetString digest = new DEROctetString(md_data);
getDigest().setDigest(digest);
}
if (!isDetached()) {
btmp = bio.findType(BIO.TYPE_MEM);
if (null == btmp) {
throw new PKCS7Exception(F_PKCS7_DATAFINAL, R_UNABLE_TO_FIND_MEM_BIO);
}
buf = ((MemBIO) btmp).getMemCopy();
switch(i) {
case ASN1Registry.NID_pkcs7_signedAndEnveloped:
getSignedAndEnveloped().getEncData().setEncData(new DEROctetString(buf));
break;
case ASN1Registry.NID_pkcs7_enveloped:
getEnveloped().getEncData().setEncData(new DEROctetString(buf));
break;
case ASN1Registry.NID_pkcs7_signed:
if (getSign().getContents().isData() && getDetached() != 0) {
getSign().getContents().setData(null);
} else {
getSign().getContents().setData(new DEROctetString(buf));
}
break;
case ASN1Registry.NID_pkcs7_digest:
if (getDigest().getContents().isData() && getDetached() != 0) {
getDigest().getContents().setData(null);
} else {
getDigest().getContents().setData(new DEROctetString(buf));
}
break;
}
}
return 1;
}
Aggregations