use of org.spongycastle.asn1.DEROctetString in project xipki by xipki.
the class P11ProxyResponder method processRequest.
/**
* The request is constructed as follows:
* <pre>
* 0 - - - 1 - - - 2 - - - 3 - - - 4 - - - 5 - - - 6 - - - 7 - - - 8
* | Version | Transaction ID | Body ... |
* | ... Length | Action | Module ID | Content... |
* | .Content | <-- 10 + Length (offset).
*
* </pre>
*/
byte[] processRequest(LocalP11CryptServicePool pool, byte[] request) {
int reqLen = request.length;
// TransactionID
byte[] transactionId = new byte[4];
if (reqLen > 5) {
System.arraycopy(request, 2, transactionId, 0, 4);
}
// Action
short action = P11ProxyConstants.ACTION_NOPE;
if (reqLen > 11) {
action = IoUtil.parseShort(request, 10);
}
if (reqLen < 14) {
LOG.error("response too short");
return getResp(P11ProxyConstants.VERSION_V1_0, transactionId, action, P11ProxyConstants.RC_BAD_REQUEST);
}
// Version
short version = IoUtil.parseShort(request, 0);
if (!versions.contains(version)) {
LOG.error("unsupported version {}", version);
return getResp(P11ProxyConstants.VERSION_V1_0, transactionId, action, P11ProxyConstants.RC_UNSUPPORTED_VERSION);
}
// Length
int reqBodyLen = IoUtil.parseInt(request, 6);
if (reqBodyLen + 10 != reqLen) {
LOG.error("message length unmatch");
return getResp(version, transactionId, action, P11ProxyConstants.RC_BAD_REQUEST);
}
short moduleId = IoUtil.parseShort(request, 12);
int contentLen = reqLen - 14;
byte[] content;
if (contentLen == 0) {
if (actionsRequireNonNullRequest.contains(action)) {
LOG.error("content is not present but is required");
return getResp(version, transactionId, P11ProxyConstants.RC_BAD_REQUEST, action);
}
content = null;
} else {
if (actionsRequireNullRequest.contains(action)) {
LOG.error("content is present but is not permitted");
return getResp(version, transactionId, P11ProxyConstants.RC_BAD_REQUEST, action);
}
content = new byte[contentLen];
System.arraycopy(request, 14, content, 0, contentLen);
}
P11CryptService p11CryptService = pool.getP11CryptService(moduleId);
if (p11CryptService == null) {
LOG.error("no module {} available", moduleId);
return getResp(version, transactionId, P11ProxyConstants.RC_UNKNOWN_MODULE, action);
}
try {
switch(action) {
case P11ProxyConstants.ACTION_ADD_CERT:
{
Asn1EntityIdAndCert asn1 = Asn1EntityIdAndCert.getInstance(content);
P11Slot slot = getSlot(p11CryptService, asn1.getEntityId());
X509Certificate cert = X509Util.toX509Cert(asn1.getCertificate());
slot.addCert(asn1.getEntityId().getObjectId().getObjectId(), cert);
return getSuccessResp(version, transactionId, action, (byte[]) null);
}
case P11ProxyConstants.ACTION_DIGEST_SECRETKEY:
{
Asn1DigestSecretKeyTemplate template = Asn1DigestSecretKeyTemplate.getInstance(content);
long mechanism = template.getMechanism().getMechanism();
P11Identity identity = p11CryptService.getIdentity(template.getIdentityId().getEntityId());
byte[] hashValue = identity.digestSecretKey(mechanism);
ASN1Object obj = new DEROctetString(hashValue);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_GEN_KEYPAIR_DSA:
{
Asn1GenDSAKeypairParams asn1 = Asn1GenDSAKeypairParams.getInstance(content);
P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
P11ObjectIdentifier keyId = slot.generateDSAKeypair(asn1.getP(), asn1.getQ(), asn1.getG(), asn1.getLabel(), asn1.getControl());
ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_GEN_KEYPAIR_EC:
{
Asn1GenECKeypairParams asn1 = Asn1GenECKeypairParams.getInstance(content);
P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
P11ObjectIdentifier keyId = slot.generateECKeypair(asn1.getCurveId().getId(), asn1.getLabel(), asn1.getControl());
ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_GEN_KEYPAIR_RSA:
{
Asn1GenRSAKeypairParams asn1 = Asn1GenRSAKeypairParams.getInstance(content);
P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
P11ObjectIdentifier keyId = slot.generateRSAKeypair(asn1.getKeysize(), asn1.getPublicExponent(), asn1.getLabel(), asn1.getControl());
ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_GEN_KEYPAIR_SM2:
{
Asn1GenSM2KeypairParams asn1 = Asn1GenSM2KeypairParams.getInstance(content);
P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
P11ObjectIdentifier keyId = slot.generateSM2Keypair(asn1.getLabel(), asn1.getControl());
ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_GEN_SECRET_KEY:
{
Asn1GenSecretKeyParams asn1 = Asn1GenSecretKeyParams.getInstance(content);
P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
P11ObjectIdentifier keyId = slot.generateSecretKey(asn1.getKeyType(), asn1.getKeysize(), asn1.getLabel(), asn1.getControl());
ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_GET_CERT:
{
P11EntityIdentifier entityId = Asn1P11EntityIdentifier.getInstance(content).getEntityId();
X509Certificate cert = p11CryptService.getIdentity(entityId).getCertificate();
return getSuccessResp(version, transactionId, action, cert.getEncoded());
}
case P11ProxyConstants.ACTION_GET_CERT_IDS:
case P11ProxyConstants.ACTION_GET_IDENTITY_IDS:
{
Asn1P11SlotIdentifier slotId = Asn1P11SlotIdentifier.getInstance(content);
P11Slot slot = p11CryptService.getModule().getSlot(slotId.getSlotId());
Set<P11ObjectIdentifier> objectIds;
if (P11ProxyConstants.ACTION_GET_CERT_IDS == action) {
objectIds = slot.getCertIdentifiers();
} else {
objectIds = slot.getIdentityIdentifiers();
}
ASN1EncodableVector vec = new ASN1EncodableVector();
for (P11ObjectIdentifier objectId : objectIds) {
vec.add(new Asn1P11ObjectIdentifier(objectId));
}
ASN1Object obj = new DERSequence(vec);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_GET_MECHANISMS:
{
P11SlotIdentifier slotId = Asn1P11SlotIdentifier.getInstance(content).getSlotId();
Set<Long> mechs = p11CryptService.getSlot(slotId).getMechanisms();
ASN1EncodableVector vec = new ASN1EncodableVector();
for (Long mech : mechs) {
vec.add(new ASN1Integer(mech));
}
ASN1Object obj = new DERSequence(vec);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_GET_PUBLICKEY:
{
P11EntityIdentifier identityId = Asn1P11EntityIdentifier.getInstance(content).getEntityId();
PublicKey pubKey = p11CryptService.getIdentity(identityId).getPublicKey();
if (pubKey == null) {
throw new P11UnknownEntityException(identityId);
}
ASN1Object obj = KeyUtil.createSubjectPublicKeyInfo(pubKey);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_GET_SERVER_CAPS:
{
boolean readOnly = p11CryptService.getModule().isReadOnly();
ASN1Object obj = new Asn1ServerCaps(readOnly, versions);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_GET_SLOT_IDS:
{
List<P11SlotIdentifier> slotIds = p11CryptService.getModule().getSlotIds();
ASN1EncodableVector vector = new ASN1EncodableVector();
for (P11SlotIdentifier slotId : slotIds) {
vector.add(new Asn1P11SlotIdentifier(slotId));
}
ASN1Object obj = new DERSequence(vector);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_IMPORT_SECRET_KEY:
{
Asn1ImportSecretKeyParams asn1 = Asn1ImportSecretKeyParams.getInstance(content);
P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
P11ObjectIdentifier keyId = slot.importSecretKey(asn1.getKeyType(), asn1.getKeyValue(), asn1.getLabel(), asn1.getControl());
ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_REMOVE_CERTS:
{
Asn1P11EntityIdentifier asn1 = Asn1P11EntityIdentifier.getInstance(content);
P11Slot slot = getSlot(p11CryptService, asn1);
slot.removeCerts(asn1.getObjectId().getObjectId());
return getSuccessResp(version, transactionId, action, (byte[]) null);
}
case P11ProxyConstants.ACTION_REMOVE_IDENTITY:
{
Asn1P11EntityIdentifier asn1 = Asn1P11EntityIdentifier.getInstance(content);
P11Slot slot = getSlot(p11CryptService, asn1);
slot.removeIdentity(asn1.getObjectId().getObjectId());
return getSuccessResp(version, transactionId, action, (byte[]) null);
}
case P11ProxyConstants.ACTION_REMOVE_OBJECTS:
{
Asn1RemoveObjectsParams asn1 = Asn1RemoveObjectsParams.getInstance(content);
P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
int num = slot.removeObjects(asn1.getOjectId(), asn1.getObjectLabel());
ASN1Object obj = new ASN1Integer(num);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_SIGN:
{
Asn1SignTemplate signTemplate = Asn1SignTemplate.getInstance(content);
long mechanism = signTemplate.getMechanism().getMechanism();
Asn1P11Params asn1Params = signTemplate.getMechanism().getParams();
P11Params params = null;
if (asn1Params != null) {
switch(asn1Params.getTagNo()) {
case Asn1P11Params.TAG_RSA_PKCS_PSS:
params = Asn1RSAPkcsPssParams.getInstance(asn1Params).getPkcsPssParams();
break;
case Asn1P11Params.TAG_OPAQUE:
params = new P11ByteArrayParams(ASN1OctetString.getInstance(asn1Params).getOctets());
break;
case Asn1P11Params.TAG_IV:
params = new P11IVParams(ASN1OctetString.getInstance(asn1Params).getOctets());
break;
default:
throw new BadAsn1ObjectException("unknown SignTemplate.params: unknown tag " + asn1Params.getTagNo());
}
}
byte[] message = signTemplate.getMessage();
P11Identity identity = p11CryptService.getIdentity(signTemplate.getIdentityId().getEntityId());
byte[] signature = identity.sign(mechanism, params, message);
ASN1Object obj = new DEROctetString(signature);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_UPDATE_CERT:
{
Asn1EntityIdAndCert asn1 = Asn1EntityIdAndCert.getInstance(content);
P11Slot slot = getSlot(p11CryptService, asn1.getEntityId());
slot.updateCertificate(asn1.getEntityId().getObjectId().getObjectId(), X509Util.toX509Cert(asn1.getCertificate()));
return getSuccessResp(version, transactionId, action, (byte[]) null);
}
default:
{
LOG.error("unsupported XiPKI action code '{}'", action);
return getResp(version, transactionId, action, P11ProxyConstants.RC_UNSUPPORTED_ACTION);
}
}
} catch (BadAsn1ObjectException ex) {
LogUtil.error(LOG, ex, "could not process decode requested content (tid=" + Hex.encode(transactionId) + ")");
return getResp(version, transactionId, action, P11ProxyConstants.RC_BAD_REQUEST);
} catch (P11TokenException ex) {
LogUtil.error(LOG, ex, buildErrorMsg(action, transactionId));
short rc;
if (ex instanceof P11UnknownEntityException) {
rc = P11ProxyConstants.RC_DUPLICATE_ENTITY;
} else if (ex instanceof P11DuplicateEntityException) {
rc = P11ProxyConstants.RC_DUPLICATE_ENTITY;
} else if (ex instanceof P11UnsupportedMechanismException) {
rc = P11ProxyConstants.RC_UNSUPPORTED_MECHANISM;
} else {
rc = P11ProxyConstants.RC_P11_TOKENERROR;
}
return getResp(version, transactionId, action, rc);
} catch (XiSecurityException | CertificateException | InvalidKeyException ex) {
LogUtil.error(LOG, ex, buildErrorMsg(action, transactionId));
return getResp(version, transactionId, action, P11ProxyConstants.RC_INTERNAL_ERROR);
} catch (Throwable th) {
LogUtil.error(LOG, th, buildErrorMsg(action, transactionId));
return getResp(version, transactionId, action, P11ProxyConstants.RC_INTERNAL_ERROR);
}
}
use of org.spongycastle.asn1.DEROctetString in project xipki by xipki.
the class CmpResponder method processPkiMessage.
public PKIMessage processPkiMessage(PKIMessage pkiMessage, X509Certificate tlsClientCert, AuditEvent event) {
ParamUtil.requireNonNull("pkiMessage", pkiMessage);
ParamUtil.requireNonNull("event", event);
GeneralPKIMessage message = new GeneralPKIMessage(pkiMessage);
PKIHeader reqHeader = message.getHeader();
ASN1OctetString tid = reqHeader.getTransactionID();
String msgId = null;
if (event != null) {
msgId = RandomUtil.nextHexLong();
event.addEventData(CaAuditConstants.NAME_mid, msgId);
}
if (tid == null) {
byte[] randomBytes = randomTransactionId();
tid = new DEROctetString(randomBytes);
}
String tidStr = Base64.encodeToString(tid.getOctets());
if (event != null) {
event.addEventData(CaAuditConstants.NAME_tid, tidStr);
}
int reqPvno = reqHeader.getPvno().getValue().intValue();
if (reqPvno != PVNO_CMP2000) {
if (event != null) {
event.setLevel(AuditLevel.INFO);
event.setStatus(AuditStatus.FAILED);
event.addEventData(CaAuditConstants.NAME_message, "unsupproted version " + reqPvno);
}
return buildErrorPkiMessage(tid, reqHeader, PKIFailureInfo.unsupportedVersion, null);
}
CmpControl cmpControl = getCmpControl();
Integer failureCode = null;
String statusText = null;
Date messageTime = null;
if (reqHeader.getMessageTime() != null) {
try {
messageTime = reqHeader.getMessageTime().getDate();
} catch (ParseException ex) {
LogUtil.error(LOG, ex, "tid=" + tidStr + ": could not parse messageTime");
}
}
GeneralName recipient = reqHeader.getRecipient();
boolean intentMe = (recipient == null) ? true : intendsMe(recipient);
if (!intentMe) {
LOG.warn("tid={}: I am not the intended recipient, but '{}'", tid, reqHeader.getRecipient());
failureCode = PKIFailureInfo.badRequest;
statusText = "I am not the intended recipient";
} else if (messageTime == null) {
if (cmpControl.isMessageTimeRequired()) {
failureCode = PKIFailureInfo.missingTimeStamp;
statusText = "missing time-stamp";
}
} else {
long messageTimeBias = cmpControl.getMessageTimeBias();
if (messageTimeBias < 0) {
messageTimeBias *= -1;
}
long msgTimeMs = messageTime.getTime();
long currentTimeMs = System.currentTimeMillis();
long bias = (msgTimeMs - currentTimeMs) / 1000L;
if (bias > messageTimeBias) {
failureCode = PKIFailureInfo.badTime;
statusText = "message time is in the future";
} else if (bias * -1 > messageTimeBias) {
failureCode = PKIFailureInfo.badTime;
statusText = "message too old";
}
}
if (failureCode != null) {
if (event != null) {
event.setLevel(AuditLevel.INFO);
event.setStatus(AuditStatus.FAILED);
event.addEventData(CaAuditConstants.NAME_message, statusText);
}
return buildErrorPkiMessage(tid, reqHeader, failureCode, statusText);
}
boolean isProtected = message.hasProtection();
CmpRequestorInfo requestor;
String errorStatus;
if (isProtected) {
try {
ProtectionVerificationResult verificationResult = verifyProtection(tidStr, message, cmpControl);
ProtectionResult pr = verificationResult.getProtectionResult();
switch(pr) {
case VALID:
errorStatus = null;
break;
case INVALID:
errorStatus = "request is protected by signature but invalid";
break;
case NOT_SIGNATURE_BASED:
errorStatus = "request is not protected by signature";
break;
case SENDER_NOT_AUTHORIZED:
errorStatus = "request is protected by signature but the requestor is not authorized";
break;
case SIGALGO_FORBIDDEN:
errorStatus = "request is protected by signature but the protection algorithm" + " is forbidden";
break;
default:
throw new RuntimeException("should not reach here, unknown ProtectionResult " + pr);
}
// end switch
requestor = (CmpRequestorInfo) verificationResult.getRequestor();
} catch (Exception ex) {
LogUtil.error(LOG, ex, "tid=" + tidStr + ": could not verify the signature");
errorStatus = "request has invalid signature based protection";
requestor = null;
}
} else if (tlsClientCert != null) {
boolean authorized = false;
requestor = getRequestor(reqHeader);
if (requestor != null) {
if (tlsClientCert.equals(requestor.getCert().getCert())) {
authorized = true;
}
}
if (authorized) {
errorStatus = null;
} else {
LOG.warn("tid={}: not authorized requestor (TLS client '{}')", tid, X509Util.getRfc4519Name(tlsClientCert.getSubjectX500Principal()));
errorStatus = "requestor (TLS client certificate) is not authorized";
}
} else {
errorStatus = "request has no protection";
requestor = null;
}
if (errorStatus != null) {
if (event != null) {
event.setLevel(AuditLevel.INFO);
event.setStatus(AuditStatus.FAILED);
event.addEventData(CaAuditConstants.NAME_message, errorStatus);
}
return buildErrorPkiMessage(tid, reqHeader, PKIFailureInfo.badMessageCheck, errorStatus);
}
PKIMessage resp = processPkiMessage0(pkiMessage, requestor, tid, message, msgId, event);
if (isProtected) {
resp = addProtection(resp, event);
} else {
// protected by TLS connection
}
return resp;
}
use of org.spongycastle.asn1.DEROctetString in project keepass2android by PhilippC.
the class ASN1Dump method _dumpAsString.
/**
* dump a DER object as a formatted string with indentation
*
* @param obj the DERObject to be dumped out.
*/
static void _dumpAsString(String indent, boolean verbose, DERObject obj, StringBuffer buf) {
String nl = System.getProperty("line.separator");
if (obj instanceof ASN1Sequence) {
Enumeration e = ((ASN1Sequence) obj).getObjects();
String tab = indent + TAB;
buf.append(indent);
if (obj instanceof BERConstructedSequence) {
buf.append("BER ConstructedSequence");
} else if (obj instanceof DERConstructedSequence) {
buf.append("DER ConstructedSequence");
} else if (obj instanceof BERSequence) {
buf.append("BER Sequence");
} else if (obj instanceof DERSequence) {
buf.append("DER Sequence");
} else {
buf.append("Sequence");
}
buf.append(nl);
while (e.hasMoreElements()) {
Object o = e.nextElement();
if (o == null || o.equals(new DERNull())) {
buf.append(tab);
buf.append("NULL");
buf.append(nl);
} else if (o instanceof DERObject) {
_dumpAsString(tab, verbose, (DERObject) o, buf);
} else {
_dumpAsString(tab, verbose, ((DEREncodable) o).getDERObject(), buf);
}
}
} else if (obj instanceof DERTaggedObject) {
String tab = indent + TAB;
buf.append(indent);
if (obj instanceof BERTaggedObject) {
buf.append("BER Tagged [");
} else {
buf.append("Tagged [");
}
DERTaggedObject o = (DERTaggedObject) obj;
buf.append(Integer.toString(o.getTagNo()));
buf.append(']');
if (!o.isExplicit()) {
buf.append(" IMPLICIT ");
}
buf.append(nl);
if (o.isEmpty()) {
buf.append(tab);
buf.append("EMPTY");
buf.append(nl);
} else {
_dumpAsString(tab, verbose, o.getObject(), buf);
}
} else if (obj instanceof DERConstructedSet) {
Enumeration e = ((ASN1Set) obj).getObjects();
String tab = indent + TAB;
buf.append(indent);
buf.append("ConstructedSet");
buf.append(nl);
while (e.hasMoreElements()) {
Object o = e.nextElement();
if (o == null) {
buf.append(tab);
buf.append("NULL");
buf.append(nl);
} else if (o instanceof DERObject) {
_dumpAsString(tab, verbose, (DERObject) o, buf);
} else {
_dumpAsString(tab, verbose, ((DEREncodable) o).getDERObject(), buf);
}
}
} else if (obj instanceof BERSet) {
Enumeration e = ((ASN1Set) obj).getObjects();
String tab = indent + TAB;
buf.append(indent);
buf.append("BER Set");
buf.append(nl);
while (e.hasMoreElements()) {
Object o = e.nextElement();
if (o == null) {
buf.append(tab);
buf.append("NULL");
buf.append(nl);
} else if (o instanceof DERObject) {
_dumpAsString(tab, verbose, (DERObject) o, buf);
} else {
_dumpAsString(tab, verbose, ((DEREncodable) o).getDERObject(), buf);
}
}
} else if (obj instanceof DERSet) {
Enumeration e = ((ASN1Set) obj).getObjects();
String tab = indent + TAB;
buf.append(indent);
buf.append("DER Set");
buf.append(nl);
while (e.hasMoreElements()) {
Object o = e.nextElement();
if (o == null) {
buf.append(tab);
buf.append("NULL");
buf.append(nl);
} else if (o instanceof DERObject) {
_dumpAsString(tab, verbose, (DERObject) o, buf);
} else {
_dumpAsString(tab, verbose, ((DEREncodable) o).getDERObject(), buf);
}
}
} else if (obj instanceof DERObjectIdentifier) {
buf.append(indent + "ObjectIdentifier(" + ((DERObjectIdentifier) obj).getId() + ")" + nl);
} else if (obj instanceof DERBoolean) {
buf.append(indent + "Boolean(" + ((DERBoolean) obj).isTrue() + ")" + nl);
} else if (obj instanceof DERInteger) {
buf.append(indent + "Integer(" + ((DERInteger) obj).getValue() + ")" + nl);
} else if (obj instanceof BERConstructedOctetString) {
ASN1OctetString oct = (ASN1OctetString) obj;
buf.append(indent + "BER Constructed Octet String" + "[" + oct.getOctets().length + "] ");
if (verbose) {
buf.append(dumpBinaryDataAsString(indent, oct.getOctets()));
} else {
buf.append(nl);
}
} else if (obj instanceof DEROctetString) {
ASN1OctetString oct = (ASN1OctetString) obj;
buf.append(indent + "DER Octet String" + "[" + oct.getOctets().length + "] ");
if (verbose) {
buf.append(dumpBinaryDataAsString(indent, oct.getOctets()));
} else {
buf.append(nl);
}
} else if (obj instanceof DERBitString) {
DERBitString bt = (DERBitString) obj;
buf.append(indent + "DER Bit String" + "[" + bt.getBytes().length + ", " + bt.getPadBits() + "] ");
if (verbose) {
buf.append(dumpBinaryDataAsString(indent, bt.getBytes()));
} else {
buf.append(nl);
}
} else if (obj instanceof DERIA5String) {
buf.append(indent + "IA5String(" + ((DERIA5String) obj).getString() + ") " + nl);
} else if (obj instanceof DERUTF8String) {
buf.append(indent + "UTF8String(" + ((DERUTF8String) obj).getString() + ") " + nl);
} else if (obj instanceof DERPrintableString) {
buf.append(indent + "PrintableString(" + ((DERPrintableString) obj).getString() + ") " + nl);
} else if (obj instanceof DERVisibleString) {
buf.append(indent + "VisibleString(" + ((DERVisibleString) obj).getString() + ") " + nl);
} else if (obj instanceof DERBMPString) {
buf.append(indent + "BMPString(" + ((DERBMPString) obj).getString() + ") " + nl);
} else if (obj instanceof DERT61String) {
buf.append(indent + "T61String(" + ((DERT61String) obj).getString() + ") " + nl);
} else if (obj instanceof DERUTCTime) {
buf.append(indent + "UTCTime(" + ((DERUTCTime) obj).getTime() + ") " + nl);
} else if (obj instanceof DERGeneralizedTime) {
buf.append(indent + "GeneralizedTime(" + ((DERGeneralizedTime) obj).getTime() + ") " + nl);
} else if (obj instanceof DERUnknownTag) {
buf.append(indent + "Unknown " + Integer.toString(((DERUnknownTag) obj).getTag(), 16) + " " + new String(Hex.encode(((DERUnknownTag) obj).getData())) + nl);
} else if (obj instanceof BERApplicationSpecific) {
buf.append(outputApplicationSpecific("BER", indent, verbose, obj, nl));
} else if (obj instanceof DERApplicationSpecific) {
buf.append(outputApplicationSpecific("DER", indent, verbose, obj, nl));
} else if (obj instanceof DEREnumerated) {
DEREnumerated en = (DEREnumerated) obj;
buf.append(indent + "DER Enumerated(" + en.getValue() + ")" + nl);
} else if (obj instanceof DERExternal) {
DERExternal ext = (DERExternal) obj;
buf.append(indent + "External " + nl);
String tab = indent + TAB;
if (ext.getDirectReference() != null) {
buf.append(tab + "Direct Reference: " + ext.getDirectReference().getId() + nl);
}
if (ext.getIndirectReference() != null) {
buf.append(tab + "Indirect Reference: " + ext.getIndirectReference().toString() + nl);
}
if (ext.getDataValueDescriptor() != null) {
_dumpAsString(tab, verbose, ext.getDataValueDescriptor(), buf);
}
buf.append(tab + "Encoding: " + ext.getEncoding() + nl);
_dumpAsString(tab, verbose, ext.getExternalContent(), buf);
} else {
buf.append(indent + obj.toString() + nl);
}
}
use of org.spongycastle.asn1.DEROctetString in project android_packages_apps_Settings by crdroidandroid.
the class CertInstallerHelper method isCa.
private boolean isCa(X509Certificate cert) {
try {
byte[] asn1EncodedBytes = cert.getExtensionValue("2.5.29.19");
if (asn1EncodedBytes == null) {
return false;
}
DEROctetString derOctetString = (DEROctetString) new ASN1InputStream(asn1EncodedBytes).readObject();
byte[] octets = derOctetString.getOctets();
ASN1Sequence sequence = (ASN1Sequence) new ASN1InputStream(octets).readObject();
return BasicConstraints.getInstance(sequence).isCA();
} catch (IOException e) {
return false;
}
}
use of org.spongycastle.asn1.DEROctetString in project certmgr by hdecarne.
the class IPAddressName method encode.
@Override
public ASN1Encodable encode() throws IOException {
byte[] addressBytes = this.address.getAddress();
byte[] netmaskBytes = (this.netmask != null ? this.netmask.getAddress() : new byte[0]);
byte[] encodedBytes = new byte[addressBytes.length + netmaskBytes.length];
System.arraycopy(addressBytes, 0, encodedBytes, 0, addressBytes.length);
System.arraycopy(netmaskBytes, 0, encodedBytes, addressBytes.length, netmaskBytes.length);
return new DERTaggedObject(false, getType().value(), new DEROctetString(encodedBytes));
}
Aggregations