Examples with DEROctetString org.spongycastle.asn1.DEROctetString used on opensource projects

Search in sources :

Example 31 with DEROctetString

use of org.spongycastle.asn1.DEROctetString in project signer by demoiselle.

the class BasicCertificate method getAuthorityKeyIdentifier.

/**
 * @return the authority key identifier of a certificate
 * @throws IOException exception
 */
public String getAuthorityKeyIdentifier() throws IOException {
    // TODO - Precisa validar este metodo com a RFC
    DLSequence sequence = (DLSequence) getExtensionValue(Extension.authorityKeyIdentifier.getId());
    if (sequence == null || sequence.size() == 0) {
        return null;
    }
    DERTaggedObject taggedObject = (DERTaggedObject) sequence.getObjectAt(0);
    DEROctetString oct = (DEROctetString) taggedObject.getObject();
    return toString(oct.getOctets());
}
Also used : DLSequence(org.bouncycastle.asn1.DLSequence) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 32 with DEROctetString

use of org.spongycastle.asn1.DEROctetString in project candlepin by candlepin.

the class BouncyCastlePKIUtility method createX509Certificate.

@Override
public X509Certificate createX509Certificate(String dn, Set<X509ExtensionWrapper> extensions, Set<X509ByteExtensionWrapper> byteExtensions, Date startDate, Date endDate, KeyPair clientKeyPair, BigInteger serialNumber, String alternateName) throws GeneralSecurityException, IOException {
    X509Certificate caCert = reader.getCACert();
    byte[] publicKeyEncoded = clientKeyPair.getPublic().getEncoded();
    X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(X500Name.getInstance(caCert.getSubjectX500Principal().getEncoded()), serialNumber, startDate, endDate, new X500Name(dn), SubjectPublicKeyInfo.getInstance(publicKeyEncoded));
    // set key usage - required for proper x509 function
    KeyUsage keyUsage = new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment);
    // add SSL extensions - required for proper x509 function
    NetscapeCertType certType = new NetscapeCertType(NetscapeCertType.sslClient | NetscapeCertType.smime);
    certGen.addExtension(MiscObjectIdentifiers.netscapeCertType, false, certType);
    certGen.addExtension(Extension.keyUsage, false, keyUsage);
    JcaX509ExtensionUtils extensionUtil = new JcaX509ExtensionUtils();
    AuthorityKeyIdentifier aki = extensionUtil.createAuthorityKeyIdentifier(caCert);
    certGen.addExtension(Extension.authorityKeyIdentifier, false, aki.getEncoded());
    certGen.addExtension(Extension.subjectKeyIdentifier, false, subjectKeyWriter.getSubjectKeyIdentifier(clientKeyPair, extensions));
    certGen.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth));
    // Add an additional alternative name if provided.
    if (alternateName != null) {
        /*
             Why add the certificate subject again as an alternative name?  RFC 6125 Section 6.4.4
             stipulates that if SANs are provided, a validator MUST use them instead of the certificate
             subject.  If no SANs are present, the RFC allows the validator to use the subject field.  So,
             if we do have an SAN to add, we need to add the subject field again as an SAN.

             See http://stackoverflow.com/questions/5935369 and
             https://tools.ietf.org/html/rfc6125#section-6.4.4 and

             NB: These extensions should *not* be marked critical since the subject field is not empty.
            */
        GeneralName subject = new GeneralName(GeneralName.directoryName, dn);
        GeneralName name = new GeneralName(GeneralName.directoryName, "CN=" + alternateName);
        ASN1Encodable[] altNameArray = { subject, name };
        GeneralNames altNames = GeneralNames.getInstance(new DERSequence(altNameArray));
        certGen.addExtension(Extension.subjectAlternativeName, false, altNames);
    }
    if (extensions != null) {
        for (X509ExtensionWrapper wrapper : extensions) {
            // Bouncycastle hates null values. So, set them to blank
            // if they are null
            String value = wrapper.getValue() == null ? "" : wrapper.getValue();
            certGen.addExtension(wrapper.toASN1Primitive(), wrapper.isCritical(), new DERUTF8String(value));
        }
    }
    if (byteExtensions != null) {
        for (X509ByteExtensionWrapper wrapper : byteExtensions) {
            // Bouncycastle hates null values. So, set them to blank
            // if they are null
            byte[] value = wrapper.getValue() == null ? new byte[0] : wrapper.getValue();
            certGen.addExtension(wrapper.toASN1Primitive(), wrapper.isCritical(), new DEROctetString(value));
        }
    }
    JcaContentSignerBuilder builder = new JcaContentSignerBuilder(SIGNATURE_ALGO).setProvider(BC_PROVIDER);
    ContentSigner signer;
    try {
        signer = builder.build(reader.getCaKey());
    } catch (OperatorCreationException e) {
        throw new IOException(e);
    }
    // Generate the certificate
    return new JcaX509CertificateConverter().getCertificate(certGen.build(signer));
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) X500Name(org.bouncycastle.asn1.x500.X500Name) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERSequence(org.bouncycastle.asn1.DERSequence) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) NetscapeCertType(org.bouncycastle.asn1.misc.NetscapeCertType) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) X509ByteExtensionWrapper(org.candlepin.pki.X509ByteExtensionWrapper) X509ExtensionWrapper(org.candlepin.pki.X509ExtensionWrapper) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)

Example 33 with DEROctetString

use of org.spongycastle.asn1.DEROctetString in project candlepin by candlepin.

the class BouncyCastlePKIUtility method decodeDERValue.

@Override
public String decodeDERValue(byte[] value) {
    ASN1InputStream vis = null;
    ASN1InputStream decoded = null;
    try {
        vis = new ASN1InputStream(value);
        decoded = new ASN1InputStream(((DEROctetString) vis.readObject()).getOctets());
        return decoded.readObject().toString();
    } catch (IOException e) {
        throw new RuntimeException(e);
    } finally {
        if (vis != null) {
            try {
                vis.close();
            } catch (IOException e) {
                log.warn("failed to close ASN1 stream", e);
            }
        }
        if (decoded != null) {
            try {
                decoded.close();
            } catch (IOException e) {
                log.warn("failed to close ASN1 stream", e);
            }
        }
    }
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) IOException(java.io.IOException) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 34 with DEROctetString

use of org.spongycastle.asn1.DEROctetString in project jruby-openssl by jruby.

the class EncContent method fromASN1.

/**
 * EncryptedContentInfo ::= SEQUENCE {
 *   contentType ContentType,
 *   contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
 *   encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }
 *
 * EncryptedContent ::= OCTET STRING
 */
public static EncContent fromASN1(final ASN1Encodable content) {
    final ASN1Sequence sequence = (ASN1Sequence) content;
    ASN1ObjectIdentifier contentType = (ASN1ObjectIdentifier) (sequence.getObjectAt(0));
    final EncContent ec = new EncContent();
    ec.setContentType(ASN1Registry.oid2nid(contentType));
    ec.setAlgorithm(AlgorithmIdentifier.getInstance(sequence.getObjectAt(1)));
    if (sequence.size() > 2 && sequence.getObjectAt(2) instanceof ASN1TaggedObject && ((ASN1TaggedObject) (sequence.getObjectAt(2))).getTagNo() == 0) {
        ASN1Encodable ee = ((ASN1TaggedObject) (sequence.getObjectAt(2))).getObject();
        if (ee instanceof ASN1Sequence && ((ASN1Sequence) ee).size() > 0) {
            ByteList combinedOctets = new ByteList();
            Enumeration enm = ((ASN1Sequence) ee).getObjects();
            while (enm.hasMoreElements()) {
                byte[] octets = ((ASN1OctetString) enm.nextElement()).getOctets();
                combinedOctets.append(octets);
            }
            ec.setEncData(new DEROctetString(combinedOctets.bytes()));
        } else {
            ec.setEncData((ASN1OctetString) ee);
        }
    }
    return ec;
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ByteList(org.jruby.util.ByteList) Enumeration(java.util.Enumeration) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 35 with DEROctetString

use of org.spongycastle.asn1.DEROctetString in project jruby-openssl by jruby.

the class X509Utils method checkIfIssuedBy.

/**
 * c: X509_check_issued
 */
public static int checkIfIssuedBy(final X509AuxCertificate issuer, final X509AuxCertificate subject) throws IOException {
    if (!issuer.getSubjectX500Principal().equals(subject.getIssuerX500Principal())) {
        return V_ERR_SUBJECT_ISSUER_MISMATCH;
    }
    if (subject.getExtensionValue("2.5.29.35") != null) {
        // authorityKeyID
        // I hate ASN1 and DER
        Object key = get(subject.getExtensionValue("2.5.29.35"));
        if (!(key instanceof ASN1Sequence))
            key = get((DEROctetString) key);
        final ASN1Sequence seq = (ASN1Sequence) key;
        final AuthorityKeyIdentifier sakid;
        if (seq.size() == 1 && (seq.getObjectAt(0) instanceof ASN1OctetString)) {
            sakid = AuthorityKeyIdentifier.getInstance(new DLSequence(new DERTaggedObject(0, seq.getObjectAt(0))));
        } else {
            sakid = AuthorityKeyIdentifier.getInstance(seq);
        }
        if (sakid.getKeyIdentifier() != null) {
            if (issuer.getExtensionValue("2.5.29.14") != null) {
                DEROctetString der = (DEROctetString) get(issuer.getExtensionValue("2.5.29.14"));
                SubjectKeyIdentifier iskid = SubjectKeyIdentifier.getInstance(get(der.getOctets()));
                if (iskid.getKeyIdentifier() != null) {
                    if (!Arrays.equals(sakid.getKeyIdentifier(), iskid.getKeyIdentifier())) {
                        return V_ERR_AKID_SKID_MISMATCH;
                    }
                }
            }
        }
        final BigInteger serialNumber = sakid.getAuthorityCertSerialNumber();
        if (serialNumber != null && !serialNumber.equals(issuer.getSerialNumber())) {
            return V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
        }
        if (sakid.getAuthorityCertIssuer() != null) {
            GeneralName[] gens = sakid.getAuthorityCertIssuer().getNames();
            X500Name x500Name = null;
            for (int i = 0; i < gens.length; i++) {
                if (gens[i].getTagNo() == GeneralName.directoryName) {
                    ASN1Encodable name = gens[i].getName();
                    if (name instanceof X500Name) {
                        x500Name = (X500Name) name;
                    } else if (name instanceof ASN1Sequence) {
                        x500Name = X500Name.getInstance((ASN1Sequence) name);
                    } else {
                        throw new RuntimeException("unknown name type: " + name);
                    }
                    break;
                }
            }
            if (x500Name != null) {
                if (!new Name(x500Name).equalTo(issuer.getIssuerX500Principal())) {
                    return V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
                }
            }
        }
    }
    final boolean[] keyUsage = issuer.getKeyUsage();
    if (subject.getExtensionValue("1.3.6.1.5.5.7.1.14") != null) {
        if (keyUsage != null && !keyUsage[0]) {
            // KU_DIGITAL_SIGNATURE
            return V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
        }
    } else if (keyUsage != null && !keyUsage[5]) {
        // KU_KEY_CERT_SIGN
        return V_ERR_KEYUSAGE_NO_CERTSIGN;
    }
    return V_OK;
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier) X500Name(org.bouncycastle.asn1.x500.X500Name) DEROctetString(org.bouncycastle.asn1.DEROctetString) GeneralName(org.bouncycastle.asn1.x509.GeneralName) X500Name(org.bouncycastle.asn1.x500.X500Name) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DLSequence(org.bouncycastle.asn1.DLSequence) BigInteger(java.math.BigInteger) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)

Aggregations

DEROctetString (org.bouncycastle.asn1.DEROctetString)84 IOException (java.io.IOException)38 DERSequence (org.bouncycastle.asn1.DERSequence)29 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)28 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)26 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)21 DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)19 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)18 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)16 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)16 Extension (org.bouncycastle.asn1.x509.Extension)16 BigInteger (java.math.BigInteger)13 Date (java.util.Date)11 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)11 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)11 DERSet (org.bouncycastle.asn1.DERSet)10 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)10 Extensions (org.bouncycastle.asn1.x509.Extensions)10 X509Certificate (java.security.cert.X509Certificate)8 ArrayList (java.util.ArrayList)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial