use of sun.security.pkcs.PKCS9Attribute in project jdk8u_jdk by JetBrains.
the class TimestampCheck method checkTimestamp.
static void checkTimestamp(String file, String policyId, String digestAlg) throws Exception {
try (JarFile jf = new JarFile(file)) {
JarEntry je = jf.getJarEntry("META-INF/OLD.RSA");
try (InputStream is = jf.getInputStream(je)) {
byte[] content = IOUtils.readFully(is, -1, true);
PKCS7 p7 = new PKCS7(content);
SignerInfo[] si = p7.getSignerInfos();
if (si == null || si.length == 0) {
throw new Exception("Not signed");
}
PKCS9Attribute p9 = si[0].getUnauthenticatedAttributes().getAttribute(PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID);
PKCS7 tsToken = new PKCS7((byte[]) p9.getValue());
TimestampToken tt = new TimestampToken(tsToken.getContentInfo().getData());
if (!tt.getHashAlgorithm().toString().equals(digestAlg)) {
throw new Exception("Digest alg different");
}
if (!tt.getPolicyID().equals(policyId)) {
throw new Exception("policyId different");
}
}
}
}
use of sun.security.pkcs.PKCS9Attribute in project jdk8u_jdk by JetBrains.
the class Pair method doPrintCertReq.
private void doPrintCertReq(InputStream in, PrintStream out) throws Exception {
BufferedReader reader = new BufferedReader(new InputStreamReader(in));
StringBuffer sb = new StringBuffer();
boolean started = false;
while (true) {
String s = reader.readLine();
if (s == null)
break;
if (!started) {
if (s.startsWith("-----")) {
started = true;
}
} else {
if (s.startsWith("-----")) {
break;
}
sb.append(s);
}
}
PKCS10 req = new PKCS10(Pem.decode(new String(sb)));
PublicKey pkey = req.getSubjectPublicKeyInfo();
out.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."), req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm());
for (PKCS10Attribute attr : req.getAttributes().getAttributes()) {
ObjectIdentifier oid = attr.getAttributeId();
if (oid.equals((Object) PKCS9Attribute.EXTENSION_REQUEST_OID)) {
CertificateExtensions exts = (CertificateExtensions) attr.getAttributeValue();
if (exts != null) {
printExtensions(rb.getString("Extension.Request."), exts, out);
}
} else {
out.println("Attribute: " + attr.getAttributeId());
PKCS9Attribute pkcs9Attr = new PKCS9Attribute(attr.getAttributeId(), attr.getAttributeValue());
out.print(pkcs9Attr.getName() + ": ");
Object attrVal = attr.getAttributeValue();
out.println(attrVal instanceof String[] ? Arrays.toString((String[]) attrVal) : attrVal);
}
}
if (debug) {
// Just to see more, say, public key length...
out.println(req);
}
}
use of sun.security.pkcs.PKCS9Attribute in project jdk8u_jdk by JetBrains.
the class PKCS10Attribute method derEncode.
/**
* DER encode this object onto an output stream.
* Implements the <code>DerEncoder</code> interface.
*
* @param out
* the OutputStream on which to write the DER encoding.
*
* @exception IOException on encoding errors.
*/
public void derEncode(OutputStream out) throws IOException {
PKCS9Attribute attr = new PKCS9Attribute(attributeId, attributeValue);
attr.derEncode(out);
}
use of sun.security.pkcs.PKCS9Attribute in project jdk8u_jdk by JetBrains.
the class UnknownAttribute method main.
public static void main(String[] args) throws Exception {
// Unknown attr
PKCS9Attribute p1 = new PKCS9Attribute(PKCS9Attribute.CHALLENGE_PASSWORD_STR, "t0p5ecr3t");
if (!p1.isKnown()) {
throw new Exception();
}
// Unknown attr from DER
byte[] data = { // SEQUENCE OF
0x30, // SEQUENCE OF
0x08, // OID 1.2.3 and
0x06, // OID 1.2.3 and
0x02, // OID 1.2.3 and
0x2A, // OID 1.2.3 and
0x03, // an empty SET
0x31, // an empty SET
0x02, // an empty SET
0x05, // an empty SET
0x00 };
PKCS9Attribute p2 = new PKCS9Attribute(new DerValue(data));
if (p2.isKnown()) {
throw new Exception();
}
ByteArrayOutputStream bout = new ByteArrayOutputStream();
p2.derEncode(bout);
new HexDumpEncoder().encodeBuffer(bout.toByteArray(), System.err);
if (!Arrays.equals(data, bout.toByteArray())) {
throw new Exception();
}
// Unknown attr from value
try {
new PKCS9Attribute(new ObjectIdentifier("1.2.3"), "hello");
throw new Exception();
} catch (IllegalArgumentException iae) {
// Good. Unknown attr must have byte[] value type
}
PKCS9Attribute p3 = new PKCS9Attribute(new ObjectIdentifier("1.2.3"), new byte[] { 0x31, 0x02, 0x05, 0x00 });
if (p3.isKnown()) {
throw new Exception();
}
bout = new ByteArrayOutputStream();
p3.derEncode(bout);
if (!Arrays.equals(data, bout.toByteArray())) {
throw new Exception();
}
}
use of sun.security.pkcs.PKCS9Attribute in project jdk8u_jdk by JetBrains.
the class NonStandardNames method main.
public static void main(String[] args) throws Exception {
byte[] data = "Hello".getBytes();
X500Name n = new X500Name("cn=Me");
CertAndKeyGen cakg = new CertAndKeyGen("RSA", "SHA256withRSA");
cakg.generate(1024);
X509Certificate cert = cakg.getSelfCertificate(n, 1000);
MessageDigest md = MessageDigest.getInstance("SHA-256");
PKCS9Attributes authed = new PKCS9Attributes(new PKCS9Attribute[] { new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID, ContentInfo.DATA_OID), new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID, md.digest(data)) });
Signature s = Signature.getInstance("SHA256withRSA");
s.initSign(cakg.getPrivateKey());
s.update(authed.getDerEncoding());
byte[] sig = s.sign();
SignerInfo signerInfo = new SignerInfo(n, cert.getSerialNumber(), AlgorithmId.get("SHA-256"), authed, AlgorithmId.get("SHA256withRSA"), sig, null);
PKCS7 pkcs7 = new PKCS7(new AlgorithmId[] { signerInfo.getDigestAlgorithmId() }, new ContentInfo(data), new X509Certificate[] { cert }, new SignerInfo[] { signerInfo });
if (pkcs7.verify(signerInfo, data) == null) {
throw new Exception("Not verified");
}
}
Aggregations