Example 1 with PKCS9Attribute
use of sun.security.pkcs.PKCS9Attribute in project jdk8u_jdk by JetBrains.
the class TimestampCheck method checkTimestamp.
static void checkTimestamp(String file, String policyId, String digestAlg) throws Exception {
try (JarFile jf = new JarFile(file)) {
JarEntry je = jf.getJarEntry("META-INF/OLD.RSA");
try (InputStream is = jf.getInputStream(je)) {
byte[] content = IOUtils.readFully(is, -1, true);
PKCS7 p7 = new PKCS7(content);
SignerInfo[] si = p7.getSignerInfos();
if (si == null || si.length == 0) {
throw new Exception("Not signed");
}
PKCS9Attribute p9 = si[0].getUnauthenticatedAttributes().getAttribute(PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID);
PKCS7 tsToken = new PKCS7((byte[]) p9.getValue());
TimestampToken tt = new TimestampToken(tsToken.getContentInfo().getData());
if (!tt.getHashAlgorithm().toString().equals(digestAlg)) {
throw new Exception("Digest alg different");
}
if (!tt.getPolicyID().equals(policyId)) {
throw new Exception("policyId different");
}
}
}
}
Also used :
SignerInfo(sun.security.pkcs.SignerInfo)
PKCS9Attribute(sun.security.pkcs.PKCS9Attribute)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
PKCS7(sun.security.pkcs.PKCS7)
JarFile(java.util.jar.JarFile)
JarEntry(java.util.jar.JarEntry)
IOException(java.io.IOException)
TimestampToken(sun.security.timestamp.TimestampToken)
Example 2 with PKCS9Attribute
use of sun.security.pkcs.PKCS9Attribute in project jdk8u_jdk by JetBrains.
the class Pair method doPrintCertReq.
private void doPrintCertReq(InputStream in, PrintStream out) throws Exception {
BufferedReader reader = new BufferedReader(new InputStreamReader(in));
StringBuffer sb = new StringBuffer();
boolean started = false;
while (true) {
String s = reader.readLine();
if (s == null)
break;
if (!started) {
if (s.startsWith("-----")) {
started = true;
}
} else {
if (s.startsWith("-----")) {
break;
}
sb.append(s);
}
}
PKCS10 req = new PKCS10(Pem.decode(new String(sb)));
PublicKey pkey = req.getSubjectPublicKeyInfo();
out.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."), req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm());
for (PKCS10Attribute attr : req.getAttributes().getAttributes()) {
ObjectIdentifier oid = attr.getAttributeId();
if (oid.equals((Object) PKCS9Attribute.EXTENSION_REQUEST_OID)) {
CertificateExtensions exts = (CertificateExtensions) attr.getAttributeValue();
if (exts != null) {
printExtensions(rb.getString("Extension.Request."), exts, out);
}
} else {
out.println("Attribute: " + attr.getAttributeId());
PKCS9Attribute pkcs9Attr = new PKCS9Attribute(attr.getAttributeId(), attr.getAttributeValue());
out.print(pkcs9Attr.getName() + ": ");
Object attrVal = attr.getAttributeValue();
out.println(attrVal instanceof String[] ? Arrays.toString((String[]) attrVal) : attrVal);
}
}
if (debug) {
// Just to see more, say, public key length...
out.println(req);
}
}
Also used :
PKCS10Attribute(sun.security.pkcs10.PKCS10Attribute)
PKCS9Attribute(sun.security.pkcs.PKCS9Attribute)
PublicKey(java.security.PublicKey)
PKCS10(sun.security.pkcs10.PKCS10)
ObjectIdentifier(sun.security.util.ObjectIdentifier)
Example 3 with PKCS9Attribute
use of sun.security.pkcs.PKCS9Attribute in project jdk8u_jdk by JetBrains.
the class PKCS10Attribute method derEncode.
/**
* DER encode this object onto an output stream.
* Implements the <code>DerEncoder</code> interface.
*
* @param out
* the OutputStream on which to write the DER encoding.
*
* @exception IOException on encoding errors.
*/
public void derEncode(OutputStream out) throws IOException {
PKCS9Attribute attr = new PKCS9Attribute(attributeId, attributeValue);
attr.derEncode(out);
}
Also used :
PKCS9Attribute(sun.security.pkcs.PKCS9Attribute)
Example 4 with PKCS9Attribute
use of sun.security.pkcs.PKCS9Attribute in project jdk8u_jdk by JetBrains.
the class UnknownAttribute method main.
public static void main(String[] args) throws Exception {
// Unknown attr
PKCS9Attribute p1 = new PKCS9Attribute(PKCS9Attribute.CHALLENGE_PASSWORD_STR, "t0p5ecr3t");
if (!p1.isKnown()) {
throw new Exception();
}
// Unknown attr from DER
byte[] data = { // SEQUENCE OF
0x30, // SEQUENCE OF
0x08, // OID 1.2.3 and
0x06, // OID 1.2.3 and
0x02, // OID 1.2.3 and
0x2A, // OID 1.2.3 and
0x03, // an empty SET
0x31, // an empty SET
0x02, // an empty SET
0x05, // an empty SET
0x00 };
PKCS9Attribute p2 = new PKCS9Attribute(new DerValue(data));
if (p2.isKnown()) {
throw new Exception();
}
ByteArrayOutputStream bout = new ByteArrayOutputStream();
p2.derEncode(bout);
new HexDumpEncoder().encodeBuffer(bout.toByteArray(), System.err);
if (!Arrays.equals(data, bout.toByteArray())) {
throw new Exception();
}
// Unknown attr from value
try {
new PKCS9Attribute(new ObjectIdentifier("1.2.3"), "hello");
throw new Exception();
} catch (IllegalArgumentException iae) {
// Good. Unknown attr must have byte[] value type
}
PKCS9Attribute p3 = new PKCS9Attribute(new ObjectIdentifier("1.2.3"), new byte[] { 0x31, 0x02, 0x05, 0x00 });
if (p3.isKnown()) {
throw new Exception();
}
bout = new ByteArrayOutputStream();
p3.derEncode(bout);
if (!Arrays.equals(data, bout.toByteArray())) {
throw new Exception();
}
}
Also used :
PKCS9Attribute(sun.security.pkcs.PKCS9Attribute)
HexDumpEncoder(sun.misc.HexDumpEncoder)
DerValue(sun.security.util.DerValue)
ObjectIdentifier(sun.security.util.ObjectIdentifier)
Example 5 with PKCS9Attribute
use of sun.security.pkcs.PKCS9Attribute in project jdk8u_jdk by JetBrains.
the class NonStandardNames method main.
public static void main(String[] args) throws Exception {
byte[] data = "Hello".getBytes();
X500Name n = new X500Name("cn=Me");
CertAndKeyGen cakg = new CertAndKeyGen("RSA", "SHA256withRSA");
cakg.generate(1024);
X509Certificate cert = cakg.getSelfCertificate(n, 1000);
MessageDigest md = MessageDigest.getInstance("SHA-256");
PKCS9Attributes authed = new PKCS9Attributes(new PKCS9Attribute[] { new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID, ContentInfo.DATA_OID), new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID, md.digest(data)) });
Signature s = Signature.getInstance("SHA256withRSA");
s.initSign(cakg.getPrivateKey());
s.update(authed.getDerEncoding());
byte[] sig = s.sign();
SignerInfo signerInfo = new SignerInfo(n, cert.getSerialNumber(), AlgorithmId.get("SHA-256"), authed, AlgorithmId.get("SHA256withRSA"), sig, null);
PKCS7 pkcs7 = new PKCS7(new AlgorithmId[] { signerInfo.getDigestAlgorithmId() }, new ContentInfo(data), new X509Certificate[] { cert }, new SignerInfo[] { signerInfo });
if (pkcs7.verify(signerInfo, data) == null) {
throw new Exception("Not verified");
}
}
Also used :
SignerInfo(sun.security.pkcs.SignerInfo)
PKCS9Attribute(sun.security.pkcs.PKCS9Attribute)
ContentInfo(sun.security.pkcs.ContentInfo)
PKCS7(sun.security.pkcs.PKCS7)
CertAndKeyGen(sun.security.tools.keytool.CertAndKeyGen)
Signature(java.security.Signature)
X500Name(sun.security.x509.X500Name)
MessageDigest(java.security.MessageDigest)
PKCS9Attributes(sun.security.pkcs.PKCS9Attributes)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
PKCS9Attribute (sun.security.pkcs.PKCS9Attribute)5
PKCS7 (sun.security.pkcs.PKCS7)2
SignerInfo (sun.security.pkcs.SignerInfo)2
ObjectIdentifier (sun.security.util.ObjectIdentifier)2
FileInputStream (java.io.FileInputStream)1
IOException (java.io.IOException)1
InputStream (java.io.InputStream)1
MessageDigest (java.security.MessageDigest)1
PublicKey (java.security.PublicKey)1
Signature (java.security.Signature)1
X509Certificate (java.security.cert.X509Certificate)1
JarEntry (java.util.jar.JarEntry)1
JarFile (java.util.jar.JarFile)1
HexDumpEncoder (sun.misc.HexDumpEncoder)1
ContentInfo (sun.security.pkcs.ContentInfo)1
PKCS9Attributes (sun.security.pkcs.PKCS9Attributes)1
PKCS10 (sun.security.pkcs10.PKCS10)1
PKCS10Attribute (sun.security.pkcs10.PKCS10Attribute)1
TimestampToken (sun.security.timestamp.TimestampToken)1
CertAndKeyGen (sun.security.tools.keytool.CertAndKeyGen)1
