List of usage examples for org.bouncycastle.asn1 ASN1InputStream ASN1InputStream
public ASN1InputStream(byte[] input)
From source file:com.yacme.ext.oxsit.cust_it.comp.security.cert.CertificateCompliance_IT.java
License:Open Source License
@Override public CertificateState verifyCertificateCompliance(XFrame _xFrame, Object arg0) throws IllegalArgumentException, Exception { m_xQc = (XOX_X509Certificate) UnoRuntime.queryInterface(XOX_X509Certificate.class, arg0); if (m_xQc == null) throw (new IllegalArgumentException( "XOX_CertificateComplianceProcedure#verifyCertificateCertificateCompliance wrong argument")); m_aCertificateState = CertificateState.OK; m_aLogger.log("verifyCertificateCompliance"); //convert the certificate to java internal representation java.security.cert.CertificateFactory cf; try {//from www . j av a2s . c om cf = java.security.cert.CertificateFactory.getInstance("X.509"); java.io.ByteArrayInputStream bais = null; bais = new java.io.ByteArrayInputStream(m_xQc.getCertificateAttributes().getDEREncoded()); m_JavaCert = (java.security.cert.X509Certificate) cf.generateCertificate(bais); //check for version, if version is not 3, exits, certificate cannot be used if (m_JavaCert.getVersion() != 3) { m_xQc.setCertificateElementErrorState(GlobConstant.m_sX509_CERTIFICATE_VERSION, CertificateElementState.INVALID_value); setCertificateStateHelper(CertificateState.MALFORMED_CERTIFICATE); m_xQc.getCertificateDisplayObj().setCertificateElementCommentString(CertificateElementID.VERSION, "Version MUST be V3"); return m_aCertificateState; } //check for validity date try { /* //test for date information //not yet valid GregorianCalendar aCal = new GregorianCalendar(2008,12,12); //expired GregorianCalendar aCal = new GregorianCalendar(2019,12,12); m_JavaCert.checkValidity(aCal.getTime());*/ m_JavaCert.checkValidity(); } catch (CertificateExpiredException e) { m_xQc.setCertificateElementErrorState(GlobConstant.m_sX509_CERTIFICATE_NOT_AFTER, CertificateElementState.INVALID_value); setCertificateStateHelper(CertificateState.EXPIRED); m_xQc.getCertificateDisplayObj().setCertificateElementCommentString(CertificateElementID.NOT_AFTER, "The date is elapsed."); } catch (CertificateNotYetValidException e) { m_xQc.setCertificateElementErrorState(GlobConstant.m_sX509_CERTIFICATE_NOT_BEFORE, CertificateElementState.INVALID_value); setCertificateStateHelper(CertificateState.NOT_ACTIVE); m_xQc.getCertificateDisplayObj().setCertificateElementCommentString(CertificateElementID.NOT_BEFORE, "The date is not yet arrived."); } //check the KeyUsage extension int tempState = CertificateElementState.OK_value; if (!isKeyUsageNonRepudiationCritical(m_JavaCert)) { tempState = CertificateElementState.INVALID_value; setCertificateStateHelper(CertificateState.NOT_COMPLIANT); } m_xQc.setCertificateElementErrorState(X509Extensions.KeyUsage.getId(), tempState); } catch (CertificateException e) { m_aLogger.severe(e); setCertificateStateHelper(CertificateState.MALFORMED_CERTIFICATE); throw (new com.sun.star.uno.Exception(" wrapped exception: ")); } //convert to Bouncy Castle representation ByteArrayInputStream as = new ByteArrayInputStream(m_xQc.getCertificateAttributes().getDEREncoded()); ASN1InputStream aderin = new ASN1InputStream(as); DERObject ado = null; try { ado = aderin.readObject(); X509CertificateStructure x509Str = new X509CertificateStructure((ASN1Sequence) ado); //check issuer field for conformance TBSCertificateStructure xTBSCert = x509Str.getTBSCertificate(); //check if both IssuerUniqueID and SubjectUniqueID are present //ETSI 102 280 5.3 if (!isOKUniqueIds(xTBSCert)) { setCertificateStateHelper(CertificateState.CORE_CERTIFICATE_ELEMENT_INVALID); return m_aCertificateState; } if (!isIssuerIdOk(xTBSCert)) { m_xQc.setCertificateElementErrorState("IssuerName", CertificateElementState.INVALID_value); setCertificateStateHelper(CertificateState.NOT_COMPLIANT); } //check if qcStatements are present //the function set the error itself if (!hasQcStatements(xTBSCert)) { return m_aCertificateState; } } catch (java.io.IOException e) { m_aLogger.severe(e); setCertificateStateHelper(CertificateState.MALFORMED_CERTIFICATE); throw (new com.sun.star.uno.Exception(" wrapped exception: ")); } catch (java.lang.Exception e) { m_aLogger.severe(e); setCertificateStateHelper(CertificateState.MALFORMED_CERTIFICATE); throw (new com.sun.star.uno.Exception(" wrapped exception: ")); } return m_aCertificateState; }
From source file:com.yacme.ext.oxsit.cust_it.comp.security.cert.X509CertDisplayBase_IT.java
License:Open Source License
@Override public void prepareDisplayStrings(XFrame _xFrame, XComponent _xComp) throws IllegalArgumentException, Exception { m_xQc = (XOX_X509Certificate) UnoRuntime.queryInterface(XOX_X509Certificate.class, _xComp); if (m_xQc == null) throw (new IllegalArgumentException( "com.yacme.ext.oxsit.security.cert.XOX_X509CertificateDisplay#prepareDisplayStrings wrong argument")); ///*from w w w . ja v a2 s .c o m*/ m_aX509 = null; //remove old certificate //remove old data from HashMaps m_aExtensions.clear(); m_aExtensionLocalizedNames.clear(); m_aExtensionDisplayValues.clear(); m_aCriticalExtensions.clear(); m_aNotCriticalExtensions.clear(); ByteArrayInputStream as = new ByteArrayInputStream(m_xQc.getCertificateAttributes().getDEREncoded()); ASN1InputStream aderin = new ASN1InputStream(as); DERObject ado; try { ado = aderin.readObject(); m_aX509 = new X509CertificateStructure((ASN1Sequence) ado); //initializes the certificate display information initSubjectName(); m_sVersion = String.format("V%d", m_aX509.getVersion()); m_sSerialNumber = new String("" + m_aX509.getSerialNumber().getValue()); initIssuerName(); m_sNotValidBefore = initCertDate(m_aX509.getStartDate().getDate()); m_sNotValidAfter = initCertDate(m_aX509.getEndDate().getDate()); m_sSubjectPublicKeyAlgorithm = initPublicKeyAlgorithm(); m_sSubjectPublicKeyValue = initPublicKeyData(); m_sSignatureAlgorithm = initSignatureAlgorithm(); initThumbPrints(); //now initializes the Extension listing X509Extensions aX509Exts = m_aX509.getTBSCertificate().getExtensions(); //fill the internal extension HashMaps //at the same time we'll get the extension localized name from resources and //fill the display data MessageConfigurationAccess m_aRegAcc = null; m_aRegAcc = new MessageConfigurationAccess(m_xContext, m_xMCF); //FIXME: may be we need to adapt this to the context: the following is valid ONLY if this //object is instantiated from within a dialog, is not true if instantiated from a not UI method (e.g. from basic for example). IDynamicLogger aDlgH = null; CertificateExtensionDisplayHelper aHelper = new CertificateExtensionDisplayHelper(m_xContext, m_lTheLocale, m_sTimeLocaleString, m_sLocaleDateOfBirth, m_bDisplayOID, m_aLogger); for (Enumeration<DERObjectIdentifier> enume = aX509Exts.oids(); enume.hasMoreElements();) { DERObjectIdentifier aDERId = enume.nextElement(); String aTheOID = aDERId.getId(); X509Extension aext = aX509Exts.getExtension(aDERId); m_aExtensions.put(aTheOID, aext); //now grab the localized description try { m_aExtensionLocalizedNames.put(aTheOID, m_aRegAcc.getStringFromRegistry(aTheOID) + ((m_bDisplayOID) ? (" (OID: " + aTheOID.toString() + ")") : "")); } catch (com.sun.star.uno.Exception e) { m_aLogger.severe("setDEREncoded", e); m_aExtensionLocalizedNames.put(aTheOID, aTheOID); } //and decode this extension m_aExtensionDisplayValues.put(aTheOID, aHelper.examineExtension(aext, aDERId, this)); if (aext.isCritical()) m_aCriticalExtensions.put(aTheOID, aext); else m_aNotCriticalExtensions.put(aTheOID, aext); } m_aRegAcc.dispose(); } catch (IOException e) { m_aLogger.severe("setDEREncoded", e); } }
From source file:com.yacme.ext.oxsit.cust_it.security.crl.X509CertRL.java
License:Open Source License
/** * Returns DERObject extension if the certificate corresponding to given OID<br><br> * Restituisce un estensione DERObject dal certificato, corrispoendente * all'OID/*from w w w.j a v a 2 s. c o m*/ * * @param cert certificate * @param oid String * @throws IOException * @return l'estensione */ private static DERObject getExtensionValue(X509Certificate cert, String oid) throws IOException { byte[] bytes = cert.getExtensionValue(oid); if (bytes == null) { return null; } ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(bytes)); ASN1OctetString otteti = (ASN1OctetString) aIn.readObject(); aIn = new ASN1InputStream(new ByteArrayInputStream(otteti.getOctets())); return aIn.readObject(); }
From source file:com.yacme.ext.oxsit.Helpers.java
License:Open Source License
public static String getIssuerName(X509Certificate _Cert) { //convert to bouncycaste String sRet = ""; ByteArrayInputStream as;// ww w. j a v a 2 s . c o m try { as = new ByteArrayInputStream(_Cert.getEncoded()); ASN1InputStream aderin = new ASN1InputStream(as); DERObject ado; ado = aderin.readObject(); X509CertificateStructure _aX509 = new X509CertificateStructure((ASN1Sequence) ado); //extract the name, same as in display X509Name aName = _aX509.getIssuer(); Vector<DERObjectIdentifier> oidv = aName.getOIDs(); HashMap<DERObjectIdentifier, String> hm = new HashMap<DERObjectIdentifier, String>(20); Vector<?> values = aName.getValues(); for (int i = 0; i < oidv.size(); i++) { hm.put(oidv.elementAt(i), values.elementAt(i).toString()); } //look for givename (=nome di battesimo) //see BC source code for details about DefaultLookUp behaviour DERObjectIdentifier oix; if (sRet.length() == 0) { //check for O oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("o")); if (hm.containsKey(oix)) { sRet = hm.get(oix).toString(); } } if (sRet.length() == 0) { //check for CN oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("cn")); if (hm.containsKey(oix)) { sRet = hm.get(oix).toString(); } } if (sRet.length() == 0) { //if still not, check for pseudodym oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("pseudonym")); if (hm.containsKey(oix)) sRet = hm.get(oix).toString(); } //check for CN oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("cn")); if (hm.containsKey(oix)) { sRet = sRet + ((sRet.length() > 0) ? ", " : "") + hm.get(oix).toString(); } } catch (IOException e) { e.printStackTrace(); } catch (CertificateEncodingException e) { e.printStackTrace(); } return sRet; }
From source file:com.yacme.ext.oxsit.Helpers.java
License:Open Source License
/** Returns the DER encoded form of a X509 certificate. * @param _aCert the X509Certificate to encode * @return a byte array representing the DER encoded form of the certificate * @throws CertificateEncodingException/*from w w w .ja va2s . c o m*/ * @throws IOException */ public static byte[] getDEREncoded(X509Certificate _aCert) throws CertificateEncodingException, IOException { ByteArrayInputStream as; as = new ByteArrayInputStream(_aCert.getEncoded()); ASN1InputStream aderin = new ASN1InputStream(as); DERObject ado; ado = aderin.readObject(); return ado.getEncoded("DER"); // _aCert.getTBSCertificate();// aCertificateAttributes.getDEREncoded();//_aDERencoded;// aCert; }
From source file:com.yacme.ext.oxsit.pkcs11.PKCS11Driver.java
License:Open Source License
/** * Finds a certificate matching the one passed as parameter. * * @param _aCertificate//w ww . j a va2 s . c om * @return the handle of the certificate, or -1 if not found. * @throws PKCS11Exception * @throws CertificateEncodingException * @throws IOException */ public long findCertificate(X509Certificate _aCertificate) throws PKCS11Exception, CertificateEncodingException, IOException { long sessionHandle = getSession(); long certificateHandle = -1L; if (sessionHandle < 0 || _aCertificate == null) { return -1L; } m_aLogger.debug("find certificate."); ByteArrayInputStream as = new ByteArrayInputStream(_aCertificate.getEncoded()); ASN1InputStream aderin = new ASN1InputStream(as); DERObject ado; ado = aderin.readObject(); X509CertificateStructure m_aX509 = new X509CertificateStructure((ASN1Sequence) ado); // now get the certificate with the same ID as the signature key int idx = 0; CK_ATTRIBUTE[] attributeTemplateList = new CK_ATTRIBUTE[4]; attributeTemplateList[idx] = new CK_ATTRIBUTE(); attributeTemplateList[idx].type = PKCS11Constants.CKA_CLASS; attributeTemplateList[idx++].pValue = new Long(PKCS11Constants.CKO_CERTIFICATE); attributeTemplateList[idx] = new CK_ATTRIBUTE(); attributeTemplateList[idx].type = PKCS11Constants.CKA_SUBJECT; attributeTemplateList[idx++].pValue = m_aX509.getTBSCertificate().getSubject().getDEREncoded(); attributeTemplateList[idx] = new CK_ATTRIBUTE(); attributeTemplateList[idx].type = PKCS11Constants.CKA_ISSUER; attributeTemplateList[idx++].pValue = m_aX509.getTBSCertificate().getIssuer().getDEREncoded(); byte[] ar = m_aX509.getTBSCertificate().getSerialNumber().getDEREncoded(); byte[] sn = new byte[3]; sn[0] = ar[2]; sn[1] = ar[3]; sn[2] = ar[4]; ar = m_aX509.getTBSCertificate().getSerialNumber().getEncoded(); ar = m_aX509.getTBSCertificate().getSerialNumber().getEncoded("BER"); attributeTemplateList[idx] = new CK_ATTRIBUTE(); attributeTemplateList[idx].type = PKCS11Constants.CKA_SERIAL_NUMBER; attributeTemplateList[idx++].pValue = sn; /* attributeTemplateList[idx] = new CK_ATTRIBUTE(); attributeTemplateList[idx].type = PKCS11Constants.CKA_SUBJECT; attributeTemplateList[idx++].pValue = _aCertificate.getSubjectX500Principal().getEncoded();*/ /* attributeTemplateList[idx] = new CK_ATTRIBUTE(); attributeTemplateList[idx].type = PKCS11Constants.CKA_ISSUER; attributeTemplateList[idx++].pValue = _aCertificate.getIssuerX500Principal().getEncoded(); //now we need to get the serial number of the certificate, we need the DER // version ByteArrayInputStream as = new ByteArrayInputStream(_aCertificate.getEncoded()); ASN1InputStream aderin = new ASN1InputStream(as); DERObject ado; ado = aderin.readObject(); X509CertificateStructure m_aX509 = new X509CertificateStructure((ASN1Sequence) ado); attributeTemplateList[idx] = new CK_ATTRIBUTE(); attributeTemplateList[idx].type = PKCS11Constants.CKA_SERIAL_NUMBER; attributeTemplateList[idx++].pValue = m_aX509.getTBSCertificate().toASN1Object().getObjectAT(1);//getSerialNumber().getDERObject().getDEREncoded();// getEncoded(); //getDEREncoded(); no */ pkcs11Module.C_FindObjectsInit(getSession(), attributeTemplateList); long[] availableCertificates = pkcs11Module.C_FindObjects(getSession(), 100); //maximum of 100 at once if (availableCertificates == null || availableCertificates.length == 0) { m_aLogger.log("null returned - no certificate found"); } else { m_aLogger.debug("found " + availableCertificates.length + " certificates with matching attributes."); for (int i = 0; i < availableCertificates.length; i++) { if (i == 0) { // the first we find, we take as our certificate certificateHandle = availableCertificates[i]; if (certificateHandle > 0L) { // now get the certificate with the same ID as the signature key CK_ATTRIBUTE[] attributeTemplateListR = new CK_ATTRIBUTE[3]; attributeTemplateListR[0] = new CK_ATTRIBUTE(); attributeTemplateListR[0].type = PKCS11Constants.CKA_SERIAL_NUMBER; attributeTemplateListR[1] = new CK_ATTRIBUTE(); attributeTemplateListR[1].type = PKCS11Constants.CKA_LABEL; attributeTemplateListR[2] = new CK_ATTRIBUTE(); attributeTemplateListR[2].type = PKCS11Constants.CKA_ID; pkcs11Module.C_GetAttributeValue(getSession(), certificateHandle, attributeTemplateListR); byte[] certificateSN = null; if (attributeTemplateListR[0].pValue != null) { certificateSN = (byte[]) attributeTemplateListR[0].pValue; if (certificateSN != null) { m_aLogger.debug("CKA_SERIAL_NUMBER " + Helpers.printHexBytes(certificateSN)); } } if (attributeTemplateListR[1].pValue != null) { attributeTemplateListR[1].pValue.toString(); String aLabel = new String((char[]) attributeTemplateListR[1].pValue); m_aLogger.debug("CKA_LABEL '" + aLabel + "'"); } if (attributeTemplateListR[2].pValue != null) { certificateSN = (byte[]) attributeTemplateListR[2].pValue; if (certificateSN != null) { m_aLogger.debug("CKA_ID " + Helpers.printHexBytes(certificateSN)); } } } } m_aLogger.debug("certificate " + i); } } pkcs11Module.C_FindObjectsFinal(getSession()); //get serial number of this certificate return certificateHandle; }
From source file:com.zimbra.cs.service.authenticator.CertUtil.java
License:Open Source License
String getSubjectAltNameOtherNameUPN() {
Collection<List<?>> generalNames = null;
try {/*from w w w . ja v a2 s .c om*/
generalNames = cert.getSubjectAlternativeNames();
} catch (CertificateParsingException e) {
ZimbraLog.account.warn(LOG_PREFIX + "unable to get subject alternative names", e);
}
if (generalNames == null) {
return null;
}
ASN1InputStream decoder = null;
try {
// Check that the certificate includes the SubjectAltName extension
for (List<?> generalName : generalNames) {
Integer tag = (Integer) generalName.get(0);
if (GeneralName.otherName == tag.intValue()) {
// Value is encoded using ASN.1
decoder = new ASN1InputStream((byte[]) generalName.toArray()[1]);
DEREncodable encoded = decoder.readObject();
DERSequence derSeq = (DERSequence) encoded;
DERObjectIdentifier typeId = DERObjectIdentifier.getInstance(derSeq.getObjectAt(0));
String oid = typeId.getId();
String value = null;
ASN1TaggedObject otherNameValue = ASN1TaggedObject.getInstance(derSeq.getObjectAt(1));
if (OID_UPN.equals(oid)) {
ASN1TaggedObject upnValue = ASN1TaggedObject.getInstance(otherNameValue.getObject());
DERUTF8String str = DERUTF8String.getInstance(upnValue.getObject());
value = str.getString();
return value;
}
}
}
} catch (IOException e) {
ZimbraLog.account.warn(LOG_PREFIX + "unable to process ASN.1 data", e);
} finally {
ByteUtil.closeStream(decoder);
}
return null;
}
From source file:com.zimbra.cs.service.authenticator.CertUtil.java
License:Open Source License
private String getSubjectAttr(String needAttrName, String needAttrOid) { String subjectDN = getSubjectDN(); try {//from ww w . j ava2 s.c o m LdapName dn = new LdapName(subjectDN); List<Rdn> rdns = dn.getRdns(); for (Rdn rdn : rdns) { String type = rdn.getType(); boolean isOid = type.contains("."); boolean matched = (isOid ? type.equals(needAttrOid) : type.equals(needAttrName)); if (matched) { Object value = rdn.getValue(); if (value == null) { continue; } if (isOid) { byte[] bytes = (byte[]) value; ASN1InputStream decoder = null; try { decoder = new ASN1InputStream(bytes); DEREncodable encoded = decoder.readObject(); DERIA5String str = DERIA5String.getInstance(encoded); return str.getString(); } catch (IOException e) { ZimbraLog.account.warn(LOG_PREFIX + "unable to decode " + type, e); } finally { ByteUtil.closeStream(decoder); } } else { return value.toString(); } } } } catch (InvalidNameException e) { ZimbraLog.account.warn(LOG_PREFIX + "Invalid subject dn value" + subjectDN, e); } return null; }
From source file:com.zimbra.cs.service.authenticator.CertUtil.java
License:Open Source License
private void printSubjectAlternativeNames(PrintStream outStream) throws Exception { final String UPN_DISPLAY = "Principal Name"; final String RFC822NAME_DISPLAY = "RFC822 Name"; final String DNSNAME_DISPLAY = "DNS Name"; outStream.format("X509v3 Subject Alternative Name: \n"); ASN1InputStream decoder = null; try {// www. jav a 2s . c o m Collection<List<?>> generalNames = cert.getSubjectAlternativeNames(); // Check that the certificate includes the SubjectAltName extension if (generalNames == null) { return; } /* OtherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id } */ for (List<?> generalName : generalNames) { Integer tag = (Integer) generalName.get(0); if (GeneralName.otherName == tag.intValue()) { // Value is encoded using ASN.1 decoder = new ASN1InputStream((byte[]) generalName.toArray()[1]); DEREncodable encoded = decoder.readObject(); DERSequence derSeq = (DERSequence) encoded; DERObjectIdentifier typeId = DERObjectIdentifier.getInstance(derSeq.getObjectAt(0)); String oid = typeId.getId(); String value = null; ASN1TaggedObject otherNameValue = ASN1TaggedObject.getInstance(derSeq.getObjectAt(1)); if (OID_UPN.equals(oid)) { ASN1TaggedObject upnValue = ASN1TaggedObject.getInstance(otherNameValue.getObject()); DERUTF8String str = DERUTF8String.getInstance(upnValue.getObject()); value = str.getString(); } outStream.format(" [%d] %s(%s) = %s\n", tag, oid, UPN_DISPLAY, value); } else if (GeneralName.rfc822Name == tag.intValue()) { String value = (String) generalName.get(1); outStream.format(" [%d] %s = %s\n", tag, RFC822NAME_DISPLAY, value); } else if (GeneralName.dNSName == tag.intValue()) { String value = (String) generalName.get(1); outStream.format(" [%d] %s = %s\n", tag, DNSNAME_DISPLAY, value); } else { outStream.format(" [%d] - not yet supported\n", tag); } } } catch (CertificateParsingException e) { e.printStackTrace(); } finally { ByteUtil.closeStream(decoder); } }
From source file:com.zotoh.crypto.JUT.java
License:Open Source License
@Test public void testReadASN1Object() throws Exception { InputStream inp = rc2Stream("com/zotoh/crypto/zotoh.p12"); try {/* ww w . j a va 2 s .co m*/ assertTrue(new ASN1InputStream(inp).readObject() != null); } finally { StreamUte.close(inp); } }