Introduction
In this page you can find the example usage for org.bouncycastle.asn1 ASN1InputStream ASN1InputStream.
Prototype
public ASN1InputStream(byte[] input)
Source Link
Document
Create an ASN1InputStream based on the input byte array.
Usage
From source file:dk.itst.oiosaml.sp.metadata.CRLChecker.java
License:Mozilla Public License
/**
* Gets an URL to use when performing an OCSP validation of a certificate.
* // ww w .j a v a2s. c o m
* @param conf
* @param entityId
* @param certificate
* @return the URL to use.
* @see <a href="http://oid-info.com/get/1.3.6.1.5.5.7.48.1">http://oid-info.com/get/1.3.6.1.5.5.7.48.1</a>
*/
private String getOCSPUrl(Configuration conf, String entityId, X509Certificate certificate) {
String url = conf.getString(Constants.PROP_OCSP_RESPONDER);
if (url != null) {
return url;
}
log.debug("No OCSP configured for " + entityId + " attempting to extract OCSP location from certificate "
+ certificate.getSubjectDN());
AuthorityInformationAccess authInfoAcc = null;
ASN1InputStream aIn = null;
try {
byte[] bytes = certificate.getExtensionValue(AUTH_INFO_ACCESS);
aIn = new ASN1InputStream(bytes);
ASN1OctetString octs = (ASN1OctetString) aIn.readObject();
aIn = new ASN1InputStream(octs.getOctets());
ASN1Primitive auth_info_acc = aIn.readObject();
if (auth_info_acc != null) {
authInfoAcc = AuthorityInformationAccess.getInstance(auth_info_acc);
}
} catch (Exception e) {
log.debug("Cannot extract access location of OCSP responder.", e);
return null;
} finally {
if (aIn != null) {
try {
aIn.close();
} catch (IOException e) {
}
}
}
List<String> ocspUrls = getOCSPUrls(authInfoAcc);
Iterator<String> urlIt = ocspUrls.iterator();
while (urlIt.hasNext()) {
// Just return the first URL
Object ocspUrl = new UntrustedUrlInput(urlIt.next());
url = ocspUrl.toString();
}
return url;
}
From source file:dorkbox.build.util.jar.JarSignatureUtil.java
License:Apache License
/**
* @return null if there is a problem with the certificate loading process.
*//* w w w.j a v a 2 s .c o m*/
public static final String extractSignatureHashFromSignatureBlock(byte[] signatureBlock) {
ASN1InputStream sigStream = null;
try {
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
InputStream signatureIn = new ByteArrayInputStream(signatureBlock);
sigStream = new ASN1InputStream(signatureIn);
ASN1Primitive signatureASN = sigStream.readObject();
ASN1Sequence seq = ASN1Sequence.getInstance(signatureASN);
ASN1TaggedObject tagged = (ASN1TaggedObject) seq.getObjectAt(1);
// Extract certificates
SignedData newSignedData = SignedData.getInstance(tagged.getObject());
@SuppressWarnings("rawtypes")
Enumeration newSigOjects = newSignedData.getCertificates().getObjects();
Object newSigElement = newSigOjects.nextElement();
if (newSigElement instanceof DERSequence) {
DERSequence newSigDERElement = (DERSequence) newSigElement;
InputStream newSigIn = new ByteArrayInputStream(newSigDERElement.getEncoded());
Certificate newSigCertificate = certFactory.generateCertificate(newSigIn);
// certificate bytes
byte[] newSigCertificateBytes = newSigCertificate.getEncoded();
String encodeToString = Base64Fast.encodeToString(newSigCertificateBytes, false);
return encodeToString;
}
} catch (IOException e) {
} catch (CertificateException e) {
} finally {
Sys.close(sigStream);
}
return null;
}
From source file:dorkbox.build.util.jar.JarSignatureUtil.java
License:Apache License
/**
* Verify that the two certificates MATCH from within a signature block (ie,
* XXXXX.DSA in the META-INF directory).
*
* @return true if the two certificates are the same. false otherwise.
*//*w w w . j ava 2s. co m*/
public static final boolean compareCertificates(byte[] newSignatureContainerBytes,
byte[] oldSignatureContainerBytes) {
ASN1InputStream newSigStream = null;
ASN1InputStream oldSigStream = null;
try {
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
InputStream newSignatureIn = new ByteArrayInputStream(newSignatureContainerBytes);
newSigStream = new ASN1InputStream(newSignatureIn);
ASN1Primitive newSigASNPrim = newSigStream.readObject();
ContentInfo newSigContent = ContentInfo.getInstance(newSigASNPrim);
InputStream oldSignatureIn = new ByteArrayInputStream(oldSignatureContainerBytes);
oldSigStream = new ASN1InputStream(oldSignatureIn);
ASN1Primitive oldSigASNPrim = oldSigStream.readObject();
ContentInfo oldSigContent = ContentInfo.getInstance(oldSigASNPrim);
// Extract certificates
SignedData newSignedData = SignedData.getInstance(newSigContent.getContent());
@SuppressWarnings("rawtypes")
Enumeration newSigOjects = newSignedData.getCertificates().getObjects();
SignedData oldSignedData = SignedData.getInstance(oldSigContent.getContent());
@SuppressWarnings("rawtypes")
Enumeration oldSigOjects = oldSignedData.getCertificates().getObjects();
Object newSigElement = newSigOjects.nextElement();
Object oldSigElement = oldSigOjects.nextElement();
if (newSigElement instanceof DERSequence && oldSigElement instanceof DERSequence) {
DERSequence newSigDERElement = (DERSequence) newSigElement;
InputStream newSigIn = new ByteArrayInputStream(newSigDERElement.getEncoded());
Certificate newSigCertificate = certFactory.generateCertificate(newSigIn);
DERSequence oldSigDERElement = (DERSequence) oldSigElement;
InputStream oldSigIn = new ByteArrayInputStream(oldSigDERElement.getEncoded());
Certificate oldSigCertificate = certFactory.generateCertificate(oldSigIn);
// certificate bytes
byte[] newSigCertificateBytes = newSigCertificate.getEncoded();
byte[] oldSigCertificateBytes = oldSigCertificate.getEncoded();
return Arrays.equals(newSigCertificateBytes, oldSigCertificateBytes);
}
} catch (IOException e) {
} catch (CertificateException e) {
} finally {
Sys.close(newSigStream);
Sys.close(oldSigStream);
}
return false;
}
From source file:ec.gov.informatica.firmadigital.FirmaDigital.java
License:Open Source License
/**
* <code> crearDatosUsuario </code>
* // w ww.j a va 2s . c o m
* @param signingCert
* @return Esta funcion llena los datos del usuario encontrados en el
* certificado
*/
public DatosUsuario crearDatosUsuario(X509Certificate signingCert) {
// System.out.println("Libreria: Esta en crearDatosUsuario : ");
// System.out.println(" Antigua Infra probando Datos User CEDULA: " +
// signingCert.getExtensionValue("1.2.3.4.1"));
// System.out.println(" Nueva Infra probando Datos User CEDULA: " +
// (signingCert.getExtensionValue("1.3.6.1.4.1.37947.3.1")));
/* **************************************************************************************************************
* No existe la posibilidad de que se realice una firma si el
* certificado no tiene el campo de cedula, por esta razon el campo
* cedula ser el validador del tipo de infraestructura que fue creado
* el certificado
* ********************************************************
* ******************************************************
*/
DatosUsuario datosUsuario = new DatosUsuario();
if (signingCert.getExtensionValue("1.2.3.4.1") != null) { // esta sobre
// la
// antigua
// infraestructura
System.out.println("- Certificado generado con OIDS de antigua infraestructura BCE ");
datosUsuario.setCedula(new String(signingCert.getExtensionValue("1.2.3.4.1")).trim());
if (signingCert.getExtensionValue("1.2.3.4.2") != null) {
datosUsuario.setNombre(new String(signingCert.getExtensionValue("1.2.3.4.2")).trim());
}
if (signingCert.getExtensionValue("1.2.3.4.3") != null) {
String txtApellido = new String(signingCert.getExtensionValue("1.2.3.4.3")).trim();
if (signingCert.getExtensionValue("1.2.3.4.4") != null) {
txtApellido = txtApellido + " " + new String(signingCert.getExtensionValue("1.2.3.4.4")).trim();
}
datosUsuario.setApellido(txtApellido);
}
if (signingCert.getExtensionValue("1.2.3.4.6") != null) {
datosUsuario.setInstitucion(new String(signingCert.getExtensionValue("1.2.3.4.6")).trim());
}
if (signingCert.getExtensionValue("1.2.3.4.5") != null) {
datosUsuario.setCargo(new String(signingCert.getExtensionValue("1.2.3.4.5")).trim());
}
if (signingCert.getSerialNumber() != null) {
datosUsuario.setSerial(signingCert.getSerialNumber().toString());
}
} else if (signingCert.getExtensionValue("1.3.6.1.4.1.37947.3.1") != null) { // esta
// sobre
// la
// nueva
// infraestructura
System.out.println("- Certificado generado con OIDS de nueva infraestructura BCE");
datosUsuario.setCedula(new String(signingCert.getExtensionValue("1.3.6.1.4.1.37947.3.1")).trim());
if (signingCert.getExtensionValue("1.3.6.1.4.1.37947.3.2") != null) {
datosUsuario.setNombre(new String(signingCert.getExtensionValue("1.3.6.1.4.1.37947.3.2")).trim());
}
if (signingCert.getExtensionValue("1.3.6.1.4.1.37947.3.3") != null) {
String txtApellido = new String(signingCert.getExtensionValue("1.3.6.1.4.1.37947.3.3")).trim();
if (signingCert.getExtensionValue("1.3.6.1.4.1.37947.3.4") != null) {
txtApellido = txtApellido + " "
+ new String(signingCert.getExtensionValue("1.3.6.1.4.1.37947.3.4")).trim();
}
datosUsuario.setApellido(txtApellido);
}
if (signingCert.getExtensionValue("1.3.6.1.4.1.37947.3.6") != null) {
datosUsuario
.setInstitucion(new String(signingCert.getExtensionValue("1.3.6.1.4.1.37947.3.6")).trim());
}
if (signingCert.getExtensionValue("1.3.6.1.4.1.37947.3.5") != null) {
datosUsuario.setCargo(new String(signingCert.getExtensionValue("1.3.6.1.4.1.37947.3.5")).trim());
}
if (signingCert.getSerialNumber() != null) {
datosUsuario.setSerial(signingCert.getSerialNumber().toString());
}
} else {
System.out.println("- Certificado generado con OIDS de infraestructura securityData");
datosUsuario.setCedula(new String(signingCert.getExtensionValue("1.3.6.1.4.1.37746.3.1")).trim());
if (signingCert.getExtensionValue("1.3.6.1.4.1.37746.3.2") != null) {
datosUsuario.setNombre(new String(signingCert.getExtensionValue("1.3.6.1.4.1.37746.3.2")).trim());
}
if (signingCert.getExtensionValue("1.3.6.1.4.1.37746.3.3") != null) {
String txtApellido = new String(signingCert.getExtensionValue("1.3.6.1.4.1.37746.3.3")).trim();
if (signingCert.getExtensionValue("1.3.6.1.4.1.37746.3.4") != null) {
txtApellido = txtApellido + " "
+ new String(signingCert.getExtensionValue("1.3.6.1.4.1.37746.3.4")).trim();
}
datosUsuario.setApellido(txtApellido);
}
if (signingCert.getExtensionValue("1.3.6.1.4.1.37746.3.6") != null) {
datosUsuario
.setInstitucion(new String(signingCert.getExtensionValue("1.3.6.1.4.1.37746.3.6")).trim());
}
if (signingCert.getExtensionValue("1.3.6.1.4.1.37746.3.5") != null) {
datosUsuario.setCargo(new String(signingCert.getExtensionValue("1.3.6.1.4.1.37746.3.5")).trim());
}
if (signingCert.getSerialNumber() != null) {
datosUsuario.setSerial(signingCert.getSerialNumber().toString());
}
}
if (signingCert.getExtensionValue("2.5.29.31") != null) {
// Nuevo codigo validacion CRL
byte[] val1 = signingCert.getExtensionValue("2.5.29.31");
if (val1 == null) // esta parte se puede omitir o se lo puede dejar
// si se quiere tener un mayor control
{
if (signingCert.getSubjectDN().getName().equals(signingCert.getIssuerDN().getName())) {
System.out.println(
"El certificado es un certificado raiz: " + signingCert.getSubjectDN().getName());
} else {
System.out.println("El certificado NO tiene punto de distribucin de CRL : "
+ signingCert.getSubjectDN().getName());
}
// return Collections.emptyList();
} else {
// Obtiene dentro del certificado del token la lista de
// distribucin CRL usada para consultar el LDAP del BCE.
try {
ASN1InputStream oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(val1));
DERObject derObj = oAsnInStream.readObject();
DEROctetString dos = (DEROctetString) derObj;
byte[] val2 = dos.getOctets();
ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(val2));
DERObject derObj2 = oAsnInStream2.readObject();
List<String> urls = getDERValue(derObj2);
for (int j = 0; j < urls.size(); j++) {
datosUsuario.setCrl(urls.get(7));
}
// datosUsuario.setCrl( new String( distrPoint.substring(
// distrPoint.indexOf("���U����")+8,
// distrPoint.indexOf("ldap") - 8 ) ).trim() );
// //distrPoint.substring( distrPoint.indexOf("���U����")+8,
// distrPoint.indexOf("���U����") + 12 )
System.out.println("- Informacion contenida en el Certificado : > " + urls + "\n");// .println(urls);
} catch (Exception e) {
System.out.println("Error: " + e.getMessage());
e.printStackTrace();
}
} // fin else
// Fin validacion CRL
// System.out.println("Dist_point:" + distrPoint );
// OJO : Esta validacion puede fallar si la lista de distribucion
// crece a dos digitos . REVISAR
// datosUsuario.setCrl( new String( distrPoint.substring(
// distrPoint.indexOf("���U����")+8, distrPoint.indexOf("���U����")
// + 12 ) ).trim() );
}
return datosUsuario;
}
From source file:ec.gov.informatica.firmadigital.signature.BouncyCastleSignatureProcessor.java
License:Open Source License
/**
* <code> crearDatosUsuario </code>
* @param signingCert// ww w .j ava 2 s. c o m
* @return
* Esta funcion llena los datos del usuario encontrados en el certificado
*/
private DatosUsuario crearDatosUsuario(X509Certificate signingCert) {
// depuracionActual.info("Libreria: Esta en crearDatosUsuario : ");
DatosUsuario datosUsuario = new DatosUsuario();
if (signingCert.getExtensionValue("1.2.3.4.1") != null) {
datosUsuario.setCedula(new String(signingCert.getExtensionValue("1.2.3.4.1")).trim());
}
if (signingCert.getExtensionValue("1.2.3.4.2") != null) {
datosUsuario.setNombre(new String(signingCert.getExtensionValue("1.2.3.4.2")).trim());
}
if (signingCert.getExtensionValue("1.2.3.4.3") != null) {
String txtNombre = new String(signingCert.getExtensionValue("1.2.3.4.3")).trim();
if (signingCert.getExtensionValue("1.2.3.4.4") != null)
txtNombre = txtNombre + " " + new String(signingCert.getExtensionValue("1.2.3.4.4")).trim();
datosUsuario.setApellido(txtNombre);
}
if (signingCert.getExtensionValue("1.2.3.4.6") != null) {
datosUsuario.setInstitucion(new String(signingCert.getExtensionValue("1.2.3.4.6")).trim());
}
if (signingCert.getExtensionValue("1.2.3.4.5") != null) {
datosUsuario.setCargo(new String(signingCert.getExtensionValue("1.2.3.4.5")).trim());
}
if (signingCert.getSerialNumber() != null) {
datosUsuario.setSerial(signingCert.getSerialNumber().toString());
}
if (signingCert.getExtensionValue("2.5.29.31") != null) {
//Estas declaraciones buscan un atributo del Certificado (lista CRL) que permite buscar en revocados.
byte[] val1 = signingCert.getExtensionValue("2.5.29.31");
if (val1 == null) {
if (signingCert.getSubjectDN().getName().equals(signingCert.getIssuerDN().getName())) {
System.out.println(
"El certificado es un certificado raiz: " + signingCert.getSubjectDN().getName());
} else {
System.out.println("El certificado NO tiene punto de distribucin de CRL : "
+ signingCert.getSubjectDN().getName());
}
//return Collections.emptyList();
} else {
//esta es la parte que deberas aumentar en si
try {
ASN1InputStream oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(val1));
DERObject derObj = oAsnInStream.readObject();
DEROctetString dos = (DEROctetString) derObj;
byte[] val2 = dos.getOctets();
ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(val2));
DERObject derObj2 = oAsnInStream2.readObject();
List<String> urls = getDERValue(derObj2);
for (int j = 0; j < urls.size(); j++) {
datosUsuario.setCrl(urls.get(7));
}
// datosUsuario.setCrl( new String( distrPoint.substring( distrPoint.indexOf("���U����")+8, distrPoint.indexOf("ldap") - 8 ) ).trim() ); //distrPoint.substring( distrPoint.indexOf("���U����")+8, distrPoint.indexOf("���U����") + 12 )
System.out.println(urls);// .println(urls);
} catch (Exception e) {
System.out.println("Error: " + e.getMessage());
e.printStackTrace();
}
} //fin else
}
return datosUsuario;
}
From source file:ec.rubrica.cert.CertUtils.java
License:Open Source License
private static ASN1Primitive toDERObject(byte[] data) throws IOException {
ByteArrayInputStream inStream = new ByteArrayInputStream(data);
ASN1InputStream asnInputStream = null;
try {/*from w w w .j a v a2 s. co m*/
asnInputStream = new ASN1InputStream(inStream);
return asnInputStream.readObject();
} finally {
if (asnInputStream != null) {
try {
asnInputStream.close();
} catch (IOException ignore) {
}
}
}
}
From source file:ec.rubrica.util.BouncyCastleUtils.java
License:Open Source License
public static boolean certificateHasPolicy(X509Certificate cert, String sOid) {
try {//from w ww . j ava2s.c o m
logger.fine("Read cert policies: " + cert.getSerialNumber().toString());
ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded());
ASN1InputStream aIn = new ASN1InputStream(bIn);
ASN1Sequence seq = (ASN1Sequence) aIn.readObject();
X509CertificateStructure obj = new X509CertificateStructure(seq);
TBSCertificateStructure tbsCert = obj.getTBSCertificate();
if (tbsCert.getVersion() == 3) {
X509Extensions ext = tbsCert.getExtensions();
if (ext != null) {
Enumeration en = ext.oids();
while (en.hasMoreElements()) {
DERObjectIdentifier oid = (DERObjectIdentifier) en.nextElement();
X509Extension extVal = ext.getExtension(oid);
ASN1OctetString oct = extVal.getValue();
ASN1InputStream extIn = new ASN1InputStream(new ByteArrayInputStream(oct.getOctets()));
if (oid.equals(X509Extension.certificatePolicies)) {
ASN1Sequence cp = (ASN1Sequence) extIn.readObject();
for (int i = 0; i != cp.size(); i++) {
PolicyInformation pol = PolicyInformation.getInstance(cp.getObjectAt(i));
DERObjectIdentifier dOid = pol.getPolicyIdentifier();
String soid2 = dOid.getId();
logger.fine("Policy: " + soid2);
if (soid2.startsWith(sOid))
return true;
}
}
}
}
}
} catch (Exception ex) {
logger.severe("Error reading cert policies: " + ex);
}
return false;
}
From source file:edu.vt.middleware.crypt.signature.AbstractDSASignature.java
License:Open Source License
/**
* Produces the r,s integer pair of a DSA signature from a DER-encoded byte
* representation.//from w w w.ja va 2s. c o m
*
* @param in DER-encoded concatenation of byte representation of r and s.
*
* @return DSA signature output parameters (r,s).
*
* @throws edu.vt.middleware.crypt.CryptException On cryptographic errors.
*/
private BigInteger[] decode(final byte[] in) throws CryptException {
ASN1Sequence s;
try {
s = (ASN1Sequence) new ASN1InputStream(in).readObject();
} catch (IOException e) {
throw new CryptException("Error decoding DSA signature.", e);
}
return new BigInteger[] { ((DERInteger) s.getObjectAt(0)).getValue(),
((DERInteger) s.getObjectAt(1)).getValue(), };
}
From source file:edu.vt.middleware.crypt.util.DERHelper.java
License:Open Source License
/**
* Attempts to create a Bouncy Castle <code>DERObject</code> from a byte array
* representing ASN.1 encoded data./*from ww w.j a va 2 s.c om*/
*
* @param data ASN.1 encoded data as byte array.
* @param discardWrapper Set to true to decode the octets of a DER octet
* string as DER encoded data, thereby discarding the wrapping DER octet
* string, false otherwise. Has no effect on other types of DER-encoded data.
*
* @return DER object.
*
* @throws IOException On I/O errors.
*/
public static DERObject toDERObject(final byte[] data, final boolean discardWrapper) throws IOException {
final ByteArrayInputStream in = new ByteArrayInputStream(data);
try {
DERObject o = new ASN1InputStream(in).readObject();
if (discardWrapper && o instanceof ASN1OctetString) {
o = new ASN1InputStream(((ASN1OctetString) o).getOctets()).readObject();
}
return o;
} finally {
in.close();
}
}
From source file:ee.ria.xroad.common.util.CryptoUtils.java
License:Open Source License
/**
* Attempts to create an ASN1 primitive object from given byte array.
* @param data the byte array/*from w ww . jav a 2 s.c om*/
* @return ASN1Primitive object
* @throws IOException if an error occurs
*/
public static ASN1Primitive toDERObject(byte[] data) throws IOException {
try (InputStream is = new ByteArrayInputStream(data)) {
return new ASN1InputStream(is).readObject();
}
}