List of usage examples for org.bouncycastle.asn1 ASN1InputStream ASN1InputStream
public ASN1InputStream(byte[] input)
From source file:net.sf.dsig.verify.OCSPHelper.java
License:Apache License
/** * Retrieve the OCSP URI distribution point from an X.509 certificate, using * the 1.3.6.1.5.5.7.1.1 extension value * /* w w w .j a v a2s. c o m*/ * @param certificate the {@link X509Certificate} object * @return a String containing the URI of the OCSP authority info access, * or null if none can be found */ public static String getOCSPAccessLocationUri(X509Certificate certificate) { try { byte[] derAiaBytes = certificate.getExtensionValue(OID_AUTHORITYINFOACCESS); if (derAiaBytes == null) { return null; } ASN1InputStream ais = new ASN1InputStream(derAiaBytes); DEROctetString dos = (DEROctetString) ais.readObject(); ais.close(); ais = new ASN1InputStream(dos.getOctets()); DERSequence seq = (DERSequence) ais.readObject(); ais.close(); AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(seq); for (int i = 0; i < aia.getAccessDescriptions().length; i++) { AccessDescription ad = aia.getAccessDescriptions()[i]; if (!ad.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) { continue; } GeneralName gn = ad.getAccessLocation(); if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) { return ((DERString) gn.getName()).getString(); } } } catch (IOException e) { logger.warn("ASN.1 decoding failed; will fall back to default OCSP AccessLocation, if set"); } return null; }
From source file:net.sf.dsig.verify.X509CRLHelper.java
License:Apache License
/** * Retrieve the CRL URI distribution point from an X.509 certificate, using * the 2.5.29.31 extension value/*from w w w.j a v a 2 s . com*/ * * @param certificate an {@link X509Certificate} object * @return a String containing the URI of the CRL distribution point, or * null if none can be found */ public static String getCRLDistributionPointUri(X509Certificate certificate) { byte[] derCdpBytes = certificate.getExtensionValue(OID_CRLDISTRIBUTIONPOINTS); if (derCdpBytes == null) { return null; } try { ASN1InputStream ais = new ASN1InputStream(derCdpBytes); DEROctetString dos = (DEROctetString) ais.readObject(); ais.close(); ais = new ASN1InputStream(dos.getOctets()); DERSequence seq = (DERSequence) ais.readObject(); ais.close(); CRLDistPoint cdp = new CRLDistPoint(seq); for (int i = 0; i < cdp.getDistributionPoints().length; i++) { DistributionPoint dp = cdp.getDistributionPoints()[i]; DistributionPointName dpn = dp.getDistributionPoint(); GeneralNames gns = (GeneralNames) dpn.getName(); for (int j = 0; j < gns.getNames().length; j++) { GeneralName gn = gns.getNames()[j]; if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) { return ((DERString) gn.getName()).getString(); } } } } catch (IOException e) { logger.warn("ASN.1 decoding failed; will fall back to default CRL DistributionPoint, if set"); } return null; }
From source file:net.sf.jsignpdf.verify.VerifierLogic.java
License:Mozilla Public License
/** * Validates certificate (chain) using OCSP. * //from w w w . j a va2s . c o m * @param pkc * certificate chain, 1st certificate will be validated * @param url * OCSP url for validation * @return */ private static boolean validateCertificateOCSP(Certificate pkc[], String url) { if (pkc.length < 2) { return false; } try { X509Certificate sigcer = (X509Certificate) pkc[0]; X509Certificate isscer = (X509Certificate) pkc[1]; OcspClientBouncyCastle ocspClient = new OcspClientBouncyCastle(sigcer, isscer, url); // TODO implement proxy support // ocspClient.setProxy(new Proxy(Proxy.Type.HTTP, new InetSocketAddress("127.0.0.1", 8888))); byte[] encoded = ocspClient.getEncoded(); ASN1InputStream inp = new ASN1InputStream(encoded); BasicOCSPResponse resp = BasicOCSPResponse.getInstance(inp.readObject()); org.bouncycastle.ocsp.BasicOCSPResp basicResp = new org.bouncycastle.ocsp.BasicOCSPResp(resp); SingleResp sr = basicResp.getResponses()[0]; CertificateID cid = sr.getCertID(); CertificateID tis = new CertificateID(CertificateID.HASH_SHA1, isscer, sigcer.getSerialNumber()); return tis.equals(cid); } catch (Exception e) { return false; } }
From source file:net.sf.keystore_explorer.crypto.privatekey.OpenSslPvkUtil.java
License:Open Source License
/** * Load an unencrypted OpenSSL private key from the stream. The encoding of * the private key may be PEM or DER.//from w w w . j a va 2 s .c o m * * @param is * Stream to load the unencrypted private key from * @return The private key * @throws PrivateKeyEncryptedException * If private key is encrypted * @throws CryptoException * Problem encountered while loading the private key * @throws IOException * An I/O error occurred */ public static PrivateKey load(InputStream is) throws CryptoException, IOException { byte[] streamContents = ReadUtil.readFully(is); EncryptionType encType = getEncryptionType(new ByteArrayInputStream(streamContents)); if (encType == null) { throw new CryptoException(res.getString("NotValidOpenSsl.exception.message")); } if (encType == ENCRYPTED) { throw new PrivateKeyEncryptedException(res.getString("OpenSslIsEncrypted.exception.message")); } // Check if stream is PEM encoded PemInfo pemInfo = PemUtil.decode(new ByteArrayInputStream(streamContents)); if (pemInfo != null) { // It is - get DER from PEM streamContents = pemInfo.getContent(); } try { // Read OpenSSL der structure ASN1InputStream asn1InputStream = new ASN1InputStream(streamContents); ASN1Primitive openSsl = asn1InputStream.readObject(); asn1InputStream.close(); if (openSsl instanceof ASN1Sequence) { ASN1Sequence sequence = (ASN1Sequence) openSsl; for (int i = 0; i < sequence.size(); i++) { ASN1Encodable obj = sequence.getObjectAt(i); if (!(obj instanceof ASN1Integer)) { throw new CryptoException( res.getString("OpenSslSequenceContainsNonIntegers.exception.message")); } } if (sequence.size() == 9) { // RSA private key BigInteger version = ((ASN1Integer) sequence.getObjectAt(0)).getValue(); BigInteger modulus = ((ASN1Integer) sequence.getObjectAt(1)).getValue(); BigInteger publicExponent = ((ASN1Integer) sequence.getObjectAt(2)).getValue(); BigInteger privateExponent = ((ASN1Integer) sequence.getObjectAt(3)).getValue(); BigInteger primeP = ((ASN1Integer) sequence.getObjectAt(4)).getValue(); BigInteger primeQ = ((ASN1Integer) sequence.getObjectAt(5)).getValue(); BigInteger primeExponentP = ((ASN1Integer) sequence.getObjectAt(6)).getValue(); BigInteger primeExponenetQ = ((ASN1Integer) sequence.getObjectAt(7)).getValue(); BigInteger crtCoefficient = ((ASN1Integer) sequence.getObjectAt(8)).getValue(); if (!version.equals(VERSION)) { throw new CryptoException( MessageFormat.format(res.getString("OpenSslVersionIncorrect.exception.message"), "" + VERSION.intValue(), "" + version.intValue())); } RSAPrivateCrtKeySpec rsaPrivateCrtKeySpec = new RSAPrivateCrtKeySpec(modulus, publicExponent, privateExponent, primeP, primeQ, primeExponentP, primeExponenetQ, crtCoefficient); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); return keyFactory.generatePrivate(rsaPrivateCrtKeySpec); } else if (sequence.size() == 6) { // DSA private key BigInteger version = ((ASN1Integer) sequence.getObjectAt(0)).getValue(); BigInteger primeModulusP = ((ASN1Integer) sequence.getObjectAt(1)).getValue(); BigInteger primeQ = ((ASN1Integer) sequence.getObjectAt(2)).getValue(); BigInteger generatorG = ((ASN1Integer) sequence.getObjectAt(3)).getValue(); /* publicExponentY not req for pvk */sequence.getObjectAt(4); BigInteger secretExponentX = ((ASN1Integer) sequence.getObjectAt(5)).getValue(); if (!version.equals(VERSION)) { throw new CryptoException( MessageFormat.format(res.getString("OpenSslVersionIncorrect.exception.message"), "" + VERSION.intValue(), "" + version.intValue())); } DSAPrivateKeySpec dsaPrivateKeySpec = new DSAPrivateKeySpec(secretExponentX, primeModulusP, primeQ, generatorG); KeyFactory keyFactory = KeyFactory.getInstance("DSA"); return keyFactory.generatePrivate(dsaPrivateKeySpec); } else { throw new CryptoException(MessageFormat.format( res.getString("OpenSslSequenceIncorrectSize.exception.message"), "" + sequence.size())); } } else { throw new CryptoException(res.getString("OpenSslSequenceNotFound.exception.message")); } } catch (GeneralSecurityException ex) { throw new CryptoException(res.getString("NoLoadOpenSslPrivateKey.exception.message"), ex); } }
From source file:net.sf.keystore_explorer.crypto.privatekey.Pkcs8Util.java
License:Open Source License
private static String getPrivateKeyAlgorithm(byte[] unencPkcs8) throws IOException, CryptoException { // @formatter:off /*//from www . j av a2 s . c o m * Get private key algorithm from unencrypted PKCS #8 bytes: * * PrivateKeyInfo ::= ASN1Sequence { version Version, * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, privateKey * PrivateKey, attributes [0] IMPLICIT Attributes OPTIONAL } * * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier * * AlgorithmIdentifier ::= ASN1Sequence { algorithm OBJECT IDENTIFIER, * parameters ANY DEFINED BY algorithm OPTIONAL } */ // @formatter:on ASN1InputStream ais = null; try { ais = new ASN1InputStream(new ByteArrayInputStream(unencPkcs8)); ASN1Encodable derEnc; try { derEnc = ais.readObject(); } catch (OutOfMemoryError err) // Happens with some non ASN.1 files { throw new CryptoException(res.getString("NoUnencryptedPkcs8.exception.message")); } if (!(derEnc instanceof ASN1Sequence)) { throw new CryptoException(res.getString("NoUnencryptedPkcs8.exception.message")); } ASN1Sequence privateKeyInfoSequence = (ASN1Sequence) derEnc; derEnc = privateKeyInfoSequence.getObjectAt(1); if (!(derEnc instanceof ASN1Sequence)) { throw new CryptoException(res.getString("NoUnencryptedPkcs8.exception.message")); } ASN1Sequence privateKeyAlgorithmSequence = (ASN1Sequence) derEnc; derEnc = privateKeyAlgorithmSequence.getObjectAt(0); if (!(derEnc instanceof ASN1ObjectIdentifier)) { throw new CryptoException(res.getString("NoUnencryptedPkcs8.exception.message")); } ASN1ObjectIdentifier algorithmOid = (ASN1ObjectIdentifier) derEnc; String oid = algorithmOid.getId(); if (oid.equals(RSA.oid())) { return RSA.jce(); } else if (oid.equals(DSA.oid())) { return DSA.jce(); } else { return oid; // Unknown algorithm } } finally { IOUtils.closeQuietly(ais); } }
From source file:net.sf.keystore_explorer.crypto.x509.X509CertificateGenerator.java
License:Open Source License
private ASN1Encodable getExtensionValue(X509Extension extensions, String oid) throws CryptoException { ASN1InputStream ais = null;/* w w w.j a v a2 s . co m*/ try { ais = new ASN1InputStream(extensions.getExtensionValue(oid)); return ais.readObject(); } catch (IOException ex) { throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex); } finally { IOUtils.closeQuietly(ais); } }
From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java
License:Open Source License
private String getNetscapeCertificateTypeStringValue(byte[] value) throws IOException { // @formatter:off /*/*from w w w . j ava 2s . c o m*/ * NetscapeCertType ::= BIT STRING { sslClient (0), sslServer (1), smime * (2), objectSigning (3), reserved (4), sslCA (5), smimeCA (6), * objectSigningCA (7) } */ // @formatter:on StringBuilder sb = new StringBuilder(); @SuppressWarnings("resource") // we have a ByteArrayInputStream here which does not need to be closed DERBitString netscapeCertType = DERBitString.getInstance(new ASN1InputStream(value).readObject()); int netscapeCertTypes = netscapeCertType.intValue(); if (isCertType(netscapeCertTypes, NetscapeCertType.sslClient)) { sb.append(res.getString("SslClientNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.sslServer)) { sb.append(res.getString("SslServerNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.smime)) { sb.append(res.getString("SmimeNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.objectSigning)) { sb.append(res.getString("ObjectSigningNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.reserved)) { sb.append(res.getString("ReservedNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.sslCA)) { sb.append(res.getString("SslCaNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.smimeCA)) { sb.append(res.getString("SmimeCaNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.objectSigningCA)) { sb.append(res.getString("ObjectSigningCaNetscapeCertificateType")); sb.append(NEWLINE); } return sb.toString(); }
From source file:net.sf.keystore_explorer.gui.dialogs.extensions.DKeyUsage.java
License:Open Source License
private void prepopulateWithValue(byte[] value) throws IOException { @SuppressWarnings("resource") // we have a ByteArrayInputStream here which does not need to be closed DERBitString keyUsage = DERBitString.getInstance(new ASN1InputStream(value).readObject()); int keyUsageValue = keyUsage.intValue(); jcbDigitalSignature.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.digitalSignature)); jcbNonRepudiation.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.nonRepudiation)); jcbKeyEncipherment.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.keyEncipherment)); jcbDataEncipherment.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.dataEncipherment)); jcbKeyAgreement.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.keyAgreement)); jcbCertificateSigning.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.keyCertSign)); jcbCrlSign.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.cRLSign)); jcbEncipherOnly.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.encipherOnly)); jcbDecipherOnly.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.decipherOnly)); }
From source file:net.sf.keystore_explorer.gui.dialogs.extensions.DNetscapeCertificateType.java
License:Open Source License
private void prepopulateWithValue(byte[] value) throws IOException { @SuppressWarnings("resource") // we have a ByteArrayInputStream here which does not need to be closed DERBitString netscapeCertType = DERBitString.getInstance(new ASN1InputStream(value).readObject()); int netscapeCertTypes = netscapeCertType.intValue(); jcbSslClient.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.sslClient)); jcbSslServer.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.sslServer)); jcbSmime.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.smime)); jcbObjectSigning.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.objectSigning)); jcbReserved.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.reserved)); jcbSslCa.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.sslCA)); jcbSmimeCa.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.smimeCA)); jcbObjectSigningCa.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.objectSigningCA)); }
From source file:net.sourceforge.javacardsign.iso7816_15.ElementaryFileDIR.java
License:Open Source License
public byte[] getEncoded() throws IOException { DERApplicationSpecific aid = new DERApplicationSpecific(15, this.aid); DERApplicationSpecific label = new DERApplicationSpecific(16, this.label.getBytes()); DERApplicationSpecific path = new DERApplicationSpecific(17, this.dfCiaPath); DERObjectIdentifier providerId = new DERObjectIdentifier(this.providerId); DERSet ddo = new DERSet(new ASN1Encodable[] { providerId }); byte[] tmp = new DERApplicationSpecific(false, 19, ddo).getEncoded(); tmp[0] |= DERTags.CONSTRUCTED;/*ww w . ja v a 2 s .co m*/ DERObject d = new ASN1InputStream(new ByteArrayInputStream(tmp)).readObject(); DERSet s = new DERSet(new ASN1Encodable[] { aid, label, path, d }); tmp = new DERApplicationSpecific(false, 1, s).getEncoded(); tmp[0] |= DERTags.CONSTRUCTED; return tmp; }