List of usage examples for org.bouncycastle.asn1 ASN1InputStream readObject
public ASN1Primitive readObject() throws IOException
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
public static Map<String, String> getCertPolicies(byte[] certPols, int index) throws CertificateParsingException, IOException { Map<String, String> ret = new HashMap<String, String>(); if (certPols == null) { return null; }//from ww w. ja v a 2 s. c om ASN1InputStream oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(certPols)); ASN1Primitive derObjCP = oAsnInStream.readObject(); DEROctetString dosCP = (DEROctetString) derObjCP; byte[] cpOctets = dosCP.getOctets(); ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(cpOctets)); ASN1Primitive derObj2 = oAsnInStream2.readObject(); DLSequence dlCP = (DLSequence) derObj2; int seqLen = dlCP.size(); for (int i = 0; i < seqLen; i++) { ASN1Encodable nextObj = dlCP.getObjectAt(i); DLSequence dlCP2 = (DLSequence) nextObj; // for(int j = 0; j < dlCP2.size(); j++){ ASN1Encodable nextObj2 = dlCP2.getObjectAt(0); ASN1ObjectIdentifier pcOID = (ASN1ObjectIdentifier) nextObj2; ret.put(String.format(CERT_POL_OID, index), pcOID.toString()); if (pcOID.toString().startsWith(ICP_BRASIL_PC_PREFIX_OID)) { ret.put(String.format(CertConstants.CERT_USAGE_D, index), getCertUsage(pcOID.toString())); } if (dlCP2.size() == 2) { nextObj2 = dlCP2.getObjectAt(1); ASN1Encodable nextObj3 = null; if (nextObj2 instanceof DLSequence) { DLSequence dlCP3 = (DLSequence) nextObj2; nextObj3 = dlCP3.getObjectAt(0); } else if (nextObj2 instanceof DERSequence) { DERSequence dlCP3 = (DERSequence) nextObj2; if (dlCP3.size() > 1) { nextObj3 = dlCP3.getObjectAt(0); } } if (nextObj3 != null) { DLSequence dlCP4 = (DLSequence) nextObj3; ASN1Encodable nextObj4a = dlCP4.getObjectAt(0); ASN1Encodable nextObj4b = dlCP4.getObjectAt(1); ret.put(String.format(CERT_POL_QUALIFIER, index), nextObj4b.toString()); } } } return ret; }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
public static List<String> getCrlDistributionPoints(byte[] crldpExt) throws CertificateParsingException, IOException { if (crldpExt == null) { return new ArrayList<String>(); }/*from w w w . ja v a 2 s . c o m*/ ASN1InputStream oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(crldpExt)); ASN1Primitive derObjCrlDP = oAsnInStream.readObject(); DEROctetString dosCrlDP = (DEROctetString) derObjCrlDP; byte[] crldpExtOctets = dosCrlDP.getOctets(); ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets)); ASN1Primitive derObj2 = oAsnInStream2.readObject(); CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2); List<String> crlUrls = new ArrayList<String>(); for (DistributionPoint dp : distPoint.getDistributionPoints()) { DistributionPointName dpn = dp.getDistributionPoint(); // Look for URIs in fullName if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for an URI for (int j = 0; j < genNames.length; j++) { if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(genNames[j].getName()).getString(); crlUrls.add(url); } } } } return crlUrls; }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
private static ASN1Primitive getObject(String oid, byte[] ext) throws CRLException { try {//from w w w . j a va 2 s . co m ASN1InputStream aIn = new ASN1InputStream(ext); ASN1OctetString octs = (ASN1OctetString) aIn.readObject(); aIn = new ASN1InputStream(octs.getOctets()); return aIn.readObject(); } catch (Exception e) { throw new CRLException("exception processing extension " + oid, e); //$NON-NLS-1$ } }
From source file:br.gov.frameworkdemoiselle.certificate.oid.OIDGeneric.java
License:Open Source License
/** * Instance for object.// ww w. ja v a 2 s .co m * * @param data -> byte array with certificate content. * @return Object GenericOID * @throws IOException * @throws Exception */ public static OIDGeneric getInstance(byte[] data) throws IOException, Exception { ASN1InputStream is = new ASN1InputStream(data); DERSequence sequence = (DERSequence) is.readObject(); DERObjectIdentifier objectIdentifier = (DERObjectIdentifier) sequence.getObjectAt(0); DERTaggedObject tag = (DERTaggedObject) sequence.getObjectAt(1); DEROctetString octetString = null; DERPrintableString printableString = null; DERUTF8String utf8String = null; DERIA5String ia5String = null; try { octetString = (DEROctetString) DEROctetString.getInstance(tag); } catch (Exception ex) { try { printableString = DERPrintableString.getInstance(tag); } catch (Exception e1) { try { utf8String = DERUTF8String.getInstance(tag); } catch (Exception e2) { ia5String = DERIA5String.getInstance(tag); } } } String className = "br.gov.frameworkdemoiselle.certificate.oid.OID_" + objectIdentifier.getId().replaceAll("[.]", "_"); OIDGeneric oidGenerico; try { oidGenerico = (OIDGeneric) Class.forName(className).newInstance(); } catch (InstantiationException e) { throw new Exception("Can not instace class '" + className + "'.", e); } catch (IllegalAccessException e) { throw new Exception("Was not possible instace class '" + className + "'.", e); } catch (ClassNotFoundException e) { oidGenerico = new OIDGeneric(); } oidGenerico.setOid(objectIdentifier.getId()); if (octetString != null) { oidGenerico.setData(new String(octetString.getOctets())); } else if (printableString != null) { oidGenerico.setData(printableString.getString()); } else if (utf8String != null) { oidGenerico.setData(utf8String.getString()); } else { oidGenerico.setData(ia5String.getString()); } oidGenerico.initialize(); return oidGenerico; }
From source file:br.gov.frameworkdemoiselle.certificate.signer.util.ValidadorUtil.java
License:Open Source License
public static void validate(X509Certificate certificate) { /*/* w w w.j a v a2 s. c om*/ * Assinaturas digitais geradas segundo esta Poltica de Assinatura * devero ser criadas com chave privada associada ao certificado * ICP-Brasil * tipo A1 (do OID 2.16.76.1.2.1.1 ao OID * 2.16.76.1.2.1.100), tipo A2 (do OID 2.16.76.1.2.2.1 ao OID * 2.16.76.1.2.2.100), do tipo A3 (do OID 2.16.76.1.2.3.1 ao OID * 2.16.76.1.2.3.100) e do tipo A4 (do OID 2.16.76.1.2.4.1 ao OID * 2.16.76.1.2.4.100), conforme definido em DOC-ICP-04. */ try { byte[] val1 = certificate.getExtensionValue("2.5.29.32"); ASN1InputStream ans1InputStream = new ASN1InputStream(new ByteArrayInputStream(val1)); DERObject derObject = ans1InputStream.readObject(); ans1InputStream.close(); DEROctetString derOctetString = (DEROctetString) derObject; byte[] val2 = derOctetString.getOctets(); ASN1InputStream asn1InputStream2 = new ASN1InputStream(new ByteArrayInputStream(val2)); DERObject derObject2 = asn1InputStream2.readObject(); asn1InputStream2.close(); DERSequence derSequence = (DERSequence) derObject2; DERSequence derObject3 = (DERSequence) derSequence.getObjectAt(0).getDERObject(); DERObjectIdentifier objectIdentifier = (DERObjectIdentifier) derObject3.getObjectAt(0); String identificador = objectIdentifier.toString(); if (!(identificador.startsWith("2.16.76.1.2.1.") || identificador.startsWith("2.16.76.1.2.2.") || identificador.startsWith("2.16.76.1.2.3.") || identificador.startsWith("2.16.76.1.2.4."))) { throw new SignerException("O OID no corresponde a uma Poltica de Certificado."); } int sufixo = Integer.parseInt(identificador.substring(identificador.lastIndexOf(".") + 1)); if (sufixo < 1 || sufixo > 100) { throw new SignerException("O certificado deve ser do tipo A1, A2, A3 ou A4."); } } catch (Throwable error) { throw new SignerException( "A assinaturas digital deve ser criada com chave privada associada ao certificado ICP-Brasil tipo A1, A2, A3 ou A4", error); } }
From source file:br.gov.jfrj.siga.cd.AssinaturaDigital.java
License:Open Source License
/** * Read an existing PKCS#7 object from a DER encoded byte array *//*from w w w . j a v a 2s .c o m*/ protected static org.bouncycastle.asn1.pkcs.SignedData pkcs7SignedData(byte[] in) { ASN1InputStream din = new ASN1InputStream(new ByteArrayInputStream(in)); // // Basic checks to make sure it's a PKCS#7 SignedData Object // ASN1Primitive pkcs; try { pkcs = din.readObject(); } catch (IOException e) { throw new SecurityException("can't decode PKCS7SignedData object"); } finally { try { din.close(); } catch (IOException e) { e.printStackTrace(); } } if (!(pkcs instanceof ASN1Sequence)) { throw new SecurityException("Not a valid PKCS#7 object - not a sequence"); } ContentInfo content = ContentInfo.getInstance(pkcs); org.bouncycastle.asn1.pkcs.SignedData data = org.bouncycastle.asn1.pkcs.SignedData .getInstance(content.getContent()); return data; }
From source file:br.gov.jfrj.siga.cd.AssinaturaDigital.java
License:Open Source License
/** * Read an existing PKCS#7 object from a DER encoded byte array *///from w ww . j a v a 2 s . c om protected static org.bouncycastle.asn1.cms.SignedData cmsSignedData(byte[] in) { ASN1InputStream din = new ASN1InputStream(new ByteArrayInputStream(in)); // // Basic checks to make sure it's a PKCS#7 SignedData Object // ASN1Primitive cms; try { cms = din.readObject(); } catch (IOException e) { throw new SecurityException("can't decode CMSSignedData object"); } finally { try { din.close(); } catch (IOException e) { e.printStackTrace(); } } if (!(cms instanceof ASN1Sequence)) { throw new SecurityException("Not a valid PKCS#7 object - not a sequence"); } ContentInfo content = ContentInfo.getInstance(cms); org.bouncycastle.asn1.cms.SignedData data = org.bouncycastle.asn1.cms.SignedData .getInstance(content.getContent()); return data; }
From source file:br.gov.jfrj.siga.cd.CRLLocator.java
License:Open Source License
/** * Uma vez instanciado o objeto, possvel fazer a busca da CRL referente * ao certificado a ser verificado. A CRL retornada, independente do * construtor utilizado, desde que esteja disponvel. * // w w w.j a va2s. co m * @return um objeto X509CRLObject para uso posterior. * @throws CRLException */ public X509CRLObject getCRL() throws InvalidCRLException, CRLException { try { if (this.certificate != null) this.getRemoteCRL(); else this.getLocalCRL(); // Maneira um pouco mais dificil de instanciar um X509CRLObject final ByteArrayInputStream bis = new ByteArrayInputStream(this.crl); final ASN1InputStream stream = new ASN1InputStream(bis); final CertificateList cl = new CertificateList((ASN1Sequence) stream.readObject()); return new SigaX509CRLObject(cl); } catch (final MalformedURLException e) { throw new InvalidCRLException("URL de acesso a CRL est mal formada ou invlida! (" + this.uri + ")", e); } catch (final ProtocolException e) { throw new InvalidCRLException( "Falha ao setar o mtodo HTTP/GET para fazer o download da CRL! (" + this.uri + ")", e); } catch (final IOException e) { throw new InvalidCRLException("Falha ao gerar a CRL! (" + this.uri + ")", e); } }
From source file:br.gov.jfrj.siga.cd.TimeStamper.java
License:Open Source License
/** * Modyfy PKCS#7 data by adding timestamp * //from w w w . j ava2 s . co m * (at) param signedData (at) throws Exception */ public static CMSSignedData addTimestamp(CMSSignedData signedData) throws Exception { Collection ss = signedData.getSignerInfos().getSigners(); SignerInformation si = (SignerInformation) ss.iterator().next(); TimeStampToken tok = getTimeStampToken(si.getSignature()); // CertStore certs = tok.getCertificatesAndCRLs("Collection", "BC"); Store certs = tok.getCertificates(); Store certsAndCrls = AssinaturaDigital.buscarCrlParaCadaCertificado(certs); CMSSignedData cmssdcrl = CMSSignedData.replaceCertificatesAndCRLs(tok.toCMSSignedData(), certsAndCrls, certsAndCrls, certsAndCrls); tok = new TimeStampToken(cmssdcrl); ASN1InputStream asn1InputStream = new ASN1InputStream(tok.getEncoded()); ASN1Primitive tstDER = asn1InputStream.readObject(); DERSet ds = new DERSet(tstDER); Attribute a = new Attribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, ds); ASN1EncodableVector dv = new ASN1EncodableVector(); dv.add(a); AttributeTable at = new AttributeTable(dv); si = SignerInformation.replaceUnsignedAttributes(si, at); ss.clear(); ss.add(si); SignerInformationStore sis = new SignerInformationStore(ss); signedData = CMSSignedData.replaceSigners(signedData, sis); return signedData; }
From source file:ca.trustpoint.m2m.M2mCertificateFactory.java
License:Apache License
/** * Generates a certificate object and initializes it with the data read from the * {@link java.io.InputStream InputStream} {@code inStream}. * * <p>// ww w.j av a 2s. co m * The returned certificate object can be casted to the {@link M2mCertificate M2MCertificate} * class. * * <p> * The certificate provided in {@code inStream} must be DER-encoded and may be supplied in binary * or printable (Base64) encoding. If the certificate is provided in Base64 encoding, it must be * bounded at the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at the end by * -----END CERTIFICATE-----. * * <p> * Note that if the given input stream does not support {@link java.io.InputStream#mark(int) mark} * and {@link java.io.InputStream#reset() reset}, this method will consume the entire input * stream. Otherwise, each call to this method consumes one certificate and the read position of * the input stream is positioned to the next available byte after the inherent end-of-certificate * marker. If the data in the input stream does not contain an inherent end-of-certificate marker * (other than EOF) and there is trailing data after the certificate is parsed, a * {@link java.security.cert.CertificateException CertificateException} is thrown. * * @param inStream an input stream with the certificate data. * * @return a certificate object initialized with the data from the input stream. * * @exception CertificateException on parsing errors. */ @Override public Certificate engineGenerateCertificate(InputStream inStream) throws CertificateException { if (inStream == null) { throw new IllegalArgumentException("input stream is null"); } try { ASN1InputStream aIn = new ASN1InputStream(inStream); ASN1ApplicationSpecific app = ASN1ApplicationSpecific.getInstance(aIn.readObject()); aIn.close(); int appTag = app.getApplicationTag(); if (appTag != M2mCertificate.APPLICATION_TAG_NUMBER) { throw new IOException("not M2M certificate application tag: " + appTag); } ASN1Sequence seq = (ASN1Sequence) app.getObject(BERTags.SEQUENCE); if (seq.size() != 2) { throw new IOException("sequence wrong size for a M2M certificate"); } // Construct M2M certificate M2mCertificate cert = new M2mCertificate(); for (int i = 0; i < seq.size(); i++) { ASN1TaggedObject obj = (ASN1TaggedObject) seq.getObjectAt(i); CertificateFields tag = CertificateFields.getInstance(obj.getTagNo()); switch (tag) { case TBS_CERTIFICATE: ASN1Sequence tbsCertificate = ASN1Sequence.getInstance(obj, false); parseTbsCertificate(tbsCertificate, cert); break; case CA_CALC_VALUE: ASN1OctetString cACalcValue = ASN1OctetString.getInstance(obj, false); cert.setCaCalcValue(cACalcValue.getOctets()); break; default: throw new IOException("unknown M2M data field number: " + tag.getTagNumber()); } } return cert; } catch (Exception e) { // Catch all exceptions and convert it to a CertificateException throw new CertificateException("exception on parsing certificate data", e); } }