List of usage examples for org.bouncycastle.asn1 ASN1InputStream readObject
public ASN1Primitive readObject() throws IOException
From source file:org.cesecore.certificates.certificate.certextensions.BasicCertificateExtension.java
License:Open Source License
/** * Tries to read the hex-string as an DERObject. If it contains more than one ASN1Encodable object, return a DERSequence of the objects. *///from w w w . ja v a2 s . com private ASN1Encodable parseHexEncodedDERObject(String value) throws CertificateExtensionException { ASN1Encodable retval = null; if (value.matches("^\\p{XDigit}*")) { byte[] bytes = Hex.decode(value); try { ASN1InputStream ais = new ASN1InputStream(bytes); ASN1Encodable firstObject = ais.readObject(); if (ais.available() > 0) { ASN1EncodableVector ev = new ASN1EncodableVector(); ev.add(firstObject); while (ais.available() > 0) { ev.add(ais.readObject()); } retval = new DERSequence(ev); } else { retval = firstObject; } ais.close(); } catch (Exception e) { throw new CertificateExtensionException(intres.getLocalizedMessage("certext.basic.illegalvalue", value, Integer.valueOf(getId()), getOID())); } } else { throw new CertificateExtensionException(intres.getLocalizedMessage("certext.basic.illegalvalue", value, Integer.valueOf(getId()), getOID())); } return retval; }
From source file:org.cesecore.certificates.certificate.certextensions.BasicCertificateExtensionTest.java
License:Open Source License
/** * Test with dynamic=true and no static value specified. * * There should be an exception if no value was specified in ExtendedInformation. * But it should succeed if an value was specified in ExtendedInformation. *//* w w w .j a v a 2 s .c o m*/ @Test public void test13DynamicTrueNoStatic() throws Exception { Properties props = new Properties(); props.put("id1.property.encoding", "DERPRINTABLESTRING"); props.put("id1.property.dynamic", "true"); BasicCertificateExtension baseExt = new BasicCertificateExtension(); baseExt.init(1, "1.2.3", false, props); EndEntityInformation userData = new EndEntityInformation(); userData.setExtendedinformation(new ExtendedInformation()); // Fail without value specified try { baseExt.getValueEncoded(userData, null, null, null, null, null); fail("Should have failed as no value was specified in EI."); } catch (CertificateExtensionException ex) { assertEquals(intres.getLocalizedMessage("certext.basic.incorrectvalue", 1, "1.2.3"), ex.getMessage()); } // Success with value specified userData.getExtendedinformation().setExtensionData("1.2.3", "The value 123"); ASN1InputStream in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null, null))); try { ASN1Encodable value1 = in.readObject(); assertTrue(value1.getClass().toString(), value1 instanceof DERPrintableString); assertEquals("The value 123", ((DERPrintableString) value1).getString()); } finally { in.close(); } }
From source file:org.cesecore.certificates.certificate.certextensions.BasicCertificateExtensionTest.java
License:Open Source License
/** * Test with dynamic=true and and a static value specified. * * The static value should be used if no value was specified in ExtendedInformation. * The value from ExtendedInformation should be used if present. *//*from w w w. j av a2 s .c o m*/ @Test public void test14DynamicTrueStatic() throws Exception { Properties props = new Properties(); props.put("id1.property.encoding", "DERPRINTABLESTRING"); props.put("id1.property.dynamic", "true"); props.put("id1.property.value", "The static value 123"); BasicCertificateExtension baseExt = new BasicCertificateExtension(); baseExt.init(1, "1.2.3", false, props); EndEntityInformation userData = new EndEntityInformation(); userData.setExtendedinformation(new ExtendedInformation()); // Without value in userdata, the static value is used ASN1InputStream in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null, null))); ASN1Encodable value1 = in.readObject(); assertTrue(value1.getClass().toString(), value1 instanceof DERPrintableString); assertEquals("The static value 123", ((DERPrintableString) value1).getString()); // With value in userdata, that value is used userData.getExtendedinformation().setExtensionData("1.2.3", "A dynamic value 123"); in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null, null))); value1 = in.readObject(); assertTrue(value1.getClass().toString(), value1 instanceof DERPrintableString); assertEquals("A dynamic value 123", ((DERPrintableString) value1).getString()); }
From source file:org.cesecore.certificates.certificate.certextensions.BasicCertificateExtensionTest.java
License:Open Source License
/** * Test with dynamic=true and and a static value specified where nvalues are used. * * The static values should be used if no value was specified in ExtendedInformation. * The values from ExtendedInformation should be used if present. *//* ww w . j ava 2 s . co m*/ @SuppressWarnings("unchecked") @Test public void test15DynamicTrueStaticNvalues() throws Exception { Properties props = new Properties(); props.put("id1.property.encoding", "DERPRINTABLESTRING"); props.put("id1.property.dynamic", "true"); props.put("id1.property.nvalues", "3"); props.put("id1.property.value1", "The static value 1"); props.put("id1.property.value2", "The static value 2"); props.put("id1.property.value3", "The static value 3"); BasicCertificateExtension baseExt = new BasicCertificateExtension(); baseExt.init(1, "1.2.3", false, props); EndEntityInformation userData = new EndEntityInformation(); userData.setExtendedinformation(new ExtendedInformation()); // Without value in userdata, the static values is used ASN1InputStream in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null, null))); ASN1Encodable value = in.readObject(); assertTrue(value.getClass().toString(), value instanceof DLSequence); DLSequence seq = (DLSequence) value; assertEquals(3, seq.size()); Enumeration<ASN1Encodable> e = seq.getObjects(); int i = 1; while (e.hasMoreElements()) { ASN1Encodable v = e.nextElement(); assertTrue(v.getClass().toString(), v instanceof DERPrintableString); String str = ((DERPrintableString) v).getString(); assertEquals(str, "The static value " + i++); } // With values in userdata, that values is used userData.getExtendedinformation().setExtensionData("1.2.3.value1", "A dynamic value 1"); userData.getExtendedinformation().setExtensionData("1.2.3.value2", "A dynamic value 2"); userData.getExtendedinformation().setExtensionData("1.2.3.value3", "A dynamic value 3"); in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null, null))); value = in.readObject(); assertTrue(value.getClass().toString(), value instanceof DLSequence); seq = (DLSequence) value; assertEquals(3, seq.size()); e = seq.getObjects(); i = 1; while (e.hasMoreElements()) { ASN1Encodable v = (ASN1Encodable) e.nextElement(); assertTrue(v.getClass().toString(), v instanceof DERPrintableString); String str = ((DERPrintableString) v).getString(); assertEquals(str, "A dynamic value " + i++); } }
From source file:org.cesecore.certificates.certificate.certextensions.BasicCertificateExtensionTest.java
License:Open Source License
/** * Test that without dynamic specified it defaults to dynamic=false. * * The static value should be used regardless of there was a value in * ExtendedInformation or not.//from www . j a v a2s .c o m */ @Test public void test16DynamicDefaultsToFalse() throws Exception { Properties props = new Properties(); props.put("id1.property.encoding", "DERPRINTABLESTRING"); props.put("id1.property.value", "The static value"); BasicCertificateExtension baseExt = new BasicCertificateExtension(); baseExt.init(1, "1.2.3", false, props); EndEntityInformation userData = new EndEntityInformation(); userData.setExtendedinformation(new ExtendedInformation()); // Ok without value specified ASN1InputStream in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null, null))); ASN1Encodable value1 = in.readObject(); assertTrue(value1.getClass().toString(), value1 instanceof DERPrintableString); assertEquals("The static value", ((DERPrintableString) value1).getString()); // Ignoring dynamic value specified userData.getExtendedinformation().setExtensionData("1.2.3", "The value 123"); in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null, null))); value1 = in.readObject(); assertTrue(value1.getClass().toString(), value1 instanceof DERPrintableString); assertEquals("The static value", ((DERPrintableString) value1).getString()); }
From source file:org.cesecore.certificates.certificate.certextensions.BasicCertificateExtensionTest.java
License:Open Source License
/** * Same as test16DynamicDefaultsToFalse but with dynamic explicitly set to * false.//from w w w. ja v a2 s .c om */ @Test public void test17DynamicFalse() throws Exception { Properties props = new Properties(); props.put("id1.property.encoding", "DERPRINTABLESTRING"); props.put("id1.property.value", "The static value"); props.put("id1.property.dynamic", "false"); BasicCertificateExtension baseExt = new BasicCertificateExtension(); baseExt.init(1, "1.2.3", false, props); EndEntityInformation userData = new EndEntityInformation(); userData.setExtendedinformation(new ExtendedInformation()); // Ok without value specified ASN1InputStream in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null, null))); ASN1Encodable value = in.readObject(); assertTrue(value.getClass().toString(), value instanceof DERPrintableString); assertEquals("The static value", ((DERPrintableString) value).getString()); // Ignoring dynamic value specified userData.getExtendedinformation().setExtensionData("1.2.3", "The value 123"); in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null, null))); value = in.readObject(); assertTrue(value.getClass().toString(), value instanceof DERPrintableString); assertEquals("The static value", ((DERPrintableString) value).getString()); }
From source file:org.cesecore.certificates.certificate.certextensions.BasicCertificateExtensionTest.java
License:Open Source License
/** * Test with dynamic=true and value specified with key 1.2.3.value=. *//*from w w w. j ava 2 s. c o m*/ @Test public void test18DynamicValueValue() throws Exception { Properties props = new Properties(); props.put("id1.property.encoding", "DERPRINTABLESTRING"); props.put("id1.property.dynamic", "true"); BasicCertificateExtension baseExt = new BasicCertificateExtension(); baseExt.init(1, "1.2.3", false, props); EndEntityInformation userData = new EndEntityInformation(); userData.setExtendedinformation(new ExtendedInformation()); // Success with value specified userData.getExtendedinformation().setExtensionData("1.2.3.value", "The value 456"); ASN1InputStream in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null, null))); try { ASN1Encodable value1 = in.readObject(); assertTrue(value1.getClass().toString(), value1 instanceof DERPrintableString); assertEquals("The value 456", ((DERPrintableString) value1).getString()); } finally { in.close(); } }
From source file:org.cesecore.certificates.certificate.certextensions.BasicCertificateExtensionTest.java
License:Open Source License
@Test public void test20CertExtensionEncoding() throws Exception { Properties props = new Properties(); props.put("id1.property.encoding", "DERIA5STRING"); props.put("id1.property.value", "This is a printable string"); BasicCertificateExtension baseExt = new BasicCertificateExtension(); baseExt.init(1, "1.2.3", false, props); byte[] value = baseExt.getValueEncoded(null, null, null, null, null, null); ExtensionsGenerator extgen = new ExtensionsGenerator(); extgen.addExtension(new ASN1ObjectIdentifier(baseExt.getOID()), baseExt.isCriticalFlag(), value); Extensions exts = extgen.generate(); ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(baseExt.getOID()); Extension ext = exts.getExtension(oid); assertNotNull(ext);/*from w ww . j ava 2s .co m*/ // Read the extension value, it's a DERIA5String wrapped in an ASN1OctetString ASN1OctetString str = ext.getExtnValue(); ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(str.getOctets())); DERIA5String ia5str = (DERIA5String) aIn.readObject(); aIn.close(); assertEquals("This is a printable string", ia5str.getString()); }
From source file:org.cesecore.certificates.certificate.certextensions.standard.AuthorityKeyIdentifier.java
License:Open Source License
@Override public ASN1Encodable getValue(final EndEntityInformation subject, final CA ca, final CertificateProfile certProfile, final PublicKey userPublicKey, final PublicKey caPublicKey, CertificateValidity val) throws CertificateExtensionException { org.bouncycastle.asn1.x509.AuthorityKeyIdentifier ret = null; // Default value is that we calculate it from scratch! // (If this is a root CA we must calculate the AuthorityKeyIdentifier from scratch) // (If the CA signing this cert does not have a SubjectKeyIdentifier we must calculate the AuthorityKeyIdentifier from scratch) final byte[] keybytes = caPublicKey.getEncoded(); ASN1InputStream inputStream = new ASN1InputStream(new ByteArrayInputStream(keybytes)); try {/* w w w .j a v a 2 s .c om*/ try { final SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence) inputStream.readObject()); ret = new org.bouncycastle.asn1.x509.AuthorityKeyIdentifier(apki); // If we have a CA-certificate (i.e. this is not a Root CA), we must take the authority key identifier from // the CA-certificates SubjectKeyIdentifier if it exists. If we don't do that we will get the wrong identifier if the // CA does not follow RFC3280 (guess if MS-CA follows RFC3280?) final X509Certificate cacert = (X509Certificate) ca.getCACertificate(); final boolean isRootCA = (certProfile.getType() == CertificateConstants.CERTTYPE_ROOTCA); if ((cacert != null) && (!isRootCA)) { byte[] akibytes; akibytes = CertTools.getSubjectKeyId(cacert); if (akibytes != null) { // TODO: The code below is snipped from AuthorityKeyIdentifier.java in BC 1.36, because there is no method there // to set only a pre-computed key identifier // This should be replaced when such a method is added to BC final ASN1OctetString keyidentifier = new DEROctetString(akibytes); final ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DERTaggedObject(false, 0, keyidentifier)); final ASN1Sequence seq = new DERSequence(v); ret = org.bouncycastle.asn1.x509.AuthorityKeyIdentifier.getInstance(seq); if (log.isDebugEnabled()) { log.debug("Using AuthorityKeyIdentifier from CA-certificates SubjectKeyIdentifier."); } } } } finally { inputStream.close(); } } catch (IOException e) { throw new CertificateExtensionException("IOException parsing CA public key: " + e.getMessage(), e); } return ret; }
From source file:org.cesecore.certificates.certificate.request.RequestMessageUtils.java
License:Open Source License
public static RequestMessage getSimpleRequestMessageFromType(final String username, final String password, final String req, final int reqType) throws SignRequestSignatureException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, IOException, SignatureException, InvalidKeySpecException, ParseException, ConstructionException, NoSuchFieldException { RequestMessage ret = null;// ww w . ja v a 2s . c o m if (reqType == CertificateConstants.CERT_REQ_TYPE_PKCS10) { final RequestMessage pkcs10req = RequestMessageUtils.genPKCS10RequestMessage(req.getBytes()); final PublicKey pubKey = pkcs10req.getRequestPublicKey(); SimpleRequestMessage simplereq = new SimpleRequestMessage(pubKey, username, password); final Extensions ext = pkcs10req.getRequestExtensions(); simplereq.setRequestExtensions(ext); ret = simplereq; } else if (reqType == CertificateConstants.CERT_REQ_TYPE_SPKAC) { byte[] reqBytes = req.getBytes(); if (reqBytes != null) { if (log.isDebugEnabled()) { log.debug("Received NS request: " + new String(reqBytes)); } byte[] buffer = Base64.decode(reqBytes); if (buffer == null) { return null; } ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(buffer)); ASN1Sequence spkacSeq = (ASN1Sequence) in.readObject(); in.close(); NetscapeCertRequest nscr = new NetscapeCertRequest(spkacSeq); // Verify POPO, we don't care about the challenge, it's not important. nscr.setChallenge("challenge"); if (nscr.verify("challenge") == false) { if (log.isDebugEnabled()) { log.debug("SPKAC POPO verification Failed"); } throw new SignRequestSignatureException( "Invalid signature in NetscapeCertRequest, popo-verification failed."); } if (log.isDebugEnabled()) { log.debug("POPO verification successful"); } PublicKey pubKey = nscr.getPublicKey(); ret = new SimpleRequestMessage(pubKey, username, password); } } else if (reqType == CertificateConstants.CERT_REQ_TYPE_CRMF) { byte[] request = Base64.decode(req.getBytes()); ASN1InputStream in = new ASN1InputStream(request); try { ASN1Sequence crmfSeq = (ASN1Sequence) in.readObject(); ASN1Sequence reqSeq = (ASN1Sequence) ((ASN1Sequence) crmfSeq.getObjectAt(0)).getObjectAt(0); CertRequest certReq = CertRequest.getInstance(reqSeq); SubjectPublicKeyInfo pKeyInfo = certReq.getCertTemplate().getPublicKey(); KeyFactory keyFact = KeyFactory.getInstance("RSA", "BC"); KeySpec keySpec = new X509EncodedKeySpec(pKeyInfo.getEncoded()); PublicKey pubKey = keyFact.generatePublic(keySpec); // just check it's ok SimpleRequestMessage simplereq = new SimpleRequestMessage(pubKey, username, password); Extensions ext = certReq.getCertTemplate().getExtensions(); simplereq.setRequestExtensions(ext); ret = simplereq; } finally { in.close(); } // a simple crmf is not a complete PKI message, as desired by the CrmfRequestMessage class //PKIMessage msg = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream(request)).readObject()); //CrmfRequestMessage reqmsg = new CrmfRequestMessage(msg, null, true, null); //imsg = reqmsg; } else if (reqType == CertificateConstants.CERT_REQ_TYPE_PUBLICKEY) { byte[] request; // Request can be Base64 encoded or in PEM format try { request = FileTools.getBytesFromPEM(req.getBytes(), CertTools.BEGIN_PUBLIC_KEY, CertTools.END_PUBLIC_KEY); } catch (IOException ex) { try { request = Base64.decode(req.getBytes()); if (request == null) { throw new IOException("Base64 decode of buffer returns null"); } } catch (DecoderException de) { throw new IOException("Base64 decode fails, message not base64 encoded: " + de.getMessage()); } } final PublicKey pubKey = KeyTools.getPublicKeyFromBytes(request); ret = new SimpleRequestMessage(pubKey, username, password); } else if (reqType == CertificateConstants.CERT_REQ_TYPE_CVC) { CVCObject parsedObject = CertificateParser.parseCVCObject(Base64.decode(req.getBytes())); // We will handle both the case if the request is an authenticated request, i.e. with an outer signature // and when the request is missing the (optional) outer signature. CVCertificate cvccert = null; if (parsedObject instanceof CVCAuthenticatedRequest) { CVCAuthenticatedRequest cvcreq = (CVCAuthenticatedRequest) parsedObject; cvccert = cvcreq.getRequest(); } else { cvccert = (CVCertificate) parsedObject; } CVCRequestMessage reqmsg = new CVCRequestMessage(cvccert.getDEREncoded()); reqmsg.setUsername(username); reqmsg.setPassword(password); // Popo is really actually verified by the CA (in SignSessionBean) as well if (reqmsg.verify() == false) { if (log.isDebugEnabled()) { log.debug("CVC POPO verification Failed"); } throw new SignRequestSignatureException( "Invalid inner signature in CVCRequest, popo-verification failed."); } else { if (log.isDebugEnabled()) { log.debug("POPO verification successful"); } } ret = reqmsg; } return ret; }