List of usage examples for org.bouncycastle.asn1 ASN1InputStream readObject
public ASN1Primitive readObject() throws IOException
From source file:org.jmrtd.lds.SignedDataUtil.java
License:Open Source License
public static SignedData readSignedData(InputStream inputStream) throws IOException { ASN1InputStream asn1in = new ASN1InputStream(inputStream); ASN1Sequence sequence = (ASN1Sequence) asn1in.readObject(); if (sequence.size() != 2) { throw new IOException( "Was expecting a DER sequence of length 2, found a DER sequence of length " + sequence.size()); }//from www . j av a 2 s .c o m String contentTypeOID = ((ASN1ObjectIdentifier) sequence.getObjectAt(0)).getId(); if (!SignedDataUtil.RFC_3369_SIGNED_DATA_OID.equals(contentTypeOID)) { throw new IOException("Was expecting signed-data content type OID (" + SignedDataUtil.RFC_3369_SIGNED_DATA_OID + "), found " + contentTypeOID); } ASN1Primitive asn1SequenceWithSignedData = SignedDataUtil .getObjectFromTaggedObject(sequence.getObjectAt(1)); if (!(asn1SequenceWithSignedData instanceof ASN1Sequence)) { throw new IOException("Was expecting an ASN.1 sequence as content"); } return SignedData.getInstance(asn1SequenceWithSignedData); }
From source file:org.jmrtd.lds.SignedDataUtil.java
License:Open Source License
public static ASN1Primitive getContent(SignedData signedData) { ContentInfo encapContentInfo = signedData.getEncapContentInfo(); String contentType = encapContentInfo.getContentType().getId(); DEROctetString eContent = (DEROctetString) encapContentInfo.getContent(); ASN1InputStream inputStream = null; try {/*from ww w .j ava 2 s .c o m*/ inputStream = new ASN1InputStream(new ByteArrayInputStream(eContent.getOctets())); ASN1Primitive firstObject = inputStream.readObject(); return firstObject; } catch (IOException ioe) { LOGGER.log(Level.WARNING, "Unexpected exception", ioe); } finally { if (inputStream != null) { try { inputStream.close(); } catch (IOException ioe) { LOGGER.log(Level.WARNING, "Exception closing input stream"); /* At least we tried... */ } } } return null; }
From source file:org.jmrtd.lds.SignedDataUtil.java
License:Open Source License
public static ASN1Sequence createCertificate(X509Certificate cert) throws CertificateException { try {/*from w w w . j a v a 2 s .c o m*/ byte[] certSpec = cert.getEncoded(); ASN1InputStream asn1In = new ASN1InputStream(certSpec); try { ASN1Sequence certSeq = (ASN1Sequence) asn1In.readObject(); return certSeq; } finally { asn1In.close(); } } catch (IOException ioe) { throw new CertificateException("Could not construct certificate byte stream"); } }
From source file:org.jmrtd.lds.SODFile.java
License:Open Source License
/** * Reads the security object (containing the hashes * of the data groups) found in the SignedData field. * * @return the security object/*from w w w . j ava 2 s .c o m*/ * * @throws IOException */ private static LDSSecurityObject getLDSSecurityObject(SignedData signedData) { try { ContentInfo encapContentInfo = signedData.getEncapContentInfo(); String contentType = encapContentInfo.getContentType().getId(); DEROctetString eContent = (DEROctetString) encapContentInfo.getContent(); if (!(ICAO_LDS_SOD_OID.equals(contentType) || SDU_LDS_SOD_OID.equals(contentType) || ICAO_LDS_SOD_ALT_OID.equals(contentType))) { LOGGER.warning("SignedData does not appear to contain an LDS SOd. (content type is " + contentType + ", was expecting " + ICAO_LDS_SOD_OID + ")"); } ASN1InputStream inputStream = new ASN1InputStream(new ByteArrayInputStream(eContent.getOctets())); Object firstObject = inputStream.readObject(); if (!(firstObject instanceof ASN1Sequence)) { throw new IllegalStateException( "Expected ASN1Sequence, found " + firstObject.getClass().getSimpleName()); } LDSSecurityObject sod = LDSSecurityObject.getInstance(firstObject); Object nextObject = inputStream.readObject(); if (nextObject != null) { LOGGER.warning("Ignoring extra object found after LDSSecurityObject..."); } return sod; } catch (IOException ioe) { throw new IllegalStateException("Could not read security object in signedData"); } }
From source file:org.jmrtd.Util.java
License:Open Source License
/** * For ECDSA the EAC 1.11 specification requires the signature to be stripped down from any ASN.1 wrappers, as so. * * @param signedData signed data/*from w w w .j av a2 s.c om*/ * @param keySize key size * * @return signature without wrappers * * @throws IOException on error */ public static byte[] getRawECDSASignature(byte[] signedData, int keySize) throws IOException { ASN1InputStream asn1In = new ASN1InputStream(signedData); ByteArrayOutputStream out = new ByteArrayOutputStream(); try { ASN1Sequence obj = (ASN1Sequence) asn1In.readObject(); Enumeration<ASN1Primitive> e = obj.getObjects(); while (e.hasMoreElements()) { ASN1Integer i = (ASN1Integer) e.nextElement(); byte[] t = i.getValue().toByteArray(); t = alignKeyDataToSize(t, keySize); out.write(t); } out.flush(); return out.toByteArray(); } finally { asn1In.close(); out.close(); } }
From source file:org.jmrtd.Util.java
License:Open Source License
public static SubjectPublicKeyInfo toSubjectPublicKeyInfo(PublicKey publicKey) { try {// w w w . jav a2s. c o m String algorithm = publicKey.getAlgorithm(); if ("EC".equals(algorithm) || "ECDH".equals(algorithm) || (publicKey instanceof ECPublicKey)) { ASN1InputStream asn1In = new ASN1InputStream(publicKey.getEncoded()); SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo( (ASN1Sequence) asn1In.readObject()); asn1In.close(); AlgorithmIdentifier algorithmIdentifier = subjectPublicKeyInfo.getAlgorithm(); String algOID = algorithmIdentifier.getAlgorithm().getId(); if (!SecurityInfo.ID_EC_PUBLIC_KEY.equals(algOID)) { throw new IllegalStateException("Was expecting id-ecPublicKey (" + SecurityInfo.ID_EC_PUBLIC_KEY_TYPE + "), found " + algOID); } ASN1Primitive derEncodedParams = algorithmIdentifier.getParameters().toASN1Primitive(); X9ECParameters params = null; if (derEncodedParams instanceof ASN1ObjectIdentifier) { ASN1ObjectIdentifier paramsOID = (ASN1ObjectIdentifier) derEncodedParams; /* It's a named curve from X9.62. */ params = X962NamedCurves.getByOID(paramsOID); if (params == null) { throw new IllegalStateException( "Could not find X9.62 named curve for OID " + paramsOID.getId()); } /* Reconstruct the parameters. */ org.bouncycastle.math.ec.ECPoint generator = params.getG(); org.bouncycastle.math.ec.ECCurve curve = generator.getCurve(); generator = curve.createPoint(generator.getX().toBigInteger(), generator.getY().toBigInteger(), false); params = new X9ECParameters(params.getCurve(), generator, params.getN(), params.getH(), params.getSeed()); } else { /* It's not a named curve, we can just return the decoded public key info. */ return subjectPublicKeyInfo; } if (publicKey instanceof org.bouncycastle.jce.interfaces.ECPublicKey) { org.bouncycastle.jce.interfaces.ECPublicKey ecPublicKey = (org.bouncycastle.jce.interfaces.ECPublicKey) publicKey; AlgorithmIdentifier id = new AlgorithmIdentifier( subjectPublicKeyInfo.getAlgorithm().getAlgorithm(), params.toASN1Primitive()); org.bouncycastle.math.ec.ECPoint q = ecPublicKey.getQ(); /* FIXME: investigate the compressed versus uncompressed point issue. What is allowed in TR03110? -- MO */ // In case we would like to compress the point: // p = p.getCurve().createPoint(p.getX().toBigInteger(), p.getY().toBigInteger(), true); subjectPublicKeyInfo = new SubjectPublicKeyInfo(id, q.getEncoded()); return subjectPublicKeyInfo; } else { return subjectPublicKeyInfo; } } else if ("DH".equals(algorithm) || (publicKey instanceof DHPublicKey)) { DHPublicKey dhPublicKey = (DHPublicKey) publicKey; DHParameterSpec dhSpec = dhPublicKey.getParams(); return new SubjectPublicKeyInfo( new AlgorithmIdentifier(EACObjectIdentifiers.id_PK_DH, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL()).toASN1Primitive()), new ASN1Integer(dhPublicKey.getY())); } else { throw new IllegalArgumentException( "Unrecognized key type, found " + publicKey.getAlgorithm() + ", should be DH or ECDH"); } } catch (Exception e) { LOGGER.severe("Exception: " + e.getMessage()); return null; } }
From source file:org.jnotary.crypto.CRLLoader.java
License:Open Source License
/** * Extracts all CRL distribution point URLs from the "CRL Distribution Point" * extension in a X.509 certificate. If CRL distribution point extension is * unavailable, returns an empty list. /*w w w .j ava 2s . c o m*/ */ public static List<String> getCrlDistributionPoints(X509Certificate cert) throws CertificateParsingException, IOException { byte[] crldpExt = cert.getExtensionValue(X509Extension.cRLDistributionPoints.getId()); if (crldpExt == null) { return Collections.emptyList(); } ASN1InputStream oAsnInStream = null; ASN1InputStream oAsnInStream2 = null; List<String> crlUrls = new ArrayList<String>(); try { oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(crldpExt)); ASN1Primitive derObjCrlDP = oAsnInStream.readObject(); DEROctetString dosCrlDP = (DEROctetString) derObjCrlDP; byte[] crldpExtOctets = dosCrlDP.getOctets(); oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets)); ASN1Primitive derObj2 = oAsnInStream2.readObject(); CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2); for (DistributionPoint dp : distPoint.getDistributionPoints()) { DistributionPointName dpn = dp.getDistributionPoint(); // Look for URIs in fullName if (dpn != null) { if (dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for an URI for (int j = 0; j < genNames.length; j++) { if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(genNames[j].getName()).getString(); crlUrls.add(url); } } } } } } finally { if (oAsnInStream != null) oAsnInStream.close(); if (oAsnInStream2 != null) oAsnInStream2.close(); } return crlUrls; }
From source file:org.jruby.ext.openssl.ASN1.java
License:LGPL
@JRubyMethod(meta = true) public static IRubyObject decode(IRubyObject recv, IRubyObject obj) { try {//from w ww.j a va 2 s . co m IRubyObject obj2 = OpenSSLImpl.to_der_if_possible(obj); RubyModule asnM = (RubyModule) recv; ASN1InputStream asis = new ASN1InputStream(obj2.convertToString().getBytes()); IRubyObject ret = decodeObj(asnM, asis.readObject()); return ret; } catch (IOException e) { throw recv.getRuntime().newIOErrorFromException(e); } catch (Exception e) { throw recv.getRuntime().newArgumentError(e.getMessage()); } }
From source file:org.jruby.ext.openssl.impl.NetscapeCertRequest.java
License:Open Source License
public NetscapeCertRequest(final byte[] request) throws NoSuchAlgorithmException, InvalidKeySpecException, IllegalArgumentException { ASN1InputStream input = new ASN1InputStream(new ByteArrayInputStream(request)); ASN1Sequence spkac;/* w w w .jav a 2s . c o m*/ try { spkac = ASN1Sequence.getInstance(input.readObject()); } catch (IOException e) { throw new IllegalArgumentException(e); } // // SignedPublicKeyAndChallenge ::= SEQUENCE { // publicKeyAndChallenge PublicKeyAndChallenge, // signatureAlgorithm AlgorithmIdentifier, // signature BIT STRING // } // if (spkac.size() != 3) { throw new IllegalArgumentException("invalid SPKAC (size):" + spkac.size()); } final ASN1Sequence signatureId = (ASN1Sequence) spkac.getObjectAt(1); this.sigAlg = AlgorithmIdentifier.getInstance(signatureId); this.signatureBits = ((DERBitString) spkac.getObjectAt(2)).getBytes(); // // PublicKeyAndChallenge ::= SEQUENCE { // spki SubjectPublicKeyInfo, // challenge IA5STRING // } // ASN1Sequence pkac = (ASN1Sequence) spkac.getObjectAt(0); if (pkac.size() != 2) { throw new IllegalArgumentException("invalid PKAC (len): " + pkac.size()); } this.challenge = ((DERIA5String) pkac.getObjectAt(1)).getString(); final String keyAlgorithm; final X509EncodedKeySpec encodedKeySpec; try { //this could be dangerous, as ASN.1 decoding/encoding //could potentially alter the bytes this.content = new DERBitString(pkac); final SubjectPublicKeyInfo pubKeyInfo = new SubjectPublicKeyInfo((ASN1Sequence) pkac.getObjectAt(0)); encodedKeySpec = new X509EncodedKeySpec(new DERBitString(pubKeyInfo).getBytes()); this.keyAlg = pubKeyInfo.getAlgorithm(); keyAlgorithm = keyAlg.getAlgorithm().getId(); } catch (Exception e) { // new DERBitString throw IOExcetpion since BC 1.49 //if ( e instanceof IOException ) { // throw new IllegalArgumentException(e); //} if (e instanceof RuntimeException) throw (RuntimeException) e; throw new IllegalArgumentException(e); } KeyFactory keyFactory = SecurityHelper.getKeyFactory(keyAlgorithm); this.publicKey = keyFactory.generatePublic(encodedKeySpec); }
From source file:org.jruby.ext.openssl.impl.NetscapeCertRequest.java
License:Open Source License
private ASN1Primitive getKeySpec() throws IOException { ASN1InputStream input = new ASN1InputStream(new ByteArrayInputStream(publicKey.getEncoded())); return input.readObject(); }