List of usage examples for org.bouncycastle.asn1 ASN1InputStream readObject
public ASN1Primitive readObject() throws IOException
From source file:com.peterphi.std.crypto.keygen.CaHelper.java
License:Open Source License
/** * @param gen/*from ww w . jav a2s .co m*/ * @param pubKey * * @throws IOException */ private static void addAuthorityKeyIdentifier(X509V3CertificateGenerator gen, PublicKey pubKey) throws Exception { { ASN1InputStream is = new ASN1InputStream(new ByteArrayInputStream(pubKey.getEncoded())); try { SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence) is.readObject()); AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki); gen.addExtension(X509Extensions.AuthorityKeyIdentifier.getId(), false, aki); } finally { IOUtils.closeQuietly(is); } } }
From source file:com.peterphi.std.crypto.keygen.CaHelper.java
License:Open Source License
/** * @param gen/* www. ja va 2 s.co m*/ * @param pubKey * * @throws IOException */ private static void addSubjectKeyIdentifier(X509V3CertificateGenerator gen, PublicKey pubKey) throws Exception { { ASN1InputStream is = new ASN1InputStream(new ByteArrayInputStream(pubKey.getEncoded())); try { SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo((ASN1Sequence) is.readObject()); SubjectKeyIdentifier ski = new SubjectKeyIdentifier(spki); gen.addExtension(X509Extensions.SubjectKeyIdentifier.getId(), false, ski); } finally { IOUtils.closeQuietly(is); } } }
From source file:com.rovemonteux.silvertunnel.netlib.layer.tor.util.Encryption.java
License:Open Source License
/** * makes RSA public key from bin byte array. * * @param b byte array that contains the key * @return/*from w ww. j a v a 2 s. co m*/ * @see JCERSAPublicKey */ public static RSAPublicKey extractBinaryRSAKey(final byte[] b) { RSAPublicKey theKey; try { final ASN1InputStream ais = new ASN1InputStream(b); final Object asnObject = ais.readObject(); final ASN1Sequence sequence = (ASN1Sequence) asnObject; final RSAPublicKeyStructure tempKey = new RSAPublicKeyStructure(sequence); theKey = getRSAPublicKey(tempKey.getModulus(), tempKey.getPublicExponent()); ais.close(); } catch (final IOException e) { LOG.warn("Caught exception:" + e.getMessage()); theKey = null; } return theKey; }
From source file:com.tremolosecurity.proxy.auth.ssl.util.UpnExtractor.java
License:Apache License
private String loadNTPrincipal(X509Certificate[] certs) throws CertificateParsingException, IOException { X509Certificate cert = certs[0]; Collection<List<?>> subjectAlternativeNames = cert.getSubjectAlternativeNames(); if (subjectAlternativeNames != null && !subjectAlternativeNames.isEmpty()) { for (List<?> subjectAltName : subjectAlternativeNames) { if (((Integer) subjectAltName.get(0)) == GeneralName.otherName) { ASN1InputStream asn1Input = new ASN1InputStream((byte[]) subjectAltName.get(1)); ASN1Primitive derObject = asn1Input.readObject(); DLSequence seq = (DLSequence) derObject; ASN1ObjectIdentifier id = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0)); if (id.getId().equals("1.3.6.1.4.1.311.20.2.3")) { ASN1TaggedObject obj = (ASN1TaggedObject) seq.getObjectAt(1); DERUTF8String str = null; while (str == null) { if (obj.getObject() instanceof DERTaggedObject) { obj = (ASN1TaggedObject) obj.getObject(); } else if (obj.getObject() instanceof DERUTF8String) { str = (DERUTF8String) obj.getObject(); } else { asn1Input.close(); return null; }/*from w w w . jav a2 s.com*/ } asn1Input.close(); return str.getString(); } } } } return null; }
From source file:com.viettel.hqmc.DAO.FilesDAO.java
private static List<String> getAIALocations(X509Certificate cert) throws Exception { //Gets the DER-encoded OCTET string for the extension value for Authority information access Points byte[] aiaExtensionValue = cert.getExtensionValue(X509Extensions.AuthorityInfoAccess.getId()); if (aiaExtensionValue == null) { throw new Exception("Certificate doesn't have authority " + "information access points"); }//from ww w . j av a 2 s . c o m //might have to pass an ByteArrayInputStream(aiaExtensionValue) ASN1InputStream asn1In = new ASN1InputStream(aiaExtensionValue); AuthorityInformationAccess authorityInformationAccess; try { DEROctetString aiaDEROctetString = (DEROctetString) (asn1In.readObject()); ASN1InputStream asn1InOctets = new ASN1InputStream(aiaDEROctetString.getOctets()); ASN1Sequence aiaASN1Sequence = (ASN1Sequence) asn1InOctets.readObject(); authorityInformationAccess = AuthorityInformationAccess.getInstance(aiaASN1Sequence); } catch (IOException ex) { LogUtil.addLog(ex);//binhnt sonar a160901 throw new Exception("Cannot read certificate to get OCSP URLs", ex); } List<String> ocspUrlList = new ArrayList<String>(); AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) { DERIA5String str = DERIA5String.getInstance(gn.getName()); String accessLocation = str.getString(); ocspUrlList.add(accessLocation); } } if (ocspUrlList.isEmpty()) { throw new Exception("Cant get OCSP urls from certificate"); } return ocspUrlList; }
From source file:com.wandrell.util.ksgen.BouncyCastleKeyStoreFactory.java
License:Open Source License
/** * Returns a {@code SubjectKeyIdentifier} for the received {@code Key}. * * @param key/*from w w w . j a v a2 s.co m*/ * the key for generating the identifier * @return a {@code SubjectKeyIdentifier} for the received {@code Key} * @throws IOException * if any problem occurs while reading the key */ private final SubjectKeyIdentifier createSubjectKeyIdentifier(final Key key) throws IOException { final ASN1Sequence seq; // Sequence for the key info ASN1InputStream stream = null; // Stream for reading the key try { stream = new ASN1InputStream(new ByteArrayInputStream(key.getEncoded())); seq = (ASN1Sequence) stream.readObject(); } finally { IOUtils.closeQuietly(stream); } return new BcX509ExtensionUtils().createSubjectKeyIdentifier(new SubjectPublicKeyInfo(seq)); }
From source file:com.yacme.ext.oxsit.comp.security.cert.X509Certificate.java
License:Open Source License
@Override public void setDEREncoded(byte[] _DEREncoded) { ///*from www. j av a 2s .com*/ m_aX509 = null; //remove old certificate //remove old data from HashMaps /* m_aExtensions.clear(); m_aExtensionLocalizedNames.clear(); m_aExtensionDisplayValues.clear(); m_aCriticalExtensions.clear(); m_aNotCriticalExtensions.clear();*/ ByteArrayInputStream as = new ByteArrayInputStream(_DEREncoded); ASN1InputStream aderin = new ASN1InputStream(as); DERObject ado; try { ado = aderin.readObject(); m_aX509 = new X509CertificateStructure((ASN1Sequence) ado); } catch (IOException e) { m_aLogger.severe("setDEREncoded", e); } }
From source file:com.yacme.ext.oxsit.cust_it.comp.security.cert.CertificateComplianceCA_IT.java
License:Open Source License
@Override public CertificateState verifyCertificateCompliance(XFrame _xFrame, Object _xComponent) throws IllegalArgumentException, Exception { m_xFrame = _xFrame;// w ww . j a va2s . co m // TODO Auto-generated method stub m_xQc = (XOX_X509Certificate) UnoRuntime.queryInterface(XOX_X509Certificate.class, _xComponent); if (m_xQc == null) throw (new IllegalArgumentException( "XOX_CertificateComplianceControlProcedure#verifyCertificateCertificateCompliance wrong argument")); m_aCertificateState = CertificateState.OK; //convert the certificate to java internal representation try { m_JavaCert = Helpers.getCertificate(m_xQc);// (java.security.cert.X509Certificate) cf.generateCertificate(bais); //check for version, if version is not 3, exits, certificate cannot be used m_aCAState = CertificationAuthorityState.TRUSTED; if (m_JavaCert.getVersion() != 3) { m_xQc.setCertificateElementErrorState(GlobConstant.m_sX509_CERTIFICATE_VERSION, CertificateElementState.INVALID_value); setCertificateStateHelper(CertificateState.MALFORMED_CERTIFICATE); return m_aCertificateState; } //check for validity date try { /* // test for date information // not yet valid: // GregorianCalendar aCal = new GregorianCalendar(2008,12,12); // expired: // GregorianCalendar aCal = new GregorianCalendar(2019,12,12); m_JavaCert.checkValidity(aCal.getTime());*/ m_JavaCert.checkValidity(); //valid, set no CRL needed m_aCertStateConds = CertificateStateConditions.REVOCATION_CONTROL_NOT_NEEDED; } catch (CertificateExpiredException e) { m_xQc.setCertificateElementErrorState(GlobConstant.m_sX509_CERTIFICATE_NOT_AFTER, CertificateElementState.INVALID_value); setCertificateStateHelper(CertificateState.EXPIRED); m_aCAState = CertificationAuthorityState.TRUSTED_WITH_WARNING; m_xQc.getCertificateDisplayObj().setCertificateElementCommentString(CertificateElementID.NOT_AFTER, "The date is elapsed."); //check CRL of this certificate //commented due to excessive time out verifyCertifRevocHelper(); } catch (CertificateNotYetValidException e) { m_xQc.setCertificateElementErrorState(GlobConstant.m_sX509_CERTIFICATE_NOT_BEFORE, CertificateElementState.INVALID_value); setCertificateStateHelper(CertificateState.NOT_ACTIVE); m_aCAState = CertificationAuthorityState.TRUSTED_WITH_WARNING; m_xQc.getCertificateDisplayObj().setCertificateElementCommentString(CertificateElementID.NOT_BEFORE, "The date is not yet arrived."); } //check the KeyUsage extension /* int tempState = CertificateElementState.OK_value; if(!isKeyUsageNonRepudiationCritical(m_JavaCert)) { tempState = CertificateElementState.INVALID_value; setCertificateStateHelper(CertificateState.NOT_COMPLIANT); } m_xQc.setCertificateElementErrorState(X509Extensions.KeyUsage.getId(), tempState);*/ } catch (CertificateException e) { m_aLogger.severe(e); setCertificateStateHelper(CertificateState.MALFORMED_CERTIFICATE); throw (new com.sun.star.uno.Exception(" wrapped exception: ")); } //convert to Bouncy Castle representation ByteArrayInputStream as = new ByteArrayInputStream(m_xQc.getCertificateAttributes().getDEREncoded()); ASN1InputStream aderin = new ASN1InputStream(as); DERObject ado = null; try { ado = aderin.readObject(); X509CertificateStructure x509Str = new X509CertificateStructure((ASN1Sequence) ado); //check issuer field for conformance TBSCertificateStructure xTBSCert = x509Str.getTBSCertificate(); //check if either one of IssuerUniqueID or SubjectUniqueID is present //ETSI 102 280 5.3 if (!isOKUniqueIds(xTBSCert)) { setCertificateStateHelper(CertificateState.CORE_CERTIFICATE_ELEMENT_INVALID); return m_aCertificateState; } if (!isIssuerIdOk(xTBSCert)) { m_xQc.setCertificateElementErrorState("IssuerName", CertificateElementState.INVALID_value); setCertificateStateHelper(CertificateState.NOT_COMPLIANT); } /* //check if qcStatements are present //the function set the error itself if(!hasQcStatements(xTBSCert)) { return m_aCertificateState; }*/ } catch (java.io.IOException e) { m_aLogger.severe(e); setCertificateStateHelper(CertificateState.MALFORMED_CERTIFICATE); throw (new com.sun.star.uno.Exception(" wrapped exception: ")); } catch (java.lang.Exception e) { m_aLogger.severe(e); setCertificateStateHelper(CertificateState.MALFORMED_CERTIFICATE); throw (new com.sun.star.uno.Exception(" wrapped exception: ")); } return m_aCertificateState; }
From source file:com.yacme.ext.oxsit.cust_it.comp.security.cert.CertificateCompliance_IT.java
License:Open Source License
@Override public CertificateState verifyCertificateCompliance(XFrame _xFrame, Object arg0) throws IllegalArgumentException, Exception { m_xQc = (XOX_X509Certificate) UnoRuntime.queryInterface(XOX_X509Certificate.class, arg0); if (m_xQc == null) throw (new IllegalArgumentException( "XOX_CertificateComplianceProcedure#verifyCertificateCertificateCompliance wrong argument")); m_aCertificateState = CertificateState.OK; m_aLogger.log("verifyCertificateCompliance"); //convert the certificate to java internal representation java.security.cert.CertificateFactory cf; try {//from w ww . ja v a2 s .co m cf = java.security.cert.CertificateFactory.getInstance("X.509"); java.io.ByteArrayInputStream bais = null; bais = new java.io.ByteArrayInputStream(m_xQc.getCertificateAttributes().getDEREncoded()); m_JavaCert = (java.security.cert.X509Certificate) cf.generateCertificate(bais); //check for version, if version is not 3, exits, certificate cannot be used if (m_JavaCert.getVersion() != 3) { m_xQc.setCertificateElementErrorState(GlobConstant.m_sX509_CERTIFICATE_VERSION, CertificateElementState.INVALID_value); setCertificateStateHelper(CertificateState.MALFORMED_CERTIFICATE); m_xQc.getCertificateDisplayObj().setCertificateElementCommentString(CertificateElementID.VERSION, "Version MUST be V3"); return m_aCertificateState; } //check for validity date try { /* //test for date information //not yet valid GregorianCalendar aCal = new GregorianCalendar(2008,12,12); //expired GregorianCalendar aCal = new GregorianCalendar(2019,12,12); m_JavaCert.checkValidity(aCal.getTime());*/ m_JavaCert.checkValidity(); } catch (CertificateExpiredException e) { m_xQc.setCertificateElementErrorState(GlobConstant.m_sX509_CERTIFICATE_NOT_AFTER, CertificateElementState.INVALID_value); setCertificateStateHelper(CertificateState.EXPIRED); m_xQc.getCertificateDisplayObj().setCertificateElementCommentString(CertificateElementID.NOT_AFTER, "The date is elapsed."); } catch (CertificateNotYetValidException e) { m_xQc.setCertificateElementErrorState(GlobConstant.m_sX509_CERTIFICATE_NOT_BEFORE, CertificateElementState.INVALID_value); setCertificateStateHelper(CertificateState.NOT_ACTIVE); m_xQc.getCertificateDisplayObj().setCertificateElementCommentString(CertificateElementID.NOT_BEFORE, "The date is not yet arrived."); } //check the KeyUsage extension int tempState = CertificateElementState.OK_value; if (!isKeyUsageNonRepudiationCritical(m_JavaCert)) { tempState = CertificateElementState.INVALID_value; setCertificateStateHelper(CertificateState.NOT_COMPLIANT); } m_xQc.setCertificateElementErrorState(X509Extensions.KeyUsage.getId(), tempState); } catch (CertificateException e) { m_aLogger.severe(e); setCertificateStateHelper(CertificateState.MALFORMED_CERTIFICATE); throw (new com.sun.star.uno.Exception(" wrapped exception: ")); } //convert to Bouncy Castle representation ByteArrayInputStream as = new ByteArrayInputStream(m_xQc.getCertificateAttributes().getDEREncoded()); ASN1InputStream aderin = new ASN1InputStream(as); DERObject ado = null; try { ado = aderin.readObject(); X509CertificateStructure x509Str = new X509CertificateStructure((ASN1Sequence) ado); //check issuer field for conformance TBSCertificateStructure xTBSCert = x509Str.getTBSCertificate(); //check if both IssuerUniqueID and SubjectUniqueID are present //ETSI 102 280 5.3 if (!isOKUniqueIds(xTBSCert)) { setCertificateStateHelper(CertificateState.CORE_CERTIFICATE_ELEMENT_INVALID); return m_aCertificateState; } if (!isIssuerIdOk(xTBSCert)) { m_xQc.setCertificateElementErrorState("IssuerName", CertificateElementState.INVALID_value); setCertificateStateHelper(CertificateState.NOT_COMPLIANT); } //check if qcStatements are present //the function set the error itself if (!hasQcStatements(xTBSCert)) { return m_aCertificateState; } } catch (java.io.IOException e) { m_aLogger.severe(e); setCertificateStateHelper(CertificateState.MALFORMED_CERTIFICATE); throw (new com.sun.star.uno.Exception(" wrapped exception: ")); } catch (java.lang.Exception e) { m_aLogger.severe(e); setCertificateStateHelper(CertificateState.MALFORMED_CERTIFICATE); throw (new com.sun.star.uno.Exception(" wrapped exception: ")); } return m_aCertificateState; }
From source file:com.yacme.ext.oxsit.cust_it.comp.security.cert.X509CertDisplayBase_IT.java
License:Open Source License
@Override public void prepareDisplayStrings(XFrame _xFrame, XComponent _xComp) throws IllegalArgumentException, Exception { m_xQc = (XOX_X509Certificate) UnoRuntime.queryInterface(XOX_X509Certificate.class, _xComp); if (m_xQc == null) throw (new IllegalArgumentException( "com.yacme.ext.oxsit.security.cert.XOX_X509CertificateDisplay#prepareDisplayStrings wrong argument")); ///* www . j av a2s.co m*/ m_aX509 = null; //remove old certificate //remove old data from HashMaps m_aExtensions.clear(); m_aExtensionLocalizedNames.clear(); m_aExtensionDisplayValues.clear(); m_aCriticalExtensions.clear(); m_aNotCriticalExtensions.clear(); ByteArrayInputStream as = new ByteArrayInputStream(m_xQc.getCertificateAttributes().getDEREncoded()); ASN1InputStream aderin = new ASN1InputStream(as); DERObject ado; try { ado = aderin.readObject(); m_aX509 = new X509CertificateStructure((ASN1Sequence) ado); //initializes the certificate display information initSubjectName(); m_sVersion = String.format("V%d", m_aX509.getVersion()); m_sSerialNumber = new String("" + m_aX509.getSerialNumber().getValue()); initIssuerName(); m_sNotValidBefore = initCertDate(m_aX509.getStartDate().getDate()); m_sNotValidAfter = initCertDate(m_aX509.getEndDate().getDate()); m_sSubjectPublicKeyAlgorithm = initPublicKeyAlgorithm(); m_sSubjectPublicKeyValue = initPublicKeyData(); m_sSignatureAlgorithm = initSignatureAlgorithm(); initThumbPrints(); //now initializes the Extension listing X509Extensions aX509Exts = m_aX509.getTBSCertificate().getExtensions(); //fill the internal extension HashMaps //at the same time we'll get the extension localized name from resources and //fill the display data MessageConfigurationAccess m_aRegAcc = null; m_aRegAcc = new MessageConfigurationAccess(m_xContext, m_xMCF); //FIXME: may be we need to adapt this to the context: the following is valid ONLY if this //object is instantiated from within a dialog, is not true if instantiated from a not UI method (e.g. from basic for example). IDynamicLogger aDlgH = null; CertificateExtensionDisplayHelper aHelper = new CertificateExtensionDisplayHelper(m_xContext, m_lTheLocale, m_sTimeLocaleString, m_sLocaleDateOfBirth, m_bDisplayOID, m_aLogger); for (Enumeration<DERObjectIdentifier> enume = aX509Exts.oids(); enume.hasMoreElements();) { DERObjectIdentifier aDERId = enume.nextElement(); String aTheOID = aDERId.getId(); X509Extension aext = aX509Exts.getExtension(aDERId); m_aExtensions.put(aTheOID, aext); //now grab the localized description try { m_aExtensionLocalizedNames.put(aTheOID, m_aRegAcc.getStringFromRegistry(aTheOID) + ((m_bDisplayOID) ? (" (OID: " + aTheOID.toString() + ")") : "")); } catch (com.sun.star.uno.Exception e) { m_aLogger.severe("setDEREncoded", e); m_aExtensionLocalizedNames.put(aTheOID, aTheOID); } //and decode this extension m_aExtensionDisplayValues.put(aTheOID, aHelper.examineExtension(aext, aDERId, this)); if (aext.isCritical()) m_aCriticalExtensions.put(aTheOID, aext); else m_aNotCriticalExtensions.put(aTheOID, aext); } m_aRegAcc.dispose(); } catch (IOException e) { m_aLogger.severe("setDEREncoded", e); } }