List of usage examples for org.bouncycastle.asn1 ASN1Integer getValue
public BigInteger getValue()
From source file:org.kse.crypto.x509.X509Ext.java
License:Open Source License
private String getQcStatementsStringValue(byte[] octets) throws IOException { // @formatter:off /*// ww w . ja va2 s . c om QCStatements ::= SEQUENCE OF QSStatement QSStatement ::= SEQUENCE { statementId OBJECT IDENTIFIER, statementInfo ANY DEFINED BY statementId OPTIONAL } QcEuLimitValue ::= MonetaryValue QcRetentionPeriod ::= INTEGER */ // @formatter:on StringBuilder sb = new StringBuilder(); int qcStatementNr = 0; ASN1Sequence qcStatements = ASN1Sequence.getInstance(octets); for (ASN1Encodable asn1Encodable : qcStatements.toArray()) { QCStatement qcStatement = QCStatement.getInstance(asn1Encodable); ASN1ObjectIdentifier statementId = qcStatement.getStatementId(); ASN1Encodable statementInfo = qcStatement.getStatementInfo(); int indentLevel = 1; sb.append(MessageFormat.format(res.getString("QCStatement.QCStatement"), ++qcStatementNr)); sb.append(NEWLINE); QcStatementType qcStatementType = QcStatementType.resolveOid(statementId.getId()); if (qcStatementType != null) { switch (qcStatementType) { case QC_SYNTAX_V1: case QC_SYNTAX_V2: SemanticsInformation semanticsInfo = SemanticsInformation.getInstance(statementInfo); sb.append(getSemanticInformationValueString(qcStatementType, semanticsInfo, indentLevel)); break; case QC_COMPLIANCE: // no statementInfo sb.append(INDENT.toString(indentLevel)); sb.append(res.getString(QcStatementType.QC_COMPLIANCE.getResKey())); sb.append(NEWLINE); break; case QC_EU_LIMIT_VALUE: sb.append(INDENT.toString(indentLevel)); sb.append(res.getString(QcStatementType.QC_EU_LIMIT_VALUE.getResKey())); sb.append(NEWLINE); sb.append(getMonetaryValueStringValue(statementInfo, indentLevel + 1)); break; case QC_RETENTION_PERIOD: ASN1Integer asn1Integer = ASN1Integer.getInstance(statementInfo); sb.append(INDENT.toString(indentLevel)); sb.append(MessageFormat.format(res.getString(QcStatementType.QC_RETENTION_PERIOD.getResKey()), asn1Integer.getValue().toString())); sb.append(NEWLINE); break; case QC_SSCD: // no statementInfo sb.append(INDENT.toString(indentLevel)); sb.append(res.getString(QcStatementType.QC_SSCD.getResKey())); sb.append(NEWLINE); break; case QC_PDS: ASN1Sequence pdsLocations = ASN1Sequence.getInstance(statementInfo); sb.append(INDENT.toString(indentLevel)); sb.append(res.getString(QcStatementType.QC_PDS.getResKey())); for (ASN1Encodable pdsLoc : pdsLocations) { sb.append(NEWLINE); sb.append(INDENT.toString(indentLevel + 1)); DLSequence pds = (DLSequence) pdsLoc; sb.append(MessageFormat.format(res.getString("QCPDS.locations"), pds.getObjectAt(1), pds.getObjectAt(0))); } sb.append(NEWLINE); break; case QC_TYPE: sb.append(INDENT.toString(indentLevel)); sb.append(res.getString(QcStatementType.QC_TYPE.getResKey())); ASN1Sequence qcTypes = ASN1Sequence.getInstance(statementInfo); for (ASN1Encodable type : qcTypes) { sb.append(NEWLINE); sb.append(INDENT.toString(indentLevel + 1)); sb.append(ObjectIdUtil.toString((ASN1ObjectIdentifier) type)); } sb.append(NEWLINE); } } else { // no statementInfo sb.append(INDENT.toString(indentLevel)); sb.append(statementId.getId()); sb.append(statementInfo.toString()); sb.append(NEWLINE); } } return sb.toString(); }
From source file:org.signserver.testutils.TestUtils.java
License:Open Source License
public static void checkSigningCertificateAttribute(final ASN1Sequence scAttr, final X509Certificate cert) throws Exception { final ASN1ObjectIdentifier scOid = ASN1ObjectIdentifier.getInstance(scAttr.getObjectAt(0)); assertEquals("Invalid OID for content", SIGNING_CERT_OID, scOid.getId()); // calculate expected hash final byte[] digest = MessageDigest.getInstance("SHA-1").digest(cert.getEncoded()); // find hash in returned structure final ASN1Set set = ASN1Set.getInstance(scAttr.getObjectAt(1)); final ASN1Sequence s1 = ASN1Sequence.getInstance(set.getObjectAt(0)); final ASN1Sequence s2 = ASN1Sequence.getInstance(s1.getObjectAt(0)); final ASN1Sequence s3 = ASN1Sequence.getInstance(s2.getObjectAt(0)); final ASN1OctetString hashOctetString = ASN1OctetString.getInstance(s3.getObjectAt(0)); assertTrue("Hash doesn't match", Arrays.equals(digest, hashOctetString.getOctets())); // find serial number in structure final ASN1Sequence s4 = ASN1Sequence.getInstance(s3.getObjectAt(1)); final ASN1Integer snValue = ASN1Integer.getInstance(s4.getObjectAt(1)); final BigInteger sn = cert.getSerialNumber(); assertEquals("Serial number doesn't match", sn, snValue.getValue()); // examine issuer final ASN1Sequence s5 = ASN1Sequence.getInstance(s4.getObjectAt(0)); final ASN1TaggedObject obj = ASN1TaggedObject.getInstance(s5.getObjectAt(0)); final ASN1Sequence s6 = ASN1Sequence.getInstance(obj.getObject()); // expect 4 DN components in the signing cert assertEquals("Number of DN components", 4, s6.size()); final Enumeration objects = s6.getObjects(); while (objects.hasMoreElements()) { final ASN1Set component = ASN1Set.getInstance(objects.nextElement()); final ASN1Sequence seq = ASN1Sequence.getInstance(component.getObjectAt(0)); final ASN1ObjectIdentifier dnOid = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0)); if (CN_OID.equals(dnOid.getId())) { final DERUTF8String cn = DERUTF8String.getInstance(seq.getObjectAt(1)); assertEquals("Issuer CN doesn't match", CN, cn.getString()); } else if (OU_OID.equals(dnOid.getId())) { final DERUTF8String ou = DERUTF8String.getInstance(seq.getObjectAt(1)); assertEquals("Issuer OU doesn't match", OU, ou.getString()); } else if (O_OID.equals(dnOid.getId())) { final DERUTF8String o = DERUTF8String.getInstance(seq.getObjectAt(1)); assertEquals("Issuer O doesn't match", O, o.getString()); } else if (C_OID.equals(dnOid.getId())) { final DERPrintableString c = DERPrintableString.getInstance(seq.getObjectAt(1)); assertEquals("Issuer C doesn't match", C, c.getString()); } else {/* ww w .ja v a2 s . com*/ fail("Unexpected issuer DN component"); } } }
From source file:org.xipki.ca.server.impl.X509CACmpResponder.java
License:Open Source License
private CertRepMessage processCertReqMessages(final CmpRequestorInfo requestor, final String user, final ASN1OctetString tid, final PKIHeader reqHeader, final CertReqMessages kur, final boolean keyUpdate, final long confirmWaitTime, final boolean sendCaCert, final AuditEvent auditEvent) throws InsuffientPermissionException { CmpRequestorInfo _requestor = (CmpRequestorInfo) requestor; CertReqMsg[] certReqMsgs = kur.toCertReqMsgArray(); CertResponse[] certResponses = new CertResponse[certReqMsgs.length]; for (int i = 0; i < certReqMsgs.length; i++) { AuditChildEvent childAuditEvent = null; if (auditEvent != null) { childAuditEvent = new AuditChildEvent(); auditEvent.addChildAuditEvent(childAuditEvent); }/*from ww w . jav a 2 s. c om*/ CertReqMsg reqMsg = certReqMsgs[i]; CertificateRequestMessage req = new CertificateRequestMessage(reqMsg); ASN1Integer certReqId = reqMsg.getCertReq().getCertReqId(); if (childAuditEvent != null) { childAuditEvent .addEventData(new AuditEventData("certReqId", certReqId.getPositiveValue().toString())); } if (req.hasProofOfPossession() == false) { PKIStatusInfo status = generateCmpRejectionStatus(PKIFailureInfo.badPOP, null); certResponses[i] = new CertResponse(certReqId, status); if (childAuditEvent != null) { childAuditEvent.setStatus(AuditStatus.FAILED); childAuditEvent.addEventData(new AuditEventData("message", "no POP")); } continue; } if (verifyPOP(req, _requestor.isRA()) == false) { LOG.warn("could not validate POP for requst {}", certReqId.getValue()); PKIStatusInfo status = generateCmpRejectionStatus(PKIFailureInfo.badPOP, null); certResponses[i] = new CertResponse(certReqId, status); if (childAuditEvent != null) { childAuditEvent.setStatus(AuditStatus.FAILED); childAuditEvent.addEventData(new AuditEventData("message", "invalid POP")); } continue; } CertTemplate certTemp = req.getCertTemplate(); Extensions extensions = certTemp.getExtensions(); X500Name subject = certTemp.getSubject(); SubjectPublicKeyInfo publicKeyInfo = certTemp.getPublicKey(); OptionalValidity validity = certTemp.getValidity(); try { CmpUtf8Pairs keyvalues = CmpUtil.extract(reqMsg.getRegInfo()); String certprofileName = keyvalues == null ? null : keyvalues.getValue(CmpUtf8Pairs.KEY_CERT_PROFILE); if (certprofileName == null) { throw new CMPException("no certificate profile is specified"); } if (childAuditEvent != null) { childAuditEvent.addEventData(new AuditEventData("certprofile", certprofileName)); } checkPermission(_requestor, certprofileName); certResponses[i] = generateCertificate(_requestor, user, tid, certReqId, subject, publicKeyInfo, validity, extensions, certprofileName, keyUpdate, confirmWaitTime, childAuditEvent); } catch (CMPException e) { final String message = "generateCertificate"; if (LOG.isWarnEnabled()) { LOG.warn(LogUtil.buildExceptionLogFormat(message), e.getClass().getName(), e.getMessage()); } LOG.debug(message, e); certResponses[i] = new CertResponse(certReqId, generateCmpRejectionStatus(PKIFailureInfo.badCertTemplate, e.getMessage())); if (childAuditEvent != null) { childAuditEvent.setStatus(AuditStatus.FAILED); childAuditEvent.addEventData(new AuditEventData("message", "badCertTemplate")); } } // end try } // end for CMPCertificate[] caPubs = sendCaCert ? new CMPCertificate[] { getCA().getCAInfo().getCertInCMPFormat() } : null; return new CertRepMessage(caPubs, certResponses); }
From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java
License:Open Source License
private CertRepMessage processCertReqMessages(final PKIMessage request, final CmpRequestorInfo requestor, final String user, final ASN1OctetString tid, final PKIHeader reqHeader, final CertReqMessages kur, final boolean keyUpdate, final CmpControl cmpControl, final String msgId, final AuditEvent event) { CmpRequestorInfo tmpRequestor = (CmpRequestorInfo) requestor; CertReqMsg[] certReqMsgs = kur.toCertReqMsgArray(); final int n = certReqMsgs.length; Map<Integer, CertTemplateData> certTemplateDatas = new HashMap<>(n * 10 / 6); Map<Integer, CertResponse> certResponses = new HashMap<>(n * 10 / 6); Map<Integer, ASN1Integer> certReqIds = new HashMap<>(n * 10 / 6); // pre-process requests for (int i = 0; i < n; i++) { if (cmpControl.isGroupEnroll() && certTemplateDatas.size() != i) { // last certReqMsg cannot be used to enroll certificate break; }//from ww w . j a v a2 s. co m CertReqMsg reqMsg = certReqMsgs[i]; CertificateRequestMessage req = new CertificateRequestMessage(reqMsg); ASN1Integer certReqId = reqMsg.getCertReq().getCertReqId(); certReqIds.put(i, certReqId); if (!req.hasProofOfPossession()) { certResponses.put(i, buildErrorCertResponse(certReqId, PKIFailureInfo.badPOP, "no POP", null)); continue; } if (!verifyPopo(req, tmpRequestor.isRa())) { LOG.warn("could not validate POP for request {}", certReqId.getValue()); certResponses.put(i, buildErrorCertResponse(certReqId, PKIFailureInfo.badPOP, "invalid POP", null)); continue; } CmpUtf8Pairs keyvalues = CmpUtil.extract(reqMsg.getRegInfo()); String certprofileName = (keyvalues == null) ? null : keyvalues.getValue(CmpUtf8Pairs.KEY_CERT_PROFILE); if (certprofileName == null) { String msg = "no certificate profile"; certResponses.put(i, buildErrorCertResponse(certReqId, PKIFailureInfo.badCertTemplate, msg)); continue; } if (!isCertProfilePermitted(tmpRequestor, certprofileName)) { String msg = "certprofile " + certprofileName + " is not allowed"; certResponses.put(i, buildErrorCertResponse(certReqId, PKIFailureInfo.notAuthorized, msg)); continue; } CertTemplate certTemp = req.getCertTemplate(); OptionalValidity validity = certTemp.getValidity(); Date notBefore = null; Date notAfter = null; if (validity != null) { Time time = validity.getNotBefore(); if (time != null) { notBefore = time.getDate(); } time = validity.getNotAfter(); if (time != null) { notAfter = time.getDate(); } } CertTemplateData certTempData = new CertTemplateData(certTemp.getSubject(), certTemp.getPublicKey(), notBefore, notAfter, certTemp.getExtensions(), certprofileName); certTemplateDatas.put(i, certTempData); } // end for if (certResponses.size() == n) { // all error CertResponse[] certResps = new CertResponse[n]; for (int i = 0; i < n; i++) { certResps[i] = certResponses.get(i); } return new CertRepMessage(null, certResps); } if (cmpControl.isGroupEnroll() && certTemplateDatas.size() != n) { // at least one certRequest cannot be used to enroll certificate int lastFailureIndex = certTemplateDatas.size(); BigInteger failCertReqId = certReqIds.get(lastFailureIndex).getPositiveValue(); CertResponse failCertResp = certResponses.get(lastFailureIndex); PKIStatus failStatus = PKIStatus.getInstance(new ASN1Integer(failCertResp.getStatus().getStatus())); PKIFailureInfo failureInfo = new PKIFailureInfo(failCertResp.getStatus().getFailInfo()); CertResponse[] certResps = new CertResponse[n]; for (int i = 0; i < n; i++) { if (i == lastFailureIndex) { certResps[i] = failCertResp; continue; } ASN1Integer certReqId = certReqIds.get(i); String msg = "error in certReq " + failCertReqId; PKIStatusInfo tmpStatus = generateRejectionStatus(failStatus, failureInfo.intValue(), msg); certResps[i] = new CertResponse(certReqId, tmpStatus); } return new CertRepMessage(null, certResps); } final int k = certTemplateDatas.size(); List<CertTemplateData> certTemplateList = new ArrayList<>(k); List<ASN1Integer> certReqIdList = new ArrayList<>(k); Map<Integer, Integer> reqIndexToCertIndexMap = new HashMap<>(k * 10 / 6); for (int i = 0; i < n; i++) { if (!certTemplateDatas.containsKey(i)) { continue; } certTemplateList.add(certTemplateDatas.get(i)); certReqIdList.add(certReqIds.get(i)); reqIndexToCertIndexMap.put(i, certTemplateList.size() - 1); } List<CertResponse> generateCertResponses = generateCertificates(certTemplateList, certReqIdList, tmpRequestor, user, tid, keyUpdate, request, cmpControl, msgId, event); boolean anyCertEnrolled = false; CertResponse[] certResps = new CertResponse[n]; for (int i = 0; i < n; i++) { if (certResponses.containsKey(i)) { certResps[i] = certResponses.get(i); } else { int respIndex = reqIndexToCertIndexMap.get(i); certResps[i] = generateCertResponses.get(respIndex); if (!anyCertEnrolled && certResps[i].getCertifiedKeyPair() != null) { anyCertEnrolled = true; } } } CMPCertificate[] caPubs = null; if (anyCertEnrolled && cmpControl.isSendCaCert()) { caPubs = new CMPCertificate[] { getCa().getCaInfo().getCertInCmpFormat() }; } return new CertRepMessage(caPubs, certResps); }
From source file:tor.TorCrypto.java
License:Open Source License
/** * Parses a public key encoded as ASN.1/* w ww. j a v a 2 s .c o m*/ * * @param rsapublickey ASN.1 Encoded public key * @return PublicKey */ public static RSAPrivateKey asn1GetPrivateKey(byte[] rsapkbuf) { ASN1InputStream bIn = new ASN1InputStream(new ByteArrayInputStream(rsapkbuf)); try { DLSequence obj = (DLSequence) bIn.readObject(); ASN1Integer mod = (ASN1Integer) obj.getObjectAt(1); ASN1Integer pubExp = (ASN1Integer) obj.getObjectAt(2); ASN1Integer privExp = (ASN1Integer) obj.getObjectAt(3); RSAPrivateKey privKey = (RSAPrivateKey) KeyFactory.getInstance("RSA") .generatePrivate(new RSAPrivateKeySpec(mod.getValue(), privExp.getValue())); return privKey; } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) { e.printStackTrace(); } return null; }
From source file:tor.TorCrypto.java
License:Open Source License
public static RSAPublicKey asn1GetPrivateKeyPublic(byte[] rsapkbuf) { ASN1InputStream bIn = new ASN1InputStream(new ByteArrayInputStream(rsapkbuf)); try {// w w w .j a v a 2 s . co m DLSequence obj = (DLSequence) bIn.readObject(); ASN1Integer mod = (ASN1Integer) obj.getObjectAt(1); ASN1Integer pubExp = (ASN1Integer) obj.getObjectAt(2); ASN1Integer privExp = (ASN1Integer) obj.getObjectAt(3); RSAPublicKey pubKey = (RSAPublicKey) KeyFactory.getInstance("RSA") .generatePublic(new RSAPublicKeySpec(mod.getValue(), pubExp.getValue())); return pubKey; } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) { e.printStackTrace(); } return null; }
From source file:us.ihmc.util.crypto.PKIUtils.java
License:Open Source License
private static PrivateKey readPrivateKey(String keyType, String keyString) throws Exception { if (_debug) { Provider[] providers = Security.getProviders(); for (int i = 0; i < providers.length; i++) { System.out.println("readPrivateKey; providers = " + providers[i].getInfo()); }//from w ww .j a va2s . co m System.out.println("readPrivateKey, got keyType: " + keyType + " keyString: \n" + keyString); } boolean isEncrypted = false; String line = null; String dekInfo = null; StringBuffer keyData = new StringBuffer(); String endline = "-----END"; int endlen = endline.length(); Base64 base64 = new org.bouncycastle.util.encoders.Base64(); StringReader inputStringReader = new StringReader(keyString); BufferedReader inputReader = new BufferedReader(inputStringReader); //line = inputReader.readLine(); // Skip first line while ((line = inputReader.readLine()) != null) { if (line.startsWith("Proc-Type: 4,ENCRYPTED")) { isEncrypted = true; } else if (line.startsWith("DEK-Info:")) { dekInfo = line.substring(10); } else if (line.indexOf(endline) != -1) { break; } else { keyData.append(line); } } // // extract the key // byte[] keyBytes = null; if (isEncrypted) { StringTokenizer tokenizer = new StringTokenizer(dekInfo, ","); String encoding = tokenizer.nextToken(); if (encoding.equals("DES-EDE3-CBC")) { if (_debug) { System.out.println("readPrivateKey, DEKInfo, string encoding is DES-EDE3-CBC"); } String algorithm = "DESede"; byte[] initializationVector = Hex.decode(tokenizer.nextToken()); Key secretKey = getSecretKey(algorithm, 24, initializationVector); Cipher cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding", _jceProvider); cipher.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(initializationVector)); keyBytes = cipher.doFinal(base64.decode(readStream(keyData.toString()))); } else if (encoding.equals("DES-CBC")) { String algorithm = "DES"; byte[] initializationVector = Hex.decode(tokenizer.nextToken()); Key secretKey = getSecretKey(algorithm, 8, initializationVector); Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding", _jceProvider); cipher.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(initializationVector)); String bString = new String(cipher.doFinal(base64.decode(readStream(keyData.toString())))); keyBytes = bString.getBytes(); } else { throw new IOException("unknown encryption with private key"); } } else { keyBytes = base64.decode(readStream(keyData.toString())); } if (keyType.equals("RSA-PKCS8")) { PKCS8EncodedKeySpec private_key_spec = new PKCS8EncodedKeySpec(keyBytes); KeyFactory kfac = KeyFactory.getInstance("RSA", _jceProvider); PrivateKey key = kfac.generatePrivate(private_key_spec); return key; } KeySpec pubSpec, privSpec; ByteArrayInputStream bIn = new ByteArrayInputStream(keyBytes); ASN1InputStream dIn = new ASN1InputStream(bIn); ASN1Sequence seq = (ASN1Sequence) dIn.readObject(); dIn.close(); if (keyType.equals("RSA")) { ASN1Integer v = (ASN1Integer) seq.getObjectAt(0); ASN1Integer modulus = (ASN1Integer) seq.getObjectAt(1); ASN1Integer publicExponent = (ASN1Integer) seq.getObjectAt(2); ASN1Integer privateExponent = (ASN1Integer) seq.getObjectAt(3); ASN1Integer primeP = (ASN1Integer) seq.getObjectAt(4); ASN1Integer primeQ = (ASN1Integer) seq.getObjectAt(5); ASN1Integer primeExponentP = (ASN1Integer) seq.getObjectAt(6); ASN1Integer primeExponentQ = (ASN1Integer) seq.getObjectAt(7); ASN1Integer crtCoefficient = (ASN1Integer) seq.getObjectAt(8); privSpec = new RSAPrivateCrtKeySpec(modulus.getValue(), publicExponent.getValue(), privateExponent.getValue(), primeP.getValue(), primeQ.getValue(), primeExponentP.getValue(), primeExponentQ.getValue(), crtCoefficient.getValue()); } else { // "DSA" ASN1Integer v = (ASN1Integer) seq.getObjectAt(0); ASN1Integer p = (ASN1Integer) seq.getObjectAt(1); ASN1Integer q = (ASN1Integer) seq.getObjectAt(2); ASN1Integer g = (ASN1Integer) seq.getObjectAt(3); ASN1Integer y = (ASN1Integer) seq.getObjectAt(4); ASN1Integer x = (ASN1Integer) seq.getObjectAt(5); privSpec = new DSAPrivateKeySpec(x.getValue(), p.getValue(), q.getValue(), g.getValue()); } KeyFactory keyFactory = null; if (_jceProvider.startsWith("Sun") || _jceProvider.startsWith("SUN")) { keyFactory = KeyFactory.getInstance(keyType); } else { keyFactory = KeyFactory.getInstance(keyType, _jceProvider); } return keyFactory.generatePrivate(privSpec); }