List of usage examples for org.bouncycastle.asn1 ASN1OctetString getInstance
public static ASN1OctetString getInstance(ASN1TaggedObject taggedObject, boolean explicit)
From source file:ca.trustpoint.m2m.M2mCertificateFactory.java
License:Apache License
/** * Generates a certificate object and initializes it with the data read from the * {@link java.io.InputStream InputStream} {@code inStream}. * * <p>/*from w w w .ja v a 2s . c o m*/ * The returned certificate object can be casted to the {@link M2mCertificate M2MCertificate} * class. * * <p> * The certificate provided in {@code inStream} must be DER-encoded and may be supplied in binary * or printable (Base64) encoding. If the certificate is provided in Base64 encoding, it must be * bounded at the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at the end by * -----END CERTIFICATE-----. * * <p> * Note that if the given input stream does not support {@link java.io.InputStream#mark(int) mark} * and {@link java.io.InputStream#reset() reset}, this method will consume the entire input * stream. Otherwise, each call to this method consumes one certificate and the read position of * the input stream is positioned to the next available byte after the inherent end-of-certificate * marker. If the data in the input stream does not contain an inherent end-of-certificate marker * (other than EOF) and there is trailing data after the certificate is parsed, a * {@link java.security.cert.CertificateException CertificateException} is thrown. * * @param inStream an input stream with the certificate data. * * @return a certificate object initialized with the data from the input stream. * * @exception CertificateException on parsing errors. */ @Override public Certificate engineGenerateCertificate(InputStream inStream) throws CertificateException { if (inStream == null) { throw new IllegalArgumentException("input stream is null"); } try { ASN1InputStream aIn = new ASN1InputStream(inStream); ASN1ApplicationSpecific app = ASN1ApplicationSpecific.getInstance(aIn.readObject()); aIn.close(); int appTag = app.getApplicationTag(); if (appTag != M2mCertificate.APPLICATION_TAG_NUMBER) { throw new IOException("not M2M certificate application tag: " + appTag); } ASN1Sequence seq = (ASN1Sequence) app.getObject(BERTags.SEQUENCE); if (seq.size() != 2) { throw new IOException("sequence wrong size for a M2M certificate"); } // Construct M2M certificate M2mCertificate cert = new M2mCertificate(); for (int i = 0; i < seq.size(); i++) { ASN1TaggedObject obj = (ASN1TaggedObject) seq.getObjectAt(i); CertificateFields tag = CertificateFields.getInstance(obj.getTagNo()); switch (tag) { case TBS_CERTIFICATE: ASN1Sequence tbsCertificate = ASN1Sequence.getInstance(obj, false); parseTbsCertificate(tbsCertificate, cert); break; case CA_CALC_VALUE: ASN1OctetString cACalcValue = ASN1OctetString.getInstance(obj, false); cert.setCaCalcValue(cACalcValue.getOctets()); break; default: throw new IOException("unknown M2M data field number: " + tag.getTagNumber()); } } return cert; } catch (Exception e) { // Catch all exceptions and convert it to a CertificateException throw new CertificateException("exception on parsing certificate data", e); } }
From source file:ca.trustpoint.m2m.M2mCertificateFactory.java
License:Apache License
/** * Parses the given ASN.1 sequence and return the corresponding {@link M2mCertificate * M2MCertificate} object./*from w w w . j a va 2 s .c om*/ * * @param seq ASN.1 sequence containing TBS data. * @param cert A M2MCertificate object. * @throw InvalidKeyException if public key is invalid. * @throw IOException if parsing error. * @throw URISyntaxException if URI field is invalid. */ private void parseTbsCertificate(ASN1Sequence seq, M2mCertificate cert) throws InvalidKeyException, IOException, URISyntaxException { if (seq.size() < 2) { throw new IOException("no enough data for TBS certificate in sequence"); } // Set tbsCertificate for (int i = 0; i < seq.size(); i++) { ASN1TaggedObject obj = (ASN1TaggedObject) seq.getObjectAt(i); TbsCertificateFields tag = TbsCertificateFields.getInstance(obj.getTagNo()); switch (tag) { case SERIAL_NUMBER: ASN1OctetString serialNumber = ASN1OctetString.getInstance(obj, false); cert.setSerialNumber(serialNumber.getOctets()); break; case CA_ALGORITHM: ASN1ObjectIdentifier cAAlgorithm = ASN1ObjectIdentifier.getInstance(obj, false); if (cert.getCaKeyDefinition() == null) { cert.setCaKeyDefinition(new KeyAlgorithmDefinition()); } cert.getCaKeyDefinition().setAlgorithm(parseKeyAlgorithmDefinitionAlgorithm(cAAlgorithm)); break; case CA_ALGORITHM_PARAMETERS: ASN1OctetString cAAlgParams = ASN1OctetString.getInstance(obj, false); if (cert.getCaKeyDefinition() == null) { cert.setCaKeyDefinition(new KeyAlgorithmDefinition()); } cert.getCaKeyDefinition().setParameters(cAAlgParams.getOctets()); break; case ISSUER: ASN1Sequence issuerSeq = ASN1Sequence.getInstance(obj, false); cert.setIssuer(parseEntityName(issuerSeq)); break; case VALID_FROM: ASN1OctetString validFrom = ASN1OctetString.getInstance(obj, false); BigInteger dateTimeBInt = new BigInteger(validFrom.getOctets()); // date in sequence is second, converts to millisecond for constructing Date long dateTime = dateTimeBInt.longValue() * 1000; cert.setValidFrom(new Date(dateTime)); break; case VALID_DURATION: ASN1OctetString validDuration = ASN1OctetString.getInstance(obj, false); BigInteger duration = new BigInteger(validDuration.getOctets()); cert.setValidDuration(new Integer(duration.intValue())); break; case SUBJECT: ASN1Sequence subjectSeq = ASN1Sequence.getInstance(obj, false); cert.setSubject(parseEntityName(subjectSeq)); break; case PUBLIC_KEY_ALGORITHM: ASN1ObjectIdentifier pKAlgorithm = ASN1ObjectIdentifier.getInstance(obj, false); if (cert.getPublicKeyDefinition() == null) { cert.setPublicKeyDefinition(new KeyAlgorithmDefinition()); } cert.getPublicKeyDefinition().setAlgorithm(parseKeyAlgorithmDefinitionAlgorithm(pKAlgorithm)); break; case PUBLIC_KEY_ALGORITHM_PARAMETERS: ASN1OctetString pKAlgParams = ASN1OctetString.getInstance(obj, false); if (cert.getPublicKeyDefinition() == null) { cert.setPublicKeyDefinition(new KeyAlgorithmDefinition()); } cert.getPublicKeyDefinition().setParameters(pKAlgParams.getOctets()); break; case PUBLIC_KEY: ASN1OctetString pubKey = ASN1OctetString.getInstance(obj, false); byte[] rawPublicKey = pubKey.getOctets(); cert.setIsPublicKeyCompressed(KeyConversionUtils.isCompressedEcPoint(rawPublicKey)); PublicKey publicKey = KeyConversionUtils.convertRawBytestoEcPublicKey(rawPublicKey); cert.setPublicKey(publicKey); break; case AUTHORITY_KEY_ID: ASN1Sequence authKeyIdSeq = ASN1Sequence.getInstance(obj, false); cert.setAuthorityKeyIdentifier(parseAuthorityKeyIdentifier(authKeyIdSeq)); break; case SUBJECT_KEY_ID: ASN1OctetString subjKeyId = ASN1OctetString.getInstance(obj, false); cert.setSubjectKeyIdentifier(subjKeyId.getOctets()); break; case KEY_USAGE: ASN1OctetString keyUsageObj = ASN1OctetString.getInstance(obj, false); KeyUsage keyUsage = new KeyUsage(keyUsageObj.getEncoded()); cert.setKeyUsage(keyUsage); break; case BASIC_CONSTRAINTS: ASN1Integer basicConstraints = ASN1Integer.getInstance(obj, false); cert.setBasicConstraints(basicConstraints.getValue().intValue()); break; case CERTIFICATE_POLICY: ASN1ObjectIdentifier certPolicy = ASN1ObjectIdentifier.getInstance(obj, false); cert.setCertificatePolicy(certPolicy.getId()); break; case SUBJECT_ALTERNATE_NAME: ASN1TaggedObject subjectAltNameObj = ASN1TaggedObject.getInstance(obj, true); cert.setSubjectAlternativeName(parseGeneralName(subjectAltNameObj)); break; case ISSUER_ALTERNATE_NAME: ASN1TaggedObject issuerAltNameObj = ASN1TaggedObject.getInstance(obj, true); cert.setIssuerAlternativeName(parseGeneralName(issuerAltNameObj)); break; case EXTENDED_KEY_USAGE: ASN1ObjectIdentifier extendedKeyUsage = ASN1ObjectIdentifier.getInstance(obj, false); cert.setExtendedKeyUsage(extendedKeyUsage.getId()); break; case AUTHENTICATION_INFO_ACCESS_OCSP: DERIA5String authInfoAccessOCSPObj = DERIA5String.getInstance(obj, false); URI authInfoAccessOCSP = new URI(authInfoAccessOCSPObj.getString()); cert.setAuthenticationInfoAccessOcsp(authInfoAccessOCSP); break; case CRL_DISTRIBUTION_POINT_URI: DERIA5String cRLDistribPointURIObj = DERIA5String.getInstance(obj, false); URI cRLDistribPointURI = new URI(cRLDistribPointURIObj.getString()); cert.setCrlDistributionPointUri(cRLDistribPointURI); break; case EXTENSIONS: ASN1Sequence x509extensionsSeq = ASN1Sequence.getInstance(obj, false); parseX509extensions(x509extensionsSeq, cert); break; default: throw new IOException("unknow TBS certificate field number: " + tag.getTagNumber()); } } }
From source file:ca.trustpoint.m2m.M2mCertificateFactory.java
License:Apache License
/** * Parses ASN.1 tagged object to construct an {@link EntityNameAttribute} object. * * @param obj ASN.1 tagged object for {@link EntityNameAttribute}. * @return An instance of {@link EntityNameAttribute} constructed from obj. * @throw IOException if parsing has error or unknown ID or no value. *///from ww w .ja va 2 s . c o m private EntityNameAttribute parseEntityNameAttribute(ASN1TaggedObject obj) throws IOException { EntityNameAttributeId aid = EntityNameAttributeId.getInstance(obj.getTagNo()); String value = null; switch (aid) { case Country: case DistinguishedNameQualifier: case SerialNumber: value = DERPrintableString.getInstance(obj, false).getString(); break; case Organization: case OrganizationalUnit: case StateOrProvince: case Locality: case CommonName: value = DERUTF8String.getInstance(obj, false).getString(); break; case DomainComponent: value = DERIA5String.getInstance(obj, false).getString(); break; case RegisteredId: value = ASN1ObjectIdentifier.getInstance(obj, false).getId(); break; case OctetsName: byte[] octets = ASN1OctetString.getInstance(obj, false).getOctets(); value = Hex.toHexString(octets); break; default: throw new IOException("unknown entity name attribute id: " + aid.getIndexId()); } if (value == null) { throw new IOException("null entity name attribute value for id: " + aid.getIndexId()); } EntityNameAttribute attribute = new EntityNameAttribute(); attribute.setId(aid); attribute.setValue(value); if (!attribute.isValid()) { throw new IOException("invalid entity name attribute value for id: " + aid.getIndexId()); } return attribute; }
From source file:ca.trustpoint.m2m.M2mCertificateFactory.java
License:Apache License
/** * Parses ASN.1 sequence to construct an {@link AuthorityKeyIdentifier} object. * * @param seq An ASN.1 sequence.//from www . ja v a 2 s . com * @return An instance of {@link AuthorityKeyIdentifier} constructed from seq. * @throw IOException if parsing error or data invalid. */ private AuthorityKeyIdentifier parseAuthorityKeyIdentifier(ASN1Sequence seq) throws IOException { if (seq.size() < 1) { throw new IOException("no authKeyId data in sequence"); } else if (seq.size() > 3) { throw new IOException("too much authKeyId data in sequence: " + seq.size()); } AuthorityKeyIdentifier authKeyId = new AuthorityKeyIdentifier(); for (int i = 0; i < seq.size(); i++) { ASN1TaggedObject obj = (ASN1TaggedObject) seq.getObjectAt(i); switch (obj.getTagNo()) { case AuthorityKeyIdentifier.INDEX_KEY_IDENTIFIER: ASN1OctetString identifierObj = ASN1OctetString.getInstance(obj, false); authKeyId.setKeyIdentifier(identifierObj.getOctets()); break; case AuthorityKeyIdentifier.INDEX_AUTH_CERT_ISSUER: ASN1TaggedObject authCertIssuerObj = ASN1TaggedObject.getInstance(obj, true); authKeyId.setCertificateIssuer(parseGeneralName(authCertIssuerObj)); break; case AuthorityKeyIdentifier.INDEX_AUTH_CERT_SERIAL_NUM: ASN1OctetString authCertSerialNumObj = ASN1OctetString.getInstance(obj, false); BigInteger serialNumber = new BigInteger(authCertSerialNumObj.getOctets()); authKeyId.setCertificateSerialNumber(serialNumber); break; default: throw new IOException("unknown authKeyId index: " + obj.getTagNo()); } } if (!authKeyId.isValid()) { throw new IOException("invalid AuthorityKeyIdentifier instance parsed from ASN.1 sequence"); } return authKeyId; }
From source file:ca.trustpoint.m2m.M2mCertificateFactory.java
License:Apache License
/** * Parses ASN.1 tagged object to construct a {@link GeneralName} object. * * @param obj An ASN.1 tagged object./* w ww. j ava 2 s . co m*/ * @return An instance of {@link GeneralName} constructed from obj. * @throw IOException if parsing error or data invalid. */ private GeneralName parseGeneralName(ASN1TaggedObject obj) throws IOException { GeneralName name = new GeneralName(); GeneralNameAttributeId id = GeneralNameAttributeId.getInstance(obj.getTagNo()); switch (id) { case Rfc822Name: DERIA5String rfc822NameObj = DERIA5String.getInstance(obj, false); name.setAttributeId(GeneralNameAttributeId.Rfc822Name); name.setValue(rfc822NameObj.getString()); break; case DnsName: DERIA5String dNSNameObj = DERIA5String.getInstance(obj, false); name.setAttributeId(GeneralNameAttributeId.DnsName); name.setValue(dNSNameObj.getString()); break; case DirectoryName: ASN1Sequence directoryNameSeq = ASN1Sequence.getInstance(obj, false); name.setEntity(parseEntityName(directoryNameSeq)); break; case Uri: DERIA5String uriObj = DERIA5String.getInstance(obj, false); name.setAttributeId(GeneralNameAttributeId.Uri); name.setValue(uriObj.getString()); break; case IpAddress: ASN1OctetString iPAddressObj = ASN1OctetString.getInstance(obj, false); String iPAddress = InetAddress.getByAddress(iPAddressObj.getOctets()).getHostAddress(); name.setAttributeId(GeneralNameAttributeId.IpAddress); name.setValue(iPAddress); break; case RegisteredId: ASN1ObjectIdentifier registeredIDObj = ASN1ObjectIdentifier.getInstance(obj, false); name.setAttributeId(GeneralNameAttributeId.RegisteredId); name.setValue(registeredIDObj.getId()); break; default: throw new IOException("unknown GeneralName ID: " + id.getIndexId()); } if (!name.isValid()) { throw new IOException("invalid GeneralName instance parsed from ASN.1 tagged object"); } return name; }
From source file:ca.trustpoint.m2m.M2mCertificateFactory.java
License:Apache License
/** * Parses ASN.1 sequence to set up X.509 extentions of a {@link M2mCertificate} object. * * @param seq An ASN.1 sequence containing X.509 extentions. * @param cert A {@link M2mCertificate} object to be filled. * @throw IOException if parsing error or data invalid. *//*from ww w. ja va 2s. c o m*/ private void parseX509extensions(ASN1Sequence seq, M2mCertificate cert) throws IOException { if (seq.size() < 1) { throw new IOException("not X.509 extension data in sequence"); } for (int i = 0; i < seq.size(); i++) { ASN1Sequence extSeq = (ASN1Sequence) seq.getObjectAt(i); if (extSeq.size() < 2) { throw new IOException("no enough data fields for X.509 extension in sequence"); } else if (extSeq.size() > 3) { throw new IOException("too many data fields for X.509 extension in sequence"); } String oid = null; boolean isCritical = false; byte[] value = null; for (int j = 0; j < extSeq.size(); j++) { ASN1TaggedObject obj = (ASN1TaggedObject) extSeq.getObjectAt(j); switch (obj.getTagNo()) { case 0: // oid ASN1ObjectIdentifier oidObj = ASN1ObjectIdentifier.getInstance(obj, false); oid = oidObj.getId(); break; case 1: // isCritical ASN1Boolean isCriticalObj = ASN1Boolean.getInstance(obj, false); isCritical = isCriticalObj.isTrue(); break; case 2: // value ASN1OctetString valueObj = ASN1OctetString.getInstance(obj, false); value = valueObj.getOctets(); break; default: throw new IOException("unknown x509extension ID: " + obj.getTagNo()); } } cert.addExtension(oid, isCritical, value); } }
From source file:com.itextpdf.signatures.CertificateUtil.java
License:Open Source License
/** * Gets a String from an ASN1Primitive/*from w w w .ja v a 2s . com*/ * @param names the ASN1Primitive * @return a human-readable String * @throws IOException */ private static String getStringFromGeneralName(ASN1Primitive names) throws IOException { ASN1TaggedObject taggedObject = (ASN1TaggedObject) names; return new String(ASN1OctetString.getInstance(taggedObject, false).getOctets(), "ISO-8859-1"); }
From source file:com.itextpdf.text.pdf.PdfPKCS7.java
License:Open Source License
private static String getStringFromGeneralName(DERObject names) throws IOException { DERTaggedObject taggedObject = (DERTaggedObject) names; return new String(ASN1OctetString.getInstance(taggedObject, false).getOctets(), "ISO-8859-1"); }
From source file:com.yacme.ext.oxsit.cust_it.security.crl.X509CertRL.java
License:Open Source License
private static String getStringFromGeneralNames(DERObject names) { ASN1Sequence namesSequence = ASN1Sequence.getInstance((ASN1TaggedObject) names, false); if (namesSequence.size() == 0) { return null; }/*from w ww . ja v a 2s . c om*/ DERTaggedObject taggedObject = (DERTaggedObject) namesSequence.getObjectAt(0); return new String(ASN1OctetString.getInstance(taggedObject, false).getOctets()); }
From source file:jcifs.spnego.NegTokenInit.java
License:Open Source License
@Override protected void parse(byte[] token) throws IOException { try (ASN1InputStream is = new ASN1InputStream(token)) { DERApplicationSpecific constructed = (DERApplicationSpecific) is.readObject(); if (constructed == null || !constructed.isConstructed()) throw new IOException("Malformed SPNEGO token " + constructed + (constructed != null ? " " + constructed.isConstructed() + " " + constructed.getApplicationTag() : "")); try (ASN1InputStream der = new ASN1InputStream(constructed.getContents())) { ASN1ObjectIdentifier spnego = (ASN1ObjectIdentifier) der.readObject(); if (!SPNEGO_OID.equals(spnego)) { throw new IOException("Malformed SPNEGO token, OID " + spnego); }/*from w ww .j av a2s. c om*/ ASN1TaggedObject tagged = (ASN1TaggedObject) der.readObject(); if (tagged.getTagNo() != 0) { throw new IOException("Malformed SPNEGO token: tag " + tagged.getTagNo() + " " + tagged); } ASN1Sequence sequence = ASN1Sequence.getInstance(tagged, true); Enumeration<ASN1Object> fields = sequence.getObjects(); while (fields.hasMoreElements()) { tagged = (ASN1TaggedObject) fields.nextElement(); switch (tagged.getTagNo()) { case 0: sequence = ASN1Sequence.getInstance(tagged, true); Oid[] mechs = new Oid[sequence.size()]; for (int i = mechs.length - 1; i >= 0; i--) { ASN1ObjectIdentifier mechanism = (ASN1ObjectIdentifier) sequence.getObjectAt(i); mechs[i] = new Oid(mechanism.getId()); } setMechanisms(mechs); break; case 1: DERBitString ctxFlags = DERBitString.getInstance(tagged, true); setContextFlags(ctxFlags.getBytes()[0] & 0xff); break; case 2: ASN1OctetString mechanismToken = ASN1OctetString.getInstance(tagged, true); setMechanismToken(mechanismToken.getOctets()); break; case 3: if (!(tagged.getObject() instanceof DEROctetString)) { break; } case 4: ASN1OctetString mechanismListMIC = ASN1OctetString.getInstance(tagged, true); setMechanismListMIC(mechanismListMIC.getOctets()); break; default: throw new IOException("Malformed token field."); } } } catch (GSSException e) { throw new IOException("Failed to read OID", e); } } }