List of usage examples for org.bouncycastle.asn1 ASN1Sequence iterator
public Iterator<ASN1Encodable> iterator()
From source file:org.jruby.ext.openssl.OCSPRequest.java
License:Common Public License
@JRubyMethod(name = "verify", rest = true) public IRubyObject verify(IRubyObject[] args) { Ruby runtime = getRuntime();/*from w ww .j ava2 s .c o m*/ ThreadContext context = runtime.getCurrentContext(); int flags = 0; boolean ret = false; if (Arity.checkArgumentCount(runtime, args, 2, 3) == 3) { flags = RubyFixnum.fix2int((RubyFixnum) args[2]); } IRubyObject certificates = args[0]; IRubyObject store = args[1]; OCSPReq bcOCSPReq = getBCOCSPReq(); if (bcOCSPReq == null) { throw newOCSPError(runtime, new NullPointerException("Missing BC asn1bcReq. Missing certIDs or signature?")); } if (!bcOCSPReq.isSigned()) { return RubyBoolean.newBoolean(runtime, ret); } GeneralName genName = bcOCSPReq.getRequestorName(); if (genName.getTagNo() != 4) { return RubyBoolean.newBoolean(runtime, ret); } X500Name genX500Name = X500Name.getInstance(genName.getName()); X509StoreContext storeContext = null; JcaContentVerifierProviderBuilder jcacvpb = new JcaContentVerifierProviderBuilder(); jcacvpb.setProvider("BC"); try { java.security.cert.Certificate signer = findCertByName(genX500Name, certificates, flags); if (signer == null) return RubyBoolean.newBoolean(runtime, ret); if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOINTERN))) > 0 && ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_TRUSTOTHER))) > 0)) flags |= RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOVERIFY)); if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOSIGS))) == 0) { PublicKey signerPubKey = signer.getPublicKey(); ContentVerifierProvider cvp = jcacvpb.build(signerPubKey); ret = bcOCSPReq.isSignatureValid(cvp); if (!ret) { return RubyBoolean.newBoolean(runtime, ret); } } if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOVERIFY))) == 0) { if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOCHAIN))) > 0) { storeContext = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), context.nil); } else { RubyArray certs = RubyArray.newEmptyArray(runtime); ASN1Sequence bcCerts = asn1bcReq.getOptionalSignature().getCerts(); if (bcCerts != null) { Iterator<ASN1Encodable> it = bcCerts.iterator(); while (it.hasNext()) { Certificate cert = Certificate.getInstance(it.next()); certs.add(X509Cert.wrap(runtime, new X509AuxCertificate(cert))); } } storeContext = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), certs); } storeContext.set_purpose(context, _X509(runtime).getConstant("PURPOSE_OCSP_HELPER")); storeContext.set_trust(context, _X509(runtime).getConstant("TRUST_OCSP_REQUEST")); ret = storeContext.verify(context).isTrue(); if (!ret) return RubyBoolean.newBoolean(runtime, false); } } catch (Exception e) { debugStackTrace(e); throw newOCSPError(runtime, e); } return RubyBoolean.newBoolean(getRuntime(), ret); }
From source file:org.jruby.ext.openssl.OCSPRequest.java
License:Common Public License
private java.security.cert.Certificate findCertByName(ASN1Encodable genX500Name, IRubyObject certificates, int flags) throws CertificateException, IOException { Ruby runtime = getRuntime();//from w w w. j a v a2 s .c om if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOINTERN))) == 0) { ASN1Sequence certs = asn1bcReq.getOptionalSignature().getCerts(); if (certs != null) { Iterator<ASN1Encodable> it = certs.iterator(); while (it.hasNext()) { Certificate cert = Certificate.getInstance(it.next()); if (genX500Name.equals(cert.getSubject())) return new X509AuxCertificate(cert); } } } @SuppressWarnings("unchecked") List<X509Certificate> certList = (RubyArray) certificates; for (X509Certificate cert : certList) { if (genX500Name.equals(X500Name.getInstance(cert.getSubjectX500Principal().getEncoded()))) return new X509AuxCertificate(cert); } return null; }
From source file:pro.javacard.gp.GlobalPlatform.java
License:Open Source License
private void parse_select_response(byte[] fci) throws GPException { try (ASN1InputStream ais = new ASN1InputStream(fci)) { if (ais.available() > 0) { // Read FCI DERApplicationSpecific fcidata = (DERApplicationSpecific) ais.readObject(); // FIXME System.out.println(ASN1Dump.dumpAsString(fcidata, true)); if (fcidata.getApplicationTag() == 15) { ASN1Sequence s = ASN1Sequence.getInstance(fcidata.getObject(BERTags.SEQUENCE)); for (ASN1Encodable e : Lists.newArrayList(s.iterator())) { ASN1TaggedObject t = DERTaggedObject.getInstance(e); if (t.getTagNo() == 4) { // ISD AID ASN1OctetString isdaid = DEROctetString.getInstance(t.getObject()); AID detectedAID = new AID(isdaid.getOctets()); if (sdAID == null) { logger.debug("Auto-detected ISD AID: " + detectedAID); }/*ww w .jav a 2 s. com*/ if (sdAID != null && !detectedAID.equals(sdAID)) { giveStrictWarning("SD AID in FCI does not match the requested AID!"); } this.sdAID = sdAID == null ? detectedAID : sdAID; } else if (t.getTagNo() == 5) { // Proprietary, usually a sequence if (t.getObject() instanceof ASN1Sequence) { ASN1Sequence prop = ASN1Sequence.getInstance(t.getObject()); for (ASN1Encodable enc : Lists.newArrayList(prop.iterator())) { ASN1Primitive proptag = enc.toASN1Primitive(); if (proptag instanceof DERApplicationSpecific) { DERApplicationSpecific isddata = (DERApplicationSpecific) proptag; if (isddata.getApplicationTag() == 19) { spec = GPData.get_version_from_card_data(isddata.getEncoded()); logger.debug("Auto-detected GP version: " + spec); } } else if (proptag instanceof DERTaggedObject) { DERTaggedObject tag = (DERTaggedObject) proptag; if (tag.getTagNo() == 101) { setBlockSize(DEROctetString.getInstance(tag.getObject())); } else if (tag.getTagNo() == 110) { logger.debug("Lifecycle data (ignored): " + HexUtils.bin2hex(tag.getObject().getEncoded())); } else { logger.info("Unknown/unhandled tag in FCI proprietary data: " + HexUtils.bin2hex(tag.getEncoded())); } } else { throw new GPException("Unknown data from card: " + HexUtils.bin2hex(proptag.getEncoded())); } } } else { // Except Feitian cards which have a plain nested tag if (t.getObject() instanceof DERTaggedObject) { DERTaggedObject tag = (DERTaggedObject) t.getObject(); if (tag.getTagNo() == 101) { setBlockSize(DEROctetString.getInstance(tag.getObject())); } else { logger.info("Unknown/unhandled tag in FCI proprietary data: " + HexUtils.bin2hex(tag.getEncoded())); } } } } else { logger.info("Unknown/unhandled tag in FCI: " + HexUtils.bin2hex(t.getEncoded())); } } } else { throw new GPException("Unknown data from card: " + HexUtils.bin2hex(fci)); } } } catch (IOException | ClassCastException e) { throw new GPException("Invalid data: " + e.getMessage(), e); } }
From source file:pro.javacard.gp.GPData.java
License:Open Source License
public static List<GPKeySet.GPKey> get_key_template_list(byte[] data) throws GPException { List<GPKey> r = new ArrayList<>(); try (ASN1InputStream ais = new ASN1InputStream(data)) { while (ais.available() > 0) { ASN1ApplicationSpecific keys = (DERApplicationSpecific) ais.readObject(); // System.out.println(ASN1Dump.dumpAsString(keys, true)); ASN1Sequence seq = (ASN1Sequence) keys.getObject(BERTags.SEQUENCE); for (ASN1Encodable p : Lists.newArrayList(seq.iterator())) { ASN1ApplicationSpecific key = (DERApplicationSpecific) p.toASN1Primitive(); byte[] tmpl = key.getContents(); if (tmpl.length < 4) { throw new GPDataException("Key info template shorter than 4 bytes", tmpl); }//w w w . ja v a 2s . c o m int id = tmpl[0] & 0xFF; int version = tmpl[1] & 0xFF; int type = tmpl[2] & 0xFF; int length = tmpl[3] & 0xFF; if (type == 0xFF) { throw new GPDataException("Extended key template not yet supported", tmpl); } r.add(new GPKey(version, id, length, type)); } } } catch (IOException | ClassCastException e) { throw new GPDataException("Could not parse key template: " + e.getMessage(), e); } return r; }
From source file:pro.javacard.gp.GPData.java
License:Open Source License
public static GPSpec get_version_from_card_data(byte[] data) throws GPException { try (ASN1InputStream ais = new ASN1InputStream(data)) { if (ais.available() > 0) { // Read card recognition data DERApplicationSpecific card_data = (DERApplicationSpecific) ais.readObject(); ASN1Sequence seq = (ASN1Sequence) card_data.getObject(BERTags.SEQUENCE); for (ASN1Encodable p : Lists.newArrayList(seq.iterator())) { if (p instanceof ASN1ObjectIdentifier) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) p; // Must be fixed if (!oid.toString().equalsIgnoreCase("1.2.840.114283.1")) { throw new GPDataException("Invalid CardRecognitionData: " + oid.toString()); }/*from w w w. jav a2s . c o m*/ } else if (p instanceof DERApplicationSpecific) { DERApplicationSpecific tag = (DERApplicationSpecific) p; int n = tag.getApplicationTag(); if (n == 0) { // Version String oid = ASN1ObjectIdentifier.getInstance(tag.getObject()).toString(); if (oid.equalsIgnoreCase("1.2.840.114283.2.2.1.1")) { return GPSpec.GP211; } else if (oid.equalsIgnoreCase("1.2.840.114283.2.2.2")) { return GPSpec.GP22; } else if (oid.equals("1.2.840.114283.2.2.2.1")) { return GPSpec.GP22; // TODO: no need to differentiate currently } else { throw new GPDataException("Invalid GP version OID: " + oid); } } } else { throw new GPDataException("Invalid type in card data", p.toASN1Primitive().getEncoded()); } } } } catch (IOException | ClassCastException e) { throw new GPDataException("Invalid data: " + e.getMessage()); } // Default to GP211 return GPSpec.GP211; }
From source file:pro.javacard.gp.GPRegistry.java
License:Open Source License
private void populate_tags(byte[] data, Kind type) throws GPDataException { try (ASN1InputStream ais = new ASN1InputStream(data)) { while (ais.available() > 0) { DERApplicationSpecific registry_data = (DERApplicationSpecific) ais.readObject(); // System.out.println(ASN1Dump.dumpAsString(registry_data, true)); if (registry_data.getApplicationTag() == 3) { // XXX: a bit ugly and wasting code, we populate both objects but add only one GPRegistryEntryApp app = new GPRegistryEntryApp(); GPRegistryEntryPkg pkg = new GPRegistryEntryPkg(); ASN1Sequence seq = (ASN1Sequence) registry_data.getObject(BERTags.SEQUENCE); for (ASN1Encodable p : Lists.newArrayList(seq.iterator())) { if (p instanceof DERApplicationSpecific) { ASN1ApplicationSpecific entry = DERApplicationSpecific.getInstance(p); if (entry.getApplicationTag() == 15) { AID aid = new AID(entry.getContents()); app.setAID(aid); pkg.setAID(aid); } else if (entry.getApplicationTag() == 5) { // privileges Privileges privs = Privileges.fromBytes(entry.getContents()); app.setPrivileges(privs); } else if (entry.getApplicationTag() == 4) { AID a = new AID(entry.getContents()); app.setLoadFile(a); } else if (entry.getApplicationTag() == 12) { AID a = new AID(entry.getContents()); app.setDomain(a); pkg.setDomain(a); } else if (entry.getApplicationTag() == 14) { pkg.setVersion(entry.getContents()); } else { // XXX there are cards that have unknown tags. // Normally we'd like to avoid having proprietary data // but the rest of the response parses OK. So just ignore these // tags instead of throwing an exception logger.warn("Unknown tag: " + HexUtils.bin2hex(entry.getEncoded())); }// w w w. j ava 2 s . c o m } else if (p instanceof DERTaggedObject) { ASN1TaggedObject tag = DERTaggedObject.getInstance(p); if (tag.getTagNo() == 112) { // lifecycle ASN1OctetString lc = DEROctetString.getInstance(tag, false); app.setLifeCycle(lc.getOctets()[0] & 0xFF); pkg.setLifeCycle(lc.getOctets()[0] & 0xFF); } else if (tag.getTagNo() == 4) { // Executable module AID ASN1OctetString lc = DEROctetString.getInstance(tag, false); AID a = new AID(lc.getOctets()); pkg.addModule(a); } else { logger.warn("Unknown data: " + HexUtils.bin2hex(tag.getEncoded())); } } } // Construct entry if (type == Kind.ExecutableLoadFile) { pkg.setType(type); add(pkg); } else { app.setType(type); add(app); } } else { throw new GPDataException("Invalid tag", registry_data.getEncoded()); } } } catch (IOException e) { throw new GPDataException("Invalid data", e); } }
From source file:se.tillvaxtverket.ttsigvalws.ttwssigvalidation.pdf.PdfBoxSigUtil.java
License:Open Source License
/** * Gets a map of recognized subject DN attributes * * @param subjectDn subhect Dn//from www .j a va 2 s .co m * @return Subject DN attribute map */ public static Map<SubjectDnAttribute, String> getSubjectAttributes(ASN1Sequence subjectDn) { Map<SubjectDnAttribute, String> subjectDnAttributeMap = new EnumMap<SubjectDnAttribute, String>( SubjectDnAttribute.class); try { Iterator<ASN1Encodable> subjDnIt = subjectDn.iterator(); while (subjDnIt.hasNext()) { ASN1Set rdnSet = (ASN1Set) subjDnIt.next(); Iterator<ASN1Encodable> rdnSetIt = rdnSet.iterator(); while (rdnSetIt.hasNext()) { ASN1Sequence rdnSeq = (ASN1Sequence) rdnSetIt.next(); ASN1ObjectIdentifier rdnOid = (ASN1ObjectIdentifier) rdnSeq.getObjectAt(0); String oidStr = rdnOid.getId(); ASN1Encodable rdnVal = rdnSeq.getObjectAt(1); String rdnValStr = getStringValue(rdnVal); SubjectDnAttribute subjectDnAttr = SubjectDnAttribute.getSubjectDnFromOid(oidStr); if (!subjectDnAttr.equals(SubjectDnAttribute.unknown)) { subjectDnAttributeMap.put(subjectDnAttr, rdnValStr); } } } } catch (Exception e) { } return subjectDnAttributeMap; }