List of usage examples for org.bouncycastle.asn1 ASN1String getString
public String getString();
From source file:ec.rubrica.cert.CertUtils.java
License:Open Source License
public static String getExtensionValue(X509Certificate certificate, String oid) throws IOException { String decoded = null;//from w w w . j a va2s. c om byte[] extensionValue = certificate.getExtensionValue(oid); if (extensionValue != null) { ASN1Primitive derObject = toDERObject(extensionValue); if (derObject instanceof DEROctetString) { DEROctetString derOctetString = (DEROctetString) derObject; derObject = toDERObject(derOctetString.getOctets()); if (derObject instanceof ASN1String) { ASN1String s = (ASN1String) derObject; decoded = s.getString(); } } } return decoded; }
From source file:eu.europa.ec.markt.dss.validation102853.cades.CAdESSignature.java
License:Open Source License
@Override public String[] getClaimedSignerRoles() { final AttributeTable attributes = signerInformation.getSignedAttributes(); if (attributes == null) { return null; }// ww w . j a va 2 s . c o m final Attribute id_aa_ets_signerAttr = attributes.get(PKCSObjectIdentifiers.id_aa_ets_signerAttr); if (id_aa_ets_signerAttr == null) { return null; } final ASN1Set attrValues = id_aa_ets_signerAttr.getAttrValues(); final ASN1Encodable attrValue = attrValues.getObjectAt(0); try { final SignerAttribute signerAttr = SignerAttribute.getInstance(attrValue); if (signerAttr == null) { return null; } final List<String> claimedRoles = new ArrayList<String>(); final Object[] signerAttrValues = signerAttr.getValues(); for (final Object signerAttrValue : signerAttrValues) { if (!(signerAttrValue instanceof org.bouncycastle.asn1.x509.Attribute[])) { continue; } final org.bouncycastle.asn1.x509.Attribute[] signerAttrValueArray = (org.bouncycastle.asn1.x509.Attribute[]) signerAttrValue; for (final org.bouncycastle.asn1.x509.Attribute claimedRole : signerAttrValueArray) { final ASN1Encodable[] attrValues1 = claimedRole.getAttrValues().toArray(); for (final ASN1Encodable asn1Encodable : attrValues1) { if (asn1Encodable instanceof ASN1String) { ASN1String asn1String = (ASN1String) asn1Encodable; final String s = asn1String.getString(); claimedRoles.add(s); } } } } final String[] strings = claimedRoles.toArray(new String[claimedRoles.size()]); return strings; } catch (Exception e) { throw new DSSException("Error when dealing with claimed signer roles: [" + attrValue.toString() + "]", e); } }
From source file:net.sf.keystore_explorer.utilities.asn1.Asn1Dump.java
License:Open Source License
private String dumpString(ASN1String asn1String) { StringBuilder sb = new StringBuilder(); sb.append(indentSequence.toString(indentLevel)); if (asn1String instanceof DERBMPString) { sb.append("BMP STRING="); } else if (asn1String instanceof DERGeneralString) { sb.append("GENERAL STRING="); } else if (asn1String instanceof DERIA5String) { sb.append("IA5 STRING="); } else if (asn1String instanceof DERNumericString) { sb.append("NUMERIC STRING="); } else if (asn1String instanceof DERPrintableString) { sb.append("PRINTABLE STRING="); } else if (asn1String instanceof DERT61String) { sb.append("TELETEX STRING="); } else if (asn1String instanceof DERUniversalString) { sb.append("UNIVERSAL STRING="); } else if (asn1String instanceof DERUTF8String) { sb.append("UTF8 STRING="); } else if (asn1String instanceof DERVisibleString) { sb.append("VISIBLE STRING="); } else {/*ww w. j ava2 s.c o m*/ sb.append("UNKNOWN STRING="); } sb.append("'"); sb.append(asn1String.getString()); sb.append("'"); sb.append(NEWLINE); return sb.toString(); }
From source file:org.cesecore.certificates.certificate.request.PKCS10RequestMessage.java
License:Open Source License
@Override public String getPassword() { if (password != null) { return password; }//from w ww .j a v a 2s . c om try { if (pkcs10 == null) { init(); } } catch (NullPointerException e) { log.error("PKCS10 not initated! " + e.getMessage()); return null; } String ret = null; Attribute[] attributes = pkcs10.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_challengePassword); ASN1Encodable obj = null; if (attributes.length == 0) { // See if we have it embedded in an extension request instead attributes = pkcs10.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); if (attributes.length == 0) { return null; } if (log.isDebugEnabled()) { log.debug("got extension request"); } ASN1Set values = attributes[0].getAttrValues(); if (values.size() == 0) { return null; } Extensions exts = Extensions.getInstance(values.getObjectAt(0)); Extension ext = exts.getExtension(PKCSObjectIdentifiers.pkcs_9_at_challengePassword); if (ext == null) { if (log.isDebugEnabled()) { log.debug("no challenge password extension"); } return null; } obj = ext.getExtnValue(); } else { // If it is a challengePassword directly, it's just to grab the value ASN1Set values = attributes[0].getAttrValues(); obj = values.getObjectAt(0); } if (obj != null) { ASN1String str = null; try { str = DERPrintableString.getInstance((obj)); } catch (IllegalArgumentException ie) { // This was not printable string, should be utf8string then according to pkcs#9 v2.0 str = DERUTF8String.getInstance((obj)); } if (str != null) { ret = str.getString(); } } return ret; }
From source file:org.ejbca.core.protocol.MSPKCS10RequestMessage.java
License:Open Source License
/** * Returns the name of the Certificate Template or null if not available or not known. *///w w w . j a v a 2 s .c o m public String getMSRequestInfoTemplateName() { if (pkcs10 == null) { log.error("PKCS10 not inited!"); return null; } // Get attributes Attribute[] attributes = pkcs10.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); if (attributes.length == 0) { log.error("Cannot find request extension."); return null; } ASN1Set set = attributes[0].getAttrValues(); DERSequence seq = (DERSequence) DERSequence.getInstance(set.getObjectAt(0)); Enumeration<?> enumeration = seq.getObjects(); while (enumeration.hasMoreElements()) { DERSequence seq2 = (DERSequence) DERSequence.getInstance(enumeration.nextElement()); ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) seq2.getObjectAt(0); if (szOID_ENROLL_CERTTYPE_EXTENSION.equals(oid.getId())) { try { DEROctetString dos = (DEROctetString) seq2.getObjectAt(1); ASN1InputStream dosAsn1InputStream = new ASN1InputStream( new ByteArrayInputStream(dos.getOctets())); try { ASN1String derobj = (ASN1String) dosAsn1InputStream.readObject(); return derobj.getString(); } finally { dosAsn1InputStream.close(); } } catch (IOException e) { log.error(e); } } } return null; }
From source file:org.ejbca.core.protocol.scep.ProtocolScepHttpTest.java
License:Open Source License
private void checkScepResponse(byte[] retMsg, String userDN, String _senderNonce, String _transId, boolean crlRep, String digestOid, boolean noca) throws CMSException, OperatorCreationException, NoSuchProviderException, CRLException, InvalidKeyException, NoSuchAlgorithmException, SignatureException, CertificateException { // Parse response message //// w w w.j a v a 2 s . c o m CMSSignedData s = new CMSSignedData(retMsg); // The signer, i.e. the CA, check it's the right CA SignerInformationStore signers = s.getSignerInfos(); @SuppressWarnings("unchecked") Collection<SignerInformation> col = signers.getSigners(); assertTrue(col.size() > 0); Iterator<SignerInformation> iter = col.iterator(); SignerInformation signerInfo = iter.next(); // Check that the message is signed with the correct digest alg assertEquals(signerInfo.getDigestAlgOID(), digestOid); SignerId sinfo = signerInfo.getSID(); // Check that the signer is the expected CA assertEquals(CertTools.stringToBCDNString(cacert.getIssuerDN().getName()), CertTools.stringToBCDNString(sinfo.getIssuer().toString())); // Verify the signature JcaDigestCalculatorProviderBuilder calculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder() .setProvider(BouncyCastleProvider.PROVIDER_NAME); JcaSignerInfoVerifierBuilder jcaSignerInfoVerifierBuilder = new JcaSignerInfoVerifierBuilder( calculatorProviderBuilder.build()).setProvider(BouncyCastleProvider.PROVIDER_NAME); boolean ret = signerInfo.verify(jcaSignerInfoVerifierBuilder.build(cacert.getPublicKey())); assertTrue(ret); // Get authenticated attributes AttributeTable tab = signerInfo.getSignedAttributes(); // --Fail info Attribute attr = tab.get(new ASN1ObjectIdentifier(ScepRequestMessage.id_failInfo)); // No failInfo on this success message assertNull(attr); // --Message type attr = tab.get(new ASN1ObjectIdentifier(ScepRequestMessage.id_messageType)); assertNotNull(attr); ASN1Set values = attr.getAttrValues(); assertEquals(values.size(), 1); ASN1String str = DERPrintableString.getInstance((values.getObjectAt(0))); String messageType = str.getString(); assertEquals("3", messageType); // --Success status attr = tab.get(new ASN1ObjectIdentifier(ScepRequestMessage.id_pkiStatus)); assertNotNull(attr); values = attr.getAttrValues(); assertEquals(values.size(), 1); str = DERPrintableString.getInstance((values.getObjectAt(0))); assertEquals(ResponseStatus.SUCCESS.getStringValue(), str.getString()); // --SenderNonce attr = tab.get(new ASN1ObjectIdentifier(ScepRequestMessage.id_senderNonce)); assertNotNull(attr); values = attr.getAttrValues(); assertEquals(values.size(), 1); ASN1OctetString octstr = ASN1OctetString.getInstance(values.getObjectAt(0)); // SenderNonce is something the server came up with, but it should be 16 // chars assertTrue(octstr.getOctets().length == 16); // --Recipient Nonce attr = tab.get(new ASN1ObjectIdentifier(ScepRequestMessage.id_recipientNonce)); assertNotNull(attr); values = attr.getAttrValues(); assertEquals(values.size(), 1); octstr = ASN1OctetString.getInstance(values.getObjectAt(0)); // recipient nonce should be the same as we sent away as sender nonce assertEquals(_senderNonce, new String(Base64.encode(octstr.getOctets()))); // --Transaction ID attr = tab.get(new ASN1ObjectIdentifier(ScepRequestMessage.id_transId)); assertNotNull(attr); values = attr.getAttrValues(); assertEquals(values.size(), 1); str = DERPrintableString.getInstance((values.getObjectAt(0))); // transid should be the same as the one we sent assertEquals(_transId, str.getString()); // // Check different message types // if (messageType.equals("3")) { // First we extract the encrypted data from the CMS enveloped data // contained // within the CMS signed data final CMSProcessable sp = s.getSignedContent(); final byte[] content = (byte[]) sp.getContent(); final CMSEnvelopedData ed = new CMSEnvelopedData(content); final RecipientInformationStore recipients = ed.getRecipientInfos(); Store certstore; @SuppressWarnings("unchecked") Collection<RecipientInformation> c = recipients.getRecipients(); assertEquals(c.size(), 1); Iterator<RecipientInformation> riIterator = c.iterator(); byte[] decBytes = null; RecipientInformation recipient = riIterator.next(); JceKeyTransEnvelopedRecipient rec = new JceKeyTransEnvelopedRecipient(key1.getPrivate()); rec.setContentProvider(BouncyCastleProvider.PROVIDER_NAME); decBytes = recipient.getContent(rec); // This is yet another CMS signed data CMSSignedData sd = new CMSSignedData(decBytes); // Get certificates from the signed data certstore = sd.getCertificates(); if (crlRep) { // We got a reply with a requested CRL @SuppressWarnings("unchecked") final Collection<X509CRLHolder> crls = (Collection<X509CRLHolder>) sd.getCRLs().getMatches(null); assertEquals(crls.size(), 1); final Iterator<X509CRLHolder> it = crls.iterator(); // CRL is first (and only) final X509CRL retCrl = new JcaX509CRLConverter().getCRL(it.next()); log.info("Got CRL with DN: " + retCrl.getIssuerDN().getName()); // check the returned CRL assertEquals(CertTools.getSubjectDN(cacert), CertTools.getIssuerDN(retCrl)); retCrl.verify(cacert.getPublicKey()); } else { // We got a reply with a requested certificate @SuppressWarnings("unchecked") final Collection<X509CertificateHolder> certs = (Collection<X509CertificateHolder>) certstore .getMatches(null); // EJBCA returns the issued cert and the CA cert (cisco vpn // client requires that the ca cert is included) if (noca) { assertEquals(certs.size(), 1); } else { assertEquals(certs.size(), 2); } final Iterator<X509CertificateHolder> it = certs.iterator(); // Issued certificate must be first boolean verified = false; boolean gotcacert = false; JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter(); while (it.hasNext()) { X509Certificate retcert = jcaX509CertificateConverter.getCertificate(it.next()); log.info("Got cert with DN: " + retcert.getSubjectDN().getName()); // check the returned certificate String subjectdn = CertTools.stringToBCDNString(retcert.getSubjectDN().getName()); if (CertTools.stringToBCDNString(userDN).equals(subjectdn)) { // issued certificate assertEquals(CertTools.stringToBCDNString(userDN), subjectdn); assertEquals(CertTools.getSubjectDN(cacert), CertTools.getIssuerDN(retcert)); retcert.verify(cacert.getPublicKey()); assertTrue(checkKeys(key1.getPrivate(), retcert.getPublicKey())); verified = true; } else { // ca certificate assertEquals(CertTools.getSubjectDN(cacert), CertTools.getSubjectDN(retcert)); gotcacert = true; } } assertTrue(verified); if (noca) { assertFalse(gotcacert); } else { assertTrue(gotcacert); } } } }
From source file:org.xipki.pki.ca.server.impl.util.CaUtil.java
License:Open Source License
public static String getChallengePassword(final CertificationRequestInfo csr) { ParamUtil.requireNonNull("csr", csr); ASN1Set attrs = csr.getAttributes(); for (int i = 0; i < attrs.size(); i++) { Attribute attr = Attribute.getInstance(attrs.getObjectAt(i)); if (PKCSObjectIdentifiers.pkcs_9_at_challengePassword.equals(attr.getAttrType())) { ASN1String str = (ASN1String) attr.getAttributeValues()[0]; return str.getString(); }/*from ww w .j a v a2 s.c om*/ } return null; }
From source file:org.xipki.pki.scep.serveremulator.ScepResponder.java
License:Open Source License
private static String getChallengePassword(final CertificationRequestInfo csr) { ASN1Set attrs = csr.getAttributes(); for (int i = 0; i < attrs.size(); i++) { Attribute attr = Attribute.getInstance(attrs.getObjectAt(i)); if (PKCSObjectIdentifiers.pkcs_9_at_challengePassword.equals(attr.getAttrType())) { ASN1String str = (ASN1String) attr.getAttributeValues()[0]; return str.getString(); }/*from w w w. jav a 2 s . co m*/ } return null; }