List of usage examples for org.bouncycastle.asn1 DERBitString getBytes
public byte[] getBytes()
From source file:com.google.u2f.server.impl.U2FServerReferenceImpl.java
License:Open Source License
/** * Parses a transport extension from an attestation certificate and returns * a List of HardwareFeatures supported by the security key. The specification of * the HardwareFeatures in the certificate should match their internal definition in * device_auth.proto/*from w w w .j a v a2s .c om*/ * * <p>The expected transport extension value is a BIT STRING containing the enabled * transports: * * <p>FIDOU2FTransports ::= BIT STRING { * bluetoothRadio(0), -- Bluetooth Classic * bluetoothLowEnergyRadio(1), * uSB(2), * nFC(3) * } * * <p>Note that the BIT STRING must be wrapped in an OCTET STRING. * An extension that encodes BT, BLE, and NFC then looks as follows: * * <p>SEQUENCE (2 elem) * OBJECT IDENTIFIER 1.3.6.1.4.1.45724.2.1.1 * OCTET STRING (1 elem) * BIT STRING (4 bits) 1101 * * @param cert the certificate to parse for extension * @return the supported transports as a List of HardwareFeatures or null if no extension * was found */ public static List<Transports> parseTransportsExtension(X509Certificate cert) throws CertificateParsingException { byte[] extValue = cert.getExtensionValue(TRANSPORT_EXTENSION_OID); LinkedList<Transports> transportsList = new LinkedList<Transports>(); if (extValue == null) { // No transports extension found. return null; } ASN1InputStream ais = new ASN1InputStream(extValue); ASN1Object asn1Object; // Read out the OctetString try { asn1Object = ais.readObject(); ais.close(); } catch (IOException e) { throw new CertificateParsingException("Not able to read object in transports extenion", e); } if (asn1Object == null || !(asn1Object instanceof DEROctetString)) { throw new CertificateParsingException("No Octet String found in transports extension"); } DEROctetString octet = (DEROctetString) asn1Object; // Read out the BitString ais = new ASN1InputStream(octet.getOctets()); try { asn1Object = ais.readObject(); ais.close(); } catch (IOException e) { throw new CertificateParsingException("Not able to read object in transports extension", e); } if (asn1Object == null || !(asn1Object instanceof DERBitString)) { throw new CertificateParsingException("No BitString found in transports extension"); } DERBitString bitString = (DERBitString) asn1Object; byte[] values = bitString.getBytes(); BitSet bitSet = BitSet.valueOf(values); // We might have more defined transports than used by the extension for (int i = 0; i < BITS_IN_A_BYTE; i++) { if (bitSet.get(BITS_IN_A_BYTE - i - 1)) { transportsList.add(Transports.values()[i]); } } return transportsList; }
From source file:com.guardtime.asn1.StatusInfo.java
License:Apache License
/** * Class constructor.//from w ww . jav a 2 s.c om * * @param obj DER-encoded status info object. * * @throws Asn1FormatException if status info object has invalid format. */ StatusInfo(ASN1Encodable obj) throws Asn1FormatException { try { statusInfo = PKIStatusInfo.getInstance(obj); statusCode = statusInfo.getStatus().intValue(); // RFC 3161: // // Compliant servers SHOULD NOT produce any other (than 0..5) // values. Compliant clients MUST generate an error // if values it does not understand are present. if (statusCode < 0 || statusCode > 5) { throw new Asn1FormatException("invalid status: " + statusCode); } PKIFreeText freeText = statusInfo.getStatusString(); if (freeText != null) { int freeTextSize = freeText.size(); // PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String if (freeTextSize < 1) { throw new Asn1FormatException("zero-length status string not allowed"); } statusText = new ArrayList(); for (int i = 0; i < freeTextSize; i++) { statusText.add(freeText.getStringAt(i).getString()); } } // -1 means that status code is not set failCode = -1; DERBitString bitString = statusInfo.getFailInfo(); if (bitString != null) { byte[] failBytes = bitString.getBytes(); int len = failBytes.length * 8; for (int i = 0; i < len; i++) { // return only the first error encountered if ((failBytes[i >> 3] & (0x80 >> (i & 7))) != 0) { failCode = i; break; } } // Check that received fail code is valid boolean isValidFailCode = false; for (int i = 0; i < allowedFailCodes.length; i++) { if (failCode == allowedFailCodes[i]) { isValidFailCode = true; break; } } if (!isValidFailCode) { throw new Asn1FormatException("invalid fail info: " + failCode); } } } catch (Asn1FormatException e) { throw e; } catch (Exception e) { throw new Asn1FormatException("status info has invalid format", e); } }
From source file:com.jlocksmith.util.ExtensionUtil.java
License:Open Source License
/** * Get Key Usage String Value//from w w w. j av a 2s . c o m * * @param bytes Bytes * * @return String * * @throws IOException */ private String getKeyUsageStringValue(byte[] bytes) throws IOException { DERBitString derBitStr = (DERBitString) toDERObject(bytes); StringBuffer strBuff = new StringBuffer(); byte[] newBytes = derBitStr.getBytes(); boolean keyAgreement = false; for (int i = 0; i < newBytes.length; i++) { boolean[] b = new boolean[8]; b[7] = (newBytes[i] & 0x80) == 0x80; b[6] = (newBytes[i] & 0x40) == 0x40; b[5] = (newBytes[i] & 0x20) == 0x20; b[4] = (newBytes[i] & 0x10) == 0x10; b[3] = (newBytes[i] & 0x8) == 0x8; b[2] = (newBytes[i] & 0x4) == 0x4; b[1] = (newBytes[i] & 0x2) == 0x2; b[0] = (newBytes[i] & 0x1) == 0x1; if (i == 0) { if (b[7]) { strBuff.append(localeUtil.getString("DigitalSignatureKeyUsageString")); strBuff.append('\n'); } if (b[6]) { strBuff.append(localeUtil.getString("NonRepudiationKeyUsageString")); strBuff.append('\n'); } if (b[5]) { strBuff.append(localeUtil.getString("KeyEnciphermentKeyUsageString")); strBuff.append('\n'); } if (b[4]) { strBuff.append(localeUtil.getString("DataEnciphermentKeyUsageString")); strBuff.append('\n'); } if (b[3]) { strBuff.append(localeUtil.getString("KeyAgreementKeyUsageString")); strBuff.append('\n'); keyAgreement = true; } if (b[2]) { strBuff.append(localeUtil.getString("KeyCertSignKeyUsageString")); strBuff.append('\n'); } if (b[1]) { strBuff.append(localeUtil.getString("CrlSignKeyUsageString")); strBuff.append('\n'); } if (b[0] && keyAgreement) { strBuff.append(localeUtil.getString("EncipherOnlyKeyUsageString")); strBuff.append('\n'); } } else if (i == 1) { if (b[7] && keyAgreement) { strBuff.append(localeUtil.getString("DecipherOnlyKeyUsageString")); strBuff.append('\n'); } } } return strBuff.toString(); }
From source file:de.carne.certmgr.store.provider.bouncycastle.BouncyCastleASN1Decoder.java
License:Open Source License
@Override public byte[] asn1EncodeBitString() throws IOException { DERBitString bitString = ensureType(DERBitString.class); return bitString.getBytes(); }
From source file:de.fraunhofer.fokus.openeid.ca.ChipAuthenticationPublicKeyInfo.java
License:Open Source License
public ChipAuthenticationPublicKeyInfo(DERSequence chipInfoSequence) { DERObjectIdentifier derOid = (DERObjectIdentifier) chipInfoSequence.getObjectAt(0); oid = derOid.getId();/*w ww . j av a2 s . c om*/ DERSequence publicKey = (DERSequence) chipInfoSequence.getObjectAt(1); logger.info(ASN1Dump.dumpAsString(publicKey, true)); algorithmIdentifier = (DERSequence) publicKey.getObjectAt(0); DERBitString encodedKey = (DERBitString) publicKey.getObjectAt(1); encodedPublicKey = encodedKey.getBytes(); if (chipInfoSequence.size() > 2) { DERInteger derKeyId = (DERInteger) chipInfoSequence.getObjectAt(2); keyId = derKeyId.getValue().intValue(); } }
From source file:edu.tamu.tcat.crypto.bouncycastle.ASN1SeqKeyImpl.java
License:Apache License
private static PrivateKey decodeECKey(byte[] encodedKey) throws EncodingException { try {/* ww w . j a v a 2s. c o m*/ ECPrivateKey priv = ECPrivateKey.getInstance(encodedKey); ASN1Sequence parameters = (ASN1Sequence) priv.getParameters(); ASN1Integer version = (ASN1Integer) parameters.getObjectAt(0); if (version.getPositiveValue().intValue() != 1) throw new EncodingException("Only know how to decode version 1"); ASN1Sequence fieldId = (ASN1Sequence) parameters.getObjectAt(1); ASN1Encodable fieldType = fieldId.getObjectAt(0); ECField field; if (fieldType.toString().equals("1.2.840.10045.1.1")) { ASN1Integer primeObject = (ASN1Integer) fieldId.getObjectAt(1); field = new ECFieldFp(primeObject.getPositiveValue()); } else throw new EncodingException("Only know how to decode prime fields"); ASN1Sequence curveSeq = (ASN1Sequence) parameters.getObjectAt(2); ASN1OctetString a = (ASN1OctetString) curveSeq.getObjectAt(0); ASN1OctetString b = (ASN1OctetString) curveSeq.getObjectAt(1); EllipticCurve curve; if (curveSeq.size() > 2) { DERBitString seed = (DERBitString) curveSeq.getObjectAt(2); curve = new EllipticCurve(field, getInteger(a.getOctets()), getInteger(b.getOctets()), seed.getBytes()); } else curve = new EllipticCurve(field, getInteger(a.getOctets()), getInteger(b.getOctets())); ASN1OctetString gEncoded = (ASN1OctetString) parameters.getObjectAt(3); ECPoint g = ECPointUtil.decodePoint(curve, gEncoded.getOctets()); ASN1Integer n = (ASN1Integer) parameters.getObjectAt(4); ASN1Integer h = (ASN1Integer) parameters.getObjectAt(5); ECParameterSpec paramSpec = new ECParameterSpec(curve, g, n.getPositiveValue(), h.getPositiveValue().intValue()); ECPrivateKeySpec spec = new ECPrivateKeySpec(priv.getKey(), paramSpec); KeyFactory factory = KeyFactory.getInstance("EC", Activator.getDefault().getBouncyCastleProvider()); PrivateKey key = factory.generatePrivate(spec); return key; } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { throw new EncodingException("Failed decoding type [EC]", e); } }
From source file:edu.vt.middleware.crypt.x509.ExtensionFactory.java
License:Open Source License
/** * Creates a {@link KeyUsage} object from DER data. * * @param enc DER encoded key usage data. * * @return Key usage data.//from w ww.jav a2 s . c om */ public static KeyUsage createKeyUsage(final DEREncodable enc) { final DERBitString usage = org.bouncycastle.asn1.x509.KeyUsage.getInstance(enc); return new KeyUsage(usage.getBytes()); }
From source file:ee.ria.xroad.common.ocsp.OcspVerifier.java
License:Open Source License
/** * @param response the OCSP response// www . ja va 2 s .c om * @return certificate that was used to sign the given OCSP response. * @throws Exception if an error occurs */ public static X509Certificate getOcspCert(BasicOCSPResp response) throws Exception { List<X509Certificate> knownCerts = getOcspCerts(response); ResponderID respId = response.getResponderId().toASN1Primitive(); // We can search either by key hash or by name, depending which // one is provided in the responder ID. if (respId.getName() != null) { for (X509Certificate cert : knownCerts) { X509CertificateHolder certHolder = new X509CertificateHolder(cert.getEncoded()); if (certHolder.getSubject().equals(respId.getName())) { return cert; } } } else if (respId.getKeyHash() != null) { DigestCalculator dc = createDigestCalculator(SHA1_ID); for (X509Certificate cert : knownCerts) { X509CertificateHolder certHolder = new X509CertificateHolder(cert.getEncoded()); DERBitString keyData = certHolder.getSubjectPublicKeyInfo().getPublicKeyData(); byte[] d = calculateDigest(dc, keyData.getBytes()); if (MessageDigestAlgorithm.isEqual(respId.getKeyHash(), d)) { return cert; } } } return null; }
From source file:jcifs.pac.kerberos.KerberosApRequest.java
License:Open Source License
public KerberosApRequest(byte[] token, KerberosKey[] keys) throws PACDecodingException { if (token.length <= 0) throw new PACDecodingException("Empty kerberos ApReq"); DLSequence sequence;//from w ww . j a v a2 s. com try { try (ASN1InputStream stream = new ASN1InputStream(new ByteArrayInputStream(token))) { sequence = ASN1Util.as(DLSequence.class, stream); } } catch (IOException e) { throw new PACDecodingException("Malformed Kerberos Ticket", e); } Enumeration<?> fields = sequence.getObjects(); while (fields.hasMoreElements()) { ASN1TaggedObject tagged = ASN1Util.as(ASN1TaggedObject.class, fields.nextElement()); switch (tagged.getTagNo()) { case 0: ASN1Integer pvno = ASN1Util.as(ASN1Integer.class, tagged); if (!pvno.getValue().equals(new BigInteger(KerberosConstants.KERBEROS_VERSION))) { throw new PACDecodingException("Invalid kerberos version"); } break; case 1: ASN1Integer msgType = ASN1Util.as(ASN1Integer.class, tagged); if (!msgType.getValue().equals(new BigInteger(KerberosConstants.KERBEROS_AP_REQ))) throw new PACDecodingException("Invalid kerberos request"); break; case 2: DERBitString bitString = ASN1Util.as(DERBitString.class, tagged); this.apOptions = bitString.getBytes()[0]; break; case 3: DERApplicationSpecific derTicket = ASN1Util.as(DERApplicationSpecific.class, tagged); if (!derTicket.isConstructed()) throw new PACDecodingException("Malformed Kerberos Ticket"); this.ticket = new KerberosTicket(derTicket.getContents(), this.apOptions, keys); break; case 4: // Let's ignore this for now break; default: throw new PACDecodingException("Invalid field in kerberos ticket"); } } }
From source file:jcifs.spnego.NegTokenInit.java
License:Open Source License
@Override protected void parse(byte[] token) throws IOException { try (ASN1InputStream is = new ASN1InputStream(token)) { DERApplicationSpecific constructed = (DERApplicationSpecific) is.readObject(); if (constructed == null || !constructed.isConstructed()) throw new IOException("Malformed SPNEGO token " + constructed + (constructed != null ? " " + constructed.isConstructed() + " " + constructed.getApplicationTag() : "")); try (ASN1InputStream der = new ASN1InputStream(constructed.getContents())) { ASN1ObjectIdentifier spnego = (ASN1ObjectIdentifier) der.readObject(); if (!SPNEGO_OID.equals(spnego)) { throw new IOException("Malformed SPNEGO token, OID " + spnego); }// w w w. ja va2s .c o m ASN1TaggedObject tagged = (ASN1TaggedObject) der.readObject(); if (tagged.getTagNo() != 0) { throw new IOException("Malformed SPNEGO token: tag " + tagged.getTagNo() + " " + tagged); } ASN1Sequence sequence = ASN1Sequence.getInstance(tagged, true); Enumeration<ASN1Object> fields = sequence.getObjects(); while (fields.hasMoreElements()) { tagged = (ASN1TaggedObject) fields.nextElement(); switch (tagged.getTagNo()) { case 0: sequence = ASN1Sequence.getInstance(tagged, true); Oid[] mechs = new Oid[sequence.size()]; for (int i = mechs.length - 1; i >= 0; i--) { ASN1ObjectIdentifier mechanism = (ASN1ObjectIdentifier) sequence.getObjectAt(i); mechs[i] = new Oid(mechanism.getId()); } setMechanisms(mechs); break; case 1: DERBitString ctxFlags = DERBitString.getInstance(tagged, true); setContextFlags(ctxFlags.getBytes()[0] & 0xff); break; case 2: ASN1OctetString mechanismToken = ASN1OctetString.getInstance(tagged, true); setMechanismToken(mechanismToken.getOctets()); break; case 3: if (!(tagged.getObject() instanceof DEROctetString)) { break; } case 4: ASN1OctetString mechanismListMIC = ASN1OctetString.getInstance(tagged, true); setMechanismListMIC(mechanismListMIC.getOctets()); break; default: throw new IOException("Malformed token field."); } } } catch (GSSException e) { throw new IOException("Failed to read OID", e); } } }