List of usage examples for org.bouncycastle.asn1 DERGeneralString getString
public String getString()
From source file:jcifs.pac.kerberos.KerberosEncData.java
License:Open Source License
public KerberosEncData(byte[] token, Key key) throws PACDecodingException { ASN1InputStream stream = new ASN1InputStream(new ByteArrayInputStream(token)); DERApplicationSpecific derToken;//w w w .j a v a 2 s.c o m try { derToken = ASN1Util.as(DERApplicationSpecific.class, stream); if (!derToken.isConstructed()) throw new PACDecodingException("Malformed kerberos ticket"); stream.close(); } catch (IOException e) { throw new PACDecodingException("Malformed kerberos ticket", e); } stream = new ASN1InputStream(new ByteArrayInputStream(derToken.getContents())); DLSequence sequence; try { sequence = ASN1Util.as(DLSequence.class, stream); stream.close(); } catch (IOException e) { throw new PACDecodingException("Malformed kerberos ticket", e); } Enumeration<?> fields = sequence.getObjects(); while (fields.hasMoreElements()) { ASN1TaggedObject tagged = ASN1Util.as(ASN1TaggedObject.class, fields); switch (tagged.getTagNo()) { case 0: // Ticket Flags break; case 1: // Key break; case 2: // Realm DERGeneralString derRealm = ASN1Util.as(DERGeneralString.class, tagged); this.userRealm = derRealm.getString(); break; case 3: // Principal DLSequence principalSequence = ASN1Util.as(DLSequence.class, tagged); DLSequence nameSequence = ASN1Util.as(DLSequence.class, ASN1Util.as(DERTaggedObject.class, principalSequence, 1)); StringBuilder nameBuilder = new StringBuilder(); Enumeration<?> parts = nameSequence.getObjects(); while (parts.hasMoreElements()) { Object part = parts.nextElement(); DERGeneralString stringPart = ASN1Util.as(DERGeneralString.class, part); nameBuilder.append(stringPart.getString()); if (parts.hasMoreElements()) nameBuilder.append('/'); } this.userPrincipalName = nameBuilder.toString(); break; case 4: // Transited Encoding break; case 5: // Kerberos Time // DERGeneralizedTime derTime = KerberosUtil.readAs(tagged, // DERGeneralizedTime.class); break; case 6: // Kerberos Time // DERGeneralizedTime derTime = KerberosUtil.readAs(tagged, // DERGeneralizedTime.class); break; case 7: // Kerberos Time // DERGeneralizedTime derTime = KerberosUtil.readAs(tagged, // DERGeneralizedTime.class); break; case 8: // Kerberos Time // DERGeneralizedTime derTime = KerberosUtil.readAs(tagged, // DERGeneralizedTime.class); break; case 9: // Host Addresses DLSequence adressesSequence = ASN1Util.as(DLSequence.class, tagged); Enumeration<?> adresses = adressesSequence.getObjects(); while (adresses.hasMoreElements()) { DLSequence addressSequence = ASN1Util.as(DLSequence.class, adresses); ASN1Integer addressType = ASN1Util.as(ASN1Integer.class, addressSequence, 0); DEROctetString addressOctets = ASN1Util.as(DEROctetString.class, addressSequence, 1); this.userAddresses = new ArrayList<>(); if (addressType.getValue().intValue() == KerberosConstants.AF_INTERNET) { InetAddress userAddress = null; try { userAddress = InetAddress.getByAddress(addressOctets.getOctets()); } catch (UnknownHostException e) { } this.userAddresses.add(userAddress); } } break; case 10: // Authorization Data DLSequence authSequence = ASN1Util.as(DLSequence.class, tagged); this.userAuthorizations = new ArrayList<>(); Enumeration<?> authElements = authSequence.getObjects(); while (authElements.hasMoreElements()) { DLSequence authElement = ASN1Util.as(DLSequence.class, authElements); ASN1Integer authType = ASN1Util.as(ASN1Integer.class, ASN1Util.as(DERTaggedObject.class, authElement, 0)); DEROctetString authData = ASN1Util.as(DEROctetString.class, ASN1Util.as(DERTaggedObject.class, authElement, 1)); this.userAuthorizations.addAll( KerberosAuthData.parse(authType.getValue().intValue(), authData.getOctets(), key)); } break; default: throw new PACDecodingException("Unknown field " + tagged.getTagNo()); } } }
From source file:jcifs.pac.kerberos.KerberosTicket.java
License:Open Source License
public KerberosTicket(byte[] token, byte apOptions, KerberosKey[] keys) throws PACDecodingException { if (token.length <= 0) throw new PACDecodingException("Empty kerberos ticket"); DLSequence sequence;// w w w . ja v a 2 s. c o m try { try (ASN1InputStream stream = new ASN1InputStream(new ByteArrayInputStream(token))) { sequence = ASN1Util.as(DLSequence.class, stream); } } catch (IOException e) { throw new PACDecodingException("Malformed kerberos ticket", e); } Enumeration<?> fields = sequence.getObjects(); while (fields.hasMoreElements()) { ASN1TaggedObject tagged = ASN1Util.as(ASN1TaggedObject.class, fields); switch (tagged.getTagNo()) { case 0:// Kerberos version ASN1Integer tktvno = ASN1Util.as(ASN1Integer.class, tagged); if (!tktvno.getValue().equals(new BigInteger(KerberosConstants.KERBEROS_VERSION))) { throw new PACDecodingException("Invalid kerberos version " + tktvno); } break; case 1:// Realm DERGeneralString derRealm = ASN1Util.as(DERGeneralString.class, tagged); this.serverRealm = derRealm.getString(); break; case 2:// Principal DLSequence principalSequence = ASN1Util.as(DLSequence.class, tagged); DLSequence nameSequence = ASN1Util.as(DLSequence.class, ASN1Util.as(DERTaggedObject.class, principalSequence, 1)); StringBuilder nameBuilder = new StringBuilder(); Enumeration<?> parts = nameSequence.getObjects(); while (parts.hasMoreElements()) { Object part = parts.nextElement(); DERGeneralString stringPart = ASN1Util.as(DERGeneralString.class, part); nameBuilder.append(stringPart.getString()); if (parts.hasMoreElements()) nameBuilder.append('/'); } this.serverPrincipalName = nameBuilder.toString(); break; case 3:// Encrypted part DLSequence encSequence = ASN1Util.as(DLSequence.class, tagged); ASN1Integer encType = ASN1Util.as(ASN1Integer.class, ASN1Util.as(DERTaggedObject.class, encSequence, 0)); DEROctetString encOctets = ASN1Util.as(DEROctetString.class, ASN1Util.as(DERTaggedObject.class, encSequence, 2)); byte[] crypt = encOctets.getOctets(); if (keys == null) { try { keys = new KerberosCredentials().getKeys(); } catch (LoginException e) { throw new PACDecodingException("Login failure", e); } } KerberosKey serverKey = null; for (KerberosKey key : keys) { if (key.getKeyType() == encType.getValue().intValue()) serverKey = key; } if (serverKey == null) { throw new PACDecodingException("Kerberos key not found for eType " + encType.getValue()); } try { byte[] decrypted = KerberosEncData.decrypt(crypt, serverKey, serverKey.getKeyType()); this.encData = new KerberosEncData(decrypted, serverKey); } catch (GeneralSecurityException e) { throw new PACDecodingException("Decryption failed " + serverKey.getKeyType(), e); } break; default: throw new PACDecodingException("Unrecognized field " + tagged.getTagNo()); } } }
From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java
License:Open Source License
private String getEntrustVersionInformationStringValue(byte[] value) throws IOException { // @formatter:off /*/*from w w w . j a v a 2 s .c o m*/ * EntrustVersInfoSyntax ::= OCTET STRING * * entrustVersInfo EXTENSION ::= { SYNTAX EntrustVersInfoSyntax, * IDENTIFIED BY {id-entrust 0} } * * EntrustVersInfoSyntax ::= ASN1Sequence { entrustVers GeneralString, * entrustInfoFlags EntrustInfoFlags } * * EntrustInfoFlags ::= BIT STRING { keyUpdateAllowed newExtensions (1), * pKIXCertificate (2) } */ // @formatter:on StringBuilder sb = new StringBuilder(); ASN1Sequence entrustVersInfo = (ASN1Sequence) ASN1Primitive.fromByteArray(value); DERGeneralString entrustVers = (DERGeneralString) entrustVersInfo.getObjectAt(0); DERBitString entrustInfoFlags = (DERBitString) entrustVersInfo.getObjectAt(1); sb.append(MessageFormat.format(res.getString("EntrustVersion"), entrustVers.getString())); sb.append(NEWLINE); sb.append(MessageFormat.format(res.getString("EntrustInformationFlags"), entrustInfoFlags.getString())); sb.append(NEWLINE); return sb.toString(); }
From source file:org.cesecore.util.CertTools.java
License:Open Source License
/** * Helper method for getting kerberos 5 principal name (altName, OtherName) * /*w w w.j a v a 2 s . c om*/ * Krb5PrincipalName is an OtherName Subject Alternative Name * * String representation is in form "principalname1/principalname2@realm" * * KRB5PrincipalName ::= SEQUENCE { realm [0] Realm, principalName [1] PrincipalName } * * Realm ::= KerberosString * * PrincipalName ::= SEQUENCE { name-type [0] Int32, name-string [1] SEQUENCE OF KerberosString } * * The new (post-RFC 1510) type KerberosString, defined below, is a GeneralString that is constrained to contain only characters in IA5String. * * KerberosString ::= GeneralString (IA5String) * * Int32 ::= INTEGER (-2147483648..2147483647) -- signed values representable in 32 bits * * @param seq the OtherName sequence * @return String with the krb5 name in the form of "principal1/principal2@realm" or null if the altName does not exist */ @SuppressWarnings("unchecked") protected static String getKrb5PrincipalNameFromSequence(ASN1Sequence seq) { String ret = null; if (seq != null) { // First in sequence is the object identifier, that we must check ASN1ObjectIdentifier id = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0)); if (id.getId().equals(CertTools.KRB5PRINCIPAL_OBJECTID)) { // Get the KRB5PrincipalName sequence ASN1TaggedObject oobj = (ASN1TaggedObject) seq.getObjectAt(1); // Due to bug in java cert.getSubjectAltName regarding OtherName, it can be tagged an extra time... ASN1Primitive obj = oobj.getObject(); if (obj instanceof ASN1TaggedObject) { obj = ASN1TaggedObject.getInstance(obj).getObject(); } ASN1Sequence krb5Seq = ASN1Sequence.getInstance(obj); // Get the Realm tagged as 0 ASN1TaggedObject robj = (ASN1TaggedObject) krb5Seq.getObjectAt(0); DERGeneralString realmObj = DERGeneralString.getInstance(robj.getObject()); String realm = realmObj.getString(); // Get the PrincipalName tagged as 1 ASN1TaggedObject pobj = (ASN1TaggedObject) krb5Seq.getObjectAt(1); // This is another sequence of type and name ASN1Sequence nseq = ASN1Sequence.getInstance(pobj.getObject()); // Get the name tagged as 1 ASN1TaggedObject nobj = (ASN1TaggedObject) nseq.getObjectAt(1); // The name is yet another sequence of GeneralString ASN1Sequence sseq = ASN1Sequence.getInstance(nobj.getObject()); Enumeration<ASN1Object> en = sseq.getObjects(); while (en.hasMoreElements()) { ASN1Primitive o = (ASN1Primitive) en.nextElement(); DERGeneralString str = DERGeneralString.getInstance(o); if (ret != null) { ret += "/" + str.getString(); } else { ret = str.getString(); } } // Add the realm in the end so we have "principal@realm" ret += "@" + realm; } } return ret; }
From source file:org.ejbca.util.CertTools.java
License:Open Source License
/** Helper method for getting kerberos 5 principal name (altName, OtherName) * //from w ww . ja v a2 s . c o m * Krb5PrincipalName is an OtherName Subject Alternative Name * * String representation is in form "principalname1/principalname2@realm" * * KRB5PrincipalName ::= SEQUENCE { * realm [0] Realm, * principalName [1] PrincipalName * } * * Realm ::= KerberosString * * PrincipalName ::= SEQUENCE { * name-type [0] Int32, * name-string [1] SEQUENCE OF KerberosString * } * * The new (post-RFC 1510) type KerberosString, defined below, is a * GeneralString that is constrained to contain only characters in IA5String. * * KerberosString ::= GeneralString (IA5String) * * Int32 ::= INTEGER (-2147483648..2147483647) * -- signed values representable in 32 bits * * @param seq the OtherName sequence * @return String with the krb5 name in the form of "principal1/principal2@realm" or null if the altName does not exist */ @SuppressWarnings("unchecked") protected static String getKrb5PrincipalNameFromSequence(ASN1Sequence seq) { String ret = null; if (seq != null) { // First in sequence is the object identifier, that we must check DERObjectIdentifier id = DERObjectIdentifier.getInstance(seq.getObjectAt(0)); if (id.getId().equals(CertTools.KRB5PRINCIPAL_OBJECTID)) { // Get the KRB5PrincipalName sequence ASN1TaggedObject oobj = (ASN1TaggedObject) seq.getObjectAt(1); // After encoding in a cert, it is tagged an extra time... DERObject obj = oobj.getObject(); if (obj instanceof ASN1TaggedObject) { obj = ASN1TaggedObject.getInstance(obj).getObject(); } ASN1Sequence krb5Seq = ASN1Sequence.getInstance(obj); // Get the Realm tagged as 0 ASN1TaggedObject robj = (ASN1TaggedObject) krb5Seq.getObjectAt(0); DERGeneralString realmObj = DERGeneralString.getInstance(robj.getObject()); String realm = realmObj.getString(); // Get the PrincipalName tagged as 1 ASN1TaggedObject pobj = (ASN1TaggedObject) krb5Seq.getObjectAt(1); // This is another sequence of type and name ASN1Sequence nseq = ASN1Sequence.getInstance(pobj.getObject()); // Get the name tagged as 1 ASN1TaggedObject nobj = (ASN1TaggedObject) nseq.getObjectAt(1); // The name is yet another sequence of GeneralString ASN1Sequence sseq = ASN1Sequence.getInstance(nobj.getObject()); Enumeration<ASN1Object> en = sseq.getObjects(); while (en.hasMoreElements()) { ASN1Object o = (ASN1Object) en.nextElement(); DERGeneralString str = DERGeneralString.getInstance(o); if (ret != null) { ret += "/" + str.getString(); } else { ret = str.getString(); } } // Add the realm in the end so we have "principal@realm" ret += "@" + realm; } } return ret; }