List of usage examples for org.bouncycastle.asn1 DEROctetString getOctets
public byte[] getOctets()
From source file:org.xipki.security.p11.iaik.IaikP11Slot.java
License:Open Source License
private PrivateKeyAndPKInfo generateECDSAKeyPair(final Session session, final ASN1ObjectIdentifier curveId, final X9ECParameters ecParams, final byte[] id, final String label) throws Exception { KeyPair kp = null;//from w w w. ja va 2s.com try { kp = generateNamedECDSAKeyPair(session, curveId, id, label); } catch (TokenException e) { kp = generateSpecifiedECDSAKeyPair(session, curveId, ecParams, id, label); } ECDSAPublicKey publicKey = (ECDSAPublicKey) kp.getPublicKey(); // build subjectPKInfo object byte[] pubPoint = publicKey.getEcPoint().getByteArrayValue(); DEROctetString os = (DEROctetString) DEROctetString.fromByteArray(pubPoint); AlgorithmIdentifier keyAlgID = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, curveId); SubjectPublicKeyInfo pkInfo = new SubjectPublicKeyInfo(keyAlgID, os.getOctets()); return new PrivateKeyAndPKInfo((ECDSAPrivateKey) kp.getPrivateKey(), pkInfo); }
From source file:org.xwiki.crypto.x509.DefautX509CryptoServiceTest.java
License:Open Source License
@Test public void testCertsFromSpkacTest() throws Exception { XWikiX509Certificate[] certs = service.certsFromSpkac(SampleTestData.SPKAC_SERIALIZATION, 1); // verify client certs[0].checkValidity();//from w w w .j a v a2 s . c o m certs[0].verify(certs[1].getPublicKey()); // verify authority certs[1].checkValidity(); certs[1].verify(certs[1].getPublicKey()); // read Basic Constraints to check second certificate is a CA DEROctetString obj = (DEROctetString) new ASN1InputStream(certs[1].getExtensionValue("2.5.29.19")) .readObject(); ASN1Sequence seq = (ASN1Sequence) new ASN1InputStream(obj.getOctets()).readObject(); BasicConstraints constraints = BasicConstraints.getInstance(seq); Assert.assertTrue("Second certificate should be a CA certificate", constraints.isCA()); }
From source file:org.xwiki.crypto.x509.X509KeymakerTest.java
License:Open Source License
@Test public void testGenerateCertAuthority() throws GeneralSecurityException, IOException { KeyPair kp = FastKeySupplier.KEYPAIR; //keyMaker.newKeyPair(); /*java.io.ByteArrayOutputStream baos = new java.io.ByteArrayOutputStream(); java.io.ObjectOutputStream oos = new java.io.ObjectOutputStream(baos); oos.writeObject(kp);// w w w. j av a2 s . co m oos.close(); System.out.println("\n\n"); System.out.println(org.xwiki.crypto.internal.Convert.toBase64String(baos.toByteArray())); System.out.println("\n\n");*/ X509Certificate cert = keyMaker.makeCertificateAuthority(kp, 1, "http://my.web.id.com/"); // read Basic Constraints DEROctetString obj = (DEROctetString) new ASN1InputStream(cert.getExtensionValue("2.5.29.19")).readObject(); ASN1Sequence seq = (ASN1Sequence) new ASN1InputStream(obj.getOctets()).readObject(); BasicConstraints constraints = BasicConstraints.getInstance(seq); Assert.assertTrue(constraints.isCA()); }
From source file:se.tillvaxtverket.ttsigvalws.ttwssigvalidation.pdf.PdfSignatureVerifier.java
License:Open Source License
private static void verifyPadesProperties(SignerInformation signer, CMSSigVerifyResult sigResult) { try {//from w w w .j ava2s . c o m AttributeTable signedAttributes = signer.getSignedAttributes(); Attribute essSigningCertV2Attr = signedAttributes .get(new ASN1ObjectIdentifier(PdfObjectIds.ID_AA_SIGNING_CERTIFICATE_V2)); Attribute signingCertAttr = signedAttributes .get(new ASN1ObjectIdentifier(PdfObjectIds.ID_AA_SIGNING_CERTIFICATE_V1)); if (essSigningCertV2Attr == null && signingCertAttr == null) { sigResult.setPades(false); sigResult.setPadesVerified(false); return; } //Start assuming that PAdES validation is non-successful sigResult.setPades(true); sigResult.setPadesVerified(false); sigResult.setValid(false); DEROctetString certHashOctStr = null; DigestAlgorithm hashAlgo = null; if (essSigningCertV2Attr != null) { ASN1Encodable[] attributeValues = essSigningCertV2Attr.getAttributeValues(); ASN1Sequence signingCertificateV2Seq = (ASN1Sequence) attributeValues[0]; //Holds sequence of certs and policy ASN1Sequence essCertV2Seq = (ASN1Sequence) signingCertificateV2Seq.getObjectAt(0); // holds sequence of cert ASN1Sequence certSeq = (ASN1Sequence) essCertV2Seq.getObjectAt(0); //Holds seq of algoId, cert hash and sigId ASN1Sequence algoSeq = (ASN1Sequence) certSeq.getObjectAt(0); //Holds sequence of OID and algo params ASN1ObjectIdentifier algoOid = (ASN1ObjectIdentifier) algoSeq.getObjectAt(0); hashAlgo = getDigestAlgo(algoOid); certHashOctStr = (DEROctetString) certSeq.getObjectAt(1); } else { if (signingCertAttr != null) { ASN1Encodable[] attributeValues = signingCertAttr.getAttributeValues(); ASN1Sequence signingCertificateV2Seq = (ASN1Sequence) attributeValues[0]; //Holds sequence of certs and policy ASN1Sequence essCertV2Seq = (ASN1Sequence) signingCertificateV2Seq.getObjectAt(0); // holds sequence of cert ASN1Sequence certSeq = (ASN1Sequence) essCertV2Seq.getObjectAt(0); //holds sequence of cert hash and sigID certHashOctStr = (DEROctetString) certSeq.getObjectAt(0); hashAlgo = DigestAlgorithm.SHA1; } } if (hashAlgo == null || certHashOctStr == null) { sigResult.setStatus("Unsupported hash algo for ESS-SigningCertAttributeV2"); return; } MessageDigest md = MessageDigest.getInstance(hashAlgo.getName()); md.update(sigResult.getCert().getEncoded()); byte[] certHash = md.digest(); // //Debug // String certHashStr = String.valueOf(Base64Coder.encode(certHash)); // String expectedCertHashStr = String.valueOf(Base64Coder.encode(certHashOctStr.getOctets())); if (!Arrays.equals(certHash, certHashOctStr.getOctets())) { sigResult.setStatus("Cert Hash mismatch"); return; } //PadES validation was successful sigResult.setPadesVerified(true); sigResult.setValid(true); } catch (Exception e) { sigResult.setStatus("Exception while examining Pades signed cert attr: " + e.getMessage()); } }
From source file:tools.pki.gbay.crypto.keys.validation.CertificateRevocationList.java
License:Apache License
/** * Extracts all CRL distribution point URLs from the * "CRL Distribution Point" extension in a X.509 certificate. If CRL * distribution point extension is unavailable, returns an empty list. * @param cert /*from ww w. j ava2 s.c om*/ * @return List of all CRL DPs * @throws CertificateParsingException * @throws IOException */ public static List<String> getCrlDistributionPoints(X509Certificate cert) throws CertificateParsingException, IOException { byte[] crldpExt = cert.getExtensionValue(Extension.cRLDistributionPoints.getId()); if (crldpExt == null) { return new ArrayList<String>(); } ASN1InputStream oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(crldpExt)); ASN1Primitive derObjCrlDP = oAsnInStream.readObject(); DEROctetString dosCrlDP = (DEROctetString) derObjCrlDP; byte[] crldpExtOctets = dosCrlDP.getOctets(); ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets)); ASN1Primitive derObj2 = oAsnInStream2.readObject(); CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2); List<String> crlUrls = new ArrayList<String>(); for (DistributionPoint dp : distPoint.getDistributionPoints()) { DistributionPointName dpn = dp.getDistributionPoint(); // Look for URIs in fullName if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for an URI for (int j = 0; j < genNames.length; j++) { if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(genNames[j].getName()).getString(); log.debug("URL : " + url); crlUrls.add(url); } } } } oAsnInStream.close(); oAsnInStream2.close(); return crlUrls; }