List of usage examples for org.bouncycastle.asn1 DEROctetString getOctets
public byte[] getOctets()
From source file:eu.europa.esig.dss.DSSASN1Utils.java
License:Open Source License
/** * This method returns the {@code ASN1Sequence} encapsulated in {@code DEROctetString}. The {@code DEROctetString} * is represented as {@code byte} array. * * @param bytes/*from w w w . j av a 2 s. c o m*/ * {@code byte} representation of {@code DEROctetString} * @return encapsulated {@code ASN1Sequence} * @throws DSSException * in case of a decoding problem */ public static ASN1Sequence getAsn1SequenceFromDerOctetString(byte[] bytes) throws DSSException { ASN1InputStream input = null; try { input = new ASN1InputStream(bytes); final DEROctetString s = (DEROctetString) input.readObject(); final byte[] content = s.getOctets(); input.close(); input = new ASN1InputStream(content); final ASN1Sequence seq = (ASN1Sequence) input.readObject(); return seq; } catch (IOException e) { throw new DSSException("Error when computing certificate's extensions.", e); } finally { IOUtils.closeQuietly(input); } }
From source file:jcifs.pac.kerberos.KerberosEncData.java
License:Open Source License
public KerberosEncData(byte[] token, Key key) throws PACDecodingException { ASN1InputStream stream = new ASN1InputStream(new ByteArrayInputStream(token)); DERApplicationSpecific derToken;//from ww w . j av a 2s . com try { derToken = ASN1Util.as(DERApplicationSpecific.class, stream); if (!derToken.isConstructed()) throw new PACDecodingException("Malformed kerberos ticket"); stream.close(); } catch (IOException e) { throw new PACDecodingException("Malformed kerberos ticket", e); } stream = new ASN1InputStream(new ByteArrayInputStream(derToken.getContents())); DLSequence sequence; try { sequence = ASN1Util.as(DLSequence.class, stream); stream.close(); } catch (IOException e) { throw new PACDecodingException("Malformed kerberos ticket", e); } Enumeration<?> fields = sequence.getObjects(); while (fields.hasMoreElements()) { ASN1TaggedObject tagged = ASN1Util.as(ASN1TaggedObject.class, fields); switch (tagged.getTagNo()) { case 0: // Ticket Flags break; case 1: // Key break; case 2: // Realm DERGeneralString derRealm = ASN1Util.as(DERGeneralString.class, tagged); this.userRealm = derRealm.getString(); break; case 3: // Principal DLSequence principalSequence = ASN1Util.as(DLSequence.class, tagged); DLSequence nameSequence = ASN1Util.as(DLSequence.class, ASN1Util.as(DERTaggedObject.class, principalSequence, 1)); StringBuilder nameBuilder = new StringBuilder(); Enumeration<?> parts = nameSequence.getObjects(); while (parts.hasMoreElements()) { Object part = parts.nextElement(); DERGeneralString stringPart = ASN1Util.as(DERGeneralString.class, part); nameBuilder.append(stringPart.getString()); if (parts.hasMoreElements()) nameBuilder.append('/'); } this.userPrincipalName = nameBuilder.toString(); break; case 4: // Transited Encoding break; case 5: // Kerberos Time // DERGeneralizedTime derTime = KerberosUtil.readAs(tagged, // DERGeneralizedTime.class); break; case 6: // Kerberos Time // DERGeneralizedTime derTime = KerberosUtil.readAs(tagged, // DERGeneralizedTime.class); break; case 7: // Kerberos Time // DERGeneralizedTime derTime = KerberosUtil.readAs(tagged, // DERGeneralizedTime.class); break; case 8: // Kerberos Time // DERGeneralizedTime derTime = KerberosUtil.readAs(tagged, // DERGeneralizedTime.class); break; case 9: // Host Addresses DLSequence adressesSequence = ASN1Util.as(DLSequence.class, tagged); Enumeration<?> adresses = adressesSequence.getObjects(); while (adresses.hasMoreElements()) { DLSequence addressSequence = ASN1Util.as(DLSequence.class, adresses); ASN1Integer addressType = ASN1Util.as(ASN1Integer.class, addressSequence, 0); DEROctetString addressOctets = ASN1Util.as(DEROctetString.class, addressSequence, 1); this.userAddresses = new ArrayList<>(); if (addressType.getValue().intValue() == KerberosConstants.AF_INTERNET) { InetAddress userAddress = null; try { userAddress = InetAddress.getByAddress(addressOctets.getOctets()); } catch (UnknownHostException e) { } this.userAddresses.add(userAddress); } } break; case 10: // Authorization Data DLSequence authSequence = ASN1Util.as(DLSequence.class, tagged); this.userAuthorizations = new ArrayList<>(); Enumeration<?> authElements = authSequence.getObjects(); while (authElements.hasMoreElements()) { DLSequence authElement = ASN1Util.as(DLSequence.class, authElements); ASN1Integer authType = ASN1Util.as(ASN1Integer.class, ASN1Util.as(DERTaggedObject.class, authElement, 0)); DEROctetString authData = ASN1Util.as(DEROctetString.class, ASN1Util.as(DERTaggedObject.class, authElement, 1)); this.userAuthorizations.addAll( KerberosAuthData.parse(authType.getValue().intValue(), authData.getOctets(), key)); } break; default: throw new PACDecodingException("Unknown field " + tagged.getTagNo()); } } }
From source file:jcifs.pac.kerberos.KerberosRelevantAuthData.java
License:Open Source License
public KerberosRelevantAuthData(byte[] token, Key key) throws PACDecodingException { DLSequence authSequence;/*from ww w. j ava 2 s . c om*/ try { try (ASN1InputStream stream = new ASN1InputStream(new ByteArrayInputStream(token))) { authSequence = ASN1Util.as(DLSequence.class, stream); } } catch (IOException e) { throw new PACDecodingException("Malformed kerberos ticket", e); } this.authorizations = new ArrayList<>(); Enumeration<?> authElements = authSequence.getObjects(); while (authElements.hasMoreElements()) { DLSequence authElement = ASN1Util.as(DLSequence.class, authElements); ASN1Integer authType = ASN1Util.as(ASN1Integer.class, ASN1Util.as(DERTaggedObject.class, authElement, 0)); DEROctetString authData = ASN1Util.as(DEROctetString.class, ASN1Util.as(DERTaggedObject.class, authElement, 1)); this.authorizations .addAll(KerberosAuthData.parse(authType.getValue().intValue(), authData.getOctets(), key)); } }
From source file:jcifs.pac.kerberos.KerberosTicket.java
License:Open Source License
public KerberosTicket(byte[] token, byte apOptions, KerberosKey[] keys) throws PACDecodingException { if (token.length <= 0) throw new PACDecodingException("Empty kerberos ticket"); DLSequence sequence;//from www . j ava 2s . com try { try (ASN1InputStream stream = new ASN1InputStream(new ByteArrayInputStream(token))) { sequence = ASN1Util.as(DLSequence.class, stream); } } catch (IOException e) { throw new PACDecodingException("Malformed kerberos ticket", e); } Enumeration<?> fields = sequence.getObjects(); while (fields.hasMoreElements()) { ASN1TaggedObject tagged = ASN1Util.as(ASN1TaggedObject.class, fields); switch (tagged.getTagNo()) { case 0:// Kerberos version ASN1Integer tktvno = ASN1Util.as(ASN1Integer.class, tagged); if (!tktvno.getValue().equals(new BigInteger(KerberosConstants.KERBEROS_VERSION))) { throw new PACDecodingException("Invalid kerberos version " + tktvno); } break; case 1:// Realm DERGeneralString derRealm = ASN1Util.as(DERGeneralString.class, tagged); this.serverRealm = derRealm.getString(); break; case 2:// Principal DLSequence principalSequence = ASN1Util.as(DLSequence.class, tagged); DLSequence nameSequence = ASN1Util.as(DLSequence.class, ASN1Util.as(DERTaggedObject.class, principalSequence, 1)); StringBuilder nameBuilder = new StringBuilder(); Enumeration<?> parts = nameSequence.getObjects(); while (parts.hasMoreElements()) { Object part = parts.nextElement(); DERGeneralString stringPart = ASN1Util.as(DERGeneralString.class, part); nameBuilder.append(stringPart.getString()); if (parts.hasMoreElements()) nameBuilder.append('/'); } this.serverPrincipalName = nameBuilder.toString(); break; case 3:// Encrypted part DLSequence encSequence = ASN1Util.as(DLSequence.class, tagged); ASN1Integer encType = ASN1Util.as(ASN1Integer.class, ASN1Util.as(DERTaggedObject.class, encSequence, 0)); DEROctetString encOctets = ASN1Util.as(DEROctetString.class, ASN1Util.as(DERTaggedObject.class, encSequence, 2)); byte[] crypt = encOctets.getOctets(); if (keys == null) { try { keys = new KerberosCredentials().getKeys(); } catch (LoginException e) { throw new PACDecodingException("Login failure", e); } } KerberosKey serverKey = null; for (KerberosKey key : keys) { if (key.getKeyType() == encType.getValue().intValue()) serverKey = key; } if (serverKey == null) { throw new PACDecodingException("Kerberos key not found for eType " + encType.getValue()); } try { byte[] decrypted = KerberosEncData.decrypt(crypt, serverKey, serverKey.getKeyType()); this.encData = new KerberosEncData(decrypted, serverKey); } catch (GeneralSecurityException e) { throw new PACDecodingException("Decryption failed " + serverKey.getKeyType(), e); } break; default: throw new PACDecodingException("Unrecognized field " + tagged.getTagNo()); } } }
From source file:me.it_result.ca.X509Assertions.java
License:Open Source License
public X509Assertions extensionValue(DERObjectIdentifier id, ASN1Encodable value) throws Exception { ASN1InputStream asn1Parser = new ASN1InputStream(cert.getExtensionValue(id.getId())); DEROctetString actualExtension = (DEROctetString) asn1Parser.readObject(); assertTrue(Arrays.equals(value.getDERObject().getDEREncoded(), actualExtension.getOctets())); return this; }
From source file:net.maritimecloud.pki.CRLVerifier.java
License:Apache License
/** * Extracts all CRL distribution point URLs from the * "CRL Distribution Point" extension in a X.509 certificate. If CRL * distribution point extension is unavailable, returns an empty list. *//*from w ww . ja v a2 s .c o m*/ public static List<String> getCrlDistributionPoints(X509Certificate cert) throws CertificateParsingException, IOException { byte[] crldpExt = cert.getExtensionValue(Extension.cRLDistributionPoints.getId()); if (crldpExt == null) { return new ArrayList<>(); } ASN1InputStream oAsnInStream = new ASN1InputStream(crldpExt); DEROctetString dosCrlDP = (DEROctetString) oAsnInStream.readObject(); byte[] crldpExtOctets = dosCrlDP.getOctets(); ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets)); CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(oAsnInStream2.readObject()); oAsnInStream.close(); oAsnInStream2.close(); List<String> crlUrls = new ArrayList<>(); for (DistributionPoint dp : crlDistPoint.getDistributionPoints()) { DistributionPointName dpn = dp.getDistributionPoint(); // Look for URIs in fullName if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for an URI for (GeneralName genName : genNames) { if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(genName.getName()).getString(); crlUrls.add(url); } } } } return crlUrls; }
From source file:net.ripe.rpki.commons.crypto.rfc3779.AddressFamily.java
License:BSD License
public static AddressFamily fromDer(ASN1Encodable der) { Validate.isTrue(der instanceof DEROctetString, "DEROctetString expected"); DEROctetString derOctetString = (DEROctetString) der; byte[] bytes = derOctetString.getOctets(); Validate.isTrue(bytes.length == AFI_OCTET_COUNT_WITHOUT_SAFI || bytes.length == AFI_OCTET_COUNT_WITH_SAFI, "Byte array must consist of " + AFI_OCTET_COUNT_WITHOUT_SAFI + " or " + AFI_OCTET_COUNT_WITH_SAFI + " elements"); int thisAddressFamilyIdentifier = (unsignedByteToInt(bytes[0]) << Byte.SIZE) | unsignedByteToInt(bytes[1]); AddressFamily addressFamily;// ww w.j a va 2 s .c o m if (bytes.length == 2) { addressFamily = new AddressFamily(thisAddressFamilyIdentifier); } else { // subsequentAddressIdentifier given int thisSafi = unsignedByteToInt(bytes[2]); addressFamily = new AddressFamily(thisAddressFamilyIdentifier, thisSafi); } return addressFamily; }
From source file:net.sf.assinafacil.UtiICPBrasill.java
License:Open Source License
public static Vector getCrlDistributionPoint(X509Certificate certificate) throws CertificateParsingException { try {/*from ww w .ja v a2 s. com*/ // ---- alternative code ---------- byte[] val1 = certificate.getExtensionValue("2.5.29.31"); if (val1 == null) { return new Vector(); } ASN1InputStream oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(val1)); DERObject derObj = oAsnInStream.readObject(); DEROctetString dos = (DEROctetString) derObj; byte[] val2 = dos.getOctets(); ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(val2)); DERObject derObj2 = oAsnInStream2.readObject(); Vector urls = getDERValue(derObj2); return urls; } catch (Exception e) { e.printStackTrace(); throw new CertificateParsingException(e.toString()); } }
From source file:net.sf.assinafacil.UtiICPBrasill.java
License:Open Source License
private static Vector getDERValue(DERObject derObj) { if (derObj instanceof DERSequence) { Vector ret = new Vector(); DERSequence seq = (DERSequence) derObj; Enumeration enume = seq.getObjects(); while (enume.hasMoreElements()) { DERObject nestedObj = (DERObject) enume.nextElement(); Vector appo = getDERValue(nestedObj); if (appo != null) { ret.addAll(appo);//from ww w. j av a2 s . co m } } return ret; } if (derObj instanceof DERTaggedObject) { DERTaggedObject derTag = (DERTaggedObject) derObj; if (derTag.isExplicit() && !derTag.isEmpty()) { DERObject nestedObj = derTag.getObject(); Vector ret = getDERValue(nestedObj); return ret; } else { DEROctetString derOct = (DEROctetString) derTag.getObject(); String val = new String(derOct.getOctets()); Vector ret = new Vector(); ret.add(val); return ret; } } return null; }
From source file:net.sf.dsig.verify.OCSPHelper.java
License:Apache License
/** * Retrieve the OCSP URI distribution point from an X.509 certificate, using * the 1.3.6.1.5.5.7.1.1 extension value * // w w w . j av a2 s . co m * @param certificate the {@link X509Certificate} object * @return a String containing the URI of the OCSP authority info access, * or null if none can be found */ public static String getOCSPAccessLocationUri(X509Certificate certificate) { try { byte[] derAiaBytes = certificate.getExtensionValue(OID_AUTHORITYINFOACCESS); if (derAiaBytes == null) { return null; } ASN1InputStream ais = new ASN1InputStream(derAiaBytes); DEROctetString dos = (DEROctetString) ais.readObject(); ais.close(); ais = new ASN1InputStream(dos.getOctets()); DERSequence seq = (DERSequence) ais.readObject(); ais.close(); AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(seq); for (int i = 0; i < aia.getAccessDescriptions().length; i++) { AccessDescription ad = aia.getAccessDescriptions()[i]; if (!ad.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) { continue; } GeneralName gn = ad.getAccessLocation(); if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) { return ((DERString) gn.getName()).getString(); } } } catch (IOException e) { logger.warn("ASN.1 decoding failed; will fall back to default OCSP AccessLocation, if set"); } return null; }