List of usage examples for org.bouncycastle.asn1 DERPrintableString getInstance
public static DERPrintableString getInstance(Object obj)
From source file:br.gov.frameworkdemoiselle.certificate.oid.OIDGeneric.java
License:Open Source License
/** * Instance for object.// w w w . ja v a 2s .c om * * @param data -> byte array with certificate content. * @return Object GenericOID * @throws IOException * @throws Exception */ public static OIDGeneric getInstance(byte[] data) throws IOException, Exception { ASN1InputStream is = new ASN1InputStream(data); DERSequence sequence = (DERSequence) is.readObject(); DERObjectIdentifier objectIdentifier = (DERObjectIdentifier) sequence.getObjectAt(0); DERTaggedObject tag = (DERTaggedObject) sequence.getObjectAt(1); DEROctetString octetString = null; DERPrintableString printableString = null; DERUTF8String utf8String = null; DERIA5String ia5String = null; try { octetString = (DEROctetString) DEROctetString.getInstance(tag); } catch (Exception ex) { try { printableString = DERPrintableString.getInstance(tag); } catch (Exception e1) { try { utf8String = DERUTF8String.getInstance(tag); } catch (Exception e2) { ia5String = DERIA5String.getInstance(tag); } } } String className = "br.gov.frameworkdemoiselle.certificate.oid.OID_" + objectIdentifier.getId().replaceAll("[.]", "_"); OIDGeneric oidGenerico; try { oidGenerico = (OIDGeneric) Class.forName(className).newInstance(); } catch (InstantiationException e) { throw new Exception("Can not instace class '" + className + "'.", e); } catch (IllegalAccessException e) { throw new Exception("Was not possible instace class '" + className + "'.", e); } catch (ClassNotFoundException e) { oidGenerico = new OIDGeneric(); } oidGenerico.setOid(objectIdentifier.getId()); if (octetString != null) { oidGenerico.setData(new String(octetString.getOctets())); } else if (printableString != null) { oidGenerico.setData(printableString.getString()); } else if (utf8String != null) { oidGenerico.setData(utf8String.getString()); } else { oidGenerico.setData(ia5String.getString()); } oidGenerico.initialize(); return oidGenerico; }
From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java
License:Open Source License
private String getAttributeValueString(ASN1ObjectIdentifier attributeType, ASN1Encodable attributeValue) throws IOException { // @formatter:off /* AttributeValue ::= ANY */ // @formatter:on // Get value string for recognized attribute types AttributeTypeType attributeTypeType = AttributeTypeType.resolveOid(attributeType.getId()); if (attributeTypeType == COMMON_NAME) { DirectoryString commonName = DirectoryString.getInstance(ASN1Primitive.fromByteArray(value)); return commonName.getString(); } else if (attributeTypeType == SERIAL_NUMBER) { DERPrintableString serialNumber = DERPrintableString.getInstance(value); return serialNumber.getString(); } else if (attributeTypeType == COUNTRY_NAME) { DERPrintableString countryName = DERPrintableString.getInstance(value); return countryName.getString(); } else if (attributeTypeType == LOCALITY_NAME) { DirectoryString localityName = DirectoryString.getInstance(ASN1Primitive.fromByteArray(value)); return localityName.getString(); } else if (attributeTypeType == STATE_NAME) { DirectoryString stateName = DirectoryString.getInstance(ASN1Primitive.fromByteArray(value)); return stateName.getString(); } else if (attributeTypeType == STREET_ADDRESS) { DirectoryString street = DirectoryString.getInstance(ASN1Primitive.fromByteArray(value)); return street.getString(); } else if (attributeTypeType == ORGANIZATION_NAME) { DirectoryString organizationName = DirectoryString.getInstance(ASN1Primitive.fromByteArray(value)); return organizationName.getString(); } else if (attributeTypeType == ORGANIZATIONAL_UNIT) { DirectoryString organizationalUnitName = DirectoryString .getInstance(ASN1Primitive.fromByteArray(value)); return organizationalUnitName.getString(); } else if (attributeTypeType == TITLE) { DirectoryString title = DirectoryString.getInstance(ASN1Primitive.fromByteArray(value)); return title.getString(); } else if (attributeTypeType == EMAIL_ADDRESS) { DERIA5String emailAddress = DERIA5String.getInstance(value); return emailAddress.getString(); } else if (attributeTypeType == UNSTRUCTURED_NAME) { DERIA5String emailAddress = DERIA5String.getInstance(value); return emailAddress.getString(); } else if (attributeTypeType == UNSTRUCTURED_ADDRESS) { DERPrintableString serialNumber = DERPrintableString.getInstance(value); return serialNumber.getString(); } else if (attributeTypeType == USER_ID) { DirectoryString title = DirectoryString.getInstance(ASN1Primitive.fromByteArray(value)); return title.getString(); } else if (attributeTypeType == MAIL) { DERIA5String emailAddress = DERIA5String.getInstance(value); return emailAddress.getString(); } else if (attributeTypeType == DOMAIN_COMPONENT) { DERIA5String domainComponent = DERIA5String.getInstance(value); return domainComponent.getString(); }/*from w w w. j av a 2 s . c o m*/ // Attribute type not recognized - return hex string for value else { return HexUtil.getHexString(value); } }
From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java
License:Open Source License
private String getDeclarationOfMajorityStringValue(byte[] octets) { // @formatter:off /*// w ww. ja v a 2 s. c o m DeclarationOfMajoritySyntax ::= CHOICE { notYoungerThan [0] IMPLICIT INTEGER, fullAgeAtCountry [1] IMPLICIT SEQUENCE { fullAge BOOLEAN DEFAULT TRUE, country PrintableString (SIZE(2)) }, dateOfBirth [2] IMPLICIT GeneralizedTime } */ // @formatter:on StringBuilder sb = new StringBuilder(); DeclarationOfMajority declarationOfMajority = DeclarationOfMajority.getInstance(octets); int notYoungerThan = declarationOfMajority.notYoungerThan(); ASN1Sequence fullAgeAtCountry = declarationOfMajority.fullAgeAtCountry(); ASN1GeneralizedTime dateOfBirth = declarationOfMajority.getDateOfBirth(); if (notYoungerThan != -1) { sb.append(MessageFormat.format(res.getString("DeclarationOfMajority.notYoungerThan"), notYoungerThan)); sb.append(NEWLINE); } if (fullAgeAtCountry != null) { ASN1Boolean fullAge = ASN1Boolean.getInstance(fullAgeAtCountry.getObjectAt(0)); DERPrintableString country = DERPrintableString.getInstance(fullAgeAtCountry.getObjectAt(1)); sb.append(MessageFormat.format(res.getString("DeclarationOfMajority.fullAgeAtCountry"), country.toString(), fullAge.toString())); sb.append(NEWLINE); } if (dateOfBirth != null) { sb.append(MessageFormat.format(res.getString("DeclarationOfMajority.dateOfBirth"), dateOfBirth)); sb.append(NEWLINE); } return sb.toString(); }
From source file:org.cesecore.certificates.certificate.request.PKCS10RequestMessage.java
License:Open Source License
@Override public String getPassword() { if (password != null) { return password; }//from w w w .j a v a 2 s.com try { if (pkcs10 == null) { init(); } } catch (NullPointerException e) { log.error("PKCS10 not initated! " + e.getMessage()); return null; } String ret = null; Attribute[] attributes = pkcs10.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_challengePassword); ASN1Encodable obj = null; if (attributes.length == 0) { // See if we have it embedded in an extension request instead attributes = pkcs10.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); if (attributes.length == 0) { return null; } if (log.isDebugEnabled()) { log.debug("got extension request"); } ASN1Set values = attributes[0].getAttrValues(); if (values.size() == 0) { return null; } Extensions exts = Extensions.getInstance(values.getObjectAt(0)); Extension ext = exts.getExtension(PKCSObjectIdentifiers.pkcs_9_at_challengePassword); if (ext == null) { if (log.isDebugEnabled()) { log.debug("no challenge password extension"); } return null; } obj = ext.getExtnValue(); } else { // If it is a challengePassword directly, it's just to grab the value ASN1Set values = attributes[0].getAttrValues(); obj = values.getObjectAt(0); } if (obj != null) { ASN1String str = null; try { str = DERPrintableString.getInstance((obj)); } catch (IllegalArgumentException ie) { // This was not printable string, should be utf8string then according to pkcs#9 v2.0 str = DERUTF8String.getInstance((obj)); } if (str != null) { ret = str.getString(); } } return ret; }
From source file:org.ejbca.core.protocol.PKCS10RequestMessage.java
License:Open Source License
/** * Returns the challenge password from the certificattion request. * * @return challenge password from certification request or null if none exist in the request. */// w ww . j a v a 2 s . c o m public String getPassword() { if (password != null) { return password; } try { if (pkcs10 == null) { init(); } } catch (IllegalArgumentException e) { log.error("PKCS10 not inited!"); return null; } String ret = null; // Get attributes // The password attribute can be either a pkcs_9_at_challengePassword directly // or // a pkcs_9_at_extensionRequest containing a pkcs_9_at_challengePassword as a // X509Extension. AttributeTable attributes = null; CertificationRequestInfo info = pkcs10.getCertificationRequestInfo(); if (info != null) { ASN1Set attrs = info.getAttributes(); if (attrs != null) { attributes = new AttributeTable(attrs); } } if (attributes == null) { return null; } Attribute attr = attributes.get(PKCSObjectIdentifiers.pkcs_9_at_challengePassword); DEREncodable obj = null; if (attr == null) { // See if we have it embedded in an extension request instead attr = attributes.get(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); if (attr == null) { return null; } if (log.isDebugEnabled()) { log.debug("got extension request"); } ASN1Set values = attr.getAttrValues(); if (values.size() == 0) { return null; } X509Extensions exts = X509Extensions.getInstance(values.getObjectAt(0)); X509Extension ext = exts.getExtension(PKCSObjectIdentifiers.pkcs_9_at_challengePassword); if (ext == null) { if (log.isDebugEnabled()) { log.debug("no challenge password extension"); } return null; } obj = ext.getValue(); } else { // If it is a challengePassword directly, it's just to grab the value ASN1Set values = attr.getAttrValues(); obj = values.getObjectAt(0); } if (obj != null) { DERString str = null; try { str = DERPrintableString.getInstance((obj)); } catch (IllegalArgumentException ie) { // This was not printable string, should be utf8string then according to pkcs#9 v2.0 str = DERUTF8String.getInstance((obj)); } if (str != null) { ret = str.getString(); } } return ret; }
From source file:org.ejbca.core.protocol.scep.ProtocolScepHttpTest.java
License:Open Source License
private void checkScepResponse(byte[] retMsg, String userDN, String _senderNonce, String _transId, boolean crlRep, String digestOid, boolean noca) throws CMSException, OperatorCreationException, NoSuchProviderException, CRLException, InvalidKeyException, NoSuchAlgorithmException, SignatureException, CertificateException { // Parse response message ///*from ww w. jav a 2 s . c o m*/ CMSSignedData s = new CMSSignedData(retMsg); // The signer, i.e. the CA, check it's the right CA SignerInformationStore signers = s.getSignerInfos(); @SuppressWarnings("unchecked") Collection<SignerInformation> col = signers.getSigners(); assertTrue(col.size() > 0); Iterator<SignerInformation> iter = col.iterator(); SignerInformation signerInfo = iter.next(); // Check that the message is signed with the correct digest alg assertEquals(signerInfo.getDigestAlgOID(), digestOid); SignerId sinfo = signerInfo.getSID(); // Check that the signer is the expected CA assertEquals(CertTools.stringToBCDNString(cacert.getIssuerDN().getName()), CertTools.stringToBCDNString(sinfo.getIssuer().toString())); // Verify the signature JcaDigestCalculatorProviderBuilder calculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder() .setProvider(BouncyCastleProvider.PROVIDER_NAME); JcaSignerInfoVerifierBuilder jcaSignerInfoVerifierBuilder = new JcaSignerInfoVerifierBuilder( calculatorProviderBuilder.build()).setProvider(BouncyCastleProvider.PROVIDER_NAME); boolean ret = signerInfo.verify(jcaSignerInfoVerifierBuilder.build(cacert.getPublicKey())); assertTrue(ret); // Get authenticated attributes AttributeTable tab = signerInfo.getSignedAttributes(); // --Fail info Attribute attr = tab.get(new ASN1ObjectIdentifier(ScepRequestMessage.id_failInfo)); // No failInfo on this success message assertNull(attr); // --Message type attr = tab.get(new ASN1ObjectIdentifier(ScepRequestMessage.id_messageType)); assertNotNull(attr); ASN1Set values = attr.getAttrValues(); assertEquals(values.size(), 1); ASN1String str = DERPrintableString.getInstance((values.getObjectAt(0))); String messageType = str.getString(); assertEquals("3", messageType); // --Success status attr = tab.get(new ASN1ObjectIdentifier(ScepRequestMessage.id_pkiStatus)); assertNotNull(attr); values = attr.getAttrValues(); assertEquals(values.size(), 1); str = DERPrintableString.getInstance((values.getObjectAt(0))); assertEquals(ResponseStatus.SUCCESS.getStringValue(), str.getString()); // --SenderNonce attr = tab.get(new ASN1ObjectIdentifier(ScepRequestMessage.id_senderNonce)); assertNotNull(attr); values = attr.getAttrValues(); assertEquals(values.size(), 1); ASN1OctetString octstr = ASN1OctetString.getInstance(values.getObjectAt(0)); // SenderNonce is something the server came up with, but it should be 16 // chars assertTrue(octstr.getOctets().length == 16); // --Recipient Nonce attr = tab.get(new ASN1ObjectIdentifier(ScepRequestMessage.id_recipientNonce)); assertNotNull(attr); values = attr.getAttrValues(); assertEquals(values.size(), 1); octstr = ASN1OctetString.getInstance(values.getObjectAt(0)); // recipient nonce should be the same as we sent away as sender nonce assertEquals(_senderNonce, new String(Base64.encode(octstr.getOctets()))); // --Transaction ID attr = tab.get(new ASN1ObjectIdentifier(ScepRequestMessage.id_transId)); assertNotNull(attr); values = attr.getAttrValues(); assertEquals(values.size(), 1); str = DERPrintableString.getInstance((values.getObjectAt(0))); // transid should be the same as the one we sent assertEquals(_transId, str.getString()); // // Check different message types // if (messageType.equals("3")) { // First we extract the encrypted data from the CMS enveloped data // contained // within the CMS signed data final CMSProcessable sp = s.getSignedContent(); final byte[] content = (byte[]) sp.getContent(); final CMSEnvelopedData ed = new CMSEnvelopedData(content); final RecipientInformationStore recipients = ed.getRecipientInfos(); Store certstore; @SuppressWarnings("unchecked") Collection<RecipientInformation> c = recipients.getRecipients(); assertEquals(c.size(), 1); Iterator<RecipientInformation> riIterator = c.iterator(); byte[] decBytes = null; RecipientInformation recipient = riIterator.next(); JceKeyTransEnvelopedRecipient rec = new JceKeyTransEnvelopedRecipient(key1.getPrivate()); rec.setContentProvider(BouncyCastleProvider.PROVIDER_NAME); decBytes = recipient.getContent(rec); // This is yet another CMS signed data CMSSignedData sd = new CMSSignedData(decBytes); // Get certificates from the signed data certstore = sd.getCertificates(); if (crlRep) { // We got a reply with a requested CRL @SuppressWarnings("unchecked") final Collection<X509CRLHolder> crls = (Collection<X509CRLHolder>) sd.getCRLs().getMatches(null); assertEquals(crls.size(), 1); final Iterator<X509CRLHolder> it = crls.iterator(); // CRL is first (and only) final X509CRL retCrl = new JcaX509CRLConverter().getCRL(it.next()); log.info("Got CRL with DN: " + retCrl.getIssuerDN().getName()); // check the returned CRL assertEquals(CertTools.getSubjectDN(cacert), CertTools.getIssuerDN(retCrl)); retCrl.verify(cacert.getPublicKey()); } else { // We got a reply with a requested certificate @SuppressWarnings("unchecked") final Collection<X509CertificateHolder> certs = (Collection<X509CertificateHolder>) certstore .getMatches(null); // EJBCA returns the issued cert and the CA cert (cisco vpn // client requires that the ca cert is included) if (noca) { assertEquals(certs.size(), 1); } else { assertEquals(certs.size(), 2); } final Iterator<X509CertificateHolder> it = certs.iterator(); // Issued certificate must be first boolean verified = false; boolean gotcacert = false; JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter(); while (it.hasNext()) { X509Certificate retcert = jcaX509CertificateConverter.getCertificate(it.next()); log.info("Got cert with DN: " + retcert.getSubjectDN().getName()); // check the returned certificate String subjectdn = CertTools.stringToBCDNString(retcert.getSubjectDN().getName()); if (CertTools.stringToBCDNString(userDN).equals(subjectdn)) { // issued certificate assertEquals(CertTools.stringToBCDNString(userDN), subjectdn); assertEquals(CertTools.getSubjectDN(cacert), CertTools.getIssuerDN(retcert)); retcert.verify(cacert.getPublicKey()); assertTrue(checkKeys(key1.getPrivate(), retcert.getPublicKey())); verified = true; } else { // ca certificate assertEquals(CertTools.getSubjectDN(cacert), CertTools.getSubjectDN(retcert)); gotcacert = true; } } assertTrue(verified); if (noca) { assertFalse(gotcacert); } else { assertTrue(gotcacert); } } } }
From source file:org.ejbca.core.protocol.scep.ScepRequestMessage.java
License:Open Source License
private void init() throws IOException { if (log.isTraceEnabled()) { log.trace(">init"); }//from w ww . ja v a 2 s .co m try { CMSSignedData csd = new CMSSignedData(scepmsg); SignerInformationStore infoStore = csd.getSignerInfos(); @SuppressWarnings("unchecked") Collection<SignerInformation> signers = infoStore.getSigners(); Iterator<SignerInformation> iter = signers.iterator(); if (iter.hasNext()) { SignerInformation si = (SignerInformation) iter.next(); preferredDigestAlg = si.getDigestAlgOID(); log.debug("Set " + preferredDigestAlg + " as preferred digest algorithm for SCEP"); } } catch (CMSException e) { // ignore, use default digest algo log.error("CMSException trying to get preferred digest algorithm: ", e); } // Parse and verify the integrity of the PKIOperation message PKCS#7 /* If this would have been done using the newer CMS it would have made me so much happier... */ ASN1InputStream seqAsn1InputStream = new ASN1InputStream(new ByteArrayInputStream(scepmsg)); ASN1Sequence seq = null; try { seq = (ASN1Sequence) seqAsn1InputStream.readObject(); } finally { seqAsn1InputStream.close(); } ContentInfo ci = ContentInfo.getInstance(seq); String ctoid = ci.getContentType().getId(); if (ctoid.equals(CMSObjectIdentifiers.signedData.getId())) { // This is SignedData so it is a pkcsCertReqSigned, pkcsGetCertInitialSigned, pkcsGetCertSigned, pkcsGetCRLSigned // (could also be pkcsRepSigned or certOnly, but we don't receive them on the server side // Try to find out what kind of message this is sd = SignedData.getInstance((ASN1Sequence) ci.getContent()); // Get self signed cert to identify the senders public key ASN1Set certs = sd.getCertificates(); if (certs.size() > 0) { // There should be only one... ASN1Encodable dercert = certs.getObjectAt(0); if (dercert != null) { // Requester's self-signed certificate is requestKeyInfo ByteArrayOutputStream bOut = new ByteArrayOutputStream(); DEROutputStream dOut = new DEROutputStream(bOut); dOut.writeObject(dercert); if (bOut.size() > 0) { requestKeyInfo = bOut.toByteArray(); //Create Certificate used for debugging try { signercert = CertTools.getCertfromByteArray(requestKeyInfo); if (log.isDebugEnabled()) { log.debug("requestKeyInfo is SubjectDN: " + CertTools.getSubjectDN(signercert) + ", Serial=" + CertTools.getSerialNumberAsString(signercert) + "; IssuerDN: " + CertTools.getIssuerDN(signercert).toString()); } } catch (CertificateException e) { log.error("Error parsing requestKeyInfo : ", e); } } } } Enumeration<?> sis = sd.getSignerInfos().getObjects(); if (sis.hasMoreElements()) { SignerInfo si = SignerInfo.getInstance((ASN1Sequence) sis.nextElement()); Enumeration<?> attr = si.getAuthenticatedAttributes().getObjects(); while (attr.hasMoreElements()) { Attribute a = Attribute.getInstance((ASN1Sequence) attr.nextElement()); if (log.isDebugEnabled()) { log.debug("Found attribute: " + a.getAttrType().getId()); } if (a.getAttrType().getId().equals(id_senderNonce)) { Enumeration<?> values = a.getAttrValues().getObjects(); ASN1OctetString str = ASN1OctetString.getInstance(values.nextElement()); senderNonce = new String(Base64.encode(str.getOctets(), false)); if (log.isDebugEnabled()) { log.debug("senderNonce = " + senderNonce); } } if (a.getAttrType().getId().equals(id_transId)) { Enumeration<?> values = a.getAttrValues().getObjects(); DERPrintableString str = DERPrintableString.getInstance(values.nextElement()); transactionId = str.getString(); if (log.isDebugEnabled()) { log.debug("transactionId = " + transactionId); } } if (a.getAttrType().getId().equals(id_messageType)) { Enumeration<?> values = a.getAttrValues().getObjects(); DERPrintableString str = DERPrintableString.getInstance(values.nextElement()); messageType = Integer.parseInt(str.getString()); if (log.isDebugEnabled()) { log.debug("messagetype = " + messageType); } } } } // If this is a PKCSReq if ((messageType == ScepRequestMessage.SCEP_TYPE_PKCSREQ) || (messageType == ScepRequestMessage.SCEP_TYPE_GETCRL) || (messageType == ScepRequestMessage.SCEP_TYPE_GETCERTINITIAL)) { // Extract the contents, which is an encrypted PKCS10 if messageType == 19 // , and an encrypted issuer and subject if messageType == 20 (not extracted) // and an encrypted IssuerAndSerialNumber if messageType == 22 ci = sd.getEncapContentInfo(); ctoid = ci.getContentType().getId(); if (ctoid.equals(CMSObjectIdentifiers.data.getId())) { ASN1OctetString content = (ASN1OctetString) ci.getContent(); if (log.isDebugEnabled()) { log.debug("envelopedData is " + content.getOctets().length + " bytes."); } ASN1InputStream seq1Asn1InputStream = new ASN1InputStream( new ByteArrayInputStream(content.getOctets())); ASN1Sequence seq1 = null; try { seq1 = (ASN1Sequence) seq1Asn1InputStream.readObject(); } finally { seq1Asn1InputStream.close(); } envEncData = ContentInfo.getInstance(seq1); ctoid = envEncData.getContentType().getId(); if (ctoid.equals(CMSObjectIdentifiers.envelopedData.getId())) { envData = EnvelopedData.getInstance((ASN1Sequence) envEncData.getContent()); ASN1Set recipientInfos = envData.getRecipientInfos(); Enumeration<?> e = recipientInfos.getObjects(); while (e.hasMoreElements()) { RecipientInfo ri = RecipientInfo.getInstance(e.nextElement()); KeyTransRecipientInfo recipientInfo = KeyTransRecipientInfo.getInstance(ri.getInfo()); RecipientIdentifier rid = recipientInfo.getRecipientIdentifier(); IssuerAndSerialNumber iasn = IssuerAndSerialNumber.getInstance(rid.getId()); issuerDN = iasn.getName().toString(); serialNo = iasn.getSerialNumber().getValue(); if (log.isDebugEnabled()) { log.debug("IssuerDN: " + issuerDN); log.debug("SerialNumber: " + iasn.getSerialNumber().getValue().toString(16)); } } } else { errorText = "EncapsulatedContentInfo does not contain PKCS7 envelopedData: "; log.error(errorText + ctoid); error = 2; } } else { errorText = "EncapsulatedContentInfo is not of type 'data': "; log.error(errorText + ctoid); error = 3; } } else { errorText = "This is not a certification request!"; log.error(errorText); error = 4; } } else { errorText = "PKCSReq does not contain 'signedData': "; log.error(errorText + ctoid); error = 1; } log.trace("<init"); }
From source file:org.ejbca.extra.ra.ProtocolScepHttpTest.java
License:Open Source License
private boolean isScepResponseMessageOfType(byte[] retMsg, ResponseStatus extectedResponseStatus) throws CMSException, NoSuchAlgorithmException, NoSuchProviderException { ////from w w w. j av a 2s .co m // Parse response message // CMSSignedData s = new CMSSignedData(retMsg); // The signer, i.e. the CA, check it's the right CA SignerInformationStore signers = s.getSignerInfos(); Collection col = signers.getSigners(); assertTrue(col.size() > 0); Iterator iter = col.iterator(); SignerInformation signerInfo = (SignerInformation) iter.next(); SignerId sinfo = signerInfo.getSID(); // Check that the signer is the expected CA assertEquals(CertTools.stringToBCDNString(racert.getIssuerDN().getName()), CertTools.stringToBCDNString(sinfo.getIssuerAsString())); // Verify the signature boolean ret = signerInfo.verify(racert.getPublicKey(), "BC"); assertTrue(ret); // Get authenticated attributes AttributeTable tab = signerInfo.getSignedAttributes(); // --Fail info Attribute attr = tab.get(new DERObjectIdentifier(ScepRequestMessage.id_failInfo)); // --Message type attr = tab.get(new DERObjectIdentifier(ScepRequestMessage.id_messageType)); assertNotNull(attr); ASN1Set values = attr.getAttrValues(); assertEquals(values.size(), 1); DERString str = DERPrintableString.getInstance((values.getObjectAt(0))); String messageType = str.getString(); assertEquals("3", messageType); // --Success status attr = tab.get(new DERObjectIdentifier(ScepRequestMessage.id_pkiStatus)); assertNotNull(attr); values = attr.getAttrValues(); assertEquals(values.size(), 1); str = DERPrintableString.getInstance((values.getObjectAt(0))); String responsestatus = str.getString(); if (extectedResponseStatus.getValue().equals(responsestatus)) { return true; } return false; }
From source file:org.ejbca.extra.ra.ProtocolScepHttpTest.java
License:Open Source License
private void checkScepResponse(byte[] retMsg, String senderNonce, String transId, boolean crlRep, String digestOid, boolean noca, ResponseStatus expectedResponseStatus) throws CMSException, NoSuchProviderException, NoSuchAlgorithmException, CertStoreException, InvalidKeyException, CertificateException, SignatureException, CRLException, IOException { //// w w w . j a va2s . c om // Parse response message // CMSSignedData s = new CMSSignedData(retMsg); // The signer, i.e. the CA, check it's the right CA SignerInformationStore signers = s.getSignerInfos(); Collection col = signers.getSigners(); assertTrue(col.size() > 0); Iterator iter = col.iterator(); SignerInformation signerInfo = (SignerInformation) iter.next(); // Check that the message is signed with the correct digest alg assertEquals(signerInfo.getDigestAlgOID(), digestOid); SignerId sinfo = signerInfo.getSID(); // Check that the signer is the expected CA assertEquals(CertTools.stringToBCDNString(racert.getIssuerDN().getName()), CertTools.stringToBCDNString(sinfo.getIssuerAsString())); // Verify the signature boolean ret = signerInfo.verify(racert.getPublicKey(), "BC"); assertTrue(ret); // Get authenticated attributes AttributeTable tab = signerInfo.getSignedAttributes(); // --Fail info Attribute attr = tab.get(new DERObjectIdentifier(ScepRequestMessage.id_failInfo)); // No failInfo on this success message if (expectedResponseStatus == ResponseStatus.SUCCESS) { assertNull(attr); } // --Message type attr = tab.get(new DERObjectIdentifier(ScepRequestMessage.id_messageType)); assertNotNull(attr); ASN1Set values = attr.getAttrValues(); assertEquals(values.size(), 1); DERString str = DERPrintableString.getInstance((values.getObjectAt(0))); String messageType = str.getString(); assertEquals("3", messageType); // --Success status attr = tab.get(new DERObjectIdentifier(ScepRequestMessage.id_pkiStatus)); assertNotNull(attr); values = attr.getAttrValues(); assertEquals(values.size(), 1); str = DERPrintableString.getInstance((values.getObjectAt(0))); String responsestatus = str.getString(); assertEquals(expectedResponseStatus.getValue(), responsestatus); // --SenderNonce attr = tab.get(new DERObjectIdentifier(ScepRequestMessage.id_senderNonce)); assertNotNull(attr); values = attr.getAttrValues(); assertEquals(values.size(), 1); ASN1OctetString octstr = ASN1OctetString.getInstance(values.getObjectAt(0)); // SenderNonce is something the server came up with, but it should be 16 chars assertTrue(octstr.getOctets().length == 16); // --Recipient Nonce attr = tab.get(new DERObjectIdentifier(ScepRequestMessage.id_recipientNonce)); assertNotNull(attr); values = attr.getAttrValues(); assertEquals(values.size(), 1); octstr = ASN1OctetString.getInstance(values.getObjectAt(0)); // recipient nonce should be the same as we sent away as sender nonce assertEquals(senderNonce, new String(Base64.encode(octstr.getOctets()))); // --Transaction ID attr = tab.get(new DERObjectIdentifier(ScepRequestMessage.id_transId)); assertNotNull(attr); values = attr.getAttrValues(); assertEquals(values.size(), 1); str = DERPrintableString.getInstance((values.getObjectAt(0))); // transid should be the same as the one we sent assertEquals(transId, str.getString()); // // Check different message types // if (!responsestatus.equals(ResponseStatus.PENDING.getValue()) && messageType.equals("3")) { // First we extract the encrypted data from the CMS enveloped data contained // within the CMS signed data CMSProcessable sp = s.getSignedContent(); byte[] content = (byte[]) sp.getContent(); CMSEnvelopedData ed = new CMSEnvelopedData(content); RecipientInformationStore recipients = ed.getRecipientInfos(); Collection c = recipients.getRecipients(); assertEquals(c.size(), 1); Iterator it = c.iterator(); byte[] decBytes = null; RecipientInformation recipient = (RecipientInformation) it.next(); decBytes = recipient.getContent(keys.getPrivate(), "BC"); // This is yet another CMS signed data CMSSignedData sd = new CMSSignedData(decBytes); // Get certificates from the signed data CertStore certstore = sd.getCertificatesAndCRLs("Collection", "BC"); if (crlRep) { // We got a reply with a requested CRL Collection crls = certstore.getCRLs(null); assertEquals(crls.size(), 1); it = crls.iterator(); X509CRL retCrl = null; // CRL is first (and only) retCrl = (X509CRL) it.next(); log.info("Got CRL with DN: " + retCrl.getIssuerDN().getName()); // try { // FileOutputStream fos = new FileOutputStream("sceptest.der"); // fos.write(retCrl.getEncoded()); // fos.close(); // } catch (Exception e) {} // check the returned CRL assertEquals(cacert.getSubjectDN().getName(), retCrl.getIssuerDN().getName()); retCrl.verify(cacert.getPublicKey()); } else { // We got a reply with a requested certificate Collection certs = certstore.getCertificates(null); log.info("Got certificate reply with certchain of length: " + certs.size()); // EJBCA returns the issued cert and the CA cert (cisco vpn client requires that the ca cert is included) if (noca) { assertEquals(certs.size(), 1); } else { assertEquals(certs.size(), 2); } it = certs.iterator(); // Issued certificate must be first boolean verified = false; boolean gotcacert = false; String mysubjectdn = CertTools.stringToBCDNString("C=SE,O=PrimeKey,CN=sceptest"); X509Certificate usercert = null; while (it.hasNext()) { X509Certificate retcert = (X509Certificate) it.next(); // try { // FileOutputStream fos = new FileOutputStream("sceptest.der"); // fos.write(retcert.getEncoded()); // fos.close(); // } catch (Exception e) {} // check the returned certificate String subjectdn = CertTools.stringToBCDNString(retcert.getSubjectDN().getName()); if (mysubjectdn.equals(subjectdn)) { System.out.println("Got user cert with DN: " + retcert.getSubjectDN().getName()); // issued certificate assertEquals(CertTools.stringToBCDNString("C=SE,O=PrimeKey,CN=sceptest"), subjectdn); //System.out.println(retcert); //System.out.println(cacert); retcert.verify(cacert.getPublicKey()); assertTrue(checkKeys(keys.getPrivate(), retcert.getPublicKey())); verified = true; String altName = CertTools.getSubjectAlternativeName(retcert); assertEquals("iPAddress=10.0.0.1, dNSName=foo.bar.com", altName); usercert = retcert; } else { log.info("Got CA cert with DN: " + retcert.getSubjectDN().getName()); // ca certificate assertEquals(cacert.getSubjectDN().getName(), retcert.getSubjectDN().getName()); gotcacert = true; usercert.verify(retcert.getPublicKey()); } } assertTrue(verified); if (noca) { assertFalse(gotcacert); } else { assertTrue(gotcacert); } } } }
From source file:org.opensc.pkcs15.asn1.basic.TokenInfo.java
License:Apache License
/** * @param obj The ASN.1 object to decode. * @return A TokenInfo instance./*from www.j a v a2 s . c o m*/ */ public static TokenInfo getInstance(Object obj) { if (obj instanceof TokenInfo) return (TokenInfo) obj; if (obj instanceof ASN1Sequence) { ASN1Sequence seq = (ASN1Sequence) obj; Enumeration<Object> objs = seq.getObjects(); if (!objs.hasMoreElements()) throw new IllegalArgumentException("Missing version member in TokenInfo SEQUENCE."); Object o = objs.nextElement(); int version = IntegerHelper.intValue(DERInteger.getInstance(o).getValue()); if (version != 0) throw new IllegalArgumentException("Unsupported version [" + version + "] in TokenInfo SEQUENCE."); if (!objs.hasMoreElements()) throw new IllegalArgumentException("Missing serialNumber member in TokenInfo SEQUENCE."); TokenInfo ret = new TokenInfo(); o = objs.nextElement(); ret.setSerialNumber(ASN1OctetString.getInstance(o).getOctets()); if (!objs.hasMoreElements()) return ret; o = objs.nextElement(); if (o instanceof DERUTF8String) { ret.setManufacturerID(DERUTF8String.getInstance(o).getString()); if (!objs.hasMoreElements()) return ret; o = objs.nextElement(); } if (o instanceof ASN1TaggedObject && ((ASN1TaggedObject) o).getTagNo() == 0) { ret.setLabel(DERUTF8String.getInstance(((ASN1TaggedObject) o).getObject()).getString()); if (!objs.hasMoreElements()) return ret; o = objs.nextElement(); } if (!(o instanceof DERBitString)) throw new IllegalArgumentException("Missing tokenFlags member in TokenInfo SEQUENCE."); ret.setTokenflags(TokenFlags.getInstance(o)); if (!objs.hasMoreElements()) return ret; o = objs.nextElement(); if (o instanceof ASN1Sequence) { ASN1Sequence seseq = ASN1Sequence.getInstance(o); Enumeration<Object> seobjs = seseq.getObjects(); while (seobjs.hasMoreElements()) { ret.addSeInfo(SecurityEnvironmentInfo.getInstance(seobjs.nextElement())); } if (!objs.hasMoreElements()) return ret; o = objs.nextElement(); } if (o instanceof ASN1TaggedObject && ((ASN1TaggedObject) o).getTagNo() == 1) { ret.setRecordInfo(RecordInfo.getInstance(((ASN1TaggedObject) o).getObject())); if (!objs.hasMoreElements()) return ret; o = objs.nextElement(); } if (o instanceof ASN1TaggedObject && ((ASN1TaggedObject) o).getTagNo() == 2) { ASN1Sequence aiseq = ASN1Sequence.getInstance(((ASN1TaggedObject) o).getObject()); Enumeration<Object> aiobjs = aiseq.getObjects(); while (aiobjs.hasMoreElements()) { ret.addSupportedAlgorithm(AlgorithmInfo.getInstance(aiobjs.nextElement())); } if (!objs.hasMoreElements()) return ret; o = objs.nextElement(); } if (o instanceof ASN1TaggedObject && ((ASN1TaggedObject) o).getTagNo() == 3) { ret.setIssuerId(DERUTF8String.getInstance(((ASN1TaggedObject) o).getObject()).getString()); if (!objs.hasMoreElements()) return ret; o = objs.nextElement(); } if (o instanceof ASN1TaggedObject && ((ASN1TaggedObject) o).getTagNo() == 4) { ret.setHolderId(DERUTF8String.getInstance(((ASN1TaggedObject) o).getObject()).getString()); if (!objs.hasMoreElements()) return ret; o = objs.nextElement(); } if (o instanceof ASN1TaggedObject && ((ASN1TaggedObject) o).getTagNo() == 5) { ret.setLastUpdate(GeneralizedTimeHolderImpl.getInstance(((ASN1TaggedObject) o).getObject())); if (!objs.hasMoreElements()) return ret; o = objs.nextElement(); } ret.setPreferredLanguage(DERPrintableString.getInstance(o).getString()); return ret; } throw new IllegalArgumentException("AccessControlRule must be encoded as an ASN.1 SEQUENCE."); }