List of usage examples for org.bouncycastle.jce X509Principal equals
public boolean equals(Object obj)
From source file:com.itextpdf.text.pdf.PdfPKCS7.java
License:Open Source License
/** * Verifies a signature using the sub-filter adbe.pkcs7.detached or * adbe.pkcs7.sha1./* w ww . j a v a 2 s. co m*/ * @param contentsKey the /Contents key * @param provider the provider or <code>null</code> for the default provider */ @SuppressWarnings("unchecked") public PdfPKCS7(byte[] contentsKey, String provider) { try { this.provider = provider; ASN1InputStream din = new ASN1InputStream(new ByteArrayInputStream(contentsKey)); // // Basic checks to make sure it's a PKCS#7 SignedData Object // DERObject pkcs; try { pkcs = din.readObject(); } catch (IOException e) { throw new IllegalArgumentException( MessageLocalization.getComposedMessage("can.t.decode.pkcs7signeddata.object")); } if (!(pkcs instanceof ASN1Sequence)) { throw new IllegalArgumentException( MessageLocalization.getComposedMessage("not.a.valid.pkcs.7.object.not.a.sequence")); } ASN1Sequence signedData = (ASN1Sequence) pkcs; DERObjectIdentifier objId = (DERObjectIdentifier) signedData.getObjectAt(0); if (!objId.getId().equals(ID_PKCS7_SIGNED_DATA)) throw new IllegalArgumentException( MessageLocalization.getComposedMessage("not.a.valid.pkcs.7.object.not.signed.data")); ASN1Sequence content = (ASN1Sequence) ((DERTaggedObject) signedData.getObjectAt(1)).getObject(); // the positions that we care are: // 0 - version // 1 - digestAlgorithms // 2 - possible ID_PKCS7_DATA // (the certificates and crls are taken out by other means) // last - signerInfos // the version version = ((DERInteger) content.getObjectAt(0)).getValue().intValue(); // the digestAlgorithms digestalgos = new HashSet<String>(); Enumeration<ASN1Sequence> e = ((ASN1Set) content.getObjectAt(1)).getObjects(); while (e.hasMoreElements()) { ASN1Sequence s = e.nextElement(); DERObjectIdentifier o = (DERObjectIdentifier) s.getObjectAt(0); digestalgos.add(o.getId()); } // the certificates X509CertParser cr = new X509CertParser(); cr.engineInit(new ByteArrayInputStream(contentsKey)); certs = cr.engineReadAll(); // the possible ID_PKCS7_DATA ASN1Sequence rsaData = (ASN1Sequence) content.getObjectAt(2); if (rsaData.size() > 1) { DEROctetString rsaDataContent = (DEROctetString) ((DERTaggedObject) rsaData.getObjectAt(1)) .getObject(); RSAdata = rsaDataContent.getOctets(); } // the signerInfos int next = 3; while (content.getObjectAt(next) instanceof DERTaggedObject) ++next; ASN1Set signerInfos = (ASN1Set) content.getObjectAt(next); if (signerInfos.size() != 1) throw new IllegalArgumentException(MessageLocalization.getComposedMessage( "this.pkcs.7.object.has.multiple.signerinfos.only.one.is.supported.at.this.time")); ASN1Sequence signerInfo = (ASN1Sequence) signerInfos.getObjectAt(0); // the positions that we care are // 0 - version // 1 - the signing certificate issuer and serial number // 2 - the digest algorithm // 3 or 4 - digestEncryptionAlgorithm // 4 or 5 - encryptedDigest signerversion = ((DERInteger) signerInfo.getObjectAt(0)).getValue().intValue(); // Get the signing certificate ASN1Sequence issuerAndSerialNumber = (ASN1Sequence) signerInfo.getObjectAt(1); X509Principal issuer = new X509Principal( issuerAndSerialNumber.getObjectAt(0).getDERObject().getEncoded()); BigInteger serialNumber = ((DERInteger) issuerAndSerialNumber.getObjectAt(1)).getValue(); for (Object element : certs) { X509Certificate cert = (X509Certificate) element; if (issuer.equals(cert.getIssuerDN()) && serialNumber.equals(cert.getSerialNumber())) { signCert = cert; break; } } if (signCert == null) { throw new IllegalArgumentException( MessageLocalization.getComposedMessage("can.t.find.signing.certificate.with.serial.1", issuer.getName() + " / " + serialNumber.toString(16))); } signCertificateChain(); digestAlgorithm = ((DERObjectIdentifier) ((ASN1Sequence) signerInfo.getObjectAt(2)).getObjectAt(0)) .getId(); next = 3; if (signerInfo.getObjectAt(next) instanceof ASN1TaggedObject) { ASN1TaggedObject tagsig = (ASN1TaggedObject) signerInfo.getObjectAt(next); ASN1Set sseq = ASN1Set.getInstance(tagsig, false); sigAttr = sseq.getEncoded(ASN1Encodable.DER); for (int k = 0; k < sseq.size(); ++k) { ASN1Sequence seq2 = (ASN1Sequence) sseq.getObjectAt(k); if (((DERObjectIdentifier) seq2.getObjectAt(0)).getId().equals(ID_MESSAGE_DIGEST)) { ASN1Set set = (ASN1Set) seq2.getObjectAt(1); digestAttr = ((DEROctetString) set.getObjectAt(0)).getOctets(); } else if (((DERObjectIdentifier) seq2.getObjectAt(0)).getId().equals(ID_ADBE_REVOCATION)) { ASN1Set setout = (ASN1Set) seq2.getObjectAt(1); ASN1Sequence seqout = (ASN1Sequence) setout.getObjectAt(0); for (int j = 0; j < seqout.size(); ++j) { ASN1TaggedObject tg = (ASN1TaggedObject) seqout.getObjectAt(j); if (tg.getTagNo() == 0) { ASN1Sequence seqin = (ASN1Sequence) tg.getObject(); findCRL(seqin); } if (tg.getTagNo() == 1) { ASN1Sequence seqin = (ASN1Sequence) tg.getObject(); findOcsp(seqin); } } } } if (digestAttr == null) throw new IllegalArgumentException(MessageLocalization .getComposedMessage("authenticated.attribute.is.missing.the.digest")); ++next; } digestEncryptionAlgorithm = ((DERObjectIdentifier) ((ASN1Sequence) signerInfo.getObjectAt(next++)) .getObjectAt(0)).getId(); digest = ((DEROctetString) signerInfo.getObjectAt(next++)).getOctets(); if (next < signerInfo.size() && signerInfo.getObjectAt(next) instanceof DERTaggedObject) { DERTaggedObject taggedObject = (DERTaggedObject) signerInfo.getObjectAt(next); ASN1Set unat = ASN1Set.getInstance(taggedObject, false); AttributeTable attble = new AttributeTable(unat); Attribute ts = attble.get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken); if (ts != null && ts.getAttrValues().size() > 0) { ASN1Set attributeValues = ts.getAttrValues(); ASN1Sequence tokenSequence = ASN1Sequence.getInstance(attributeValues.getObjectAt(0)); ContentInfo contentInfo = new ContentInfo(tokenSequence); this.timeStampToken = new TimeStampToken(contentInfo); } } if (RSAdata != null || digestAttr != null) { if (provider == null || provider.startsWith("SunPKCS11")) messageDigest = MessageDigest.getInstance(getHashAlgorithm()); else messageDigest = MessageDigest.getInstance(getHashAlgorithm(), provider); } if (provider == null) sig = Signature.getInstance(getDigestAlgorithm()); else sig = Signature.getInstance(getDigestAlgorithm(), provider); sig.initVerify(signCert.getPublicKey()); } catch (Exception e) { throw new ExceptionConverter(e); } }
From source file:me.it_result.ca.scep.ScepServlet.java
License:Open Source License
@Override protected List<X509Certificate> doGetCertInitial(X509Name issuer, X509Name subject) throws OperationFailureException { try {/*from w w w . j a v a2 s .c o m*/ X509Principal issuerPrincipal = new X509Principal(issuer); X509Principal subjectPrincipal = new X509Principal(subject); for (X509Certificate signedCert : ca().listCertificates()) { X509Principal actualIssuer = new X509Principal(signedCert.getIssuerX500Principal().getName()); X509Principal actualSubject = new X509Principal(signedCert.getSubjectX500Principal().getName()); if (issuerPrincipal.equals(actualIssuer) && subjectPrincipal.equals(actualSubject)) return Collections.singletonList(signedCert); } return null; } catch (Exception e) { throw new RuntimeException(e); } }
From source file:org.glite.slcs.caclient.impl.SimplePKIResponse.java
License:Apache License
public Certificate getCertificate(Principal principal) throws SLCSException { // find the certificate and the chain based on the subject LOG.debug("Looking for: " + principal.getName()); X509Certificate cert = null;//from w w w . j a va 2 s . co m Vector<X509Certificate> certChain = new Vector<X509Certificate>(); Iterator<X509Certificate> iter = x509Certificates_.iterator(); while (iter.hasNext()) { X509Certificate x509 = iter.next(); X509Principal x509Principal; try { x509Principal = PrincipalUtil.getSubjectX509Principal(x509); } catch (CertificateEncodingException e) { LOG.error("Failed to extract X509 subject from certificate", e); throw new CMCException("Failed to extract X509 subject from certificate", e); } if (LOG.isDebugEnabled()) { LOG.debug("X509 cert: " + x509Principal.getName()); } // first try object match if (x509Principal.equals(principal)) { cert = x509; if (LOG.isDebugEnabled()) { LOG.debug("X509 cert matches (object): " + principal.getName()); } } else { // then try X500Principal match (RFC 2253) X500Principal principalX500 = new X500Principal(principal.getName()); X500Principal x509PrincipalX500 = new X500Principal(x509Principal.getName()); if (principalX500.getName().equals(x509PrincipalX500.getName())) { cert = x509; if (LOG.isDebugEnabled()) { LOG.debug("X509 cert matches (X500): " + x509PrincipalX500.getName()); } } // otherwise its a chain element else { // cert is a chain part certChain.add(x509); if (LOG.isDebugEnabled()) { LOG.debug("X509 cert is a chain element: " + x509Principal.getName()); } } } } // check not null and chain size!!! if (cert == null) { LOG.error("Not matching X509 certificate found: " + principal); throw new CMCException("Not matching X509 certificate found: " + principal); } int size = certChain.size(); if (size < 1) { LOG.warn("X509 certificate chain is empty"); } X509Certificate[] chain = new X509Certificate[size]; for (int i = 0; i < chain.length; i++) { chain[i] = (X509Certificate) certChain.get(i); } // create and return a new Certificate Certificate certificate = null; try { certificate = new Certificate(cert, chain); } catch (GeneralSecurityException e) { LOG.error("Failed to create the certificate", e); throw new CMCException("Failed to create the certificate", e); } return certificate; }