/** * Dump out the object as a string. * * @param obj the object to be dumped * @param verbose if true, dump out the contents of octet and bit strings. * @return the resulting string. */ public static String dumpAsString( Object obj, boolean verbose) { StringBuffer buf = new StringBuffer(); if (obj instanceof DERObject) { _dumpAsString("", verbose, (DERObject)obj, buf); } else if (obj instanceof DEREncodable) { _dumpAsString("", verbose, ((DEREncodable)obj).getDERObject(), buf); } else { return "unknown object type " + obj.toString(); } return buf.toString(); }
static AlgorithmIdentifier getSigAlgID( DERObjectIdentifier sigOid, String algorithmName) { if (noParams.contains(sigOid)) { return new AlgorithmIdentifier(sigOid); } algorithmName = Strings.toUpperCase(algorithmName); if (params.containsKey(algorithmName)) { return new AlgorithmIdentifier(sigOid, (DEREncodable)params.get(algorithmName)); } else { return new AlgorithmIdentifier(sigOid, new DERNull()); } }
/** * Add an extension with the given oid and the passed in value to be included * in the OCTET STRING associated with the extension. * * @param oid OID for the extension. * @param critical true if critical, false otherwise. * @param value the ASN.1 object to be included in the extension. */ public void addExtension( DERObjectIdentifier oid, boolean critical, DEREncodable value) { ByteArrayOutputStream bOut = new ByteArrayOutputStream(); DEROutputStream dOut = new DEROutputStream(bOut); try { dOut.writeObject(value); } catch (IOException e) { throw new IllegalArgumentException("error encoding value: " + e); } this.addExtension(oid, critical, bOut.toByteArray()); }
/** * add a given extension field for the standard extensions tag (tag 0) */ public void addExtension( DERObjectIdentifier OID, boolean critical, DEREncodable value) { if (extensions == null) { extensions = new Hashtable(); extOrdering = new Vector(); } ByteArrayOutputStream bOut = new ByteArrayOutputStream(); DEROutputStream dOut = new DEROutputStream(bOut); try { dOut.writeObject(value); } catch (IOException e) { throw new IllegalArgumentException("error encoding value: " + e); } this.addExtension(OID, critical, bOut.toByteArray()); }
private ASN1Object getObjectInTag(int tagNo) { Enumeration e = seq.getObjects(); while (e.hasMoreElements()) { DEREncodable obj = (DEREncodable)e.nextElement(); if (obj instanceof ASN1TaggedObject) { ASN1TaggedObject tag = (ASN1TaggedObject)obj; if (tag.getTagNo() == tagNo) { return (ASN1Object)((DEREncodable)tag.getObject()).getDERObject(); } } } return null; }
/** * Gets the role authority as a <code>String[]</code> object. * @return the role authority of this RoleSyntax represented as a * <code>String[]</code> array. */ public String[] getRoleAuthorityAsString() { if(roleAuthority == null) { return new String[0]; } GeneralName[] names = roleAuthority.getNames(); String[] namesString = new String[names.length]; for(int i = 0; i < names.length; i++) { DEREncodable value = names[i].getName(); if(value instanceof DERString) { namesString[i] = ((DERString)value).getString(); } else { namesString[i] = value.toString(); } } return namesString; }
/** * Creates a new instance from an ASN.1 SET of SEQUENCE representing the * AttributeTypeAndValue type of section 2 of RFC 2253. * * @param set * Set from which to create new RDN instance. * * @return New RDN from encoded data. */ public static RelativeDistinguishedName fromASN1Set(final ASN1Set set) { final List<AttributeTypeAndValue> values = new ArrayList<AttributeTypeAndValue>(); for (int i = 0; i < set.size(); i++) { final DEREncodable value = set.getObjectAt(i); if (!(value instanceof ASN1Sequence)) { throw new IllegalArgumentException( "Value must be ASN.1 sequence."); } final ASN1Sequence seq = (ASN1Sequence) value; if (seq.size() != 2) { throw new IllegalArgumentException("Illegal sequence size " + seq.size()); } if (!(seq.getObjectAt(0) instanceof DERObjectIdentifier)) { throw new IllegalArgumentException( "First sequence item must be OID."); } values.add(new AttributeTypeAndValue(seq.getObjectAt(0).toString(), seq.getObjectAt(1).toString())); } return new RelativeDistinguishedName(values); }
/** * Creates a {@link PolicyInformationList} object from DER data. * * @param enc * DER encoded policy information data; must be <code> * ASN1Sequence</code>. * * @return Certificate policy information listing. */ public static PolicyInformationList createPolicyInformationList( final DEREncodable enc) { if (!(enc instanceof ASN1Sequence)) { throw new IllegalArgumentException("Expected ASN1Sequence but got " + enc); } final ASN1Sequence seq = (ASN1Sequence) enc; final List<PolicyInformation> policies = new ArrayList<PolicyInformation>( seq.size()); for (int i = 0; i < seq.size(); i++) { policies.add(createPolicyInformation(seq.getObjectAt(i))); } return new PolicyInformationList( policies.toArray(new PolicyInformation[policies.size()])); }
/** * Creates a {@link PolicyInformation} object from DER data. * * @param enc * DER encoded policy information data. * * @return Certificate policy information object. */ public static PolicyInformation createPolicyInformation( final DEREncodable enc) { final org.bouncycastle.asn1.x509.PolicyInformation info = org.bouncycastle.asn1.x509.PolicyInformation .getInstance(enc); final ASN1Sequence encodedQualifiers = info.getPolicyQualifiers(); if (encodedQualifiers != null) { final int size = encodedQualifiers.size(); final List<PolicyQualifierInfo> qualifiers = new ArrayList<PolicyQualifierInfo>( size); for (int i = 0; i < size; i++) { final DEREncodable item = encodedQualifiers.getObjectAt(i); qualifiers.add(createPolicyQualifierInfo(item)); } return new PolicyInformation(info.getPolicyIdentifier().toString(), qualifiers.toArray(new PolicyQualifierInfo[size])); } else { return new PolicyInformation(info.getPolicyIdentifier().toString()); } }
/** * Creates a {@link AuthorityKeyIdentifier} object from DER data. * * @param enc * DER encoded authority key identifier data. * * @return Authority key identifier. */ public static AuthorityKeyIdentifier createAuthorityKeyIdentifier( final DEREncodable enc) { final org.bouncycastle.asn1.x509.AuthorityKeyIdentifier aki = org.bouncycastle.asn1.x509.AuthorityKeyIdentifier .getInstance(enc); KeyIdentifier keyIdentifier = null; if (aki.getKeyIdentifier() != null) { keyIdentifier = new KeyIdentifier(aki.getKeyIdentifier()); } GeneralNameList issuerNames = null; if (aki.getAuthorityCertIssuer() != null) { issuerNames = createGeneralNameList(aki.getAuthorityCertIssuer()); } Integer issuerSerial = null; if (aki.getAuthorityCertSerialNumber() != null) { issuerSerial = aki.getAuthorityCertSerialNumber().intValue(); } return new AuthorityKeyIdentifier(keyIdentifier, issuerNames, issuerSerial); }
/** {@inheritDoc} */ protected PublicKey decode(final byte[] encoded) throws CryptException { try { final ASN1Sequence seq = (ASN1Sequence) ASN1Object .fromByteArray(encoded); final ASN1Sequence innerSeq = (ASN1Sequence) seq.getObjectAt(0); final DEREncodable algId = innerSeq.getObjectAt(0); final String algorithm; if (RSA_ID.equals(algId)) { algorithm = "RSA"; } else if (EC_ID.equals(algId)) { algorithm = "EC"; } else if (DSA_ID.equals(algId)) { algorithm = "DSA"; } else { throw new CryptException("Unsupported public key algorithm ID " + algId); } return CryptProvider.getKeyFactory(algorithm).generatePublic( new X509EncodedKeySpec(encoded)); } catch (Exception e) { throw new CryptException("Invalid public key.", e); } }
/** * Creates a <code>BasicConstraints</code> object from given * extension. * * @param ext the extension. * @return the <code>BasicConstraints</code> object. * @exception IOException if something fails. */ public static BasicConstraints getBasicConstraints(X509Extension ext) throws IOException { DERObject obj = BouncyCastleUtil.getExtensionObject(ext); if (obj instanceof ASN1Sequence) { ASN1Sequence seq = (ASN1Sequence)obj; int size = seq.size(); if (size == 0) { return new BasicConstraints(false); } else if (size == 1) { DEREncodable value = seq.getObjectAt(0); if (value instanceof DERInteger) { int length = ((DERInteger)value).getValue().intValue(); return new BasicConstraints(false, length); } else if (value instanceof DERBoolean) { boolean ca = ((DERBoolean)value).isTrue(); return new BasicConstraints(ca); } } } return BasicConstraints.getInstance(obj); }
public void setBagAttribute( DERObjectIdentifier oid, DEREncodable attribute) { if (pkcs12Attributes.containsKey(oid)) { // preserve original ordering pkcs12Attributes.put(oid, attribute); } else { pkcs12Attributes.put(oid, attribute); pkcs12Ordering.addElement(oid); } }
public ContentInfo( DERObjectIdentifier contentType, DEREncodable content) { this.contentType = contentType; this.content = content; }
/** * dump out a DER object as a formatted string * * @param obj the DERObject to be dumped out. */ public static String dumpAsString( DEREncodable obj) { StringBuffer buf = new StringBuffer(); _dumpAsString("", false, obj.getDERObject(), buf); return buf.toString(); }
public static List<byte[]> extractCertList(byte[] sign) throws Exception { List<byte[]> ret = null; ASN1InputStream is = new ASN1InputStream(new ByteArrayInputStream(sign)); DERObject topLevel = is.readObject(); LOG.debug("top level:" + topLevel.getClass().getName()); if (topLevel instanceof org.bouncycastle.asn1.ASN1Sequence) { ASN1Sequence topLevelDLS = (ASN1Sequence) topLevel; if (topLevelDLS.size() == 2) { DEREncodable level1 = topLevelDLS.getObjectAt(1); LOG.debug("level1:" + level1.getClass().getName()); if (level1 instanceof org.bouncycastle.asn1.DERTaggedObject) { DERTaggedObject level1TO = (DERTaggedObject) level1; DERObject level2 = level1TO.getObject(); LOG.debug("level2:" + level2.getClass().getName()); if (level2 instanceof org.bouncycastle.asn1.DERSequence) { DERSequence level2DS = (DERSequence) level2; LOG.debug("level2 len:" + level2DS.size()); ret = extractCertArray(level2DS); } else { LOG.error("DER enconding error"); throw new Exception("DER enconding error"); } } else { LOG.error("DER enconding error"); throw new Exception("DER enconding error"); } } else { LOG.error("DER enconding error"); throw new Exception("DER enconding error"); } } else { LOG.error("DER enconding error"); throw new Exception("DER enconding error"); } return ret; }
public static DERTaggedObject extractSignedAttributes(DERSequence level2DS) throws Exception { DERTaggedObject ret = null; DEREncodable level3_4 = level2DS.getObjectAt(level2DS.size() - 1); LOG.debug("level3_4:" + level3_4.getClass().getName()); if (level3_4 instanceof org.bouncycastle.asn1.DERSet) { DERSet level3_4DS = (DERSet) level3_4; DEREncodable level3_4_0 = level3_4DS.getObjectAt(0); LOG.debug("level3_4_0:" + level3_4_0.getClass().getName()); if (level3_4_0 instanceof org.bouncycastle.asn1.DERSequence) { DERSequence level3_4_0DS = (DERSequence) level3_4_0; LOG.debug("level3_4_0DS len:" + level3_4_0DS.size()); DEREncodable signedAttribs = level3_4_0DS.getObjectAt(3); LOG.debug("signature:" + signedAttribs.getClass().getName()); if (signedAttribs instanceof org.bouncycastle.asn1.DERTaggedObject) { DERTaggedObject signedAttribsDTO = (DERTaggedObject) signedAttribs; ret = signedAttribsDTO; // trata busca da Policy OID } else if (signedAttribs instanceof org.bouncycastle.asn1.DERSequence) { ret = null; } else { LOG.error("DER enconding error"); throw new Exception("DER enconding error"); } } else { LOG.error("DER enconding error"); throw new Exception("DER enconding error"); } } else { LOG.error("DER enconding error"); throw new Exception("DER enconding error"); } return ret; }
public static byte[] getAKI(byte[] extensionValue, int index) { byte[] ret = null; try { if (extensionValue == null) { return null; } ASN1InputStream oAsnInStream = new ASN1InputStream( new ByteArrayInputStream(extensionValue)); DERObject derObjCP = oAsnInStream.readObject(); DEROctetString dosCP = (DEROctetString) derObjCP; byte[] cpOctets = dosCP.getOctets(); ASN1InputStream oAsnInStream2 = new ASN1InputStream( new ByteArrayInputStream(cpOctets)); DERObject derObj2 = oAsnInStream2.readObject(); // derObj2 = oAsnInStream2.readObject(); ASN1Sequence derSeq = (ASN1Sequence) derObj2; int seqLen = derSeq.size(); // for(int i = 0; i < seqLen; i++){ DEREncodable derObj3 = derSeq.getObjectAt(0); DERTaggedObject derTO = (DERTaggedObject) derObj3; int tag = derTO.getTagNo(); boolean empty = derTO.isEmpty(); DERObject derObj4 = derTO.getObject(); DEROctetString ocStr4 = (DEROctetString) derObj4; ret = ocStr4.getOctets(); } catch (Exception e) { LOG.error("Error extracting AKI", e); } return ret; }
private Map<DERObjectIdentifier, DEREncodable> createExtensions(PublicKey caPub, PublicKey userPub) throws IOException { Map<DERObjectIdentifier, DEREncodable> ext = new HashMap<DERObjectIdentifier, DEREncodable>(); // not a CA ext.put(X509Extensions.BasicConstraints, new BasicConstraints(false)); // obvious ext.put(X509Extensions.KeyUsage, new KeyUsage(KeyUsage.dataEncipherment | KeyUsage.digitalSignature)); ext.put(X509Extensions.SubjectKeyIdentifier, getSubjectKeyInfo(userPub)); ext.put(X509Extensions.AuthorityKeyIdentifier, getAuthorityKeyIdentifier(caPub)); return ext; }
/** * add a given extension field for the standard extensions tag (tag 3) */ public void addExtension( String OID, boolean critical, DEREncodable value) { this.addExtension(new DERObjectIdentifier(OID), critical, value); }
public void setBagAttribute( DERObjectIdentifier oid, DEREncodable attribute) { pkcs12Attributes.put(oid, attribute); pkcs12Ordering.addElement(oid); }
public DistributionPointName( int type, DEREncodable name) { this.type = type; this.name = name; }
public AlgorithmIdentifier( DERObjectIdentifier objectId, DEREncodable parameters) { parametersDefined = true; this.objectId = objectId; this.parameters = parameters; }
/** * Creates a new <code>PolicyQualifierInfo</code> instance. * * @param policyQualifierId a <code>PolicyQualifierId</code> value * @param qualifier the qualifier, defined by the above field. */ public PolicyQualifierInfo( DERObjectIdentifier policyQualifierId, DEREncodable qualifier) { this.policyQualifierId = policyQualifierId; this.qualifier = qualifier; }
public SubjectPublicKeyInfo( AlgorithmIdentifier algId, DEREncodable publicKey) { this.keyData = new DERBitString(publicKey); this.algId = algId; }
/** * Constructor from ASN1Sequence * * the principal will be a list of constructed sets, each containing an (OID, String) pair. */ public X509Name( ASN1Sequence seq) { this.seq = seq; Enumeration e = seq.getObjects(); while (e.hasMoreElements()) { ASN1Set set = ASN1Set.getInstance(e.nextElement()); for (int i = 0; i < set.size(); i++) { ASN1Sequence s = ASN1Sequence.getInstance(set.getObjectAt(i)); if (s.size() != 2) { throw new IllegalArgumentException("badly sized pair"); } ordering.addElement(DERObjectIdentifier.getInstance(s.getObjectAt(0))); DEREncodable value = s.getObjectAt(1); if (value instanceof DERString) { values.addElement(((DERString)value).getString()); } else { values.addElement("#" + bytesToString(Hex.encode(value.getDERObject().getDEREncoded()))); } added.addElement((i != 0) ? TRUE : FALSE); // to allow earlier JDK compatibility } } }
/** {@inheritDoc} */ public RelativeDistinguishedName next() { if (!hasNext()) { throw new NoSuchElementException("Reached end of iterator."); } final DEREncodable enc = sequence.getObjectAt(position--); if (!(enc instanceof ASN1Set)) { throw new IllegalStateException("Next item is not an ASN.1 set."); } return RelativeDistinguishedName.fromASN1Set((ASN1Set) enc); }
/** * Reads the extension field of the given type from the certificate as an * ASN.1 encodable object. * * @param type * Extension type. * * @return DER encoded object containing data for the given extension type * or null if there is no such extension defined on the certificate. * * @throws CryptException * On errors reading encoded certificate extension field data. */ private DEREncodable readObject(final ExtensionType type) throws CryptException { final byte[] data = certificate.getExtensionValue(type.getOid()); if (data == null) { return null; } try { return DERHelper.toDERObject(data, true); } catch (IOException e) { throw new CryptException("Error reading certificate extension " + type, e); } }
/** * Creates a {@link GeneralNameList} object from DER data. * * @param enc * DER encoded general names data. * * @return Collection of general names. */ public static GeneralNameList createGeneralNameList(final DEREncodable enc) { final List<GeneralName> nameList = new ArrayList<GeneralName>(); for (org.bouncycastle.asn1.x509.GeneralName name : org.bouncycastle.asn1.x509.GeneralNames .getInstance(enc).getNames()) { nameList.add(createGeneralName(name)); } return new GeneralNameList(nameList); }
/** * Creates a {@link BasicConstraints} object from DER data. * * @param enc * DER encoded basic constraints data. * * @return Basic constraints. */ public static BasicConstraints createBasicConstraints(final DEREncodable enc) { final org.bouncycastle.asn1.x509.BasicConstraints constraints = org.bouncycastle.asn1.x509.BasicConstraints .getInstance(enc); if (constraints.getPathLenConstraint() != null) { return new BasicConstraints(constraints.isCA(), constraints .getPathLenConstraint().intValue()); } else { return new BasicConstraints(constraints.isCA()); } }
/** * Creates a {@link PolicyQualifierInfo} object from DER data. * * @param enc * DER encoded policy information data. * * @return Certificate policy qualifier. */ public static PolicyQualifierInfo createPolicyQualifierInfo( final DEREncodable enc) { final org.bouncycastle.asn1.x509.PolicyQualifierInfo policyQualifier = org.bouncycastle.asn1.x509.PolicyQualifierInfo .getInstance(enc); final DEREncodable qualifier = policyQualifier.getQualifier(); if (qualifier instanceof DERIA5String) { return new PolicyQualifierInfo(qualifier.toString()); } else { return new PolicyQualifierInfo(createUserNotice(qualifier)); } }
/** * Creates a {@link UserNotice} object from DER data. * * @param enc * DER encoded user notice; must be <code>ASN1Sequence</code>. * * @return User notice. */ public static UserNotice createUserNotice(final DEREncodable enc) { if (!(enc instanceof ASN1Sequence)) { throw new IllegalArgumentException("Expected ASN1Sequence but got " + enc); } final ASN1Sequence seq = (ASN1Sequence) enc; UserNotice result; if (seq.size() == 0) { // Bouncy Castle will throw an exception if sequence size is 0 // which is reasonable, since an empty user notice is nonsense. // However this is not strictly conformant to RFC 2459 section // 4.2.1.5 // where both UserNotice fields are optional, which would allow // for an empty notice. // We allow an empty UserNotice to be more strictly conformant. result = new UserNotice(); } else { final org.bouncycastle.asn1.x509.UserNotice notice = new org.bouncycastle.asn1.x509.UserNotice( seq); if (notice.getExplicitText() != null) { if (notice.getNoticeRef() != null) { result = new UserNotice( createNoticeReference(notice.getNoticeRef()), notice.getExplicitText().getString()); } else { result = new UserNotice(notice.getExplicitText() .getString()); } } else { // UserNotice must contain NoticeReference since // there is no explicitText yet seq has non-zero size result = new UserNotice( createNoticeReference(notice.getNoticeRef())); } } return result; }
