Examples of DERObject

• jcifs.spnego.asn1.DERObject
• org.apache.geronimo.crypto.asn1.DERObject
• org.apache.geronimo.util.asn1.DERObject
• org.bouncycastle.asn1.DERObject
• org.bouncycastle2.asn1.DERObject

Examples of org.bouncycastle.asn1.DERObject

        }
        value = CertTools.getPartFromDN(dirAttr, "placeOfBirth");
        if (!StringUtils.isEmpty(value)) {
          ASN1EncodableVector vec = new ASN1EncodableVector();
          X509DefaultEntryConverter conv = new X509DefaultEntryConverter();
          DERObject obj = conv.getConvertedValue(new DERObjectIdentifier(id_pda_placeOfBirth), value);
          vec.add(obj);
          attr = new Attribute(new DERObjectIdentifier(id_pda_placeOfBirth),new DERSet(vec));
          ret.add(attr);
        }
        // dateOfBirth that is a GeneralizedTime

Examples of org.bouncycastle.asn1.DERObject

  public static String getSeisCardNumber(Certificate certificate) throws Exception {
    log.debug("Search for CardNumber");
        String ret = null;
        if (certificate instanceof X509Certificate) {
      X509Certificate x509cert = (X509Certificate) certificate;
          DERObject obj = CertTools.getExtensionValue(x509cert, SeisCardNumber.OID_CARDNUMBER);
          if (obj == null) {
              return null;
          }
          DERPrintableString number = (DERPrintableString)obj;
          ret = number.getString();

Examples of org.bouncycastle.asn1.DERObject

            DERObjectIdentifier id = DERObjectIdentifier.getInstance(seq.getObjectAt(0));
            if (id.getId().equals(CertTools.KRB5PRINCIPAL_OBJECTID)) {
              // Get the KRB5PrincipalName sequence
                ASN1TaggedObject oobj = (ASN1TaggedObject) seq.getObjectAt(1);
                // After encoding in a cert, it is tagged an extra time...
                DERObject obj = oobj.getObject();
                if (obj instanceof ASN1TaggedObject) {
                  obj = ASN1TaggedObject.getInstance(obj).getObject();
                }
                ASN1Sequence krb5Seq = ASN1Sequence.getInstance(obj);
                // Get the Realm tagged as 0

Examples of org.bouncycastle.asn1.DERObject

            return getAltnameSequence(altName);
        }
        return null;
    }
    private static ASN1Sequence getAltnameSequence(byte[] value) throws IOException {
        DERObject oct = (new ASN1InputStream(new ByteArrayInputStream(value)).readObject());
        ASN1Sequence seq = ASN1Sequence.getInstance(oct);
        return seq;
    }

Examples of org.bouncycastle.asn1.DERObject

    String altName = null;
    //GeneralNames
    ASN1OctetString octs = ext.getValue();
    if (octs != null) {
      ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(octs.getOctets()));
      DERObject obj;
      try {
        obj = aIn.readObject();
        GeneralNames gan = GeneralNames.getInstance(obj);
        GeneralName[] gns = gan.getNames();
        for (int i = 0; i < gns.length; i++) {

Examples of org.bouncycastle.asn1.DERObject

            while (iter.hasNext()) {
                ASN1EncodableVector v = new ASN1EncodableVector();
                v.add(new DERObjectIdentifier(CertTools.UPN_OBJECTID));
                v.add(new DERTaggedObject(true, 0, new DERUTF8String((String)iter.next())));
                //GeneralName gn = new GeneralName(new DERSequence(v), 0);
                DERObject gn = new DERTaggedObject(false, 0, new DERSequence(v));
                vec.add(gn);
            }
        }


        ArrayList<String> guid =  CertTools.getPartsFromDN(altName, CertTools.GUID);
        if (!guid.isEmpty()) {
            Iterator<String> iter = guid.iterator();
            while (iter.hasNext()) {
                ASN1EncodableVector v = new ASN1EncodableVector();
                byte[] guidbytes = Hex.decode((String)iter.next());
                if (guidbytes != null) {
                    v.add(new DERObjectIdentifier(CertTools.GUID_OBJECTID));
                    v.add(new DERTaggedObject(true, 0, new DEROctetString(guidbytes)));
                    DERObject gn = new DERTaggedObject(false, 0, new DERSequence(v));
                    vec.add(gn);
                } else {
                    log.error("Cannot decode hexadecimal guid: "+guid);
                }
            }
        }

        // Krb5PrincipalName is an OtherName, see method getKrb5Principal...for ASN.1 definition
        ArrayList<String> krb5principalname =  CertTools.getPartsFromDN(altName, CertTools.KRB5PRINCIPAL);
        if (!krb5principalname.isEmpty()) {
            Iterator<String> iter = krb5principalname.iterator();
            while (iter.hasNext()) {
              // Start by parsing the input string to separate it in different parts
                String principalString = (String)iter.next();
                if (log.isDebugEnabled()) {
                    log.debug("principalString: "+principalString);
                }
                // The realm is the last part moving back until an @
                int index = principalString.lastIndexOf('@');
                String realm = "";
                if (index > 0) {
                  realm = principalString.substring(index+1);
                }
                if (log.isDebugEnabled()) {
                    log.debug("realm: "+realm);
                }
                // Now we can have several principals separated by /
                ArrayList<String> principalarr = new ArrayList<String>();
                int jndex = 0;
              int bindex = 0;
                while (jndex < index) {
                  // Loop and add all strings separated by /
                    jndex = principalString.indexOf('/', bindex);
                  if (jndex == -1) {
                    jndex = index;
                  }
                  String s = principalString.substring(bindex, jndex);
                  if (log.isDebugEnabled()) {
                    log.debug("adding principal name: "+s);
                  }
                  principalarr.add(s);
                  bindex = jndex+1;
                }

                // Now we must construct the rather complex asn.1...
                ASN1EncodableVector v = new ASN1EncodableVector(); // this is the OtherName
                v.add(new DERObjectIdentifier(CertTools.KRB5PRINCIPAL_OBJECTID));

                // First the Krb5PrincipalName sequence
                ASN1EncodableVector krb5p = new ASN1EncodableVector();
                // The realm is the first tagged GeneralString
                krb5p.add(new DERTaggedObject(true, 0, new DERGeneralString(realm)));
                // Second is the sequence of principal names, which is at tagged position 1 in the krb5p
                ASN1EncodableVector principals = new ASN1EncodableVector();
                // According to rfc4210 the type NT-UNKNOWN is 0, and according to some other rfc this type should be used...
                principals.add(new DERTaggedObject(true, 0, new DERInteger(0)));
                // The names themselves are yet another sequence
                Iterator<String> i = principalarr.iterator();
                ASN1EncodableVector names = new ASN1EncodableVector();
                while (i.hasNext()) {
                    String principalName = (String)i.next();
                    names.add(new DERGeneralString(principalName));
                }
                principals.add(new DERTaggedObject(true, 1, new DERSequence(names)));
                krb5p.add(new DERTaggedObject(true, 1, new DERSequence(principals)));

                v.add(new DERTaggedObject(true, 0, new DERSequence(krb5p)));
                DERObject gn = new DERTaggedObject(false, 0, new DERSequence(v));
                vec.add(gn);
            }
        }

      // To support custom OIDs in altNames, they must be added as an OtherName of plain type UTF8String
        ArrayList<String> customoids =  CertTools.getCustomOids(altName);
        if (!customoids.isEmpty()) {
          Iterator<String> iter = customoids.iterator();
          while (iter.hasNext()) {
            String oid = (String)iter.next();
            ArrayList<String> oidval =  CertTools.getPartsFromDN(altName, oid);
            if (!oidval.isEmpty()) {
              Iterator<String> valiter = oidval.iterator();
              while (valiter.hasNext()) {
                ASN1EncodableVector v = new ASN1EncodableVector();
                v.add(new DERObjectIdentifier(oid));
                v.add(new DERTaggedObject(true, 0, new DERUTF8String((String)valiter.next())));
                DERObject gn = new DERTaggedObject(false, 0, new DERSequence(v));
                vec.add(gn);
              }
            }
          }
        }

Examples of org.bouncycastle.asn1.DERObject

    public static URL getCrlDistributionPoint(Certificate certificate)
      throws CertificateParsingException {
        if (certificate instanceof X509Certificate) {
      X509Certificate x509cert = (X509Certificate) certificate;
          try {
              DERObject obj = getExtensionValue(x509cert, X509Extensions
                                                .CRLDistributionPoints.getId());
              if (obj == null) {
                  return null;
              }
              ASN1Sequence distributionPoints = (ASN1Sequence) obj;

Examples of org.bouncycastle.asn1.DERObject

        throws CertificateParsingException {
      String ret = null;
      if (cert instanceof X509Certificate) {
        X509Certificate x509cert = (X509Certificate) cert;
        try {
          DERObject obj = getExtensionValue(x509cert, X509Extensions.AuthorityInfoAccess.getId());
          if (obj == null) {
            return null;
          }
          AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(obj);
          AccessDescription[] ad = aia.getAccessDescriptions();

Examples of org.bouncycastle.asn1.DERObject

    public void testNovosecRARequest() throws IOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, CertificateEncodingException, SignatureException, IllegalStateException {
      // Check that we can parse a request from  Novosec (patched by EJBCA).
      // Read an initialization request with RAVerifiedPOP and PBE protection to see that we can process it
      ASN1InputStream in = new ASN1InputStream(novosecrapopir);
      DERObject derObject = in.readObject();
      PKIMessage req = PKIMessage.getInstance(derObject);
      //log.info(req.toString());
      // Verify should be false if we do not allow RA verify POP here, since we don't have any normal POP
      CrmfRequestMessage msg = new CrmfRequestMessage(req, "CN=AdminCA1", false, "CN");
      assertFalse(msg.verify());

Examples of org.bouncycastle.asn1.DERObject

    public void testNovosecClientRequest() throws IOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, CertificateEncodingException, SignatureException, IllegalStateException {
      // Check that we can parse a request from  Novosec (patched by EJBCA).
      // Read an initialization request with a signature POP and signature protection to see that we can process it
      {
        ASN1InputStream in = new ASN1InputStream(novosecsigpopir);
        DERObject derObject = in.readObject();
        PKIMessage req = PKIMessage.getInstance(derObject);
        //log.info(req.toString());
        // Verify should be ok if we do not allow RA verify POP here
        CrmfRequestMessage msg = new CrmfRequestMessage(req, "CN=AdminCA1", false, "CN");
        assertTrue(msg.verify());
        // Since we don't have RA POP we can't test for that...
        assertEquals("CN=AdminCA1,O=EJBCA Sample,C=SE", msg.getIssuerDN());
        assertEquals("CN=abc123rry2942812801980668853,O=PrimeKey Solutions AB,C=SE", msg.getRequestDN());
        assertEquals("abc123rry2942812801980668853", msg.getUsername());
        assertEquals("foo123", msg.getPassword());
        // Verify signature protection
        AlgorithmIdentifier algId = msg.getMessage().getProtectedPart().getHeader().getProtectionAlg();
        String oid = algId.getObjectId().getId();
        assertEquals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), oid);
        // Check that this is an old message, created before ECA-2104, using null instead of DERNull as algorithm parameters.
        DEREncodable pp = algId.getParameters();
        assertNull(pp);
        // Try to verify, it should work good even though the small bug in ECA-2104, since we don't use algorithm parameters for RSA-PKCS signatures
        PublicKey pubKey = msg.getRequestPublicKey();
        assertTrue(CmpMessageHelper.verifyCertBasedPKIProtection(msg.getMessage(), pubKey));
        // Verify that our verification routine does not give positive result for any other keys
        KeyPair keys = KeyTools.genKeys("512", "RSA");
        assertFalse(CmpMessageHelper.verifyCertBasedPKIProtection(msg.getMessage(), keys.getPublic()));
      }
      // Re-protect the message, now fixed by ECA-2104
      {
        ASN1InputStream in = new ASN1InputStream(novosecsigpopir);
        DERObject derObject = in.readObject();
        PKIMessage myPKIMessage = PKIMessage.getInstance(derObject);
        KeyPair keys = KeyTools.genKeys("512", "RSA");
        X509Certificate signCert = CertTools.genSelfCert("CN=CMP Sign Test", 3650, null, keys.getPrivate(), keys.getPublic(), "SHA1WithRSA", false);
        // Re-sign the message
        byte[] newmsg = CmpMessageHelper.signPKIMessage(myPKIMessage, signCert, keys.getPrivate(), CMSSignedGenerator.DIGEST_SHA1, "BC");