Package jcifs.spnego.asn1

Examples of jcifs.spnego.asn1.DEREncodable

197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
        // Verify signature protection
        AlgorithmIdentifier algId = msg.getMessage().getProtectedPart().getHeader().getProtectionAlg();
        String oid = algId.getObjectId().getId();
        assertEquals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), oid);
        // Check that this is an old message, created before ECA-2104, using null instead of DERNull as algorithm parameters.
        DEREncodable pp = algId.getParameters();
        assertNull(pp);
        // Try to verify, it should work good even though the small bug in ECA-2104, since we don't use algorithm parameters for RSA-PKCS signatures
        PublicKey pubKey = msg.getRequestPublicKey();
        assertTrue(CmpMessageHelper.verifyCertBasedPKIProtection(msg.getMessage(), pubKey));
        // Verify that our verification routine does not give positive result for any other keys
        KeyPair keys = KeyTools.genKeys("512", "RSA");
        assertFalse(CmpMessageHelper.verifyCertBasedPKIProtection(msg.getMessage(), keys.getPublic()));
      }
      // Re-protect the message, now fixed by ECA-2104
      {
        ASN1InputStream in = new ASN1InputStream(novosecsigpopir);
        DERObject derObject = in.readObject();
        PKIMessage myPKIMessage = PKIMessage.getInstance(derObject);
        KeyPair keys = KeyTools.genKeys("512", "RSA");
        X509Certificate signCert = CertTools.genSelfCert("CN=CMP Sign Test", 3650, null, keys.getPrivate(), keys.getPublic(), "SHA1WithRSA", false);
        // Re-sign the message
        byte[] newmsg = CmpMessageHelper.signPKIMessage(myPKIMessage, signCert, keys.getPrivate(), CMSSignedGenerator.DIGEST_SHA1, "BC");
        in = new ASN1InputStream(newmsg);
        derObject = in.readObject();
        PKIMessage pkimsg = PKIMessage.getInstance(derObject);
        // We have to do this twice, because Novosec caches ProtectedBytes in the PKIMessage object, so we need to
        // encode it and re-decode it again to get the changes from ECA-2104 encoded correctly.
        // Not needed when simply signing a new message that you create, only when re-signing
        newmsg = CmpMessageHelper.signPKIMessage(pkimsg, signCert, keys.getPrivate(), CMSSignedGenerator.DIGEST_SHA1, "BC");
        in = new ASN1InputStream(newmsg);
        derObject = in.readObject();
        pkimsg = PKIMessage.getInstance(derObject);
        AlgorithmIdentifier algId = pkimsg.getProtectedPart().getHeader().getProtectionAlg();
        String oid = algId.getObjectId().getId();
        assertEquals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), oid);
        // Check that we have DERNull and not plain java null as algorithm parameters.
        DEREncodable pp = algId.getParameters();
        assertNotNull(pp);
        assertEquals(DERNull.class.getName(), pp.getClass().getName());
        // Try to verify, also verify at the same time that encoding decoding of the signature works
        assertTrue(CmpMessageHelper.verifyCertBasedPKIProtection(pkimsg, keys.getPublic()));
        // Verify that our verification routine does not give positive result for any other keys
        CrmfRequestMessage msg = new CrmfRequestMessage(pkimsg, "CN=AdminCA1", false, "CN");
        assertTrue(msg.verify());
View Full Code Here
291
292
293
294
295
296
297
298
299
300
301
      // Check signature protection
      AlgorithmIdentifier algId = msg.getMessage().getProtectedPart().getHeader().getProtectionAlg();
      String oid = algId.getObjectId().getId();
      assertEquals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), oid);
      // Check that we have DERNull and not plain java null as algorithm parameters.
      DEREncodable pp = algId.getParameters();
      assertNotNull(pp);
      assertEquals(DERNull.class.getName(), pp.getClass().getName());
      // Try to verify the protection signature
      assertTrue(CmpMessageHelper.verifyCertBasedPKIProtection(msg.getMessage(), msg.getRequestPublicKey()));
    }
View Full Code Here
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
    // Verify signature properties
    AlgorithmIdentifier algId = msg.getMessage().getProtectedPart().getHeader().getProtectionAlg();
    String oid = algId.getObjectId().getId();
    assertEquals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), oid);
    // Check that we have DERNull and not plain java null as algorithm parameters.
    DEREncodable pp = algId.getParameters();
    assertNotNull(pp);
    assertEquals(DERNull.class.getName(), pp.getClass().getName());
    // Try to verify message protection
    // Does not work for this Huawei message, is it signed by the same key as in the request at all?
    // We will wait for another huawei message to test
    //PublicKey pubKey = msg.getRequestPublicKey();
    //assertTrue(CmpMessageHelper.verifyCertBasedPKIProtection(msg.getMessage(), pubKey));

      // Read the CertConf (certificate confirmation) CMP message that the client sends to
    // the CA after receiving the certificate. RFC4210 section "5.3.18.  Certificate Confirmation Content".
      in = new ASN1InputStream(huaweicertconf);
    derObject = in.readObject();
    PKIMessage certconf = PKIMessage.getInstance(derObject);
    //log.info(certconf.toString());
    GeneralCmpMessage conf = new GeneralCmpMessage(certconf);
    // Verify signature properties
    algId = conf.getMessage().getProtectedPart().getHeader().getProtectionAlg();
    oid = algId.getObjectId().getId();
    assertEquals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), oid);
    // Check that we have DERNull and not plain java null as algorithm parameters.
    pp = algId.getParameters();
    assertNotNull(pp);
    assertEquals(DERNull.class.getName(), pp.getClass().getName());
    // Try to verify message protection
    // Does not work for this Huawei message, is it signed by the same key as in the request at all?
    // We will wait for another huawei message to test
    //PublicKey pubKey = msg.getRequestPublicKey();
    //assertTrue(CmpMessageHelper.verifyCertBasedPKIProtection(msg.getMessage(), pubKey));
View Full Code Here
42
43
44
45
46
47
48
49
50
51
52
    props.put("id1.property.encoding", "DERNULL");
   
    BasicCertificateExtension baseExt = new BasicCertificateExtension();
    baseExt.init(1, "1.2.3", false, props);
   
    DEREncodable value = baseExt.getValue(null, null, null, null, null);
    assertTrue(value.getClass().toString(),value instanceof DERNull);
    assertTrue(baseExt.getOID().equals("1.2.3"));
    assertTrue(baseExt.getId() == 1);
    assertFalse(baseExt.isCriticalFlag());
  }
View Full Code Here
57
58
59
60
61
62
63
64
65
66
67
68
    props.put("id1.property.value", "1234");
   
    BasicCertificateExtension baseExt = new BasicCertificateExtension();
    baseExt.init(1, "1.2.3", false, props);
   
    DEREncodable value = baseExt.getValue(null, null, null, null, null);
    assertTrue(value.getClass().toString(),value instanceof DERInteger);
    assertTrue(((DERInteger)value).toString(),((DERInteger)value).toString().equals("1234"));
    assertTrue(baseExt.getOID().equals("1.2.3"));
    assertTrue(baseExt.getId() == 1);
    assertFalse(baseExt.isCriticalFlag())
   
View Full Code Here
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
    props.put("id1.property.encoding", "DERBITSTRING");
    props.put("id1.property.value", "1111"); // this is 15 decimal
    BasicCertificateExtension baseExt = new BasicCertificateExtension();
    baseExt.init(1, "1.2.3", false, props);   
    byte[] result = {15};
    DEREncodable value = baseExt.getValue(null, null, null, null, null);
    assertTrue(value.getClass().toString(),value instanceof DERBitString);
    assertEquals(((DERBitString)value).getBytes()[0],result[0]);
    assertEquals(((DERBitString)value).getPadBits(), 0);
    assertTrue(baseExt.getOID().equals("1.2.3"));
    assertTrue(baseExt.getId() == 1);
    assertFalse(baseExt.isCriticalFlag())
   
    props = new Properties();
    props.put("id1.property.encoding", "DERBITSTRING");
    // SSL Client and S/MIME in NetscapeCertType
    // This will be -96 in decimal, don't ask me why, but it is!
    props.put("id1.property.value", "10100000");
   
    baseExt = new BasicCertificateExtension();
    baseExt.init(1, "1.2.3", false, props);
    value = baseExt.getValue(null, null, null, null, null);
    assertTrue(value.getClass().toString(),value instanceof DERBitString);
    new BigInteger(((DERBitString)value).getBytes()); // Will throw if value is wrong
    //log.debug(bi.toString(2));
    //log.debug(bi.toString());
    //log.debug(((DERBitString)value).getBytes()[0]);
    assertEquals(((DERBitString)value).getBytes()[0],-96);
View Full Code Here
123
124
125
126
127
128
129
130
131
132
133
134
    props.put("id1.property.value", "true");
   
    BasicCertificateExtension baseExt = new BasicCertificateExtension();
    baseExt.init(1, "1.2.3", false, props);
   
    DEREncodable value = baseExt.getValue(null, null, null, null, null);
    assertTrue(value.getClass().toString(),value instanceof DERBoolean);
    assertTrue(((DERBoolean)value).toString(),((DERBoolean)value).toString().equals("TRUE"));
    assertTrue(baseExt.getOID().equals("1.2.3"));
    assertTrue(baseExt.getId() == 1);
    assertFalse(baseExt.isCriticalFlag());     
   
View Full Code Here
160
161
162
163
164
165
166
167
168
169
170
171
    props.put("id1.property.value", "DBE81232");
   
    BasicCertificateExtension baseExt = new BasicCertificateExtension();
    baseExt.init(1, "1.2.3", false, props);
   
    DEREncodable value = baseExt.getValue(null, null, null, null, null);
    assertTrue(value.getClass().toString(),value instanceof DEROctetString);
    assertTrue(((DEROctetString)value).toString(),((DEROctetString)value).toString().equalsIgnoreCase("#DBE81232"));
   
    props = new Properties();
    props.put("id1.property.encoding", "DEROCTETSTRING");
    props.put("id1.property.value", "123SA4");
View Full Code Here
187
188
189
190
191
192
193
194
195
196
197
198
    props.put("id1.property.value", "This is a printable string");
   
    BasicCertificateExtension baseExt = new BasicCertificateExtension();
    baseExt.init(1, "1.2.3", false, props);
   
    DEREncodable value = baseExt.getValue(null, null, null, null, null);
    assertTrue(value.getClass().toString(),value instanceof DERPrintableString);
    assertTrue(((DERPrintableString)value).toString(),((DERPrintableString)value).toString().equals("This is a printable string"));
   
    props = new Properties();
    props.put("id1.property.encoding", "DERPRINTABLESTRING");
    props.put("id1.property.value", "This is a non  printable string ���");
View Full Code Here
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
    boolean found = false;
    for (int i = 0; i < gns.length; i++) {
      int tag = gns[i].getTagNo();
      if (tag == 4) {
        found = true;
        DEREncodable enc = gns[i].getName();
        X509Name dir = (X509Name) enc;
        String str = dir.toString();
        log.debug("DirectoryName: " + str);
        assertEquals("CN=testDirName,O=Foo,OU=Bar,C=SE", str);
      }

    }
    assertTrue(found);

    altName = "rfc822name=foo@bar.se, rfc822name=foo@bar.com, uri=http://foo.bar.se, directoryName="
        + LDAPDN.escapeRDN("CN=testDirName, O=Foo, OU=Bar, C=SE")
        + ", dnsName=foo.bar.se, dnsName=foo.bar.com";
    san = CertTools.getGeneralNamesFromAltName(altName);
    gns = san.getNames();
    int dnscount = 0;
    int rfc822count = 0;
    for (int i = 0; i < gns.length; i++) {
      int tag = gns[i].getTagNo();
      if (tag == 2) {
        dnscount++;
        DEREncodable enc = gns[i].getName();
        DERIA5String dir = (DERIA5String) enc;
        String str = dir.getString();
        log.info("DnsName: " + str);
      }
      if (tag == 1) {
        rfc822count++;
        DEREncodable enc = gns[i].getName();
        DERIA5String dir = (DERIA5String) enc;
        String str = dir.getString();
        log.info("Rfc822Name: " + str);
      }
View Full Code Here
TOP

Related Classes of jcifs.spnego.asn1.DEREncodable

  • br.net.woodstock.rockframework.security.sign.impl.BouncyCastlePKCS7Signer
  • jcifs.spnego.NegTokenInit
  • jcifs.spnego.NegTokenTarg
  • org.apache.commons.ssl.ASN1Util
  • org.apache.geronimo.crypto.jce.provider.JCERSAPrivateKey
  • org.apache.geronimo.util.jce.provider.JCERSAPrivateKey
  • org.bouncycastle.asn1.cmp.CertResponse
  • org.bouncycastle.asn1.cms.AuthenticatedDataParser
  • org.bouncycastle.asn1.cms.AuthEnvelopedDataParser
  • org.bouncycastle.asn1.cms.EnvelopedDataParser
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.