Package org.apache.commons.ssl.asn1

Examples of org.apache.commons.ssl.asn1.ASN1Set

325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
            certs.add(x509Certificate);
                }
            }
*/
            // the signerInfos
            ASN1Set signerInfos = (ASN1Set)content.getObjectAt(next);
            if (signerInfos.size() != 1)
                throw new IllegalArgumentException(MessageLocalization.getComposedMessage("this.pkcs.7.object.has.multiple.signerinfos.only.one.is.supported.at.this.time"));
            ASN1Sequence signerInfo = (ASN1Sequence)signerInfos.getObjectAt(0);
            // the positions that we care are
            //     0 - version
            //     1 - the signing certificate issuer and serial number
            //     2 - the digest algorithm
            //     3 or 4 - digestEncryptionAlgorithm
            //     4 or 5 - encryptedDigest
            signerversion = ((ASN1Integer)signerInfo.getObjectAt(0)).getValue().intValue();
            // Get the signing certificate
            ASN1Sequence issuerAndSerialNumber = (ASN1Sequence)signerInfo.getObjectAt(1);
            X509Principal issuer = new X509Principal(issuerAndSerialNumber.getObjectAt(0).toASN1Primitive().getEncoded());
            BigInteger serialNumber = ((ASN1Integer)issuerAndSerialNumber.getObjectAt(1)).getValue();
            for (Object element : certs) {
                X509Certificate cert = (X509Certificate)element;
                if (cert.getIssuerDN().equals(issuer) && serialNumber.equals(cert.getSerialNumber())) {
                    signCert = cert;
                    break;
                }
            }
            if (signCert == null) {
                throw new IllegalArgumentException(MessageLocalization.getComposedMessage("can.t.find.signing.certificate.with.serial.1",
                    issuer.getName() + " / " + serialNumber.toString(16)));
            }
            signCertificateChain();
            digestAlgorithmOid = ((ASN1ObjectIdentifier)((ASN1Sequence)signerInfo.getObjectAt(2)).getObjectAt(0)).getId();
            next = 3;
            boolean foundCades = false;
            if (signerInfo.getObjectAt(next) instanceof ASN1TaggedObject) {
                ASN1TaggedObject tagsig = (ASN1TaggedObject)signerInfo.getObjectAt(next);
                ASN1Set sseq = ASN1Set.getInstance(tagsig, false);
                sigAttr = sseq.getEncoded(ASN1Encoding.DER);

                for (int k = 0; k < sseq.size(); ++k) {
                    ASN1Sequence seq2 = (ASN1Sequence)sseq.getObjectAt(k);
                    String idSeq2 = ((ASN1ObjectIdentifier)seq2.getObjectAt(0)).getId();
                    if (idSeq2.equals(SecurityIDs.ID_MESSAGE_DIGEST)) {
                        ASN1Set set = (ASN1Set)seq2.getObjectAt(1);
                        digestAttr = ((ASN1OctetString)set.getObjectAt(0)).getOctets();
                    }
                    else if (idSeq2.equals(SecurityIDs.ID_ADBE_REVOCATION)) {
                        ASN1Set setout = (ASN1Set)seq2.getObjectAt(1);
                        ASN1Sequence seqout = (ASN1Sequence)setout.getObjectAt(0);
                        for (int j = 0; j < seqout.size(); ++j) {
                            ASN1TaggedObject tg = (ASN1TaggedObject)seqout.getObjectAt(j);
                            if (tg.getTagNo() == 0) {
                                ASN1Sequence seqin = (ASN1Sequence)tg.getObject();
                                findCRL(seqin);
                            }
                            if (tg.getTagNo() == 1) {
                                ASN1Sequence seqin = (ASN1Sequence)tg.getObject();
                                findOcsp(seqin);
                            }
                        }
                    }
                    else if (isCades && idSeq2.equals(SecurityIDs.ID_AA_SIGNING_CERTIFICATE_V1)) {
                        ASN1Set setout = (ASN1Set)seq2.getObjectAt(1);
                        ASN1Sequence seqout = (ASN1Sequence)setout.getObjectAt(0);
                        SigningCertificate sv2 = SigningCertificate.getInstance(seqout);
                        ESSCertID[] cerv2m = sv2.getCerts();
                        ESSCertID cerv2 = cerv2m[0];
                        byte[] enc2 = signCert.getEncoded();
                        MessageDigest m2 = new BouncyCastleDigest().getMessageDigest("SHA-1");
                        byte[] signCertHash = m2.digest(enc2);
                        byte[] hs2 = cerv2.getCertHash();
                        if (!Arrays.equals(signCertHash, hs2))
                            throw new IllegalArgumentException("Signing certificate doesn't match the ESS information.");
                        foundCades = true;
                    }
                    else if (isCades && idSeq2.equals(SecurityIDs.ID_AA_SIGNING_CERTIFICATE_V2)) {
                        ASN1Set setout = (ASN1Set)seq2.getObjectAt(1);
                        ASN1Sequence seqout = (ASN1Sequence)setout.getObjectAt(0);
                        SigningCertificateV2 sv2 = SigningCertificateV2.getInstance(seqout);
                        ESSCertIDv2[] cerv2m = sv2.getCerts();
                        ESSCertIDv2 cerv2 = cerv2m[0];
                        AlgorithmIdentifier ai2 = cerv2.getHashAlgorithm();
                        byte[] enc2 = signCert.getEncoded();
                        MessageDigest m2 = new BouncyCastleDigest().getMessageDigest(DigestAlgorithms.getDigest(ai2.getAlgorithm().getId()));
                        byte[] signCertHash = m2.digest(enc2);
                        byte[] hs2 = cerv2.getCertHash();
                        if (!Arrays.equals(signCertHash, hs2))
                            throw new IllegalArgumentException("Signing certificate doesn't match the ESS information.");
                        foundCades = true;
                    }
                }
                if (digestAttr == null)
                    throw new IllegalArgumentException(MessageLocalization.getComposedMessage("authenticated.attribute.is.missing.the.digest"));
                ++next;
            }
            if (isCades && !foundCades)
                throw new IllegalArgumentException("CAdES ESS information missing.");
            digestEncryptionAlgorithmOid = ((ASN1ObjectIdentifier)((ASN1Sequence)signerInfo.getObjectAt(next++)).getObjectAt(0)).getId();
            digest = ((ASN1OctetString)signerInfo.getObjectAt(next++)).getOctets();
            if (next < signerInfo.size() && signerInfo.getObjectAt(next) instanceof ASN1TaggedObject) {
                ASN1TaggedObject taggedObject = (ASN1TaggedObject) signerInfo.getObjectAt(next);
                ASN1Set unat = ASN1Set.getInstance(taggedObject, false);
                AttributeTable attble = new AttributeTable(unat);
                Attribute ts = attble.get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken);
                if (ts != null && ts.getAttrValues().size() > 0) {
                    ASN1Set attributeValues = ts.getAttrValues();
                    ASN1Sequence tokenSequence = ASN1Sequence.getInstance(attributeValues.getObjectAt(0));
                    ContentInfo contentInfo = new ContentInfo(tokenSequence);
                    this.timeStampToken = new TimeStampToken(contentInfo);
                }
            }
            if (isTsp) {
View Full Code Here
162
163
164
165
166
167
168
169
170
171
172
173
174
175
      public X500Name(ASN1Sequence seq) {
          @SuppressWarnings("unchecked")
      Enumeration<ASN1Set> e = seq.getObjects();
 
          while (e.hasMoreElements()) {
              ASN1Set set = e.nextElement();
 
              for (int i = 0; i < set.size(); i++) {
                  ASN1Sequence s = (ASN1Sequence)set.getObjectAt(i);
                  String id = DefaultSymbols.get(s.getObjectAt(0));
                  if (id == null)
                      continue;
                  ArrayList<String> vs = values.get(id);
                  if (vs == null) {
View Full Code Here
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
            Attribute attr = Attribute.getInstance(seq.getObjectAt(i));
            if (!StringUtils.isEmpty(result)) {
              prefix = ", ";
            }
            if (attr.getAttrType().getId().equals(id_pda_dateOfBirth)) {
              ASN1Set set = attr.getAttrValues();
              // Come on, we'll only allow one dateOfBirth, we're not allowing such frauds with multiple birth dates
              DERGeneralizedTime time = DERGeneralizedTime.getInstance(set.getObjectAt(0));
              Date date = time.getDate();
              String dateStr = dateF.format(date);
              result += prefix + "dateOfBirth="+dateStr;
            }
            if (attr.getAttrType().getId().equals(id_pda_placeOfBirth)) {
              ASN1Set set = attr.getAttrValues();
              // same here only one placeOfBirth
              String pb = ((DERString)set.getObjectAt(0)).getString();
              result += prefix + "placeOfBirth="+pb;             
            }
            if (attr.getAttrType().getId().equals(id_pda_gender)) {
              ASN1Set set = attr.getAttrValues();
              // same here only one gender
              String g = ((DERString)set.getObjectAt(0)).getString();
              result += prefix + "gender="+g;             
            }
            if (attr.getAttrType().getId().equals(id_pda_countryOfCitizenship)) {
              ASN1Set set = attr.getAttrValues();
              // same here only one citizenship
              String g = ((DERString)set.getObjectAt(0)).getString();
              result += prefix + "countryOfCitizenship="+g;             
            }
            if (attr.getAttrType().getId().equals(id_pda_countryOfResidence)) {
              ASN1Set set = attr.getAttrValues();
              // same here only one residence
              String g = ((DERString)set.getObjectAt(0)).getString();
              result += prefix + "countryOfResidence="+g;             
            }
          }
        }
        if (StringUtils.isEmpty(result)) {
View Full Code Here
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
        }
        Attribute attr = attributes.get(new DERObjectIdentifier(szOID_REQUEST_CLIENT_INFO));
        if (attr == null) {
                return ret;               
        } else {
            ASN1Set values = attr.getAttrValues();
            if (values.size() == 0) {
              return ret;
            }
            DERSequence seq = (DERSequence) DERSequence.getInstance(values.getObjectAt(0));
            Enumeration enumeration = seq.getObjects();
            while (enumeration.hasMoreElements()) {
              Object current = enumeration.nextElement();
              if (current instanceof DERPrintableString) {
                  ret.add(((DERPrintableString) current).getString());
View Full Code Here
153
154
155
156
157
158
159
160
161
162
163
164
        Attribute attr = attributes.get(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
        if (attr == null) {
          log.error("Cannot find request extension.");
          return null;
        }
        ASN1Set set = attr.getAttrValues();
        DERSequence seq = (DERSequence) DERSequence.getInstance(set.getObjectAt(0));
        Enumeration enumeration = seq.getObjects();
        while (enumeration.hasMoreElements()) {
          DERSequence seq2 = (DERSequence) DERSequence.getInstance(enumeration.nextElement());
          DERObjectIdentifier oid = (DERObjectIdentifier) seq2.getObjectAt(0);
          if (szOID_ENROLL_CERTTYPE_EXTENSION.equals(oid.getId())) {
View Full Code Here
192
193
194
195
196
197
198
199
200
201
202
203
          log.error("No attributes!");
            return ret;
        }
        Attribute attr = attributes.get(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
        if (attr != null) {
            ASN1Set set = attr.getAttrValues();
            DERSequence seq = (DERSequence) DERSequence.getInstance(set.getObjectAt(0));
            Enumeration enumeration = seq.getObjects();
            while (enumeration.hasMoreElements()) {
              DERSequence seq2 = (DERSequence) DERSequence.getInstance(enumeration.nextElement());
              DERObjectIdentifier oid = (DERObjectIdentifier) seq2.getObjectAt(0);
              if ("2.5.29.17".equals(oid.getId())) {  //SubjectAN
View Full Code Here
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
  @SuppressWarnings("unchecked")
    public void test19getAltNameStringFromExtension() throws Exception {
    PKCS10CertificationRequest p10 = new PKCS10CertificationRequest(
        p10ReqWithAltNames);
    CertificationRequestInfo info = p10.getCertificationRequestInfo();
    ASN1Set set = info.getAttributes();
    // The set of attributes contains a sequence of with type oid
    // PKCSObjectIdentifiers.pkcs_9_at_extensionRequest
    Enumeration<Object> en = set.getObjects();
    boolean found = false;
    while (en.hasMoreElements()) {
      ASN1Sequence seq = ASN1Sequence.getInstance(en.nextElement());
      DERObjectIdentifier oid = (DERObjectIdentifier) seq.getObjectAt(0);
      if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
        // The object at position 1 is a SET of x509extensions
        DERSet s = (DERSet) seq.getObjectAt(1);
        X509Extensions exts = X509Extensions.getInstance(s
            .getObjectAt(0));
        X509Extension ext = exts
            .getExtension(X509Extensions.SubjectAlternativeName);
        if (ext != null) {
          found = true;
          String altNames = CertTools
              .getAltNameStringFromExtension(ext);
          assertEquals(
              "dNSName=ort3-kru.net.polisen.se, iPAddress=10.252.255.237",
              altNames);
        }
      }
    }
    assertTrue(found);

    p10 = new PKCS10CertificationRequest(p10ReqWithAltNames2);
    info = p10.getCertificationRequestInfo();
    set = info.getAttributes();
    // The set of attributes contains a sequence of with type oid
    // PKCSObjectIdentifiers.pkcs_9_at_extensionRequest
   
    en = set.getObjects();
    found = false;
    while (en.hasMoreElements()) {
      ASN1Sequence seq = ASN1Sequence.getInstance(en.nextElement());
      DERObjectIdentifier oid = (DERObjectIdentifier) seq.getObjectAt(0);
      if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
View Full Code Here
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
              attr = tab.get(new DERObjectIdentifier(ScepRequestMessage.id_messageType));
              if ( attr == null ) {
                StressTest.this.performanceTest.getLog().error("MessageType should not be null for responseStatus: "+expectedResponseStatus);
                return false;
              }
              ASN1Set values = attr.getAttrValues();
              if ( values.size() != 1 ) {
                StressTest.this.performanceTest.getLog().error("MessageType.AttrValues should be 1: "+values.size());
                return false;
              }
              DERString str = DERPrintableString.getInstance((values.getObjectAt(0)));
              String messageType = str.getString();
              if ( !StringUtils.equals(messageType, "3") ) {
                StressTest.this.performanceTest.getLog().error("MessageType should be 3: "+messageType);
                return false;
              }
              // --Success status
              attr = tab.get(new DERObjectIdentifier(ScepRequestMessage.id_pkiStatus));
              if ( attr == null ) {
                StressTest.this.performanceTest.getLog().error("PKIStatus should not be null");
                return false;
              }
              values = attr.getAttrValues();
              if ( values.size() != 1 ) {
                StressTest.this.performanceTest.getLog().error("PKIStatus.AttrValues should be 1: "+values.size());
                return false;
              }
              str = DERPrintableString.getInstance((values.getObjectAt(0)));
              String responsestatus =  str.getString();
              if ( !StringUtils.equals(expectedResponseStatus.getValue(), responsestatus) ) {
                StressTest.this.performanceTest.getLog().error("ResponseStatus should be "+expectedResponseStatus.getValue()+" but was: "+responsestatus);
                return false;
              }
              // --SenderNonce
              attr = tab.get(new DERObjectIdentifier(ScepRequestMessage.id_senderNonce));
              if ( attr == null ) {
                StressTest.this.performanceTest.getLog().error("SenderNonce should not be null");
                return false;
              }
              values = attr.getAttrValues();
              if ( values.size() != 1 ) {
                StressTest.this.performanceTest.getLog().error("SenderNonce.AttrValues should be 1: "+values.size());
                return false;
              }
              ASN1OctetString octstr = ASN1OctetString.getInstance(values.getObjectAt(0));
              // SenderNonce is something the server came up with, but it should be 16 chars
              if ( octstr.getOctets().length != 16 ) {
                StressTest.this.performanceTest.getLog().error("SenderNonce should be 16 bytes: "+octstr.getOctets().length);
                return false;
              }
              // --Recipient Nonce
              attr = tab.get(new DERObjectIdentifier(ScepRequestMessage.id_recipientNonce));
              if ( attr == null ) {
                StressTest.this.performanceTest.getLog().error("RecipientNonce should not be null");
                return false;
              }
              values = attr.getAttrValues();
              if ( values.size() != 1 ) {
                StressTest.this.performanceTest.getLog().error("RecipientNonce.AttrValues should be 1: "+values.size());
                return false;
              }
              octstr = ASN1OctetString.getInstance(values.getObjectAt(0));
              // recipient nonce should be the same as we sent away as sender nonce
              String nonce = new String(Base64.encode(octstr.getOctets()));
              if ( !StringUtils.equals(senderNonce, nonce) ) {
                StressTest.this.performanceTest.getLog().error("RecipientNonce should be "+senderNonce+" but was: "+nonce);
                return false;
              }
              // --Transaction ID
              attr = tab.get(new DERObjectIdentifier(ScepRequestMessage.id_transId));
              if ( attr == null ) {
                StressTest.this.performanceTest.getLog().error("TransId should not be null");
                return false;
              }
              values = attr.getAttrValues();
              if ( values.size() != 1 ) {
                StressTest.this.performanceTest.getLog().error("TransId.AttrValues should be 1: "+values.size());
                return false;
              }
              str = DERPrintableString.getInstance((values.getObjectAt(0)));
              // transid should be the same as the one we sent
              if ( !StringUtils.equals(transId, str.getString()) ) {
                StressTest.this.performanceTest.getLog().error("TransId should be "+transId+" but was: "+str.getString());
                return false;
              }
View Full Code Here
621
622
623
624
625
626
627
628
629
630
631
632
                Iterator<?> iter = col.iterator();
                SignerInformation signerInfo = (SignerInformation)iter.next();
                // Get authenticated attributes
                AttributeTable tab = signerInfo.getSignedAttributes();       
                Attribute attr = tab.get(new DERObjectIdentifier(ScepRequestMessage.id_pkiStatus));
                ASN1Set values = attr.getAttrValues();
                DERString str = DERPrintableString.getInstance((values.getObjectAt(0)));
                String responsestatus =  str.getString();
                if (extectedResponseStatus.getValue().equals(responsestatus)) {
                  return true;
                }
                return false;
View Full Code Here
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
        // No failInfo on this success message
        assertNull(attr);
        // --Message type
        attr = tab.get(new DERObjectIdentifier(ScepRequestMessage.id_messageType));
        assertNotNull(attr);
        ASN1Set values = attr.getAttrValues();
        assertEquals(values.size(), 1);
        DERString str = DERPrintableString.getInstance((values.getObjectAt(0)));
        String messageType = str.getString();
        assertEquals("3", messageType);
        // --Success status
        attr = tab.get(new DERObjectIdentifier(ScepRequestMessage.id_pkiStatus));
        assertNotNull(attr);
        values = attr.getAttrValues();
        assertEquals(values.size(), 1);
        str = DERPrintableString.getInstance((values.getObjectAt(0)));
        assertEquals(ResponseStatus.SUCCESS.getValue(), str.getString());
        // --SenderNonce
        attr = tab.get(new DERObjectIdentifier(ScepRequestMessage.id_senderNonce));
        assertNotNull(attr);
        values = attr.getAttrValues();
        assertEquals(values.size(), 1);
        ASN1OctetString octstr = ASN1OctetString.getInstance(values.getObjectAt(0));
        // SenderNonce is something the server came up with, but it should be 16
        // chars
        assertTrue(octstr.getOctets().length == 16);
        // --Recipient Nonce
        attr = tab.get(new DERObjectIdentifier(ScepRequestMessage.id_recipientNonce));
        assertNotNull(attr);
        values = attr.getAttrValues();
        assertEquals(values.size(), 1);
        octstr = ASN1OctetString.getInstance(values.getObjectAt(0));
        // recipient nonce should be the same as we sent away as sender nonce
        assertEquals(_senderNonce, new String(Base64.encode(octstr.getOctets())));
        // --Transaction ID
        attr = tab.get(new DERObjectIdentifier(ScepRequestMessage.id_transId));
        assertNotNull(attr);
        values = attr.getAttrValues();
        assertEquals(values.size(), 1);
        str = DERPrintableString.getInstance((values.getObjectAt(0)));
        // transid should be the same as the one we sent
        assertEquals(_transId, str.getString());

        //
        // Check different message types
View Full Code Here
TOP

Related Classes of org.apache.commons.ssl.asn1.ASN1Set

  • codec.pkcs7.Certificates
  • codec.pkcs8.PrivateKeyInfo
  • codec.x501.Attribute
  • codec.x501.Name
  • com.itextpdf.text.pdf.PdfPKCS7
  • com.itextpdf.text.pdf.PdfPKCS7$X509Name
  • com.itextpdf.text.pdf.PdfPublicKeySecurityHandler
  • com.itextpdf.text.pdf.security.CertificateInfo$X500Name
  • com.itextpdf.text.pdf.security.PdfPKCS7
  • com.lowagie.text.pdf.PdfPKCS7
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.