Examples of org.bouncycastle.asn1.DERObject

• org.bouncycastle.asn1.DERObject

        throws CertificateParsingException {
      String ret = null;
      if (cert instanceof X509Certificate) {
        X509Certificate x509cert = (X509Certificate) cert;
        try {
          DERObject obj = getExtensionValue(x509cert, X509Extensions.AuthorityInfoAccess.getId());
          if (obj == null) {
            return null;
          }
          AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(obj);
          AccessDescription[] ad = aia.getAccessDescriptions();

    public void testNovosecRARequest() throws IOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, CertificateEncodingException, SignatureException, IllegalStateException {
      // Check that we can parse a request from  Novosec (patched by EJBCA).
      // Read an initialization request with RAVerifiedPOP and PBE protection to see that we can process it
      ASN1InputStream in = new ASN1InputStream(novosecrapopir);
      DERObject derObject = in.readObject();
      PKIMessage req = PKIMessage.getInstance(derObject);
      //log.info(req.toString());
      // Verify should be false if we do not allow RA verify POP here, since we don't have any normal POP
      CrmfRequestMessage msg = new CrmfRequestMessage(req, "CN=AdminCA1", false, "CN");
      assertFalse(msg.verify());

    public void testNovosecClientRequest() throws IOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, CertificateEncodingException, SignatureException, IllegalStateException {
      // Check that we can parse a request from  Novosec (patched by EJBCA).
      // Read an initialization request with a signature POP and signature protection to see that we can process it
      {
        ASN1InputStream in = new ASN1InputStream(novosecsigpopir);
        DERObject derObject = in.readObject();
        PKIMessage req = PKIMessage.getInstance(derObject);
        //log.info(req.toString());
        // Verify should be ok if we do not allow RA verify POP here
        CrmfRequestMessage msg = new CrmfRequestMessage(req, "CN=AdminCA1", false, "CN");
        assertTrue(msg.verify());
        // Since we don't have RA POP we can't test for that...
        assertEquals("CN=AdminCA1,O=EJBCA Sample,C=SE", msg.getIssuerDN());
        assertEquals("CN=abc123rry2942812801980668853,O=PrimeKey Solutions AB,C=SE", msg.getRequestDN());
        assertEquals("abc123rry2942812801980668853", msg.getUsername());
        assertEquals("foo123", msg.getPassword());
        // Verify signature protection
        AlgorithmIdentifier algId = msg.getMessage().getProtectedPart().getHeader().getProtectionAlg();
        String oid = algId.getObjectId().getId();
        assertEquals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), oid);
        // Check that this is an old message, created before ECA-2104, using null instead of DERNull as algorithm parameters.
        DEREncodable pp = algId.getParameters();
        assertNull(pp);
        // Try to verify, it should work good even though the small bug in ECA-2104, since we don't use algorithm parameters for RSA-PKCS signatures
        PublicKey pubKey = msg.getRequestPublicKey();
        assertTrue(CmpMessageHelper.verifyCertBasedPKIProtection(msg.getMessage(), pubKey));
        // Verify that our verification routine does not give positive result for any other keys
        KeyPair keys = KeyTools.genKeys("512", "RSA");
        assertFalse(CmpMessageHelper.verifyCertBasedPKIProtection(msg.getMessage(), keys.getPublic()));
      }
      // Re-protect the message, now fixed by ECA-2104
      {
        ASN1InputStream in = new ASN1InputStream(novosecsigpopir);
        DERObject derObject = in.readObject();
        PKIMessage myPKIMessage = PKIMessage.getInstance(derObject);
        KeyPair keys = KeyTools.genKeys("512", "RSA");
        X509Certificate signCert = CertTools.genSelfCert("CN=CMP Sign Test", 3650, null, keys.getPrivate(), keys.getPublic(), "SHA1WithRSA", false);
        // Re-sign the message
        byte[] newmsg = CmpMessageHelper.signPKIMessage(myPKIMessage, signCert, keys.getPrivate(), CMSSignedGenerator.DIGEST_SHA1, "BC");

    public void testBc146RARequest() throws IOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
      // Check that we can parse request from BouncyCastle version 1.46.
      // Read an initialization request with RAVerifiedPOP with PBE protection to see that we can process it
      ASN1InputStream in = new ASN1InputStream(bc146rapopir);
      DERObject derObject = in.readObject();
      PKIMessage req = PKIMessage.getInstance(derObject);
      //log.info(req.toString());
      // Verify should be false if we do not allow RA verify POP here, since we don't have any normal POP
      CrmfRequestMessage msg = new CrmfRequestMessage(req, "CN=AdminCA1", false, "CN");
      assertFalse(msg.verify());

    public void testBc146ClientRequest() throws IOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
      // Check that we can parse request from BouncyCastle version 1.46.
      // Read an initialization request with a signature POP, and signature protection, to see that we can process it
      ASN1InputStream in = new ASN1InputStream(bc146sigpopir);
      DERObject derObject = in.readObject();
      PKIMessage req = PKIMessage.getInstance(derObject);
      //log.info(req.toString());
      // Verify should be ok if we do not allow RA verify POP here
      CrmfRequestMessage msg = new CrmfRequestMessage(req, "CN=AdminCA1", false, "CN");
      // BC messages in BC1.46 uses POPOSigningKeyInput for POPO, not the 3rd case in RFC4211 section 4.1, like everyone else...

    }

    public void testHuaweiEnodeBClientRequest() throws IOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
      // Read an initialization request to see that we can process it
      ASN1InputStream in = new ASN1InputStream(huaweiir);
    DERObject derObject = in.readObject();
    PKIMessage req = PKIMessage.getInstance(derObject);
    //log.info(req.toString());
      CrmfRequestMessage msg = new CrmfRequestMessage(req, null, false, "CN");
      // This message does not have an issuerDN in the cert template
      assertNull(msg.getIssuerDN());

   * @return IResponseMessage containing the CMP response message or null if there is no message to send back or some internal error has occurred
   * @throws IOException
   */
  @TransactionAttribute(TransactionAttributeType.REQUIRED)
  public IResponseMessage dispatch(Admin admin, byte[] ba) throws IOException {
    DERObject derObject = new LimitLengthASN1Reader(new ByteArrayInputStream(ba), ba.length).readObject();
    return dispatch(admin, derObject);
  }

      // Not a CVC request, perhaps a PKCS10 request
      try {
        final PKCS10CertificationRequest pkcs10 = new PKCS10CertificationRequest(requestBytes);
//        ret = pkcs10.toString();
        final ASN1InputStream ais = new ASN1InputStream(new ByteArrayInputStream(pkcs10.getEncoded()));
        final DERObject obj = ais.readObject();
        ret = ASN1Dump.dumpAsString(obj);
        type = "PKCS#10";
      } catch (IOException e1) {
         // ignore, move on to certificate decoding
      } catch (IllegalArgumentException e1) {
        // ignore, move on to certificate decoding
      } catch (ClassCastException e2) {
        // ignore, move on to certificate decoding
      }
    } else if (ret != null) {
      type = "CVC";
    }
    if (ret == null) {
      // Not a CVC object or PKCS10 request message, perhaps a X.509 certificate?
      try {
        final Certificate cert = getCert(bytes);
        ret = CertTools.dumpCertificateAsString(cert);
        type = "X.509";
      } catch (Exception e) {
        // Not a X.509 certificate either...try to simply decode asn.1
        try {
          final ASN1InputStream ais = new ASN1InputStream(new ByteArrayInputStream(bytes));
          final DERObject obj = ais.readObject();
          if (obj != null) {
            ret = ASN1Dump.dumpAsString(obj);
            type = "ASN.1";
          }
        } catch (IOException e1) {

        } catch (Exception e) {
          iscert = false;
        }
        if (!iscert) {
            ASN1InputStream ais = new ASN1InputStream(new FileInputStream(filename));
            DERObject obj = ais.readObject();
            String dump = ASN1Dump.dumpAsString(obj);
            getLogger().info(dump);
        } else {
            Iterator<Certificate> iter = coll.iterator();
            while (iter.hasNext()) {

      log.trace(">doPost()");
      if ( this.config==null ) {
        throw new ServletException("Servlet not initialized.");
      }
      final ServletInputStream sin = servletReq.getInputStream();
      final DERObject message;
      try {
        message = new LimitLengthASN1Reader(sin, servletReq.getContentLength()).readObject();
      } catch ( IOException e ) {
        servletResp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
        log.error( intres.getLocalizedMessage("cmp.errornoasn1"), e );
        return;
      }
      log.info( intres.getLocalizedMessage("cmp.receivedmsg", servletReq.getRemoteAddr()) );
      long startTime = System.currentTimeMillis();
      // Send back CMP response
      this.connection.send(message.getDEREncoded(), servletResp, servletReq.getContentType());
      long endTime = System.currentTimeMillis();
      log.info( intres.getLocalizedMessage("cmp.sentresponsemsg", servletReq.getRemoteAddr(), Long.valueOf(endTime - startTime)) );
    } catch (Throwable t) {
      log.error("Error in CmpServlet:", t);
      servletResp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, t.getMessage());