Java Code Examples for org.bouncycastle.asn1.DERBitString#getBytes()
The following examples show how to use
org.bouncycastle.asn1.DERBitString#getBytes() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: Asn1Dump.java From keystore-explorer with GNU General Public License v3.0 | 6 votes |
|
private String dumpBitString(DERBitString asn1BitString) throws IOException {
StringBuilder sb = new StringBuilder();
byte[] bytes = asn1BitString.getBytes();
sb.append(indentSequence.toString(indentLevel));
sb.append("BIT STRING");
try {
String dump = dump(bytes);
sb.append(", encapsulates:");
sb.append(NEWLINE);
sb.append(dump);
} catch (Exception e) {
sb.append("=");
// print short bit strings as string of bits and long ones as hex dump
if (bytes.length < 8) {
sb.append(new BigInteger(1, bytes).toString(2));
} else {
sb.append(NEWLINE);
sb.append(dumpHexClear(bytes));
}
}
sb.append(NEWLINE);
return sb.toString();
}
Example 2
| Source File: X509Ext.java From keystore-explorer with GNU General Public License v3.0 | 5 votes |
|
private String getBitString(byte[] octets) throws IOException {
if (octets == null) {
return "";
}
DERBitString derBitString = DERBitString.getInstance(ASN1Primitive.fromByteArray(octets));
byte[] bitStringBytes = derBitString.getBytes();
return new BigInteger(1, bitStringBytes).toString(2);
}
Example 3
| Source File: Spkac.java From keystore-explorer with GNU General Public License v3.0 | 5 votes |
|
private void decodeSpkac(byte[] der) throws SpkacException {
try {
ASN1Sequence signedPublicKeyAndChallenge = ASN1Sequence.getInstance(der);
ASN1Sequence publicKeyAndChallenge = (ASN1Sequence) signedPublicKeyAndChallenge.getObjectAt(0);
ASN1Sequence signatureAlgorithm = (ASN1Sequence) signedPublicKeyAndChallenge.getObjectAt(1);
DERBitString signature = (DERBitString) signedPublicKeyAndChallenge.getObjectAt(2);
ASN1ObjectIdentifier signatureAlgorithmOid = (ASN1ObjectIdentifier) signatureAlgorithm.getObjectAt(0);
ASN1Sequence spki = (ASN1Sequence) publicKeyAndChallenge.getObjectAt(0);
DERIA5String challenge = (DERIA5String) publicKeyAndChallenge.getObjectAt(1);
ASN1Sequence publicKeyAlgorithm = (ASN1Sequence) spki.getObjectAt(0);
DERBitString publicKey = (DERBitString) spki.getObjectAt(1);
ASN1ObjectIdentifier publicKeyAlgorithmOid = (ASN1ObjectIdentifier) publicKeyAlgorithm.getObjectAt(0);
ASN1Primitive algorithmParameters = publicKeyAlgorithm.getObjectAt(1).toASN1Primitive();
this.challenge = challenge.getString();
this.publicKey = decodePublicKeyFromBitString(publicKeyAlgorithmOid, algorithmParameters, publicKey);
this.signatureAlgorithm = getSignatureAlgorithm(signatureAlgorithmOid);
this.signature = signature.getBytes();
} catch (Exception ex) {
throw new SpkacException(res.getString("NoDecodeSpkac.exception.message"), ex);
}
}
Example 4
| Source File: U2FRegistrationResponse.java From fido2 with GNU Lesser General Public License v2.1 | 4 votes |
|
/**
*
* @param ApplicationParam
* @param ChallengeParam
* @param kh
* @param PublicKey
* @return
* @throws NoSuchAlgorithmException
* @throws NoSuchProviderException
* @throws InvalidKeySpecException
*/
private String objectTBS(String ApplicationParam, String ChallengeParam, String kh, String PublicKey)
throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException, DecoderException {
byte constant = (byte) 0x00;
byte[] Challenge = Base64.decodeBase64(ChallengeParam);
int ChanllengeL = Challenge.length;
byte[] Application = Base64.decodeBase64(ApplicationParam);
int ApplicationL = Application.length;
byte[] keyHandle = Base64.decodeBase64(kh);
int keyHandleL = keyHandle.length;
byte[] publicKey = Base64.decodeBase64(PublicKey);
int publicKeyL = publicKey.length;
// Convert back to publicKey
KeyFactory kf = KeyFactory.getInstance("ECDSA", "BCFIPS");
X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(publicKey);
PublicKey pub = kf.generatePublic(pubKeySpec);
ASN1InputStream bIn = new ASN1InputStream(new ByteArrayInputStream(pub.getEncoded()));
ASN1Primitive obj = null;
try {
obj = bIn.readObject();
} catch (IOException ex) {}
Enumeration e = ((ASN1Sequence) obj).getObjects();
byte[] q = null;
while (e.hasMoreElements()) {
ASN1Primitive o = (ASN1Primitive) e.nextElement();
if (o instanceof DERBitString) {
DERBitString bt = (DERBitString) o;
q = bt.getBytes();
}
}
int pukL = skfsConstants.P256_PUBLIC_KEY_SIZE; //ECDSA secp256r1 publickey length
byte[] ob2Sign = new byte[1 + ChanllengeL + ApplicationL + keyHandleL + pukL];
int tot = 1;
ob2Sign[0] = constant;
System.arraycopy(Application, 0, ob2Sign, tot, ApplicationL);
tot += ApplicationL;
System.arraycopy(Challenge, 0, ob2Sign, tot, ChanllengeL);
tot += ChanllengeL;
System.arraycopy(keyHandle, 0, ob2Sign, tot, keyHandleL);
tot += keyHandleL;
System.arraycopy(q, 0, ob2Sign, tot, pukL);
tot += pukL;
return Base64.encodeBase64String(ob2Sign);
}
Example 5
| Source File: Common.java From fido2 with GNU Lesser General Public License v2.1 | 4 votes |
|
/**
* Function to create the packed FIDO U2F data-structure to sign when
* registering a new public-key with a FIDO U2F server. See the U2F Raw
* Messages specification for details:
*
* https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u2f-raw-message-formats.html
*
* @param ApplicationParam String The application parameter is the SHA-256
* hash of the application identity of the application requesting the
* registration; it is 32-bytes in length
* @param ChallengeParam String The challenge parameter is the SHA-256 hash
* of the Client Data, a string JSON data structure the FIDO Client
* prepares. Among other things, the Client Data contains the challenge from
* the relying party (hence the name of the parameter)
* @param kh String Base64-encoded, encrypted JSON data-structure of the
* private-key, origin and the message-digest of the private-key
* @param PublicKey String Base64-encoded public-key of the ECDSA key-pair
* @return String Base64-encoded data-structure of the object being signed
* as per the FIDO U2F protocol for a new-key registration
*
* @throws NoSuchAlgorithmException
* @throws NoSuchProviderException
* @throws InvalidKeySpecException
* @throws java.io.IOException
*/
public static String createRegistrationObjectToSign(String ApplicationParam,
String ChallengeParam,
String kh,
String PublicKey)
throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException, IOException {
// U2F Signed Registration constant
final byte[] constant = {(byte) 0x00};
int constantL = constant.length;
// 32-byte challenge parameter
byte[] Challenge = Base64.getUrlDecoder().decode(ChallengeParam);
int ChanllengeL = Challenge.length;
// 32-byte application parameter
byte[] Application = Base64.getUrlDecoder().decode(ApplicationParam);
int ApplicationL = Application.length;
// Variable length encrypted key-handle JSON data-structure
byte[] keyHandle = Base64.getUrlDecoder().decode(kh);
int keyHandleL = keyHandle.length;
// Fixed-length ECDSA public key
byte[] publicKey = Base64.getUrlDecoder().decode(PublicKey);
int pbkL = Constants.ECDSA_P256_PUBLICKEY_LENGTH;
// Test the public key for sanity
KeyFactory kf = KeyFactory.getInstance("ECDSA", "BCFIPS");
X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(publicKey);
PublicKey pub = kf.generatePublic(pubKeySpec);
ECPublicKey ecpub = (ECPublicKey) pub;
ASN1InputStream bIn = new ASN1InputStream(new ByteArrayInputStream(pub.getEncoded()));
ASN1Primitive obj = bIn.readObject();
Enumeration e = ((ASN1Sequence) obj).getObjects();
byte[] q = null;
while (e.hasMoreElements()) {
ASN1Primitive o = (ASN1Primitive) e.nextElement();
if (o instanceof DERBitString) {
DERBitString bt = (DERBitString) o;
q = bt.getBytes();
}
}
// Create byte[] for to-be-signed (TBS) object
// Could have also used ByteBuffer for this
int currpos = 0;
byte[] tbs = new byte[constantL + ChanllengeL + ApplicationL + keyHandleL + pbkL];
// Copy the Signed Registration constant to TBS
System.arraycopy(constant, 0, tbs, currpos, constantL);
currpos += constantL;
// Copy ApplicationParameters to TBS
System.arraycopy(Application, 0, tbs, currpos, ApplicationL);
currpos += ApplicationL;
// Copy ChallengeParameters to TBS
System.arraycopy(Challenge, 0, tbs, currpos, ChanllengeL);
currpos += ChanllengeL;
// Copy encrypted KeyHandle JSON to TBS
System.arraycopy(keyHandle, 0, tbs, currpos, keyHandleL);
currpos += keyHandleL;
// Copy public-key to TBS
System.arraycopy(q, 0, tbs, currpos, pbkL);
// Return Base64-encoded TBS
return Base64.getUrlEncoder().encodeToString(tbs);
}
Example 6
| Source File: Common.java From fido2 with GNU Lesser General Public License v2.1 | 4 votes |
|
/**
* Function to create the Base64-encoded packed data-structure of the
* Registration Data object for response to a FIDO U2F server. See:
*
* https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u2f-raw-message-formats.html#response-message-framing
*
* Note: Could have used ByteBuffer instead of copying arrays, but will plan
* on updating to ByteBuffer in the next release.
*
* @param userPublicKey String with Base64-encoded public-key being
* registered
* @param keyHandle String with Base64-encoded JSON structure with encrypted
* private key
* @param AttestationCertificate String with Base64-encoded certificate of
* Attestation key
* @param Signature String with Base64-encoded digital signature of response
* @return String with Base64-encoded message of packed Registration
* Response
*
* @throws NoSuchAlgorithmException
* @throws NoSuchProviderException
* @throws InvalidKeySpecException
* @throws java.io.IOException
*/
public static String createRegistrationData(String userPublicKey,
String keyHandle,
String AttestationCertificate,
String Signature)
throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException, IOException {
// Required reserved legacy-byte for U2F response
byte constant = 0x05;
// User's Public key
byte[] upk = Base64.getUrlDecoder().decode(userPublicKey);
int upklen = Constants.ECDSA_P256_PUBLICKEY_LENGTH; //ECDSA secp256r1 publickey length
// Key Handle and its length
byte[] kh = Base64.getUrlDecoder().decode(keyHandle);
int khlen = kh.length;
// Registration Response allows 1-byte for KH length; problem if more than 255
if (khlen > 255) {
System.err.println("Fatal error: Key-handle length greater than 255");
return null;
}
// Attestation certificate and its length
byte[] ac = Base64.getUrlDecoder().decode(AttestationCertificate);
int aclen = ac.length;
// Attestation digital signature of response with length
byte[] acsig = Base64.getUrlDecoder().decode(Signature);
int acsiglen = acsig.length;
// Test the public key for sanity
KeyFactory kf = KeyFactory.getInstance("ECDSA", "BCFIPS");
X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(upk);
PublicKey pbk = kf.generatePublic(pubKeySpec);
ASN1InputStream bIn = new ASN1InputStream(new ByteArrayInputStream(pbk.getEncoded()));
ASN1Primitive obj = bIn.readObject();
Enumeration e = ((ASN1Sequence) obj).getObjects();
byte[] q = null;
while (e.hasMoreElements()) {
ASN1Primitive o = (ASN1Primitive) e.nextElement();
if (o instanceof DERBitString) {
DERBitString bt = (DERBitString) o;
q = bt.getBytes();
}
}
// Create byte array for Registration Response's raw-message
byte[] regresp = new byte[1 + upklen + 1 + khlen + aclen + acsiglen];
// Copy the reserved legacy-byte constant to regresp; set currpos to 1
regresp[0] = constant;
int currpos = 1;
// Copy public-key to regresp; update currpos
System.arraycopy(q, 0, regresp, currpos, upklen);
currpos += upklen;
// Copy key-handle length byte to regresp
regresp[currpos] = (byte) khlen;
currpos += 1;
// Copy key-handle to regresp
System.arraycopy(kh, 0, regresp, currpos, khlen);
currpos += khlen;
// Copy attestation certificate to regresp
System.arraycopy(ac, 0, regresp, currpos, aclen);
currpos += aclen;
// Finally, copy signature to regresp
System.arraycopy(acsig, 0, regresp, currpos, acsiglen);
// Return URL-safe Base64-encoded response
return org.apache.commons.codec.binary.Base64.encodeBase64URLSafeString(regresp);
}
Example 7
| Source File: KerberosApRequest.java From jcifs with GNU Lesser General Public License v2.1 | 4 votes |
|
public KerberosApRequest ( byte[] token, KerberosKey[] keys ) throws PACDecodingException {
if ( token.length <= 0 )
throw new PACDecodingException("Empty kerberos ApReq");
DLSequence sequence;
try {
try ( ASN1InputStream stream = new ASN1InputStream(new ByteArrayInputStream(token)) ) {
sequence = ASN1Util.as(DLSequence.class, stream);
}
}
catch ( IOException e ) {
throw new PACDecodingException("Malformed Kerberos Ticket", e);
}
Enumeration<?> fields = sequence.getObjects();
while ( fields.hasMoreElements() ) {
ASN1TaggedObject tagged = ASN1Util.as(ASN1TaggedObject.class, fields.nextElement());
switch ( tagged.getTagNo() ) {
case 0:
ASN1Integer pvno = ASN1Util.as(ASN1Integer.class, tagged);
if ( !pvno.getValue().equals(new BigInteger(KerberosConstants.KERBEROS_VERSION)) ) {
throw new PACDecodingException("Invalid kerberos version");
}
break;
case 1:
ASN1Integer msgType = ASN1Util.as(ASN1Integer.class, tagged);
if ( !msgType.getValue().equals(new BigInteger(KerberosConstants.KERBEROS_AP_REQ)) )
throw new PACDecodingException("Invalid kerberos request");
break;
case 2:
DERBitString bitString = ASN1Util.as(DERBitString.class, tagged);
this.apOptions = bitString.getBytes()[ 0 ];
break;
case 3:
DERApplicationSpecific derTicket = ASN1Util.as(DERApplicationSpecific.class, tagged);
if ( !derTicket.isConstructed() )
throw new PACDecodingException("Malformed Kerberos Ticket");
this.ticket = new KerberosTicket(derTicket.getContents(), this.apOptions, keys);
break;
case 4:
// Let's ignore this for now
break;
default:
throw new PACDecodingException("Invalid field in kerberos ticket");
}
}
}
Example 8
| Source File: KerberosApRequest.java From jcifs-ng with GNU Lesser General Public License v2.1 | 4 votes |
|
public KerberosApRequest ( byte[] token, KerberosKey[] keys ) throws PACDecodingException {
if ( token.length <= 0 )
throw new PACDecodingException("Empty kerberos ApReq");
DLSequence sequence;
try {
try ( ASN1InputStream stream = new ASN1InputStream(new ByteArrayInputStream(token)) ) {
sequence = ASN1Util.as(DLSequence.class, stream);
}
}
catch ( IOException e ) {
throw new PACDecodingException("Malformed Kerberos Ticket", e);
}
Enumeration<?> fields = sequence.getObjects();
while ( fields.hasMoreElements() ) {
ASN1TaggedObject tagged = ASN1Util.as(ASN1TaggedObject.class, fields.nextElement());
switch ( tagged.getTagNo() ) {
case 0:
ASN1Integer pvno = ASN1Util.as(ASN1Integer.class, tagged);
if ( !pvno.getValue().equals(new BigInteger(KerberosConstants.KERBEROS_VERSION)) ) {
throw new PACDecodingException("Invalid kerberos version");
}
break;
case 1:
ASN1Integer msgType = ASN1Util.as(ASN1Integer.class, tagged);
if ( !msgType.getValue().equals(new BigInteger(KerberosConstants.KERBEROS_AP_REQ)) )
throw new PACDecodingException("Invalid kerberos request");
break;
case 2:
DERBitString bitString = ASN1Util.as(DERBitString.class, tagged);
this.apOptions = bitString.getBytes()[ 0 ];
break;
case 3:
DERApplicationSpecific derTicket = ASN1Util.as(DERApplicationSpecific.class, tagged);
if ( !derTicket.isConstructed() )
throw new PACDecodingException("Malformed Kerberos Ticket");
this.ticket = new KerberosTicket(derTicket.getContents(), this.apOptions, keys);
break;
case 4:
// Let's ignore this for now
break;
default:
throw new PACDecodingException("Invalid field in kerberos ticket");
}
}
}
