Beispiel #1
0
  /**
   * Certificate(TBSCertificate tbsCertificate, AlgorithmIdentifier signatureAlgorithm, byte[]
   * signatureValue) method testing. Makes the certificate, gets its encoded form, makes new
   * certificate from this encoded form by CertificateFactory, and decodes encoded form.
   */
  public void testCertificate() throws Exception {
    // make the TBSCertificate for Certificate
    int version = 2; // v3
    BigInteger serialNumber = BigInteger.valueOf(555L);
    AlgorithmIdentifier signature = new AlgorithmIdentifier("1.2.3.44.555"); // random value
    Name issuer = new Name("O=Certificate Issuer");
    Validity validity = new Validity(new Date(100000000), new Date(200000000));
    Name subject = new Name("O=Subject Organization");
    SubjectPublicKeyInfo subjectPublicKeyInfo =
        new SubjectPublicKeyInfo(new AlgorithmIdentifier("1.2.840.113549.1.1.2"), new byte[10]);
    boolean[] issuerUniqueID =
        new boolean[] {true, false, true, false, true, false, true, false}; // random value
    boolean[] subjectUniqueID =
        new boolean[] {false, true, false, true, false, true, false, true}; // random value
    // make the Extensions for TBSCertificate
    // Subject Alternative Names
    GeneralName[] san =
        new GeneralName[] {
          new GeneralName(
              new OtherName(
                  "1.2.3.4.5",
                  ASN1Integer.getInstance().encode(BigInteger.valueOf(55L).toByteArray()))),
          new GeneralName(1, "*****@*****.**"),
          new GeneralName(2, "dNSName"),
          new GeneralName(new ORAddress()),
          new GeneralName(4, "O=Organization"),
          new GeneralName(new EDIPartyName("assigner", "party")),
          new GeneralName(6, "http://Resource.Id"),
          new GeneralName(new byte[] {1, 1, 1, 1}),
          new GeneralName(8, "1.2.3.4444.55555")
        };
    GeneralNames sans = new GeneralNames(Arrays.asList(san));
    Extension extension = new Extension("2.5.29.17", true, sans.getEncoded());
    Extensions extensions = new Extensions();
    extensions.addExtension(extension);

    byte[] encoding = extensions.getEncoded();
    Extensions.ASN1.decode(encoding);

    TBSCertificate tbsCertificate =
        new TBSCertificate(
            version,
            serialNumber,
            signature,
            issuer,
            validity,
            subject,
            subjectPublicKeyInfo,
            issuerUniqueID,
            subjectUniqueID,
            extensions);

    encoding = tbsCertificate.getEncoded();
    TBSCertificate.ASN1.decode(encoding);

    Certificate certificate = new Certificate(tbsCertificate, signature, new byte[10]);

    encoding = certificate.getEncoded();

    Certificate.ASN1.decode(encoding);

    encoding = Certificate.ASN1.encode(certificate);

    ByteArrayInputStream bais = new ByteArrayInputStream(encoding);

    // try {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    cf.generateCertificate(bais);
    // } catch (CertificateException e) {
    // there is no X.509 certificate factory implementation installed
    // }
  }
Beispiel #2
0
/**
 * @see http://www.ietf.org/rfc/rfc3961.txt
 * @see http://www.ietf.org/rfc/rfc4120.txt
 */
public class KDCRequest {

  /** Authentication Service request message type */
  public static final int AS_REQ = 10;

  /** Ticket-Granting Service request message type */
  public static final int TGS_REQ = 12;

  // type of a protocol message: AS_REQ or TGS_REQ
  private final int msgType;

  private final PrincipalName cname;

  private final String realm;

  private final PrincipalName sname;

  KDCRequest(int msgType, PrincipalName cname, String realm, PrincipalName sname) {
    super();
    this.msgType = msgType;
    this.cname = cname;
    this.realm = realm;
    this.sname = sname;
  }

  public DatagramSocket send(InetAddress address, int port) throws IOException {

    if (msgType != AS_REQ) {
      throw new RuntimeException("Not implemented");
    }

    byte[] enc = AS_REQ_ASN1.encode(this);

    DatagramPacket req = new DatagramPacket(enc, enc.length, address, port);
    DatagramSocket socket = new DatagramSocket();

    socket.send(req);

    return socket;
  }

  /**
   *
   *
   * <pre>
   * KDC-REQ-BODY    ::= SEQUENCE {
   *      kdc-options             [0] KDCOptions,
   *      cname                   [1] PrincipalName OPTIONAL
   *      -- Used only in AS-REQ --,
   *      realm                   [2] Realm
   *      -- Server's realm
   *      -- Also client's in AS-REQ --,
   *      sname                   [3] PrincipalName OPTIONAL,
   *      from                    [4] KerberosTime OPTIONAL,
   *      till                    [5] KerberosTime,
   *      rtime                   [6] KerberosTime OPTIONAL,
   *      nonce                   [7] UInt32,
   *      etype                   [8] SEQUENCE OF Int32 -- EncryptionType
   *      -- in preference order --,
   *      addresses               [9] HostAddresses OPTIONAL,
   *      enc-authorization-data  [10] EncryptedData OPTIONAL
   *      -- AuthorizationData --,
   *      additional-tickets      [11] SEQUENCE OF Ticket OPTIONAL
   *      -- NOTE: not empty
   *      }
   * </pre>
   */
  private static final ASN1Sequence KDC_REQ_BODY =
      new ASN1Sequence(
          new ASN1Type[] {
            new ASN1Explicit(0, ASN1Any.getInstance()), // TODO: ignored
            new ASN1Explicit(1, PrincipalName.ASN1),
            // TODO should we define Realm type?
            new ASN1Explicit(2, ASN1StringType.GENERALSTRING),
            new ASN1Explicit(3, PrincipalName.ASN1),
            new ASN1Explicit(4, ASN1Any.getInstance()), // TODO: ignored
            new ASN1Explicit(5, KerberosTime.getASN1()),
            new ASN1Explicit(6, ASN1Any.getInstance()), // TODO: ignored
            new ASN1Explicit(7, ASN1Integer.getInstance()),
            new ASN1Explicit(8, new ASN1SequenceOf(ASN1Integer.getInstance())),
            new ASN1Explicit(9, ASN1Any.getInstance()), // TODO: ignored
            new ASN1Explicit(10, ASN1Any.getInstance()), // TODO: ignored
            new ASN1Explicit(11, ASN1Any.getInstance()), // TODO: ignored
          }) {
        {
          setOptional(1); // cname
          setOptional(3); // sname
          setOptional(4); // from
          setOptional(6); // rtime
          setOptional(9); // addresses
          setOptional(10); // enc-authorization-data
          setOptional(11); // additional-tickets
        }

        @Override
        protected void getValues(Object object, Object[] values) {
          KDCRequest request = (KDCRequest) object;

          // FIXME: hardcoded - no KDCOptions are set
          // note: number of bits should be >= 32
          // (see RFC 4120, 5.2.8. KerberosFlags)
          values[0] =
              new byte[] {
                (byte) 0x03,
                (byte) 0x05,
                (byte) 0x00,
                (byte) 0x00,
                (byte) 0x00,
                (byte) 0x00,
                (byte) 0x00,
              };

          values[1] = request.cname;
          values[2] = request.realm;
          values[3] = request.sname;

          // value[4] = from; //TODO

          // till: requested: "19700101000000Z" FIXME
          values[5] = new Date(0);

          // values[6] = rtime //TODO

          // nonce FIXME: hardcoded
          values[7] = BigInteger.valueOf(0).toByteArray();

          // etype FIXME
          ArrayList<byte[]> list = new ArrayList<byte[]>();

          // see RFC 3961 (Section 8)
          list.add(BigInteger.valueOf(1).toByteArray()); // des-cbc-crc
          list.add(BigInteger.valueOf(2).toByteArray()); // des-cbc-md4
          list.add(BigInteger.valueOf(3).toByteArray()); // des-cbc-md5
          values[8] = list;

          // value[9] = FIXME
          // value[10] = FIXME
          // value[11] = FIXME
        }
      };

  /**
   *
   *
   * <pre>
   * KDC-REQ         ::= SEQUENCE {
   *      -- NOTE: first tag is [1], not [0]
   *      pvno            [1] INTEGER (5) ,
   *      msg-type        [2] INTEGER (10 -- AS -- | 12 -- TGS --),
   *      padata          [3] SEQUENCE OF PA-DATA OPTIONAL
   *      -- NOTE: not empty --,
   *      req-body        [4] KDC-REQ-BODY
   *      }
   * </pre>
   */
  static final ASN1Sequence KDC_REQ_ASN1 =
      new ASN1Sequence(
          new ASN1Type[] {
            // pvno [1] INTEGER (5)
            new ASN1Explicit(1, ASN1Integer.getInstance()),
            // msg-type [2] INTEGER
            new ASN1Explicit(2, ASN1Integer.getInstance()),
            // padata [3] SEQUENCE OF PA-DATA OPTIONAL
            new ASN1Explicit(3, new ASN1SequenceOf(ASN1Any.getInstance())),
            // req-body [4] KDC-REQ-BODY
            new ASN1Explicit(4, KDC_REQ_BODY),
          }) {
        {
          setOptional(2); // padata
        }

        @Override
        protected void getValues(Object object, Object[] values) {
          KDCRequest request = (KDCRequest) object;

          values[0] = BigInteger.valueOf(5).toByteArray();
          values[1] = BigInteger.valueOf(request.msgType).toByteArray();
          // values[2] = //FIXME
          values[3] = request; // pass for further use
        }
      };

  static final ASN1Explicit AS_REQ_ASN1 =
      new ASN1Explicit(ASN1Constants.CLASS_APPLICATION, AS_REQ, KDC_REQ_ASN1);
}
Beispiel #3
0
 /** Creates an object on the base of its encoded form. */
 public InhibitAnyPolicy(byte[] encoding) throws IOException {
   super(encoding);
   this.skipCerts = new BigInteger((byte[]) ASN1Integer.getInstance().decode(encoding)).intValue();
 }
Beispiel #4
0
 /**
  * Returns ASN.1 encoded form of the object.
  *
  * @return a byte array containing ASN.1 encoded form.
  */
 public byte[] getEncoded() {
   if (encoding == null) {
     encoding = ASN1Integer.getInstance().encode(ASN1Integer.fromIntValue(skipCerts));
   }
   return encoding;
 }
/**
 * The class encapsulates the ASN.1 DER encoding/decoding work with the GeneralSubtree structure
 * which is a part of X.509 certificate: (as specified in RFC 3280 - Internet X.509 Public Key
 * Infrastructure. Certificate and Certificate Revocation List (CRL) Profile.
 * http://www.ietf.org/rfc/rfc3280.txt):
 *
 * <pre>
 *
 *   GeneralSubtree ::= SEQUENCE {
 *        base                    GeneralName,
 *        minimum         [0]     BaseDistance DEFAULT 0,
 *        maximum         [1]     BaseDistance OPTIONAL }
 *
 *   BaseDistance ::= INTEGER (0..MAX)
 *
 * </pre>
 *
 * @see org.apache.harmony.security.x509.NameConstraints
 * @see org.apache.harmony.security.x509.GeneralName
 */
public final class GeneralSubtree {
  /** the value of base field of the structure */
  private final GeneralName base;
  /** the value of minimum field of the structure */
  private final int minimum;
  /** the value of maximum field of the structure */
  private final int maximum;
  /** the ASN.1 encoded form of GeneralSubtree */
  private byte[] encoding;

  public GeneralSubtree(GeneralName base, int minimum, int maximum) {
    this.base = base;
    this.minimum = minimum;
    this.maximum = maximum;
  }

  /** Returns the value of base field of the structure. */
  public GeneralName getBase() {
    return base;
  }

  /** Returns ASN.1 encoded form of this X.509 GeneralSubtree value. */
  public byte[] getEncoded() {
    if (encoding == null) {
      encoding = ASN1.encode(this);
    }
    return encoding;
  }

  public void dumpValue(StringBuilder sb, String prefix) {
    sb.append(prefix).append("General Subtree: [\n");
    sb.append(prefix).append("  base: ").append(base).append('\n');
    sb.append(prefix).append("  minimum: ").append(minimum).append('\n');
    if (maximum >= 0) {
      sb.append(prefix).append("  maximum: ").append(maximum).append('\n');
    }
    sb.append(prefix).append("]\n");
  }

  /** ASN.1 DER X.509 GeneralSubtree encoder/decoder class. */
  public static final ASN1Sequence ASN1 =
      new ASN1Sequence(
          new ASN1Type[] {
            GeneralName.ASN1,
            new ASN1Implicit(0, ASN1Integer.getInstance()),
            new ASN1Implicit(1, ASN1Integer.getInstance())
          }) {
        {
          setDefault(new byte[] {0}, 1); // minimum 0
          setOptional(2); // maximum optional
        }

        @Override
        protected Object getDecodedObject(BerInputStream in) {
          Object[] values = (Object[]) in.content;
          int maximum = -1; // is optional maximum missing?
          if (values[2] != null) {
            maximum = ASN1Integer.toIntValue(values[2]); // no!
          }
          return new GeneralSubtree(
              (GeneralName) values[0], ASN1Integer.toIntValue(values[1]), maximum);
        }

        @Override
        protected void getValues(Object object, Object[] values) {
          GeneralSubtree gs = (GeneralSubtree) object;
          values[0] = gs.base;
          values[1] = ASN1Integer.fromIntValue(gs.minimum);
          if (gs.maximum > -1) {
            values[2] = ASN1Integer.fromIntValue(gs.maximum);
          }
        }
      };
}