예제 #1
0
 /**
  * Converts the given X.500 principal to a list of type/value attributes.
  *
  * @param principal Principal to convert.
  * @return List of type/value attributes.
  */
 public static Attributes readX500Principal(final X500Principal principal) {
   final X500Name name = X500Name.getInstance(principal.getEncoded());
   final Attributes attributes = new Attributes();
   for (RDN rdn : name.getRDNs()) {
     for (AttributeTypeAndValue tv : rdn.getTypesAndValues()) {
       attributes.add(tv.getType().getId(), tv.getValue().toString());
     }
   }
   return attributes;
 }
예제 #2
0
 /**
  * Converts the given X.500 principal to a list of relative distinguished names that contains the
  * attributes comprising the DN.
  *
  * @param principal Principal to convert.
  * @return X500 principal as an RDN sequence.
  */
 public static RDNSequence readX500Principal(final X500Principal principal) {
   final X500Name name = X500Name.getInstance(principal.getEncoded());
   final RDNSequence sequence = new RDNSequence();
   for (org.bouncycastle.asn1.x500.RDN rdn : name.getRDNs()) {
     final Attributes attributes = new Attributes();
     for (AttributeTypeAndValue tv : rdn.getTypesAndValues()) {
       attributes.add(tv.getType().getId(), tv.getValue().toString());
     }
     sequence.add(new RDN(attributes));
   }
   return sequence;
 }
예제 #3
0
 public KeyTransRecipientId getKeyTransRecipientId(X509CertSelector certSelector) {
   try {
     if (certSelector.getSubjectKeyIdentifier() != null) {
       return new KeyTransRecipientId(
           X500Name.getInstance(certSelector.getIssuerAsBytes()),
           certSelector.getSerialNumber(),
           ASN1OctetString.getInstance(certSelector.getSubjectKeyIdentifier()).getOctets());
     } else {
       return new KeyTransRecipientId(
           X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber());
     }
   } catch (Exception e) {
     throw new IllegalArgumentException("conversion failed: " + e.toString());
   }
 }
예제 #4
0
  /**
   * Checks whether the given certificate is on this CRL.
   *
   * @param cert the certificate to check for.
   * @return true if the given certificate is on this CRL, false otherwise.
   */
  public boolean isRevoked(Certificate cert) {
    if (!cert.getType().equals("X.509")) {
      throw new RuntimeException("X.509 CRL used with non X.509 Cert");
    }

    TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();

    X500Name caName = c.getIssuer();

    if (certs != null) {
      BigInteger serial = ((X509Certificate) cert).getSerialNumber();

      for (int i = 0; i < certs.length; i++) {
        if (isIndirect && certs[i].hasExtensions()) {
          Extension currentCaName =
              certs[i].getExtensions().getExtension(Extension.certificateIssuer);

          if (currentCaName != null) {
            caName =
                X500Name.getInstance(
                    GeneralNames.getInstance(currentCaName.getParsedValue())
                        .getNames()[0]
                        .getName());
          }
        }

        if (certs[i].getUserCertificate().getValue().equals(serial)) {
          X500Name issuer;

          try {
            issuer =
                org.bouncycastle.asn1.x509.Certificate.getInstance(cert.getEncoded()).getIssuer();
          } catch (CertificateEncodingException e) {
            throw new RuntimeException("Cannot process certificate");
          }

          if (!caName.equals(issuer)) {
            return false;
          }

          return true;
        }
      }
    }

    return false;
  }
  /** @deprecated use X500Name method. */
  public CertificationRequestInfo(
      X509Name subject, SubjectPublicKeyInfo pkInfo, ASN1Set attributes) {
    this.subject = X500Name.getInstance(subject.toASN1Primitive());
    this.subjectPKInfo = pkInfo;
    this.attributes = attributes;

    if ((subject == null) || (version == null) || (subjectPKInfo == null)) {
      throw new IllegalArgumentException(
          "Not all mandatory fields set in CertificationRequestInfo generator.");
    }
  }
  /**
   * Returns the (first) value of the (first) RDN of type rdnOid
   *
   * @param dn The X500Name
   * @param rdnOid OID of wanted RDN
   * @return Value of requested RDN
   */
  public static String getRdn(X500Name dn, ASN1ObjectIdentifier rdnOid) {

    if (dn == null || rdnOid == null) {
      return "";
    }

    RDN[] rdns = dn.getRDNs(rdnOid);
    String value = "";

    if (rdns.length > 0) {
      RDN rdn = rdns[0];
      value = rdn.getFirst().getValue().toString();
    }

    return value;
  }
  /** @deprecated use getInstance(). */
  public CertificationRequestInfo(ASN1Sequence seq) {
    version = (ASN1Integer) seq.getObjectAt(0);

    subject = X500Name.getInstance(seq.getObjectAt(1));
    subjectPKInfo = SubjectPublicKeyInfo.getInstance(seq.getObjectAt(2));

    //
    // some CertificationRequestInfo objects seem to treat this field
    // as optional.
    //
    if (seq.size() > 3) {
      DERTaggedObject tagobj = (DERTaggedObject) seq.getObjectAt(3);
      attributes = ASN1Set.getInstance(tagobj, false);
    }

    if ((subject == null) || (version == null) || (subjectPKInfo == null)) {
      throw new IllegalArgumentException(
          "Not all mandatory fields set in CertificationRequestInfo generator.");
    }
  }
예제 #8
0
  private Set loadCRLEntries() {
    Set entrySet = new HashSet();
    Enumeration certs = c.getRevokedCertificateEnumeration();

    X500Name previousCertificateIssuer = c.getIssuer();
    while (certs.hasMoreElements()) {
      TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry) certs.nextElement();
      X509CRLEntryObject crlEntry =
          new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer);
      entrySet.add(crlEntry);
      if (isIndirect && entry.hasExtensions()) {
        Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer);

        if (currentCaName != null) {
          previousCertificateIssuer =
              X500Name.getInstance(
                  GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName());
        }
      }
    }

    return entrySet;
  }
예제 #9
0
  public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) {
    Enumeration certs = c.getRevokedCertificateEnumeration();

    X500Name previousCertificateIssuer = c.getIssuer();
    while (certs.hasMoreElements()) {
      TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry) certs.nextElement();

      if (serialNumber.equals(entry.getUserCertificate().getValue())) {
        return new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer);
      }

      if (isIndirect && entry.hasExtensions()) {
        Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer);

        if (currentCaName != null) {
          previousCertificateIssuer =
              X500Name.getInstance(
                  GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName());
        }
      }
    }

    return null;
  }
예제 #10
0
 public Principal getIssuerDN() {
   return new X509Principal(X500Name.getInstance(c.getIssuer().toASN1Primitive()));
 }
예제 #11
0
 private IssuerAndSubject(final ASN1Sequence seq) {
   this.issuer = X500Name.getInstance(seq.getObjectAt(0));
   this.subject = X500Name.getInstance(seq.getObjectAt(1));
 }
 /**
  * Convert an X.500 Name to an X.500 Principal.
  *
  * @param name X.500 Name
  * @return X.500 Principal
  * @throws IOException if an encoding error occurs (incorrect form for DN)
  */
 public static X500Principal x500NameToX500Principal(X500Name name) throws IOException {
   return new X500Principal(name.getEncoded());
 }
 /**
  * Convert an X.500 Principal to an X.500 Name.
  *
  * @param principal X.500 Principal
  * @return X.500 Name
  */
 public static X500Name x500PrincipalToX500Name(X500Principal principal) {
   return X500Name.getInstance(KseX500NameStyle.INSTANCE, principal.getEncoded());
 }
예제 #14
0
  private void processHandshakeMessage(short type, byte[] buf) throws IOException {
    ByteArrayInputStream is = new ByteArrayInputStream(buf);

    switch (type) {
      case HandshakeType.certificate:
        {
          switch (connection_state) {
            case CS_SERVER_HELLO_RECEIVED:
              {
                // Parse the Certificate message and send to cipher suite

                Certificate serverCertificate = Certificate.parse(is);

                assertEmpty(is);

                this.keyExchange.processServerCertificate(serverCertificate);

                this.authentication = tlsClient.getAuthentication();
                this.authentication.notifyServerCertificate(serverCertificate);

                break;
              }
            default:
              this.failWithError(AlertLevel.fatal, AlertDescription.unexpected_message);
          }

          connection_state = CS_SERVER_CERTIFICATE_RECEIVED;
          break;
        }
      case HandshakeType.finished:
        switch (connection_state) {
          case CS_SERVER_CHANGE_CIPHER_SPEC_RECEIVED:
            /*
             * Read the checksum from the finished message, it has always 12
             * bytes for TLS 1.0 and 36 for SSLv3.
             */
            boolean isTls =
                tlsClientContext.getServerVersion().getFullVersion()
                    >= ProtocolVersion.TLSv10.getFullVersion();

            int checksumLength = isTls ? 12 : 36;
            byte[] serverVerifyData = new byte[checksumLength];
            TlsUtils.readFully(serverVerifyData, is);

            assertEmpty(is);

            /*
             * Calculate our own checksum.
             */
            byte[] expectedServerVerifyData =
                TlsUtils.calculateVerifyData(
                    tlsClientContext, "server finished", rs.getCurrentHash(TlsUtils.SSL_SERVER));

            /*
             * Compare both checksums.
             */
            if (!Arrays.constantTimeAreEqual(expectedServerVerifyData, serverVerifyData)) {
              /*
               * Wrong checksum in the finished message.
               */
              this.failWithError(AlertLevel.fatal, AlertDescription.handshake_failure);
            }

            connection_state = CS_DONE;

            /*
             * We are now ready to receive application data.
             */
            this.appDataReady = true;
            break;
          default:
            this.failWithError(AlertLevel.fatal, AlertDescription.unexpected_message);
        }
        break;
      case HandshakeType.server_hello:
        switch (connection_state) {
          case CS_CLIENT_HELLO_SEND:
            /*
             * Read the server hello message
             */
            ProtocolVersion server_version = TlsUtils.readVersion(is);
            ProtocolVersion client_version = this.tlsClientContext.getClientVersion();
            if (server_version.getFullVersion() > client_version.getFullVersion()) {
              this.failWithError(AlertLevel.fatal, AlertDescription.illegal_parameter);
            }

            this.tlsClientContext.setServerVersion(server_version);
            this.tlsClient.notifyServerVersion(server_version);

            /*
             * Read the server random
             */
            securityParameters.serverRandom = new byte[32];
            TlsUtils.readFully(securityParameters.serverRandom, is);

            byte[] sessionID = TlsUtils.readOpaque8(is);
            if (sessionID.length > 32) {
              this.failWithError(AlertLevel.fatal, AlertDescription.illegal_parameter);
            }

            this.tlsClient.notifySessionID(sessionID);

            /*
             * Find out which CipherSuite the server has chosen and check that
             * it was one of the offered ones.
             */
            int selectedCipherSuite = TlsUtils.readUint16(is);
            if (!arrayContains(offeredCipherSuites, selectedCipherSuite)
                || selectedCipherSuite == CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV) {
              this.failWithError(AlertLevel.fatal, AlertDescription.illegal_parameter);
            }

            this.tlsClient.notifySelectedCipherSuite(selectedCipherSuite);

            /*
             * Find out which CompressionMethod the server has chosen and check that
             * it was one of the offered ones.
             */
            short selectedCompressionMethod = TlsUtils.readUint8(is);
            if (!arrayContains(offeredCompressionMethods, selectedCompressionMethod)) {
              this.failWithError(AlertLevel.fatal, AlertDescription.illegal_parameter);
            }

            this.tlsClient.notifySelectedCompressionMethod(selectedCompressionMethod);

            /*
             * RFC3546 2.2 The extended server hello message format MAY be
             * sent in place of the server hello message when the client has
             * requested extended functionality via the extended client hello
             * message specified in Section 2.1. ... Note that the extended
             * server hello message is only sent in response to an extended
             * client hello message. This prevents the possibility that the
             * extended server hello message could "break" existing TLS 1.0
             * clients.
             */

            /*
             * TODO RFC 3546 2.3 If [...] the older session is resumed, then
             * the server MUST ignore extensions appearing in the client
             * hello, and send a server hello containing no extensions.
             */

            // Integer -> byte[]
            Hashtable serverExtensions = new Hashtable();

            if (is.available() > 0) {
              // Process extensions from extended server hello
              byte[] extBytes = TlsUtils.readOpaque16(is);

              ByteArrayInputStream ext = new ByteArrayInputStream(extBytes);
              while (ext.available() > 0) {
                Integer extType = Integers.valueOf(TlsUtils.readUint16(ext));
                byte[] extValue = TlsUtils.readOpaque16(ext);

                /*
                 * RFC 5746 Note that sending a "renegotiation_info"
                 * extension in response to a ClientHello containing only
                 * the SCSV is an explicit exception to the prohibition in
                 * RFC 5246, Section 7.4.1.4, on the server sending
                 * unsolicited extensions and is only allowed because the
                 * client is signaling its willingness to receive the
                 * extension via the TLS_EMPTY_RENEGOTIATION_INFO_SCSV
                 * SCSV. TLS implementations MUST continue to comply with
                 * Section 7.4.1.4 for all other extensions.
                 */

                if (!extType.equals(EXT_RenegotiationInfo)
                    && clientExtensions.get(extType) == null) {
                  /*
                   * RFC 3546 2.3 Note that for all extension types
                   * (including those defined in future), the extension
                   * type MUST NOT appear in the extended server hello
                   * unless the same extension type appeared in the
                   * corresponding client hello. Thus clients MUST abort
                   * the handshake if they receive an extension type in
                   * the extended server hello that they did not request
                   * in the associated (extended) client hello.
                   */
                  this.failWithError(AlertLevel.fatal, AlertDescription.unsupported_extension);
                }

                if (serverExtensions.containsKey(extType)) {
                  /*
                   * RFC 3546 2.3 Also note that when multiple
                   * extensions of different types are present in the
                   * extended client hello or the extended server hello,
                   * the extensions may appear in any order. There MUST
                   * NOT be more than one extension of the same type.
                   */
                  this.failWithError(AlertLevel.fatal, AlertDescription.illegal_parameter);
                }

                serverExtensions.put(extType, extValue);
              }
            }

            assertEmpty(is);

            /*
             * RFC 5746 3.4. When a ServerHello is received, the client MUST
             * check if it includes the "renegotiation_info" extension:
             */
            {
              boolean secure_negotiation = serverExtensions.containsKey(EXT_RenegotiationInfo);

              /*
               * If the extension is present, set the secure_renegotiation
               * flag to TRUE. The client MUST then verify that the length
               * of the "renegotiated_connection" field is zero, and if it
               * is not, MUST abort the handshake (by sending a fatal
               * handshake_failure alert).
               */
              if (secure_negotiation) {
                byte[] renegExtValue = (byte[]) serverExtensions.get(EXT_RenegotiationInfo);

                if (!Arrays.constantTimeAreEqual(
                    renegExtValue, createRenegotiationInfo(emptybuf))) {
                  this.failWithError(AlertLevel.fatal, AlertDescription.handshake_failure);
                }
              }

              tlsClient.notifySecureRenegotiation(secure_negotiation);
            }

            if (clientExtensions != null) {
              tlsClient.processServerExtensions(serverExtensions);
            }

            this.keyExchange = tlsClient.getKeyExchange();

            connection_state = CS_SERVER_HELLO_RECEIVED;
            break;
          default:
            this.failWithError(AlertLevel.fatal, AlertDescription.unexpected_message);
        }
        break;
      case HandshakeType.server_hello_done:
        switch (connection_state) {
          case CS_SERVER_HELLO_RECEIVED:

            // There was no server certificate message; check it's OK
            this.keyExchange.skipServerCertificate();
            this.authentication = null;

            // NB: Fall through to next case label

          case CS_SERVER_CERTIFICATE_RECEIVED:

            // There was no server key exchange message; check it's OK
            this.keyExchange.skipServerKeyExchange();

            // NB: Fall through to next case label

          case CS_SERVER_KEY_EXCHANGE_RECEIVED:
          case CS_CERTIFICATE_REQUEST_RECEIVED:
            assertEmpty(is);

            connection_state = CS_SERVER_HELLO_DONE_RECEIVED;

            TlsCredentials clientCreds = null;
            if (certificateRequest == null) {
              this.keyExchange.skipClientCredentials();
            } else {
              clientCreds = this.authentication.getClientCredentials(certificateRequest);

              if (clientCreds == null) {
                this.keyExchange.skipClientCredentials();

                boolean isTls =
                    tlsClientContext.getServerVersion().getFullVersion()
                        >= ProtocolVersion.TLSv10.getFullVersion();

                if (isTls) {
                  sendClientCertificate(Certificate.EMPTY_CHAIN);
                } else {
                  sendAlert(AlertLevel.warning, AlertDescription.no_certificate);
                }
              } else {
                this.keyExchange.processClientCredentials(clientCreds);

                sendClientCertificate(clientCreds.getCertificate());
              }
            }

            /*
             * Send the client key exchange message, depending on the key
             * exchange we are using in our CipherSuite.
             */
            sendClientKeyExchange();

            connection_state = CS_CLIENT_KEY_EXCHANGE_SEND;

            /*
             * Calculate the master_secret
             */
            byte[] pms = this.keyExchange.generatePremasterSecret();

            securityParameters.masterSecret =
                TlsUtils.calculateMasterSecret(this.tlsClientContext, pms);

            // TODO Is there a way to ensure the data is really overwritten?
            /*
             * RFC 2246 8.1. The pre_master_secret should be deleted from
             * memory once the master_secret has been computed.
             */
            Arrays.fill(pms, (byte) 0);

            if (clientCreds != null && clientCreds instanceof TlsSignerCredentials) {
              TlsSignerCredentials signerCreds = (TlsSignerCredentials) clientCreds;
              byte[] md5andsha1 = rs.getCurrentHash(null);
              byte[] clientCertificateSignature =
                  signerCreds.generateCertificateSignature(md5andsha1);
              sendCertificateVerify(clientCertificateSignature);

              connection_state = CS_CERTIFICATE_VERIFY_SEND;
            }

            /*
             * Now, we send change cipher state
             */
            byte[] cmessage = new byte[1];
            cmessage[0] = 1;
            rs.writeMessage(ContentType.change_cipher_spec, cmessage, 0, cmessage.length);

            connection_state = CS_CLIENT_CHANGE_CIPHER_SPEC_SEND;

            /*
             * Initialize our cipher suite
             */
            rs.clientCipherSpecDecided(tlsClient.getCompression(), tlsClient.getCipher());

            /*
             * Send our finished message.
             */
            byte[] clientVerifyData =
                TlsUtils.calculateVerifyData(
                    tlsClientContext, "client finished", rs.getCurrentHash(TlsUtils.SSL_CLIENT));

            ByteArrayOutputStream bos = new ByteArrayOutputStream();
            TlsUtils.writeUint8(HandshakeType.finished, bos);
            TlsUtils.writeOpaque24(clientVerifyData, bos);
            byte[] message = bos.toByteArray();

            rs.writeMessage(ContentType.handshake, message, 0, message.length);

            this.connection_state = CS_CLIENT_FINISHED_SEND;
            break;
          default:
            this.failWithError(AlertLevel.fatal, AlertDescription.handshake_failure);
        }
        break;
      case HandshakeType.server_key_exchange:
        {
          switch (connection_state) {
            case CS_SERVER_HELLO_RECEIVED:

              // There was no server certificate message; check it's OK
              this.keyExchange.skipServerCertificate();
              this.authentication = null;

              // NB: Fall through to next case label

            case CS_SERVER_CERTIFICATE_RECEIVED:
              this.keyExchange.processServerKeyExchange(is);

              assertEmpty(is);
              break;

            default:
              this.failWithError(AlertLevel.fatal, AlertDescription.unexpected_message);
          }

          this.connection_state = CS_SERVER_KEY_EXCHANGE_RECEIVED;
          break;
        }
      case HandshakeType.certificate_request:
        {
          switch (connection_state) {
            case CS_SERVER_CERTIFICATE_RECEIVED:

              // There was no server key exchange message; check it's OK
              this.keyExchange.skipServerKeyExchange();

              // NB: Fall through to next case label

            case CS_SERVER_KEY_EXCHANGE_RECEIVED:
              {
                if (this.authentication == null) {
                  /*
                   * RFC 2246 7.4.4. It is a fatal handshake_failure alert
                   * for an anonymous server to request client identification.
                   */
                  this.failWithError(AlertLevel.fatal, AlertDescription.handshake_failure);
                }

                int numTypes = TlsUtils.readUint8(is);
                short[] certificateTypes = new short[numTypes];
                for (int i = 0; i < numTypes; ++i) {
                  certificateTypes[i] = TlsUtils.readUint8(is);
                }

                byte[] authorities = TlsUtils.readOpaque16(is);

                assertEmpty(is);

                Vector authorityDNs = new Vector();

                ByteArrayInputStream bis = new ByteArrayInputStream(authorities);
                while (bis.available() > 0) {
                  byte[] dnBytes = TlsUtils.readOpaque16(bis);
                  authorityDNs.addElement(
                      X500Name.getInstance(ASN1Primitive.fromByteArray(dnBytes)));
                }

                this.certificateRequest = new CertificateRequest(certificateTypes, authorityDNs);
                this.keyExchange.validateCertificateRequest(this.certificateRequest);

                break;
              }
            default:
              this.failWithError(AlertLevel.fatal, AlertDescription.unexpected_message);
          }

          this.connection_state = CS_CERTIFICATE_REQUEST_RECEIVED;
          break;
        }
      case HandshakeType.hello_request:
        /*
         * RFC 2246 7.4.1.1 Hello request This message will be ignored by the
         * client if the client is currently negotiating a session. This message
         * may be ignored by the client if it does not wish to renegotiate a
         * session, or the client may, if it wishes, respond with a
         * no_renegotiation alert.
         */
        if (connection_state == CS_DONE) {
          // Renegotiation not supported yet
          sendAlert(AlertLevel.warning, AlertDescription.no_renegotiation);
        }
        break;
      case HandshakeType.client_key_exchange:
      case HandshakeType.certificate_verify:
      case HandshakeType.client_hello:
      default:
        // We do not support this!
        this.failWithError(AlertLevel.fatal, AlertDescription.unexpected_message);
        break;
    }
  }