I have A3 certificate in a smart card from icpbr when I try sign PDF with iText
I get this error:
c.i.t.p.s.OcspClientBouncyCastle INFO Getting OCSP from http://io-ocsp-icpbr.imprensaoficial.com.br
com.itextpdf.text.pdf.security.OcspClientBouncyCastle ERROR io-ocsp-icpbr.imprensaoficial.com.br
I use the code of this link:
Digital signatures - chapter 4
File: C4_01_SignWithPKCS11HSM.java
I checked that http://io-ocsp-icpbr.imprensaoficial.com.br don't have OCSP active.
how to skip OCSP request?
Thanks a lot!
If you don't want iText to make OCSP requests, don't give it an OCSP client to make them with, i.e. use null instead of an OcspClientBouncyCastle instance as OCSP client in the OcspClient ocspClient parameter.
Related
I'm parsing TLS records, taken from a PCAP file.
I have the bytes of a TLS certificate in ASN.1 format (in a []byte).
I want to unmarshall this byte slice into a useful structure (avoiding having to manually parse ASN.1).
I can't seem to find an interface for a TLS certificate that follows the RFC in either encoding/asn1 nor crypto/tls.
Has this been created somewhere I can't find or do I need to write my own?
The struct is in the x509 package
I am signing a PDF with Bouncy Castle and embedding an OCSP response in the PKCS7. I assemble the signed PDF with PDFBox, but I can't for the life of me get the resulting file to validate properly in Adobe Reader (the OCSP is not recognized). Since the OCSP responder requires signed requests, I have to embed the response in the file.
If someone would have any pointers at all, it would be much appreciated.
I presume it's easier to look at the actual signature/certs/OCSP than my code. The signed PDF is available here:
https://drive.google.com/open?id=0B_TaSaQW0YXteUgtbUlEa0NhcGc
And the Base64-encoded signature is here:
https://drive.google.com/open?id=0B_TaSaQW0YXtaEtPczRROTg4UDA
Edit:
When I look at the certificate in Adobe Reader, and check Revocation > Problems encountered, it says:
Certificate is not valid for the usage. Must sign the request.
The Revocation-section also says:
An attempt was made to determine whether the certificate is valid by doing
a revocation check using the Online Certificate Status Protocol (OCSP).
So it seems that the embedded OCSP is skipped altogether.
Edit 2:
As per mkl's suggestion I updated the nonce-extension, by changing the following line:
DEROctetString extValue = new DEROctetString(nonce);
To this:
DEROctetString extValue = new DEROctetString(new DEROctetString(nonce)));
Resulting in the following DER-structure:
[1] (1 elem)
SEQUENCE (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1.2ocspNonce(OCSP)
OCTET STRING (1 elem)
OCTET STRING IKhVULz41m7JWTa4swZXJPBm6Zs=
But I still get the same error messages in Adobe Reader. I have attached the updated document and base64-encoded signature:
https://drive.google.com/open?id=0B_TaSaQW0YXtVjNqRWlxbXg4T0U
https://drive.google.com/open?id=0B_TaSaQW0YXtNC1CblZlUHV4dGs
Edit 3:
I compared the file to another version without the embedded OCSP response, and got this error in Prolems encountered in Adobe Reader:
Must sign the request.
Leading me to believe that the first part of the initial error was indeed from trying to validate the embedded OCSP-response:
Certificate is not valid for the usage.
I guess the certificate in question, would be the signing certificate of the OCSP-response. My own document is signed with the following certificate structure:
Root CA -> Bank (on EU Trust List) -> My Company
The OCSP is signed with the following structure:
Root CA -> External company (cert marked for OCSP signing)
Does the intermediary certificate in the document signing chain make the OCSP-signature invalid? Or can I somehow include missing pieces of the cert chain(s) to make it validate? Or is this perhaps not the problem?
OCSP Nonce encoding
The nonce extension in your OCSP response is encoded like this:
3405 45: [1] {
3407 43: SEQUENCE {
3409 41: SEQUENCE {
3411 9: OBJECT IDENTIFIER
: ocspNonce (1 3 6 1 5 5 7 48 1 2)
3422 28: OCTET STRING 'EZrf5DVM/y1QFGUfydwBSOsxZ6s='
: }
: }
: }
This most likely corresponds to the nonce extension as you sent it in your request.
Remember, though, that the value of an extension is wrapped in an OCTET STRING by definition. Thus, your actual nonce value is the sequence of bytes given by the ASCII values of the characters EZrf5DVM/y1QFGUfydwBSOsxZ6s=, i.e. something completely untyped as far as ASN.1 is concerned.
But RFC 6960 specifies, for the nonce extension, ASN.1 syntax that was missing in RFC 2560...
Nonce ::= OCTET STRING
(RFC 6960 sections 1 and 4.4.1)
So your nonce value has to be an OCTET STRING instead of untyped as far as ASN.1 is concerned.
Thus, please try and wrap the value you chose for your nonce in an OCTET STREAM (which then, according to the Extension definition, will be wrapped in yet another OCTET STREAM).
Revocation information for all certificates
To make verification succeed without additional revocation information requests, the signature must bring along revocation information for all certificates involved except the (trusted) root certificates and other certificates marked accordingly.
Thus, you do not only need revocation information for your signer certificate and the intermediary bank certificate but also for the OCSP certificates of your embedded OCSP responses (unless they have the id-pkix-ocsp-nocheck extension).
If I read the ASN.1 dumps correctly, the OCSP certificate in your case does not have that extension. Thus, Adobe Reader will try to receive revocation information for it online, and if that does not work, it won't use your embedded OCSP responses.
OCSP service TLS certificate
As your signature does not bring along all required revocation information. Adobe Reader tries to receive them online. While doing so, it runs into errors.
The detailed error information I get are
Certificate is not valid for the usage____________________________________________________________
Certificate is not valid for the usage____________________________________________________________
SSL certificate error.
And indeed, trying to access https://va1.bankid.no/ (the URL of the OCSP server) manually, I'm also been told about certificate issues.
You appear to get different errors. Did you install and trust some special certificates on your computer or in Adobe Reader?
How do I open a Pem file to check a) That the 'Not before' and 'Not after' dates are okay and b) That there is a chain of certs in the pem file to a route certificate authority?
I have tried:
:-use_module(library(http/http_client)).
url('http://fm4dd.com/openssl/source/PEM/certs/512b-rsa-example-cert.pem').
url_data(Url,D):-
http_get(Url,D,[to(string)]).
url_data1(Url,Certificate):-
http_get(Url,D,[to(stream(Stream))]),
load_certificate(Stream, Certificate),
close(Stream).
url_data/1 works in that it returns the pem file as a string. But url_data1/1 does not work. It is intended to return each certificate(s) as a list of terms.
* Update *
I have:
url_data1(Url,Certs):-
http_open(Url,Stream,[]),
all_certs(Stream,Certs),
forall(member(C,Certs),my_validate(C)),
close(Stream).
all_certs(Stream,[C1|Certs]):-
catch(load_certificate(Stream,C1),_,fail),
all_certs(Stream,Certs),!.
all_certs(_Stream,[]).
my_validate(C):-
memberchk(to_be_signed(Signed),C),
memberchk(key(Key),C),
memberchk(signature(Signature),C),
memberchk(signature_algorithm(A),C),
algo_code(A,Code),
rsa_verify(Key,Signed,Signature,[type(Code)]).
algo_code('RSA-SHA256',sha256).
algo_code('RSA-SHA1',sha1).
Which fails. What are the correct arguments?
You can use http_open/3 in combination with load_certificate/2:
?- url(Url),
http_open(Url, Stream, []),
load_certificate(Stream, Certificate),
maplist(portray_clause, Certificate).
Yielding:
version(0).
notbefore(1345613214).
notafter(1503293214).
serial('0DFA').
subject(['C'='JP', 'ST'='Tokyo', 'O'='Frank4DD', 'CN'='www.example.com']).
hash("071CB94F0CC8514D024124708EE8B2687BD7D9D5").
signature("14B64CBB817933E671A4DA516FCB081D8D60ECBC18C7734759B1F22048BB61FAFC4DAD898DD121EBD5D8E5BAD6A636FD745083B60FC71DDF7DE52E817F45E09FE23E79EED73031C72072D9582E2AFE125A3445A119087C89475F4A95BE23214A5372DA2A052F2EC970F65BFAFDDFB431B2C14A9C062543A1E6B41E7F869B1640").
signature_algorithm('RSA-SHA1').
etc.
Check the issuer_name/1 element to obtain the issuer. You can use load_certificate/2 again to read further certificates from the file.
Note that a much more typical way to validate the certificate chain is to establish a secure connection (via HTTPS), and then to use ssl_peer_certificate/2 or ssl_peer_certificate_chain/2 on the stream to obtain the peer certificate and certificate chain.
To validate the chain, you must verify the signature/1 fields, which contain the digital signatures of the to_be_signed/1 portions of the certificate, signed by the respective issuer.
You can use library(crypto) to verify the signatures.
I have a .pem file which will successfully connect to my website via the --cert parameter of curl. I then converted that to a der file:
openssl x509 -inform PEM -outform DER -in client.pem -out cert.der
Then I loaded that cert.der into my project and I'm now trying to use that with Alamofire, following the example on their homepage:
let serverTrustPolicy = ServerTrustPolicy.PinCertificates(
certificates: ServerTrustPolicy.certificatesInBundle(),
validateCertificateChain: true,
validateHost: true
)
let policyManager = ServerTrustPolicyManager(policies: ["my.domain.com" : serverTrustPolicy])
manager = Alamofire.Manager(configuration: configuration, serverTrustPolicyManager: policyManager)
manager.request(.GET, url, parameters: params, encoding: .URLEncodedInURL, headers: nil)
.authenticate(usingCredential: credential)
.validate()
.responseJSON {
When that runs though it just fails and I get a 'cancelled' as the error's localizedDescription, which is what Alamofire does when authentication fails.
What am I doing wrong?
The Alamofire cert pinning logic does not currently support this use case. It is only designed to handle cert and public key pinning, not client certificates used to authenticate with the server. This is something we could support in the future if this is a common use case.
With that said, I'm assuming in this case you are receiving a NSURLAuthenticationChallenge with a protection space that has an authentication method of type .NSURLAuthenticationMethodClientCertificate. In these cases, you need to evaluate the host of the challenge, then create an NSURLCredential using the credentialWithIdentity:certificates:persistence: API. By passing this credential off to the completion handler, the client certificate should be sent to the server to authenticate the connection. More info can be found here.
Client certificate authentication (NSURLAuthenticationMethodClientCertificate) requires the system identity and all certificates needed to authenticate with the server. Create an NSURLCredential object with credentialWithIdentity:certificates:persistence:.
I've never actually had a need to use this type of authentication before. You'll need to override the auth challenge SessionDelegate closure using the task override closure to get this working.
I am trying to setup the certificate verification in opensips along with the blink sip client. I followed the tutorial:
https://github.com/antonraharja/book-opensips-101/blob/master/content/3.2.%20SIP%20TLS%20Secure%20Calling.mediawiki
My config look like so:
[opensips.cfg]
disable_tls = no
listen = tls:my_ip:5061
tls_verify_server= 0
tls_verify_client = 1
tls_require_client_certificate = 1
#tls_method = TLSv1
tls_method = SSLv23
tls_certificate = "/usr/local/etc/opensips/tls/server/server-cert.pem"
tls_private_key = "/usr/local/etc/opensips/tls/server/server-privkey.pem"
tls_ca_list = "/usr/local/etc/opensips/tls/server/server-calist.pem"
So i generated the rootCA and the server certificate. Then i took the server-calist.pem added the server-privkey.pem in there (otherwise blink sip client won't load it) and set it in client. I also set the server-calist.pem as a certificate authority in the blink. But when i try to login to my server i get:
Feb 4 21:02:42 user /usr/local/sbin/opensips[28065]: DBG:core:tcp_read_req: Using the global ( per process ) buff
Feb 4 21:02:42 user /usr/local/sbin/opensips[28065]: DBG:core:tls_update_fd: New fd is 17
Feb 4 21:02:42 user /usr/local/sbin/opensips[28065]: ERROR:core:tls_accept: New TLS connection from 130.85.9.114:48253 failed to accept: rejected by client
So i assume that the client doesn't accept the server certificate for some reason, although i have the "Verify server" checkbox turned off in my blink sip client! I think i have the wrong certificate authority file.
./user/user-cert.pem
./user/user-cert_req.pem
./user/user-privkey.pem
./user/user-calist.pem <- this 4 are for using opensips as a client i think
./rootCA/certs/01.pem
./rootCA/private/cakey.pem
./rootCA/cacert.pem
./server/server-privkey.pem
./server/server-calist.pem
./server/server-cert.pem
./server/server-cert_req.pem
./calist.pem
Can anybody help, did i do something wrong i the config or did i use the wrong certificate chain? What certificate exactly should be used by the client as a client cert, and ca authority cert?
Allright, i'm still not sure if it is working or not, because the authorization behaviour became weird, but after it's hanging for 5-6 minutes i get the success authorization, so this is a solution:
Generate rootCA:
opensipsctl tls rootCA
then edit server.conf file in your tls opensips folder and set the commonName = xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is your server ip address. Other variables can be edited in any way. Generate the certificates signed by CA
opensipsctl tls userCERT server
This will produce 4 files. Download the server-calist.pem, server-cert.pem, server-privkey.pem. Open the server-privkey.pem, copy it's content and paste in the file server-cert.pem, before the actual certificate. If you are using blink, the produced server-cert.pem goes in the preferences->account->advanced. And server-calist.pem goes into the preferences->advanced. After that restart blink and after 5-6 minutes your account is gonna be logged in. But i'v observed a weird behaviour, if you run another copy of blink and try to log into the other existing account after your logged from the first one with the certificates, you can log in from other account without providing the certificates. So i don't know, but i think it's working.
P.S. I asked about the certificates in the opensips mailing list, but i guess they found my question too lame, so i didn't get the response. If you have the same problem and got better results or an answer from opensips support let me know please.