Example 11 with DERObjectIdentifier
use of org.bouncycastle.asn1.DERObjectIdentifier in project XobotOS by xamarin.
the class RFC3280CertPathUtilities method prepareNextCertA.
protected static void prepareNextCertA(CertPath certPath, int index) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
//
// (a) check the policy mappings
//
ASN1Sequence pm = null;
try {
pm = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_MAPPINGS));
} catch (AnnotatedException ex) {
throw new ExtCertPathValidatorException("Policy mappings extension could not be decoded.", ex, certPath, index);
}
if (pm != null) {
ASN1Sequence mappings = pm;
for (int j = 0; j < mappings.size(); j++) {
DERObjectIdentifier issuerDomainPolicy = null;
DERObjectIdentifier subjectDomainPolicy = null;
try {
ASN1Sequence mapping = DERSequence.getInstance(mappings.getObjectAt(j));
issuerDomainPolicy = DERObjectIdentifier.getInstance(mapping.getObjectAt(0));
subjectDomainPolicy = DERObjectIdentifier.getInstance(mapping.getObjectAt(1));
} catch (Exception e) {
throw new ExtCertPathValidatorException("Policy mappings extension contents could not be decoded.", e, certPath, index);
}
if (RFC3280CertPathUtilities.ANY_POLICY.equals(issuerDomainPolicy.getId())) {
throw new CertPathValidatorException("IssuerDomainPolicy is anyPolicy", null, certPath, index);
}
if (RFC3280CertPathUtilities.ANY_POLICY.equals(subjectDomainPolicy.getId())) {
throw new CertPathValidatorException("SubjectDomainPolicy is anyPolicy,", null, certPath, index);
}
}
}
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
List(java.util.List)
ArrayList(java.util.ArrayList)
DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)
X509Certificate(java.security.cert.X509Certificate)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
Example 12 with DERObjectIdentifier
use of org.bouncycastle.asn1.DERObjectIdentifier in project XobotOS by xamarin.
the class RFC3280CertPathUtilities method processCertD.
protected static PKIXPolicyNode processCertD(CertPath certPath, int index, Set acceptablePolicies, PKIXPolicyNode validPolicyTree, List[] policyNodes, int inhibitAnyPolicy) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
int n = certs.size();
// i as defined in the algorithm description
int i = n - index;
//
// (d) policy Information checking against initial policy and
// policy mapping
//
ASN1Sequence certPolicies = null;
try {
certPolicies = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.CERTIFICATE_POLICIES));
} catch (AnnotatedException e) {
throw new ExtCertPathValidatorException("Could not read certificate policies extension from certificate.", e, certPath, index);
}
if (certPolicies != null && validPolicyTree != null) {
//
// (d) (1)
//
Enumeration e = certPolicies.getObjects();
Set pols = new HashSet();
while (e.hasMoreElements()) {
PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement());
DERObjectIdentifier pOid = pInfo.getPolicyIdentifier();
pols.add(pOid.getId());
if (!RFC3280CertPathUtilities.ANY_POLICY.equals(pOid.getId())) {
Set pq = null;
try {
pq = CertPathValidatorUtilities.getQualifierSet(pInfo.getPolicyQualifiers());
} catch (CertPathValidatorException ex) {
throw new ExtCertPathValidatorException("Policy qualifier info set could not be build.", ex, certPath, index);
}
boolean match = CertPathValidatorUtilities.processCertD1i(i, policyNodes, pOid, pq);
if (!match) {
CertPathValidatorUtilities.processCertD1ii(i, policyNodes, pOid, pq);
}
}
}
if (acceptablePolicies.isEmpty() || acceptablePolicies.contains(RFC3280CertPathUtilities.ANY_POLICY)) {
acceptablePolicies.clear();
acceptablePolicies.addAll(pols);
} else {
Iterator it = acceptablePolicies.iterator();
Set t1 = new HashSet();
while (it.hasNext()) {
Object o = it.next();
if (pols.contains(o)) {
t1.add(o);
}
}
acceptablePolicies.clear();
acceptablePolicies.addAll(t1);
}
//
if ((inhibitAnyPolicy > 0) || ((i < n) && CertPathValidatorUtilities.isSelfIssued(cert))) {
e = certPolicies.getObjects();
while (e.hasMoreElements()) {
PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement());
if (RFC3280CertPathUtilities.ANY_POLICY.equals(pInfo.getPolicyIdentifier().getId())) {
Set _apq = CertPathValidatorUtilities.getQualifierSet(pInfo.getPolicyQualifiers());
List _nodes = policyNodes[i - 1];
for (int k = 0; k < _nodes.size(); k++) {
PKIXPolicyNode _node = (PKIXPolicyNode) _nodes.get(k);
Iterator _policySetIter = _node.getExpectedPolicies().iterator();
while (_policySetIter.hasNext()) {
Object _tmp = _policySetIter.next();
String _policy;
if (_tmp instanceof String) {
_policy = (String) _tmp;
} else if (_tmp instanceof DERObjectIdentifier) {
_policy = ((DERObjectIdentifier) _tmp).getId();
} else {
continue;
}
boolean _found = false;
Iterator _childrenIter = _node.getChildren();
while (_childrenIter.hasNext()) {
PKIXPolicyNode _child = (PKIXPolicyNode) _childrenIter.next();
if (_policy.equals(_child.getValidPolicy())) {
_found = true;
}
}
if (!_found) {
Set _newChildExpectedPolicies = new HashSet();
_newChildExpectedPolicies.add(_policy);
PKIXPolicyNode _newChild = new PKIXPolicyNode(new ArrayList(), i, _newChildExpectedPolicies, _node, _apq, _policy, false);
_node.addChild(_newChild);
policyNodes[i].add(_newChild);
}
}
}
break;
}
}
}
PKIXPolicyNode _validPolicyTree = validPolicyTree;
//
for (int j = (i - 1); j >= 0; j--) {
List nodes = policyNodes[j];
for (int k = 0; k < nodes.size(); k++) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(k);
if (!node.hasChildren()) {
_validPolicyTree = CertPathValidatorUtilities.removePolicyNode(_validPolicyTree, policyNodes, node);
if (_validPolicyTree == null) {
break;
}
}
}
}
//
// d (4)
//
Set criticalExtensionOids = cert.getCriticalExtensionOIDs();
if (criticalExtensionOids != null) {
boolean critical = criticalExtensionOids.contains(RFC3280CertPathUtilities.CERTIFICATE_POLICIES);
List nodes = policyNodes[i];
for (int j = 0; j < nodes.size(); j++) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(j);
node.setCritical(critical);
}
}
return _validPolicyTree;
}
return null;
}
Also used :
Enumeration(java.util.Enumeration)
Set(java.util.Set)
HashSet(java.util.HashSet)
PolicyInformation(org.bouncycastle.asn1.x509.PolicyInformation)
ArrayList(java.util.ArrayList)
DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)
X509Certificate(java.security.cert.X509Certificate)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
Iterator(java.util.Iterator)
List(java.util.List)
ArrayList(java.util.ArrayList)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
DERObject(org.bouncycastle.asn1.DERObject)
HashSet(java.util.HashSet)
Example 13 with DERObjectIdentifier
use of org.bouncycastle.asn1.DERObjectIdentifier in project XobotOS by xamarin.
the class X509CRLEntryObject method toString.
public String toString() {
StringBuffer buf = new StringBuffer();
String nl = System.getProperty("line.separator");
buf.append(" userCertificate: ").append(this.getSerialNumber()).append(nl);
buf.append(" revocationDate: ").append(this.getRevocationDate()).append(nl);
buf.append(" certificateIssuer: ").append(this.getCertificateIssuer()).append(nl);
X509Extensions extensions = c.getExtensions();
if (extensions != null) {
Enumeration e = extensions.oids();
if (e.hasMoreElements()) {
buf.append(" crlEntryExtensions:").append(nl);
while (e.hasMoreElements()) {
DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
X509Extension ext = extensions.getExtension(oid);
if (ext.getValue() != null) {
byte[] octs = ext.getValue().getOctets();
ASN1InputStream dIn = new ASN1InputStream(octs);
buf.append(" critical(").append(ext.isCritical()).append(") ");
try {
if (oid.equals(X509Extensions.ReasonCode)) {
buf.append(new CRLReason(DEREnumerated.getInstance(dIn.readObject()))).append(nl);
} else if (oid.equals(X509Extensions.CertificateIssuer)) {
buf.append("Certificate issuer: ").append(new GeneralNames((ASN1Sequence) dIn.readObject())).append(nl);
} else {
buf.append(oid.getId());
buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
}
} catch (Exception ex) {
buf.append(oid.getId());
buf.append(" value = ").append("*****").append(nl);
}
} else {
buf.append(nl);
}
}
}
}
return buf.toString();
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
Enumeration(java.util.Enumeration)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
X509Extension(org.bouncycastle.asn1.x509.X509Extension)
X509Extensions(org.bouncycastle.asn1.x509.X509Extensions)
CRLReason(org.bouncycastle.asn1.x509.CRLReason)
DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)
IOException(java.io.IOException)
CRLException(java.security.cert.CRLException)
Example 14 with DERObjectIdentifier
use of org.bouncycastle.asn1.DERObjectIdentifier in project XobotOS by xamarin.
the class X509CRLObject method getExtensionOIDs.
private Set getExtensionOIDs(boolean critical) {
if (this.getVersion() == 2) {
X509Extensions extensions = c.getTBSCertList().getExtensions();
if (extensions != null) {
Set set = new HashSet();
Enumeration e = extensions.oids();
while (e.hasMoreElements()) {
DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
X509Extension ext = extensions.getExtension(oid);
if (critical == ext.isCritical()) {
set.add(oid.getId());
}
}
return set;
}
}
return null;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
Enumeration(java.util.Enumeration)
X509Extension(org.bouncycastle.asn1.x509.X509Extension)
X509Extensions(org.bouncycastle.asn1.x509.X509Extensions)
DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)
HashSet(java.util.HashSet)
Example 15 with DERObjectIdentifier
use of org.bouncycastle.asn1.DERObjectIdentifier in project XobotOS by xamarin.
the class X509CertificateObject method hasUnsupportedCriticalExtension.
public boolean hasUnsupportedCriticalExtension() {
if (this.getVersion() == 3) {
X509Extensions extensions = c.getTBSCertificate().getExtensions();
if (extensions != null) {
Enumeration e = extensions.oids();
while (e.hasMoreElements()) {
DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
String oidId = oid.getId();
if (oidId.equals(RFC3280CertPathUtilities.KEY_USAGE) || oidId.equals(RFC3280CertPathUtilities.CERTIFICATE_POLICIES) || oidId.equals(RFC3280CertPathUtilities.POLICY_MAPPINGS) || oidId.equals(RFC3280CertPathUtilities.INHIBIT_ANY_POLICY) || oidId.equals(RFC3280CertPathUtilities.CRL_DISTRIBUTION_POINTS) || oidId.equals(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT) || oidId.equals(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR) || oidId.equals(RFC3280CertPathUtilities.POLICY_CONSTRAINTS) || oidId.equals(RFC3280CertPathUtilities.BASIC_CONSTRAINTS) || oidId.equals(RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME) || oidId.equals(RFC3280CertPathUtilities.NAME_CONSTRAINTS)) {
continue;
}
X509Extension ext = extensions.getExtension(oid);
if (ext.isCritical()) {
return true;
}
}
}
}
return false;
}
Also used :
Enumeration(java.util.Enumeration)
X509Extension(org.bouncycastle.asn1.x509.X509Extension)
X509Extensions(org.bouncycastle.asn1.x509.X509Extensions)
DERBitString(org.bouncycastle.asn1.DERBitString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)
Aggregations
DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)43
IOException (java.io.IOException)22
ArrayList (java.util.ArrayList)22
HashSet (java.util.HashSet)21
List (java.util.List)21
Set (java.util.Set)21
Enumeration (java.util.Enumeration)18
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)16
X509Certificate (java.security.cert.X509Certificate)13
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)11
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)11
DEREncodable (org.bouncycastle.asn1.DEREncodable)10
DERObject (org.bouncycastle.asn1.DERObject)10
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)9
Iterator (java.util.Iterator)8
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)8
X962Parameters (org.bouncycastle.asn1.x9.X962Parameters)8
X9ECParameters (org.bouncycastle.asn1.x9.X9ECParameters)8
HashMap (java.util.HashMap)7
Map (java.util.Map)7
