Example 56 with ASN1Encodable
use of com.android.org.bouncycastle.asn1.ASN1Encodable in project jruby-openssl by jruby.
the class X509Extension method newExtension.
static X509Extension[] newExtension(final ThreadContext context, final String oid, final byte[] extValue, final boolean critical) throws IOException {
final Ruby runtime = context.runtime;
final ASN1ObjectIdentifier objectId = ASN1.getObjectID(runtime, oid);
final ASN1Encodable value = ASN1.readObject(extValue);
return new X509Extension[] { newExtension(runtime, objectId, value, critical) };
}
Also used :
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Ruby(org.jruby.Ruby)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 57 with ASN1Encodable
use of com.android.org.bouncycastle.asn1.ASN1Encodable in project jruby-openssl by jruby.
the class X509Extension method formatGeneralName.
@SuppressWarnings("unchecked")
private static boolean formatGeneralName(final GeneralName name, final ByteList out, final boolean slashed) {
final ASN1Encodable obj = name.getName();
String val;
boolean tagged = false;
switch(name.getTagNo()) {
case GeneralName.rfc822Name:
if (!tagged)
out.append('e').append('m').append('a').append('i').append('l').append(':');
tagged = true;
case GeneralName.dNSName:
if (!tagged)
out.append('D').append('N').append('S').append(':');
tagged = true;
case GeneralName.uniformResourceIdentifier:
if (!tagged)
out.append('U').append('R').append('I').append(':');
val = DERIA5String.getInstance(obj).getString();
out.append(ByteList.plain(val));
break;
case GeneralName.directoryName:
out.append('D').append('i').append('r').append('N').append('a').append('m').append('e').append(':');
final X500Name dirName = X500Name.getInstance(obj);
if (slashed) {
final RDN[] rdns = dirName.getRDNs();
final Hashtable defaultSymbols = getDefaultSymbols();
for (int i = 0; i < rdns.length; i++) {
appendRDN(out.append('/'), rdns[i], defaultSymbols);
}
} else {
out.append(ByteList.plain(dirName.toString()));
}
break;
case GeneralName.iPAddress:
out.append('I').append('P').append(':');
final byte[] ip = ((ASN1OctetString) name.getName()).getOctets();
int len = ip.length;
boolean ip4 = len == 4;
if (ip4) {
for (int i = 0; i < ip.length; i++) {
out.append(ConvertBytes.intToCharBytes(((int) ip[i]) & 0xff));
if (i != len - 1)
out.append('.');
}
} else {
for (int i = 0; i < ip.length; i += 2) {
out.append(ConvertBytes.intToHexBytes(((ip[i] & 0xff) << 8 | (ip[i + 1] & 0xff))));
if (i != len - 2)
out.append(':');
}
}
break;
case GeneralName.otherName:
out.append('o').append('t').append('h').append('e').append('r').append('N').append('a').append('m').append('e').append(':');
out.append(ByteList.plain(obj.toString()));
return true;
// tagged = true;
case GeneralName.registeredID:
out.append('R').append('I').append('D').append(':');
// tagged = true;
default:
out.append(ByteList.plain(obj.toString()));
}
return false;
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
Hashtable(java.util.Hashtable)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
RubyString(org.jruby.RubyString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
ASN1String(org.bouncycastle.asn1.ASN1String)
DERUniversalString(org.bouncycastle.asn1.DERUniversalString)
X500Name(org.bouncycastle.asn1.x500.X500Name)
RDN(org.bouncycastle.asn1.x500.RDN)
Example 58 with ASN1Encodable
use of com.android.org.bouncycastle.asn1.ASN1Encodable in project jruby-openssl by jruby.
the class X509Name method fromRDNElement.
private void fromRDNElement(final RDN rdn) {
final Ruby runtime = getRuntime();
for (AttributeTypeAndValue tv : rdn.getTypesAndValues()) {
oids.add(tv.getType());
final ASN1Encodable val = tv.getValue();
addValue(val);
addType(runtime, val);
}
}
Also used :
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Ruby(org.jruby.Ruby)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
Example 59 with ASN1Encodable
use of com.android.org.bouncycastle.asn1.ASN1Encodable in project jruby-openssl by jruby.
the class X509Name method fromASN1Sequence.
private void fromASN1Sequence(final ASN1Encodable element) {
ASN1Sequence typeAndValue = ASN1Sequence.getInstance(element);
oids.add((ASN1ObjectIdentifier) typeAndValue.getObjectAt(0));
final ASN1Encodable val = typeAndValue.getObjectAt(1);
addValue(val);
addType(getRuntime(), val);
}
Also used :
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Example 60 with ASN1Encodable
use of com.android.org.bouncycastle.asn1.ASN1Encodable in project jruby-openssl by jruby.
the class OCSPRequest method verify.
@JRubyMethod(name = "verify", rest = true)
public IRubyObject verify(IRubyObject[] args) {
Ruby runtime = getRuntime();
ThreadContext context = runtime.getCurrentContext();
int flags = 0;
boolean ret = false;
if (Arity.checkArgumentCount(runtime, args, 2, 3) == 3) {
flags = RubyFixnum.fix2int((RubyFixnum) args[2]);
}
IRubyObject certificates = args[0];
IRubyObject store = args[1];
OCSPReq bcOCSPReq = getBCOCSPReq();
if (bcOCSPReq == null) {
throw newOCSPError(runtime, new NullPointerException("Missing BC asn1bcReq. Missing certIDs or signature?"));
}
if (!bcOCSPReq.isSigned()) {
return RubyBoolean.newBoolean(runtime, ret);
}
GeneralName genName = bcOCSPReq.getRequestorName();
if (genName.getTagNo() != 4) {
return RubyBoolean.newBoolean(runtime, ret);
}
X500Name genX500Name = X500Name.getInstance(genName.getName());
X509StoreContext storeContext = null;
JcaContentVerifierProviderBuilder jcacvpb = new JcaContentVerifierProviderBuilder();
jcacvpb.setProvider("BC");
try {
java.security.cert.Certificate signer = findCertByName(genX500Name, certificates, flags);
if (signer == null)
return RubyBoolean.newBoolean(runtime, ret);
if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOINTERN))) > 0 && ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_TRUSTOTHER))) > 0))
flags |= RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOVERIFY));
if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOSIGS))) == 0) {
PublicKey signerPubKey = signer.getPublicKey();
ContentVerifierProvider cvp = jcacvpb.build(signerPubKey);
ret = bcOCSPReq.isSignatureValid(cvp);
if (!ret) {
return RubyBoolean.newBoolean(runtime, ret);
}
}
if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOVERIFY))) == 0) {
if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOCHAIN))) > 0) {
storeContext = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), context.nil);
} else {
RubyArray certs = RubyArray.newEmptyArray(runtime);
ASN1Sequence bcCerts = asn1bcReq.getOptionalSignature().getCerts();
if (bcCerts != null) {
Iterator<ASN1Encodable> it = bcCerts.iterator();
while (it.hasNext()) {
Certificate cert = Certificate.getInstance(it.next());
certs.add(X509Cert.wrap(runtime, new X509AuxCertificate(cert)));
}
}
storeContext = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), certs);
}
storeContext.set_purpose(context, _X509(runtime).getConstant("PURPOSE_OCSP_HELPER"));
storeContext.set_trust(context, _X509(runtime).getConstant("TRUST_OCSP_REQUEST"));
ret = storeContext.verify(context).isTrue();
if (!ret)
return RubyBoolean.newBoolean(runtime, false);
}
} catch (Exception e) {
debugStackTrace(e);
throw newOCSPError(runtime, e);
}
return RubyBoolean.newBoolean(getRuntime(), ret);
}
Also used :
RubyArray(org.jruby.RubyArray)
X500Name(org.bouncycastle.asn1.x500.X500Name)
IRubyObject(org.jruby.runtime.builtin.IRubyObject)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Ruby(org.jruby.Ruby)
ContentVerifierProvider(org.bouncycastle.operator.ContentVerifierProvider)
PublicKey(java.security.PublicKey)
ThreadContext(org.jruby.runtime.ThreadContext)
RubyFixnum(org.jruby.RubyFixnum)
RaiseException(org.jruby.exceptions.RaiseException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
JcaContentVerifierProviderBuilder(org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
OCSPReq(org.bouncycastle.cert.ocsp.OCSPReq)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate)
JRubyMethod(org.jruby.anno.JRubyMethod)
Aggregations
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)139
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)73
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)59
IOException (java.io.IOException)37
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)34
DEROctetString (org.bouncycastle.asn1.DEROctetString)32
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)29
DERIA5String (org.bouncycastle.asn1.DERIA5String)28
DERSequence (org.bouncycastle.asn1.DERSequence)25
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)21
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)21
ArrayList (java.util.ArrayList)20
GeneralName (org.bouncycastle.asn1.x509.GeneralName)19
X509Certificate (java.security.cert.X509Certificate)17
HashSet (java.util.HashSet)17
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)17
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)17
BigInteger (java.math.BigInteger)16
ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)16
DERBMPString (org.bouncycastle.asn1.DERBMPString)15
