Search in sources :

Example 71 with ASN1Encodable

use of com.android.org.bouncycastle.asn1.ASN1Encodable in project xipki by xipki.

the class XmlX509Certprofile method createRequestedSubjectAltNames.

private GeneralNames createRequestedSubjectAltNames(X500Name requestedSubject, X500Name grantedSubject, Extensions requestedExtensions) throws BadCertTemplateException {
    ASN1Encodable extValue = (requestedExtensions == null) ? null : requestedExtensions.getExtensionParsedValue(Extension.subjectAlternativeName);
    if (extValue == null && subjectToSubjectAltNameModes == null) {
        return null;
    }
    GeneralNames reqNames = (extValue == null) ? null : GeneralNames.getInstance(extValue);
    if (subjectAltNameModes == null && subjectToSubjectAltNameModes == null) {
        return reqNames;
    }
    List<GeneralName> grantedNames = new LinkedList<>();
    // copy the required attributes of Subject
    if (subjectToSubjectAltNameModes != null) {
        for (ASN1ObjectIdentifier attrType : subjectToSubjectAltNameModes.keySet()) {
            GeneralNameTag tag = subjectToSubjectAltNameModes.get(attrType);
            RDN[] rdns = grantedSubject.getRDNs(attrType);
            if (rdns == null) {
                rdns = requestedSubject.getRDNs(attrType);
            }
            if (rdns == null) {
                continue;
            }
            for (RDN rdn : rdns) {
                String rdnValue = X509Util.rdnValueToString(rdn.getFirst().getValue());
                switch(tag) {
                    case rfc822Name:
                    case dNSName:
                    case uniformResourceIdentifier:
                    case iPAddress:
                    case directoryName:
                    case registeredID:
                        grantedNames.add(new GeneralName(tag.getTag(), rdnValue));
                        break;
                    default:
                        throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
                }
            // end switch (tag)
            }
        }
    }
    // copy the requested SubjectAltName entries
    if (reqNames != null) {
        GeneralName[] reqL = reqNames.getNames();
        for (int i = 0; i < reqL.length; i++) {
            grantedNames.add(X509CertprofileUtil.createGeneralName(reqL[i], subjectAltNameModes));
        }
    }
    return grantedNames.isEmpty() ? null : new GeneralNames(grantedNames.toArray(new GeneralName[0]));
}
Also used : GeneralNameTag(org.xipki.ca.api.profile.GeneralNameTag) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) LinkedList(java.util.LinkedList) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) GeneralName(org.bouncycastle.asn1.x509.GeneralName) RDN(org.bouncycastle.asn1.x500.RDN) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 72 with ASN1Encodable

use of com.android.org.bouncycastle.asn1.ASN1Encodable in project xipki by xipki.

the class XmlX509Certprofile method initTlsFeature.

private void initTlsFeature(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
    ASN1ObjectIdentifier type = ObjectIdentifiers.id_pe_tlsfeature;
    if (!extensionControls.containsKey(type)) {
        return;
    }
    extnIds.remove(type);
    TlsFeature extConf = (TlsFeature) getExtensionValue(type, extensionsType, TlsFeature.class);
    if (extConf == null) {
        return;
    }
    List<Integer> features = new ArrayList<>(extConf.getFeature().size());
    for (IntWithDescType m : extConf.getFeature()) {
        int value = m.getValue();
        if (value < 0 || value > 65535) {
            throw new CertprofileException("invalid TLS feature (extensionType) " + value);
        }
        features.add(value);
    }
    Collections.sort(features);
    ASN1EncodableVector vec = new ASN1EncodableVector();
    for (Integer m : features) {
        vec.add(new ASN1Integer(m));
    }
    ASN1Encodable extValue = new DERSequence(vec);
    tlsFeature = new ExtensionValue(extensionControls.get(type).isCritical(), extValue);
}
Also used : TlsFeature(org.xipki.ca.certprofile.x509.jaxb.TlsFeature) ArrayList(java.util.ArrayList) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) BigInteger(java.math.BigInteger) DERSequence(org.bouncycastle.asn1.DERSequence) ExtensionValue(org.xipki.ca.api.profile.ExtensionValue) CertprofileException(org.xipki.ca.api.profile.CertprofileException) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) IntWithDescType(org.xipki.ca.certprofile.x509.jaxb.IntWithDescType) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 73 with ASN1Encodable

use of com.android.org.bouncycastle.asn1.ASN1Encodable in project xipki by xipki.

the class XmlX509Certprofile method initSmimeCapabilities.

private void initSmimeCapabilities(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
    ASN1ObjectIdentifier type = ObjectIdentifiers.id_smimeCapabilities;
    if (!extensionControls.containsKey(type)) {
        return;
    }
    extnIds.remove(type);
    SMIMECapabilities extConf = (SMIMECapabilities) getExtensionValue(type, extensionsType, SMIMECapabilities.class);
    if (extConf == null) {
        return;
    }
    List<SMIMECapability> list = extConf.getSMIMECapability();
    ASN1EncodableVector vec = new ASN1EncodableVector();
    for (SMIMECapability m : list) {
        ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(m.getCapabilityID().getValue());
        ASN1Encodable params = null;
        org.xipki.ca.certprofile.x509.jaxb.SMIMECapability.Parameters capParams = m.getParameters();
        if (capParams != null) {
            if (capParams.getInteger() != null) {
                params = new ASN1Integer(capParams.getInteger());
            } else if (capParams.getBase64Binary() != null) {
                params = readAsn1Encodable(capParams.getBase64Binary().getValue());
            }
        }
        org.bouncycastle.asn1.smime.SMIMECapability cap = new org.bouncycastle.asn1.smime.SMIMECapability(oid, params);
        vec.add(cap);
    }
    ASN1Encodable extValue = new DERSequence(vec);
    smimeCapabilities = new ExtensionValue(extensionControls.get(type).isCritical(), extValue);
}
Also used : ASN1Integer(org.bouncycastle.asn1.ASN1Integer) DERSequence(org.bouncycastle.asn1.DERSequence) ExtensionValue(org.xipki.ca.api.profile.ExtensionValue) SMIMECapabilities(org.xipki.ca.certprofile.x509.jaxb.SMIMECapabilities) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) SMIMECapability(org.xipki.ca.certprofile.x509.jaxb.SMIMECapability) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 74 with ASN1Encodable

use of com.android.org.bouncycastle.asn1.ASN1Encodable in project xipki by xipki.

the class CmpRequestor method extractXipkiActionRepContent.

// method extractGeneralRepContent
protected ASN1Encodable extractXipkiActionRepContent(PkiResponse response, int action) throws CmpRequestorException, PkiErrorException {
    ParamUtil.requireNonNull("response", response);
    ASN1Encodable itvValue = extractGeneralRepContent(response, ObjectIdentifiers.id_xipki_cmp_cmpGenmsg.getId(), true);
    return extractXiActionContent(itvValue, action);
}
Also used : ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)

Example 75 with ASN1Encodable

use of com.android.org.bouncycastle.asn1.ASN1Encodable in project xipki by xipki.

the class X509CmpRequestor method retrieveCaInfo.

public CaInfo retrieveCaInfo(String caName, RequestResponseDebug debug) throws CmpRequestorException, PkiErrorException {
    ParamUtil.requireNonBlank("caName", caName);
    ASN1EncodableVector vec = new ASN1EncodableVector();
    vec.add(new ASN1Integer(2));
    ASN1Sequence acceptVersions = new DERSequence(vec);
    int action = XiSecurityConstants.CMP_ACTION_GET_CAINFO;
    PKIMessage request = buildMessageWithXipkAction(action, acceptVersions);
    PkiResponse response = signAndSend(request, debug);
    ASN1Encodable itvValue = extractXipkiActionRepContent(response, action);
    DERUTF8String utf8Str = DERUTF8String.getInstance(itvValue);
    String systemInfoStr = utf8Str.getString();
    LOG.debug("CAInfo for CA {}: {}", caName, systemInfoStr);
    Document doc;
    try {
        doc = xmlDocBuilder.parse(new ByteArrayInputStream(systemInfoStr.getBytes("UTF-8")));
    } catch (SAXException | IOException ex) {
        throw new CmpRequestorException("could not parse the returned systemInfo for CA " + caName + ": " + ex.getMessage(), ex);
    }
    final String namespace = null;
    Element root = doc.getDocumentElement();
    String str = root.getAttribute("version");
    if (StringUtil.isBlank(str)) {
        str = root.getAttributeNS(namespace, "version");
    }
    int version = StringUtil.isBlank(str) ? 1 : Integer.parseInt(str);
    if (version == 2) {
        // CACert
        X509Certificate caCert;
        String b64CaCert = XmlUtil.getValueOfFirstElementChild(root, namespace, "CACert");
        try {
            caCert = X509Util.parseBase64EncodedCert(b64CaCert);
        } catch (CertificateException ex) {
            throw new CmpRequestorException("could no parse the CA certificate", ex);
        }
        // CmpControl
        ClientCmpControl cmpControl = null;
        Element cmpCtrlElement = XmlUtil.getFirstElementChild(root, namespace, "cmpControl");
        if (cmpCtrlElement != null) {
            String tmpStr = XmlUtil.getValueOfFirstElementChild(cmpCtrlElement, namespace, "rrAkiRequired");
            boolean required = (tmpStr == null) ? false : Boolean.parseBoolean(tmpStr);
            cmpControl = new ClientCmpControl(required);
        }
        // certprofiles
        Set<String> profileNames = new HashSet<>();
        Element profilesElement = XmlUtil.getFirstElementChild(root, namespace, "certprofiles");
        Set<CertprofileInfo> profiles = new HashSet<>();
        if (profilesElement != null) {
            List<Element> profileElements = XmlUtil.getElementChilden(profilesElement, namespace, "certprofile");
            for (Element element : profileElements) {
                String name = XmlUtil.getValueOfFirstElementChild(element, namespace, "name");
                String type = XmlUtil.getValueOfFirstElementChild(element, namespace, "type");
                String conf = XmlUtil.getValueOfFirstElementChild(element, namespace, "conf");
                CertprofileInfo profile = new CertprofileInfo(name, type, conf);
                profiles.add(profile);
                profileNames.add(name);
                LOG.debug("configured for CA {} certprofile (name={}, type={}, conf={})", caName, name, type, conf);
            }
        }
        LOG.info("CA {} supports profiles {}", caName, profileNames);
        return new CaInfo(caCert, cmpControl, profiles);
    } else {
        throw new CmpRequestorException("unknown CAInfo version " + version);
    }
}
Also used : PkiResponse(org.xipki.cmp.PkiResponse) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) Element(org.w3c.dom.Element) CertificateException(java.security.cert.CertificateException) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DEROctetString(org.bouncycastle.asn1.DEROctetString) Document(org.w3c.dom.Document) SAXException(org.xml.sax.SAXException) DERSequence(org.bouncycastle.asn1.DERSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) HashSet(java.util.HashSet) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) CertprofileInfo(org.xipki.ca.client.api.CertprofileInfo) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ByteArrayInputStream(java.io.ByteArrayInputStream)

Aggregations

ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)139 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)73 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)59 IOException (java.io.IOException)37 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)34 DEROctetString (org.bouncycastle.asn1.DEROctetString)32 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)29 DERIA5String (org.bouncycastle.asn1.DERIA5String)28 DERSequence (org.bouncycastle.asn1.DERSequence)25 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)21 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)21 ArrayList (java.util.ArrayList)20 GeneralName (org.bouncycastle.asn1.x509.GeneralName)19 X509Certificate (java.security.cert.X509Certificate)17 HashSet (java.util.HashSet)17 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)17 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)17 BigInteger (java.math.BigInteger)16 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)16 DERBMPString (org.bouncycastle.asn1.DERBMPString)15