Search in sources :

Example 51 with ASN1Sequence

use of com.android.org.bouncycastle.asn1.ASN1Sequence in project robovm by robovm.

the class X509CertificateObject method getExtendedKeyUsage.

public List getExtendedKeyUsage() throws CertificateParsingException {
    byte[] bytes = this.getExtensionBytes("2.5.29.37");
    if (bytes != null) {
        try {
            ASN1InputStream dIn = new ASN1InputStream(bytes);
            ASN1Sequence seq = (ASN1Sequence) dIn.readObject();
            List list = new ArrayList();
            for (int i = 0; i != seq.size(); i++) {
                list.add(((ASN1ObjectIdentifier) seq.getObjectAt(i)).getId());
            }
            return Collections.unmodifiableList(list);
        } catch (Exception e) {
            throw new CertificateParsingException("error processing extended key usage extension");
        }
    }
    return null;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) CertificateParsingException(java.security.cert.CertificateParsingException) ArrayList(java.util.ArrayList) List(java.util.List) ArrayList(java.util.ArrayList) CertificateExpiredException(java.security.cert.CertificateExpiredException) SignatureException(java.security.SignatureException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) CertificateEncodingException(java.security.cert.CertificateEncodingException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertificateParsingException(java.security.cert.CertificateParsingException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) UnknownHostException(java.net.UnknownHostException) NoSuchProviderException(java.security.NoSuchProviderException)

Example 52 with ASN1Sequence

use of com.android.org.bouncycastle.asn1.ASN1Sequence in project robovm by robovm.

the class PEMUtil method readPEMObject.

ASN1Sequence readPEMObject(InputStream in) throws IOException {
    String line;
    StringBuffer pemBuf = new StringBuffer();
    while ((line = readLine(in)) != null) {
        if (line.startsWith(_header1) || line.startsWith(_header2)) {
            break;
        }
    }
    while ((line = readLine(in)) != null) {
        if (line.startsWith(_footer1) || line.startsWith(_footer2)) {
            break;
        }
        pemBuf.append(line);
    }
    if (pemBuf.length() != 0) {
        ASN1Primitive o = new ASN1InputStream(Base64.decode(pemBuf.toString())).readObject();
        if (!(o instanceof ASN1Sequence)) {
            throw new IOException("malformed PEM data encountered");
        }
        return (ASN1Sequence) o;
    }
    return null;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) IOException(java.io.IOException) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)

Example 53 with ASN1Sequence

use of com.android.org.bouncycastle.asn1.ASN1Sequence in project robovm by robovm.

the class RFC3280CertPathUtilities method wrapupCertB.

protected static int wrapupCertB(CertPath certPath, int index, int explicitPolicy) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    //
    // (b)
    //
    int tmpInt;
    ASN1Sequence pc = null;
    try {
        pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_CONSTRAINTS));
    } catch (AnnotatedException e) {
        throw new ExtCertPathValidatorException("Policy constraints could not be decoded.", e, certPath, index);
    }
    if (pc != null) {
        Enumeration policyConstraints = pc.getObjects();
        while (policyConstraints.hasMoreElements()) {
            ASN1TaggedObject constraint = (ASN1TaggedObject) policyConstraints.nextElement();
            switch(constraint.getTagNo()) {
                case 0:
                    try {
                        tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
                    } catch (Exception e) {
                        throw new ExtCertPathValidatorException("Policy constraints requireExplicitPolicy field could not be decoded.", e, certPath, index);
                    }
                    if (tmpInt == 0) {
                        return 0;
                    }
                    break;
            }
        }
    }
    return explicitPolicy;
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) Enumeration(java.util.Enumeration) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) List(java.util.List) ArrayList(java.util.ArrayList) X509Certificate(java.security.cert.X509Certificate) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CertificateExpiredException(java.security.cert.CertificateExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException)

Example 54 with ASN1Sequence

use of com.android.org.bouncycastle.asn1.ASN1Sequence in project robovm by robovm.

the class RFC3280CertPathUtilities method processCertE.

protected static PKIXPolicyNode processCertE(CertPath certPath, int index, PKIXPolicyNode validPolicyTree) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    // 
    // (e)
    //
    ASN1Sequence certPolicies = null;
    try {
        certPolicies = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.CERTIFICATE_POLICIES));
    } catch (AnnotatedException e) {
        throw new ExtCertPathValidatorException("Could not read certificate policies extension from certificate.", e, certPath, index);
    }
    if (certPolicies == null) {
        validPolicyTree = null;
    }
    return validPolicyTree;
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) List(java.util.List) ArrayList(java.util.ArrayList) X509Certificate(java.security.cert.X509Certificate)

Example 55 with ASN1Sequence

use of com.android.org.bouncycastle.asn1.ASN1Sequence in project robovm by robovm.

the class RFC3280CertPathUtilities method prepareNextCertA.

protected static void prepareNextCertA(CertPath certPath, int index) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    //
    //
    // (a) check the policy mappings
    //
    ASN1Sequence pm = null;
    try {
        pm = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_MAPPINGS));
    } catch (AnnotatedException ex) {
        throw new ExtCertPathValidatorException("Policy mappings extension could not be decoded.", ex, certPath, index);
    }
    if (pm != null) {
        ASN1Sequence mappings = pm;
        for (int j = 0; j < mappings.size(); j++) {
            DERObjectIdentifier issuerDomainPolicy = null;
            DERObjectIdentifier subjectDomainPolicy = null;
            try {
                ASN1Sequence mapping = DERSequence.getInstance(mappings.getObjectAt(j));
                issuerDomainPolicy = DERObjectIdentifier.getInstance(mapping.getObjectAt(0));
                subjectDomainPolicy = DERObjectIdentifier.getInstance(mapping.getObjectAt(1));
            } catch (Exception e) {
                throw new ExtCertPathValidatorException("Policy mappings extension contents could not be decoded.", e, certPath, index);
            }
            if (RFC3280CertPathUtilities.ANY_POLICY.equals(issuerDomainPolicy.getId())) {
                throw new CertPathValidatorException("IssuerDomainPolicy is anyPolicy", null, certPath, index);
            }
            if (RFC3280CertPathUtilities.ANY_POLICY.equals(subjectDomainPolicy.getId())) {
                throw new CertPathValidatorException("SubjectDomainPolicy is anyPolicy,", null, certPath, index);
            }
        }
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) List(java.util.List) ArrayList(java.util.ArrayList) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) X509Certificate(java.security.cert.X509Certificate) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CertificateExpiredException(java.security.cert.CertificateExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException)

Aggregations

ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)57 IOException (java.io.IOException)31 ArrayList (java.util.ArrayList)29 List (java.util.List)26 Enumeration (java.util.Enumeration)23 X509Certificate (java.security.cert.X509Certificate)22 ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)20 CertPathValidatorException (java.security.cert.CertPathValidatorException)18 CertificateExpiredException (java.security.cert.CertificateExpiredException)17 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)17 GeneralSecurityException (java.security.GeneralSecurityException)16 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)16 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)16 IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)16 DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)15 CertPathBuilderException (java.security.cert.CertPathBuilderException)14 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)13 Iterator (java.util.Iterator)10 HashSet (java.util.HashSet)9 Set (java.util.Set)9