Search in sources :

Example 86 with Attribute

use of com.android.org.bouncycastle.asn1.x509.Attribute in project xipki by xipki.

the class CheckCertCmd method execute0.

@Override
protected Object execute0() throws Exception {
    Set<String> issuerNames = qaSystemManager.getIssuerNames();
    if (isEmpty(issuerNames)) {
        throw new IllegalCmdParamException("no issuer is configured");
    }
    if (issuerName == null) {
        if (issuerNames.size() != 1) {
            throw new IllegalCmdParamException("no issuer is specified");
        }
        issuerName = issuerNames.iterator().next();
    }
    if (!issuerNames.contains(issuerName)) {
        throw new IllegalCmdParamException("issuer " + issuerName + " is not within the configured issuers " + issuerNames);
    }
    X509IssuerInfo issuerInfo = qaSystemManager.getIssuer(issuerName);
    X509CertprofileQa qa = qaSystemManager.getCertprofile(profileName);
    if (qa == null) {
        throw new IllegalCmdParamException("found no certificate profile named '" + profileName + "'");
    }
    CertificationRequest csr = CertificationRequest.getInstance(IoUtil.read(csrFile));
    Extensions extensions = null;
    CertificationRequestInfo reqInfo = csr.getCertificationRequestInfo();
    ASN1Set attrs = reqInfo.getAttributes();
    for (int i = 0; i < attrs.size(); i++) {
        Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
        if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
            extensions = Extensions.getInstance(attr.getAttributeValues()[0]);
        }
    }
    byte[] certBytes = IoUtil.read(certFile);
    ValidationResult result = qa.checkCert(certBytes, issuerInfo, reqInfo.getSubject(), reqInfo.getSubjectPublicKeyInfo(), extensions);
    StringBuilder sb = new StringBuilder();
    sb.append(certFile).append(" (certprofile ").append(profileName).append(")\n");
    sb.append("\tcertificate is ");
    sb.append(result.isAllSuccessful() ? "valid" : "invalid");
    if (verbose.booleanValue()) {
        for (ValidationIssue issue : result.getValidationIssues()) {
            sb.append("\n");
            format(issue, "    ", sb);
        }
    }
    println(sb.toString());
    if (!result.isAllSuccessful()) {
        throw new CmdFailure("certificate is invalid");
    }
    return null;
}
Also used : X509CertprofileQa(org.xipki.ca.qa.X509CertprofileQa) CertificationRequestInfo(org.bouncycastle.asn1.pkcs.CertificationRequestInfo) Attribute(org.bouncycastle.asn1.pkcs.Attribute) X509IssuerInfo(org.xipki.ca.qa.X509IssuerInfo) Extensions(org.bouncycastle.asn1.x509.Extensions) ValidationResult(org.xipki.common.qa.ValidationResult) ValidationIssue(org.xipki.common.qa.ValidationIssue) ASN1Set(org.bouncycastle.asn1.ASN1Set) CmdFailure(org.xipki.console.karaf.CmdFailure) IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException) CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest)

Example 87 with Attribute

use of com.android.org.bouncycastle.asn1.x509.Attribute in project signer by demoiselle.

the class SigningCertificate method getValue.

@Override
public Attribute getValue() {
    try {
        X509Certificate cert = (X509Certificate) certificates[0];
        Digest digest = DigestFactory.getInstance().factoryDefault();
        digest.setAlgorithm(DigestAlgorithmEnum.SHA_1);
        byte[] hash = digest.digest(cert.getEncoded());
        X500Name dirName = new X500Name(cert.getSubjectDN().getName());
        GeneralName name = new GeneralName(dirName);
        GeneralNames issuer = new GeneralNames(name);
        ASN1Integer serial = new ASN1Integer(cert.getSerialNumber());
        IssuerSerial issuerSerial = new IssuerSerial(issuer, serial);
        ESSCertID essCertId = new ESSCertID(hash, issuerSerial);
        return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(new ASN1Encodable[] { new DERSequence(essCertId), new DERSequence(DERNull.INSTANCE) })));
    } catch (CertificateEncodingException ex) {
        throw new SignerException(ex.getMessage());
    }
}
Also used : IssuerSerial(org.bouncycastle.asn1.x509.IssuerSerial) Digest(org.demoiselle.signer.cryptography.Digest) SignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.SignedAttribute) Attribute(org.bouncycastle.asn1.cms.Attribute) CertificateEncodingException(java.security.cert.CertificateEncodingException) X500Name(org.bouncycastle.asn1.x500.X500Name) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) DERSet(org.bouncycastle.asn1.DERSet) X509Certificate(java.security.cert.X509Certificate) DERSequence(org.bouncycastle.asn1.DERSequence) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) ESSCertID(org.bouncycastle.asn1.ess.ESSCertID) GeneralName(org.bouncycastle.asn1.x509.GeneralName) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 88 with Attribute

use of com.android.org.bouncycastle.asn1.x509.Attribute in project signer by demoiselle.

the class CertificateRefs method getValue.

@Override
public Attribute getValue() throws SignerException {
    try {
        int chainSize = certificates.length - 1;
        OtherCertID[] arrayOtherCertID = new OtherCertID[chainSize];
        for (int i = 1; i <= chainSize; i++) {
            X509Certificate issuerCert = null;
            X509Certificate cert = (X509Certificate) certificates[i];
            if (i < chainSize) {
                issuerCert = (X509Certificate) certificates[i + 1];
            } else {
                // raiz
                issuerCert = (X509Certificate) certificates[i];
            }
            Digest digest = DigestFactory.getInstance().factoryDefault();
            digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
            byte[] certHash = digest.digest(cert.getEncoded());
            X500Name dirName = new X500Name(issuerCert.getSubjectX500Principal().getName());
            GeneralName name = new GeneralName(dirName);
            GeneralNames issuer = new GeneralNames(name);
            ASN1Integer serialNumber = new ASN1Integer(cert.getSerialNumber());
            IssuerSerial issuerSerial = new IssuerSerial(issuer, serialNumber);
            AlgorithmIdentifier algId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256);
            OtherCertID otherCertID = new OtherCertID(algId, certHash, issuerSerial);
            arrayOtherCertID[i - 1] = otherCertID;
        }
        return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new ASN1Encodable[] { new DERSequence(arrayOtherCertID) }));
    } catch (CertificateEncodingException e) {
        throw new SignerException(e.getMessage());
    }
}
Also used : IssuerSerial(org.bouncycastle.asn1.x509.IssuerSerial) Digest(org.demoiselle.signer.cryptography.Digest) UnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute) Attribute(org.bouncycastle.asn1.cms.Attribute) CertificateEncodingException(java.security.cert.CertificateEncodingException) X500Name(org.bouncycastle.asn1.x500.X500Name) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) DERSet(org.bouncycastle.asn1.DERSet) X509Certificate(java.security.cert.X509Certificate) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) OtherCertID(org.bouncycastle.asn1.ess.OtherCertID) DERSequence(org.bouncycastle.asn1.DERSequence) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 89 with Attribute

use of com.android.org.bouncycastle.asn1.x509.Attribute in project gocd by gocd.

the class GoConfigFieldLoader method parse.

public void parse() {
    if (isImplicitCollection()) {
        field.setAccessible(true);
        Object val = GoConfigClassLoader.classParser(e, field.getType(), configCache, new GoCipher(), registry, configReferenceElements).parseImplicitCollection();
        setValue(val);
    } else if (isSubtag(field)) {
        field.setAccessible(true);
        Object val = subtagParser(e, field, configCache, registry, configReferenceElements).parse();
        setValue(val);
    } else if (isAttribute(field)) {
        field.setAccessible(true);
        Object val = attributeParser(e, field).parse(defaultValue());
        setValue(val);
    } else if (isConfigValue()) {
        field.setAccessible(true);
        Object val = e.getText();
        setValue(val);
    } else if (isAnnotationPresent(field, ConfigReferenceElement.class)) {
        field.setAccessible(true);
        ConfigReferenceElement referenceField = field.getAnnotation(ConfigReferenceElement.class);
        Attribute attribute = e.getAttribute(referenceField.referenceAttribute());
        if (attribute == null) {
            bomb(String.format("Expected attribute `%s` to be present for %s.", referenceField.referenceAttribute(), e.getName()));
        }
        String refId = attribute.getValue();
        Object referredObject = configReferenceElements.get(referenceField.referenceCollection(), refId);
        setValue(referredObject);
    }
}
Also used : GoCipher(com.thoughtworks.go.security.GoCipher) Attribute(org.jdom2.Attribute) GoConfigAttributeLoader.isAttribute(com.thoughtworks.go.config.parser.GoConfigAttributeLoader.isAttribute)

Example 90 with Attribute

use of com.android.org.bouncycastle.asn1.x509.Attribute in project mycore by MyCoRe-Org.

the class MCRNodeBuilderTest method testExpressionsToIgnore.

@Test
public void testExpressionsToIgnore() throws JaxenException, JDOMException {
    Element built = new MCRNodeBuilder().buildElement("element[2]", null, null);
    assertNotNull(built);
    assertEquals("element", built.getName());
    built = new MCRNodeBuilder().buildElement("element[contains(.,'foo')]", null, null);
    assertNotNull(built);
    assertEquals("element", built.getName());
    built = new MCRNodeBuilder().buildElement("foo|bar", null, null);
    assertNull(built);
    Attribute attribute = new MCRNodeBuilder().buildAttribute("@lang[preceding::*/foo='bar']", "value", null);
    assertNotNull(attribute);
    assertEquals("lang", attribute.getName());
    assertEquals("value", attribute.getValue());
    built = new MCRNodeBuilder().buildElement("parent/child/following::node/foo='bar'", null, null);
    assertNotNull(built);
    assertEquals("child", built.getName());
    assertNotNull(built.getParentElement());
    assertEquals("parent", built.getParentElement().getName());
    assertEquals(0, built.getChildren().size());
    assertEquals("", built.getText());
}
Also used : Attribute(org.jdom2.Attribute) Element(org.jdom2.Element) Test(org.junit.Test)

Aggregations

Attribute (org.jdom2.Attribute)149 Element (org.jdom2.Element)104 IOException (java.io.IOException)31 ArrayList (java.util.ArrayList)27 Document (org.jdom2.Document)18 DataConversionException (org.jdom2.DataConversionException)16 X509Certificate (java.security.cert.X509Certificate)15 Editor (jmri.jmrit.display.Editor)15 GeneralName (org.bouncycastle.asn1.x509.GeneralName)15 Test (org.junit.Test)14 List (java.util.List)13 NamedIcon (jmri.jmrit.catalog.NamedIcon)13 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)12 Attribute (org.bouncycastle.asn1.pkcs.Attribute)12 Extensions (org.bouncycastle.asn1.x509.Extensions)12 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)12 CertificateEncodingException (java.security.cert.CertificateEncodingException)11 Attribute (org.bouncycastle.asn1.x509.Attribute)11 HashMap (java.util.HashMap)10 HashSet (java.util.HashSet)9