Search in sources :

Example 66 with ASN1Encodable

use of com.github.zhenwei.core.asn1.ASN1Encodable in project xipki by xipki.

the class XmlX509Certprofile method initQcStatements.

private void initQcStatements(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
    ASN1ObjectIdentifier type = Extension.qCStatements;
    if (!extensionControls.containsKey(type)) {
        return;
    }
    extnIds.remove(type);
    QcStatements extConf = (QcStatements) getExtensionValue(type, extensionsType, QcStatements.class);
    if (extConf == null) {
        return;
    }
    List<QcStatementType> qcStatementTypes = extConf.getQcStatement();
    this.qcStatementsOption = new ArrayList<>(qcStatementTypes.size());
    Set<String> currencyCodes = new HashSet<>();
    boolean requireInfoFromReq = false;
    for (QcStatementType m : qcStatementTypes) {
        ASN1ObjectIdentifier qcStatementId = new ASN1ObjectIdentifier(m.getStatementId().getValue());
        QcStatementOption qcStatementOption;
        QcStatementValueType statementValue = m.getStatementValue();
        if (statementValue == null) {
            QCStatement qcStatment = new QCStatement(qcStatementId);
            qcStatementOption = new QcStatementOption(qcStatment);
        } else if (statementValue.getQcRetentionPeriod() != null) {
            QCStatement qcStatment = new QCStatement(qcStatementId, new ASN1Integer(statementValue.getQcRetentionPeriod()));
            qcStatementOption = new QcStatementOption(qcStatment);
        } else if (statementValue.getConstant() != null) {
            ASN1Encodable constantStatementValue;
            try {
                constantStatementValue = new ASN1StreamParser(statementValue.getConstant().getValue()).readObject();
            } catch (IOException ex) {
                throw new CertprofileException("can not parse the constant value of QcStatement");
            }
            QCStatement qcStatment = new QCStatement(qcStatementId, constantStatementValue);
            qcStatementOption = new QcStatementOption(qcStatment);
        } else if (statementValue.getQcEuLimitValue() != null) {
            QcEuLimitValueType euLimitType = statementValue.getQcEuLimitValue();
            String tmpCurrency = euLimitType.getCurrency().toUpperCase();
            if (currencyCodes.contains(tmpCurrency)) {
                throw new CertprofileException("Duplicated definition of qcStatments with QCEuLimitValue" + " for the currency " + tmpCurrency);
            }
            Iso4217CurrencyCode currency = StringUtil.isNumber(tmpCurrency) ? new Iso4217CurrencyCode(Integer.parseInt(tmpCurrency)) : new Iso4217CurrencyCode(tmpCurrency);
            Range2Type r1 = euLimitType.getAmount();
            Range2Type r2 = euLimitType.getExponent();
            if (r1.getMin() == r1.getMax() && r2.getMin() == r2.getMax()) {
                MonetaryValue monetaryValue = new MonetaryValue(currency, r1.getMin(), r2.getMin());
                QCStatement qcStatement = new QCStatement(qcStatementId, monetaryValue);
                qcStatementOption = new QcStatementOption(qcStatement);
            } else {
                MonetaryValueOption monetaryValueOption = new MonetaryValueOption(currency, r1, r2);
                qcStatementOption = new QcStatementOption(qcStatementId, monetaryValueOption);
                requireInfoFromReq = true;
            }
            currencyCodes.add(tmpCurrency);
        } else if (statementValue.getPdsLocations() != null) {
            ASN1EncodableVector vec = new ASN1EncodableVector();
            for (PdsLocationType pl : statementValue.getPdsLocations().getPdsLocation()) {
                ASN1EncodableVector vec2 = new ASN1EncodableVector();
                vec2.add(new DERIA5String(pl.getUrl()));
                String lang = pl.getLanguage();
                if (lang.length() != 2) {
                    throw new RuntimeException("invalid language '" + lang + "'");
                }
                vec2.add(new DERPrintableString(lang));
                DERSequence seq = new DERSequence(vec2);
                vec.add(seq);
            }
            QCStatement qcStatement = new QCStatement(qcStatementId, new DERSequence(vec));
            qcStatementOption = new QcStatementOption(qcStatement);
        } else {
            throw new RuntimeException("unknown value of qcStatment");
        }
        this.qcStatementsOption.add(qcStatementOption);
    }
    if (requireInfoFromReq) {
        return;
    }
    ASN1EncodableVector vec = new ASN1EncodableVector();
    for (QcStatementOption m : qcStatementsOption) {
        if (m.getStatement() == null) {
            throw new RuntimeException("should not reach here");
        }
        vec.add(m.getStatement());
    }
    ASN1Sequence seq = new DERSequence(vec);
    qcStatments = new ExtensionValue(extensionControls.get(type).isCritical(), seq);
    qcStatementsOption = null;
}
Also used : QCStatement(org.bouncycastle.asn1.x509.qualified.QCStatement) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) Iso4217CurrencyCode(org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode) QcStatements(org.xipki.ca.certprofile.x509.jaxb.QcStatements) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERSequence(org.bouncycastle.asn1.DERSequence) ExtensionValue(org.xipki.ca.api.profile.ExtensionValue) CertprofileException(org.xipki.ca.api.profile.CertprofileException) Range2Type(org.xipki.ca.certprofile.x509.jaxb.Range2Type) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) HashSet(java.util.HashSet) ASN1StreamParser(org.bouncycastle.asn1.ASN1StreamParser) QcStatementValueType(org.xipki.ca.certprofile.x509.jaxb.QcStatementValueType) MonetaryValue(org.bouncycastle.asn1.x509.qualified.MonetaryValue) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) PdsLocationType(org.xipki.ca.certprofile.x509.jaxb.PdsLocationType) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) QcStatementType(org.xipki.ca.certprofile.x509.jaxb.QcStatementType) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) QcEuLimitValueType(org.xipki.ca.certprofile.x509.jaxb.QcEuLimitValueType)

Example 67 with ASN1Encodable

use of com.github.zhenwei.core.asn1.ASN1Encodable in project xipki by xipki.

the class XmlX509Certprofile method initAdditionalInformation.

private void initAdditionalInformation(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
    ASN1ObjectIdentifier type = ObjectIdentifiers.id_extension_additionalInformation;
    if (!extensionControls.containsKey(type)) {
        return;
    }
    extnIds.remove(type);
    AdditionalInformation extConf = (AdditionalInformation) getExtensionValue(type, extensionsType, AdditionalInformation.class);
    if (extConf == null) {
        return;
    }
    DirectoryStringType stringType = XmlX509CertprofileUtil.convertDirectoryStringType(extConf.getType());
    ASN1Encodable extValue = stringType.createDirectoryString(extConf.getText());
    additionalInformation = new ExtensionValue(extensionControls.get(type).isCritical(), extValue);
}
Also used : AdditionalInformation(org.xipki.ca.certprofile.x509.jaxb.AdditionalInformation) ExtensionValue(org.xipki.ca.api.profile.ExtensionValue) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) DirectoryStringType(org.xipki.ca.api.profile.DirectoryStringType) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 68 with ASN1Encodable

use of com.github.zhenwei.core.asn1.ASN1Encodable in project xipki by xipki.

the class XmlX509Certprofile method createRequestedSubjectAltNames.

private GeneralNames createRequestedSubjectAltNames(X500Name requestedSubject, X500Name grantedSubject, Extensions requestedExtensions) throws BadCertTemplateException {
    ASN1Encodable extValue = (requestedExtensions == null) ? null : requestedExtensions.getExtensionParsedValue(Extension.subjectAlternativeName);
    if (extValue == null && subjectToSubjectAltNameModes == null) {
        return null;
    }
    GeneralNames reqNames = (extValue == null) ? null : GeneralNames.getInstance(extValue);
    if (subjectAltNameModes == null && subjectToSubjectAltNameModes == null) {
        return reqNames;
    }
    List<GeneralName> grantedNames = new LinkedList<>();
    // copy the required attributes of Subject
    if (subjectToSubjectAltNameModes != null) {
        for (ASN1ObjectIdentifier attrType : subjectToSubjectAltNameModes.keySet()) {
            GeneralNameTag tag = subjectToSubjectAltNameModes.get(attrType);
            RDN[] rdns = grantedSubject.getRDNs(attrType);
            if (rdns == null) {
                rdns = requestedSubject.getRDNs(attrType);
            }
            if (rdns == null) {
                continue;
            }
            for (RDN rdn : rdns) {
                String rdnValue = X509Util.rdnValueToString(rdn.getFirst().getValue());
                switch(tag) {
                    case rfc822Name:
                    case dNSName:
                    case uniformResourceIdentifier:
                    case iPAddress:
                    case directoryName:
                    case registeredID:
                        grantedNames.add(new GeneralName(tag.getTag(), rdnValue));
                        break;
                    default:
                        throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
                }
            // end switch (tag)
            }
        }
    }
    // copy the requested SubjectAltName entries
    if (reqNames != null) {
        GeneralName[] reqL = reqNames.getNames();
        for (int i = 0; i < reqL.length; i++) {
            grantedNames.add(X509CertprofileUtil.createGeneralName(reqL[i], subjectAltNameModes));
        }
    }
    return grantedNames.isEmpty() ? null : new GeneralNames(grantedNames.toArray(new GeneralName[0]));
}
Also used : GeneralNameTag(org.xipki.ca.api.profile.GeneralNameTag) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) LinkedList(java.util.LinkedList) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) GeneralName(org.bouncycastle.asn1.x509.GeneralName) RDN(org.bouncycastle.asn1.x500.RDN) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 69 with ASN1Encodable

use of com.github.zhenwei.core.asn1.ASN1Encodable in project xipki by xipki.

the class XmlX509Certprofile method initTlsFeature.

private void initTlsFeature(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
    ASN1ObjectIdentifier type = ObjectIdentifiers.id_pe_tlsfeature;
    if (!extensionControls.containsKey(type)) {
        return;
    }
    extnIds.remove(type);
    TlsFeature extConf = (TlsFeature) getExtensionValue(type, extensionsType, TlsFeature.class);
    if (extConf == null) {
        return;
    }
    List<Integer> features = new ArrayList<>(extConf.getFeature().size());
    for (IntWithDescType m : extConf.getFeature()) {
        int value = m.getValue();
        if (value < 0 || value > 65535) {
            throw new CertprofileException("invalid TLS feature (extensionType) " + value);
        }
        features.add(value);
    }
    Collections.sort(features);
    ASN1EncodableVector vec = new ASN1EncodableVector();
    for (Integer m : features) {
        vec.add(new ASN1Integer(m));
    }
    ASN1Encodable extValue = new DERSequence(vec);
    tlsFeature = new ExtensionValue(extensionControls.get(type).isCritical(), extValue);
}
Also used : TlsFeature(org.xipki.ca.certprofile.x509.jaxb.TlsFeature) ArrayList(java.util.ArrayList) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) BigInteger(java.math.BigInteger) DERSequence(org.bouncycastle.asn1.DERSequence) ExtensionValue(org.xipki.ca.api.profile.ExtensionValue) CertprofileException(org.xipki.ca.api.profile.CertprofileException) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) IntWithDescType(org.xipki.ca.certprofile.x509.jaxb.IntWithDescType) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 70 with ASN1Encodable

use of com.github.zhenwei.core.asn1.ASN1Encodable in project xipki by xipki.

the class XmlX509Certprofile method initSmimeCapabilities.

private void initSmimeCapabilities(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
    ASN1ObjectIdentifier type = ObjectIdentifiers.id_smimeCapabilities;
    if (!extensionControls.containsKey(type)) {
        return;
    }
    extnIds.remove(type);
    SMIMECapabilities extConf = (SMIMECapabilities) getExtensionValue(type, extensionsType, SMIMECapabilities.class);
    if (extConf == null) {
        return;
    }
    List<SMIMECapability> list = extConf.getSMIMECapability();
    ASN1EncodableVector vec = new ASN1EncodableVector();
    for (SMIMECapability m : list) {
        ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(m.getCapabilityID().getValue());
        ASN1Encodable params = null;
        org.xipki.ca.certprofile.x509.jaxb.SMIMECapability.Parameters capParams = m.getParameters();
        if (capParams != null) {
            if (capParams.getInteger() != null) {
                params = new ASN1Integer(capParams.getInteger());
            } else if (capParams.getBase64Binary() != null) {
                params = readAsn1Encodable(capParams.getBase64Binary().getValue());
            }
        }
        org.bouncycastle.asn1.smime.SMIMECapability cap = new org.bouncycastle.asn1.smime.SMIMECapability(oid, params);
        vec.add(cap);
    }
    ASN1Encodable extValue = new DERSequence(vec);
    smimeCapabilities = new ExtensionValue(extensionControls.get(type).isCritical(), extValue);
}
Also used : ASN1Integer(org.bouncycastle.asn1.ASN1Integer) DERSequence(org.bouncycastle.asn1.DERSequence) ExtensionValue(org.xipki.ca.api.profile.ExtensionValue) SMIMECapabilities(org.xipki.ca.certprofile.x509.jaxb.SMIMECapabilities) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) SMIMECapability(org.xipki.ca.certprofile.x509.jaxb.SMIMECapability) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)209 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)89 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)76 IOException (java.io.IOException)72 ASN1Encodable (com.github.zhenwei.core.asn1.ASN1Encodable)58 ArrayList (java.util.ArrayList)45 DEROctetString (org.bouncycastle.asn1.DEROctetString)43 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)42 DERSequence (org.bouncycastle.asn1.DERSequence)35 BigInteger (java.math.BigInteger)31 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)30 DERIA5String (org.bouncycastle.asn1.DERIA5String)30 X509Certificate (java.security.cert.X509Certificate)29 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)29 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)29 GeneralName (org.bouncycastle.asn1.x509.GeneralName)26 List (java.util.List)25 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)24 HashSet (java.util.HashSet)24 ASN1TaggedObject (org.bouncycastle.asn1.ASN1TaggedObject)23