Examples with ASN1Encodable com.github.zhenwei.core.asn1.ASN1Encodable used on opensource projects

Example 16 with ASN1Encodable

use of com.github.zhenwei.core.asn1.ASN1Encodable in project documentproduction by qld-gov-au.

the class CertificateVerifier method downloadExtraCertificates.

/**
 * Download extra certificates from the URI mentioned in id-ad-caIssuers in the "authority
 * information access" extension. The method is lenient, i.e. catches all exceptions.
 *
 * @param ext an X509 object that can have extensions.
 *
 * @return a certificate set, never null.
 * @throws ExecutionException
 */
public static Set<X509Certificate> downloadExtraCertificates(X509Extension ext) throws ExecutionException {
    // https://tools.ietf.org/html/rfc2459#section-4.2.2.1
    // https://tools.ietf.org/html/rfc3280#section-4.2.2.1
    // https://tools.ietf.org/html/rfc4325
    Set<X509Certificate> resultSet = new HashSet<X509Certificate>();
    byte[] authorityExtensionValue = ext.getExtensionValue(Extension.authorityInfoAccess.getId());
    if (authorityExtensionValue == null) {
        return resultSet;
    }
    ASN1Primitive asn1Prim;
    try {
        asn1Prim = JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue);
    } catch (IOException ex) {
        LOG.warn(ex.getMessage(), ex);
        return resultSet;
    }
    if (!(asn1Prim instanceof ASN1Sequence)) {
        LOG.warn("ASN1Sequence expected, got " + asn1Prim.getClass().getSimpleName());
        return resultSet;
    }
    ASN1Sequence asn1Seq = (ASN1Sequence) asn1Prim;
    Enumeration<?> objects = asn1Seq.getObjects();
    while (objects.hasMoreElements()) {
        // AccessDescription
        ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
        ASN1Encodable oid = obj.getObjectAt(0);
        if (!X509ObjectIdentifiers.id_ad_caIssuers.equals(oid)) {
            continue;
        }
        ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
        ASN1OctetString uri = (ASN1OctetString) location.getObject();
        String urlString = new String(uri.getOctets());
        LOG.info("CA issuers URL: " + urlString);
        Collection<? extends Certificate> altCerts = ISSUER_CERTS.get(urlString);
        for (Certificate altCert : altCerts) {
            resultSet.add((X509Certificate) altCert);
        }
        LOG.info("CA issuers URL: " + altCerts.size() + " certificate(s) downloaded");
    }
    LOG.info("CA issuers: Downloaded " + resultSet.size() + " certificate(s) total");
    return resultSet;
}

Example 17 with ASN1Encodable

use of com.github.zhenwei.core.asn1.ASN1Encodable in project documentproduction by qld-gov-au.

the class CertificateVerifier method extractOCSPURL.

/**
 * Extract the OCSP URL from an X.509 certificate if available.
 *
 * @param cert X.509 certificate
 * @return the URL of the OCSP validation service
 * @throws IOException
 */
private static String extractOCSPURL(X509Certificate cert) throws IOException {
    byte[] authorityExtensionValue = cert.getExtensionValue(Extension.authorityInfoAccess.getId());
    if (authorityExtensionValue != null) {
        // copied from CertInformationHelper.getAuthorityInfoExtensionValue()
        // DRY refactor should be done some day
        ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue);
        Enumeration<?> objects = asn1Seq.getObjects();
        while (objects.hasMoreElements()) {
            // AccessDescription
            ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
            ASN1Encodable oid = obj.getObjectAt(0);
            // accessLocation
            ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
            if (X509ObjectIdentifiers.id_ad_ocsp.equals(oid) && location.getTagNo() == GeneralName.uniformResourceIdentifier) {
                ASN1OctetString url = (ASN1OctetString) location.getObject();
                String ocspURL = new String(url.getOctets());
                LOG.info("OCSP URL: " + ocspURL);
                return ocspURL;
            }
        }
    }
    return null;
}

Example 18 with ASN1Encodable

use of com.github.zhenwei.core.asn1.ASN1Encodable in project documentproduction by qld-gov-au.

the class CertInformationCollector method getAuthorityInfoExtensionValue.

static void getAuthorityInfoExtensionValue(byte[] extensionValue, CertSignatureInformation certInfo) throws IOException {
    ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(extensionValue);
    Enumeration<?> objects = asn1Seq.getObjects();
    while (objects.hasMoreElements()) {
        // AccessDescription
        ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
        ASN1Encodable oid = obj.getObjectAt(0);
        // accessLocation
        ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
        if (X509ObjectIdentifiers.id_ad_ocsp.equals(oid) && location.getTagNo() == GeneralName.uniformResourceIdentifier) {
            ASN1OctetString url = (ASN1OctetString) location.getObject();
            certInfo.setOcspUrl(new String(url.getOctets()));
        } else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(oid)) {
            ASN1OctetString uri = (ASN1OctetString) location.getObject();
            certInfo.setIssuerUrl(new String(uri.getOctets()));
        }
    }
}

Example 19 with ASN1Encodable

use of com.github.zhenwei.core.asn1.ASN1Encodable in project documentproduction by qld-gov-au.

the class TimeStampManager method signTimeStamp.

/**
 * Extend CMS Signer Information with the TimeStampToken into the unsigned Attributes.
 *
 * @param signer information about signer
 * @return information about SignerInformation
 * @throws IOException
 */
private SignerInformation signTimeStamp(SignerInformation signer) throws IOException, TSPException {
    AttributeTable unsignedAttributes = signer.getUnsignedAttributes();
    ASN1EncodableVector vector = new ASN1EncodableVector();
    if (unsignedAttributes != null) {
        vector = unsignedAttributes.toASN1EncodableVector();
    }
    byte[] token = this.tsaClient.getTimeStampToken(signer.getSignature());
    ASN1ObjectIdentifier oid = PKCSObjectIdentifiers.id_aa_signatureTimeStampToken;
    ASN1Encodable signatureTimeStamp = new Attribute(oid, new DERSet(ASN1Primitive.fromByteArray(token)));
    vector.add(signatureTimeStamp);
    Attributes signedAttributes = new Attributes(vector);
    // replace unsignedAttributes with the signed once
    return SignerInformation.replaceUnsignedAttributes(signer, new AttributeTable(signedAttributes));
}

Example 20 with ASN1Encodable

use of com.github.zhenwei.core.asn1.ASN1Encodable in project attestation by TokenScript.

the class URLUtility method decodeList.

/**
 * @param url The part of the URL that contains encoding. I.e. it must be pruned for domainame and such
 */
public static List<byte[]> decodeList(String url) throws IOException {
    List<byte[]> res = new ArrayList<>();
    byte[] decodedData = decodeData(url);
    ASN1InputStream input = new ASN1InputStream(decodedData);
    ASN1Encodable[] asn1 = ASN1Sequence.getInstance(input.readObject()).toArray();
    input.close();
    for (ASN1Encodable current : asn1) {
        res.add(ASN1OctetString.getInstance(current).getOctets());
    }
    return res;
}