Search in sources :

Example 16 with ASN1Encodable

use of com.github.zhenwei.core.asn1.ASN1Encodable in project documentproduction by qld-gov-au.

the class CertificateVerifier method downloadExtraCertificates.

/**
 * Download extra certificates from the URI mentioned in id-ad-caIssuers in the "authority
 * information access" extension. The method is lenient, i.e. catches all exceptions.
 *
 * @param ext an X509 object that can have extensions.
 *
 * @return a certificate set, never null.
 * @throws ExecutionException
 */
public static Set<X509Certificate> downloadExtraCertificates(X509Extension ext) throws ExecutionException {
    // https://tools.ietf.org/html/rfc2459#section-4.2.2.1
    // https://tools.ietf.org/html/rfc3280#section-4.2.2.1
    // https://tools.ietf.org/html/rfc4325
    Set<X509Certificate> resultSet = new HashSet<X509Certificate>();
    byte[] authorityExtensionValue = ext.getExtensionValue(Extension.authorityInfoAccess.getId());
    if (authorityExtensionValue == null) {
        return resultSet;
    }
    ASN1Primitive asn1Prim;
    try {
        asn1Prim = JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue);
    } catch (IOException ex) {
        LOG.warn(ex.getMessage(), ex);
        return resultSet;
    }
    if (!(asn1Prim instanceof ASN1Sequence)) {
        LOG.warn("ASN1Sequence expected, got " + asn1Prim.getClass().getSimpleName());
        return resultSet;
    }
    ASN1Sequence asn1Seq = (ASN1Sequence) asn1Prim;
    Enumeration<?> objects = asn1Seq.getObjects();
    while (objects.hasMoreElements()) {
        // AccessDescription
        ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
        ASN1Encodable oid = obj.getObjectAt(0);
        if (!X509ObjectIdentifiers.id_ad_caIssuers.equals(oid)) {
            continue;
        }
        ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
        ASN1OctetString uri = (ASN1OctetString) location.getObject();
        String urlString = new String(uri.getOctets());
        LOG.info("CA issuers URL: " + urlString);
        Collection<? extends Certificate> altCerts = ISSUER_CERTS.get(urlString);
        for (Certificate altCert : altCerts) {
            resultSet.add((X509Certificate) altCert);
        }
        LOG.info("CA issuers URL: " + altCerts.size() + " certificate(s) downloaded");
    }
    LOG.info("CA issuers: Downloaded " + resultSet.size() + " certificate(s) total");
    return resultSet;
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) IOException(java.io.IOException) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) X509Certificate(java.security.cert.X509Certificate) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) HashSet(java.util.HashSet) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 17 with ASN1Encodable

use of com.github.zhenwei.core.asn1.ASN1Encodable in project documentproduction by qld-gov-au.

the class CertificateVerifier method extractOCSPURL.

/**
 * Extract the OCSP URL from an X.509 certificate if available.
 *
 * @param cert X.509 certificate
 * @return the URL of the OCSP validation service
 * @throws IOException
 */
private static String extractOCSPURL(X509Certificate cert) throws IOException {
    byte[] authorityExtensionValue = cert.getExtensionValue(Extension.authorityInfoAccess.getId());
    if (authorityExtensionValue != null) {
        // copied from CertInformationHelper.getAuthorityInfoExtensionValue()
        // DRY refactor should be done some day
        ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue);
        Enumeration<?> objects = asn1Seq.getObjects();
        while (objects.hasMoreElements()) {
            // AccessDescription
            ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
            ASN1Encodable oid = obj.getObjectAt(0);
            // accessLocation
            ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
            if (X509ObjectIdentifiers.id_ad_ocsp.equals(oid) && location.getTagNo() == GeneralName.uniformResourceIdentifier) {
                ASN1OctetString url = (ASN1OctetString) location.getObject();
                String ocspURL = new String(url.getOctets());
                LOG.info("OCSP URL: " + ocspURL);
                return ocspURL;
            }
        }
    }
    return null;
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)

Example 18 with ASN1Encodable

use of com.github.zhenwei.core.asn1.ASN1Encodable in project documentproduction by qld-gov-au.

the class CertInformationCollector method getAuthorityInfoExtensionValue.

static void getAuthorityInfoExtensionValue(byte[] extensionValue, CertSignatureInformation certInfo) throws IOException {
    ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(extensionValue);
    Enumeration<?> objects = asn1Seq.getObjects();
    while (objects.hasMoreElements()) {
        // AccessDescription
        ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
        ASN1Encodable oid = obj.getObjectAt(0);
        // accessLocation
        ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
        if (X509ObjectIdentifiers.id_ad_ocsp.equals(oid) && location.getTagNo() == GeneralName.uniformResourceIdentifier) {
            ASN1OctetString url = (ASN1OctetString) location.getObject();
            certInfo.setOcspUrl(new String(url.getOctets()));
        } else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(oid)) {
            ASN1OctetString uri = (ASN1OctetString) location.getObject();
            certInfo.setIssuerUrl(new String(uri.getOctets()));
        }
    }
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)

Example 19 with ASN1Encodable

use of com.github.zhenwei.core.asn1.ASN1Encodable in project documentproduction by qld-gov-au.

the class TimeStampManager method signTimeStamp.

/**
 * Extend CMS Signer Information with the TimeStampToken into the unsigned Attributes.
 *
 * @param signer information about signer
 * @return information about SignerInformation
 * @throws IOException
 */
private SignerInformation signTimeStamp(SignerInformation signer) throws IOException, TSPException {
    AttributeTable unsignedAttributes = signer.getUnsignedAttributes();
    ASN1EncodableVector vector = new ASN1EncodableVector();
    if (unsignedAttributes != null) {
        vector = unsignedAttributes.toASN1EncodableVector();
    }
    byte[] token = this.tsaClient.getTimeStampToken(signer.getSignature());
    ASN1ObjectIdentifier oid = PKCSObjectIdentifiers.id_aa_signatureTimeStampToken;
    ASN1Encodable signatureTimeStamp = new Attribute(oid, new DERSet(ASN1Primitive.fromByteArray(token)));
    vector.add(signatureTimeStamp);
    Attributes signedAttributes = new Attributes(vector);
    // replace unsignedAttributes with the signed once
    return SignerInformation.replaceUnsignedAttributes(signer, new AttributeTable(signedAttributes));
}
Also used : Attribute(org.bouncycastle.asn1.cms.Attribute) AttributeTable(org.bouncycastle.asn1.cms.AttributeTable) Attributes(org.bouncycastle.asn1.cms.Attributes) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) DERSet(org.bouncycastle.asn1.DERSet) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 20 with ASN1Encodable

use of com.github.zhenwei.core.asn1.ASN1Encodable in project attestation by TokenScript.

the class URLUtility method decodeList.

/**
 * @param url The part of the URL that contains encoding. I.e. it must be pruned for domainame and such
 */
public static List<byte[]> decodeList(String url) throws IOException {
    List<byte[]> res = new ArrayList<>();
    byte[] decodedData = decodeData(url);
    ASN1InputStream input = new ASN1InputStream(decodedData);
    ASN1Encodable[] asn1 = ASN1Sequence.getInstance(input.readObject()).toArray();
    input.close();
    for (ASN1Encodable current : asn1) {
        res.add(ASN1OctetString.getInstance(current).getOctets());
    }
    return res;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ArrayList(java.util.ArrayList) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)

Aggregations

ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)209 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)89 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)76 IOException (java.io.IOException)72 ASN1Encodable (com.github.zhenwei.core.asn1.ASN1Encodable)58 ArrayList (java.util.ArrayList)45 DEROctetString (org.bouncycastle.asn1.DEROctetString)43 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)42 DERSequence (org.bouncycastle.asn1.DERSequence)35 BigInteger (java.math.BigInteger)31 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)30 DERIA5String (org.bouncycastle.asn1.DERIA5String)30 X509Certificate (java.security.cert.X509Certificate)29 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)29 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)29 GeneralName (org.bouncycastle.asn1.x509.GeneralName)26 List (java.util.List)25 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)24 HashSet (java.util.HashSet)24 ASN1TaggedObject (org.bouncycastle.asn1.ASN1TaggedObject)23