Search in sources :

Example 56 with ASN1ObjectIdentifier

use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project pdf-sign-check by spapas.

the class TSAClient method getTimeStampToken.

/**
 * @param content
 * @return the time stamp token
 * @throws IOException if there was an error with the connection or data from the TSA server,
 *                     or if the time stamp response could not be validated
 */
public TimeStampToken getTimeStampToken(InputStream content) throws IOException {
    digest.reset();
    DigestInputStream dis = new DigestInputStream(content, digest);
    while (dis.read() != -1) {
    // do nothing
    }
    byte[] hash = digest.digest();
    // 32-bit cryptographic nonce
    int nonce = RANDOM.nextInt();
    // generate TSA request
    TimeStampRequestGenerator tsaGenerator = new TimeStampRequestGenerator();
    tsaGenerator.setCertReq(true);
    ASN1ObjectIdentifier oid = ALGORITHM_OID_FINDER.find(digest.getAlgorithm()).getAlgorithm();
    TimeStampRequest request = tsaGenerator.generate(oid, hash, BigInteger.valueOf(nonce));
    // get TSA response
    byte[] tsaResponse = getTSAResponse(request.getEncoded());
    TimeStampResponse response;
    try {
        response = new TimeStampResponse(tsaResponse);
        response.validate(request);
    } catch (TSPException e) {
        throw new IOException(e);
    }
    TimeStampToken timeStampToken = response.getTimeStampToken();
    if (timeStampToken == null) {
        // https://www.ietf.org/rfc/rfc3161.html#section-2.4.2
        throw new IOException("Response from " + url + " does not have a time stamp token, status: " + response.getStatus() + " (" + response.getStatusString() + ")");
    }
    return timeStampToken;
}
Also used : TimeStampResponse(org.bouncycastle.tsp.TimeStampResponse) DigestInputStream(java.security.DigestInputStream) TimeStampRequestGenerator(org.bouncycastle.tsp.TimeStampRequestGenerator) TSPException(org.bouncycastle.tsp.TSPException) IOException(java.io.IOException) TimeStampToken(org.bouncycastle.tsp.TimeStampToken) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) TimeStampRequest(org.bouncycastle.tsp.TimeStampRequest)

Example 57 with ASN1ObjectIdentifier

use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project pdf-sign-check by spapas.

the class ValidationTimeStamp method signTimeStamp.

/**
 * Extend CMS Signer Information with the TimeStampToken into the unsigned Attributes.
 *
 * @param signer information about signer
 * @return information about SignerInformation
 * @throws IOException
 */
private SignerInformation signTimeStamp(SignerInformation signer) throws IOException {
    AttributeTable unsignedAttributes = signer.getUnsignedAttributes();
    ASN1EncodableVector vector = new ASN1EncodableVector();
    if (unsignedAttributes != null) {
        vector = unsignedAttributes.toASN1EncodableVector();
    }
    TimeStampToken timeStampToken = tsaClient.getTimeStampToken(new ByteArrayInputStream(signer.getSignature()));
    byte[] token = timeStampToken.getEncoded();
    ASN1ObjectIdentifier oid = PKCSObjectIdentifiers.id_aa_signatureTimeStampToken;
    ASN1Encodable signatureTimeStamp = new Attribute(oid, new DERSet(ASN1Primitive.fromByteArray(token)));
    vector.add(signatureTimeStamp);
    Attributes signedAttributes = new Attributes(vector);
    // see source code of replaceUnsignedAttributes
    return SignerInformation.replaceUnsignedAttributes(signer, new AttributeTable(signedAttributes));
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) Attribute(org.bouncycastle.asn1.cms.Attribute) AttributeTable(org.bouncycastle.asn1.cms.AttributeTable) Attributes(org.bouncycastle.asn1.cms.Attributes) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) TimeStampToken(org.bouncycastle.tsp.TimeStampToken) DERSet(org.bouncycastle.asn1.DERSet) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 58 with ASN1ObjectIdentifier

use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class X509ProxyCertPathValidator method checkProxyConstraints.

@SuppressWarnings("unused")
protected void checkProxyConstraints(TBSCertificateStructure proxy, TBSCertificateStructure issuer, X509Certificate checkedProxy) throws CertPathValidatorException, IOException {
    X509Extensions extensions;
    ASN1ObjectIdentifier oid;
    X509Extension proxyExtension;
    X509Extension proxyKeyUsage = null;
    extensions = proxy.getExtensions();
    if (extensions != null) {
        Enumeration e = extensions.oids();
        while (e.hasMoreElements()) {
            oid = (ASN1ObjectIdentifier) e.nextElement();
            proxyExtension = extensions.getExtension(oid);
            if (oid.equals(X509Extension.subjectAlternativeName) || oid.equals(X509Extension.issuerAlternativeName)) {
                // No Alt name extensions - 3.2 & 3.5
                throw new CertPathValidatorException("Proxy violation: no Subject or Issuer Alternative Name");
            } else if (oid.equals(X509Extension.basicConstraints)) {
                // Basic Constraint must not be true - 3.8
                BasicConstraints basicExt = CertificateUtil.getBasicConstraints(proxyExtension);
                if (basicExt.isCA()) {
                    throw new CertPathValidatorException("Proxy violation: Basic Constraint CA is set to true");
                }
            } else if (oid.equals(X509Extension.keyUsage)) {
                proxyKeyUsage = proxyExtension;
            }
        }
    }
    extensions = issuer.getExtensions();
    if (extensions != null) {
        Enumeration e = extensions.oids();
        while (e.hasMoreElements()) {
            oid = (ASN1ObjectIdentifier) e.nextElement();
            proxyExtension = extensions.getExtension(oid);
            checkExtension(oid, proxyExtension, proxyKeyUsage);
        }
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) Enumeration(java.util.Enumeration) X509Extension(org.bouncycastle.asn1.x509.X509Extension) X509Extensions(org.bouncycastle.asn1.x509.X509Extensions) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 59 with ASN1ObjectIdentifier

use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class CertificateUtil method processCriticalExtension.

private static GSIConstants.CertificateType processCriticalExtension(X509Extension ext, boolean gsi4) {
    GSIConstants.CertificateType type;
    ProxyCertInfo proxyCertExt = ProxyCertificateUtil.getProxyCertInfo(ext);
    ProxyPolicy proxyPolicy = proxyCertExt.getProxyPolicy();
    ASN1ObjectIdentifier oid = proxyPolicy.getPolicyLanguage();
    if (ProxyPolicy.IMPERSONATION.equals(oid)) {
        if (gsi4) {
            type = GSIConstants.CertificateType.GSI_4_IMPERSONATION_PROXY;
        } else {
            type = GSIConstants.CertificateType.GSI_3_IMPERSONATION_PROXY;
        }
    } else if (ProxyPolicy.INDEPENDENT.equals(oid)) {
        if (gsi4) {
            type = GSIConstants.CertificateType.GSI_4_INDEPENDENT_PROXY;
        } else {
            type = GSIConstants.CertificateType.GSI_3_INDEPENDENT_PROXY;
        }
    } else if (ProxyPolicy.LIMITED.equals(oid)) {
        if (gsi4) {
            type = GSIConstants.CertificateType.GSI_4_LIMITED_PROXY;
        } else {
            type = GSIConstants.CertificateType.GSI_3_LIMITED_PROXY;
        }
    } else {
        if (gsi4) {
            type = GSIConstants.CertificateType.GSI_4_RESTRICTED_PROXY;
        } else {
            type = GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY;
        }
    }
    return type;
}
Also used : GSIConstants(org.globus.gsi.GSIConstants) ProxyPolicy(org.globus.gsi.proxy.ext.ProxyPolicy) ProxyCertInfo(org.globus.gsi.proxy.ext.ProxyCertInfo) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 60 with ASN1ObjectIdentifier

use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class X509NameHelper method toString.

private static String toString(ASN1Sequence seq) {
    if (seq == null) {
        return null;
    }
    Enumeration e = seq.getObjects();
    StringBuffer buf = new StringBuffer();
    while (e.hasMoreElements()) {
        ASN1Set set = (ASN1Set) e.nextElement();
        Enumeration ee = set.getObjects();
        buf.append('/');
        while (ee.hasMoreElements()) {
            ASN1Sequence s = (ASN1Sequence) ee.nextElement();
            ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) s.getObjectAt(0);
            String sym = (String) X509Name.DefaultSymbols.get(oid);
            if (sym == null) {
                buf.append(oid.getId());
            } else {
                buf.append(sym);
            }
            buf.append('=');
            buf.append(((ASN1String) s.getObjectAt(1)).getString());
            if (ee.hasMoreElements()) {
                buf.append('+');
            }
        }
    }
    return buf.toString();
}
Also used : Enumeration(java.util.Enumeration) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1Set(org.bouncycastle.asn1.ASN1Set) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) ASN1String(org.bouncycastle.asn1.ASN1String) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)545 IOException (java.io.IOException)161 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)126 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)87 DEROctetString (org.bouncycastle.asn1.DEROctetString)87 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)73 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)71 Enumeration (java.util.Enumeration)70 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)70 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)69 ArrayList (java.util.ArrayList)65 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)64 BigInteger (java.math.BigInteger)60 DERSequence (org.bouncycastle.asn1.DERSequence)60 HashSet (java.util.HashSet)57 DERIA5String (org.bouncycastle.asn1.DERIA5String)52 X500Name (org.bouncycastle.asn1.x500.X500Name)52 X509Certificate (java.security.cert.X509Certificate)50 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)47 Extension (org.bouncycastle.asn1.x509.Extension)46