Search in sources :

Example 1 with ASN1StreamParser

use of com.github.zhenwei.core.asn1.ASN1StreamParser in project xipki by xipki.

the class XmlX509Certprofile method initQcStatements.

private void initQcStatements(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
    ASN1ObjectIdentifier type = Extension.qCStatements;
    if (!extensionControls.containsKey(type)) {
        return;
    }
    extnIds.remove(type);
    QcStatements extConf = (QcStatements) getExtensionValue(type, extensionsType, QcStatements.class);
    if (extConf == null) {
        return;
    }
    List<QcStatementType> qcStatementTypes = extConf.getQcStatement();
    this.qcStatementsOption = new ArrayList<>(qcStatementTypes.size());
    Set<String> currencyCodes = new HashSet<>();
    boolean requireInfoFromReq = false;
    for (QcStatementType m : qcStatementTypes) {
        ASN1ObjectIdentifier qcStatementId = new ASN1ObjectIdentifier(m.getStatementId().getValue());
        QcStatementOption qcStatementOption;
        QcStatementValueType statementValue = m.getStatementValue();
        if (statementValue == null) {
            QCStatement qcStatment = new QCStatement(qcStatementId);
            qcStatementOption = new QcStatementOption(qcStatment);
        } else if (statementValue.getQcRetentionPeriod() != null) {
            QCStatement qcStatment = new QCStatement(qcStatementId, new ASN1Integer(statementValue.getQcRetentionPeriod()));
            qcStatementOption = new QcStatementOption(qcStatment);
        } else if (statementValue.getConstant() != null) {
            ASN1Encodable constantStatementValue;
            try {
                constantStatementValue = new ASN1StreamParser(statementValue.getConstant().getValue()).readObject();
            } catch (IOException ex) {
                throw new CertprofileException("can not parse the constant value of QcStatement");
            }
            QCStatement qcStatment = new QCStatement(qcStatementId, constantStatementValue);
            qcStatementOption = new QcStatementOption(qcStatment);
        } else if (statementValue.getQcEuLimitValue() != null) {
            QcEuLimitValueType euLimitType = statementValue.getQcEuLimitValue();
            String tmpCurrency = euLimitType.getCurrency().toUpperCase();
            if (currencyCodes.contains(tmpCurrency)) {
                throw new CertprofileException("Duplicated definition of qcStatments with QCEuLimitValue" + " for the currency " + tmpCurrency);
            }
            Iso4217CurrencyCode currency = StringUtil.isNumber(tmpCurrency) ? new Iso4217CurrencyCode(Integer.parseInt(tmpCurrency)) : new Iso4217CurrencyCode(tmpCurrency);
            Range2Type r1 = euLimitType.getAmount();
            Range2Type r2 = euLimitType.getExponent();
            if (r1.getMin() == r1.getMax() && r2.getMin() == r2.getMax()) {
                MonetaryValue monetaryValue = new MonetaryValue(currency, r1.getMin(), r2.getMin());
                QCStatement qcStatement = new QCStatement(qcStatementId, monetaryValue);
                qcStatementOption = new QcStatementOption(qcStatement);
            } else {
                MonetaryValueOption monetaryValueOption = new MonetaryValueOption(currency, r1, r2);
                qcStatementOption = new QcStatementOption(qcStatementId, monetaryValueOption);
                requireInfoFromReq = true;
            }
            currencyCodes.add(tmpCurrency);
        } else if (statementValue.getPdsLocations() != null) {
            ASN1EncodableVector vec = new ASN1EncodableVector();
            for (PdsLocationType pl : statementValue.getPdsLocations().getPdsLocation()) {
                ASN1EncodableVector vec2 = new ASN1EncodableVector();
                vec2.add(new DERIA5String(pl.getUrl()));
                String lang = pl.getLanguage();
                if (lang.length() != 2) {
                    throw new RuntimeException("invalid language '" + lang + "'");
                }
                vec2.add(new DERPrintableString(lang));
                DERSequence seq = new DERSequence(vec2);
                vec.add(seq);
            }
            QCStatement qcStatement = new QCStatement(qcStatementId, new DERSequence(vec));
            qcStatementOption = new QcStatementOption(qcStatement);
        } else {
            throw new RuntimeException("unknown value of qcStatment");
        }
        this.qcStatementsOption.add(qcStatementOption);
    }
    if (requireInfoFromReq) {
        return;
    }
    ASN1EncodableVector vec = new ASN1EncodableVector();
    for (QcStatementOption m : qcStatementsOption) {
        if (m.getStatement() == null) {
            throw new RuntimeException("should not reach here");
        }
        vec.add(m.getStatement());
    }
    ASN1Sequence seq = new DERSequence(vec);
    qcStatments = new ExtensionValue(extensionControls.get(type).isCritical(), seq);
    qcStatementsOption = null;
}
Also used : QCStatement(org.bouncycastle.asn1.x509.qualified.QCStatement) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) Iso4217CurrencyCode(org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode) QcStatements(org.xipki.ca.certprofile.x509.jaxb.QcStatements) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERSequence(org.bouncycastle.asn1.DERSequence) ExtensionValue(org.xipki.ca.api.profile.ExtensionValue) CertprofileException(org.xipki.ca.api.profile.CertprofileException) Range2Type(org.xipki.ca.certprofile.x509.jaxb.Range2Type) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) HashSet(java.util.HashSet) ASN1StreamParser(org.bouncycastle.asn1.ASN1StreamParser) QcStatementValueType(org.xipki.ca.certprofile.x509.jaxb.QcStatementValueType) MonetaryValue(org.bouncycastle.asn1.x509.qualified.MonetaryValue) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) PdsLocationType(org.xipki.ca.certprofile.x509.jaxb.PdsLocationType) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) QcStatementType(org.xipki.ca.certprofile.x509.jaxb.QcStatementType) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) QcEuLimitValueType(org.xipki.ca.certprofile.x509.jaxb.QcEuLimitValueType)

Example 2 with ASN1StreamParser

use of com.github.zhenwei.core.asn1.ASN1StreamParser in project xipki by xipki.

the class ExtensionsChecker method buildConstantExtesions.

// method getExtensionValue
public static Map<ASN1ObjectIdentifier, QaExtensionValue> buildConstantExtesions(ExtensionsType extensionsType) throws CertprofileException {
    if (extensionsType == null) {
        return null;
    }
    Map<ASN1ObjectIdentifier, QaExtensionValue> map = new HashMap<>();
    for (ExtensionType m : extensionsType.getExtension()) {
        if (m.getValue() == null || !(m.getValue().getAny() instanceof ConstantExtValue)) {
            continue;
        }
        ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(m.getType().getValue());
        if (Extension.subjectAlternativeName.equals(oid) || Extension.subjectInfoAccess.equals(oid) || Extension.biometricInfo.equals(oid)) {
            continue;
        }
        ConstantExtValue extConf = (ConstantExtValue) m.getValue().getAny();
        byte[] encodedValue = extConf.getValue();
        ASN1StreamParser parser = new ASN1StreamParser(encodedValue);
        try {
            parser.readObject();
        } catch (IOException ex) {
            throw new CertprofileException("could not parse the constant extension value", ex);
        }
        QaExtensionValue extension = new QaExtensionValue(m.isCritical(), encodedValue);
        map.put(oid, extension);
    }
    if (CollectionUtil.isEmpty(map)) {
        return null;
    }
    return Collections.unmodifiableMap(map);
}
Also used : QaExtensionValue(org.xipki.ca.qa.internal.QaExtensionValue) HashMap(java.util.HashMap) CertprofileException(org.xipki.ca.api.profile.CertprofileException) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) IOException(java.io.IOException) ConstantExtValue(org.xipki.ca.certprofile.x509.jaxb.ConstantExtValue) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ASN1StreamParser(org.bouncycastle.asn1.ASN1StreamParser)

Example 3 with ASN1StreamParser

use of com.github.zhenwei.core.asn1.ASN1StreamParser in project xipki by xipki.

the class X509CertprofileQa method buildConstantExtesions.

public static Map<ASN1ObjectIdentifier, QaExtensionValue> buildConstantExtesions(ExtensionsType extensionsType) throws CertprofileException {
    if (extensionsType == null) {
        return null;
    }
    Map<ASN1ObjectIdentifier, QaExtensionValue> map = new HashMap<>();
    for (ExtensionType m : extensionsType.getExtension()) {
        if (m.getValue() == null || !(m.getValue().getAny() instanceof ConstantExtValue)) {
            continue;
        }
        ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(m.getType().getValue());
        if (Extension.subjectAlternativeName.equals(oid) || Extension.subjectInfoAccess.equals(oid) || Extension.biometricInfo.equals(oid)) {
            continue;
        }
        ConstantExtValue extConf = (ConstantExtValue) m.getValue().getAny();
        byte[] encodedValue = extConf.getValue();
        ASN1StreamParser parser = new ASN1StreamParser(encodedValue);
        try {
            parser.readObject();
        } catch (IOException ex) {
            throw new CertprofileException("could not parse the constant extension value", ex);
        }
        QaExtensionValue extension = new QaExtensionValue(m.isCritical(), encodedValue);
        map.put(oid, extension);
    }
    if (CollectionUtil.isEmpty(map)) {
        return null;
    }
    return Collections.unmodifiableMap(map);
}
Also used : QaExtensionValue(org.xipki.ca.qa.internal.QaExtensionValue) HashMap(java.util.HashMap) CertprofileException(org.xipki.ca.api.profile.CertprofileException) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) IOException(java.io.IOException) ConstantExtValue(org.xipki.ca.certprofile.x509.jaxb.ConstantExtValue) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ASN1StreamParser(org.bouncycastle.asn1.ASN1StreamParser)

Example 4 with ASN1StreamParser

use of com.github.zhenwei.core.asn1.ASN1StreamParser in project xipki by xipki.

the class XmlX509CertprofileUtil method buildConstantExtesions.

// method buildExtKeyUsageOptions
public static Map<ASN1ObjectIdentifier, ExtensionValue> buildConstantExtesions(ExtensionsType extensionsType) throws CertprofileException {
    if (extensionsType == null) {
        return null;
    }
    Map<ASN1ObjectIdentifier, ExtensionValue> map = new HashMap<>();
    for (ExtensionType m : extensionsType.getExtension()) {
        ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(m.getType().getValue());
        if (Extension.subjectAlternativeName.equals(oid) || Extension.subjectInfoAccess.equals(oid) || Extension.biometricInfo.equals(oid)) {
            continue;
        }
        if (m.getValue() == null || !(m.getValue().getAny() instanceof ConstantExtValue)) {
            continue;
        }
        ConstantExtValue extConf = (ConstantExtValue) m.getValue().getAny();
        byte[] encodedValue = extConf.getValue();
        ASN1StreamParser parser = new ASN1StreamParser(encodedValue);
        ASN1Encodable value;
        try {
            value = parser.readObject();
        } catch (IOException ex) {
            throw new CertprofileException("could not parse the constant extension value", ex);
        }
        ExtensionValue extension = new ExtensionValue(m.isCritical(), value);
        map.put(oid, extension);
    }
    if (CollectionUtil.isEmpty(map)) {
        return null;
    }
    return Collections.unmodifiableMap(map);
}
Also used : ExtensionValue(org.xipki.ca.api.profile.ExtensionValue) HashMap(java.util.HashMap) CertprofileException(org.xipki.ca.api.profile.CertprofileException) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) IOException(java.io.IOException) ConstantExtValue(org.xipki.ca.certprofile.x509.jaxb.ConstantExtValue) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ASN1StreamParser(org.bouncycastle.asn1.ASN1StreamParser)

Example 5 with ASN1StreamParser

use of com.github.zhenwei.core.asn1.ASN1StreamParser in project LinLong-Java by zhenwei1108.

the class CMSSignedDataParser method replaceCertificatesAndCRLs.

/**
 * Replace the certificate and CRL information associated with this CMSSignedData object with the
 * new one passed in.
 * <p>
 * The output stream is returned unclosed.
 * </p>
 *
 * @param original  the signed data stream to be used as a base.
 * @param certs     new certificates to be used, if any.
 * @param crls      new CRLs to be used, if any.
 * @param attrCerts new attribute certificates to be used, if any.
 * @param out       the stream to write the new signed data object to.
 * @return out.
 * @throws CMSException if there is an error processing the CertStore
 */
public static OutputStream replaceCertificatesAndCRLs(InputStream original, Store certs, Store crls, Store attrCerts, OutputStream out) throws CMSException, IOException {
    ASN1StreamParser in = new ASN1StreamParser(original);
    ContentInfoParser contentInfo = new ContentInfoParser((ASN1SequenceParser) in.readObject());
    SignedDataParser signedData = SignedDataParser.getInstance(contentInfo.getContent(BERTags.SEQUENCE));
    BERSequenceGenerator sGen = new BERSequenceGenerator(out);
    sGen.addObject(CMSObjectIdentifiers.signedData);
    BERSequenceGenerator sigGen = new BERSequenceGenerator(sGen.getRawOutputStream(), 0, true);
    // version number
    sigGen.addObject(signedData.getVersion());
    // digests
    sigGen.getRawOutputStream().write(signedData.getDigestAlgorithms().toASN1Primitive().getEncoded());
    // encap content info
    ContentInfoParser encapContentInfo = signedData.getEncapContentInfo();
    BERSequenceGenerator eiGen = new BERSequenceGenerator(sigGen.getRawOutputStream());
    eiGen.addObject(encapContentInfo.getContentType());
    pipeEncapsulatedOctetString(encapContentInfo, eiGen.getRawOutputStream());
    eiGen.close();
    // 
    // skip existing certs and CRLs
    // 
    getASN1Set(signedData.getCertificates());
    getASN1Set(signedData.getCrls());
    // 
    if (certs != null || attrCerts != null) {
        List certificates = new ArrayList();
        if (certs != null) {
            certificates.addAll(CMSUtils.getCertificatesFromStore(certs));
        }
        if (attrCerts != null) {
            certificates.addAll(CMSUtils.getAttributeCertificatesFromStore(attrCerts));
        }
        ASN1Set asn1Certs = CMSUtils.createBerSetFromList(certificates);
        if (asn1Certs.size() > 0) {
            sigGen.getRawOutputStream().write(new DERTaggedObject(false, 0, asn1Certs).getEncoded());
        }
    }
    if (crls != null) {
        ASN1Set asn1Crls = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(crls));
        if (asn1Crls.size() > 0) {
            sigGen.getRawOutputStream().write(new DERTaggedObject(false, 1, asn1Crls).getEncoded());
        }
    }
    sigGen.getRawOutputStream().write(signedData.getSignerInfos().toASN1Primitive().getEncoded());
    sigGen.close();
    sGen.close();
    return out;
}
Also used : ContentInfoParser(com.github.zhenwei.pkix.util.asn1.cms.ContentInfoParser) ASN1Set(com.github.zhenwei.core.asn1.ASN1Set) SignedDataParser(com.github.zhenwei.pkix.util.asn1.cms.SignedDataParser) DERTaggedObject(com.github.zhenwei.core.asn1.DERTaggedObject) BERSequenceGenerator(com.github.zhenwei.core.asn1.BERSequenceGenerator) ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) ASN1StreamParser(com.github.zhenwei.core.asn1.ASN1StreamParser)

Aggregations

IOException (java.io.IOException)4 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)4 ASN1StreamParser (org.bouncycastle.asn1.ASN1StreamParser)4 CertprofileException (org.xipki.ca.api.profile.CertprofileException)4 HashMap (java.util.HashMap)3 ConstantExtValue (org.xipki.ca.certprofile.x509.jaxb.ConstantExtValue)3 ExtensionType (org.xipki.ca.certprofile.x509.jaxb.ExtensionType)3 ASN1StreamParser (com.github.zhenwei.core.asn1.ASN1StreamParser)2 BERSequenceGenerator (com.github.zhenwei.core.asn1.BERSequenceGenerator)2 ContentInfoParser (com.github.zhenwei.pkix.util.asn1.cms.ContentInfoParser)2 SignedDataParser (com.github.zhenwei.pkix.util.asn1.cms.SignedDataParser)2 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)2 ExtensionValue (org.xipki.ca.api.profile.ExtensionValue)2 QaExtensionValue (org.xipki.ca.qa.internal.QaExtensionValue)2 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)1 ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)1 DERSet (com.github.zhenwei.core.asn1.DERSet)1 DERTaggedObject (com.github.zhenwei.core.asn1.DERTaggedObject)1 ArrayList (java.util.ArrayList)1 HashSet (java.util.HashSet)1