Search in sources :

Example 1 with ASN1TaggedObject

use of com.github.zhenwei.core.asn1.ASN1TaggedObject in project OpenUnison by TremoloSecurity.

the class X509ExtensionParsingUtil method extractTaggedObjects.

/**
 * Returns a {@link HashMap} whose keys represent the tags and whose values represent the values
 * of a {@link DLSequence}.
 */
public static HashMap<Integer, ASN1Primitive> extractTaggedObjects(ASN1Sequence asn1Sequence) throws CertificateParsingException {
    HashMap<Integer, ASN1Primitive> taggedObjects = new HashMap<Integer, ASN1Primitive>();
    for (ASN1Encodable asn1EncodablePurpose : asn1Sequence.toArray()) {
        if (asn1EncodablePurpose == null || !(asn1EncodablePurpose instanceof ASN1TaggedObject)) {
            throw new CertificateParsingException("Expected DERTagged object");
        }
        ASN1TaggedObject asn1TaggedObject = (ASN1TaggedObject) asn1EncodablePurpose;
        taggedObjects.put(Integer.valueOf(asn1TaggedObject.getTagNo()), asn1TaggedObject.getObject());
    }
    return taggedObjects;
}
Also used : ASN1Integer(org.bouncycastle.asn1.ASN1Integer) BigInteger(java.math.BigInteger) CertificateParsingException(java.security.cert.CertificateParsingException) HashMap(java.util.HashMap) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)

Example 2 with ASN1TaggedObject

use of com.github.zhenwei.core.asn1.ASN1TaggedObject in project OpenUnison by TremoloSecurity.

the class UpnExtractor method loadNTPrincipal.

private String loadNTPrincipal(X509Certificate[] certs) throws CertificateParsingException, IOException {
    X509Certificate cert = certs[0];
    Collection<List<?>> subjectAlternativeNames = cert.getSubjectAlternativeNames();
    if (subjectAlternativeNames != null && !subjectAlternativeNames.isEmpty()) {
        for (List<?> subjectAltName : subjectAlternativeNames) {
            if (((Integer) subjectAltName.get(0)) == GeneralName.otherName) {
                ASN1InputStream asn1Input = new ASN1InputStream((byte[]) subjectAltName.get(1));
                ASN1Primitive derObject = asn1Input.readObject();
                DLSequence seq = (DLSequence) derObject;
                ASN1ObjectIdentifier id = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0));
                if (id.getId().equals("1.3.6.1.4.1.311.20.2.3")) {
                    ASN1TaggedObject obj = (ASN1TaggedObject) seq.getObjectAt(1);
                    DERUTF8String str = null;
                    while (str == null) {
                        if (obj.getObject() instanceof DERTaggedObject) {
                            obj = (ASN1TaggedObject) obj.getObject();
                        } else if (obj.getObject() instanceof DERUTF8String) {
                            str = (DERUTF8String) obj.getObject();
                        } else {
                            asn1Input.close();
                            return null;
                        }
                    }
                    asn1Input.close();
                    return str.getString();
                }
            }
        }
    }
    return null;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DLSequence(org.bouncycastle.asn1.DLSequence) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) List(java.util.List) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) X509Certificate(java.security.cert.X509Certificate) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 3 with ASN1TaggedObject

use of com.github.zhenwei.core.asn1.ASN1TaggedObject in project documentproduction by qld-gov-au.

the class CertificateVerifier method downloadExtraCertificates.

/**
 * Download extra certificates from the URI mentioned in id-ad-caIssuers in the "authority
 * information access" extension. The method is lenient, i.e. catches all exceptions.
 *
 * @param ext an X509 object that can have extensions.
 *
 * @return a certificate set, never null.
 * @throws ExecutionException
 */
public static Set<X509Certificate> downloadExtraCertificates(X509Extension ext) throws ExecutionException {
    // https://tools.ietf.org/html/rfc2459#section-4.2.2.1
    // https://tools.ietf.org/html/rfc3280#section-4.2.2.1
    // https://tools.ietf.org/html/rfc4325
    Set<X509Certificate> resultSet = new HashSet<X509Certificate>();
    byte[] authorityExtensionValue = ext.getExtensionValue(Extension.authorityInfoAccess.getId());
    if (authorityExtensionValue == null) {
        return resultSet;
    }
    ASN1Primitive asn1Prim;
    try {
        asn1Prim = JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue);
    } catch (IOException ex) {
        LOG.warn(ex.getMessage(), ex);
        return resultSet;
    }
    if (!(asn1Prim instanceof ASN1Sequence)) {
        LOG.warn("ASN1Sequence expected, got " + asn1Prim.getClass().getSimpleName());
        return resultSet;
    }
    ASN1Sequence asn1Seq = (ASN1Sequence) asn1Prim;
    Enumeration<?> objects = asn1Seq.getObjects();
    while (objects.hasMoreElements()) {
        // AccessDescription
        ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
        ASN1Encodable oid = obj.getObjectAt(0);
        if (!X509ObjectIdentifiers.id_ad_caIssuers.equals(oid)) {
            continue;
        }
        ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
        ASN1OctetString uri = (ASN1OctetString) location.getObject();
        String urlString = new String(uri.getOctets());
        LOG.info("CA issuers URL: " + urlString);
        Collection<? extends Certificate> altCerts = ISSUER_CERTS.get(urlString);
        for (Certificate altCert : altCerts) {
            resultSet.add((X509Certificate) altCert);
        }
        LOG.info("CA issuers URL: " + altCerts.size() + " certificate(s) downloaded");
    }
    LOG.info("CA issuers: Downloaded " + resultSet.size() + " certificate(s) total");
    return resultSet;
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) IOException(java.io.IOException) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) X509Certificate(java.security.cert.X509Certificate) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) HashSet(java.util.HashSet) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 4 with ASN1TaggedObject

use of com.github.zhenwei.core.asn1.ASN1TaggedObject in project documentproduction by qld-gov-au.

the class CertificateVerifier method extractOCSPURL.

/**
 * Extract the OCSP URL from an X.509 certificate if available.
 *
 * @param cert X.509 certificate
 * @return the URL of the OCSP validation service
 * @throws IOException
 */
private static String extractOCSPURL(X509Certificate cert) throws IOException {
    byte[] authorityExtensionValue = cert.getExtensionValue(Extension.authorityInfoAccess.getId());
    if (authorityExtensionValue != null) {
        // copied from CertInformationHelper.getAuthorityInfoExtensionValue()
        // DRY refactor should be done some day
        ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue);
        Enumeration<?> objects = asn1Seq.getObjects();
        while (objects.hasMoreElements()) {
            // AccessDescription
            ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
            ASN1Encodable oid = obj.getObjectAt(0);
            // accessLocation
            ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
            if (X509ObjectIdentifiers.id_ad_ocsp.equals(oid) && location.getTagNo() == GeneralName.uniformResourceIdentifier) {
                ASN1OctetString url = (ASN1OctetString) location.getObject();
                String ocspURL = new String(url.getOctets());
                LOG.info("OCSP URL: " + ocspURL);
                return ocspURL;
            }
        }
    }
    return null;
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)

Example 5 with ASN1TaggedObject

use of com.github.zhenwei.core.asn1.ASN1TaggedObject in project documentproduction by qld-gov-au.

the class CertInformationCollector method getAuthorityInfoExtensionValue.

static void getAuthorityInfoExtensionValue(byte[] extensionValue, CertSignatureInformation certInfo) throws IOException {
    ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(extensionValue);
    Enumeration<?> objects = asn1Seq.getObjects();
    while (objects.hasMoreElements()) {
        // AccessDescription
        ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
        ASN1Encodable oid = obj.getObjectAt(0);
        // accessLocation
        ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
        if (X509ObjectIdentifiers.id_ad_ocsp.equals(oid) && location.getTagNo() == GeneralName.uniformResourceIdentifier) {
            ASN1OctetString url = (ASN1OctetString) location.getObject();
            certInfo.setOcspUrl(new String(url.getOctets()));
        } else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(oid)) {
            ASN1OctetString uri = (ASN1OctetString) location.getObject();
            certInfo.setIssuerUrl(new String(uri.getOctets()));
        }
    }
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)

Aggregations

ASN1TaggedObject (org.bouncycastle.asn1.ASN1TaggedObject)57 IOException (java.io.IOException)37 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)37 ASN1TaggedObject (com.github.zhenwei.core.asn1.ASN1TaggedObject)30 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)22 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)22 Enumeration (java.util.Enumeration)18 X509Certificate (java.security.cert.X509Certificate)16 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)16 List (java.util.List)15 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)15 ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)13 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)13 ArrayList (java.util.ArrayList)12 DEROctetString (org.bouncycastle.asn1.DEROctetString)11 BigInteger (java.math.BigInteger)10 CertPathValidatorException (java.security.cert.CertPathValidatorException)10 GeneralSecurityException (java.security.GeneralSecurityException)9 CertPathBuilderException (java.security.cert.CertPathBuilderException)9 CertificateExpiredException (java.security.cert.CertificateExpiredException)9