Search in sources :

Example 36 with DERIA5String

use of com.github.zhenwei.core.asn1.DERIA5String in project athenz by AthenZ.

the class CryptoTest method testX509CSRrequestWithPrivateKeyOnly.

@Test(dataProvider = "x500Principal")
public void testX509CSRrequestWithPrivateKeyOnly(String x500Principal, boolean badRequest) {
    PrivateKey privateKey = Crypto.loadPrivateKey(rsaPrivateKey);
    String certRequest = null;
    GeneralName otherName1 = new GeneralName(GeneralName.otherName, new DERIA5String("role1"));
    GeneralName otherName2 = new GeneralName(GeneralName.otherName, new DERIA5String("role2"));
    GeneralName[] sanArray = new GeneralName[] { otherName1, otherName2 };
    try {
        certRequest = Crypto.generateX509CSR(privateKey, x500Principal, sanArray);
    } catch (Exception e) {
        if (!badRequest) {
            fail("Should not have failed to create csr");
        }
    }
    if (!badRequest) {
        // Now validate the csr
        Crypto.getPKCS10CertRequest(certRequest);
    }
}
Also used : DERIA5String(org.bouncycastle.asn1.DERIA5String) DERIA5String(org.bouncycastle.asn1.DERIA5String) GeneralName(org.bouncycastle.asn1.x509.GeneralName) Test(org.testng.annotations.Test)

Example 37 with DERIA5String

use of com.github.zhenwei.core.asn1.DERIA5String in project jans by JanssenProject.

the class CRLCertificateVerifier method getCrlUri.

public String getCrlUri(X509Certificate certificate) throws IOException {
    ASN1Primitive obj;
    try {
        obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId());
    } catch (IOException ex) {
        log.error("Failed to get CRL URL", ex);
        return null;
    }
    if (obj == null) {
        return null;
    }
    CRLDistPoint distPoint = CRLDistPoint.getInstance(obj);
    DistributionPoint[] distributionPoints = distPoint.getDistributionPoints();
    for (DistributionPoint distributionPoint : distributionPoints) {
        DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
        if (DistributionPointName.FULL_NAME != distributionPointName.getType()) {
            continue;
        }
        GeneralNames generalNames = (GeneralNames) distributionPointName.getName();
        GeneralName[] names = generalNames.getNames();
        for (GeneralName name : names) {
            if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
                continue;
            }
            DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
            return derStr.getString();
        }
    }
    return null;
}
Also used : DERIA5String(org.bouncycastle.asn1.DERIA5String) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName) IOException(java.io.IOException) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Example 38 with DERIA5String

use of com.github.zhenwei.core.asn1.DERIA5String in project LinLong-Java by zhenwei1108.

the class CMSTimeStampedDataGenerator method generate.

public CMSTimeStampedData generate(TimeStampToken timeStamp, InputStream content) throws CMSException {
    ByteArrayOutputStream contentOut = new ByteArrayOutputStream();
    if (content != null) {
        try {
            Streams.pipeAll(content, contentOut);
        } catch (IOException e) {
            throw new CMSException("exception encapsulating content: " + e.getMessage(), e);
        }
    }
    ASN1OctetString encContent = null;
    if (contentOut.size() != 0) {
        encContent = new BEROctetString(contentOut.toByteArray());
    }
    TimeStampAndCRL stamp = new TimeStampAndCRL(timeStamp.toCMSSignedData().toASN1Structure());
    ASN1IA5String asn1DataUri = null;
    if (dataUri != null) {
        asn1DataUri = new DERIA5String(dataUri.toString());
    }
    return new CMSTimeStampedData(new ContentInfo(CMSObjectIdentifiers.timestampedData, new TimeStampedData(asn1DataUri, metaData, encContent, new Evidence(new TimeStampTokenEvidence(stamp)))));
}
Also used : ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) TimeStampAndCRL(com.github.zhenwei.pkix.util.asn1.cms.TimeStampAndCRL) TimeStampTokenEvidence(com.github.zhenwei.pkix.util.asn1.cms.TimeStampTokenEvidence) DERIA5String(com.github.zhenwei.core.asn1.DERIA5String) BEROctetString(com.github.zhenwei.core.asn1.BEROctetString) ContentInfo(com.github.zhenwei.pkix.util.asn1.cms.ContentInfo) ASN1IA5String(com.github.zhenwei.core.asn1.ASN1IA5String) TimeStampedData(com.github.zhenwei.pkix.util.asn1.cms.TimeStampedData) TimeStampTokenEvidence(com.github.zhenwei.pkix.util.asn1.cms.TimeStampTokenEvidence) Evidence(com.github.zhenwei.pkix.util.asn1.cms.Evidence) CMSException(com.github.zhenwei.pkix.cms.CMSException)

Example 39 with DERIA5String

use of com.github.zhenwei.core.asn1.DERIA5String in project LinLong-Java by zhenwei1108.

the class NetscapeCertRequest method toASN1Primitive.

public ASN1Primitive toASN1Primitive() {
    ASN1EncodableVector spkac = new ASN1EncodableVector();
    ASN1EncodableVector pkac = new ASN1EncodableVector();
    try {
        pkac.add(getKeySpec());
    } catch (Exception e) {
    // ignore
    }
    pkac.add(new DERIA5String(challenge));
    spkac.add(new DERSequence(pkac));
    spkac.add(sigAlg);
    spkac.add(new DERBitString(sigBits));
    return new DERSequence(spkac);
}
Also used : DERIA5String(com.github.zhenwei.core.asn1.DERIA5String) DERSequence(com.github.zhenwei.core.asn1.DERSequence) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) DERBitString(com.github.zhenwei.core.asn1.DERBitString) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) SignatureException(java.security.SignatureException) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) NoSuchProviderException(java.security.NoSuchProviderException)

Example 40 with DERIA5String

use of com.github.zhenwei.core.asn1.DERIA5String in project module-ballerina-http by ballerina-platform.

the class CRLVerifier method getCrlDistributionPoints.

/**
 * Extracts all CRL distribution point URLs from the "CRL Distribution Point"
 * extension in a X.509 certificate. If CRL distribution point extension is
 * unavailable, returns an empty list.
 */
private List<String> getCrlDistributionPoints(X509Certificate cert) throws CertificateVerificationException {
    // Gets the DER-encoded OCTET string for the extension value for CRLDistributionPoints.
    byte[] crlDPExtensionValue = cert.getExtensionValue(Extension.cRLDistributionPoints.getId());
    if (crlDPExtensionValue == null) {
        throw new CertificateVerificationException("Certificate doesn't have CRL distribution points");
    }
    // crlDPExtensionValue is encoded in ASN.1 format.
    ASN1InputStream asn1In = new ASN1InputStream(crlDPExtensionValue);
    // DER (Distinguished Encoding Rules) is one of ASN.1 encoding rules defined in ITU-T X.690, 2002, specification.
    // ASN.1 encoding rules can be used to encode any data object into a binary file. Read the object in octets.
    CRLDistPoint distPoint;
    try {
        DEROctetString crlDEROctetString = (DEROctetString) asn1In.readObject();
        // Get Input stream in octets.
        distPoint = getOctetInputStream(crlDEROctetString);
    } catch (IOException e) {
        throw new CertificateVerificationException("Cannot read certificate to get CRL URLs", e);
    } finally {
        try {
            asn1In.close();
        } catch (IOException e) {
            LOG.error("Cannot close input stream", e);
        }
    }
    List<String> crlUrls = new ArrayList<>();
    // Loop through ASN1Encodable DistributionPoints.
    for (DistributionPoint dp : distPoint.getDistributionPoints()) {
        // get ASN1Encodable DistributionPointName.
        DistributionPointName dpn = dp.getDistributionPoint();
        if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) {
            // Create ASN1Encodable General Names.
            GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
            // Look for a URI
            for (GeneralName genName : genNames) {
                if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) {
                    // DERIA5String contains an ascii string.
                    // A IA5String is a restricted character string type in the ASN.1 notation.
                    String url = DERIA5String.getInstance(genName.getName()).getString().trim();
                    crlUrls.add(url);
                }
            }
        }
    }
    if (crlUrls.isEmpty()) {
        throw new CertificateVerificationException("Cant get CRL urls from certificate");
    }
    return crlUrls;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ArrayList(java.util.ArrayList) DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName) IOException(java.io.IOException) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DEROctetString(org.bouncycastle.asn1.DEROctetString) CertificateVerificationException(io.ballerina.stdlib.http.transport.contractimpl.common.certificatevalidation.CertificateVerificationException) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) GeneralName(org.bouncycastle.asn1.x509.GeneralName) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Aggregations

DERIA5String (org.bouncycastle.asn1.DERIA5String)80 IOException (java.io.IOException)55 GeneralName (org.bouncycastle.asn1.x509.GeneralName)29 DEROctetString (org.bouncycastle.asn1.DEROctetString)22 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)21 DERSequence (org.bouncycastle.asn1.DERSequence)17 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)16 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)15 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)14 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)14 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)12 DERBitString (org.bouncycastle.asn1.DERBitString)12 SignatureException (java.security.SignatureException)10 ArrayList (java.util.ArrayList)10 DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)10 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)10 HashSet (java.util.HashSet)9 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)9 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)9 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)8