Examples with Attribute com.github.zhenwei.core.asn1.pkcs.Attribute used on opensource projects

Example 61 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.

the class PKCS10CertificationRequest method getRequestedExtensions.

public Extensions getRequestedExtensions() {
    Attribute[] attributes = getAttributes();
    for (int i = 0; i != attributes.length; i++) {
        Attribute encodable = attributes[i];
        if (encodable.getAttrType() == PKCSObjectIdentifiers.pkcs_9_at_extensionRequest) {
            ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
            ASN1Sequence extensionSequence = ASN1Sequence.getInstance(encodable.getAttrValues().getObjectAt(0));
            for (Enumeration en = extensionSequence.getObjects(); en.hasMoreElements(); ) {
                ASN1Sequence itemSeq = ASN1Sequence.getInstance(en.nextElement());
                boolean critical = itemSeq.size() == 3 && ASN1Boolean.getInstance(itemSeq.getObjectAt(1)).isTrue();
                if (itemSeq.size() == 2) {
                    extensionsGenerator.addExtension(ASN1ObjectIdentifier.getInstance(itemSeq.getObjectAt(0)), false, ASN1OctetString.getInstance(itemSeq.getObjectAt(1)).getOctets());
                } else if (itemSeq.size() == 3) {
                    extensionsGenerator.addExtension(ASN1ObjectIdentifier.getInstance(itemSeq.getObjectAt(0)), critical, ASN1OctetString.getInstance(itemSeq.getObjectAt(2)).getOctets());
                } else {
                    throw new IllegalArgumentException("incorrect sequence size of Extension get " + itemSeq.size() + " expected 2 or three");
                }
            }
            return extensionsGenerator.generate();
        }
    }
    return null;
}

Example 62 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.

the class TimeStampToken method validate.

/**
 * Validate the time stamp token.
 * <p>
 * To be valid the token must be signed by the passed in certificate and the certificate must be
 * the one referred to by the SigningCertificate attribute included in the hashed attributes of
 * the token. The certificate must also have the ExtendedKeyUsageExtension with only
 * KeyPurposeId.id_kp_timeStamping and have been valid at the time the timestamp was created.
 * </p>
 * <p>
 * A successful call to validate means all the above are true.
 * </p>
 *
 * @param sigVerifier the content verifier create the objects required to verify the CMS object in
 *                    the timestamp.
 * @throws TSPException             if an exception occurs in processing the token.
 * @throws TSPValidationException   if the certificate or signature fail to be valid.
 * @throws IllegalArgumentException if the sigVerifierProvider has no associated certificate.
 */
public void validate(SignerInformationVerifier sigVerifier) throws TSPException, TSPValidationException {
    if (!sigVerifier.hasAssociatedCertificate()) {
        throw new IllegalArgumentException("verifier provider needs an associated certificate");
    }
    try {
        X509CertificateHolder certHolder = sigVerifier.getAssociatedCertificate();
        DigestCalculator calc = sigVerifier.getDigestCalculator(certID.getHashAlgorithm());
        OutputStream cOut = calc.getOutputStream();
        cOut.write(certHolder.getEncoded());
        cOut.close();
        if (!Arrays.constantTimeAreEqual(certID.getCertHash(), calc.getDigest())) {
            throw new TSPValidationException("certificate hash does not match certID hash.");
        }
        if (certID.getIssuerSerial() != null) {
            IssuerAndSerialNumber issuerSerial = new IssuerAndSerialNumber(certHolder.toASN1Structure());
            if (!certID.getIssuerSerial().getSerial().equals(issuerSerial.getSerialNumber())) {
                throw new TSPValidationException("certificate serial number does not match certID for signature.");
            }
            GeneralName[] names = certID.getIssuerSerial().getIssuer().getNames();
            boolean found = false;
            for (int i = 0; i != names.length; i++) {
                if (names[i].getTagNo() == 4 && X500Name.getInstance(names[i].getName()).equals(X500Name.getInstance(issuerSerial.getName()))) {
                    found = true;
                    break;
                }
            }
            if (!found) {
                throw new TSPValidationException("certificate name does not match certID for signature. ");
            }
        }
        TSPUtil.validateCertificate(certHolder);
        if (!certHolder.isValidOn(tstInfo.getGenTime())) {
            throw new TSPValidationException("certificate not valid when time stamp created.");
        }
        if (!tsaSignerInfo.verify(sigVerifier)) {
            throw new TSPValidationException("signature not created by certificate.");
        }
    } catch (CMSException e) {
        if (e.getUnderlyingException() != null) {
            throw new TSPException(e.getMessage(), e.getUnderlyingException());
        } else {
            throw new TSPException("CMS exception: " + e, e);
        }
    } catch (IOException e) {
        throw new TSPException("problem processing certificate: " + e, e);
    } catch (OperatorCreationException e) {
        throw new TSPException("unable to create digest: " + e.getMessage(), e);
    }
}

Example 63 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.

the class X509AttributeCertificateHolder method getAttributes.

/**
 * Return an  array of attributes matching the passed in type OID.
 *
 * @param type the type of the attribute being looked for.
 * @return an array of Attribute of the requested type, zero length if none present.
 */
public Attribute[] getAttributes(ASN1ObjectIdentifier type) {
    ASN1Sequence seq = attrCert.getAcinfo().getAttributes();
    List list = new ArrayList();
    for (int i = 0; i != seq.size(); i++) {
        Attribute attr = Attribute.getInstance(seq.getObjectAt(i));
        if (attr.getAttrType().equals(type)) {
            list.add(attr);
        }
    }
    if (list.size() == 0) {
        return EMPTY_ARRAY;
    }
    return (Attribute[]) list.toArray(new Attribute[list.size()]);
}

Example 64 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.

the class CMSSignedData method replaceCertificatesAndCRLs.

/**
 * Replace the certificate and CRL information associated with this CMSSignedData object with the
 * new one passed in.
 *
 * @param signedData   the signed data object to be used as a base.
 * @param certificates the new certificates to be used.
 * @param attrCerts    the new attribute certificates to be used.
 * @param revocations  the new CRLs to be used - a collection of X509CRLHolder objects,
 *                     OtherRevocationInfoFormat, or both.
 * @return a new signed data object.
 * @throws CMSException if there is an error processing the CertStore
 */
public static CMSSignedData replaceCertificatesAndCRLs(CMSSignedData signedData, Store certificates, Store attrCerts, Store revocations) throws CMSException {
    // 
    // copy
    // 
    CMSSignedData cms = new CMSSignedData(signedData);
    // 
    // replace the certs and revocations in the SignedData object
    // 
    ASN1Set certSet = null;
    ASN1Set crlSet = null;
    if (certificates != null || attrCerts != null) {
        List certs = new ArrayList();
        if (certificates != null) {
            certs.addAll(CMSUtils.getCertificatesFromStore(certificates));
        }
        if (attrCerts != null) {
            certs.addAll(CMSUtils.getAttributeCertificatesFromStore(attrCerts));
        }
        ASN1Set set = CMSUtils.createBerSetFromList(certs);
        if (set.size() != 0) {
            certSet = set;
        }
    }
    if (revocations != null) {
        ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(revocations));
        if (set.size() != 0) {
            crlSet = set;
        }
    }
    // 
    // replace the CMS structure.
    // 
    cms.signedData = new SignedData(signedData.signedData.getDigestAlgorithms(), signedData.signedData.getEncapContentInfo(), certSet, crlSet, signedData.signedData.getSignerInfos());
    // 
    // replace the contentInfo with the new one
    // 
    cms.contentInfo = new ContentInfo(cms.contentInfo.getContentType(), cms.signedData);
    return cms;
}

Example 65 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.

the class CMSSignedDataParser method replaceCertificatesAndCRLs.

/**
 * Replace the certificate and CRL information associated with this CMSSignedData object with the
 * new one passed in.
 * <p>
 * The output stream is returned unclosed.
 * </p>
 *
 * @param original  the signed data stream to be used as a base.
 * @param certs     new certificates to be used, if any.
 * @param crls      new CRLs to be used, if any.
 * @param attrCerts new attribute certificates to be used, if any.
 * @param out       the stream to write the new signed data object to.
 * @return out.
 * @throws CMSException if there is an error processing the CertStore
 */
public static OutputStream replaceCertificatesAndCRLs(InputStream original, Store certs, Store crls, Store attrCerts, OutputStream out) throws CMSException, IOException {
    ASN1StreamParser in = new ASN1StreamParser(original);
    ContentInfoParser contentInfo = new ContentInfoParser((ASN1SequenceParser) in.readObject());
    SignedDataParser signedData = SignedDataParser.getInstance(contentInfo.getContent(BERTags.SEQUENCE));
    BERSequenceGenerator sGen = new BERSequenceGenerator(out);
    sGen.addObject(CMSObjectIdentifiers.signedData);
    BERSequenceGenerator sigGen = new BERSequenceGenerator(sGen.getRawOutputStream(), 0, true);
    // version number
    sigGen.addObject(signedData.getVersion());
    // digests
    sigGen.getRawOutputStream().write(signedData.getDigestAlgorithms().toASN1Primitive().getEncoded());
    // encap content info
    ContentInfoParser encapContentInfo = signedData.getEncapContentInfo();
    BERSequenceGenerator eiGen = new BERSequenceGenerator(sigGen.getRawOutputStream());
    eiGen.addObject(encapContentInfo.getContentType());
    pipeEncapsulatedOctetString(encapContentInfo, eiGen.getRawOutputStream());
    eiGen.close();
    // 
    // skip existing certs and CRLs
    // 
    getASN1Set(signedData.getCertificates());
    getASN1Set(signedData.getCrls());
    // 
    if (certs != null || attrCerts != null) {
        List certificates = new ArrayList();
        if (certs != null) {
            certificates.addAll(CMSUtils.getCertificatesFromStore(certs));
        }
        if (attrCerts != null) {
            certificates.addAll(CMSUtils.getAttributeCertificatesFromStore(attrCerts));
        }
        ASN1Set asn1Certs = CMSUtils.createBerSetFromList(certificates);
        if (asn1Certs.size() > 0) {
            sigGen.getRawOutputStream().write(new DERTaggedObject(false, 0, asn1Certs).getEncoded());
        }
    }
    if (crls != null) {
        ASN1Set asn1Crls = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(crls));
        if (asn1Crls.size() > 0) {
            sigGen.getRawOutputStream().write(new DERTaggedObject(false, 1, asn1Crls).getEncoded());
        }
    }
    sigGen.getRawOutputStream().write(signedData.getSignerInfos().toASN1Primitive().getEncoded());
    sigGen.close();
    sGen.close();
    return out;
}