Example 71 with Attribute
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.
the class AttributeTable method addAttribute.
private void addAttribute(ASN1ObjectIdentifier oid, Attribute a) {
Object value = attributes.get(oid);
if (value == null) {
attributes.put(oid, a);
} else {
Vector v;
if (value instanceof Attribute) {
v = new Vector();
v.addElement(value);
v.addElement(a);
} else {
v = (Vector) value;
v.addElement(a);
}
attributes.put(oid, v);
}
}
Also used :
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
Vector(java.util.Vector)
Example 72 with Attribute
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.
the class RFC3280CertPathUtilities method processCRLB1.
/**
* If the DP includes cRLIssuer, then verify that the issuer field in the complete CRL matches
* cRLIssuer in the DP and that the complete CRL contains an issuing distribution point extension
* with the indirectCRL boolean asserted. Otherwise, verify that the CRL issuer matches the
* certificate issuer.
*
* @param dp The distribution point.
* @param cert The certificate ot attribute certificate.
* @param crl The CRL for <code>cert</code>.
* @throws AnnotatedException if one of the above conditions does not apply or an error occurs.
*/
protected static void processCRLB1(DistributionPoint dp, Object cert, X509CRL crl) throws AnnotatedException {
ASN1Primitive idp = CertPathValidatorUtilities.getExtensionValue(crl, ISSUING_DISTRIBUTION_POINT);
boolean isIndirect = false;
if (idp != null) {
if (IssuingDistributionPoint.getInstance(idp).isIndirectCRL()) {
isIndirect = true;
}
}
byte[] issuerBytes;
try {
issuerBytes = PrincipalUtils.getIssuerPrincipal(crl).getEncoded();
} catch (IOException e) {
throw new AnnotatedException("Exception encoding CRL issuer: " + e.getMessage(), e);
}
boolean matchIssuer = false;
if (dp.getCRLIssuer() != null) {
GeneralName[] genNames = dp.getCRLIssuer().getNames();
for (int j = 0; j < genNames.length; j++) {
if (genNames[j].getTagNo() == GeneralName.directoryName) {
try {
if (Arrays.areEqual(genNames[j].getName().toASN1Primitive().getEncoded(), issuerBytes)) {
matchIssuer = true;
}
} catch (IOException e) {
throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e);
}
}
}
if (matchIssuer && !isIndirect) {
throw new AnnotatedException("Distribution point contains cRLIssuer field but CRL is not indirect.");
}
if (!matchIssuer) {
throw new AnnotatedException("CRL issuer of CRL does not match CRL issuer of distribution point.");
}
} else {
if (PrincipalUtils.getIssuerPrincipal(crl).equals(PrincipalUtils.getEncodedIssuerPrincipal(cert))) {
matchIssuer = true;
}
}
if (!matchIssuer) {
throw new AnnotatedException("Cannot find matching CRL issuer for certificate.");
}
}
Also used :
IOException(java.io.IOException)
GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName)
ASN1Primitive(com.github.zhenwei.core.asn1.ASN1Primitive)
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
Example 73 with Attribute
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.
the class CertPathValidatorUtilities method findCertificates.
/**
* Return a Collection of all certificates or attribute certificates found in the X509Store's that
* are matching the certSelect criteriums.
*
* @param certSelect a {@link Selector} object that will be used to select the certificates
* @param certStores a List containing only {@link X509Store} objects. These are used to search
* for certificates.
* @return a Collection of all found {@link X509Certificate} or {@link
* com.github.zhenwei.provider.x509.X509AttributeCertificate} objects. May be empty but never
* <code>null</code>.
*/
protected static Collection findCertificates(X509CertStoreSelector certSelect, List certStores) throws AnnotatedException {
Set certs = new HashSet();
Iterator iter = certStores.iterator();
com.github.zhenwei.provider.jcajce.provider.asymmetric.x509.CertificateFactory certFact = new com.github.zhenwei.provider.jcajce.provider.asymmetric.x509.CertificateFactory();
while (iter.hasNext()) {
Object obj = iter.next();
if (obj instanceof Store) {
Store certStore = (Store) obj;
try {
for (Iterator it = certStore.getMatches(certSelect).iterator(); it.hasNext(); ) {
Object cert = it.next();
if (cert instanceof Encodable) {
certs.add(certFact.engineGenerateCertificate(new ByteArrayInputStream(((Encodable) cert).getEncoded())));
} else if (cert instanceof Certificate) {
certs.add(cert);
} else {
throw new AnnotatedException("Unknown object found in certificate store.");
}
}
} catch (StoreException e) {
throw new AnnotatedException("Problem while picking certificates from X.509 store.", e);
} catch (IOException e) {
throw new AnnotatedException("Problem while extracting certificates from X.509 store.", e);
} catch (CertificateException e) {
throw new AnnotatedException("Problem while extracting certificates from X.509 store.", e);
}
} else {
CertStore certStore = (CertStore) obj;
try {
certs.addAll(certStore.getCertificates(certSelect));
} catch (CertStoreException e) {
throw new AnnotatedException("Problem while picking certificates from certificate store.", e);
}
}
}
return certs;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
CertStoreException(java.security.cert.CertStoreException)
Store(com.github.zhenwei.core.util.Store)
CertStore(java.security.cert.CertStore)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
CertStoreException(java.security.cert.CertStoreException)
StoreException(com.github.zhenwei.core.util.StoreException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Iterator(java.util.Iterator)
Encodable(com.github.zhenwei.core.util.Encodable)
ASN1Encodable(com.github.zhenwei.core.asn1.ASN1Encodable)
CertStore(java.security.cert.CertStore)
HashSet(java.util.HashSet)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)
Example 74 with Attribute
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project ca3sCore by kuehne-trustable-de.
the class OrderController method collectAllSANS.
@NotNull
private Set<String> collectAllSANS(Pkcs10RequestHolder p10Holder) {
/*
* retrieve all the requested SANs contained in the CSR
*/
Set<String> snSet = new HashSet<>();
// consider subject's CN as a possible source of names to verified
for (RDN rdn : p10Holder.getSubjectRDNs()) {
for (AttributeTypeAndValue atv : rdn.getTypesAndValues()) {
if (BCStyle.CN.equals(atv.getType())) {
String cnValue = atv.getValue().toString();
LOG.debug("cn found in CSR: " + cnValue);
snSet.add(cnValue);
}
}
}
// add all SANs as source of names to verified
for (Attribute csrAttr : p10Holder.getReqAttributes()) {
String attrOid = csrAttr.getAttrType().getId();
String attrReadableName = OidNameMapper.lookupOid(attrOid);
if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(csrAttr.getAttrType())) {
LOG.debug("CSR contains extensionRequest");
retrieveSANFromCSRAttribute(snSet, csrAttr);
} else if ("certReqExtensions".equals(attrReadableName)) {
LOG.debug("CSR contains attrReadableName");
retrieveSANFromCSRAttribute(snSet, csrAttr);
} else {
String value = getASN1ValueAsString(csrAttr);
LOG.debug("found attrReadableName '{}' with value '{}'", attrReadableName, value);
}
}
return snSet;
}
Also used :
CertificateAttribute(de.trustable.ca3s.core.domain.CertificateAttribute)
Attribute(org.bouncycastle.asn1.pkcs.Attribute)
RDN(org.bouncycastle.asn1.x500.RDN)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
HashSet(java.util.HashSet)
NotNull(org.jetbrains.annotations.NotNull)
Example 75 with Attribute
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project ca3sCore by kuehne-trustable-de.
the class CSRUtil method getSANList.
/**
* @param reqAttributes
* @return
*/
public static Set<GeneralName> getSANList(Attribute[] reqAttributes) {
Set<GeneralName> generalNameSet = new HashSet<>();
for (Attribute attr : reqAttributes) {
if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
Extensions extensions = Extensions.getInstance(attr.getAttrValues().getObjectAt(0));
GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
if (gns != null) {
GeneralName[] names = gns.getNames();
for (GeneralName name : names) {
LOG.info("Type: " + name.getTagNo() + " | Name: " + name.getName());
generalNameSet.add(name);
}
}
}
}
return generalNameSet;
}Aggregations
Attribute (org.bouncycastle.asn1.pkcs.Attribute)36
IOException (java.io.IOException)25
Extensions (org.bouncycastle.asn1.x509.Extensions)18
ArrayList (java.util.ArrayList)17
ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)15
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)13
List (java.util.List)12
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)12
GeneralName (org.bouncycastle.asn1.x509.GeneralName)12
ASN1Set (org.bouncycastle.asn1.ASN1Set)10
ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)9
Iterator (java.util.Iterator)9
CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)8
DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)8
AttributeTable (com.github.zhenwei.pkix.util.asn1.cms.AttributeTable)8
Enumeration (java.util.Enumeration)8
X500Name (org.bouncycastle.asn1.x500.X500Name)8
Attribute (com.github.zhenwei.pkix.util.asn1.cms.Attribute)7
GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)6
GeneralSecurityException (java.security.GeneralSecurityException)6
