Search in sources :

Example 71 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.

the class AttributeTable method addAttribute.

private void addAttribute(ASN1ObjectIdentifier oid, Attribute a) {
    Object value = attributes.get(oid);
    if (value == null) {
        attributes.put(oid, a);
    } else {
        Vector v;
        if (value instanceof Attribute) {
            v = new Vector();
            v.addElement(value);
            v.addElement(a);
        } else {
            v = (Vector) value;
            v.addElement(a);
        }
        attributes.put(oid, v);
    }
}
Also used : ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) Vector(java.util.Vector)

Example 72 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.

the class RFC3280CertPathUtilities method processCRLB1.

/**
 * If the DP includes cRLIssuer, then verify that the issuer field in the complete CRL matches
 * cRLIssuer in the DP and that the complete CRL contains an issuing distribution point extension
 * with the indirectCRL boolean asserted. Otherwise, verify that the CRL issuer matches the
 * certificate issuer.
 *
 * @param dp   The distribution point.
 * @param cert The certificate ot attribute certificate.
 * @param crl  The CRL for <code>cert</code>.
 * @throws AnnotatedException if one of the above conditions does not apply or an error occurs.
 */
protected static void processCRLB1(DistributionPoint dp, Object cert, X509CRL crl) throws AnnotatedException {
    ASN1Primitive idp = CertPathValidatorUtilities.getExtensionValue(crl, ISSUING_DISTRIBUTION_POINT);
    boolean isIndirect = false;
    if (idp != null) {
        if (IssuingDistributionPoint.getInstance(idp).isIndirectCRL()) {
            isIndirect = true;
        }
    }
    byte[] issuerBytes;
    try {
        issuerBytes = PrincipalUtils.getIssuerPrincipal(crl).getEncoded();
    } catch (IOException e) {
        throw new AnnotatedException("Exception encoding CRL issuer: " + e.getMessage(), e);
    }
    boolean matchIssuer = false;
    if (dp.getCRLIssuer() != null) {
        GeneralName[] genNames = dp.getCRLIssuer().getNames();
        for (int j = 0; j < genNames.length; j++) {
            if (genNames[j].getTagNo() == GeneralName.directoryName) {
                try {
                    if (Arrays.areEqual(genNames[j].getName().toASN1Primitive().getEncoded(), issuerBytes)) {
                        matchIssuer = true;
                    }
                } catch (IOException e) {
                    throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e);
                }
            }
        }
        if (matchIssuer && !isIndirect) {
            throw new AnnotatedException("Distribution point contains cRLIssuer field but CRL is not indirect.");
        }
        if (!matchIssuer) {
            throw new AnnotatedException("CRL issuer of CRL does not match CRL issuer of distribution point.");
        }
    } else {
        if (PrincipalUtils.getIssuerPrincipal(crl).equals(PrincipalUtils.getEncodedIssuerPrincipal(cert))) {
            matchIssuer = true;
        }
    }
    if (!matchIssuer) {
        throw new AnnotatedException("Cannot find matching CRL issuer for certificate.");
    }
}
Also used : IOException(java.io.IOException) GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName) ASN1Primitive(com.github.zhenwei.core.asn1.ASN1Primitive) IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint) CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint) DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)

Example 73 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.

the class CertPathValidatorUtilities method findCertificates.

/**
 * Return a Collection of all certificates or attribute certificates found in the X509Store's that
 * are matching the certSelect criteriums.
 *
 * @param certSelect a {@link Selector} object that will be used to select the certificates
 * @param certStores a List containing only {@link X509Store} objects. These are used to search
 *                   for certificates.
 * @return a Collection of all found {@link X509Certificate} or {@link
 * com.github.zhenwei.provider.x509.X509AttributeCertificate} objects. May be empty but never
 * <code>null</code>.
 */
protected static Collection findCertificates(X509CertStoreSelector certSelect, List certStores) throws AnnotatedException {
    Set certs = new HashSet();
    Iterator iter = certStores.iterator();
    com.github.zhenwei.provider.jcajce.provider.asymmetric.x509.CertificateFactory certFact = new com.github.zhenwei.provider.jcajce.provider.asymmetric.x509.CertificateFactory();
    while (iter.hasNext()) {
        Object obj = iter.next();
        if (obj instanceof Store) {
            Store certStore = (Store) obj;
            try {
                for (Iterator it = certStore.getMatches(certSelect).iterator(); it.hasNext(); ) {
                    Object cert = it.next();
                    if (cert instanceof Encodable) {
                        certs.add(certFact.engineGenerateCertificate(new ByteArrayInputStream(((Encodable) cert).getEncoded())));
                    } else if (cert instanceof Certificate) {
                        certs.add(cert);
                    } else {
                        throw new AnnotatedException("Unknown object found in certificate store.");
                    }
                }
            } catch (StoreException e) {
                throw new AnnotatedException("Problem while picking certificates from X.509 store.", e);
            } catch (IOException e) {
                throw new AnnotatedException("Problem while extracting certificates from X.509 store.", e);
            } catch (CertificateException e) {
                throw new AnnotatedException("Problem while extracting certificates from X.509 store.", e);
            }
        } else {
            CertStore certStore = (CertStore) obj;
            try {
                certs.addAll(certStore.getCertificates(certSelect));
            } catch (CertStoreException e) {
                throw new AnnotatedException("Problem while picking certificates from certificate store.", e);
            }
        }
    }
    return certs;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) CertStoreException(java.security.cert.CertStoreException) Store(com.github.zhenwei.core.util.Store) CertStore(java.security.cert.CertStore) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) CertStoreException(java.security.cert.CertStoreException) StoreException(com.github.zhenwei.core.util.StoreException) ByteArrayInputStream(java.io.ByteArrayInputStream) Iterator(java.util.Iterator) Encodable(com.github.zhenwei.core.util.Encodable) ASN1Encodable(com.github.zhenwei.core.asn1.ASN1Encodable) CertStore(java.security.cert.CertStore) HashSet(java.util.HashSet) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)

Example 74 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project ca3sCore by kuehne-trustable-de.

the class OrderController method collectAllSANS.

@NotNull
private Set<String> collectAllSANS(Pkcs10RequestHolder p10Holder) {
    /*
         * retrieve all the requested SANs contained in the CSR
         */
    Set<String> snSet = new HashSet<>();
    // consider subject's CN as a possible source of names to verified
    for (RDN rdn : p10Holder.getSubjectRDNs()) {
        for (AttributeTypeAndValue atv : rdn.getTypesAndValues()) {
            if (BCStyle.CN.equals(atv.getType())) {
                String cnValue = atv.getValue().toString();
                LOG.debug("cn found in CSR: " + cnValue);
                snSet.add(cnValue);
            }
        }
    }
    // add all SANs as source of names to verified
    for (Attribute csrAttr : p10Holder.getReqAttributes()) {
        String attrOid = csrAttr.getAttrType().getId();
        String attrReadableName = OidNameMapper.lookupOid(attrOid);
        if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(csrAttr.getAttrType())) {
            LOG.debug("CSR contains extensionRequest");
            retrieveSANFromCSRAttribute(snSet, csrAttr);
        } else if ("certReqExtensions".equals(attrReadableName)) {
            LOG.debug("CSR contains attrReadableName");
            retrieveSANFromCSRAttribute(snSet, csrAttr);
        } else {
            String value = getASN1ValueAsString(csrAttr);
            LOG.debug("found attrReadableName '{}' with value '{}'", attrReadableName, value);
        }
    }
    return snSet;
}
Also used : CertificateAttribute(de.trustable.ca3s.core.domain.CertificateAttribute) Attribute(org.bouncycastle.asn1.pkcs.Attribute) RDN(org.bouncycastle.asn1.x500.RDN) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue) HashSet(java.util.HashSet) NotNull(org.jetbrains.annotations.NotNull)

Example 75 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project ca3sCore by kuehne-trustable-de.

the class CSRUtil method getSANList.

/**
 * @param reqAttributes
 * @return
 */
public static Set<GeneralName> getSANList(Attribute[] reqAttributes) {
    Set<GeneralName> generalNameSet = new HashSet<>();
    for (Attribute attr : reqAttributes) {
        if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
            Extensions extensions = Extensions.getInstance(attr.getAttrValues().getObjectAt(0));
            GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
            if (gns != null) {
                GeneralName[] names = gns.getNames();
                for (GeneralName name : names) {
                    LOG.info("Type: " + name.getTagNo() + " | Name: " + name.getName());
                    generalNameSet.add(name);
                }
            }
        }
    }
    return generalNameSet;
}
Also used : Attribute(org.bouncycastle.asn1.pkcs.Attribute) HashSet(java.util.HashSet)

Aggregations

Attribute (org.bouncycastle.asn1.pkcs.Attribute)36 IOException (java.io.IOException)25 Extensions (org.bouncycastle.asn1.x509.Extensions)18 ArrayList (java.util.ArrayList)17 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)15 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)13 List (java.util.List)12 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)12 GeneralName (org.bouncycastle.asn1.x509.GeneralName)12 ASN1Set (org.bouncycastle.asn1.ASN1Set)10 ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)9 Iterator (java.util.Iterator)9 CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)8 DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)8 AttributeTable (com.github.zhenwei.pkix.util.asn1.cms.AttributeTable)8 Enumeration (java.util.Enumeration)8 X500Name (org.bouncycastle.asn1.x500.X500Name)8 Attribute (com.github.zhenwei.pkix.util.asn1.cms.Attribute)7 GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)6 GeneralSecurityException (java.security.GeneralSecurityException)6