use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.
the class AttributeTable method addAttribute.
private void addAttribute(ASN1ObjectIdentifier oid, Attribute a) {
Object value = attributes.get(oid);
if (value == null) {
attributes.put(oid, a);
} else {
Vector v;
if (value instanceof Attribute) {
v = new Vector();
v.addElement(value);
v.addElement(a);
} else {
v = (Vector) value;
v.addElement(a);
}
attributes.put(oid, v);
}
}
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.
the class RFC3280CertPathUtilities method processCRLB1.
/**
* If the DP includes cRLIssuer, then verify that the issuer field in the complete CRL matches
* cRLIssuer in the DP and that the complete CRL contains an issuing distribution point extension
* with the indirectCRL boolean asserted. Otherwise, verify that the CRL issuer matches the
* certificate issuer.
*
* @param dp The distribution point.
* @param cert The certificate ot attribute certificate.
* @param crl The CRL for <code>cert</code>.
* @throws AnnotatedException if one of the above conditions does not apply or an error occurs.
*/
protected static void processCRLB1(DistributionPoint dp, Object cert, X509CRL crl) throws AnnotatedException {
ASN1Primitive idp = CertPathValidatorUtilities.getExtensionValue(crl, ISSUING_DISTRIBUTION_POINT);
boolean isIndirect = false;
if (idp != null) {
if (IssuingDistributionPoint.getInstance(idp).isIndirectCRL()) {
isIndirect = true;
}
}
byte[] issuerBytes;
try {
issuerBytes = PrincipalUtils.getIssuerPrincipal(crl).getEncoded();
} catch (IOException e) {
throw new AnnotatedException("Exception encoding CRL issuer: " + e.getMessage(), e);
}
boolean matchIssuer = false;
if (dp.getCRLIssuer() != null) {
GeneralName[] genNames = dp.getCRLIssuer().getNames();
for (int j = 0; j < genNames.length; j++) {
if (genNames[j].getTagNo() == GeneralName.directoryName) {
try {
if (Arrays.areEqual(genNames[j].getName().toASN1Primitive().getEncoded(), issuerBytes)) {
matchIssuer = true;
}
} catch (IOException e) {
throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e);
}
}
}
if (matchIssuer && !isIndirect) {
throw new AnnotatedException("Distribution point contains cRLIssuer field but CRL is not indirect.");
}
if (!matchIssuer) {
throw new AnnotatedException("CRL issuer of CRL does not match CRL issuer of distribution point.");
}
} else {
if (PrincipalUtils.getIssuerPrincipal(crl).equals(PrincipalUtils.getEncodedIssuerPrincipal(cert))) {
matchIssuer = true;
}
}
if (!matchIssuer) {
throw new AnnotatedException("Cannot find matching CRL issuer for certificate.");
}
}
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.
the class CertPathValidatorUtilities method findCertificates.
/**
* Return a Collection of all certificates or attribute certificates found in the X509Store's that
* are matching the certSelect criteriums.
*
* @param certSelect a {@link Selector} object that will be used to select the certificates
* @param certStores a List containing only {@link X509Store} objects. These are used to search
* for certificates.
* @return a Collection of all found {@link X509Certificate} or {@link
* com.github.zhenwei.provider.x509.X509AttributeCertificate} objects. May be empty but never
* <code>null</code>.
*/
protected static Collection findCertificates(X509CertStoreSelector certSelect, List certStores) throws AnnotatedException {
Set certs = new HashSet();
Iterator iter = certStores.iterator();
com.github.zhenwei.provider.jcajce.provider.asymmetric.x509.CertificateFactory certFact = new com.github.zhenwei.provider.jcajce.provider.asymmetric.x509.CertificateFactory();
while (iter.hasNext()) {
Object obj = iter.next();
if (obj instanceof Store) {
Store certStore = (Store) obj;
try {
for (Iterator it = certStore.getMatches(certSelect).iterator(); it.hasNext(); ) {
Object cert = it.next();
if (cert instanceof Encodable) {
certs.add(certFact.engineGenerateCertificate(new ByteArrayInputStream(((Encodable) cert).getEncoded())));
} else if (cert instanceof Certificate) {
certs.add(cert);
} else {
throw new AnnotatedException("Unknown object found in certificate store.");
}
}
} catch (StoreException e) {
throw new AnnotatedException("Problem while picking certificates from X.509 store.", e);
} catch (IOException e) {
throw new AnnotatedException("Problem while extracting certificates from X.509 store.", e);
} catch (CertificateException e) {
throw new AnnotatedException("Problem while extracting certificates from X.509 store.", e);
}
} else {
CertStore certStore = (CertStore) obj;
try {
certs.addAll(certStore.getCertificates(certSelect));
} catch (CertStoreException e) {
throw new AnnotatedException("Problem while picking certificates from certificate store.", e);
}
}
}
return certs;
}
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project ca3sCore by kuehne-trustable-de.
the class OrderController method collectAllSANS.
@NotNull
private Set<String> collectAllSANS(Pkcs10RequestHolder p10Holder) {
/*
* retrieve all the requested SANs contained in the CSR
*/
Set<String> snSet = new HashSet<>();
// consider subject's CN as a possible source of names to verified
for (RDN rdn : p10Holder.getSubjectRDNs()) {
for (AttributeTypeAndValue atv : rdn.getTypesAndValues()) {
if (BCStyle.CN.equals(atv.getType())) {
String cnValue = atv.getValue().toString();
LOG.debug("cn found in CSR: " + cnValue);
snSet.add(cnValue);
}
}
}
// add all SANs as source of names to verified
for (Attribute csrAttr : p10Holder.getReqAttributes()) {
String attrOid = csrAttr.getAttrType().getId();
String attrReadableName = OidNameMapper.lookupOid(attrOid);
if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(csrAttr.getAttrType())) {
LOG.debug("CSR contains extensionRequest");
retrieveSANFromCSRAttribute(snSet, csrAttr);
} else if ("certReqExtensions".equals(attrReadableName)) {
LOG.debug("CSR contains attrReadableName");
retrieveSANFromCSRAttribute(snSet, csrAttr);
} else {
String value = getASN1ValueAsString(csrAttr);
LOG.debug("found attrReadableName '{}' with value '{}'", attrReadableName, value);
}
}
return snSet;
}
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project ca3sCore by kuehne-trustable-de.
the class CSRUtil method getSANList.
/**
* @param reqAttributes
* @return
*/
public static Set<GeneralName> getSANList(Attribute[] reqAttributes) {
Set<GeneralName> generalNameSet = new HashSet<>();
for (Attribute attr : reqAttributes) {
if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
Extensions extensions = Extensions.getInstance(attr.getAttrValues().getObjectAt(0));
GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
if (gns != null) {
GeneralName[] names = gns.getNames();
for (GeneralName name : names) {
LOG.info("Type: " + name.getTagNo() + " | Name: " + name.getName());
generalNameSet.add(name);
}
}
}
}
return generalNameSet;
}
Aggregations