Search in sources :

Example 31 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.

the class CMSAuthenticatedDataParser method getUnauthAttrs.

/**
 * return a table of the unauthenticated attributes indexed by the OID of the attribute.
 *
 * @throws IOException
 */
public AttributeTable getUnauthAttrs() throws IOException {
    if (unauthAttrs == null && unauthAttrNotRead) {
        ASN1SetParser set = authData.getUnauthAttrs();
        unauthAttrNotRead = false;
        if (set != null) {
            ASN1EncodableVector v = new ASN1EncodableVector();
            ASN1Encodable o;
            while ((o = set.readObject()) != null) {
                ASN1SequenceParser seq = (ASN1SequenceParser) o;
                v.add(seq.toASN1Primitive());
            }
            unauthAttrs = new AttributeTable(new DERSet(v));
        }
    }
    return unauthAttrs;
}
Also used : ASN1SequenceParser(com.github.zhenwei.core.asn1.ASN1SequenceParser) ASN1SetParser(com.github.zhenwei.core.asn1.ASN1SetParser) AttributeTable(com.github.zhenwei.pkix.util.asn1.cms.AttributeTable) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) ASN1Encodable(com.github.zhenwei.core.asn1.ASN1Encodable) DERSet(com.github.zhenwei.core.asn1.DERSet)

Example 32 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.

the class DefaultAuthenticatedAttributeTableGenerator method createStandardAttributeTable.

/**
 * Create a standard attribute table from the passed in parameters - this will normally include
 * contentType and messageDigest. If the constructor using an AttributeTable was used, entries in
 * it for contentType and messageDigest will override the generated ones.
 *
 * @param parameters source parameters for table generation.
 * @return a filled in Hashtable of attributes.
 */
protected Hashtable createStandardAttributeTable(Map parameters) {
    Hashtable std = new Hashtable();
    for (Enumeration en = table.keys(); en.hasMoreElements(); ) {
        Object key = en.nextElement();
        std.put(key, table.get(key));
    }
    if (!std.containsKey(CMSAttributes.contentType)) {
        ASN1ObjectIdentifier contentType = ASN1ObjectIdentifier.getInstance(parameters.get(CMSAttributeTableGenerator.CONTENT_TYPE));
        Attribute attr = new Attribute(CMSAttributes.contentType, new DERSet(contentType));
        std.put(attr.getAttrType(), attr);
    }
    if (!std.containsKey(CMSAttributes.messageDigest)) {
        byte[] messageDigest = (byte[]) parameters.get(CMSAttributeTableGenerator.DIGEST);
        Attribute attr = new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(messageDigest)));
        std.put(attr.getAttrType(), attr);
    }
    if (!std.contains(CMSAttributes.cmsAlgorithmProtect)) {
        Attribute attr = new Attribute(CMSAttributes.cmsAlgorithmProtect, new DERSet(new CMSAlgorithmProtection((AlgorithmIdentifier) parameters.get(CMSAttributeTableGenerator.DIGEST_ALGORITHM_IDENTIFIER), CMSAlgorithmProtection.MAC, (AlgorithmIdentifier) parameters.get(CMSAttributeTableGenerator.MAC_ALGORITHM_IDENTIFIER))));
        std.put(attr.getAttrType(), attr);
    }
    return std;
}
Also used : Enumeration(java.util.Enumeration) CMSAlgorithmProtection(com.github.zhenwei.pkix.util.asn1.cms.CMSAlgorithmProtection) Attribute(com.github.zhenwei.pkix.util.asn1.cms.Attribute) Hashtable(java.util.Hashtable) DERSet(com.github.zhenwei.core.asn1.DERSet) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)

Example 33 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.

the class DefaultSignedAttributeTableGenerator method createStandardAttributeTable.

/**
 * Create a standard attribute table from the passed in parameters - this will normally include
 * contentType, signingTime, messageDigest, and CMS algorithm protection. If the constructor using
 * an AttributeTable was used, entries in it for contentType, signingTime, and messageDigest will
 * override the generated ones.
 *
 * @param parameters source parameters for table generation.
 * @return a filled in Hashtable of attributes.
 */
protected Hashtable createStandardAttributeTable(Map parameters) {
    Hashtable std = copyHashTable(table);
    if (!std.containsKey(CMSAttributes.contentType)) {
        ASN1ObjectIdentifier contentType = ASN1ObjectIdentifier.getInstance(parameters.get(CMSAttributeTableGenerator.CONTENT_TYPE));
        // contentType will be null if we're trying to generate a counter signature.
        if (contentType != null) {
            Attribute attr = new Attribute(CMSAttributes.contentType, new DERSet(contentType));
            std.put(attr.getAttrType(), attr);
        }
    }
    if (!std.containsKey(CMSAttributes.signingTime)) {
        Date signingTime = new Date();
        Attribute attr = new Attribute(CMSAttributes.signingTime, new DERSet(new Time(signingTime)));
        std.put(attr.getAttrType(), attr);
    }
    if (!std.containsKey(CMSAttributes.messageDigest)) {
        byte[] messageDigest = (byte[]) parameters.get(CMSAttributeTableGenerator.DIGEST);
        Attribute attr = new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(messageDigest)));
        std.put(attr.getAttrType(), attr);
    }
    if (!std.contains(CMSAttributes.cmsAlgorithmProtect)) {
        Attribute attr = new Attribute(CMSAttributes.cmsAlgorithmProtect, new DERSet(new CMSAlgorithmProtection((AlgorithmIdentifier) parameters.get(CMSAttributeTableGenerator.DIGEST_ALGORITHM_IDENTIFIER), CMSAlgorithmProtection.SIGNATURE, (AlgorithmIdentifier) parameters.get(CMSAttributeTableGenerator.SIGNATURE_ALGORITHM_IDENTIFIER))));
        std.put(attr.getAttrType(), attr);
    }
    return std;
}
Also used : CMSAlgorithmProtection(com.github.zhenwei.pkix.util.asn1.cms.CMSAlgorithmProtection) Attribute(com.github.zhenwei.pkix.util.asn1.cms.Attribute) Hashtable(java.util.Hashtable) Time(com.github.zhenwei.pkix.util.asn1.cms.Time) DERSet(com.github.zhenwei.core.asn1.DERSet) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) Date(java.util.Date) DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)

Example 34 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.

the class ESTService method getCSRAttributes.

/**
 * Fetch he CSR Attributes from the server.
 *
 * @return A CSRRequestResponse with the attributes.
 * @throws ESTException
 */
public CSRRequestResponse getCSRAttributes() throws ESTException {
    if (!clientProvider.isTrusted()) {
        throw new IllegalStateException("No trust anchors.");
    }
    ESTResponse resp = null;
    CSRAttributesResponse response = null;
    Exception finalThrowable = null;
    URL url = null;
    try {
        url = new URL(server + CSRATTRS);
        ESTClient client = clientProvider.makeClient();
        ESTRequest req = new ESTRequestBuilder("GET", url).withClient(client).build();
        resp = client.doRequest(req);
        switch(resp.getStatusCode()) {
            case 200:
                try {
                    if (resp.getContentLength() != null && resp.getContentLength() > 0) {
                        ASN1InputStream ain = new ASN1InputStream(resp.getInputStream());
                        ASN1Sequence seq = ASN1Sequence.getInstance(ain.readObject());
                        response = new CSRAttributesResponse(CsrAttrs.getInstance(seq));
                    }
                } catch (Throwable ex) {
                    throw new ESTException("Decoding CACerts: " + url.toString() + " " + ex.getMessage(), ex, resp.getStatusCode(), resp.getInputStream());
                }
                break;
            case 204:
                response = null;
                break;
            case 404:
                response = null;
                break;
            default:
                throw new ESTException("CSR Attribute request: " + req.getURL().toString(), null, resp.getStatusCode(), resp.getInputStream());
        }
    } catch (Throwable t) {
        if (t instanceof ESTException) {
            throw (ESTException) t;
        } else {
            throw new ESTException(t.getMessage(), t);
        }
    } finally {
        if (resp != null) {
            try {
                resp.close();
            } catch (Exception ex) {
                finalThrowable = ex;
            }
        }
    }
    if (finalThrowable != null) {
        if (finalThrowable instanceof ESTException) {
            throw (ESTException) finalThrowable;
        }
        throw new ESTException(finalThrowable.getMessage(), finalThrowable, resp.getStatusCode(), null);
    }
    return new CSRRequestResponse(response, resp.getSource());
}
Also used : ASN1InputStream(com.github.zhenwei.core.asn1.ASN1InputStream) IOException(java.io.IOException) CMCException(com.github.zhenwei.pkix.cmc.CMCException) URL(java.net.URL) ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence)

Example 35 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.

the class RFC3280CertPathUtilities method processCRLB1.

/**
 * If the DP includes cRLIssuer, then verify that the issuer field in the complete CRL matches
 * cRLIssuer in the DP and that the complete CRL contains an issuing distribution point extension
 * with the indirectCRL boolean asserted. Otherwise, verify that the CRL issuer matches the
 * certificate issuer.
 *
 * @param dp   The distribution point.
 * @param cert The certificate ot attribute certificate.
 * @param crl  The CRL for <code>cert</code>.
 * @throws AnnotatedException if one of the above conditions does not apply or an error occurs.
 */
protected static void processCRLB1(DistributionPoint dp, Object cert, X509CRL crl) throws AnnotatedException {
    ASN1Primitive idp = RevocationUtilities.getExtensionValue(crl, Extension.issuingDistributionPoint);
    boolean isIndirect = false;
    if (idp != null) {
        if (IssuingDistributionPoint.getInstance(idp).isIndirectCRL()) {
            isIndirect = true;
        }
    }
    byte[] issuerBytes;
    issuerBytes = crl.getIssuerX500Principal().getEncoded();
    boolean matchIssuer = false;
    if (dp.getCRLIssuer() != null) {
        GeneralName[] genNames = dp.getCRLIssuer().getNames();
        for (int j = 0; j < genNames.length; j++) {
            if (genNames[j].getTagNo() == GeneralName.directoryName) {
                try {
                    if (Arrays.areEqual(genNames[j].getName().toASN1Primitive().getEncoded(), issuerBytes)) {
                        matchIssuer = true;
                    }
                } catch (IOException e) {
                    throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e);
                }
            }
        }
        if (matchIssuer && !isIndirect) {
            throw new AnnotatedException("Distribution point contains cRLIssuer field but CRL is not indirect.");
        }
        if (!matchIssuer) {
            throw new AnnotatedException("CRL issuer of CRL does not match CRL issuer of distribution point.");
        }
    } else {
        if (crl.getIssuerX500Principal().equals(((X509Certificate) cert).getIssuerX500Principal())) {
            matchIssuer = true;
        }
    }
    if (!matchIssuer) {
        throw new AnnotatedException("Cannot find matching CRL issuer for certificate.");
    }
}
Also used : GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName) IOException(java.io.IOException) ASN1Primitive(com.github.zhenwei.core.asn1.ASN1Primitive) DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint) IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint) CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)

Aggregations

Attribute (org.bouncycastle.asn1.pkcs.Attribute)36 IOException (java.io.IOException)25 Extensions (org.bouncycastle.asn1.x509.Extensions)18 ArrayList (java.util.ArrayList)17 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)15 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)13 List (java.util.List)12 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)12 GeneralName (org.bouncycastle.asn1.x509.GeneralName)12 ASN1Set (org.bouncycastle.asn1.ASN1Set)10 ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)9 Iterator (java.util.Iterator)9 CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)8 DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)8 AttributeTable (com.github.zhenwei.pkix.util.asn1.cms.AttributeTable)8 Enumeration (java.util.Enumeration)8 X500Name (org.bouncycastle.asn1.x500.X500Name)8 Attribute (com.github.zhenwei.pkix.util.asn1.cms.Attribute)7 GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)6 GeneralSecurityException (java.security.GeneralSecurityException)6