use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.
the class CMSAuthenticatedDataParser method getUnauthAttrs.
/**
* return a table of the unauthenticated attributes indexed by the OID of the attribute.
*
* @throws IOException
*/
public AttributeTable getUnauthAttrs() throws IOException {
if (unauthAttrs == null && unauthAttrNotRead) {
ASN1SetParser set = authData.getUnauthAttrs();
unauthAttrNotRead = false;
if (set != null) {
ASN1EncodableVector v = new ASN1EncodableVector();
ASN1Encodable o;
while ((o = set.readObject()) != null) {
ASN1SequenceParser seq = (ASN1SequenceParser) o;
v.add(seq.toASN1Primitive());
}
unauthAttrs = new AttributeTable(new DERSet(v));
}
}
return unauthAttrs;
}
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.
the class DefaultAuthenticatedAttributeTableGenerator method createStandardAttributeTable.
/**
* Create a standard attribute table from the passed in parameters - this will normally include
* contentType and messageDigest. If the constructor using an AttributeTable was used, entries in
* it for contentType and messageDigest will override the generated ones.
*
* @param parameters source parameters for table generation.
* @return a filled in Hashtable of attributes.
*/
protected Hashtable createStandardAttributeTable(Map parameters) {
Hashtable std = new Hashtable();
for (Enumeration en = table.keys(); en.hasMoreElements(); ) {
Object key = en.nextElement();
std.put(key, table.get(key));
}
if (!std.containsKey(CMSAttributes.contentType)) {
ASN1ObjectIdentifier contentType = ASN1ObjectIdentifier.getInstance(parameters.get(CMSAttributeTableGenerator.CONTENT_TYPE));
Attribute attr = new Attribute(CMSAttributes.contentType, new DERSet(contentType));
std.put(attr.getAttrType(), attr);
}
if (!std.containsKey(CMSAttributes.messageDigest)) {
byte[] messageDigest = (byte[]) parameters.get(CMSAttributeTableGenerator.DIGEST);
Attribute attr = new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(messageDigest)));
std.put(attr.getAttrType(), attr);
}
if (!std.contains(CMSAttributes.cmsAlgorithmProtect)) {
Attribute attr = new Attribute(CMSAttributes.cmsAlgorithmProtect, new DERSet(new CMSAlgorithmProtection((AlgorithmIdentifier) parameters.get(CMSAttributeTableGenerator.DIGEST_ALGORITHM_IDENTIFIER), CMSAlgorithmProtection.MAC, (AlgorithmIdentifier) parameters.get(CMSAttributeTableGenerator.MAC_ALGORITHM_IDENTIFIER))));
std.put(attr.getAttrType(), attr);
}
return std;
}
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.
the class DefaultSignedAttributeTableGenerator method createStandardAttributeTable.
/**
* Create a standard attribute table from the passed in parameters - this will normally include
* contentType, signingTime, messageDigest, and CMS algorithm protection. If the constructor using
* an AttributeTable was used, entries in it for contentType, signingTime, and messageDigest will
* override the generated ones.
*
* @param parameters source parameters for table generation.
* @return a filled in Hashtable of attributes.
*/
protected Hashtable createStandardAttributeTable(Map parameters) {
Hashtable std = copyHashTable(table);
if (!std.containsKey(CMSAttributes.contentType)) {
ASN1ObjectIdentifier contentType = ASN1ObjectIdentifier.getInstance(parameters.get(CMSAttributeTableGenerator.CONTENT_TYPE));
// contentType will be null if we're trying to generate a counter signature.
if (contentType != null) {
Attribute attr = new Attribute(CMSAttributes.contentType, new DERSet(contentType));
std.put(attr.getAttrType(), attr);
}
}
if (!std.containsKey(CMSAttributes.signingTime)) {
Date signingTime = new Date();
Attribute attr = new Attribute(CMSAttributes.signingTime, new DERSet(new Time(signingTime)));
std.put(attr.getAttrType(), attr);
}
if (!std.containsKey(CMSAttributes.messageDigest)) {
byte[] messageDigest = (byte[]) parameters.get(CMSAttributeTableGenerator.DIGEST);
Attribute attr = new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(messageDigest)));
std.put(attr.getAttrType(), attr);
}
if (!std.contains(CMSAttributes.cmsAlgorithmProtect)) {
Attribute attr = new Attribute(CMSAttributes.cmsAlgorithmProtect, new DERSet(new CMSAlgorithmProtection((AlgorithmIdentifier) parameters.get(CMSAttributeTableGenerator.DIGEST_ALGORITHM_IDENTIFIER), CMSAlgorithmProtection.SIGNATURE, (AlgorithmIdentifier) parameters.get(CMSAttributeTableGenerator.SIGNATURE_ALGORITHM_IDENTIFIER))));
std.put(attr.getAttrType(), attr);
}
return std;
}
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.
the class ESTService method getCSRAttributes.
/**
* Fetch he CSR Attributes from the server.
*
* @return A CSRRequestResponse with the attributes.
* @throws ESTException
*/
public CSRRequestResponse getCSRAttributes() throws ESTException {
if (!clientProvider.isTrusted()) {
throw new IllegalStateException("No trust anchors.");
}
ESTResponse resp = null;
CSRAttributesResponse response = null;
Exception finalThrowable = null;
URL url = null;
try {
url = new URL(server + CSRATTRS);
ESTClient client = clientProvider.makeClient();
ESTRequest req = new ESTRequestBuilder("GET", url).withClient(client).build();
resp = client.doRequest(req);
switch(resp.getStatusCode()) {
case 200:
try {
if (resp.getContentLength() != null && resp.getContentLength() > 0) {
ASN1InputStream ain = new ASN1InputStream(resp.getInputStream());
ASN1Sequence seq = ASN1Sequence.getInstance(ain.readObject());
response = new CSRAttributesResponse(CsrAttrs.getInstance(seq));
}
} catch (Throwable ex) {
throw new ESTException("Decoding CACerts: " + url.toString() + " " + ex.getMessage(), ex, resp.getStatusCode(), resp.getInputStream());
}
break;
case 204:
response = null;
break;
case 404:
response = null;
break;
default:
throw new ESTException("CSR Attribute request: " + req.getURL().toString(), null, resp.getStatusCode(), resp.getInputStream());
}
} catch (Throwable t) {
if (t instanceof ESTException) {
throw (ESTException) t;
} else {
throw new ESTException(t.getMessage(), t);
}
} finally {
if (resp != null) {
try {
resp.close();
} catch (Exception ex) {
finalThrowable = ex;
}
}
}
if (finalThrowable != null) {
if (finalThrowable instanceof ESTException) {
throw (ESTException) finalThrowable;
}
throw new ESTException(finalThrowable.getMessage(), finalThrowable, resp.getStatusCode(), null);
}
return new CSRRequestResponse(response, resp.getSource());
}
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.
the class RFC3280CertPathUtilities method processCRLB1.
/**
* If the DP includes cRLIssuer, then verify that the issuer field in the complete CRL matches
* cRLIssuer in the DP and that the complete CRL contains an issuing distribution point extension
* with the indirectCRL boolean asserted. Otherwise, verify that the CRL issuer matches the
* certificate issuer.
*
* @param dp The distribution point.
* @param cert The certificate ot attribute certificate.
* @param crl The CRL for <code>cert</code>.
* @throws AnnotatedException if one of the above conditions does not apply or an error occurs.
*/
protected static void processCRLB1(DistributionPoint dp, Object cert, X509CRL crl) throws AnnotatedException {
ASN1Primitive idp = RevocationUtilities.getExtensionValue(crl, Extension.issuingDistributionPoint);
boolean isIndirect = false;
if (idp != null) {
if (IssuingDistributionPoint.getInstance(idp).isIndirectCRL()) {
isIndirect = true;
}
}
byte[] issuerBytes;
issuerBytes = crl.getIssuerX500Principal().getEncoded();
boolean matchIssuer = false;
if (dp.getCRLIssuer() != null) {
GeneralName[] genNames = dp.getCRLIssuer().getNames();
for (int j = 0; j < genNames.length; j++) {
if (genNames[j].getTagNo() == GeneralName.directoryName) {
try {
if (Arrays.areEqual(genNames[j].getName().toASN1Primitive().getEncoded(), issuerBytes)) {
matchIssuer = true;
}
} catch (IOException e) {
throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e);
}
}
}
if (matchIssuer && !isIndirect) {
throw new AnnotatedException("Distribution point contains cRLIssuer field but CRL is not indirect.");
}
if (!matchIssuer) {
throw new AnnotatedException("CRL issuer of CRL does not match CRL issuer of distribution point.");
}
} else {
if (crl.getIssuerX500Principal().equals(((X509Certificate) cert).getIssuerX500Principal())) {
matchIssuer = true;
}
}
if (!matchIssuer) {
throw new AnnotatedException("Cannot find matching CRL issuer for certificate.");
}
}
Aggregations