Example 41 with Attribute
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.
the class X509AttributeCertStoreSelector method match.
/**
* Decides if the given attribute certificate should be selected.
*
* @param obj The attribute certificate which should be checked.
* @return <code>true</code> if the attribute certificate can be selected,
* <code>false</code> otherwise.
*/
public boolean match(Object obj) {
if (!(obj instanceof X509AttributeCertificate)) {
return false;
}
X509AttributeCertificate attrCert = (X509AttributeCertificate) obj;
if (this.attributeCert != null) {
if (!this.attributeCert.equals(attrCert)) {
return false;
}
}
if (serialNumber != null) {
if (!attrCert.getSerialNumber().equals(serialNumber)) {
return false;
}
}
if (holder != null) {
if (!attrCert.getHolder().equals(holder)) {
return false;
}
}
if (issuer != null) {
if (!attrCert.getIssuer().equals(issuer)) {
return false;
}
}
if (attributeCertificateValid != null) {
try {
attrCert.checkValidity(attributeCertificateValid);
} catch (CertificateExpiredException e) {
return false;
} catch (CertificateNotYetValidException e) {
return false;
}
}
if (!targetNames.isEmpty() || !targetGroups.isEmpty()) {
byte[] targetInfoExt = attrCert.getExtensionValue(Extension.targetInformation.getId());
if (targetInfoExt != null) {
TargetInformation targetinfo;
try {
targetinfo = TargetInformation.getInstance(new ASN1InputStream(((DEROctetString) DEROctetString.fromByteArray(targetInfoExt)).getOctets()).readObject());
} catch (IOException e) {
return false;
} catch (IllegalArgumentException e) {
return false;
}
Targets[] targetss = targetinfo.getTargetsObjects();
if (!targetNames.isEmpty()) {
boolean found = false;
for (int i = 0; i < targetss.length; i++) {
Targets t = targetss[i];
Target[] targets = t.getTargets();
for (int j = 0; j < targets.length; j++) {
if (targetNames.contains(GeneralName.getInstance(targets[j].getTargetName()))) {
found = true;
break;
}
}
}
if (!found) {
return false;
}
}
if (!targetGroups.isEmpty()) {
boolean found = false;
for (int i = 0; i < targetss.length; i++) {
Targets t = targetss[i];
Target[] targets = t.getTargets();
for (int j = 0; j < targets.length; j++) {
if (targetGroups.contains(GeneralName.getInstance(targets[j].getTargetGroup()))) {
found = true;
break;
}
}
}
if (!found) {
return false;
}
}
}
}
return true;
}
Also used :
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
ASN1InputStream(com.github.zhenwei.core.asn1.ASN1InputStream)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
Targets(com.github.zhenwei.core.asn1.x509.Targets)
IOException(java.io.IOException)
DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)
Target(com.github.zhenwei.core.asn1.x509.Target)
TargetInformation(com.github.zhenwei.core.asn1.x509.TargetInformation)
Example 42 with Attribute
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.
the class SubjectDirectoryAttributes method toASN1Primitive.
/**
* Produce an object suitable for an ASN1OutputStream.
* <p>
* Returns:
*
* <pre>
* SubjectDirectoryAttributes ::= Attributes
* Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
* Attribute ::= SEQUENCE
* {
* type AttributeType
* values SET OF AttributeValue
* }
*
* AttributeType ::= OBJECT IDENTIFIER
* AttributeValue ::= ANY DEFINED BY AttributeType
* </pre>
*
* @return a ASN1Primitive
*/
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector vec = new ASN1EncodableVector(attributes.size());
Enumeration e = attributes.elements();
while (e.hasMoreElements()) {
vec.add((Attribute) e.nextElement());
}
return new DERSequence(vec);
}
Also used :
Enumeration(java.util.Enumeration)
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
Example 43 with Attribute
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.
the class X509AttributeCertificateHolderSelector method match.
/**
* Decides if the given attribute certificate should be selected.
*
* @param obj The X509AttributeCertificateHolder which should be checked.
* @return <code>true</code> if the attribute certificate is a match
* <code>false</code> otherwise.
*/
public boolean match(Object obj) {
if (!(obj instanceof X509AttributeCertificateHolder)) {
return false;
}
X509AttributeCertificateHolder attrCert = (X509AttributeCertificateHolder) obj;
if (this.attributeCert != null) {
if (!this.attributeCert.equals(attrCert)) {
return false;
}
}
if (serialNumber != null) {
if (!attrCert.getSerialNumber().equals(serialNumber)) {
return false;
}
}
if (holder != null) {
if (!attrCert.getHolder().equals(holder)) {
return false;
}
}
if (issuer != null) {
if (!attrCert.getIssuer().equals(issuer)) {
return false;
}
}
if (attributeCertificateValid != null) {
if (!attrCert.isValidOn(attributeCertificateValid)) {
return false;
}
}
if (!targetNames.isEmpty() || !targetGroups.isEmpty()) {
Extension targetInfoExt = attrCert.getExtension(Extension.targetInformation);
if (targetInfoExt != null) {
TargetInformation targetinfo;
try {
targetinfo = TargetInformation.getInstance(targetInfoExt.getParsedValue());
} catch (IllegalArgumentException e) {
return false;
}
Targets[] targetss = targetinfo.getTargetsObjects();
if (!targetNames.isEmpty()) {
boolean found = false;
for (int i = 0; i < targetss.length; i++) {
Targets t = targetss[i];
Target[] targets = t.getTargets();
for (int j = 0; j < targets.length; j++) {
if (targetNames.contains(GeneralName.getInstance(targets[j].getTargetName()))) {
found = true;
break;
}
}
}
if (!found) {
return false;
}
}
if (!targetGroups.isEmpty()) {
boolean found = false;
for (int i = 0; i < targetss.length; i++) {
Targets t = targetss[i];
Target[] targets = t.getTargets();
for (int j = 0; j < targets.length; j++) {
if (targetGroups.contains(GeneralName.getInstance(targets[j].getTargetGroup()))) {
found = true;
break;
}
}
}
if (!found) {
return false;
}
}
}
}
return true;
}
Also used :
Extension(com.github.zhenwei.core.asn1.x509.Extension)
Target(com.github.zhenwei.core.asn1.x509.Target)
TargetInformation(com.github.zhenwei.core.asn1.x509.TargetInformation)
X509AttributeCertificateHolder(com.github.zhenwei.pkix.cert.X509AttributeCertificateHolder)
Targets(com.github.zhenwei.core.asn1.x509.Targets)
Example 44 with Attribute
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.
the class MiscPEMGenerator method createPemObject.
private PemObject createPemObject(Object o) throws IOException {
String type;
byte[] encoding;
if (o instanceof PemObject) {
return (PemObject) o;
}
if (o instanceof PemObjectGenerator) {
return ((PemObjectGenerator) o).generate();
}
if (o instanceof X509CertificateHolder) {
type = "CERTIFICATE";
encoding = ((X509CertificateHolder) o).getEncoded();
} else if (o instanceof X509CRLHolder) {
type = "X509 CRL";
encoding = ((X509CRLHolder) o).getEncoded();
} else if (o instanceof X509TrustedCertificateBlock) {
type = "TRUSTED CERTIFICATE";
encoding = ((X509TrustedCertificateBlock) o).getEncoded();
} else if (o instanceof PrivateKeyInfo) {
PrivateKeyInfo info = (PrivateKeyInfo) o;
ASN1ObjectIdentifier algOID = info.getPrivateKeyAlgorithm().getAlgorithm();
if (algOID.equals(PKCSObjectIdentifiers.rsaEncryption)) {
type = "RSA PRIVATE KEY";
encoding = info.parsePrivateKey().toASN1Primitive().getEncoded();
} else if (algOID.equals(dsaOids[0]) || algOID.equals(dsaOids[1])) {
type = "DSA PRIVATE KEY";
DSAParameter p = DSAParameter.getInstance(info.getPrivateKeyAlgorithm().getParameters());
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new ASN1Integer(0));
v.add(new ASN1Integer(p.getP()));
v.add(new ASN1Integer(p.getQ()));
v.add(new ASN1Integer(p.getG()));
BigInteger x = ASN1Integer.getInstance(info.parsePrivateKey()).getValue();
BigInteger y = p.getG().modPow(x, p.getP());
v.add(new ASN1Integer(y));
v.add(new ASN1Integer(x));
encoding = new DERSequence(v).getEncoded();
} else if (algOID.equals(X9ObjectIdentifiers.id_ecPublicKey)) {
type = "EC PRIVATE KEY";
encoding = info.parsePrivateKey().toASN1Primitive().getEncoded();
} else {
type = "PRIVATE KEY";
encoding = info.getEncoded();
}
} else if (o instanceof SubjectPublicKeyInfo) {
type = "PUBLIC KEY";
encoding = ((SubjectPublicKeyInfo) o).getEncoded();
} else if (o instanceof X509AttributeCertificateHolder) {
type = "ATTRIBUTE CERTIFICATE";
encoding = ((X509AttributeCertificateHolder) o).getEncoded();
} else if (o instanceof com.github.zhenwei.pkix.pkcs.PKCS10CertificationRequest) {
type = "CERTIFICATE REQUEST";
encoding = ((PKCS10CertificationRequest) o).getEncoded();
} else if (o instanceof PKCS8EncryptedPrivateKeyInfo) {
type = "ENCRYPTED PRIVATE KEY";
encoding = ((PKCS8EncryptedPrivateKeyInfo) o).getEncoded();
} else if (o instanceof ContentInfo) {
type = "PKCS7";
encoding = ((ContentInfo) o).getEncoded();
} else {
throw new PemGenerationException("unknown object passed - can't encode.");
}
if (encryptor != null) {
String dekAlgName = Strings.toUpperCase(encryptor.getAlgorithm());
// Note: For backward compatibility
if (dekAlgName.equals("DESEDE")) {
dekAlgName = "DES-EDE3-CBC";
}
byte[] iv = encryptor.getIV();
byte[] encData = encryptor.encrypt(encoding);
List headers = new ArrayList(2);
headers.add(new PemHeader("Proc-Type", "4,ENCRYPTED"));
headers.add(new PemHeader("DEK-Info", dekAlgName + "," + getHexEncoded(iv)));
return new PemObject(type, headers, encData);
}
return new PemObject(type, encoding);
}
Also used :
ArrayList(java.util.ArrayList)
SubjectPublicKeyInfo(com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo)
PemObjectGenerator(com.github.zhenwei.core.util.io.pem.PemObjectGenerator)
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
ContentInfo(com.github.zhenwei.pkix.util.asn1.cms.ContentInfo)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
ArrayList(java.util.ArrayList)
List(java.util.List)
DSAParameter(com.github.zhenwei.core.asn1.x509.DSAParameter)
PKCS10CertificationRequest(com.github.zhenwei.pkix.pkcs.PKCS10CertificationRequest)
PemGenerationException(com.github.zhenwei.core.util.io.pem.PemGenerationException)
X509AttributeCertificateHolder(com.github.zhenwei.pkix.cert.X509AttributeCertificateHolder)
ASN1Integer(com.github.zhenwei.core.asn1.ASN1Integer)
PKCS8EncryptedPrivateKeyInfo(com.github.zhenwei.pkix.pkcs.PKCS8EncryptedPrivateKeyInfo)
PemObject(com.github.zhenwei.core.util.io.pem.PemObject)
X509CertificateHolder(com.github.zhenwei.pkix.cert.X509CertificateHolder)
X509CRLHolder(com.github.zhenwei.pkix.cert.X509CRLHolder)
BigInteger(java.math.BigInteger)
PKCS8EncryptedPrivateKeyInfo(com.github.zhenwei.pkix.pkcs.PKCS8EncryptedPrivateKeyInfo)
PrivateKeyInfo(com.github.zhenwei.core.asn1.pkcs.PrivateKeyInfo)
ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)
PemHeader(com.github.zhenwei.core.util.io.pem.PemHeader)
Example 45 with Attribute
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.
the class TSPUtil method getSignatureTimestamps.
/**
* Fetches the signature time-stamp attributes from a SignerInformation object. Checks that the
* MessageImprint for each time-stamp matches the signature field. (see RFC 3161 Appendix A).
*
* @param signerInfo a SignerInformation to search for time-stamps
* @param digCalcProvider provider for digest calculators
* @return a collection of TimeStampToken objects
* @throws TSPValidationException
*/
public static Collection getSignatureTimestamps(SignerInformation signerInfo, DigestCalculatorProvider digCalcProvider) throws TSPValidationException {
List timestamps = new ArrayList();
AttributeTable unsignedAttrs = signerInfo.getUnsignedAttributes();
if (unsignedAttrs != null) {
ASN1EncodableVector allTSAttrs = unsignedAttrs.getAll(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken);
for (int i = 0; i < allTSAttrs.size(); ++i) {
Attribute tsAttr = (Attribute) allTSAttrs.get(i);
ASN1Set tsAttrValues = tsAttr.getAttrValues();
for (int j = 0; j < tsAttrValues.size(); ++j) {
try {
ContentInfo contentInfo = ContentInfo.getInstance(tsAttrValues.getObjectAt(j));
TimeStampToken timeStampToken = new TimeStampToken(contentInfo);
TimeStampTokenInfo tstInfo = timeStampToken.getTimeStampInfo();
DigestCalculator digCalc = digCalcProvider.get(tstInfo.getHashAlgorithm());
OutputStream dOut = digCalc.getOutputStream();
dOut.write(signerInfo.getSignature());
dOut.close();
byte[] expectedDigest = digCalc.getDigest();
if (!Arrays.constantTimeAreEqual(expectedDigest, tstInfo.getMessageImprintDigest())) {
throw new TSPValidationException("Incorrect digest in message imprint");
}
timestamps.add(timeStampToken);
} catch (OperatorCreationException e) {
throw new TSPValidationException("Unknown hash algorithm specified in timestamp");
} catch (Exception e) {
throw new TSPValidationException("Timestamp could not be parsed");
}
}
}
}
return timestamps;
}
Also used :
Attribute(com.github.zhenwei.pkix.util.asn1.cms.Attribute)
OutputStream(java.io.OutputStream)
ArrayList(java.util.ArrayList)
AttributeTable(com.github.zhenwei.pkix.util.asn1.cms.AttributeTable)
DigestCalculator(com.github.zhenwei.pkix.operator.DigestCalculator)
OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)
IOException(java.io.IOException)
ASN1Set(com.github.zhenwei.core.asn1.ASN1Set)
ContentInfo(com.github.zhenwei.pkix.util.asn1.cms.ContentInfo)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
ArrayList(java.util.ArrayList)
List(java.util.List)
OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)
Aggregations
Attribute (org.bouncycastle.asn1.pkcs.Attribute)36
IOException (java.io.IOException)25
Extensions (org.bouncycastle.asn1.x509.Extensions)18
ArrayList (java.util.ArrayList)17
ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)15
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)13
List (java.util.List)12
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)12
GeneralName (org.bouncycastle.asn1.x509.GeneralName)12
ASN1Set (org.bouncycastle.asn1.ASN1Set)10
ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)9
Iterator (java.util.Iterator)9
CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)8
DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)8
AttributeTable (com.github.zhenwei.pkix.util.asn1.cms.AttributeTable)8
Enumeration (java.util.Enumeration)8
X500Name (org.bouncycastle.asn1.x500.X500Name)8
Attribute (com.github.zhenwei.pkix.util.asn1.cms.Attribute)7
GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)6
GeneralSecurityException (java.security.GeneralSecurityException)6
