Examples with Extension com.github.zhenwei.core.asn1.x509.Extension used on opensource projects

Search in sources :

Example 21 with Extension

use of com.github.zhenwei.core.asn1.x509.Extension in project robovm by robovm.

the class RFC3280CertPathUtilities method processCertD.

protected static PKIXPolicyNode processCertD(CertPath certPath, int index, Set acceptablePolicies, PKIXPolicyNode validPolicyTree, List[] policyNodes, int inhibitAnyPolicy) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    int n = certs.size();
    // i as defined in the algorithm description
    int i = n - index;
    //
    // (d) policy Information checking against initial policy and
    // policy mapping
    //
    ASN1Sequence certPolicies = null;
    try {
        certPolicies = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.CERTIFICATE_POLICIES));
    } catch (AnnotatedException e) {
        throw new ExtCertPathValidatorException("Could not read certificate policies extension from certificate.", e, certPath, index);
    }
    if (certPolicies != null && validPolicyTree != null) {
        //
        // (d) (1)
        //
        Enumeration e = certPolicies.getObjects();
        Set pols = new HashSet();
        while (e.hasMoreElements()) {
            PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement());
            DERObjectIdentifier pOid = pInfo.getPolicyIdentifier();
            pols.add(pOid.getId());
            if (!RFC3280CertPathUtilities.ANY_POLICY.equals(pOid.getId())) {
                Set pq = null;
                try {
                    pq = CertPathValidatorUtilities.getQualifierSet(pInfo.getPolicyQualifiers());
                } catch (CertPathValidatorException ex) {
                    throw new ExtCertPathValidatorException("Policy qualifier info set could not be build.", ex, certPath, index);
                }
                boolean match = CertPathValidatorUtilities.processCertD1i(i, policyNodes, pOid, pq);
                if (!match) {
                    CertPathValidatorUtilities.processCertD1ii(i, policyNodes, pOid, pq);
                }
            }
        }
        if (acceptablePolicies.isEmpty() || acceptablePolicies.contains(RFC3280CertPathUtilities.ANY_POLICY)) {
            acceptablePolicies.clear();
            acceptablePolicies.addAll(pols);
        } else {
            Iterator it = acceptablePolicies.iterator();
            Set t1 = new HashSet();
            while (it.hasNext()) {
                Object o = it.next();
                if (pols.contains(o)) {
                    t1.add(o);
                }
            }
            acceptablePolicies.clear();
            acceptablePolicies.addAll(t1);
        }
        //
        if ((inhibitAnyPolicy > 0) || ((i < n) && CertPathValidatorUtilities.isSelfIssued(cert))) {
            e = certPolicies.getObjects();
            while (e.hasMoreElements()) {
                PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement());
                if (RFC3280CertPathUtilities.ANY_POLICY.equals(pInfo.getPolicyIdentifier().getId())) {
                    Set _apq = CertPathValidatorUtilities.getQualifierSet(pInfo.getPolicyQualifiers());
                    List _nodes = policyNodes[i - 1];
                    for (int k = 0; k < _nodes.size(); k++) {
                        PKIXPolicyNode _node = (PKIXPolicyNode) _nodes.get(k);
                        Iterator _policySetIter = _node.getExpectedPolicies().iterator();
                        while (_policySetIter.hasNext()) {
                            Object _tmp = _policySetIter.next();
                            String _policy;
                            if (_tmp instanceof String) {
                                _policy = (String) _tmp;
                            } else if (_tmp instanceof DERObjectIdentifier) {
                                _policy = ((DERObjectIdentifier) _tmp).getId();
                            } else {
                                continue;
                            }
                            boolean _found = false;
                            Iterator _childrenIter = _node.getChildren();
                            while (_childrenIter.hasNext()) {
                                PKIXPolicyNode _child = (PKIXPolicyNode) _childrenIter.next();
                                if (_policy.equals(_child.getValidPolicy())) {
                                    _found = true;
                                }
                            }
                            if (!_found) {
                                Set _newChildExpectedPolicies = new HashSet();
                                _newChildExpectedPolicies.add(_policy);
                                PKIXPolicyNode _newChild = new PKIXPolicyNode(new ArrayList(), i, _newChildExpectedPolicies, _node, _apq, _policy, false);
                                _node.addChild(_newChild);
                                policyNodes[i].add(_newChild);
                            }
                        }
                    }
                    break;
                }
            }
        }
        PKIXPolicyNode _validPolicyTree = validPolicyTree;
        //
        for (int j = (i - 1); j >= 0; j--) {
            List nodes = policyNodes[j];
            for (int k = 0; k < nodes.size(); k++) {
                PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(k);
                if (!node.hasChildren()) {
                    _validPolicyTree = CertPathValidatorUtilities.removePolicyNode(_validPolicyTree, policyNodes, node);
                    if (_validPolicyTree == null) {
                        break;
                    }
                }
            }
        }
        //
        // d (4)
        //
        Set criticalExtensionOids = cert.getCriticalExtensionOIDs();
        if (criticalExtensionOids != null) {
            boolean critical = criticalExtensionOids.contains(RFC3280CertPathUtilities.CERTIFICATE_POLICIES);
            List nodes = policyNodes[i];
            for (int j = 0; j < nodes.size(); j++) {
                PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(j);
                node.setCritical(critical);
            }
        }
        return _validPolicyTree;
    }
    return null;
}
Also used : Enumeration(java.util.Enumeration) Set(java.util.Set) HashSet(java.util.HashSet) PolicyInformation(org.bouncycastle.asn1.x509.PolicyInformation) ArrayList(java.util.ArrayList) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) X509Certificate(java.security.cert.X509Certificate) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) Iterator(java.util.Iterator) List(java.util.List) ArrayList(java.util.ArrayList) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) HashSet(java.util.HashSet)

Example 22 with Extension

use of com.github.zhenwei.core.asn1.x509.Extension in project robovm by robovm.

the class X509V2AttributeCertificate method getExtensionOIDs.

private Set getExtensionOIDs(boolean critical) {
    Extensions extensions = cert.getAcinfo().getExtensions();
    if (extensions != null) {
        Set set = new HashSet();
        Enumeration e = extensions.oids();
        while (e.hasMoreElements()) {
            ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
            Extension ext = extensions.getExtension(oid);
            if (ext.isCritical() == critical) {
                set.add(oid.getId());
            }
        }
        return set;
    }
    return null;
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) HashSet(java.util.HashSet) Set(java.util.Set) Enumeration(java.util.Enumeration) Extensions(org.bouncycastle.asn1.x509.Extensions) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) HashSet(java.util.HashSet)

Example 23 with Extension

use of com.github.zhenwei.core.asn1.x509.Extension in project robovm by robovm.

the class X509CRLObject method isRevoked.

/**
     * Checks whether the given certificate is on this CRL.
     *
     * @param cert the certificate to check for.
     * @return true if the given certificate is on this CRL,
     * false otherwise.
     */
public boolean isRevoked(Certificate cert) {
    if (!cert.getType().equals("X.509")) {
        throw new RuntimeException("X.509 CRL used with non X.509 Cert");
    }
    TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
    X500Name caName = c.getIssuer();
    if (certs != null) {
        BigInteger serial = ((X509Certificate) cert).getSerialNumber();
        for (int i = 0; i < certs.length; i++) {
            if (isIndirect && certs[i].hasExtensions()) {
                Extension currentCaName = certs[i].getExtensions().getExtension(Extension.certificateIssuer);
                if (currentCaName != null) {
                    caName = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName());
                }
            }
            if (certs[i].getUserCertificate().getValue().equals(serial)) {
                X500Name issuer;
                if (cert instanceof X509Certificate) {
                    issuer = X500Name.getInstance(((X509Certificate) cert).getIssuerX500Principal().getEncoded());
                } else {
                    try {
                        issuer = org.bouncycastle.asn1.x509.Certificate.getInstance(cert.getEncoded()).getIssuer();
                    } catch (CertificateEncodingException e) {
                        throw new RuntimeException("Cannot process certificate");
                    }
                }
                if (!caName.equals(issuer)) {
                    return false;
                }
                return true;
            }
        }
    }
    return false;
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) BigInteger(java.math.BigInteger) CertificateEncodingException(java.security.cert.CertificateEncodingException) X509CRLEntry(java.security.cert.X509CRLEntry) X500Name(org.bouncycastle.asn1.x500.X500Name) X509Certificate(java.security.cert.X509Certificate) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Example 24 with Extension

use of com.github.zhenwei.core.asn1.x509.Extension in project robovm by robovm.

the class X509CRLObject method getRevokedCertificate.

public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) {
    Enumeration certs = c.getRevokedCertificateEnumeration();
    // the issuer
    X500Name previousCertificateIssuer = null;
    while (certs.hasMoreElements()) {
        TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry) certs.nextElement();
        if (serialNumber.equals(entry.getUserCertificate().getValue())) {
            return new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer);
        }
        if (isIndirect && entry.hasExtensions()) {
            Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer);
            if (currentCaName != null) {
                previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName());
            }
        }
    }
    return null;
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) Enumeration(java.util.Enumeration) TBSCertList(org.bouncycastle.asn1.x509.TBSCertList) X500Name(org.bouncycastle.asn1.x500.X500Name) X509CRLEntry(java.security.cert.X509CRLEntry)

Example 25 with Extension

use of com.github.zhenwei.core.asn1.x509.Extension in project robovm by robovm.

the class X509CertificateObject method getNonCriticalExtensionOIDs.

public Set getNonCriticalExtensionOIDs() {
    if (this.getVersion() == 3) {
        Set set = new HashSet();
        Extensions extensions = c.getTBSCertificate().getExtensions();
        if (extensions != null) {
            Enumeration e = extensions.oids();
            while (e.hasMoreElements()) {
                ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
                Extension ext = extensions.getExtension(oid);
                if (!ext.isCritical()) {
                    set.add(oid.getId());
                }
            }
            return set;
        }
    }
    return null;
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) VerisignCzagExtension(org.bouncycastle.asn1.misc.VerisignCzagExtension) Set(java.util.Set) HashSet(java.util.HashSet) Enumeration(java.util.Enumeration) Extensions(org.bouncycastle.asn1.x509.Extensions) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) HashSet(java.util.HashSet)

Aggregations

IOException (java.io.IOException)125 Extension (org.bouncycastle.asn1.x509.Extension)123 X509Certificate (java.security.cert.X509Certificate)78 ArrayList (java.util.ArrayList)75 Enumeration (java.util.Enumeration)73 Extensions (org.bouncycastle.asn1.x509.Extensions)64 CertPathValidatorException (java.security.cert.CertPathValidatorException)60 BigInteger (java.math.BigInteger)56 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)56 List (java.util.List)55 HashSet (java.util.HashSet)54 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)54 DEROctetString (org.bouncycastle.asn1.DEROctetString)54 GeneralSecurityException (java.security.GeneralSecurityException)51 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)50 CertificateExpiredException (java.security.cert.CertificateExpiredException)47 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)47 CertPathBuilderException (java.security.cert.CertPathBuilderException)45 Set (java.util.Set)44 GeneralName (org.bouncycastle.asn1.x509.GeneralName)40
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial