Search in sources :

Example 66 with Extensions

use of com.github.zhenwei.core.asn1.x509.Extensions in project BiglyBT by BiglySoftware.

the class X509CertificateObject method getNonCriticalExtensionOIDs.

@Override
public Set getNonCriticalExtensionOIDs() {
    if (this.getVersion() == 3) {
        HashSet set = new HashSet();
        X509Extensions extensions = c.getTBSCertificate().getExtensions();
        if (extensions != null) {
            Enumeration e = extensions.oids();
            while (e.hasMoreElements()) {
                DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
                X509Extension ext = extensions.getExtension(oid);
                if (!ext.isCritical()) {
                    set.add(oid.getId());
                }
            }
            return set;
        }
    }
    return null;
}
Also used : X509Extension(org.gudy.bouncycastle.asn1.x509.X509Extension)

Example 67 with Extensions

use of com.github.zhenwei.core.asn1.x509.Extensions in project BiglyBT by BiglySoftware.

the class X509V2AttributeCertificate method getExtensionValue.

@Override
public byte[] getExtensionValue(String oid) {
    X509Extensions extensions = cert.getAcinfo().getExtensions();
    if (extensions != null) {
        X509Extension ext = extensions.getExtension(new DERObjectIdentifier(oid));
        if (ext != null) {
            ByteArrayOutputStream bOut = new ByteArrayOutputStream();
            DEROutputStream dOut = new DEROutputStream(bOut);
            try {
                dOut.writeObject(ext.getValue());
                return bOut.toByteArray();
            } catch (Exception e) {
                throw new RuntimeException("error encoding " + e.toString());
            }
        }
    }
    return null;
}
Also used : X509Extension(org.gudy.bouncycastle.asn1.x509.X509Extension) X509Extensions(org.gudy.bouncycastle.asn1.x509.X509Extensions) ByteArrayOutputStream(java.io.ByteArrayOutputStream) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) CertificateExpiredException(java.security.cert.CertificateExpiredException) ParseException(java.text.ParseException)

Example 68 with Extensions

use of com.github.zhenwei.core.asn1.x509.Extensions in project jmulticard by ctt-gob-es.

the class X509CRLHolder method init.

private void init(CertificateList x509CRL) {
    this.x509CRL = x509CRL;
    this.extensions = x509CRL.getTBSCertList().getExtensions();
    this.isIndirect = isIndirectCRL(extensions);
    this.issuerName = new GeneralNames(new GeneralName(x509CRL.getIssuer()));
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) GeneralName(org.bouncycastle.asn1.x509.GeneralName)

Example 69 with Extensions

use of com.github.zhenwei.core.asn1.x509.Extensions in project jmulticard by ctt-gob-es.

the class CertUtils method doReplaceExtension.

static ExtensionsGenerator doReplaceExtension(ExtensionsGenerator extGenerator, Extension ext) {
    boolean isReplaced = false;
    Extensions exts = extGenerator.generate();
    extGenerator = new ExtensionsGenerator();
    for (Enumeration en = exts.oids(); en.hasMoreElements(); ) {
        ASN1ObjectIdentifier extOid = (ASN1ObjectIdentifier) en.nextElement();
        if (extOid.equals(ext.getExtnId())) {
            isReplaced = true;
            extGenerator.addExtension(ext);
        } else {
            extGenerator.addExtension(exts.getExtension(extOid));
        }
    }
    if (!isReplaced) {
        throw new IllegalArgumentException("replace - original extension (OID = " + ext.getExtnId() + ") not found");
    }
    return extGenerator;
}
Also used : Enumeration(java.util.Enumeration) Extensions(org.bouncycastle.asn1.x509.Extensions) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)

Example 70 with Extensions

use of com.github.zhenwei.core.asn1.x509.Extensions in project keycloak by keycloak.

the class CertificateValidator method validatePolicy.

private static void validatePolicy(X509Certificate[] certs, List<String> expectedPolicies, String policyCheckMode) throws GeneralSecurityException {
    if (expectedPolicies == null || expectedPolicies.size() == 0) {
        logger.debug("Certificate Policy validation is not enabled.");
        return;
    }
    Extensions certExtensions = new JcaX509CertificateHolder(certs[0]).getExtensions();
    if (certExtensions == null)
        throw new GeneralSecurityException("Certificate Policy validation was expected, but no certificate extensions were found");
    CertificatePolicies policies = CertificatePolicies.fromExtensions(certExtensions);
    if (policies == null)
        throw new GeneralSecurityException("Certificate Policy validation was expected, but no certificate policy extensions were found");
    List<String> policyList = new LinkedList<>();
    Arrays.stream(policies.getPolicyInformation()).forEach(p -> policyList.add(p.getPolicyIdentifier().toString().toLowerCase()));
    logger.debugf("Certificate policies found: %s", String.join(",", policyList));
    if (policyCheckMode == CERTIFICATE_POLICY_MODE_ANY) {
        boolean hasMatch = expectedPolicies.stream().anyMatch(p -> policyList.contains(p.toLowerCase()));
        if (!hasMatch) {
            String message = String.format("Certificate Policy check failed: mode = ANY, found = \'%s\', expected = \'%s\'.", String.join(",", policyList), String.join(",", expectedPolicies));
            throw new GeneralSecurityException(message);
        }
    } else {
        for (String policy : expectedPolicies) {
            if (!policyList.contains(policy.toLowerCase())) {
                String message = String.format("Certificate Policy check failed: mode = ALL, certificate policy \'%s\' is missing.", policy);
                throw new GeneralSecurityException(message);
            }
        }
    }
}
Also used : CertificatePolicies(org.bouncycastle.asn1.x509.CertificatePolicies) GeneralSecurityException(java.security.GeneralSecurityException) Extensions(org.bouncycastle.asn1.x509.Extensions) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) LinkedList(java.util.LinkedList)

Aggregations

Extensions (org.bouncycastle.asn1.x509.Extensions)113 Extension (org.bouncycastle.asn1.x509.Extension)89 IOException (java.io.IOException)72 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)67 Enumeration (java.util.Enumeration)57 HashSet (java.util.HashSet)49 DEROctetString (org.bouncycastle.asn1.DEROctetString)49 X500Name (org.bouncycastle.asn1.x500.X500Name)46 BigInteger (java.math.BigInteger)45 Set (java.util.Set)36 X509Certificate (java.security.cert.X509Certificate)35 Date (java.util.Date)35 GeneralName (org.bouncycastle.asn1.x509.GeneralName)35 ContentSigner (org.bouncycastle.operator.ContentSigner)32 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)29 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)28 ArrayList (java.util.ArrayList)28 CertificateException (java.security.cert.CertificateException)27 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)27 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)27