Example 96 with Extensions
use of com.github.zhenwei.core.asn1.x509.Extensions in project LinLong-Java by zhenwei1108.
the class CertUtils method doReplaceExtension.
static ExtensionsGenerator doReplaceExtension(ExtensionsGenerator extGenerator, Extension ext) {
boolean isReplaced = false;
Extensions exts = extGenerator.generate();
extGenerator = new ExtensionsGenerator();
for (Enumeration en = exts.oids(); en.hasMoreElements(); ) {
ASN1ObjectIdentifier extOid = (ASN1ObjectIdentifier) en.nextElement();
if (extOid.equals(ext.getExtnId())) {
isReplaced = true;
extGenerator.addExtension(ext);
} else {
extGenerator.addExtension(exts.getExtension(extOid));
}
}
if (!isReplaced) {
throw new IllegalArgumentException("replace - original extension (OID = " + ext.getExtnId() + ") not found");
}
return extGenerator;
}
Also used :
Enumeration(java.util.Enumeration)
Extensions(com.github.zhenwei.core.asn1.x509.Extensions)
ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)
ExtensionsGenerator(com.github.zhenwei.core.asn1.x509.ExtensionsGenerator)
Example 97 with Extensions
use of com.github.zhenwei.core.asn1.x509.Extensions in project LinLong-Java by zhenwei1108.
the class X509CRLHolder method init.
private void init(CertificateList x509CRL) {
this.x509CRL = x509CRL;
this.extensions = x509CRL.getTBSCertList().getExtensions();
this.isIndirect = isIndirectCRL(extensions);
this.issuerName = new GeneralNames(new GeneralName(x509CRL.getIssuer()));
}
Also used :
GeneralNames(com.github.zhenwei.core.asn1.x509.GeneralNames)
GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName)
Example 98 with Extensions
use of com.github.zhenwei.core.asn1.x509.Extensions in project LinLong-Java by zhenwei1108.
the class RevDetails method toASN1Primitive.
/**
* <pre>
* RevDetails ::= SEQUENCE {
* certDetails CertTemplate,
* -- allows requester to specify as much as they can about
* -- the cert. for which revocation is requested
* -- (e.g., for cases in which serialNumber is not available)
* crlEntryDetails Extensions OPTIONAL
* -- requested crlEntryExtensions
* }
* </pre>
*
* @return a basic ASN.1 object representation.
*/
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector(2);
v.add(certDetails);
if (crlEntryDetails != null) {
v.add(crlEntryDetails);
}
return new DERSequence(v);
}
Also used :
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
Example 99 with Extensions
use of com.github.zhenwei.core.asn1.x509.Extensions in project LinLong-Java by zhenwei1108.
the class DVCSRequestInformation method toASN1Primitive.
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector(9);
if (version != DEFAULT_VERSION) {
v.add(new ASN1Integer(version));
}
v.add(service);
if (nonce != null) {
v.add(new ASN1Integer(nonce));
}
if (requestTime != null) {
v.add(requestTime);
}
int[] tags = new int[] { TAG_REQUESTER, TAG_REQUEST_POLICY, TAG_DVCS, TAG_DATA_LOCATIONS, TAG_EXTENSIONS };
ASN1Encodable[] taggedObjects = new ASN1Encodable[] { requester, requestPolicy, dvcs, dataLocations, extensions };
for (int i = 0; i < tags.length; i++) {
int tag = tags[i];
ASN1Encodable taggedObject = taggedObjects[i];
if (taggedObject != null) {
v.add(new DERTaggedObject(false, tag, taggedObject));
}
}
return new DERSequence(v);
}
Also used :
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
DERTaggedObject(com.github.zhenwei.core.asn1.DERTaggedObject)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
ASN1Integer(com.github.zhenwei.core.asn1.ASN1Integer)
ASN1Encodable(com.github.zhenwei.core.asn1.ASN1Encodable)
Example 100 with Extensions
use of com.github.zhenwei.core.asn1.x509.Extensions in project LinLong-Java by zhenwei1108.
the class ProvOcspRevocationChecker method validatedOcspResponse.
static boolean validatedOcspResponse(BasicOCSPResponse basicResp, PKIXCertRevocationCheckerParameters parameters, byte[] nonce, X509Certificate responderCert, JcaJceHelper helper) throws CertPathValidatorException {
try {
ASN1Sequence certs = basicResp.getCerts();
Signature sig = helper.createSignature(getSignatureName(basicResp.getSignatureAlgorithm()));
X509Certificate sigCert = getSignerCert(basicResp, parameters.getSigningCert(), responderCert, helper);
if (sigCert == null && certs == null) {
throw new CertPathValidatorException("OCSP responder certificate not found");
}
if (sigCert != null) {
sig.initVerify(sigCert.getPublicKey());
} else {
CertificateFactory cf = helper.createCertificateFactory("X.509");
X509Certificate ocspCert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(certs.getObjectAt(0).toASN1Primitive().getEncoded()));
// check cert signed by CA
ocspCert.verify(parameters.getSigningCert().getPublicKey());
// check cert valid
ocspCert.checkValidity(parameters.getValidDate());
// check ID
if (!responderMatches(basicResp.getTbsResponseData().getResponderID(), ocspCert, helper)) {
throw new CertPathValidatorException("responder certificate does not match responderID", null, parameters.getCertPath(), parameters.getIndex());
}
// TODO: RFC 6960 allows for a "no check" extension - where present it means the CA says the cert
// will remain valid for it's lifetime. If any caching is added here that should be taken into account.
// check we are valid
List extendedKeyUsage = ocspCert.getExtendedKeyUsage();
if (extendedKeyUsage == null || !extendedKeyUsage.contains(KeyPurposeId.id_kp_OCSPSigning.getId())) {
throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, parameters.getCertPath(), parameters.getIndex());
}
sig.initVerify(ocspCert);
}
sig.update(basicResp.getTbsResponseData().getEncoded(ASN1Encoding.DER));
if (sig.verify(basicResp.getSignature().getBytes())) {
if (nonce != null) {
Extensions exts = basicResp.getTbsResponseData().getResponseExtensions();
com.github.zhenwei.core.asn1.x509.Extension ext = exts.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
if (!Arrays.areEqual(nonce, ext.getExtnValue().getOctets())) {
throw new CertPathValidatorException("nonce mismatch in OCSP response", null, parameters.getCertPath(), parameters.getIndex());
}
}
return true;
}
return false;
} catch (CertPathValidatorException e) {
throw e;
} catch (GeneralSecurityException e) {
throw new CertPathValidatorException("OCSP response failure: " + e.getMessage(), e, parameters.getCertPath(), parameters.getIndex());
} catch (IOException e) {
throw new CertPathValidatorException("OCSP response failure: " + e.getMessage(), e, parameters.getCertPath(), parameters.getIndex());
}
}
Also used :
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
Extensions(com.github.zhenwei.core.asn1.x509.Extensions)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)
ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Signature(java.security.Signature)
List(java.util.List)
Aggregations
Extensions (org.bouncycastle.asn1.x509.Extensions)113
Extension (org.bouncycastle.asn1.x509.Extension)89
IOException (java.io.IOException)72
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)67
Enumeration (java.util.Enumeration)57
HashSet (java.util.HashSet)49
DEROctetString (org.bouncycastle.asn1.DEROctetString)49
X500Name (org.bouncycastle.asn1.x500.X500Name)46
BigInteger (java.math.BigInteger)45
Set (java.util.Set)36
X509Certificate (java.security.cert.X509Certificate)35
Date (java.util.Date)35
GeneralName (org.bouncycastle.asn1.x509.GeneralName)35
ContentSigner (org.bouncycastle.operator.ContentSigner)32
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)29
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)28
ArrayList (java.util.ArrayList)28
CertificateException (java.security.cert.CertificateException)27
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)27
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)27
