Examples with Extensions com.github.zhenwei.core.asn1.x509.Extensions used on opensource projects

Example 11 with Extensions

use of com.github.zhenwei.core.asn1.x509.Extensions in project attestation by TokenScript.

the class Attestor method constructAttestations.

/**
 * Constructs a list of X509 attestations to each of the relevant DatasourceName lists of elements
 * in the response json.
 *
 * @param request Json request in a Sring - verification request that was sent to Trulioo Global Gateway†
 * @param verifyRecord Json object of the Record in verifyResponse, from Trulioo Global Gateway‡
 * @param signature DER encoded signature of exactly the json request string encoded as UTF-8 using a Secp256k1 key with Keccak
 * @param userPK user's public key (SubjectPublicKeyInfo object)
 * @return List of DER encoded x509 attestations
 *
 * † An example can be found https://developer.trulioo.com/docs/identity-verification-step-6-verify
 * ‡ Observe the "Record" in https://developer.trulioo.com/docs/identity-verification-verify-response
 */
public List<X509CertificateHolder> constructAttestations(String request, JSONObject verifyRecord, byte[] signature, AsymmetricKeyParameter userPK) {
    if (!SignatureUtil.verifySha256(request.getBytes(StandardCharsets.UTF_8), signature, userPK)) {
        throw ExceptionUtil.throwException(logger, new IllegalArgumentException("Request signature verification failed. " + "Make sure that your message is unaltered, signature is created by hashing the message with SHA256" + "and using a key of secp256k1 type."));
    }
    List<X509CertificateHolder> res = new ArrayList<>();
    Parser parser = new Parser(new JSONObject(request), verifyRecord);
    Map<String, X500Name> subjectNames = parser.getX500Names();
    Map<String, Extensions> subjectExtensions = parser.getExtensions();
    for (String currentAttName : subjectNames.keySet()) {
        try {
            long time = System.currentTimeMillis();
            V3TBSCertificateGenerator certBuilder = new V3TBSCertificateGenerator();
            certBuilder.setSignature(serverSigningAlgo);
            certBuilder.setIssuer(serverInfo);
            certBuilder.setSerialNumber(new ASN1Integer(time));
            certBuilder.setStartDate(new Time(new Date(time)));
            certBuilder.setEndDate(new Time(new Date(time + lifeTime)));
            SubjectPublicKeyInfo spki = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(userPK);
            // // todo hack to create a valid spki without ECNamedParameters
            // spki = new SubjectPublicKeyInfo(new AlgorithmIdentifier(new ASN1ObjectIdentifier(OID_ECDSA)),
            // spki.getPublicKeyData());
            certBuilder.setSubjectPublicKeyInfo(spki);
            certBuilder.setSubject(subjectNames.get(currentAttName));
            certBuilder.setExtensions(subjectExtensions.get(currentAttName));
            TBSCertificate tbsCert = certBuilder.generateTBSCertificate();
            res.add(new X509CertificateHolder(constructSignedAttestation(tbsCert)));
            // To ensure that we get a new serial number for every cert
            Thread.sleep(1);
        } catch (IOException e) {
            throw ExceptionUtil.makeRuntimeException(logger, "Could not parse server key", e);
        } catch (InterruptedException e) {
            throw ExceptionUtil.makeRuntimeException(logger, "Could not sleep", e);
        }
    }
    return res;
}

Example 12 with Extensions

use of com.github.zhenwei.core.asn1.x509.Extensions in project attestation by TokenScript.

the class Parser method getExtensions.

public Map<String, Extensions> getExtensions() {
    Map<String, Extensions> res = new HashMap<>();
    for (String currentDatasourceName : matching.keySet()) {
        List<Extension> extensionList = new ArrayList<>();
        Map<String, String> currentMap = matching.get(currentDatasourceName);
        currentMap.putAll(global);
        for (String oid : currentMap.keySet()) {
            if (!X500_OIDS.contains(oid)) {
                Extension extension = new Extension(new ASN1ObjectIdentifier(oid), true, new DEROctetString(currentMap.get(oid).getBytes(StandardCharsets.UTF_8)));
                extensionList.add(extension);
            }
        }
        res.put(currentDatasourceName, new Extensions(extensionList.toArray(new Extension[0])));
    }
    return res;
}

Example 13 with Extensions

use of com.github.zhenwei.core.asn1.x509.Extensions in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class X509ProxyCertPathValidator method checkProxyConstraints.

@SuppressWarnings("unused")
protected void checkProxyConstraints(TBSCertificateStructure proxy, TBSCertificateStructure issuer, X509Certificate checkedProxy) throws CertPathValidatorException, IOException {
    X509Extensions extensions;
    ASN1ObjectIdentifier oid;
    X509Extension proxyExtension;
    X509Extension proxyKeyUsage = null;
    extensions = proxy.getExtensions();
    if (extensions != null) {
        Enumeration e = extensions.oids();
        while (e.hasMoreElements()) {
            oid = (ASN1ObjectIdentifier) e.nextElement();
            proxyExtension = extensions.getExtension(oid);
            if (oid.equals(X509Extension.subjectAlternativeName) || oid.equals(X509Extension.issuerAlternativeName)) {
                // No Alt name extensions - 3.2 & 3.5
                throw new CertPathValidatorException("Proxy violation: no Subject or Issuer Alternative Name");
            } else if (oid.equals(X509Extension.basicConstraints)) {
                // Basic Constraint must not be true - 3.8
                BasicConstraints basicExt = CertificateUtil.getBasicConstraints(proxyExtension);
                if (basicExt.isCA()) {
                    throw new CertPathValidatorException("Proxy violation: Basic Constraint CA is set to true");
                }
            } else if (oid.equals(X509Extension.keyUsage)) {
                proxyKeyUsage = proxyExtension;
            }
        }
    }
    extensions = issuer.getExtensions();
    if (extensions != null) {
        Enumeration e = extensions.oids();
        while (e.hasMoreElements()) {
            oid = (ASN1ObjectIdentifier) e.nextElement();
            proxyExtension = extensions.getExtension(oid);
            checkExtension(oid, proxyExtension, proxyKeyUsage);
        }
    }
}

Example 14 with Extensions

use of com.github.zhenwei.core.asn1.x509.Extensions in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class ProxyCertificateUtil method getProxyCertInfo.

public static ProxyCertInfo getProxyCertInfo(TBSCertificateStructure crt) throws IOException {
    X509Extensions extensions = crt.getExtensions();
    if (extensions == null) {
        return null;
    }
    X509Extension ext = extensions.getExtension(ProxyCertInfo.OID);
    if (ext == null) {
        ext = extensions.getExtension(ProxyCertInfo.OLD_OID);
    }
    return (ext != null) ? getProxyCertInfo(ext) : null;
}

Example 15 with Extensions

use of com.github.zhenwei.core.asn1.x509.Extensions in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class BouncyCastleUtil method getProxyCertInfo.

public static ProxyCertInfo getProxyCertInfo(TBSCertificateStructure crt) throws IOException {
    X509Extensions extensions = crt.getExtensions();
    if (extensions == null) {
        return null;
    }
    X509Extension ext = extensions.getExtension(ProxyCertInfo.OID);
    if (ext == null) {
        ext = extensions.getExtension(ProxyCertInfo.OLD_OID);
    }
    return (ext != null) ? BouncyCastleUtil.getProxyCertInfo(ext) : null;
}