Example 6 with MonetaryValue
use of com.github.zhenwei.core.asn1.x509.qualified.MonetaryValue in project xipki by xipki.
the class EnrollCertAction method execute0.
@Override
protected Object execute0() throws Exception {
if (caName != null) {
caName = caName.toLowerCase();
}
CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
ConcurrentContentSigner signer = getSigner(new SignatureAlgoControl(rsaMgf1, dsaPlain, gm));
X509CertificateHolder ssCert = signer.getBcCertificate();
X500Name x500Subject = new X500Name(subject);
certTemplateBuilder.setSubject(x500Subject);
certTemplateBuilder.setPublicKey(ssCert.getSubjectPublicKeyInfo());
if (StringUtil.isNotBlank(notBeforeS) || StringUtil.isNotBlank(notAfterS)) {
Time notBefore = StringUtil.isNotBlank(notBeforeS) ? new Time(DateUtil.parseUtcTimeyyyyMMddhhmmss(notBeforeS)) : null;
Time notAfter = StringUtil.isNotBlank(notAfterS) ? new Time(DateUtil.parseUtcTimeyyyyMMddhhmmss(notAfterS)) : null;
OptionalValidity validity = new OptionalValidity(notBefore, notAfter);
certTemplateBuilder.setValidity(validity);
}
if (needExtensionTypes == null) {
needExtensionTypes = new LinkedList<>();
}
// SubjectAltNames
List<Extension> extensions = new LinkedList<>();
if (isNotEmpty(subjectAltNames)) {
extensions.add(X509Util.createExtnSubjectAltName(subjectAltNames, false));
needExtensionTypes.add(Extension.subjectAlternativeName.getId());
}
// SubjectInfoAccess
if (isNotEmpty(subjectInfoAccesses)) {
extensions.add(X509Util.createExtnSubjectInfoAccess(subjectInfoAccesses, false));
needExtensionTypes.add(Extension.subjectInfoAccess.getId());
}
// Keyusage
if (isNotEmpty(keyusages)) {
Set<KeyUsage> usages = new HashSet<>();
for (String usage : keyusages) {
usages.add(KeyUsage.getKeyUsage(usage));
}
org.bouncycastle.asn1.x509.KeyUsage extValue = X509Util.createKeyUsage(usages);
ASN1ObjectIdentifier extType = Extension.keyUsage;
extensions.add(new Extension(extType, false, extValue.getEncoded()));
needExtensionTypes.add(extType.getId());
}
// ExtendedKeyusage
if (isNotEmpty(extkeyusages)) {
ExtendedKeyUsage extValue = X509Util.createExtendedUsage(textToAsn1ObjectIdentifers(extkeyusages));
ASN1ObjectIdentifier extType = Extension.extendedKeyUsage;
extensions.add(new Extension(extType, false, extValue.getEncoded()));
needExtensionTypes.add(extType.getId());
}
// QcEuLimitValue
if (isNotEmpty(qcEuLimits)) {
ASN1EncodableVector vec = new ASN1EncodableVector();
for (String m : qcEuLimits) {
StringTokenizer st = new StringTokenizer(m, ":");
try {
String currencyS = st.nextToken();
String amountS = st.nextToken();
String exponentS = st.nextToken();
Iso4217CurrencyCode currency;
try {
int intValue = Integer.parseInt(currencyS);
currency = new Iso4217CurrencyCode(intValue);
} catch (NumberFormatException ex) {
currency = new Iso4217CurrencyCode(currencyS);
}
int amount = Integer.parseInt(amountS);
int exponent = Integer.parseInt(exponentS);
MonetaryValue monterayValue = new MonetaryValue(currency, amount, exponent);
QCStatement statment = new QCStatement(ObjectIdentifiers.id_etsi_qcs_QcLimitValue, monterayValue);
vec.add(statment);
} catch (Exception ex) {
throw new Exception("invalid qc-eu-limit '" + m + "'");
}
}
ASN1ObjectIdentifier extType = Extension.qCStatements;
ASN1Sequence extValue = new DERSequence(vec);
extensions.add(new Extension(extType, false, extValue.getEncoded()));
needExtensionTypes.add(extType.getId());
}
// biometricInfo
if (biometricType != null && biometricHashAlgo != null && biometricFile != null) {
TypeOfBiometricData objBiometricType = StringUtil.isNumber(biometricType) ? new TypeOfBiometricData(Integer.parseInt(biometricType)) : new TypeOfBiometricData(new ASN1ObjectIdentifier(biometricType));
ASN1ObjectIdentifier objBiometricHashAlgo = AlgorithmUtil.getHashAlg(biometricHashAlgo);
byte[] biometricBytes = IoUtil.read(biometricFile);
MessageDigest md = MessageDigest.getInstance(objBiometricHashAlgo.getId());
md.reset();
byte[] biometricDataHash = md.digest(biometricBytes);
DERIA5String sourceDataUri = null;
if (biometricUri != null) {
sourceDataUri = new DERIA5String(biometricUri);
}
BiometricData biometricData = new BiometricData(objBiometricType, new AlgorithmIdentifier(objBiometricHashAlgo), new DEROctetString(biometricDataHash), sourceDataUri);
ASN1EncodableVector vec = new ASN1EncodableVector();
vec.add(biometricData);
ASN1ObjectIdentifier extType = Extension.biometricInfo;
ASN1Sequence extValue = new DERSequence(vec);
extensions.add(new Extension(extType, false, extValue.getEncoded()));
needExtensionTypes.add(extType.getId());
} else if (biometricType == null && biometricHashAlgo == null && biometricFile == null) {
// Do nothing
} else {
throw new Exception("either all of biometric triples (type, hash algo, file)" + " must be set or none of them should be set");
}
if (isNotEmpty(needExtensionTypes) || isNotEmpty(wantExtensionTypes)) {
ExtensionExistence ee = new ExtensionExistence(textToAsn1ObjectIdentifers(needExtensionTypes), textToAsn1ObjectIdentifers(wantExtensionTypes));
extensions.add(new Extension(ObjectIdentifiers.id_xipki_ext_cmpRequestExtensions, false, ee.toASN1Primitive().getEncoded()));
}
if (isNotEmpty(extensions)) {
Extensions asn1Extensions = new Extensions(extensions.toArray(new Extension[0]));
certTemplateBuilder.setExtensions(asn1Extensions);
}
CertRequest certReq = new CertRequest(1, certTemplateBuilder.build(), null);
ProofOfPossessionSigningKeyBuilder popoBuilder = new ProofOfPossessionSigningKeyBuilder(certReq);
ConcurrentBagEntrySigner signer0 = signer.borrowSigner();
POPOSigningKey popoSk;
try {
popoSk = popoBuilder.build(signer0.value());
} finally {
signer.requiteSigner(signer0);
}
ProofOfPossession popo = new ProofOfPossession(popoSk);
EnrollCertRequestEntry reqEntry = new EnrollCertRequestEntry("id-1", profile, certReq, popo);
EnrollCertRequest request = new EnrollCertRequest(EnrollCertRequest.Type.CERT_REQ);
request.addRequestEntry(reqEntry);
RequestResponseDebug debug = getRequestResponseDebug();
EnrollCertResult result;
try {
result = caClient.requestCerts(caName, request, debug);
} finally {
saveRequestResponse(debug);
}
X509Certificate cert = null;
if (result != null) {
String id = result.getAllIds().iterator().next();
CertOrError certOrError = result.getCertOrError(id);
cert = (X509Certificate) certOrError.getCertificate();
}
if (cert == null) {
throw new CmdFailure("no certificate received from the server");
}
File certFile = new File(outputFile);
saveVerbose("saved certificate to file", certFile, cert.getEncoded());
return null;
}
Also used :
TypeOfBiometricData(org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData)
BiometricData(org.bouncycastle.asn1.x509.qualified.BiometricData)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
KeyUsage(org.xipki.security.KeyUsage)
X500Name(org.bouncycastle.asn1.x500.X500Name)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DERSequence(org.bouncycastle.asn1.DERSequence)
EnrollCertRequestEntry(org.xipki.ca.client.api.dto.EnrollCertRequestEntry)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
MessageDigest(java.security.MessageDigest)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
TypeOfBiometricData(org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData)
HashSet(java.util.HashSet)
RequestResponseDebug(org.xipki.common.RequestResponseDebug)
ProofOfPossession(org.bouncycastle.asn1.crmf.ProofOfPossession)
LinkedList(java.util.LinkedList)
X509Certificate(java.security.cert.X509Certificate)
OptionalValidity(org.bouncycastle.asn1.crmf.OptionalValidity)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ProofOfPossessionSigningKeyBuilder(org.bouncycastle.cert.crmf.ProofOfPossessionSigningKeyBuilder)
File(java.io.File)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
QCStatement(org.bouncycastle.asn1.x509.qualified.QCStatement)
EnrollCertRequest(org.xipki.ca.client.api.dto.EnrollCertRequest)
Time(org.bouncycastle.asn1.x509.Time)
Extensions(org.bouncycastle.asn1.x509.Extensions)
Iso4217CurrencyCode(org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder)
CmdFailure(org.xipki.console.karaf.CmdFailure)
EnrollCertResult(org.xipki.ca.client.api.EnrollCertResult)
POPOSigningKey(org.bouncycastle.asn1.crmf.POPOSigningKey)
MonetaryValue(org.bouncycastle.asn1.x509.qualified.MonetaryValue)
ConcurrentBagEntrySigner(org.xipki.security.ConcurrentBagEntrySigner)
CertOrError(org.xipki.ca.client.api.CertOrError)
ObjectCreationException(org.xipki.common.ObjectCreationException)
InvalidOidOrNameException(org.xipki.security.exception.InvalidOidOrNameException)
Extension(org.bouncycastle.asn1.x509.Extension)
StringTokenizer(java.util.StringTokenizer)
ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner)
ExtensionExistence(org.xipki.security.ExtensionExistence)
EnrollCertRequest(org.xipki.ca.client.api.dto.EnrollCertRequest)
CertRequest(org.bouncycastle.asn1.crmf.CertRequest)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
SignatureAlgoControl(org.xipki.security.SignatureAlgoControl)
Example 7 with MonetaryValue
use of com.github.zhenwei.core.asn1.x509.qualified.MonetaryValue in project xipki by xipki.
the class ExtensionsChecker method checkExtensionQcStatements.
// method checkExtensionPrivateKeyUsagePeriod
private void checkExtensionQcStatements(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) {
QcStatements conf = qcStatements;
if (conf == null) {
byte[] expected = getExpectedExtValue(Extension.qCStatements, requestedExtensions, extControl);
if (!Arrays.equals(expected, extensionValue)) {
addViolation(failureMsg, "extension values", extensionValue, (expected == null) ? "not present" : hex(expected));
}
return;
}
final int expSize = conf.getQcStatement().size();
ASN1Sequence extValue = ASN1Sequence.getInstance(extensionValue);
final int isSize = extValue.size();
if (isSize != expSize) {
addViolation(failureMsg, "number of statements", isSize, expSize);
return;
}
// extract the euLimit and pdsLocations data from request
Map<String, int[]> reqQcEuLimits = new HashMap<>();
Extension reqExtension = (requestedExtensions == null) ? null : requestedExtensions.getExtension(Extension.qCStatements);
if (reqExtension != null) {
ASN1Sequence seq = ASN1Sequence.getInstance(reqExtension.getParsedValue());
final int n = seq.size();
for (int j = 0; j < n; j++) {
QCStatement stmt = QCStatement.getInstance(seq.getObjectAt(j));
if (ObjectIdentifiers.id_etsi_qcs_QcLimitValue.equals(stmt.getStatementId())) {
MonetaryValue monetaryValue = MonetaryValue.getInstance(stmt.getStatementInfo());
int amount = monetaryValue.getAmount().intValue();
int exponent = monetaryValue.getExponent().intValue();
Iso4217CurrencyCode currency = monetaryValue.getCurrency();
String currencyS = currency.isAlphabetic() ? currency.getAlphabetic().toUpperCase() : Integer.toString(currency.getNumeric());
reqQcEuLimits.put(currencyS, new int[] { amount, exponent });
}
}
}
for (int i = 0; i < expSize; i++) {
QCStatement is = QCStatement.getInstance(extValue.getObjectAt(i));
QcStatementType exp = conf.getQcStatement().get(i);
if (!is.getStatementId().getId().equals(exp.getStatementId().getValue())) {
addViolation(failureMsg, "statmentId[" + i + "]", is.getStatementId().getId(), exp.getStatementId().getValue());
continue;
}
if (exp.getStatementValue() == null) {
if (is.getStatementInfo() != null) {
addViolation(failureMsg, "statmentInfo[" + i + "]", "present", "absent");
}
continue;
}
if (is.getStatementInfo() == null) {
addViolation(failureMsg, "statmentInfo[" + i + "]", "absent", "present");
continue;
}
QcStatementValueType expStatementValue = exp.getStatementValue();
try {
if (expStatementValue.getConstant() != null) {
byte[] expValue = expStatementValue.getConstant().getValue();
byte[] isValue = is.getStatementInfo().toASN1Primitive().getEncoded();
if (!Arrays.equals(isValue, expValue)) {
addViolation(failureMsg, "statementInfo[" + i + "]", hex(isValue), hex(expValue));
}
} else if (expStatementValue.getQcRetentionPeriod() != null) {
String isValue = ASN1Integer.getInstance(is.getStatementInfo()).toString();
String expValue = expStatementValue.getQcRetentionPeriod().toString();
if (!isValue.equals(expValue)) {
addViolation(failureMsg, "statementInfo[" + i + "]", isValue, expValue);
}
} else if (expStatementValue.getPdsLocations() != null) {
Set<String> pdsLocations = new HashSet<>();
ASN1Sequence pdsLocsSeq = ASN1Sequence.getInstance(is.getStatementInfo());
int size = pdsLocsSeq.size();
for (int k = 0; k < size; k++) {
ASN1Sequence pdsLocSeq = ASN1Sequence.getInstance(pdsLocsSeq.getObjectAt(k));
int size2 = pdsLocSeq.size();
if (size2 != 2) {
throw new IllegalArgumentException("sequence size is " + size2 + " but expected 2");
}
String url = DERIA5String.getInstance(pdsLocSeq.getObjectAt(0)).getString();
String lang = DERPrintableString.getInstance(pdsLocSeq.getObjectAt(1)).getString();
pdsLocations.add("url=" + url + ",lang=" + lang);
}
PdsLocationsType pdsLocationsConf = expStatementValue.getPdsLocations();
Set<String> expectedPdsLocations = new HashSet<>();
for (PdsLocationType m : pdsLocationsConf.getPdsLocation()) {
expectedPdsLocations.add("url=" + m.getUrl() + ",lang=" + m.getLanguage());
}
Set<String> diffs = strInBnotInA(expectedPdsLocations, pdsLocations);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("statementInfo[").append(i).append("]: ").append(diffs).append(" are present but not expected; ");
}
diffs = strInBnotInA(pdsLocations, expectedPdsLocations);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("statementInfo[").append(i).append("]: ").append(diffs).append(" are absent but are required; ");
}
} else if (expStatementValue.getQcEuLimitValue() != null) {
QcEuLimitValueType euLimitConf = expStatementValue.getQcEuLimitValue();
String expCurrency = euLimitConf.getCurrency().toUpperCase();
int[] expAmountExp = reqQcEuLimits.get(expCurrency);
Range2Type range = euLimitConf.getAmount();
int value;
if (range.getMin() == range.getMax()) {
value = range.getMin();
} else if (expAmountExp != null) {
value = expAmountExp[0];
} else {
failureMsg.append("found no QcEuLimit for currency '").append(expCurrency).append("'; ");
return;
}
// CHECKSTYLE:SKIP
String expAmount = Integer.toString(value);
range = euLimitConf.getExponent();
if (range.getMin() == range.getMax()) {
value = range.getMin();
} else if (expAmountExp != null) {
value = expAmountExp[1];
} else {
failureMsg.append("found no QcEuLimit for currency '").append(expCurrency).append("'; ");
return;
}
String expExponent = Integer.toString(value);
MonetaryValue monterayValue = MonetaryValue.getInstance(is.getStatementInfo());
Iso4217CurrencyCode currency = monterayValue.getCurrency();
String isCurrency = currency.isAlphabetic() ? currency.getAlphabetic() : Integer.toString(currency.getNumeric());
String isAmount = monterayValue.getAmount().toString();
String isExponent = monterayValue.getExponent().toString();
if (!isCurrency.equals(expCurrency)) {
addViolation(failureMsg, "statementInfo[" + i + "].qcEuLimit.currency", isCurrency, expCurrency);
}
if (!isAmount.equals(expAmount)) {
addViolation(failureMsg, "statementInfo[" + i + "].qcEuLimit.amount", isAmount, expAmount);
}
if (!isExponent.equals(expExponent)) {
addViolation(failureMsg, "statementInfo[" + i + "].qcEuLimit.exponent", isExponent, expExponent);
}
} else {
throw new RuntimeException("statementInfo[" + i + "]should not reach here");
}
} catch (IOException ex) {
failureMsg.append("statementInfo[").append(i).append("] has incorrect syntax; ");
}
}
}
Also used :
QCStatement(org.bouncycastle.asn1.x509.qualified.QCStatement)
HashMap(java.util.HashMap)
QcStatementValueType(org.xipki.ca.certprofile.x509.jaxb.QcStatementValueType)
MonetaryValue(org.bouncycastle.asn1.x509.qualified.MonetaryValue)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
ASN1String(org.bouncycastle.asn1.ASN1String)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERT61String(org.bouncycastle.asn1.DERT61String)
IOException(java.io.IOException)
Iso4217CurrencyCode(org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
PdsLocationType(org.xipki.ca.certprofile.x509.jaxb.PdsLocationType)
QcStatements(org.xipki.ca.certprofile.x509.jaxb.QcStatements)
Extension(org.bouncycastle.asn1.x509.Extension)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
Range2Type(org.xipki.ca.certprofile.x509.jaxb.Range2Type)
QcStatementType(org.xipki.ca.certprofile.x509.jaxb.QcStatementType)
PdsLocationsType(org.xipki.ca.certprofile.x509.jaxb.PdsLocationsType)
HashSet(java.util.HashSet)
QcEuLimitValueType(org.xipki.ca.certprofile.x509.jaxb.QcEuLimitValueType)
Example 8 with MonetaryValue
use of com.github.zhenwei.core.asn1.x509.qualified.MonetaryValue in project xipki by xipki.
the class O2tChecker method checkExtnQcStatements.
// method checkExtnPrivateKeyUsagePeriod
void checkExtnQcStatements(StringBuilder failureMsg, byte[] extnValue, Extensions requestedExtns, ExtensionControl extnControl) {
QcStatements qcStatements = caller.getQcStatements();
if (qcStatements == null) {
caller.checkConstantExtnValue(Extension.qCStatements, failureMsg, extnValue, requestedExtns, extnControl);
return;
}
final int expSize = qcStatements.getQcStatements().size();
ASN1Sequence extValue = ASN1Sequence.getInstance(extnValue);
final int isSize = extValue.size();
if (isSize != expSize) {
addViolation(failureMsg, "number of statements", isSize, expSize);
return;
}
// extract the euLimit and pdsLocations data from request
Map<String, int[]> reqQcEuLimits = new HashMap<>();
Extension reqExtension = (requestedExtns == null) ? null : requestedExtns.getExtension(Extension.qCStatements);
if (reqExtension != null) {
ASN1Sequence seq = ASN1Sequence.getInstance(reqExtension.getParsedValue());
final int n = seq.size();
for (int j = 0; j < n; j++) {
QCStatement stmt = QCStatement.getInstance(seq.getObjectAt(j));
if (Extn.id_etsi_qcs_QcLimitValue.equals(stmt.getStatementId())) {
MonetaryValue monetaryValue = MonetaryValue.getInstance(stmt.getStatementInfo());
int amount = monetaryValue.getAmount().intValue();
int exponent = monetaryValue.getExponent().intValue();
Iso4217CurrencyCode currency = monetaryValue.getCurrency();
String currencyS = currency.isAlphabetic() ? currency.getAlphabetic().toUpperCase() : Integer.toString(currency.getNumeric());
reqQcEuLimits.put(currencyS, new int[] { amount, exponent });
}
}
}
for (int i = 0; i < expSize; i++) {
QCStatement is = QCStatement.getInstance(extValue.getObjectAt(i));
QcStatementType exp = qcStatements.getQcStatements().get(i);
if (!is.getStatementId().getId().equals(exp.getStatementId().getOid())) {
addViolation(failureMsg, "statmentId[" + i + "]", is.getStatementId().getId(), exp.getStatementId().getOid());
continue;
}
if (exp.getStatementValue() == null) {
if (is.getStatementInfo() != null) {
addViolation(failureMsg, "statmentInfo[" + i + "]", "present", "absent");
}
continue;
}
if (is.getStatementInfo() == null) {
addViolation(failureMsg, "statmentInfo[" + i + "]", "absent", "present");
continue;
}
QcStatementValueType expStatementValue = exp.getStatementValue();
try {
if (expStatementValue.getConstant() != null) {
byte[] expValue = expStatementValue.getConstant().getValue();
byte[] isValue = is.getStatementInfo().toASN1Primitive().getEncoded();
if (!Arrays.equals(isValue, expValue)) {
addViolation(failureMsg, "statementInfo[" + i + "]", hex(isValue), hex(expValue));
}
} else if (expStatementValue.getQcRetentionPeriod() != null) {
String isValue = ASN1Integer.getInstance(is.getStatementInfo()).toString();
String expValue = expStatementValue.getQcRetentionPeriod().toString();
if (!isValue.equals(expValue)) {
addViolation(failureMsg, "statementInfo[" + i + "]", isValue, expValue);
}
} else if (expStatementValue.getPdsLocations() != null) {
Set<String> pdsLocations = new HashSet<>();
ASN1Sequence pdsLocsSeq = ASN1Sequence.getInstance(is.getStatementInfo());
int size = pdsLocsSeq.size();
for (int k = 0; k < size; k++) {
ASN1Sequence pdsLocSeq = ASN1Sequence.getInstance(pdsLocsSeq.getObjectAt(k));
int size2 = pdsLocSeq.size();
if (size2 != 2) {
throw new IllegalArgumentException("sequence size is " + size2 + " but expected 2");
}
String url = DERIA5String.getInstance(pdsLocSeq.getObjectAt(0)).getString();
String lang = DERPrintableString.getInstance(pdsLocSeq.getObjectAt(1)).getString();
pdsLocations.add("url=" + url + ",lang=" + lang);
}
Set<String> expectedPdsLocations = new HashSet<>();
for (PdsLocationType m : expStatementValue.getPdsLocations()) {
expectedPdsLocations.add("url=" + m.getUrl() + ",lang=" + m.getLanguage());
}
Set<String> diffs = CheckerUtil.strInBnotInA(expectedPdsLocations, pdsLocations);
if (isNotEmpty(diffs)) {
failureMsg.append("statementInfo[").append(i).append("]: ").append(diffs).append(" are present but not expected; ");
}
diffs = CheckerUtil.strInBnotInA(pdsLocations, expectedPdsLocations);
if (isNotEmpty(diffs)) {
failureMsg.append("statementInfo[").append(i).append("]: ").append(diffs).append(" are absent but are required; ");
}
} else if (expStatementValue.getQcEuLimitValue() != null) {
QcEuLimitValueType euLimitConf = expStatementValue.getQcEuLimitValue();
String expCurrency = euLimitConf.getCurrency().toUpperCase();
int[] expAmountExp = reqQcEuLimits.get(expCurrency);
Range2Type range = euLimitConf.getAmount();
int value;
if (range.getMin() == range.getMax()) {
value = range.getMin();
} else if (expAmountExp != null) {
value = expAmountExp[0];
} else {
failureMsg.append("found no QcEuLimit for currency '").append(expCurrency).append("'; ");
return;
}
String expAmount = Integer.toString(value);
range = euLimitConf.getExponent();
if (range.getMin() == range.getMax()) {
value = range.getMin();
} else if (expAmountExp != null) {
value = expAmountExp[1];
} else {
failureMsg.append("found no QcEuLimit for currency '").append(expCurrency).append("'; ");
return;
}
String expExponent = Integer.toString(value);
MonetaryValue monterayValue = MonetaryValue.getInstance(is.getStatementInfo());
Iso4217CurrencyCode currency = monterayValue.getCurrency();
String isCurrency = currency.isAlphabetic() ? currency.getAlphabetic() : Integer.toString(currency.getNumeric());
String isAmount = monterayValue.getAmount().toString();
String isExponent = monterayValue.getExponent().toString();
if (!isCurrency.equals(expCurrency)) {
addViolation(failureMsg, "statementInfo[" + i + "].qcEuLimit.currency", isCurrency, expCurrency);
}
if (!isAmount.equals(expAmount)) {
addViolation(failureMsg, "statementInfo[" + i + "].qcEuLimit.amount", isAmount, expAmount);
}
if (!isExponent.equals(expExponent)) {
addViolation(failureMsg, "statementInfo[" + i + "].qcEuLimit.exponent", isExponent, expExponent);
}
} else {
throw new IllegalStateException("statementInfo[" + i + "]should not reach here");
}
} catch (IOException ex) {
failureMsg.append("statementInfo[").append(i).append("] has incorrect syntax; ");
}
}
}
Also used :
QCStatement(org.bouncycastle.asn1.x509.qualified.QCStatement)
MonetaryValue(org.bouncycastle.asn1.x509.qualified.MonetaryValue)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
IOException(java.io.IOException)
Iso4217CurrencyCode(org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode)
QcStatements(org.xipki.ca.certprofile.xijson.conf.QcStatements)
Example 9 with MonetaryValue
use of com.github.zhenwei.core.asn1.x509.qualified.MonetaryValue in project xipki by xipki.
the class XijsonExtensions method initQcStatements.
// method initPolicyMappings
private void initQcStatements(Set<ASN1ObjectIdentifier> extnIds, Map<String, ExtensionType> extensions) throws CertprofileException {
ASN1ObjectIdentifier type = Extension.qCStatements;
if (!extensionControls.containsKey(type)) {
return;
}
extnIds.remove(type);
QcStatements extConf = getExtension(type, extensions).getQcStatements();
if (extConf == null) {
return;
}
List<QcStatementType> qcStatementTypes = extConf.getQcStatements();
this.qcStatementsOption = new ArrayList<>(qcStatementTypes.size());
Set<String> currencyCodes = new HashSet<>();
boolean requireInfoFromReq = false;
for (QcStatementType m : qcStatementTypes) {
ASN1ObjectIdentifier qcStatementId = new ASN1ObjectIdentifier(m.getStatementId().getOid());
QcStatementOption qcStatementOption;
QcStatementValueType statementValue = m.getStatementValue();
if (statementValue == null) {
QCStatement qcStatment = new QCStatement(qcStatementId);
qcStatementOption = new QcStatementOption(qcStatment);
} else if (statementValue.getQcRetentionPeriod() != null) {
QCStatement qcStatment = new QCStatement(qcStatementId, new ASN1Integer(statementValue.getQcRetentionPeriod()));
qcStatementOption = new QcStatementOption(qcStatment);
} else if (statementValue.getConstant() != null) {
ASN1Encodable constantStatementValue;
try {
constantStatementValue = new ASN1StreamParser(statementValue.getConstant().getValue()).readObject();
} catch (IOException ex) {
throw new CertprofileException("can not parse the constant value of QcStatement");
}
QCStatement qcStatment = new QCStatement(qcStatementId, constantStatementValue);
qcStatementOption = new QcStatementOption(qcStatment);
} else if (statementValue.getQcEuLimitValue() != null) {
QcEuLimitValueType euLimitType = statementValue.getQcEuLimitValue();
String tmpCurrency = euLimitType.getCurrency().toUpperCase();
if (currencyCodes.contains(tmpCurrency)) {
throw new CertprofileException("Duplicated definition of qcStatments with QCEuLimitValue" + " for the currency " + tmpCurrency);
}
Iso4217CurrencyCode currency = StringUtil.isNumber(tmpCurrency) ? new Iso4217CurrencyCode(Integer.parseInt(tmpCurrency)) : new Iso4217CurrencyCode(tmpCurrency);
Range2Type r1 = euLimitType.getAmount();
Range2Type r2 = euLimitType.getExponent();
if (r1.getMin() == r1.getMax() && r2.getMin() == r2.getMax()) {
MonetaryValue monetaryValue = new MonetaryValue(currency, r1.getMin(), r2.getMin());
QCStatement qcStatement = new QCStatement(qcStatementId, monetaryValue);
qcStatementOption = new QcStatementOption(qcStatement);
} else {
MonetaryValueOption monetaryValueOption = new MonetaryValueOption(currency, r1, r2);
qcStatementOption = new QcStatementOption(qcStatementId, monetaryValueOption);
requireInfoFromReq = true;
}
currencyCodes.add(tmpCurrency);
} else if (statementValue.getPdsLocations() != null) {
ASN1EncodableVector vec = new ASN1EncodableVector();
for (PdsLocationType pl : statementValue.getPdsLocations()) {
ASN1EncodableVector vec2 = new ASN1EncodableVector();
vec2.add(new DERIA5String(pl.getUrl()));
String lang = pl.getLanguage();
if (lang.length() != 2) {
throw new CertprofileException("invalid language '" + lang + "'");
}
vec2.add(new DERPrintableString(lang));
DERSequence seq = new DERSequence(vec2);
vec.add(seq);
}
QCStatement qcStatement = new QCStatement(qcStatementId, new DERSequence(vec));
qcStatementOption = new QcStatementOption(qcStatement);
} else {
throw new CertprofileException("unknown value of qcStatment");
}
this.qcStatementsOption.add(qcStatementOption);
}
if (requireInfoFromReq) {
return;
}
ASN1EncodableVector vec = new ASN1EncodableVector();
for (QcStatementOption m : qcStatementsOption) {
if (m.getStatement() == null) {
throw new IllegalStateException("should not reach here");
}
vec.add(m.getStatement());
}
ASN1Sequence seq = new DERSequence(vec);
qcStatments = new ExtensionValue(extensionControls.get(type).isCritical(), seq);
qcStatementsOption = null;
}
Also used :
QCStatement(org.bouncycastle.asn1.x509.qualified.QCStatement)
Iso4217CurrencyCode(org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode)
QcStatements(org.xipki.ca.certprofile.xijson.conf.QcStatements)
ExtensionValue(org.xipki.ca.api.profile.ExtensionValue)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
MonetaryValue(org.bouncycastle.asn1.x509.qualified.MonetaryValue)
IOException(java.io.IOException)
Example 10 with MonetaryValue
use of com.github.zhenwei.core.asn1.x509.qualified.MonetaryValue in project LinLong-Java by zhenwei1108.
the class PKIXCertPathReviewer method processQcStatements.
private boolean processQcStatements(X509Certificate cert, int index) {
try {
boolean unknownStatement = false;
ASN1Sequence qcSt = (ASN1Sequence) getExtensionValue(cert, QC_STATEMENT);
for (int j = 0; j < qcSt.size(); j++) {
QCStatement stmt = QCStatement.getInstance(qcSt.getObjectAt(j));
if (QCStatement.id_etsi_qcs_QcCompliance.equals(stmt.getStatementId())) {
// process statement - just write a notification that the certificate contains this statement
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcEuCompliance");
addNotification(msg, index);
} else if (QCStatement.id_qcs_pkixQCSyntax_v1.equals(stmt.getStatementId())) {
// process statement - just recognize the statement
} else if (QCStatement.id_etsi_qcs_QcSSCD.equals(stmt.getStatementId())) {
// process statement - just write a notification that the certificate contains this statement
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcSSCD");
addNotification(msg, index);
} else if (QCStatement.id_etsi_qcs_LimiteValue.equals(stmt.getStatementId())) {
// process statement - write a notification containing the limit value
MonetaryValue limit = MonetaryValue.getInstance(stmt.getStatementInfo());
Iso4217CurrencyCode currency = limit.getCurrency();
double value = limit.getAmount().doubleValue() * Math.pow(10, limit.getExponent().doubleValue());
ErrorBundle msg;
if (limit.getCurrency().isAlphabetic()) {
msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcLimitValueAlpha", new Object[] { limit.getCurrency().getAlphabetic(), new TrustedInput(new Double(value)), limit });
} else {
msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcLimitValueNum", new Object[] { Integers.valueOf(limit.getCurrency().getNumeric()), new TrustedInput(new Double(value)), limit });
}
addNotification(msg, index);
} else {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcUnknownStatement", new Object[] { stmt.getStatementId(), new UntrustedInput(stmt) });
addNotification(msg, index);
unknownStatement = true;
}
}
return !unknownStatement;
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcStatementExtError");
addError(msg, index);
}
return false;
}
Also used :
ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence)
QCStatement(com.github.zhenwei.core.asn1.x509.qualified.QCStatement)
ErrorBundle(com.github.zhenwei.core.i18n.ErrorBundle)
MonetaryValue(com.github.zhenwei.core.asn1.x509.qualified.MonetaryValue)
TrustedInput(com.github.zhenwei.core.i18n.filter.TrustedInput)
ASN1TaggedObject(com.github.zhenwei.core.asn1.ASN1TaggedObject)
UntrustedInput(com.github.zhenwei.core.i18n.filter.UntrustedInput)
Iso4217CurrencyCode(com.github.zhenwei.core.asn1.x509.qualified.Iso4217CurrencyCode)
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)
Aggregations
Iso4217CurrencyCode (org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode)8
MonetaryValue (org.bouncycastle.asn1.x509.qualified.MonetaryValue)8
QCStatement (org.bouncycastle.asn1.x509.qualified.QCStatement)8
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)6
DERIA5String (org.bouncycastle.asn1.DERIA5String)6
DEROctetString (org.bouncycastle.asn1.DEROctetString)6
HashSet (java.util.HashSet)5
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)5
DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)5
IOException (java.io.IOException)4
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)4
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)4
DERSequence (org.bouncycastle.asn1.DERSequence)4
HashMap (java.util.HashMap)3
LinkedList (java.util.LinkedList)3
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)3
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)3
Extension (org.bouncycastle.asn1.x509.Extension)3
File (java.io.File)2
MessageDigest (java.security.MessageDigest)2
