Search in sources :

Example 26 with ASN1GeneralizedTime

use of com.unboundid.asn1.ASN1GeneralizedTime in project xipki by xipki.

the class ExtensionsChecker method checkExtensionSubjectDirAttrs.

// method checkExtensionInhibitAnyPolicy
private void checkExtensionSubjectDirAttrs(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) {
    SubjectDirectoryAttributesControl conf = certProfile.getSubjectDirAttrsControl();
    if (conf == null) {
        failureMsg.append("extension is present but not expected; ");
        return;
    }
    ASN1Encodable extInRequest = null;
    if (requestedExtensions != null) {
        extInRequest = requestedExtensions.getExtensionParsedValue(Extension.subjectDirectoryAttributes);
    }
    if (extInRequest == null) {
        failureMsg.append("extension is present but not expected; ");
        return;
    }
    SubjectDirectoryAttributes requested = SubjectDirectoryAttributes.getInstance(extInRequest);
    Vector<?> reqSubDirAttrs = requested.getAttributes();
    ASN1GeneralizedTime expDateOfBirth = null;
    String expPlaceOfBirth = null;
    String expGender = null;
    Set<String> expCountryOfCitizenshipList = new HashSet<>();
    Set<String> expCountryOfResidenceList = new HashSet<>();
    Map<ASN1ObjectIdentifier, Set<ASN1Encodable>> expOtherAttrs = new HashMap<>();
    final int expN = reqSubDirAttrs.size();
    for (int i = 0; i < expN; i++) {
        Attribute attr = Attribute.getInstance(reqSubDirAttrs.get(i));
        ASN1ObjectIdentifier attrType = attr.getAttrType();
        ASN1Encodable attrVal = attr.getAttributeValues()[0];
        if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(attrType)) {
            expDateOfBirth = ASN1GeneralizedTime.getInstance(attrVal);
        } else if (ObjectIdentifiers.DN_PLACE_OF_BIRTH.equals(attrType)) {
            expPlaceOfBirth = DirectoryString.getInstance(attrVal).getString();
        } else if (ObjectIdentifiers.DN_GENDER.equals(attrType)) {
            expGender = DERPrintableString.getInstance(attrVal).getString();
        } else if (ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP.equals(attrType)) {
            String country = DERPrintableString.getInstance(attrVal).getString();
            expCountryOfCitizenshipList.add(country);
        } else if (ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE.equals(attrType)) {
            String country = DERPrintableString.getInstance(attrVal).getString();
            expCountryOfResidenceList.add(country);
        } else {
            Set<ASN1Encodable> otherAttrVals = expOtherAttrs.get(attrType);
            if (otherAttrVals == null) {
                otherAttrVals = new HashSet<>();
                expOtherAttrs.put(attrType, otherAttrVals);
            }
            otherAttrVals.add(attrVal);
        }
    }
    SubjectDirectoryAttributes ext = SubjectDirectoryAttributes.getInstance(extensionValue);
    Vector<?> subDirAttrs = ext.getAttributes();
    ASN1GeneralizedTime dateOfBirth = null;
    String placeOfBirth = null;
    String gender = null;
    Set<String> countryOfCitizenshipList = new HashSet<>();
    Set<String> countryOfResidenceList = new HashSet<>();
    Map<ASN1ObjectIdentifier, Set<ASN1Encodable>> otherAttrs = new HashMap<>();
    List<ASN1ObjectIdentifier> attrTypes = new LinkedList<>(conf.getTypes());
    final int n = subDirAttrs.size();
    for (int i = 0; i < n; i++) {
        Attribute attr = Attribute.getInstance(subDirAttrs.get(i));
        ASN1ObjectIdentifier attrType = attr.getAttrType();
        if (!attrTypes.contains(attrType)) {
            failureMsg.append("attribute of type " + attrType.getId()).append(" is present but not expected; ");
            continue;
        }
        ASN1Encodable[] attrs = attr.getAttributeValues();
        if (attrs.length != 1) {
            failureMsg.append("attribute of type ").append(attrType.getId()).append(" does not single-value value: ").append(attrs.length).append("; ");
            continue;
        }
        ASN1Encodable attrVal = attrs[0];
        if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(attrType)) {
            dateOfBirth = ASN1GeneralizedTime.getInstance(attrVal);
        } else if (ObjectIdentifiers.DN_PLACE_OF_BIRTH.equals(attrType)) {
            placeOfBirth = DirectoryString.getInstance(attrVal).getString();
        } else if (ObjectIdentifiers.DN_GENDER.equals(attrType)) {
            gender = DERPrintableString.getInstance(attrVal).getString();
        } else if (ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP.equals(attrType)) {
            String country = DERPrintableString.getInstance(attrVal).getString();
            countryOfCitizenshipList.add(country);
        } else if (ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE.equals(attrType)) {
            String country = DERPrintableString.getInstance(attrVal).getString();
            countryOfResidenceList.add(country);
        } else {
            Set<ASN1Encodable> otherAttrVals = otherAttrs.get(attrType);
            if (otherAttrVals == null) {
                otherAttrVals = new HashSet<>();
                otherAttrs.put(attrType, otherAttrVals);
            }
            otherAttrVals.add(attrVal);
        }
    }
    if (dateOfBirth != null) {
        attrTypes.remove(ObjectIdentifiers.DN_DATE_OF_BIRTH);
    }
    if (placeOfBirth != null) {
        attrTypes.remove(ObjectIdentifiers.DN_PLACE_OF_BIRTH);
    }
    if (gender != null) {
        attrTypes.remove(ObjectIdentifiers.DN_GENDER);
    }
    if (!countryOfCitizenshipList.isEmpty()) {
        attrTypes.remove(ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP);
    }
    if (!countryOfResidenceList.isEmpty()) {
        attrTypes.remove(ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE);
    }
    attrTypes.removeAll(otherAttrs.keySet());
    if (!attrTypes.isEmpty()) {
        List<String> attrTypeTexts = new LinkedList<>();
        for (ASN1ObjectIdentifier oid : attrTypes) {
            attrTypeTexts.add(oid.getId());
        }
        failureMsg.append("required attributes of types ").append(attrTypeTexts).append(" are not present; ");
    }
    if (dateOfBirth != null) {
        String timeStirng = dateOfBirth.getTimeString();
        if (!SubjectDnSpec.PATTERN_DATE_OF_BIRTH.matcher(timeStirng).matches()) {
            failureMsg.append("invalid dateOfBirth: " + timeStirng + "; ");
        }
        String exp = (expDateOfBirth == null) ? null : expDateOfBirth.getTimeString();
        if (!timeStirng.equalsIgnoreCase(exp)) {
            addViolation(failureMsg, "dateOfBirth", timeStirng, exp);
        }
    }
    if (gender != null) {
        if (!(gender.equalsIgnoreCase("F") || gender.equalsIgnoreCase("M"))) {
            failureMsg.append("invalid gender: ").append(gender).append("; ");
        }
        if (!gender.equalsIgnoreCase(expGender)) {
            addViolation(failureMsg, "gender", gender, expGender);
        }
    }
    if (placeOfBirth != null) {
        if (!placeOfBirth.equals(expPlaceOfBirth)) {
            addViolation(failureMsg, "placeOfBirth", placeOfBirth, expPlaceOfBirth);
        }
    }
    if (!countryOfCitizenshipList.isEmpty()) {
        Set<String> diffs = strInBnotInA(expCountryOfCitizenshipList, countryOfCitizenshipList);
        if (CollectionUtil.isNonEmpty(diffs)) {
            failureMsg.append("countryOfCitizenship ").append(diffs.toString()).append(" are present but not expected; ");
        }
        diffs = strInBnotInA(countryOfCitizenshipList, expCountryOfCitizenshipList);
        if (CollectionUtil.isNonEmpty(diffs)) {
            failureMsg.append("countryOfCitizenship ").append(diffs.toString()).append(" are absent but are required; ");
        }
    }
    if (!countryOfResidenceList.isEmpty()) {
        Set<String> diffs = strInBnotInA(expCountryOfResidenceList, countryOfResidenceList);
        if (CollectionUtil.isNonEmpty(diffs)) {
            failureMsg.append("countryOfResidence ").append(diffs.toString()).append(" are present but not expected; ");
        }
        diffs = strInBnotInA(countryOfResidenceList, expCountryOfResidenceList);
        if (CollectionUtil.isNonEmpty(diffs)) {
            failureMsg.append("countryOfResidence ").append(diffs.toString()).append(" are absent but are required; ");
        }
    }
    if (!otherAttrs.isEmpty()) {
        for (ASN1ObjectIdentifier attrType : otherAttrs.keySet()) {
            Set<ASN1Encodable> expAttrValues = expOtherAttrs.get(attrType);
            if (expAttrValues == null) {
                failureMsg.append("attribute of type ").append(attrType.getId()).append(" is present but not requested; ");
                continue;
            }
            Set<ASN1Encodable> attrValues = otherAttrs.get(attrType);
            if (!attrValues.equals(expAttrValues)) {
                failureMsg.append("attribute of type ").append(attrType.getId()).append(" differs from the requested one; ");
                continue;
            }
        }
    }
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) Attribute(org.bouncycastle.asn1.x509.Attribute) SubjectDirectoryAttributes(org.bouncycastle.asn1.x509.SubjectDirectoryAttributes) ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERT61String(org.bouncycastle.asn1.DERT61String) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) LinkedList(java.util.LinkedList) SubjectDirectoryAttributesControl(org.xipki.ca.api.profile.x509.SubjectDirectoryAttributesControl) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) HashSet(java.util.HashSet)

Example 27 with ASN1GeneralizedTime

use of com.unboundid.asn1.ASN1GeneralizedTime in project keystore-explorer by kaikramer.

the class X509Ext method getPrivateKeyUsagePeriodStringValue.

private static String getPrivateKeyUsagePeriodStringValue(byte[] value) throws IOException {
    // @formatter:off
    /*
		 * PrivateKeyUsagePeriod ::= ASN1Sequence { notBefore [0]
		 * ASN1GeneralizedTime OPTIONAL, notAfter [1] ASN1GeneralizedTime OPTIONAL }
		 */
    // @formatter:on
    StringBuilder sb = new StringBuilder();
    PrivateKeyUsagePeriod privateKeyUsagePeriod = PrivateKeyUsagePeriod.getInstance(value);
    ASN1GeneralizedTime notBefore = privateKeyUsagePeriod.getNotBefore();
    ASN1GeneralizedTime notAfter = privateKeyUsagePeriod.getNotAfter();
    if (notBefore != null) {
        sb.append(MessageFormat.format(res.getString("NotBeforePrivateKeyUsagePeriod"), getGeneralizedTimeString(notBefore)));
    } else {
        sb.append(MessageFormat.format(res.getString("NotBeforePrivateKeyUsagePeriod"), res.getString("NoValue")));
    }
    sb.append(NEWLINE);
    if (notAfter != null) {
        sb.append(MessageFormat.format(res.getString("NotAfterPrivateKeyUsagePeriod"), getGeneralizedTimeString(notAfter)));
    } else {
        sb.append(MessageFormat.format(res.getString("NotAfterPrivateKeyUsagePeriod"), res.getString("NoValue")));
    }
    sb.append(NEWLINE);
    return sb.toString();
}
Also used : ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) PrivateKeyUsagePeriod(org.bouncycastle.asn1.x509.PrivateKeyUsagePeriod)

Example 28 with ASN1GeneralizedTime

use of com.unboundid.asn1.ASN1GeneralizedTime in project xipki by xipki.

the class ExtensionConfBuilder method createConstantExtensions.

// method createSyntaxSequenceOfOrSetOf
public static List<ExtensionType> createConstantExtensions(ASN1ObjectIdentifier oidPrefix, Tag tag) throws IOException {
    List<ExtensionType> list = new LinkedList<>();
    // Custom Constant Extension Value
    list.add(createConstantExtension(oidPrefix.branch("1"), true, false, tag, FieldType.BIT_STRING, Base64.encodeToString(new byte[] { 1, 2 })));
    list.add(createConstantExtension(oidPrefix.branch("2"), true, false, tag, FieldType.BMPString, "A BMP string"));
    list.add(createConstantExtension(oidPrefix.branch("3"), true, false, tag, FieldType.BOOLEAN, Boolean.TRUE.toString()));
    list.add(createConstantExtension(oidPrefix.branch("4"), true, false, tag, FieldType.IA5String, "An IA5 string"));
    list.add(createConstantExtension(oidPrefix.branch("5"), true, false, tag, FieldType.INTEGER, "10"));
    list.add(createConstantExtension(oidPrefix.branch("6"), true, false, tag, FieldType.NULL, null));
    list.add(createConstantExtension(oidPrefix.branch("7"), true, false, tag, FieldType.OCTET_STRING, Base64.encodeToString(new byte[] { 3, 4 })));
    list.add(createConstantExtension(oidPrefix.branch("8"), true, false, tag, FieldType.OID, "2.3.4.5"));
    list.add(createConstantExtension(oidPrefix.branch("9"), true, false, tag, FieldType.PrintableString, "A printable string"));
    list.add(createConstantExtension(oidPrefix.branch("10"), true, false, tag, FieldType.RAW, Base64.encodeToString(DERNull.INSTANCE.getEncoded())));
    last(list).getConstant().setDescription("DER NULL");
    list.add(createConstantExtension(oidPrefix.branch("11"), true, false, tag, FieldType.TeletexString, "A teletax string"));
    list.add(createConstantExtension(oidPrefix.branch("12"), true, false, tag, FieldType.UTF8String, "A UTF8 string"));
    list.add(createConstantExtension(oidPrefix.branch("13"), true, false, tag, FieldType.ENUMERATED, "2"));
    list.add(createConstantExtension(oidPrefix.branch("14"), true, false, tag, FieldType.GeneralizedTime, new ASN1GeneralizedTime("20180314130102Z").getTimeString()));
    list.add(createConstantExtension(oidPrefix.branch("15"), true, false, tag, FieldType.UTCTime, "190314130102Z"));
    list.add(createConstantExtension(oidPrefix.branch("16"), true, false, tag, FieldType.Name, "CN=abc,C=DE"));
    list.add(createConstantExtension(oidPrefix.branch("17"), true, false, tag, FieldType.SEQUENCE, null));
    last(list).getConstant().setListValue(createConstantSequenceOrSet());
    list.add(createConstantExtension(oidPrefix.branch("18"), true, false, tag, FieldType.SEQUENCE_OF, null));
    last(list).getConstant().setListValue(createConstantSequenceOfOrSetOf());
    list.add(createConstantExtension(oidPrefix.branch("19"), true, false, tag, FieldType.SET, null));
    last(list).getConstant().setListValue(createConstantSequenceOrSet());
    list.add(createConstantExtension(oidPrefix.branch("20"), true, false, tag, FieldType.SET_OF, null));
    last(list).getConstant().setListValue(createConstantSequenceOfOrSetOf());
    return list;
}
Also used : TlsExtensionType(org.xipki.security.TlsExtensionType) ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime)

Example 29 with ASN1GeneralizedTime

use of com.unboundid.asn1.ASN1GeneralizedTime in project openkeystore by cyberphone.

the class CA method getASN1Time.

private ASN1Time getASN1Time(Date date) throws IOException {
    GregorianCalendar gc = new GregorianCalendar();
    gc.setTime(date);
    if (gc.get(GregorianCalendar.YEAR) < 2050) {
        return new ASN1UTCTime(date);
    }
    return new ASN1GeneralizedTime(date);
}
Also used : GregorianCalendar(java.util.GregorianCalendar) ASN1UTCTime(org.webpki.asn1.ASN1UTCTime) ASN1GeneralizedTime(org.webpki.asn1.ASN1GeneralizedTime)

Example 30 with ASN1GeneralizedTime

use of com.unboundid.asn1.ASN1GeneralizedTime in project jruby-openssl by jruby.

the class OCSPSingleResponse method check_validity.

@JRubyMethod(name = "check_validity", rest = true)
public IRubyObject check_validity(IRubyObject[] args) {
    Ruby runtime = getRuntime();
    int nsec, maxsec;
    Date thisUpdate, nextUpdate;
    if (Arity.checkArgumentCount(runtime, args, 0, 2) == 0) {
        nsec = 0;
        maxsec = -1;
    } else if (Arity.checkArgumentCount(runtime, args, 0, 2) == 1) {
        RubyFixnum rNsec = (RubyFixnum) args[0];
        nsec = (int) rNsec.getLongValue();
        maxsec = -1;
    } else {
        RubyFixnum rNsec = (RubyFixnum) args[0];
        RubyFixnum rMaxsec = (RubyFixnum) args[1];
        nsec = (int) rNsec.getLongValue();
        maxsec = (int) rMaxsec.getLongValue();
    }
    try {
        ASN1GeneralizedTime bcThisUpdate = bcSingleResponse.getThisUpdate();
        if (bcThisUpdate == null) {
            thisUpdate = null;
        } else {
            thisUpdate = bcThisUpdate.getDate();
        }
        ASN1GeneralizedTime bcNextUpdate = bcSingleResponse.getNextUpdate();
        if (bcNextUpdate == null) {
            nextUpdate = null;
        } else {
            nextUpdate = bcNextUpdate.getDate();
        }
    } catch (ParseException e) {
        throw newOCSPError(runtime, e);
    }
    return RubyBoolean.newBoolean(runtime, checkValidityImpl(thisUpdate, nextUpdate, nsec, maxsec));
}
Also used : ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) ParseException(java.text.ParseException) Ruby(org.jruby.Ruby) Date(java.util.Date) RubyFixnum(org.jruby.RubyFixnum) JRubyMethod(org.jruby.anno.JRubyMethod)

Aggregations

ASN1GeneralizedTime (org.bouncycastle.asn1.ASN1GeneralizedTime)24 ASN1GeneralizedTime (com.unboundid.asn1.ASN1GeneralizedTime)10 ASN1Sequence (com.unboundid.asn1.ASN1Sequence)10 IOException (java.io.IOException)10 Date (java.util.Date)10 ASN1BigInteger (com.unboundid.asn1.ASN1BigInteger)9 ASN1BitString (com.unboundid.asn1.ASN1BitString)9 ASN1Element (com.unboundid.asn1.ASN1Element)9 ASN1Integer (com.unboundid.asn1.ASN1Integer)9 ASN1Null (com.unboundid.asn1.ASN1Null)9 ASN1ObjectIdentifier (com.unboundid.asn1.ASN1ObjectIdentifier)9 DN (com.unboundid.ldap.sdk.DN)9 OID (com.unboundid.util.OID)9 Test (org.testng.annotations.Test)9 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7 DEROctetString (org.bouncycastle.asn1.DEROctetString)7 ASN1GeneralizedTime (com.github.zhenwei.core.asn1.ASN1GeneralizedTime)6 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)6 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)6 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)5