use of com.unboundid.asn1.ASN1GeneralizedTime in project xipki by xipki.
the class ExtensionsChecker method checkExtensionSubjectDirAttrs.
// method checkExtensionInhibitAnyPolicy
private void checkExtensionSubjectDirAttrs(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) {
SubjectDirectoryAttributesControl conf = certProfile.getSubjectDirAttrsControl();
if (conf == null) {
failureMsg.append("extension is present but not expected; ");
return;
}
ASN1Encodable extInRequest = null;
if (requestedExtensions != null) {
extInRequest = requestedExtensions.getExtensionParsedValue(Extension.subjectDirectoryAttributes);
}
if (extInRequest == null) {
failureMsg.append("extension is present but not expected; ");
return;
}
SubjectDirectoryAttributes requested = SubjectDirectoryAttributes.getInstance(extInRequest);
Vector<?> reqSubDirAttrs = requested.getAttributes();
ASN1GeneralizedTime expDateOfBirth = null;
String expPlaceOfBirth = null;
String expGender = null;
Set<String> expCountryOfCitizenshipList = new HashSet<>();
Set<String> expCountryOfResidenceList = new HashSet<>();
Map<ASN1ObjectIdentifier, Set<ASN1Encodable>> expOtherAttrs = new HashMap<>();
final int expN = reqSubDirAttrs.size();
for (int i = 0; i < expN; i++) {
Attribute attr = Attribute.getInstance(reqSubDirAttrs.get(i));
ASN1ObjectIdentifier attrType = attr.getAttrType();
ASN1Encodable attrVal = attr.getAttributeValues()[0];
if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(attrType)) {
expDateOfBirth = ASN1GeneralizedTime.getInstance(attrVal);
} else if (ObjectIdentifiers.DN_PLACE_OF_BIRTH.equals(attrType)) {
expPlaceOfBirth = DirectoryString.getInstance(attrVal).getString();
} else if (ObjectIdentifiers.DN_GENDER.equals(attrType)) {
expGender = DERPrintableString.getInstance(attrVal).getString();
} else if (ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP.equals(attrType)) {
String country = DERPrintableString.getInstance(attrVal).getString();
expCountryOfCitizenshipList.add(country);
} else if (ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE.equals(attrType)) {
String country = DERPrintableString.getInstance(attrVal).getString();
expCountryOfResidenceList.add(country);
} else {
Set<ASN1Encodable> otherAttrVals = expOtherAttrs.get(attrType);
if (otherAttrVals == null) {
otherAttrVals = new HashSet<>();
expOtherAttrs.put(attrType, otherAttrVals);
}
otherAttrVals.add(attrVal);
}
}
SubjectDirectoryAttributes ext = SubjectDirectoryAttributes.getInstance(extensionValue);
Vector<?> subDirAttrs = ext.getAttributes();
ASN1GeneralizedTime dateOfBirth = null;
String placeOfBirth = null;
String gender = null;
Set<String> countryOfCitizenshipList = new HashSet<>();
Set<String> countryOfResidenceList = new HashSet<>();
Map<ASN1ObjectIdentifier, Set<ASN1Encodable>> otherAttrs = new HashMap<>();
List<ASN1ObjectIdentifier> attrTypes = new LinkedList<>(conf.getTypes());
final int n = subDirAttrs.size();
for (int i = 0; i < n; i++) {
Attribute attr = Attribute.getInstance(subDirAttrs.get(i));
ASN1ObjectIdentifier attrType = attr.getAttrType();
if (!attrTypes.contains(attrType)) {
failureMsg.append("attribute of type " + attrType.getId()).append(" is present but not expected; ");
continue;
}
ASN1Encodable[] attrs = attr.getAttributeValues();
if (attrs.length != 1) {
failureMsg.append("attribute of type ").append(attrType.getId()).append(" does not single-value value: ").append(attrs.length).append("; ");
continue;
}
ASN1Encodable attrVal = attrs[0];
if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(attrType)) {
dateOfBirth = ASN1GeneralizedTime.getInstance(attrVal);
} else if (ObjectIdentifiers.DN_PLACE_OF_BIRTH.equals(attrType)) {
placeOfBirth = DirectoryString.getInstance(attrVal).getString();
} else if (ObjectIdentifiers.DN_GENDER.equals(attrType)) {
gender = DERPrintableString.getInstance(attrVal).getString();
} else if (ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP.equals(attrType)) {
String country = DERPrintableString.getInstance(attrVal).getString();
countryOfCitizenshipList.add(country);
} else if (ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE.equals(attrType)) {
String country = DERPrintableString.getInstance(attrVal).getString();
countryOfResidenceList.add(country);
} else {
Set<ASN1Encodable> otherAttrVals = otherAttrs.get(attrType);
if (otherAttrVals == null) {
otherAttrVals = new HashSet<>();
otherAttrs.put(attrType, otherAttrVals);
}
otherAttrVals.add(attrVal);
}
}
if (dateOfBirth != null) {
attrTypes.remove(ObjectIdentifiers.DN_DATE_OF_BIRTH);
}
if (placeOfBirth != null) {
attrTypes.remove(ObjectIdentifiers.DN_PLACE_OF_BIRTH);
}
if (gender != null) {
attrTypes.remove(ObjectIdentifiers.DN_GENDER);
}
if (!countryOfCitizenshipList.isEmpty()) {
attrTypes.remove(ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP);
}
if (!countryOfResidenceList.isEmpty()) {
attrTypes.remove(ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE);
}
attrTypes.removeAll(otherAttrs.keySet());
if (!attrTypes.isEmpty()) {
List<String> attrTypeTexts = new LinkedList<>();
for (ASN1ObjectIdentifier oid : attrTypes) {
attrTypeTexts.add(oid.getId());
}
failureMsg.append("required attributes of types ").append(attrTypeTexts).append(" are not present; ");
}
if (dateOfBirth != null) {
String timeStirng = dateOfBirth.getTimeString();
if (!SubjectDnSpec.PATTERN_DATE_OF_BIRTH.matcher(timeStirng).matches()) {
failureMsg.append("invalid dateOfBirth: " + timeStirng + "; ");
}
String exp = (expDateOfBirth == null) ? null : expDateOfBirth.getTimeString();
if (!timeStirng.equalsIgnoreCase(exp)) {
addViolation(failureMsg, "dateOfBirth", timeStirng, exp);
}
}
if (gender != null) {
if (!(gender.equalsIgnoreCase("F") || gender.equalsIgnoreCase("M"))) {
failureMsg.append("invalid gender: ").append(gender).append("; ");
}
if (!gender.equalsIgnoreCase(expGender)) {
addViolation(failureMsg, "gender", gender, expGender);
}
}
if (placeOfBirth != null) {
if (!placeOfBirth.equals(expPlaceOfBirth)) {
addViolation(failureMsg, "placeOfBirth", placeOfBirth, expPlaceOfBirth);
}
}
if (!countryOfCitizenshipList.isEmpty()) {
Set<String> diffs = strInBnotInA(expCountryOfCitizenshipList, countryOfCitizenshipList);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("countryOfCitizenship ").append(diffs.toString()).append(" are present but not expected; ");
}
diffs = strInBnotInA(countryOfCitizenshipList, expCountryOfCitizenshipList);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("countryOfCitizenship ").append(diffs.toString()).append(" are absent but are required; ");
}
}
if (!countryOfResidenceList.isEmpty()) {
Set<String> diffs = strInBnotInA(expCountryOfResidenceList, countryOfResidenceList);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("countryOfResidence ").append(diffs.toString()).append(" are present but not expected; ");
}
diffs = strInBnotInA(countryOfResidenceList, expCountryOfResidenceList);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("countryOfResidence ").append(diffs.toString()).append(" are absent but are required; ");
}
}
if (!otherAttrs.isEmpty()) {
for (ASN1ObjectIdentifier attrType : otherAttrs.keySet()) {
Set<ASN1Encodable> expAttrValues = expOtherAttrs.get(attrType);
if (expAttrValues == null) {
failureMsg.append("attribute of type ").append(attrType.getId()).append(" is present but not requested; ");
continue;
}
Set<ASN1Encodable> attrValues = otherAttrs.get(attrType);
if (!attrValues.equals(expAttrValues)) {
failureMsg.append("attribute of type ").append(attrType.getId()).append(" differs from the requested one; ");
continue;
}
}
}
}
use of com.unboundid.asn1.ASN1GeneralizedTime in project keystore-explorer by kaikramer.
the class X509Ext method getPrivateKeyUsagePeriodStringValue.
private static String getPrivateKeyUsagePeriodStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* PrivateKeyUsagePeriod ::= ASN1Sequence { notBefore [0]
* ASN1GeneralizedTime OPTIONAL, notAfter [1] ASN1GeneralizedTime OPTIONAL }
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
PrivateKeyUsagePeriod privateKeyUsagePeriod = PrivateKeyUsagePeriod.getInstance(value);
ASN1GeneralizedTime notBefore = privateKeyUsagePeriod.getNotBefore();
ASN1GeneralizedTime notAfter = privateKeyUsagePeriod.getNotAfter();
if (notBefore != null) {
sb.append(MessageFormat.format(res.getString("NotBeforePrivateKeyUsagePeriod"), getGeneralizedTimeString(notBefore)));
} else {
sb.append(MessageFormat.format(res.getString("NotBeforePrivateKeyUsagePeriod"), res.getString("NoValue")));
}
sb.append(NEWLINE);
if (notAfter != null) {
sb.append(MessageFormat.format(res.getString("NotAfterPrivateKeyUsagePeriod"), getGeneralizedTimeString(notAfter)));
} else {
sb.append(MessageFormat.format(res.getString("NotAfterPrivateKeyUsagePeriod"), res.getString("NoValue")));
}
sb.append(NEWLINE);
return sb.toString();
}
use of com.unboundid.asn1.ASN1GeneralizedTime in project xipki by xipki.
the class ExtensionConfBuilder method createConstantExtensions.
// method createSyntaxSequenceOfOrSetOf
public static List<ExtensionType> createConstantExtensions(ASN1ObjectIdentifier oidPrefix, Tag tag) throws IOException {
List<ExtensionType> list = new LinkedList<>();
// Custom Constant Extension Value
list.add(createConstantExtension(oidPrefix.branch("1"), true, false, tag, FieldType.BIT_STRING, Base64.encodeToString(new byte[] { 1, 2 })));
list.add(createConstantExtension(oidPrefix.branch("2"), true, false, tag, FieldType.BMPString, "A BMP string"));
list.add(createConstantExtension(oidPrefix.branch("3"), true, false, tag, FieldType.BOOLEAN, Boolean.TRUE.toString()));
list.add(createConstantExtension(oidPrefix.branch("4"), true, false, tag, FieldType.IA5String, "An IA5 string"));
list.add(createConstantExtension(oidPrefix.branch("5"), true, false, tag, FieldType.INTEGER, "10"));
list.add(createConstantExtension(oidPrefix.branch("6"), true, false, tag, FieldType.NULL, null));
list.add(createConstantExtension(oidPrefix.branch("7"), true, false, tag, FieldType.OCTET_STRING, Base64.encodeToString(new byte[] { 3, 4 })));
list.add(createConstantExtension(oidPrefix.branch("8"), true, false, tag, FieldType.OID, "2.3.4.5"));
list.add(createConstantExtension(oidPrefix.branch("9"), true, false, tag, FieldType.PrintableString, "A printable string"));
list.add(createConstantExtension(oidPrefix.branch("10"), true, false, tag, FieldType.RAW, Base64.encodeToString(DERNull.INSTANCE.getEncoded())));
last(list).getConstant().setDescription("DER NULL");
list.add(createConstantExtension(oidPrefix.branch("11"), true, false, tag, FieldType.TeletexString, "A teletax string"));
list.add(createConstantExtension(oidPrefix.branch("12"), true, false, tag, FieldType.UTF8String, "A UTF8 string"));
list.add(createConstantExtension(oidPrefix.branch("13"), true, false, tag, FieldType.ENUMERATED, "2"));
list.add(createConstantExtension(oidPrefix.branch("14"), true, false, tag, FieldType.GeneralizedTime, new ASN1GeneralizedTime("20180314130102Z").getTimeString()));
list.add(createConstantExtension(oidPrefix.branch("15"), true, false, tag, FieldType.UTCTime, "190314130102Z"));
list.add(createConstantExtension(oidPrefix.branch("16"), true, false, tag, FieldType.Name, "CN=abc,C=DE"));
list.add(createConstantExtension(oidPrefix.branch("17"), true, false, tag, FieldType.SEQUENCE, null));
last(list).getConstant().setListValue(createConstantSequenceOrSet());
list.add(createConstantExtension(oidPrefix.branch("18"), true, false, tag, FieldType.SEQUENCE_OF, null));
last(list).getConstant().setListValue(createConstantSequenceOfOrSetOf());
list.add(createConstantExtension(oidPrefix.branch("19"), true, false, tag, FieldType.SET, null));
last(list).getConstant().setListValue(createConstantSequenceOrSet());
list.add(createConstantExtension(oidPrefix.branch("20"), true, false, tag, FieldType.SET_OF, null));
last(list).getConstant().setListValue(createConstantSequenceOfOrSetOf());
return list;
}
use of com.unboundid.asn1.ASN1GeneralizedTime in project openkeystore by cyberphone.
the class CA method getASN1Time.
private ASN1Time getASN1Time(Date date) throws IOException {
GregorianCalendar gc = new GregorianCalendar();
gc.setTime(date);
if (gc.get(GregorianCalendar.YEAR) < 2050) {
return new ASN1UTCTime(date);
}
return new ASN1GeneralizedTime(date);
}
use of com.unboundid.asn1.ASN1GeneralizedTime in project jruby-openssl by jruby.
the class OCSPSingleResponse method check_validity.
@JRubyMethod(name = "check_validity", rest = true)
public IRubyObject check_validity(IRubyObject[] args) {
Ruby runtime = getRuntime();
int nsec, maxsec;
Date thisUpdate, nextUpdate;
if (Arity.checkArgumentCount(runtime, args, 0, 2) == 0) {
nsec = 0;
maxsec = -1;
} else if (Arity.checkArgumentCount(runtime, args, 0, 2) == 1) {
RubyFixnum rNsec = (RubyFixnum) args[0];
nsec = (int) rNsec.getLongValue();
maxsec = -1;
} else {
RubyFixnum rNsec = (RubyFixnum) args[0];
RubyFixnum rMaxsec = (RubyFixnum) args[1];
nsec = (int) rNsec.getLongValue();
maxsec = (int) rMaxsec.getLongValue();
}
try {
ASN1GeneralizedTime bcThisUpdate = bcSingleResponse.getThisUpdate();
if (bcThisUpdate == null) {
thisUpdate = null;
} else {
thisUpdate = bcThisUpdate.getDate();
}
ASN1GeneralizedTime bcNextUpdate = bcSingleResponse.getNextUpdate();
if (bcNextUpdate == null) {
nextUpdate = null;
} else {
nextUpdate = bcNextUpdate.getDate();
}
} catch (ParseException e) {
throw newOCSPError(runtime, e);
}
return RubyBoolean.newBoolean(runtime, checkValidityImpl(thisUpdate, nextUpdate, nsec, maxsec));
}
Aggregations