Search in sources :

Example 31 with ASN1GeneralizedTime

use of com.unboundid.asn1.ASN1GeneralizedTime in project LinLong-Java by zhenwei1108.

the class BasicOCSPRespBuilder method build.

public BasicOCSPResp build(ContentSigner signer, X509CertificateHolder[] chain, Date producedAt) throws OCSPException {
    Iterator it = list.iterator();
    ASN1EncodableVector responses = new ASN1EncodableVector();
    while (it.hasNext()) {
        try {
            responses.add(((ResponseObject) it.next()).toResponse());
        } catch (Exception e) {
            throw new OCSPException("exception creating Request", e);
        }
    }
    ResponseData tbsResp = new ResponseData(responderID.toASN1Primitive(), new ASN1GeneralizedTime(producedAt), new DERSequence(responses), responseExtensions);
    DERBitString bitSig;
    try {
        OutputStream sigOut = signer.getOutputStream();
        sigOut.write(tbsResp.getEncoded(ASN1Encoding.DER));
        sigOut.close();
        bitSig = new DERBitString(signer.getSignature());
    } catch (Exception e) {
        throw new OCSPException("exception processing TBSRequest: " + e.getMessage(), e);
    }
    AlgorithmIdentifier sigAlgId = signer.getAlgorithmIdentifier();
    DERSequence chainSeq = null;
    if (chain != null && chain.length > 0) {
        ASN1EncodableVector v = new ASN1EncodableVector();
        for (int i = 0; i != chain.length; i++) {
            v.add(chain[i].toASN1Structure());
        }
        chainSeq = new DERSequence(v);
    }
    return new BasicOCSPResp(new BasicOCSPResponse(tbsResp, sigAlgId, bitSig, chainSeq));
}
Also used : ResponseData(com.github.zhenwei.core.asn1.ocsp.ResponseData) OutputStream(java.io.OutputStream) ASN1GeneralizedTime(com.github.zhenwei.core.asn1.ASN1GeneralizedTime) DERBitString(com.github.zhenwei.core.asn1.DERBitString) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) DERSequence(com.github.zhenwei.core.asn1.DERSequence) BasicOCSPResponse(com.github.zhenwei.core.asn1.ocsp.BasicOCSPResponse) Iterator(java.util.Iterator) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)

Example 32 with ASN1GeneralizedTime

use of com.unboundid.asn1.ASN1GeneralizedTime in project LinLong-Java by zhenwei1108.

the class TimeStampTokenGenerator method generate.

/**
 * Generate a TimeStampToken for the passed in request and serialNumber marking it with the passed
 * in genTime.
 *
 * @param request              the originating request.
 * @param serialNumber         serial number for the TimeStampToken
 * @param genTime              token generation time.
 * @param additionalExtensions extra extensions to be added to the response token.
 * @return a TimeStampToken
 * @throws TSPException
 */
public TimeStampToken generate(TimeStampRequest request, BigInteger serialNumber, Date genTime, Extensions additionalExtensions) throws TSPException {
    AlgorithmIdentifier algID = request.getMessageImprintAlgID();
    MessageImprint messageImprint = new MessageImprint(algID, request.getMessageImprintDigest());
    Accuracy accuracy = null;
    if (accuracySeconds > 0 || accuracyMillis > 0 || accuracyMicros > 0) {
        ASN1Integer seconds = null;
        if (accuracySeconds > 0) {
            seconds = new ASN1Integer(accuracySeconds);
        }
        ASN1Integer millis = null;
        if (accuracyMillis > 0) {
            millis = new ASN1Integer(accuracyMillis);
        }
        ASN1Integer micros = null;
        if (accuracyMicros > 0) {
            micros = new ASN1Integer(accuracyMicros);
        }
        accuracy = new Accuracy(seconds, millis, micros);
    }
    ASN1Boolean derOrdering = null;
    if (ordering) {
        derOrdering = ASN1Boolean.getInstance(ordering);
    }
    ASN1Integer nonce = null;
    if (request.getNonce() != null) {
        nonce = new ASN1Integer(request.getNonce());
    }
    ASN1ObjectIdentifier tsaPolicy = tsaPolicyOID;
    if (request.getReqPolicy() != null) {
        tsaPolicy = request.getReqPolicy();
    }
    Extensions respExtensions = request.getExtensions();
    if (additionalExtensions != null) {
        ExtensionsGenerator extGen = new ExtensionsGenerator();
        if (respExtensions != null) {
            for (Enumeration en = respExtensions.oids(); en.hasMoreElements(); ) {
                extGen.addExtension(respExtensions.getExtension(ASN1ObjectIdentifier.getInstance(en.nextElement())));
            }
        }
        for (Enumeration en = additionalExtensions.oids(); en.hasMoreElements(); ) {
            extGen.addExtension(additionalExtensions.getExtension(ASN1ObjectIdentifier.getInstance(en.nextElement())));
        }
        respExtensions = extGen.generate();
    }
    ASN1GeneralizedTime timeStampTime;
    if (resolution == R_SECONDS) {
        timeStampTime = (locale == null) ? new ASN1GeneralizedTime(genTime) : new ASN1GeneralizedTime(genTime, locale);
    } else {
        timeStampTime = createGeneralizedTime(genTime);
    }
    TSTInfo tstInfo = new TSTInfo(tsaPolicy, messageImprint, new ASN1Integer(serialNumber), timeStampTime, accuracy, derOrdering, nonce, tsa, respExtensions);
    try {
        CMSSignedDataGenerator signedDataGenerator = new CMSSignedDataGenerator();
        if (request.getCertReq()) {
            // TODO: do we need to check certs non-empty?
            signedDataGenerator.addCertificates(new CollectionStore(certs));
            signedDataGenerator.addAttributeCertificates(new CollectionStore(attrCerts));
        }
        signedDataGenerator.addCRLs(new CollectionStore(crls));
        if (!otherRevoc.isEmpty()) {
            for (Iterator it = otherRevoc.keySet().iterator(); it.hasNext(); ) {
                ASN1ObjectIdentifier format = (ASN1ObjectIdentifier) it.next();
                signedDataGenerator.addOtherRevocationInfo(format, new CollectionStore((Collection) otherRevoc.get(format)));
            }
        }
        signedDataGenerator.addSignerInfoGenerator(signerInfoGen);
        byte[] derEncodedTSTInfo = tstInfo.getEncoded(ASN1Encoding.DER);
        CMSSignedData signedData = signedDataGenerator.generate(new CMSProcessableByteArray(PKCSObjectIdentifiers.id_ct_TSTInfo, derEncodedTSTInfo), true);
        return new TimeStampToken(signedData);
    } catch (CMSException cmsEx) {
        throw new TSPException("Error generating time-stamp token", cmsEx);
    } catch (IOException e) {
        throw new TSPException("Exception encoding info", e);
    }
}
Also used : CMSSignedDataGenerator(com.github.zhenwei.pkix.cms.CMSSignedDataGenerator) CMSProcessableByteArray(com.github.zhenwei.pkix.cms.CMSProcessableByteArray) Enumeration(java.util.Enumeration) MessageImprint(com.github.zhenwei.pkix.util.asn1.tsp.MessageImprint) ASN1GeneralizedTime(com.github.zhenwei.core.asn1.ASN1GeneralizedTime) ASN1Integer(com.github.zhenwei.core.asn1.ASN1Integer) IOException(java.io.IOException) Extensions(com.github.zhenwei.core.asn1.x509.Extensions) CMSSignedData(com.github.zhenwei.pkix.cms.CMSSignedData) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) ExtensionsGenerator(com.github.zhenwei.core.asn1.x509.ExtensionsGenerator) Accuracy(com.github.zhenwei.pkix.util.asn1.tsp.Accuracy) TSTInfo(com.github.zhenwei.pkix.util.asn1.tsp.TSTInfo) Iterator(java.util.Iterator) Collection(java.util.Collection) ASN1Boolean(com.github.zhenwei.core.asn1.ASN1Boolean) CollectionStore(com.github.zhenwei.core.util.CollectionStore) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) CMSException(com.github.zhenwei.pkix.cms.CMSException)

Example 33 with ASN1GeneralizedTime

use of com.unboundid.asn1.ASN1GeneralizedTime in project LinLong-Java by zhenwei1108.

the class OcspCache method getOcspResponse.

static OCSPResponse getOcspResponse(CertID certID, PKIXCertRevocationCheckerParameters parameters, URI ocspResponder, X509Certificate responderCert, List<Extension> ocspExtensions, JcaJceHelper helper) throws CertPathValidatorException {
    Map<CertID, OCSPResponse> responseMap = null;
    WeakReference<Map<CertID, OCSPResponse>> markerRef = cache.get(ocspResponder);
    if (markerRef != null) {
        responseMap = markerRef.get();
    }
    if (responseMap != null) {
        OCSPResponse response = responseMap.get(certID);
        if (response != null) {
            BasicOCSPResponse basicResp = BasicOCSPResponse.getInstance(ASN1OctetString.getInstance(response.getResponseBytes().getResponse()).getOctets());
            ResponseData responseData = ResponseData.getInstance(basicResp.getTbsResponseData());
            ASN1Sequence s = responseData.getResponses();
            for (int i = 0; i != s.size(); i++) {
                SingleResponse resp = SingleResponse.getInstance(s.getObjectAt(i));
                if (certID.equals(resp.getCertID())) {
                    ASN1GeneralizedTime nextUp = resp.getNextUpdate();
                    try {
                        if (nextUp != null && parameters.getValidDate().after(nextUp.getDate())) {
                            responseMap.remove(certID);
                            response = null;
                        }
                    } catch (ParseException e) {
                        // this should never happen, but...
                        responseMap.remove(certID);
                        response = null;
                    }
                }
            }
            if (response != null) {
                return response;
            }
        }
    }
    URL ocspUrl;
    try {
        ocspUrl = ocspResponder.toURL();
    } catch (MalformedURLException e) {
        throw new CertPathValidatorException("configuration error: " + e.getMessage(), e, parameters.getCertPath(), parameters.getIndex());
    }
    // 
    // basic request generation
    // 
    ASN1EncodableVector requests = new ASN1EncodableVector();
    requests.add(new Request(certID, null));
    List exts = ocspExtensions;
    ASN1EncodableVector requestExtensions = new ASN1EncodableVector();
    byte[] nonce = null;
    for (int i = 0; i != exts.size(); i++) {
        Extension ext = (Extension) exts.get(i);
        byte[] value = ext.getValue();
        if (OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId().equals(ext.getId())) {
            nonce = value;
        }
        requestExtensions.add(new com.github.zhenwei.core.asn1.x509.Extension(new ASN1ObjectIdentifier(ext.getId()), ext.isCritical(), value));
    }
    // TODO: configure originator
    TBSRequest tbsReq = new TBSRequest(null, new DERSequence(requests), Extensions.getInstance(new DERSequence(requestExtensions)));
    com.github.zhenwei.core.asn1.ocsp.Signature signature = null;
    try {
        byte[] request = new OCSPRequest(tbsReq, signature).getEncoded();
        HttpURLConnection ocspCon = (HttpURLConnection) ocspUrl.openConnection();
        ocspCon.setConnectTimeout(DEFAULT_TIMEOUT);
        ocspCon.setReadTimeout(DEFAULT_TIMEOUT);
        ocspCon.setDoOutput(true);
        ocspCon.setDoInput(true);
        ocspCon.setRequestMethod("POST");
        ocspCon.setRequestProperty("Content-type", "application/ocsp-request");
        ocspCon.setRequestProperty("Content-length", String.valueOf(request.length));
        OutputStream reqOut = ocspCon.getOutputStream();
        reqOut.write(request);
        reqOut.flush();
        InputStream reqIn = ocspCon.getInputStream();
        int contentLength = ocspCon.getContentLength();
        if (contentLength < 0) {
            // TODO: make configurable
            contentLength = DEFAULT_MAX_RESPONSE_SIZE;
        }
        OCSPResponse response = OCSPResponse.getInstance(Streams.readAllLimited(reqIn, contentLength));
        if (OCSPResponseStatus.SUCCESSFUL == response.getResponseStatus().getIntValue()) {
            boolean validated = false;
            ResponseBytes respBytes = ResponseBytes.getInstance(response.getResponseBytes());
            if (respBytes.getResponseType().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic)) {
                BasicOCSPResponse basicResp = BasicOCSPResponse.getInstance(respBytes.getResponse().getOctets());
                validated = ProvOcspRevocationChecker.validatedOcspResponse(basicResp, parameters, nonce, responderCert, helper);
            }
            if (!validated) {
                throw new CertPathValidatorException("OCSP response failed to validate", null, parameters.getCertPath(), parameters.getIndex());
            }
            markerRef = cache.get(ocspResponder);
            if (markerRef != null) {
                responseMap = markerRef.get();
                responseMap.put(certID, response);
            } else {
                responseMap = new HashMap<CertID, OCSPResponse>();
                responseMap.put(certID, response);
                cache.put(ocspResponder, new WeakReference<Map<CertID, OCSPResponse>>(responseMap));
            }
            return response;
        } else {
            throw new CertPathValidatorException("OCSP responder failed: " + response.getResponseStatus().getValue(), null, parameters.getCertPath(), parameters.getIndex());
        }
    } catch (IOException e) {
        throw new CertPathValidatorException("configuration error: " + e.getMessage(), e, parameters.getCertPath(), parameters.getIndex());
    }
}
Also used : MalformedURLException(java.net.MalformedURLException) SingleResponse(com.github.zhenwei.core.asn1.ocsp.SingleResponse) CertID(com.github.zhenwei.core.asn1.ocsp.CertID) OutputStream(java.io.OutputStream) ASN1GeneralizedTime(com.github.zhenwei.core.asn1.ASN1GeneralizedTime) URL(java.net.URL) DERSequence(com.github.zhenwei.core.asn1.DERSequence) HttpURLConnection(java.net.HttpURLConnection) BasicOCSPResponse(com.github.zhenwei.core.asn1.ocsp.BasicOCSPResponse) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) List(java.util.List) OCSPResponse(com.github.zhenwei.core.asn1.ocsp.OCSPResponse) BasicOCSPResponse(com.github.zhenwei.core.asn1.ocsp.BasicOCSPResponse) InputStream(java.io.InputStream) ResponseData(com.github.zhenwei.core.asn1.ocsp.ResponseData) TBSRequest(com.github.zhenwei.core.asn1.ocsp.TBSRequest) OCSPRequest(com.github.zhenwei.core.asn1.ocsp.OCSPRequest) Request(com.github.zhenwei.core.asn1.ocsp.Request) IOException(java.io.IOException) TBSRequest(com.github.zhenwei.core.asn1.ocsp.TBSRequest) Extension(java.security.cert.Extension) ResponseBytes(com.github.zhenwei.core.asn1.ocsp.ResponseBytes) CertPathValidatorException(java.security.cert.CertPathValidatorException) ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence) ParseException(java.text.ParseException) HashMap(java.util.HashMap) Map(java.util.Map) WeakHashMap(java.util.WeakHashMap) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) OCSPRequest(com.github.zhenwei.core.asn1.ocsp.OCSPRequest)

Example 34 with ASN1GeneralizedTime

use of com.unboundid.asn1.ASN1GeneralizedTime in project ldapsdk by pingidentity.

the class X509CertificateTestCase method testDecodeMalformedCertSignatureAlgorithm.

/**
 * Tests the behavior when trying to decode a certificate with a mismatch in
 * the signature algorithm between the TBSCertificate and Certificate
 * sequences.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test(expectedExceptions = { CertException.class })
public void testDecodeMalformedCertSignatureAlgorithm() throws Exception {
    final long notBefore = System.currentTimeMillis();
    final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
    final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1GeneralizedTime(notBefore), new ASN1GeneralizedTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]))), new ASN1OctetString("not a valid sequence"), new ASN1BitString(new boolean[1024]));
    new X509Certificate(valueSequence.encode());
}
Also used : ASN1OctetString(com.unboundid.asn1.ASN1OctetString) ASN1BigInteger(com.unboundid.asn1.ASN1BigInteger) DN(com.unboundid.ldap.sdk.DN) ASN1GeneralizedTime(com.unboundid.asn1.ASN1GeneralizedTime) ASN1Integer(com.unboundid.asn1.ASN1Integer) OID(com.unboundid.util.OID) ASN1BitString(com.unboundid.asn1.ASN1BitString) ASN1Sequence(com.unboundid.asn1.ASN1Sequence) ASN1Element(com.unboundid.asn1.ASN1Element) ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier) ASN1Null(com.unboundid.asn1.ASN1Null) Test(org.testng.annotations.Test)

Example 35 with ASN1GeneralizedTime

use of com.unboundid.asn1.ASN1GeneralizedTime in project ldapsdk by pingidentity.

the class X509CertificateTestCase method testDecodeMalformedPublicKey.

/**
 * Tests the behavior when trying to decode a certificate with a malformed
 * public key info structure.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test(expectedExceptions = { CertException.class })
public void testDecodeMalformedPublicKey() throws Exception {
    final long notBefore = System.currentTimeMillis();
    final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
    final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1GeneralizedTime(notBefore), new ASN1GeneralizedTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1OctetString("not a valid sequence")), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
    new X509Certificate(valueSequence.encode());
}
Also used : ASN1OctetString(com.unboundid.asn1.ASN1OctetString) ASN1BigInteger(com.unboundid.asn1.ASN1BigInteger) DN(com.unboundid.ldap.sdk.DN) ASN1GeneralizedTime(com.unboundid.asn1.ASN1GeneralizedTime) ASN1Integer(com.unboundid.asn1.ASN1Integer) OID(com.unboundid.util.OID) ASN1BitString(com.unboundid.asn1.ASN1BitString) ASN1Sequence(com.unboundid.asn1.ASN1Sequence) ASN1Element(com.unboundid.asn1.ASN1Element) ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier) ASN1Null(com.unboundid.asn1.ASN1Null) Test(org.testng.annotations.Test)

Aggregations

ASN1GeneralizedTime (org.bouncycastle.asn1.ASN1GeneralizedTime)24 ASN1GeneralizedTime (com.unboundid.asn1.ASN1GeneralizedTime)10 ASN1Sequence (com.unboundid.asn1.ASN1Sequence)10 IOException (java.io.IOException)10 Date (java.util.Date)10 ASN1BigInteger (com.unboundid.asn1.ASN1BigInteger)9 ASN1BitString (com.unboundid.asn1.ASN1BitString)9 ASN1Element (com.unboundid.asn1.ASN1Element)9 ASN1Integer (com.unboundid.asn1.ASN1Integer)9 ASN1Null (com.unboundid.asn1.ASN1Null)9 ASN1ObjectIdentifier (com.unboundid.asn1.ASN1ObjectIdentifier)9 DN (com.unboundid.ldap.sdk.DN)9 OID (com.unboundid.util.OID)9 Test (org.testng.annotations.Test)9 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7 DEROctetString (org.bouncycastle.asn1.DEROctetString)7 ASN1GeneralizedTime (com.github.zhenwei.core.asn1.ASN1GeneralizedTime)6 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)6 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)6 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)5