use of com.unboundid.asn1.ASN1OctetString in project keystore-explorer by kaikramer.
the class X509Ext method getAdmissionStringValue.
private String getAdmissionStringValue(byte[] octets) throws IOException {
// @formatter:off
/*
AdmissionSyntax ::= SEQUENCE
{
admissionAuthority GeneralName OPTIONAL,
contentsOfAdmissions SEQUENCE OF Admissions
}
Admissions ::= SEQUENCE
{
admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
professionInfos SEQUENCE OF ProfessionInfo
}
NamingAuthority ::= SEQUENCE
{
namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
namingAuthorityUrl IA5String OPTIONAL,
namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
}
ProfessionInfo ::= SEQUENCE
{
namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
addProfessionInfo OCTET STRING OPTIONAL
}
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
int indentLevel = 1;
AdmissionSyntax admissionSyntax = AdmissionSyntax.getInstance(ASN1Sequence.getInstance(octets));
GeneralName admissionAuthority = admissionSyntax.getAdmissionAuthority();
if (admissionAuthority != null) {
sb.append(MessageFormat.format(res.getString("Admission.AdmissionAuthority"), GeneralNameUtil.toString(admissionAuthority)));
sb.append(NEWLINE);
}
Admissions[] admissions = admissionSyntax.getContentsOfAdmissions();
int admissionNr = 0;
for (Admissions admission : admissions) {
sb.append(MessageFormat.format(res.getString("Admission.Admission"), ++admissionNr));
sb.append(NEWLINE);
admissionAuthority = admission.getAdmissionAuthority();
NamingAuthority namingAuthority = admission.getNamingAuthority();
ProfessionInfo[] professionInfos = admission.getProfessionInfos();
if (admissionAuthority != null) {
sb.append(INDENT.toString(indentLevel));
sb.append(MessageFormat.format(res.getString("Admission.AdmissionAuthority"), GeneralNameUtil.toString(admissionAuthority)));
sb.append(NEWLINE);
}
if (namingAuthority != null) {
sb.append(getNamingAuthorityStringValue(namingAuthority, indentLevel));
}
for (ProfessionInfo professionInfo : professionInfos) {
namingAuthority = professionInfo.getNamingAuthority();
ASN1ObjectIdentifier[] professionOIDs = professionInfo.getProfessionOIDs();
String registrationNumber = professionInfo.getRegistrationNumber();
ASN1OctetString addProfessionInfo = professionInfo.getAddProfessionInfo();
sb.append(INDENT.toString(indentLevel));
sb.append(res.getString("Admission.ProfessionInfo"));
sb.append(NEWLINE);
indentLevel++;
if (namingAuthority != null) {
sb.append(getNamingAuthorityStringValue(namingAuthority, indentLevel));
}
DirectoryString[] professionItems = professionInfo.getProfessionItems();
for (DirectoryString professionItem : professionItems) {
sb.append(INDENT.toString(indentLevel));
sb.append(MessageFormat.format(res.getString("Admission.ProfessionItem"), professionItem.toString()));
sb.append(NEWLINE);
}
if (professionOIDs != null) {
for (ASN1ObjectIdentifier professionOID : professionOIDs) {
sb.append(INDENT.toString(indentLevel));
sb.append(MessageFormat.format(res.getString("Admission.ProfessionOID"), professionOID.getId()));
sb.append(NEWLINE);
}
}
if (registrationNumber != null) {
sb.append(INDENT.toString(indentLevel));
sb.append(MessageFormat.format(res.getString("Admission.RegistrationNumber"), registrationNumber));
sb.append(NEWLINE);
}
if (addProfessionInfo != null) {
sb.append(INDENT.toString(indentLevel));
sb.append(MessageFormat.format(res.getString("Admission.AddProfessionInfo"), HexUtil.getHexString(addProfessionInfo.getOctets())));
sb.append(NEWLINE);
}
indentLevel--;
}
}
return sb.toString();
}
use of com.unboundid.asn1.ASN1OctetString in project keystore-explorer by kaikramer.
the class GeneralNameUtil method safeToString.
// @formatter:off
/*
* GeneralName ::= CHOICE
* {
* otherName [0] AnotherName,
* rfc822Name [1] DERIA5String,
* dNSName [2] DERIA5String,
* x400Address [3] ORAddress,
* directoryName [4] Name,
* ediPartyName [5] EDIPartyName,
* uniformResourceIdentifier [6] DERIA5String,
* iPAddress [7] OCTET STRING,
* registeredID [8] OBJECT IDENTIFIER
* }
*
* AnotherName ::= ASN1Sequence
* {
* type-id OBJECT IDENTIFIER,
* value [0] EXPLICIT ANY DEFINED BY type-id
* }
*
* EDIPartyName ::= ASN1Sequence
* {
* nameAssigner [0] DirectoryString OPTIONAL,
* partyName [1] DirectoryString
* }
*
* DirectoryString ::= CHOICE
* {
* teletexString TeletexString (SIZE (1..MAX),
* printableString PrintableString (SIZE (1..MAX)),
* universalString UniversalString (SIZE (1..MAX)),
* utf8String UTF8String (SIZE (1.. MAX)),
* bmpString BMPString (SIZE(1..MAX))
* }
*/
// @formatter:on
/**
* Get string representation for General names that cannot cause a
* IOException to be thrown. Unsupported are ediPartyName, otherName and
* x400Address. Returns a blank string for these.
*
* @param generalName
* General name
* @param addLinkForURI
* If true, convert URI to a clickable link
* @return String representation of general name
*/
public static String safeToString(GeneralName generalName, boolean addLinkForURI) {
if (generalName == null) {
return "";
}
switch(generalName.getTagNo()) {
case GeneralName.directoryName:
X500Name directoryName = (X500Name) generalName.getName();
return MessageFormat.format(res.getString("GeneralNameUtil.DirectoryGeneralName"), directoryName.toString());
case GeneralName.dNSName:
DERIA5String dnsName = (DERIA5String) generalName.getName();
return MessageFormat.format(res.getString("GeneralNameUtil.DnsGeneralName"), dnsName.getString());
case GeneralName.iPAddress:
byte[] ipAddressBytes = ((ASN1OctetString) generalName.getName()).getOctets();
String ipAddressString = "";
try {
ipAddressString = InetAddress.getByAddress(ipAddressBytes).getHostAddress();
} catch (UnknownHostException e) {
// ignore -> results in empty IP address string
}
return MessageFormat.format(res.getString("GeneralNameUtil.IpAddressGeneralName"), ipAddressString);
case GeneralName.registeredID:
ASN1ObjectIdentifier registeredId = (ASN1ObjectIdentifier) generalName.getName();
return MessageFormat.format(res.getString("GeneralNameUtil.RegisteredIdGeneralName"), ObjectIdUtil.toString(registeredId));
case GeneralName.rfc822Name:
DERIA5String rfc822Name = (DERIA5String) generalName.getName();
return MessageFormat.format(res.getString("GeneralNameUtil.Rfc822GeneralName"), rfc822Name.getString());
case GeneralName.uniformResourceIdentifier:
DERIA5String uri = (DERIA5String) generalName.getName();
String link = addLinkForURI ? "<a href=\"" + uri.getString() + "\">" + uri.getString() + "</a>" : uri.getString();
return MessageFormat.format(res.getString("GeneralNameUtil.UriGeneralName"), link);
case GeneralName.otherName:
// we currently only support UPN in otherName
String upn = parseUPN(generalName);
return MessageFormat.format(res.getString("GeneralNameUtil.OtherGeneralName"), "UPN", upn);
default:
return "";
}
}
use of com.unboundid.asn1.ASN1OctetString in project fabric-sdk-java by hyperledger.
the class HFCAClient method revokeInternal.
private String revokeInternal(User revoker, Enrollment enrollment, String reason, boolean genCRL) throws RevocationException, InvalidArgumentException {
if (cryptoSuite == null) {
throw new InvalidArgumentException("Crypto primitives not set.");
}
if (enrollment == null) {
throw new InvalidArgumentException("revokee enrollment is not set");
}
if (revoker == null) {
throw new InvalidArgumentException("revoker is not set");
}
logger.debug(format("revoke revoker: %s, reason: %s, url: %s", revoker.getName(), reason, url));
try {
setUpSSL();
// get cert from to-be-revoked enrollment
BufferedInputStream pem = new BufferedInputStream(new ByteArrayInputStream(enrollment.getCert().getBytes()));
CertificateFactory certFactory = CertificateFactory.getInstance(Config.getConfig().getCertificateFormat());
X509Certificate certificate = (X509Certificate) certFactory.generateCertificate(pem);
// get its serial number
String serial = DatatypeConverter.printHexBinary(certificate.getSerialNumber().toByteArray());
// get its aki
// 2.5.29.35 : AuthorityKeyIdentifier
byte[] extensionValue = certificate.getExtensionValue(Extension.authorityKeyIdentifier.getId());
ASN1OctetString akiOc = ASN1OctetString.getInstance(extensionValue);
String aki = DatatypeConverter.printHexBinary(AuthorityKeyIdentifier.getInstance(akiOc.getOctets()).getKeyIdentifier());
// build request body
RevocationRequest req = new RevocationRequest(caName, null, serial, aki, reason, genCRL);
String body = req.toJson();
// send revoke request
JsonObject resp = httpPost(url + HFCA_REVOKE, body, revoker);
logger.debug("revoke done");
if (genCRL) {
if (resp.isEmpty()) {
throw new RevocationException("Failed to return CRL, revoke response is empty");
}
if (resp.isNull("CRL")) {
throw new RevocationException("Failed to return CRL");
}
return resp.getString("CRL");
}
return null;
} catch (CertificateException e) {
logger.error("Cannot validate certificate. Error is: " + e.getMessage());
throw new RevocationException("Error while revoking cert. " + e.getMessage(), e);
} catch (Exception e) {
logger.error(e.getMessage(), e);
throw new RevocationException("Error while revoking the user. " + e.getMessage(), e);
}
}
use of com.unboundid.asn1.ASN1OctetString in project oxAuth by GluuFederation.
the class OCSPCertificateVerifier method getExtensionValue.
/**
* @param certificate
* the certificate from which we need the ExtensionValue
* @param oid
* the Object Identifier value for the extension.
* @return the extension value as an ASN1Primitive object
* @throws IOException
*/
private static ASN1Primitive getExtensionValue(X509Certificate certificate, String oid) throws IOException {
byte[] bytes = certificate.getExtensionValue(oid);
if (bytes == null) {
return null;
}
ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
ASN1OctetString octs = (ASN1OctetString) aIn.readObject();
aIn = new ASN1InputStream(new ByteArrayInputStream(octs.getOctets()));
return aIn.readObject();
}
use of com.unboundid.asn1.ASN1OctetString in project jruby-openssl by jruby.
the class ASN1 method decodeObject.
// ObjectId
static IRubyObject decodeObject(final ThreadContext context, final RubyModule ASN1, final org.bouncycastle.asn1.ASN1Encodable obj) throws IOException, IllegalArgumentException {
final Ruby runtime = context.runtime;
if (obj instanceof ASN1Integer) {
final BN val = BN.newBN(runtime, ((ASN1Integer) obj).getValue());
return ASN1.getClass("Integer").callMethod(context, "new", val);
}
if (obj instanceof DERInteger) {
final BN val = BN.newBN(runtime, ((DERInteger) obj).getValue());
return ASN1.getClass("Integer").callMethod(context, "new", val);
}
if (obj instanceof DERBitString) {
final DERBitString derObj = (DERBitString) obj;
RubyString str = runtime.newString(new ByteList(derObj.getBytes(), false));
IRubyObject bitString = ASN1.getClass("BitString").callMethod(context, "new", str);
bitString.callMethod(context, "unused_bits=", runtime.newFixnum(derObj.getPadBits()));
return bitString;
}
if (obj instanceof ASN1String) {
final Integer typeId = typeId(obj.getClass());
String type = typeId == null ? null : (String) (ASN1_INFO[typeId][2]);
final ByteList bytes;
if (obj instanceof DERUTF8String) {
if (type == null)
type = "UTF8String";
bytes = new ByteList(((DERUTF8String) obj).getString().getBytes("UTF-8"), false);
} else {
if (type == null) {
if (obj instanceof DERNumericString) {
type = "NumericString";
} else if (obj instanceof DERPrintableString) {
type = "PrintableString";
} else if (obj instanceof DERIA5String) {
type = "IA5String";
} else if (obj instanceof DERT61String) {
type = "T61String";
} else if (obj instanceof DERGeneralString) {
type = "GeneralString";
} else if (obj instanceof DERUniversalString) {
type = "UniversalString";
} else if (obj instanceof DERBMPString) {
type = "BMPString";
} else {
// NOTE "VideotexString", "GraphicString", "ISO64String" not-handled in BC !
throw new IllegalArgumentException("could not handle ASN1 string type: " + obj + " (" + obj.getClass().getName() + ")");
}
}
bytes = ByteList.create(((ASN1String) obj).getString());
}
return ASN1.getClass(type).callMethod(context, "new", runtime.newString(bytes));
}
if (obj instanceof ASN1OctetString) {
final ByteList octets = new ByteList(((ASN1OctetString) obj).getOctets(), false);
// final ByteList octets = new ByteList(((ASN1OctetString) obj).getEncoded(ASN1Encoding.DER), false);
return ASN1.getClass("OctetString").callMethod(context, "new", runtime.newString(octets));
}
if (obj instanceof ASN1Null) {
return ASN1.getClass("Null").callMethod(context, "new", runtime.getNil());
}
if (obj instanceof ASN1Boolean) {
final boolean val = ((ASN1Boolean) obj).isTrue();
return ASN1.getClass("Boolean").callMethod(context, "new", runtime.newBoolean(val));
}
// DERBoolean extends ASN1Boolean only since 1.51 (<= 1.50 the other way around)
if (obj instanceof DERBoolean) {
final boolean val = ((DERBoolean) obj).isTrue();
return ASN1.getClass("Boolean").callMethod(context, "new", runtime.newBoolean(val));
}
if (obj instanceof ASN1UTCTime) {
final Date adjustedTime;
try {
adjustedTime = ((ASN1UTCTime) obj).getAdjustedDate();
} catch (ParseException e) {
throw new IOException(e);
}
final RubyTime time = RubyTime.newTime(runtime, adjustedTime.getTime());
return ASN1.getClass("UTCTime").callMethod(context, "new", time);
}
// NOTE: keep for BC versions compatibility ... extends ASN1UTCTime (since BC 1.51)
if (obj instanceof DERUTCTime) {
final Date adjustedTime;
try {
adjustedTime = ((DERUTCTime) obj).getAdjustedDate();
} catch (ParseException e) {
throw new IOException(e);
}
final RubyTime time = RubyTime.newTime(runtime, adjustedTime.getTime());
return ASN1.getClass("UTCTime").callMethod(context, "new", time);
}
if (obj instanceof ASN1GeneralizedTime) {
final Date generalTime;
try {
generalTime = ((ASN1GeneralizedTime) obj).getDate();
} catch (ParseException e) {
throw new IOException(e);
}
final RubyTime time = RubyTime.newTime(runtime, generalTime.getTime());
return ASN1.getClass("GeneralizedTime").callMethod(context, "new", time);
}
// NOTE: keep for BC versions compatibility ... extends ASN1GeneralizedTime (since BC 1.51)
if (obj instanceof DERGeneralizedTime) {
final Date generalTime;
try {
generalTime = ((DERGeneralizedTime) obj).getDate();
} catch (ParseException e) {
throw new IOException(e);
}
final RubyTime time = RubyTime.newTime(runtime, generalTime.getTime());
return ASN1.getClass("GeneralizedTime").callMethod(context, "new", time);
}
if (obj instanceof ASN1ObjectIdentifier) {
final String objId = ((ASN1ObjectIdentifier) obj).getId();
return ASN1.getClass("ObjectId").callMethod(context, "new", runtime.newString(objId));
}
// DERObjectIdentifier extends ASN1ObjectIdentifier = 1.51
if (obj instanceof DERObjectIdentifier) {
final String objId = ((DERObjectIdentifier) obj).getId();
return ASN1.getClass("ObjectId").callMethod(context, "new", runtime.newString(objId));
}
if (obj instanceof ASN1TaggedObject) {
final ASN1TaggedObject taggedObj = (ASN1TaggedObject) obj;
IRubyObject val = decodeObject(context, ASN1, taggedObj.getObject());
IRubyObject tag = runtime.newFixnum(taggedObj.getTagNo());
IRubyObject tag_class = runtime.newSymbol("CONTEXT_SPECIFIC");
final RubyArray valArr = runtime.newArray(val);
return ASN1.getClass("ASN1Data").callMethod(context, "new", new IRubyObject[] { valArr, tag, tag_class });
}
if (obj instanceof DERApplicationSpecific) {
final DERApplicationSpecific appSpecific = (DERApplicationSpecific) obj;
IRubyObject tag = runtime.newFixnum(appSpecific.getApplicationTag());
IRubyObject tag_class = runtime.newSymbol("APPLICATION");
final ASN1Sequence sequence = (ASN1Sequence) appSpecific.getObject(SEQUENCE);
@SuppressWarnings("unchecked") final RubyArray valArr = decodeObjects(context, ASN1, sequence.getObjects());
return ASN1.getClass("ASN1Data").callMethod(context, "new", new IRubyObject[] { valArr, tag, tag_class });
}
if (obj instanceof ASN1Sequence) {
@SuppressWarnings("unchecked") RubyArray arr = decodeObjects(context, ASN1, ((ASN1Sequence) obj).getObjects());
return ASN1.getClass("Sequence").callMethod(context, "new", arr);
}
if (obj instanceof ASN1Set) {
@SuppressWarnings("unchecked") RubyArray arr = decodeObjects(context, ASN1, ((ASN1Set) obj).getObjects());
return ASN1.getClass("Set").callMethod(context, "new", arr);
}
if (obj instanceof ASN1Enumerated) {
final RubyInteger value = RubyBignum.bignorm(runtime, ((ASN1Enumerated) obj).getValue());
return ASN1.getClass("Enumerated").callMethod(context, "new", value);
}
throw new IllegalArgumentException("unable to decode object: " + obj + " (" + (obj == null ? "" : obj.getClass().getName()) + ")");
}
Aggregations