use of com.unboundid.util.OID in project ldapsdk by pingidentity.
the class X509Certificate method decodeName.
/**
* Decodes the provided ASN.1 element as an X.509 name.
*
* @param element The ASN.1 element to decode.
*
* @return The DN created from the decoded X.509 name.
*
* @throws CertException If a problem is encountered while trying to decode
* the X.509 name.
*/
@NotNull()
static DN decodeName(@NotNull final ASN1Element element) throws CertException {
Schema schema;
try {
schema = Schema.getDefaultStandardSchema();
} catch (final Exception e) {
Debug.debugException(e);
schema = null;
}
final ASN1Element[] rdnElements;
try {
rdnElements = ASN1Sequence.decodeAsSequence(element).elements();
} catch (final Exception e) {
Debug.debugException(e);
throw new CertException(ERR_CERT_DECODE_NAME_NOT_SEQUENCE.get(StaticUtils.getExceptionMessage(e)), e);
}
final ArrayList<RDN> rdns = new ArrayList<>(rdnElements.length);
for (int i = 0; i < rdnElements.length; i++) {
try {
final ASN1Element[] attributeSetElements = rdnElements[i].decodeAsSet().elements();
final String[] attributeNames = new String[attributeSetElements.length];
final byte[][] attributeValues = new byte[attributeSetElements.length][];
for (int j = 0; j < attributeSetElements.length; j++) {
final ASN1Element[] attributeTypeAndValueElements = ASN1Sequence.decodeAsSequence(attributeSetElements[j]).elements();
final OID attributeTypeOID = attributeTypeAndValueElements[0].decodeAsObjectIdentifier().getOID();
final AttributeTypeDefinition attributeType = schema.getAttributeType(attributeTypeOID.toString());
if (attributeType == null) {
attributeNames[j] = attributeTypeOID.toString();
} else {
attributeNames[j] = attributeType.getNameOrOID().toUpperCase();
}
attributeValues[j] = attributeTypeAndValueElements[1].decodeAsOctetString().getValue();
}
rdns.add(new RDN(attributeNames, attributeValues, schema));
} catch (final Exception e) {
Debug.debugException(e);
throw new CertException(ERR_CERT_DECODE_CANNOT_PARSE_NAME_SEQUENCE_ELEMENT.get(i, StaticUtils.getExceptionMessage(e)), e);
}
}
Collections.reverse(rdns);
return new DN(rdns);
}
use of com.unboundid.util.OID in project ldapsdk by pingidentity.
the class X509CertificateExtension method decode.
/**
* Decodes the provided ASN.1 element as an X.509 certificate extension.
*
* @param extensionElement The ASN.1 element containing the encoded
* extension.
*
* @return The decoded extension.
*
* @throws CertException If a problem is encountered while attempting to
* decode the extension.
*/
@NotNull()
static X509CertificateExtension decode(@NotNull final ASN1Element extensionElement) throws CertException {
final OID oid;
final X509CertificateExtension extension;
try {
final ASN1Element[] elements = extensionElement.decodeAsSequence().elements();
oid = elements[0].decodeAsObjectIdentifier().getOID();
final boolean isCritical;
final byte[] value;
if (elements[1].getType() == ASN1Constants.UNIVERSAL_BOOLEAN_TYPE) {
isCritical = elements[1].decodeAsBoolean().booleanValue();
value = elements[2].decodeAsOctetString().getValue();
} else {
isCritical = false;
value = elements[1].decodeAsOctetString().getValue();
}
extension = new X509CertificateExtension(oid, isCritical, value);
} catch (final Exception e) {
Debug.debugException(e);
throw new CertException(ERR_EXTENSION_DECODE_ERROR.get(StaticUtils.getExceptionMessage(e)), e);
}
if (oid.equals(AuthorityKeyIdentifierExtension.AUTHORITY_KEY_IDENTIFIER_OID)) {
try {
return new AuthorityKeyIdentifierExtension(extension);
} catch (final Exception e) {
Debug.debugException(e);
}
} else if (oid.equals(SubjectKeyIdentifierExtension.SUBJECT_KEY_IDENTIFIER_OID)) {
try {
return new SubjectKeyIdentifierExtension(extension);
} catch (final Exception e) {
Debug.debugException(e);
}
} else if (oid.equals(KeyUsageExtension.KEY_USAGE_OID)) {
try {
return new KeyUsageExtension(extension);
} catch (final Exception e) {
Debug.debugException(e);
}
} else if (oid.equals(SubjectAlternativeNameExtension.SUBJECT_ALTERNATIVE_NAME_OID)) {
try {
return new SubjectAlternativeNameExtension(extension);
} catch (final Exception e) {
Debug.debugException(e);
}
} else if (oid.equals(IssuerAlternativeNameExtension.ISSUER_ALTERNATIVE_NAME_OID)) {
try {
return new IssuerAlternativeNameExtension(extension);
} catch (final Exception e) {
Debug.debugException(e);
}
} else if (oid.equals(BasicConstraintsExtension.BASIC_CONSTRAINTS_OID)) {
try {
return new BasicConstraintsExtension(extension);
} catch (final Exception e) {
Debug.debugException(e);
}
} else if (oid.equals(ExtendedKeyUsageExtension.EXTENDED_KEY_USAGE_OID)) {
try {
return new ExtendedKeyUsageExtension(extension);
} catch (final Exception e) {
Debug.debugException(e);
}
} else if (oid.equals(CRLDistributionPointsExtension.CRL_DISTRIBUTION_POINTS_OID)) {
try {
return new CRLDistributionPointsExtension(extension);
} catch (final Exception e) {
Debug.debugException(e);
}
}
return extension;
}
use of com.unboundid.util.OID in project ldapsdk by pingidentity.
the class PKCS8PrivateKey method toString.
/**
* Appends a string representation of the decoded X.509 certificate to the
* provided buffer.
*
* @param buffer The buffer to which the information should be appended.
*/
public void toString(@NotNull final StringBuilder buffer) {
buffer.append("PKCS8PrivateKey(version='");
buffer.append(version.getName());
buffer.append("', privateKeyAlgorithmOID=");
buffer.append(privateKeyAlgorithmOID.toString());
buffer.append('\'');
if (privateKeyAlgorithmName != null) {
buffer.append(", privateKeyAlgorithmName='");
buffer.append(privateKeyAlgorithmName);
buffer.append('\'');
}
if (decodedPrivateKey == null) {
buffer.append(", encodedPrivateKey='");
StaticUtils.toHex(encodedPrivateKey.getValue(), ":", buffer);
buffer.append('\'');
} else {
buffer.append(", decodedPrivateKey=");
decodedPrivateKey.toString(buffer);
if (decodedPrivateKey instanceof EllipticCurvePrivateKey) {
try {
final OID namedCurveOID = privateKeyAlgorithmParameters.decodeAsObjectIdentifier().getOID();
buffer.append(", ellipticCurvePrivateKeyParameters=namedCurve='");
buffer.append(NamedCurve.getNameOrOID(namedCurveOID));
buffer.append('\'');
} catch (final Exception e) {
Debug.debugException(e);
}
}
}
buffer.append("')");
}
use of com.unboundid.util.OID in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testDecodeValueSequenceFirstElementNotSequence.
/**
* Tests the behavior when trying to decode a sequence whose first element
* cannot itself be parsed as a sequence.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testDecodeValueSequenceFirstElementNotSequence() throws Exception {
final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1OctetString("not a sequence"), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
new X509Certificate(valueSequence.encode());
}
use of com.unboundid.util.OID in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testDecodeMalformedCertSignatureAlgorithm.
/**
* Tests the behavior when trying to decode a certificate with a mismatch in
* the signature algorithm between the TBSCertificate and Certificate
* sequences.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testDecodeMalformedCertSignatureAlgorithm() throws Exception {
final long notBefore = System.currentTimeMillis();
final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1GeneralizedTime(notBefore), new ASN1GeneralizedTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]))), new ASN1OctetString("not a valid sequence"), new ASN1BitString(new boolean[1024]));
new X509Certificate(valueSequence.encode());
}
Aggregations