Example 41 with OID
use of com.unboundid.util.OID in project ldapsdk by pingidentity.
the class X509Certificate method decodeName.
/**
* Decodes the provided ASN.1 element as an X.509 name.
*
* @param element The ASN.1 element to decode.
*
* @return The DN created from the decoded X.509 name.
*
* @throws CertException If a problem is encountered while trying to decode
* the X.509 name.
*/
@NotNull()
static DN decodeName(@NotNull final ASN1Element element) throws CertException {
Schema schema;
try {
schema = Schema.getDefaultStandardSchema();
} catch (final Exception e) {
Debug.debugException(e);
schema = null;
}
final ASN1Element[] rdnElements;
try {
rdnElements = ASN1Sequence.decodeAsSequence(element).elements();
} catch (final Exception e) {
Debug.debugException(e);
throw new CertException(ERR_CERT_DECODE_NAME_NOT_SEQUENCE.get(StaticUtils.getExceptionMessage(e)), e);
}
final ArrayList<RDN> rdns = new ArrayList<>(rdnElements.length);
for (int i = 0; i < rdnElements.length; i++) {
try {
final ASN1Element[] attributeSetElements = rdnElements[i].decodeAsSet().elements();
final String[] attributeNames = new String[attributeSetElements.length];
final byte[][] attributeValues = new byte[attributeSetElements.length][];
for (int j = 0; j < attributeSetElements.length; j++) {
final ASN1Element[] attributeTypeAndValueElements = ASN1Sequence.decodeAsSequence(attributeSetElements[j]).elements();
final OID attributeTypeOID = attributeTypeAndValueElements[0].decodeAsObjectIdentifier().getOID();
final AttributeTypeDefinition attributeType = schema.getAttributeType(attributeTypeOID.toString());
if (attributeType == null) {
attributeNames[j] = attributeTypeOID.toString();
} else {
attributeNames[j] = attributeType.getNameOrOID().toUpperCase();
}
attributeValues[j] = attributeTypeAndValueElements[1].decodeAsOctetString().getValue();
}
rdns.add(new RDN(attributeNames, attributeValues, schema));
} catch (final Exception e) {
Debug.debugException(e);
throw new CertException(ERR_CERT_DECODE_CANNOT_PARSE_NAME_SEQUENCE_ELEMENT.get(i, StaticUtils.getExceptionMessage(e)), e);
}
}
Collections.reverse(rdns);
return new DN(rdns);
}
Also used :
Schema(com.unboundid.ldap.sdk.schema.Schema)
ArrayList(java.util.ArrayList)
RDN(com.unboundid.ldap.sdk.RDN)
DN(com.unboundid.ldap.sdk.DN)
ASN1UTF8String(com.unboundid.asn1.ASN1UTF8String)
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
ASN1BitString(com.unboundid.asn1.ASN1BitString)
OID(com.unboundid.util.OID)
ASN1Exception(com.unboundid.asn1.ASN1Exception)
CertificateException(java.security.cert.CertificateException)
AttributeTypeDefinition(com.unboundid.ldap.sdk.schema.AttributeTypeDefinition)
ASN1Element(com.unboundid.asn1.ASN1Element)
RDN(com.unboundid.ldap.sdk.RDN)
NotNull(com.unboundid.util.NotNull)
Example 42 with OID
use of com.unboundid.util.OID in project ldapsdk by pingidentity.
the class X509CertificateExtension method decode.
/**
* Decodes the provided ASN.1 element as an X.509 certificate extension.
*
* @param extensionElement The ASN.1 element containing the encoded
* extension.
*
* @return The decoded extension.
*
* @throws CertException If a problem is encountered while attempting to
* decode the extension.
*/
@NotNull()
static X509CertificateExtension decode(@NotNull final ASN1Element extensionElement) throws CertException {
final OID oid;
final X509CertificateExtension extension;
try {
final ASN1Element[] elements = extensionElement.decodeAsSequence().elements();
oid = elements[0].decodeAsObjectIdentifier().getOID();
final boolean isCritical;
final byte[] value;
if (elements[1].getType() == ASN1Constants.UNIVERSAL_BOOLEAN_TYPE) {
isCritical = elements[1].decodeAsBoolean().booleanValue();
value = elements[2].decodeAsOctetString().getValue();
} else {
isCritical = false;
value = elements[1].decodeAsOctetString().getValue();
}
extension = new X509CertificateExtension(oid, isCritical, value);
} catch (final Exception e) {
Debug.debugException(e);
throw new CertException(ERR_EXTENSION_DECODE_ERROR.get(StaticUtils.getExceptionMessage(e)), e);
}
if (oid.equals(AuthorityKeyIdentifierExtension.AUTHORITY_KEY_IDENTIFIER_OID)) {
try {
return new AuthorityKeyIdentifierExtension(extension);
} catch (final Exception e) {
Debug.debugException(e);
}
} else if (oid.equals(SubjectKeyIdentifierExtension.SUBJECT_KEY_IDENTIFIER_OID)) {
try {
return new SubjectKeyIdentifierExtension(extension);
} catch (final Exception e) {
Debug.debugException(e);
}
} else if (oid.equals(KeyUsageExtension.KEY_USAGE_OID)) {
try {
return new KeyUsageExtension(extension);
} catch (final Exception e) {
Debug.debugException(e);
}
} else if (oid.equals(SubjectAlternativeNameExtension.SUBJECT_ALTERNATIVE_NAME_OID)) {
try {
return new SubjectAlternativeNameExtension(extension);
} catch (final Exception e) {
Debug.debugException(e);
}
} else if (oid.equals(IssuerAlternativeNameExtension.ISSUER_ALTERNATIVE_NAME_OID)) {
try {
return new IssuerAlternativeNameExtension(extension);
} catch (final Exception e) {
Debug.debugException(e);
}
} else if (oid.equals(BasicConstraintsExtension.BASIC_CONSTRAINTS_OID)) {
try {
return new BasicConstraintsExtension(extension);
} catch (final Exception e) {
Debug.debugException(e);
}
} else if (oid.equals(ExtendedKeyUsageExtension.EXTENDED_KEY_USAGE_OID)) {
try {
return new ExtendedKeyUsageExtension(extension);
} catch (final Exception e) {
Debug.debugException(e);
}
} else if (oid.equals(CRLDistributionPointsExtension.CRL_DISTRIBUTION_POINTS_OID)) {
try {
return new CRLDistributionPointsExtension(extension);
} catch (final Exception e) {
Debug.debugException(e);
}
}
return extension;
}
Also used :
OID(com.unboundid.util.OID)
ASN1Element(com.unboundid.asn1.ASN1Element)
NotNull(com.unboundid.util.NotNull)
Example 43 with OID
use of com.unboundid.util.OID in project ldapsdk by pingidentity.
the class PKCS8PrivateKey method toString.
/**
* Appends a string representation of the decoded X.509 certificate to the
* provided buffer.
*
* @param buffer The buffer to which the information should be appended.
*/
public void toString(@NotNull final StringBuilder buffer) {
buffer.append("PKCS8PrivateKey(version='");
buffer.append(version.getName());
buffer.append("', privateKeyAlgorithmOID=");
buffer.append(privateKeyAlgorithmOID.toString());
buffer.append('\'');
if (privateKeyAlgorithmName != null) {
buffer.append(", privateKeyAlgorithmName='");
buffer.append(privateKeyAlgorithmName);
buffer.append('\'');
}
if (decodedPrivateKey == null) {
buffer.append(", encodedPrivateKey='");
StaticUtils.toHex(encodedPrivateKey.getValue(), ":", buffer);
buffer.append('\'');
} else {
buffer.append(", decodedPrivateKey=");
decodedPrivateKey.toString(buffer);
if (decodedPrivateKey instanceof EllipticCurvePrivateKey) {
try {
final OID namedCurveOID = privateKeyAlgorithmParameters.decodeAsObjectIdentifier().getOID();
buffer.append(", ellipticCurvePrivateKeyParameters=namedCurve='");
buffer.append(NamedCurve.getNameOrOID(namedCurveOID));
buffer.append('\'');
} catch (final Exception e) {
Debug.debugException(e);
}
}
}
buffer.append("')");
}
Also used :
OID(com.unboundid.util.OID)
GeneralSecurityException(java.security.GeneralSecurityException)
Example 44 with OID
use of com.unboundid.util.OID in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testDecodeValueSequenceFirstElementNotSequence.
/**
* Tests the behavior when trying to decode a sequence whose first element
* cannot itself be parsed as a sequence.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testDecodeValueSequenceFirstElementNotSequence() throws Exception {
final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1OctetString("not a sequence"), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
new X509Certificate(valueSequence.encode());
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
ASN1Sequence(com.unboundid.asn1.ASN1Sequence)
OID(com.unboundid.util.OID)
ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier)
ASN1BitString(com.unboundid.asn1.ASN1BitString)
ASN1Null(com.unboundid.asn1.ASN1Null)
Test(org.testng.annotations.Test)
Example 45 with OID
use of com.unboundid.util.OID in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testDecodeMalformedCertSignatureAlgorithm.
/**
* Tests the behavior when trying to decode a certificate with a mismatch in
* the signature algorithm between the TBSCertificate and Certificate
* sequences.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testDecodeMalformedCertSignatureAlgorithm() throws Exception {
final long notBefore = System.currentTimeMillis();
final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1GeneralizedTime(notBefore), new ASN1GeneralizedTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]))), new ASN1OctetString("not a valid sequence"), new ASN1BitString(new boolean[1024]));
new X509Certificate(valueSequence.encode());
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
ASN1BigInteger(com.unboundid.asn1.ASN1BigInteger)
DN(com.unboundid.ldap.sdk.DN)
ASN1GeneralizedTime(com.unboundid.asn1.ASN1GeneralizedTime)
ASN1Integer(com.unboundid.asn1.ASN1Integer)
OID(com.unboundid.util.OID)
ASN1BitString(com.unboundid.asn1.ASN1BitString)
ASN1Sequence(com.unboundid.asn1.ASN1Sequence)
ASN1Element(com.unboundid.asn1.ASN1Element)
ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier)
ASN1Null(com.unboundid.asn1.ASN1Null)
Test(org.testng.annotations.Test)
Aggregations
OID (com.unboundid.util.OID)66
Test (org.testng.annotations.Test)53
ASN1BitString (com.unboundid.asn1.ASN1BitString)38
DN (com.unboundid.ldap.sdk.DN)38
ASN1Null (com.unboundid.asn1.ASN1Null)32
ASN1OctetString (com.unboundid.asn1.ASN1OctetString)30
ASN1ObjectIdentifier (com.unboundid.asn1.ASN1ObjectIdentifier)25
ASN1Sequence (com.unboundid.asn1.ASN1Sequence)23
ASN1Element (com.unboundid.asn1.ASN1Element)21
ASN1Integer (com.unboundid.asn1.ASN1Integer)18
ASN1BigInteger (com.unboundid.asn1.ASN1BigInteger)16
ASN1GeneralizedTime (com.unboundid.asn1.ASN1GeneralizedTime)9
NotNull (com.unboundid.util.NotNull)8
ArrayList (java.util.ArrayList)7
ASN1UTCTime (com.unboundid.asn1.ASN1UTCTime)6
Date (java.util.Date)6
ASN1Set (com.unboundid.asn1.ASN1Set)4
RDN (com.unboundid.ldap.sdk.RDN)4
File (java.io.File)4
KeyPair (java.security.KeyPair)4
