Examples with GeneralName org.apache.harmony.security.x509.GeneralName used on opensource projects

Example 66 with GeneralName

use of org.apache.harmony.security.x509.GeneralName in project xipki by xipki.

the class CmpRequestor method signAndSend.

protected PkiResponse signAndSend(PKIMessage request, RequestResponseDebug debug) throws CmpRequestorException {
    ParamUtil.requireNonNull("request", request);
    PKIMessage tmpRequest = (signRequest) ? sign(request) : request;
    byte[] encodedRequest;
    try {
        encodedRequest = tmpRequest.getEncoded();
    } catch (IOException ex) {
        LOG.error("could not encode the PKI request {}", tmpRequest);
        throw new CmpRequestorException(ex.getMessage(), ex);
    }
    RequestResponsePair reqResp = null;
    if (debug != null) {
        reqResp = new RequestResponsePair();
        debug.add(reqResp);
        if (debug.saveRequest()) {
            reqResp.setRequest(encodedRequest);
        }
    }
    byte[] encodedResponse;
    try {
        encodedResponse = send(encodedRequest);
    } catch (IOException ex) {
        LOG.error("could not send the PKI request {} to server", tmpRequest);
        throw new CmpRequestorException("TRANSPORT_ERROR", ex);
    }
    if (reqResp != null && debug.saveResponse()) {
        reqResp.setResponse(encodedResponse);
    }
    GeneralPKIMessage response;
    try {
        response = new GeneralPKIMessage(encodedResponse);
    } catch (IOException ex) {
        LOG.error("could not decode the received PKI message: {}", Hex.encode(encodedResponse));
        throw new CmpRequestorException(ex.getMessage(), ex);
    }
    PKIHeader reqHeader = request.getHeader();
    PKIHeader respHeader = response.getHeader();
    ASN1OctetString tid = reqHeader.getTransactionID();
    ASN1OctetString respTid = respHeader.getTransactionID();
    if (!tid.equals(respTid)) {
        LOG.warn("Response contains different tid ({}) than requested {}", respTid, tid);
        throw new CmpRequestorException("Response contains differnt tid than the request");
    }
    ASN1OctetString senderNonce = reqHeader.getSenderNonce();
    ASN1OctetString respRecipientNonce = respHeader.getRecipNonce();
    if (!senderNonce.equals(respRecipientNonce)) {
        LOG.warn("tid {}: response.recipientNonce ({}) != request.senderNonce ({})", tid, respRecipientNonce, senderNonce);
        throw new CmpRequestorException("Response contains differnt tid than the request");
    }
    GeneralName rec = respHeader.getRecipient();
    if (!sender.equals(rec)) {
        LOG.warn("tid={}: unknown CMP requestor '{}'", tid, rec);
    }
    PkiResponse ret = new PkiResponse(response);
    if (response.hasProtection()) {
        try {
            ProtectionVerificationResult verifyProtection = verifyProtection(Hex.encode(tid.getOctets()), response);
            ret.setProtectionVerificationResult(verifyProtection);
        } catch (InvalidKeyException | OperatorCreationException | CMPException ex) {
            throw new CmpRequestorException(ex.getMessage(), ex);
        }
    } else if (signRequest) {
        PKIBody respBody = response.getBody();
        int bodyType = respBody.getType();
        if (bodyType != PKIBody.TYPE_ERROR) {
            throw new CmpRequestorException("response is not signed");
        }
    }
    return ret;
}

Example 67 with GeneralName

use of org.apache.harmony.security.x509.GeneralName in project xipki by xipki.

the class X509CmpRequestor method parse.

private RevokeCertResultType parse(PkiResponse response, List<? extends IssuerSerialEntry> reqEntries) throws CmpRequestorException, PkiErrorException {
    ParamUtil.requireNonNull("response", response);
    checkProtection(response);
    PKIBody respBody = response.getPkiMessage().getBody();
    int bodyType = respBody.getType();
    if (PKIBody.TYPE_ERROR == bodyType) {
        ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent());
        throw new PkiErrorException(content.getPKIStatusInfo());
    } else if (PKIBody.TYPE_REVOCATION_REP != bodyType) {
        throw new CmpRequestorException(String.format("unknown PKI body type %s instead the expected [%s, %s]", bodyType, PKIBody.TYPE_REVOCATION_REP, PKIBody.TYPE_ERROR));
    }
    RevRepContent content = RevRepContent.getInstance(respBody.getContent());
    PKIStatusInfo[] statuses = content.getStatus();
    if (statuses == null || statuses.length != reqEntries.size()) {
        int statusesLen = 0;
        if (statuses != null) {
            statusesLen = statuses.length;
        }
        throw new CmpRequestorException(String.format("incorrect number of status entries in response '%s' instead the expected '%s'", statusesLen, reqEntries.size()));
    }
    CertId[] revCerts = content.getRevCerts();
    RevokeCertResultType result = new RevokeCertResultType();
    for (int i = 0; i < statuses.length; i++) {
        PKIStatusInfo statusInfo = statuses[i];
        int status = statusInfo.getStatus().intValue();
        IssuerSerialEntry re = reqEntries.get(i);
        if (status != PKIStatus.GRANTED && status != PKIStatus.GRANTED_WITH_MODS) {
            PKIFreeText text = statusInfo.getStatusString();
            String statusString = (text == null) ? null : text.getStringAt(0).getString();
            ResultEntry resultEntry = new ErrorResultEntry(re.getId(), status, statusInfo.getFailInfo().intValue(), statusString);
            result.addResultEntry(resultEntry);
            continue;
        }
        CertId certId = null;
        if (revCerts != null) {
            for (CertId entry : revCerts) {
                if (re.getIssuer().equals(entry.getIssuer().getName()) && re.getSerialNumber().equals(entry.getSerialNumber().getValue())) {
                    certId = entry;
                    break;
                }
            }
        }
        if (certId == null) {
            LOG.warn("certId is not present in response for (issuer='{}', serialNumber={})", X509Util.getRfc4519Name(re.getIssuer()), LogUtil.formatCsn(re.getSerialNumber()));
            certId = new CertId(new GeneralName(re.getIssuer()), re.getSerialNumber());
            continue;
        }
        ResultEntry resultEntry = new RevokeCertResultEntry(re.getId(), certId);
        result.addResultEntry(resultEntry);
    }
    return result;
}

Example 68 with GeneralName

use of org.apache.harmony.security.x509.GeneralName in project xipki by xipki.

the class X509CertprofileUtil method createGeneralName.

/**
 * Creates GeneralName.
 *
 * @param requestedName
 *          Requested name. Must not be {@code null}.
 * @param modes
 *          Modes to be considered. Must not be {@code null}.
 * @return the created GeneralName
 * @throws BadCertTemplateException
 *         If requestedName is invalid or contains entries which are not allowed in the modes.
 */
public static GeneralName createGeneralName(GeneralName requestedName, Set<GeneralNameMode> modes) throws BadCertTemplateException {
    ParamUtil.requireNonNull("requestedName", requestedName);
    int tag = requestedName.getTagNo();
    GeneralNameMode mode = null;
    if (modes != null) {
        for (GeneralNameMode m : modes) {
            if (m.getTag().getTag() == tag) {
                mode = m;
                break;
            }
        }
        if (mode == null) {
            throw new BadCertTemplateException("generalName tag " + tag + " is not allowed");
        }
    }
    switch(tag) {
        case GeneralName.rfc822Name:
        case GeneralName.dNSName:
        case GeneralName.uniformResourceIdentifier:
        case GeneralName.iPAddress:
        case GeneralName.registeredID:
        case GeneralName.directoryName:
            return new GeneralName(tag, requestedName.getName());
        case GeneralName.otherName:
            ASN1Sequence reqSeq = ASN1Sequence.getInstance(requestedName.getName());
            int size = reqSeq.size();
            if (size != 2) {
                throw new BadCertTemplateException("invalid otherName sequence: size is not 2: " + size);
            }
            ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0));
            if (mode != null && !mode.getAllowedTypes().contains(type)) {
                throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed");
            }
            ASN1Encodable asn1 = reqSeq.getObjectAt(1);
            if (!(asn1 instanceof ASN1TaggedObject)) {
                throw new BadCertTemplateException("otherName.value is not tagged Object");
            }
            int tagNo = ASN1TaggedObject.getInstance(asn1).getTagNo();
            if (tagNo != 0) {
                throw new BadCertTemplateException("otherName.value does not have tag 0: " + tagNo);
            }
            ASN1EncodableVector vector = new ASN1EncodableVector();
            vector.add(type);
            vector.add(new DERTaggedObject(true, 0, ASN1TaggedObject.getInstance(asn1).getObject()));
            DERSequence seq = new DERSequence(vector);
            return new GeneralName(GeneralName.otherName, seq);
        case GeneralName.ediPartyName:
            reqSeq = ASN1Sequence.getInstance(requestedName.getName());
            size = reqSeq.size();
            String nameAssigner = null;
            int idx = 0;
            if (size > 1) {
                DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
                nameAssigner = ds.getString();
            }
            DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
            String partyName = ds.getString();
            vector = new ASN1EncodableVector();
            if (nameAssigner != null) {
                vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner)));
            }
            vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName)));
            seq = new DERSequence(vector);
            return new GeneralName(GeneralName.ediPartyName, seq);
        default:
            throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
    }
// end switch (tag)
}

Example 69 with GeneralName

use of org.apache.harmony.security.x509.GeneralName in project dcos-commons by mesosphere.

the class CertificateNamesGenerator method getSANs.

/**
 * Returns additional Subject Alternative Names for service certificates.
 */
public GeneralNames getSANs() {
    List<GeneralName> generalNames = new ArrayList<>();
    generalNames.add(new GeneralName(GeneralName.dNSName, autoIpHostname));
    // Process VIP names, if any
    vipSpecs.stream().map(vipSpec -> new GeneralName(GeneralName.dNSName, EndpointUtils.toVipHostname(serviceName, new EndpointUtils.VipInfo(vipSpec.getVipName(), (int) vipSpec.getPort())))).forEach(vipGeneralName -> generalNames.add(vipGeneralName));
    return new GeneralNames(generalNames.toArray(new GeneralName[generalNames.size()]));
}

Example 70 with GeneralName

use of org.apache.harmony.security.x509.GeneralName in project signer by demoiselle.

the class SigningCertificate method getValue.

@Override
public Attribute getValue() {
    try {
        X509Certificate cert = (X509Certificate) certificates[0];
        Digest digest = DigestFactory.getInstance().factoryDefault();
        digest.setAlgorithm(DigestAlgorithmEnum.SHA_1);
        byte[] hash = digest.digest(cert.getEncoded());
        X500Name dirName = new X500Name(cert.getSubjectDN().getName());
        GeneralName name = new GeneralName(dirName);
        GeneralNames issuer = new GeneralNames(name);
        ASN1Integer serial = new ASN1Integer(cert.getSerialNumber());
        IssuerSerial issuerSerial = new IssuerSerial(issuer, serial);
        ESSCertID essCertId = new ESSCertID(hash, issuerSerial);
        return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(new ASN1Encodable[] { new DERSequence(essCertId), new DERSequence(DERNull.INSTANCE) })));
    } catch (CertificateEncodingException ex) {
        throw new SignerException(ex.getMessage());
    }
}