Example 1 with ASN1Boolean
use of org.bouncycastle.asn1.ASN1Boolean in project keystore-explorer by kaikramer.
the class X509Ext method getDeclarationOfMajorityStringValue.
private String getDeclarationOfMajorityStringValue(byte[] octets) {
// @formatter:off
/*
DeclarationOfMajoritySyntax ::= CHOICE
{
notYoungerThan [0] IMPLICIT INTEGER,
fullAgeAtCountry [1] IMPLICIT SEQUENCE {
fullAge BOOLEAN DEFAULT TRUE,
country PrintableString (SIZE(2))
},
dateOfBirth [2] IMPLICIT GeneralizedTime
}
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
DeclarationOfMajority declarationOfMajority = DeclarationOfMajority.getInstance(octets);
int notYoungerThan = declarationOfMajority.notYoungerThan();
ASN1Sequence fullAgeAtCountry = declarationOfMajority.fullAgeAtCountry();
ASN1GeneralizedTime dateOfBirth = declarationOfMajority.getDateOfBirth();
if (notYoungerThan != -1) {
sb.append(MessageFormat.format(res.getString("DeclarationOfMajority.notYoungerThan"), notYoungerThan));
sb.append(NEWLINE);
}
if (fullAgeAtCountry != null) {
ASN1Boolean fullAge = ASN1Boolean.getInstance(fullAgeAtCountry.getObjectAt(0));
DERPrintableString country = DERPrintableString.getInstance(fullAgeAtCountry.getObjectAt(1));
sb.append(MessageFormat.format(res.getString("DeclarationOfMajority.fullAgeAtCountry"), country.toString(), fullAge.toString()));
sb.append(NEWLINE);
}
if (dateOfBirth != null) {
sb.append(MessageFormat.format(res.getString("DeclarationOfMajority.dateOfBirth"), dateOfBirth));
sb.append(NEWLINE);
}
return sb.toString();
}
Also used :
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DeclarationOfMajority(org.bouncycastle.asn1.isismtt.x509.DeclarationOfMajority)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime)
ASN1Boolean(org.bouncycastle.asn1.ASN1Boolean)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
Example 2 with ASN1Boolean
use of org.bouncycastle.asn1.ASN1Boolean in project keystore-explorer by kaikramer.
the class X509Ext method getBasicConstraintsStringValue.
private String getBasicConstraintsStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* BasicConstraints ::= ASN1Sequence { cA ASN1Boolean DEFAULT FALSE,
* pathLenConstraint ASN1Integer (0..MAX) OPTIONAL }
*/
// @formatter:on
/*
* Getting the DEFAULT returns a false ASN1Boolean when no value present
* which saves the bother of a null check
*/
StringBuilder sb = new StringBuilder();
BasicConstraints basicConstraints = BasicConstraints.getInstance(value);
boolean ca = basicConstraints.isCA();
BigInteger pathLenConstraint = basicConstraints.getPathLenConstraint();
if (ca) {
sb.append(res.getString("SubjectIsCa"));
sb.append(NEWLINE);
} else {
sb.append(res.getString("SubjectIsNotCa"));
sb.append(NEWLINE);
}
if (pathLenConstraint != null) {
sb.append(MessageFormat.format(res.getString("PathLengthConstraint"), pathLenConstraint.intValue()));
sb.append(NEWLINE);
} else {
sb.append(res.getString("NoPathLengthConstraint"));
sb.append(NEWLINE);
}
return sb.toString();
}
Also used :
BigInteger(java.math.BigInteger)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Example 3 with ASN1Boolean
use of org.bouncycastle.asn1.ASN1Boolean in project jruby-openssl by jruby.
the class X509Extension method value.
@JRubyMethod
public RubyString value(final ThreadContext context) {
if (this.value instanceof RubyString) {
// return the same as set
return (RubyString) this.value;
}
final Ruby runtime = context.runtime;
final String oid = getRealObjectID().getId();
try {
if (oid.equals("2.5.29.19")) {
// basicConstraints
ASN1Sequence seq2 = (ASN1Sequence) ASN1.readObject(getRealValueEncoded());
final ByteList val = new ByteList(32);
if (seq2.size() > 0) {
val.append(CA_);
ASN1Encodable obj0 = seq2.getObjectAt(0);
final boolean bool;
if (obj0 instanceof ASN1Boolean) {
bool = ((ASN1Boolean) obj0).isTrue();
} else {
// NOTE: keep it due BC <= 1.50
bool = ((DERBoolean) obj0).isTrue();
}
val.append(bool ? TRUE : FALSE);
}
if (seq2.size() > 1) {
val.append(", pathlen:".getBytes());
val.append(seq2.getObjectAt(1).toString().getBytes());
}
return runtime.newString(val);
}
if (oid.equals("2.5.29.15")) {
// keyUsage
final byte[] enc = getRealValueEncoded();
byte b3 = 0;
byte b2 = enc[2];
if (enc.length > 3)
b3 = enc[3];
final ByteList val = new ByteList(64);
byte[] sep = _;
if ((b2 & (byte) 128) != 0) {
val.append(sep);
val.append(Decipher_Only);
sep = SEP;
}
if ((b3 & (byte) 128) != 0) {
val.append(sep);
val.append(Digital_Signature);
sep = SEP;
}
if ((b3 & (byte) 64) != 0) {
val.append(sep);
val.append(Non_Repudiation);
sep = SEP;
}
if ((b3 & (byte) 32) != 0) {
val.append(sep);
val.append(Key_Encipherment);
sep = SEP;
}
if ((b3 & (byte) 16) != 0) {
val.append(sep);
val.append(Data_Encipherment);
sep = SEP;
}
if ((b3 & (byte) 8) != 0) {
val.append(sep);
val.append(Key_Agreement);
sep = SEP;
}
if ((b3 & (byte) 4) != 0) {
val.append(sep);
val.append(Certificate_Sign);
sep = SEP;
}
if ((b3 & (byte) 2) != 0) {
val.append(sep);
val.append(CRL_Sign);
sep = SEP;
}
if ((b3 & (byte) 1) != 0) {
// sep = SEP;
val.append(sep);
// sep = SEP;
val.append(Encipher_Only);
}
return runtime.newString(val);
}
if (oid.equals("2.16.840.1.113730.1.1")) {
// nsCertType
final byte b0 = getRealValueEncoded()[0];
final ByteList val = new ByteList(64);
byte[] sep = _;
if ((b0 & (byte) 128) != 0) {
val.append(sep);
val.append(SSL_Client);
sep = SEP;
}
if ((b0 & (byte) 64) != 0) {
val.append(sep);
val.append(SSL_Server);
sep = SEP;
}
if ((b0 & (byte) 32) != 0) {
val.append(sep);
val.append(SMIME);
sep = SEP;
}
if ((b0 & (byte) 16) != 0) {
val.append(sep);
val.append(Object_Signing);
sep = SEP;
}
if ((b0 & (byte) 8) != 0) {
val.append(sep);
val.append(Unused);
sep = SEP;
}
if ((b0 & (byte) 4) != 0) {
val.append(sep);
val.append(SSL_CA);
sep = SEP;
}
if ((b0 & (byte) 2) != 0) {
val.append(sep);
val.append(SMIME_CA);
sep = SEP;
}
if ((b0 & (byte) 1) != 0) {
val.append(sep);
val.append(Object_Signing_CA);
}
return runtime.newString(val);
}
if (oid.equals("2.5.29.14")) {
// subjectKeyIdentifier
ASN1Encodable value = getRealValue();
if (value instanceof ASN1OctetString) {
byte[] octets = ((ASN1OctetString) value).getOctets();
if (octets.length > 0 && octets[0] == BERTags.OCTET_STRING) {
// read nested octets
value = ASN1.readObject(octets);
}
}
return runtime.newString(hexBytes(keyidBytes(value.toASN1Primitive()), 0));
}
if (oid.equals("2.5.29.35")) {
// authorityKeyIdentifier
ASN1Encodable value = getRealValue();
if (value instanceof ASN1OctetString) {
value = ASN1.readObject(((ASN1OctetString) value).getOctets());
}
final ByteList val = new ByteList(72);
val.append(keyid_);
if (value instanceof ASN1Sequence) {
final ASN1Sequence seq = (ASN1Sequence) value;
final int size = seq.size();
if (size == 0)
return RubyString.newEmptyString(runtime);
ASN1Primitive keyid = seq.getObjectAt(0).toASN1Primitive();
hexBytes(keyidBytes(keyid), val).append('\n');
for (int i = 1; i < size; i++) {
final ASN1Encodable issuer = seq.getObjectAt(i);
// NOTE: blindly got OpenSSL tests passing (likely in-complete) :
if (issuer instanceof ASN1TaggedObject) {
ASN1Primitive obj = ((ASN1TaggedObject) issuer).getObject();
switch(((ASN1TaggedObject) issuer).getTagNo()) {
case 1:
if (obj instanceof ASN1TaggedObject) {
formatGeneralName(GeneralName.getInstance(obj), val, true);
}
break;
case // serial
2:
val.append(new byte[] { 's', 'e', 'r', 'i', 'a', 'l', ':' });
if (obj instanceof ASN1Integer) {
hexBytes(((ASN1Integer) obj).getValue().toByteArray(), val);
} else {
hexBytes(((ASN1OctetString) obj).getOctets(), val);
}
break;
}
}
val.append('\n');
}
return runtime.newString(val);
}
hexBytes(keyidBytes(value.toASN1Primitive()), val).append('\n');
return runtime.newString(val);
}
if (oid.equals("2.5.29.21")) {
// CRLReason
final IRubyObject value = getValue(runtime);
switch(RubyNumeric.fix2int(value)) {
case 0:
return runtime.newString(new ByteList(Unspecified));
case 1:
return RubyString.newString(runtime, "Key Compromise");
case 2:
return RubyString.newString(runtime, "CA Compromise");
case 3:
return RubyString.newString(runtime, "Affiliation Changed");
case 4:
return RubyString.newString(runtime, "Superseded");
case 5:
return RubyString.newString(runtime, "Cessation Of Operation");
case 6:
return RubyString.newString(runtime, "Certificate Hold");
case 8:
return RubyString.newString(runtime, "Remove From CRL");
case 9:
return RubyString.newString(runtime, "Privilege Withdrawn");
default:
return runtime.newString(new ByteList(Unspecified));
}
}
if (oid.equals("2.5.29.17") || oid.equals("2.5.29.18")) {
// subjectAltName || issuerAltName
try {
ASN1Encodable value = getRealValue();
final ByteList val = new ByteList(64);
if (value instanceof ASN1TaggedObject) {
formatGeneralName(GeneralName.getInstance(value), val, false);
return runtime.newString(val);
}
if (value instanceof GeneralName) {
formatGeneralName((GeneralName) value, val, false);
return runtime.newString(val);
}
if (value instanceof ASN1OctetString) {
// decoded octets will end up as an ASN1Sequence instance :
value = ASN1.readObject(((ASN1OctetString) value).getOctets());
}
if (value instanceof ASN1TaggedObject) {
// DERTaggedObject (issuerAltName wrapping)
formatGeneralName(GeneralName.getInstance(value), val, false);
return runtime.newString(val);
}
final GeneralName[] names = GeneralNames.getInstance(value).getNames();
for (int i = 0; i < names.length; i++) {
boolean other = formatGeneralName(names[i], val, false);
if (i < names.length - 1) {
if (other)
val.append(';');
else
val.append(',').append(' ');
}
}
return runtime.newString(val);
} catch (IllegalArgumentException e) {
debugStackTrace(runtime, e);
return rawValueAsString(context);
}
}
if (oid.equals("2.5.29.37")) {
// extendedKeyUsage
final ByteList val = new ByteList(64);
if (this.value instanceof ASN1Sequence) {
// opt "short" path
final ASN1Sequence seq = (ASN1Sequence) this.value;
final int size = seq.size();
for (int i = 0; i < size; i++) {
ASN1Encodable o = seq.getObjectAt(i);
String name = o.toString();
Integer nid = ASN1.oid2nid(runtime, new ASN1ObjectIdentifier(name));
if (nid != null)
name = ASN1.nid2ln(runtime, nid);
if (name == null)
name = o.toString();
val.append(ByteList.plain(name));
if (i < size - 1)
val.append(',').append(' ');
}
return runtime.newString(val);
}
final IRubyObject value = getValue(runtime);
if (value instanceof RubyArray) {
final RubyArray arr = (RubyArray) value;
final int size = arr.size();
for (int i = 0; i < size; i++) {
IRubyObject entry = arr.eltInternal(i);
if ("ObjectId".equals(entry.getMetaClass().getBaseName())) {
entry = entry.callMethod(context, "ln");
} else if (entry.respondsTo("value")) {
entry = entry.callMethod(context, "value");
}
val.append(entry.asString().getByteList());
if (i < size - 1)
val.append(',').append(' ');
}
}
return runtime.newString(val);
}
return rawValueAsString(context);
} catch (IOException e) {
debugStackTrace(runtime, e);
throw newExtensionError(runtime, e);
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ByteList(org.jruby.util.ByteList)
RubyArray(org.jruby.RubyArray)
RubyString(org.jruby.RubyString)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
RubyString(org.jruby.RubyString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
ASN1String(org.bouncycastle.asn1.ASN1String)
DERUniversalString(org.bouncycastle.asn1.DERUniversalString)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
IRubyObject(org.jruby.runtime.builtin.IRubyObject)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1Boolean(org.bouncycastle.asn1.ASN1Boolean)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Ruby(org.jruby.Ruby)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
JRubyMethod(org.jruby.anno.JRubyMethod)
Example 4 with ASN1Boolean
use of org.bouncycastle.asn1.ASN1Boolean in project signer by demoiselle.
the class SignerRules method parse.
@Override
public void parse(ASN1Primitive primitive) {
ASN1Sequence derSequence = ASN1Object.getDERSequence(primitive);
int total = derSequence.size();
if (total > 0) {
for (int i = 0; i < total; i++) {
ASN1Primitive object = derSequence.getObjectAt(i).toASN1Primitive();
if (object instanceof DERTaggedObject) {
DERTaggedObject derTaggedObject = (DERTaggedObject) object;
TAG tag = TAG.getTag(derTaggedObject.getTagNo());
switch(tag) {
case mandatedCertificateRef:
this.mandatedCertificateRef = CertRefReq.parse(object);
break;
case mandatedCertificateInfo:
this.mandatedCertificateInfo = CertInfoReq.parse(object);
break;
case signPolExtensions:
this.signPolExtensions = new SignPolExtensions();
this.signPolExtensions.parse(object);
break;
default:
break;
}
}
}
}
int i = 0;
ASN1Encodable object = derSequence.getObjectAt(i);
if (!(object instanceof DERSequence)) {
if (object instanceof ASN1Boolean) {
this.externalSignedData = ((ASN1Boolean) object).isTrue();
}
i++;
}
this.mandatedSignedAttr = new CMSAttrs();
this.mandatedSignedAttr.parse(derSequence.getObjectAt(i).toASN1Primitive());
i++;
this.mandatedUnsignedAttr = new CMSAttrs();
this.mandatedUnsignedAttr.parse(derSequence.getObjectAt(i).toASN1Primitive());
}
Also used :
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DERSequence(org.bouncycastle.asn1.DERSequence)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1Boolean(org.bouncycastle.asn1.ASN1Boolean)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
Example 5 with ASN1Boolean
use of org.bouncycastle.asn1.ASN1Boolean in project keystore-explorer by kaikramer.
the class X509Ext method getIssuingDistributionPointStringValue.
private String getIssuingDistributionPointStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* IssuingDistributionPoint ::= ASN1Sequence {
* distributionPoint [0] DistributionPointName OPTIONAL,
* onlyContainsUserCerts [1] ASN1Boolean DEFAULT FALSE,
* onlyContainsCACerts [2] ASN1Boolean DEFAULT FALSE,
* onlySomeReasons [3] ReasonFlags OPTIONAL,
* indirectCRL [4] ASN1Boolean DEFAULT FALSE,
* onlyContainsAttributeCerts [5] ASN1Boolean DEFAULT FALSE }
*/
// @formatter:on
/*
* Getting any DEFAULTS returns a false ASN1Boolean when no value
* present which saves the bother of a null check
*/
StringBuilder sb = new StringBuilder();
IssuingDistributionPoint issuingDistributionPoint = IssuingDistributionPoint.getInstance(value);
DistributionPointName distributionPointName = issuingDistributionPoint.getDistributionPoint();
if (distributionPointName != null) {
// Optional
sb.append(getDistributionPointNameString(distributionPointName, ""));
}
boolean onlyContainsUserCerts = issuingDistributionPoint.onlyContainsUserCerts();
sb.append(MessageFormat.format(res.getString("OnlyContainsUserCerts"), onlyContainsUserCerts));
sb.append(NEWLINE);
boolean onlyContainsCaCerts = issuingDistributionPoint.onlyContainsCACerts();
sb.append(MessageFormat.format(res.getString("OnlyContainsCaCerts"), onlyContainsCaCerts));
sb.append(NEWLINE);
ReasonFlags onlySomeReasons = issuingDistributionPoint.getOnlySomeReasons();
if (onlySomeReasons != null) {
// Optional
sb.append(res.getString("OnlySomeReasons"));
sb.append(NEWLINE);
String[] reasonFlags = getReasonFlagsStrings(onlySomeReasons);
for (String reasonFlag : reasonFlags) {
sb.append(INDENT);
sb.append(reasonFlag);
sb.append(NEWLINE);
}
}
boolean indirectCrl = issuingDistributionPoint.isIndirectCRL();
sb.append(MessageFormat.format(res.getString("IndirectCrl"), indirectCrl));
sb.append(NEWLINE);
boolean onlyContainsAttributeCerts = issuingDistributionPoint.onlyContainsAttributeCerts();
sb.append(MessageFormat.format(res.getString("OnlyContainsAttributeCerts"), onlyContainsAttributeCerts));
sb.append(NEWLINE);
return sb.toString();
}
Also used :
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
ReasonFlags(org.bouncycastle.asn1.x509.ReasonFlags)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
DERBitString(org.bouncycastle.asn1.DERBitString)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERGeneralString(org.bouncycastle.asn1.DERGeneralString)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
Aggregations
ASN1Boolean (org.bouncycastle.asn1.ASN1Boolean)5
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)5
IOException (java.io.IOException)3
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)3
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)3
DERIA5String (org.bouncycastle.asn1.DERIA5String)3
DEROctetString (org.bouncycastle.asn1.DEROctetString)3
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)3
BigInteger (java.math.BigInteger)2
ASN1GeneralizedTime (org.bouncycastle.asn1.ASN1GeneralizedTime)2
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)2
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)2
ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)2
ASN1String (org.bouncycastle.asn1.ASN1String)2
ASN1TaggedObject (org.bouncycastle.asn1.ASN1TaggedObject)2
DERBMPString (org.bouncycastle.asn1.DERBMPString)2
DERBitString (org.bouncycastle.asn1.DERBitString)2
DERBoolean (org.bouncycastle.asn1.DERBoolean)2
DERGeneralString (org.bouncycastle.asn1.DERGeneralString)2
DERUniversalString (org.bouncycastle.asn1.DERUniversalString)2
