use of org.bouncycastle.asn1.ASN1GeneralizedTime in project xipki by xipki.
the class X509CaCmpResponderImpl method cmpEnrollCert.
private PKIBody cmpEnrollCert(PKIMessage request, PKIHeaderBuilder respHeader, CmpControl cmpControl, PKIHeader reqHeader, PKIBody reqBody, CmpRequestorInfo requestor, ASN1OctetString tid, String msgId, AuditEvent event) throws InsuffientPermissionException {
long confirmWaitTime = cmpControl.getConfirmWaitTime();
if (confirmWaitTime < 0) {
confirmWaitTime *= -1;
}
// second to millisecond
confirmWaitTime *= 1000;
PKIBody respBody;
int type = reqBody.getType();
switch(type) {
case PKIBody.TYPE_CERT_REQ:
checkPermission(requestor, PermissionConstants.ENROLL_CERT);
respBody = processCr(request, requestor, tid, reqHeader, CertReqMessages.getInstance(reqBody.getContent()), cmpControl, msgId, event);
break;
case PKIBody.TYPE_KEY_UPDATE_REQ:
checkPermission(requestor, PermissionConstants.KEY_UPDATE);
respBody = processKur(request, requestor, tid, reqHeader, CertReqMessages.getInstance(reqBody.getContent()), cmpControl, msgId, event);
break;
case PKIBody.TYPE_P10_CERT_REQ:
checkPermission(requestor, PermissionConstants.ENROLL_CERT);
respBody = processP10cr(request, requestor, tid, reqHeader, CertificationRequest.getInstance(reqBody.getContent()), cmpControl, msgId, event);
break;
case PKIBody.TYPE_CROSS_CERT_REQ:
checkPermission(requestor, PermissionConstants.ENROLL_CROSS);
respBody = processCcp(request, requestor, tid, reqHeader, CertReqMessages.getInstance(reqBody.getContent()), cmpControl, msgId, event);
break;
default:
throw new RuntimeException("should not reach here");
}
// switch type
InfoTypeAndValue tv = null;
if (!cmpControl.isConfirmCert() && CmpUtil.isImplictConfirm(reqHeader)) {
pendingCertPool.removeCertificates(tid.getOctets());
tv = CmpUtil.getImplictConfirmGeneralInfo();
} else {
Date now = new Date();
respHeader.setMessageTime(new ASN1GeneralizedTime(now));
tv = new InfoTypeAndValue(CMPObjectIdentifiers.it_confirmWaitTime, new ASN1GeneralizedTime(new Date(System.currentTimeMillis() + confirmWaitTime)));
}
respHeader.setGeneralInfo(tv);
return respBody;
}
use of org.bouncycastle.asn1.ASN1GeneralizedTime in project xipki by xipki.
the class X509CmpRequestor method buildRevokeCertRequest.
private PKIMessage buildRevokeCertRequest(RevokeCertRequest request) throws CmpRequestorException {
PKIHeader header = buildPkiHeader(null);
List<RevokeCertRequestEntry> requestEntries = request.getRequestEntries();
List<RevDetails> revDetailsArray = new ArrayList<>(requestEntries.size());
for (RevokeCertRequestEntry requestEntry : requestEntries) {
CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
certTempBuilder.setIssuer(requestEntry.getIssuer());
certTempBuilder.setSerialNumber(new ASN1Integer(requestEntry.getSerialNumber()));
byte[] aki = requestEntry.getAuthorityKeyIdentifier();
if (aki != null) {
Extensions certTempExts = getCertTempExtensions(aki);
certTempBuilder.setExtensions(certTempExts);
}
Date invalidityDate = requestEntry.getInvalidityDate();
int idx = (invalidityDate == null) ? 1 : 2;
Extension[] extensions = new Extension[idx];
try {
ASN1Enumerated reason = new ASN1Enumerated(requestEntry.getReason());
extensions[0] = new Extension(Extension.reasonCode, true, new DEROctetString(reason.getEncoded()));
if (invalidityDate != null) {
ASN1GeneralizedTime time = new ASN1GeneralizedTime(invalidityDate);
extensions[1] = new Extension(Extension.invalidityDate, true, new DEROctetString(time.getEncoded()));
}
} catch (IOException ex) {
throw new CmpRequestorException(ex.getMessage(), ex);
}
Extensions exts = new Extensions(extensions);
RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts);
revDetailsArray.add(revDetails);
}
RevReqContent content = new RevReqContent(revDetailsArray.toArray(new RevDetails[0]));
PKIBody body = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content);
return new PKIMessage(header, body);
}
use of org.bouncycastle.asn1.ASN1GeneralizedTime in project xipki by xipki.
the class ExtensionsChecker method checkExtensionSubjectDirAttrs.
// method checkExtensionInhibitAnyPolicy
private void checkExtensionSubjectDirAttrs(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) {
SubjectDirectoryAttributesControl conf = certProfile.getSubjectDirAttrsControl();
if (conf == null) {
failureMsg.append("extension is present but not expected; ");
return;
}
ASN1Encodable extInRequest = null;
if (requestedExtensions != null) {
extInRequest = requestedExtensions.getExtensionParsedValue(Extension.subjectDirectoryAttributes);
}
if (extInRequest == null) {
failureMsg.append("extension is present but not expected; ");
return;
}
SubjectDirectoryAttributes requested = SubjectDirectoryAttributes.getInstance(extInRequest);
Vector<?> reqSubDirAttrs = requested.getAttributes();
ASN1GeneralizedTime expDateOfBirth = null;
String expPlaceOfBirth = null;
String expGender = null;
Set<String> expCountryOfCitizenshipList = new HashSet<>();
Set<String> expCountryOfResidenceList = new HashSet<>();
Map<ASN1ObjectIdentifier, Set<ASN1Encodable>> expOtherAttrs = new HashMap<>();
final int expN = reqSubDirAttrs.size();
for (int i = 0; i < expN; i++) {
Attribute attr = Attribute.getInstance(reqSubDirAttrs.get(i));
ASN1ObjectIdentifier attrType = attr.getAttrType();
ASN1Encodable attrVal = attr.getAttributeValues()[0];
if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(attrType)) {
expDateOfBirth = ASN1GeneralizedTime.getInstance(attrVal);
} else if (ObjectIdentifiers.DN_PLACE_OF_BIRTH.equals(attrType)) {
expPlaceOfBirth = DirectoryString.getInstance(attrVal).getString();
} else if (ObjectIdentifiers.DN_GENDER.equals(attrType)) {
expGender = DERPrintableString.getInstance(attrVal).getString();
} else if (ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP.equals(attrType)) {
String country = DERPrintableString.getInstance(attrVal).getString();
expCountryOfCitizenshipList.add(country);
} else if (ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE.equals(attrType)) {
String country = DERPrintableString.getInstance(attrVal).getString();
expCountryOfResidenceList.add(country);
} else {
Set<ASN1Encodable> otherAttrVals = expOtherAttrs.get(attrType);
if (otherAttrVals == null) {
otherAttrVals = new HashSet<>();
expOtherAttrs.put(attrType, otherAttrVals);
}
otherAttrVals.add(attrVal);
}
}
SubjectDirectoryAttributes ext = SubjectDirectoryAttributes.getInstance(extensionValue);
Vector<?> subDirAttrs = ext.getAttributes();
ASN1GeneralizedTime dateOfBirth = null;
String placeOfBirth = null;
String gender = null;
Set<String> countryOfCitizenshipList = new HashSet<>();
Set<String> countryOfResidenceList = new HashSet<>();
Map<ASN1ObjectIdentifier, Set<ASN1Encodable>> otherAttrs = new HashMap<>();
List<ASN1ObjectIdentifier> attrTypes = new LinkedList<>(conf.getTypes());
final int n = subDirAttrs.size();
for (int i = 0; i < n; i++) {
Attribute attr = Attribute.getInstance(subDirAttrs.get(i));
ASN1ObjectIdentifier attrType = attr.getAttrType();
if (!attrTypes.contains(attrType)) {
failureMsg.append("attribute of type " + attrType.getId()).append(" is present but not expected; ");
continue;
}
ASN1Encodable[] attrs = attr.getAttributeValues();
if (attrs.length != 1) {
failureMsg.append("attribute of type ").append(attrType.getId()).append(" does not single-value value: ").append(attrs.length).append("; ");
continue;
}
ASN1Encodable attrVal = attrs[0];
if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(attrType)) {
dateOfBirth = ASN1GeneralizedTime.getInstance(attrVal);
} else if (ObjectIdentifiers.DN_PLACE_OF_BIRTH.equals(attrType)) {
placeOfBirth = DirectoryString.getInstance(attrVal).getString();
} else if (ObjectIdentifiers.DN_GENDER.equals(attrType)) {
gender = DERPrintableString.getInstance(attrVal).getString();
} else if (ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP.equals(attrType)) {
String country = DERPrintableString.getInstance(attrVal).getString();
countryOfCitizenshipList.add(country);
} else if (ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE.equals(attrType)) {
String country = DERPrintableString.getInstance(attrVal).getString();
countryOfResidenceList.add(country);
} else {
Set<ASN1Encodable> otherAttrVals = otherAttrs.get(attrType);
if (otherAttrVals == null) {
otherAttrVals = new HashSet<>();
otherAttrs.put(attrType, otherAttrVals);
}
otherAttrVals.add(attrVal);
}
}
if (dateOfBirth != null) {
attrTypes.remove(ObjectIdentifiers.DN_DATE_OF_BIRTH);
}
if (placeOfBirth != null) {
attrTypes.remove(ObjectIdentifiers.DN_PLACE_OF_BIRTH);
}
if (gender != null) {
attrTypes.remove(ObjectIdentifiers.DN_GENDER);
}
if (!countryOfCitizenshipList.isEmpty()) {
attrTypes.remove(ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP);
}
if (!countryOfResidenceList.isEmpty()) {
attrTypes.remove(ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE);
}
attrTypes.removeAll(otherAttrs.keySet());
if (!attrTypes.isEmpty()) {
List<String> attrTypeTexts = new LinkedList<>();
for (ASN1ObjectIdentifier oid : attrTypes) {
attrTypeTexts.add(oid.getId());
}
failureMsg.append("required attributes of types ").append(attrTypeTexts).append(" are not present; ");
}
if (dateOfBirth != null) {
String timeStirng = dateOfBirth.getTimeString();
if (!SubjectDnSpec.PATTERN_DATE_OF_BIRTH.matcher(timeStirng).matches()) {
failureMsg.append("invalid dateOfBirth: " + timeStirng + "; ");
}
String exp = (expDateOfBirth == null) ? null : expDateOfBirth.getTimeString();
if (!timeStirng.equalsIgnoreCase(exp)) {
addViolation(failureMsg, "dateOfBirth", timeStirng, exp);
}
}
if (gender != null) {
if (!(gender.equalsIgnoreCase("F") || gender.equalsIgnoreCase("M"))) {
failureMsg.append("invalid gender: ").append(gender).append("; ");
}
if (!gender.equalsIgnoreCase(expGender)) {
addViolation(failureMsg, "gender", gender, expGender);
}
}
if (placeOfBirth != null) {
if (!placeOfBirth.equals(expPlaceOfBirth)) {
addViolation(failureMsg, "placeOfBirth", placeOfBirth, expPlaceOfBirth);
}
}
if (!countryOfCitizenshipList.isEmpty()) {
Set<String> diffs = strInBnotInA(expCountryOfCitizenshipList, countryOfCitizenshipList);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("countryOfCitizenship ").append(diffs.toString()).append(" are present but not expected; ");
}
diffs = strInBnotInA(countryOfCitizenshipList, expCountryOfCitizenshipList);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("countryOfCitizenship ").append(diffs.toString()).append(" are absent but are required; ");
}
}
if (!countryOfResidenceList.isEmpty()) {
Set<String> diffs = strInBnotInA(expCountryOfResidenceList, countryOfResidenceList);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("countryOfResidence ").append(diffs.toString()).append(" are present but not expected; ");
}
diffs = strInBnotInA(countryOfResidenceList, expCountryOfResidenceList);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("countryOfResidence ").append(diffs.toString()).append(" are absent but are required; ");
}
}
if (!otherAttrs.isEmpty()) {
for (ASN1ObjectIdentifier attrType : otherAttrs.keySet()) {
Set<ASN1Encodable> expAttrValues = expOtherAttrs.get(attrType);
if (expAttrValues == null) {
failureMsg.append("attribute of type ").append(attrType.getId()).append(" is present but not requested; ");
continue;
}
Set<ASN1Encodable> attrValues = otherAttrs.get(attrType);
if (!attrValues.equals(expAttrValues)) {
failureMsg.append("attribute of type ").append(attrType.getId()).append(" differs from the requested one; ");
continue;
}
}
}
}
use of org.bouncycastle.asn1.ASN1GeneralizedTime in project keystore-explorer by kaikramer.
the class X509Ext method getPrivateKeyUsagePeriodStringValue.
private String getPrivateKeyUsagePeriodStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* PrivateKeyUsagePeriod ::= ASN1Sequence { notBefore [0]
* ASN1GeneralizedTime OPTIONAL, notAfter [1] ASN1GeneralizedTime OPTIONAL }
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
PrivateKeyUsagePeriod privateKeyUsagePeriod = PrivateKeyUsagePeriod.getInstance(value);
ASN1GeneralizedTime notBefore = privateKeyUsagePeriod.getNotBefore();
ASN1GeneralizedTime notAfter = privateKeyUsagePeriod.getNotAfter();
if (notBefore != null) {
sb.append(MessageFormat.format(res.getString("NotBeforePrivateKeyUsagePeriod"), getGeneralizedTimeString(notBefore)));
} else {
sb.append(MessageFormat.format(res.getString("NotBeforePrivateKeyUsagePeriod"), res.getString("NoValue")));
}
sb.append(NEWLINE);
if (notAfter != null) {
sb.append(MessageFormat.format(res.getString("NotAfterPrivateKeyUsagePeriod"), getGeneralizedTimeString(notAfter)));
} else {
sb.append(MessageFormat.format(res.getString("NotAfterPrivateKeyUsagePeriod"), res.getString("NoValue")));
}
sb.append(NEWLINE);
return sb.toString();
}
use of org.bouncycastle.asn1.ASN1GeneralizedTime in project jruby-openssl by jruby.
the class ASN1 method decodeObject.
// ObjectId
static IRubyObject decodeObject(final ThreadContext context, final RubyModule ASN1, final org.bouncycastle.asn1.ASN1Encodable obj) throws IOException, IllegalArgumentException {
final Ruby runtime = context.runtime;
if (obj instanceof ASN1Integer) {
final BN val = BN.newBN(runtime, ((ASN1Integer) obj).getValue());
return ASN1.getClass("Integer").callMethod(context, "new", val);
}
if (obj instanceof DERInteger) {
final BN val = BN.newBN(runtime, ((DERInteger) obj).getValue());
return ASN1.getClass("Integer").callMethod(context, "new", val);
}
if (obj instanceof DERBitString) {
final DERBitString derObj = (DERBitString) obj;
RubyString str = runtime.newString(new ByteList(derObj.getBytes(), false));
IRubyObject bitString = ASN1.getClass("BitString").callMethod(context, "new", str);
bitString.callMethod(context, "unused_bits=", runtime.newFixnum(derObj.getPadBits()));
return bitString;
}
if (obj instanceof ASN1String) {
final Integer typeId = typeId(obj.getClass());
String type = typeId == null ? null : (String) (ASN1_INFO[typeId][2]);
final ByteList bytes;
if (obj instanceof DERUTF8String) {
if (type == null)
type = "UTF8String";
bytes = new ByteList(((DERUTF8String) obj).getString().getBytes("UTF-8"), false);
} else {
if (type == null) {
if (obj instanceof DERNumericString) {
type = "NumericString";
} else if (obj instanceof DERPrintableString) {
type = "PrintableString";
} else if (obj instanceof DERIA5String) {
type = "IA5String";
} else if (obj instanceof DERT61String) {
type = "T61String";
} else if (obj instanceof DERGeneralString) {
type = "GeneralString";
} else if (obj instanceof DERUniversalString) {
type = "UniversalString";
} else if (obj instanceof DERBMPString) {
type = "BMPString";
} else {
// NOTE "VideotexString", "GraphicString", "ISO64String" not-handled in BC !
throw new IllegalArgumentException("could not handle ASN1 string type: " + obj + " (" + obj.getClass().getName() + ")");
}
}
bytes = ByteList.create(((ASN1String) obj).getString());
}
return ASN1.getClass(type).callMethod(context, "new", runtime.newString(bytes));
}
if (obj instanceof ASN1OctetString) {
final ByteList octets = new ByteList(((ASN1OctetString) obj).getOctets(), false);
// final ByteList octets = new ByteList(((ASN1OctetString) obj).getEncoded(ASN1Encoding.DER), false);
return ASN1.getClass("OctetString").callMethod(context, "new", runtime.newString(octets));
}
if (obj instanceof ASN1Null) {
return ASN1.getClass("Null").callMethod(context, "new", runtime.getNil());
}
if (obj instanceof ASN1Boolean) {
final boolean val = ((ASN1Boolean) obj).isTrue();
return ASN1.getClass("Boolean").callMethod(context, "new", runtime.newBoolean(val));
}
// DERBoolean extends ASN1Boolean only since 1.51 (<= 1.50 the other way around)
if (obj instanceof DERBoolean) {
final boolean val = ((DERBoolean) obj).isTrue();
return ASN1.getClass("Boolean").callMethod(context, "new", runtime.newBoolean(val));
}
if (obj instanceof ASN1UTCTime) {
final Date adjustedTime;
try {
adjustedTime = ((ASN1UTCTime) obj).getAdjustedDate();
} catch (ParseException e) {
throw new IOException(e);
}
final RubyTime time = RubyTime.newTime(runtime, adjustedTime.getTime());
return ASN1.getClass("UTCTime").callMethod(context, "new", time);
}
// NOTE: keep for BC versions compatibility ... extends ASN1UTCTime (since BC 1.51)
if (obj instanceof DERUTCTime) {
final Date adjustedTime;
try {
adjustedTime = ((DERUTCTime) obj).getAdjustedDate();
} catch (ParseException e) {
throw new IOException(e);
}
final RubyTime time = RubyTime.newTime(runtime, adjustedTime.getTime());
return ASN1.getClass("UTCTime").callMethod(context, "new", time);
}
if (obj instanceof ASN1GeneralizedTime) {
final Date generalTime;
try {
generalTime = ((ASN1GeneralizedTime) obj).getDate();
} catch (ParseException e) {
throw new IOException(e);
}
final RubyTime time = RubyTime.newTime(runtime, generalTime.getTime());
return ASN1.getClass("GeneralizedTime").callMethod(context, "new", time);
}
// NOTE: keep for BC versions compatibility ... extends ASN1GeneralizedTime (since BC 1.51)
if (obj instanceof DERGeneralizedTime) {
final Date generalTime;
try {
generalTime = ((DERGeneralizedTime) obj).getDate();
} catch (ParseException e) {
throw new IOException(e);
}
final RubyTime time = RubyTime.newTime(runtime, generalTime.getTime());
return ASN1.getClass("GeneralizedTime").callMethod(context, "new", time);
}
if (obj instanceof ASN1ObjectIdentifier) {
final String objId = ((ASN1ObjectIdentifier) obj).getId();
return ASN1.getClass("ObjectId").callMethod(context, "new", runtime.newString(objId));
}
// DERObjectIdentifier extends ASN1ObjectIdentifier = 1.51
if (obj instanceof DERObjectIdentifier) {
final String objId = ((DERObjectIdentifier) obj).getId();
return ASN1.getClass("ObjectId").callMethod(context, "new", runtime.newString(objId));
}
if (obj instanceof ASN1TaggedObject) {
final ASN1TaggedObject taggedObj = (ASN1TaggedObject) obj;
IRubyObject val = decodeObject(context, ASN1, taggedObj.getObject());
IRubyObject tag = runtime.newFixnum(taggedObj.getTagNo());
IRubyObject tag_class = runtime.newSymbol("CONTEXT_SPECIFIC");
final RubyArray valArr = runtime.newArray(val);
return ASN1.getClass("ASN1Data").callMethod(context, "new", new IRubyObject[] { valArr, tag, tag_class });
}
if (obj instanceof DERApplicationSpecific) {
final DERApplicationSpecific appSpecific = (DERApplicationSpecific) obj;
IRubyObject tag = runtime.newFixnum(appSpecific.getApplicationTag());
IRubyObject tag_class = runtime.newSymbol("APPLICATION");
final ASN1Sequence sequence = (ASN1Sequence) appSpecific.getObject(SEQUENCE);
@SuppressWarnings("unchecked") final RubyArray valArr = decodeObjects(context, ASN1, sequence.getObjects());
return ASN1.getClass("ASN1Data").callMethod(context, "new", new IRubyObject[] { valArr, tag, tag_class });
}
if (obj instanceof ASN1Sequence) {
@SuppressWarnings("unchecked") RubyArray arr = decodeObjects(context, ASN1, ((ASN1Sequence) obj).getObjects());
return ASN1.getClass("Sequence").callMethod(context, "new", arr);
}
if (obj instanceof ASN1Set) {
@SuppressWarnings("unchecked") RubyArray arr = decodeObjects(context, ASN1, ((ASN1Set) obj).getObjects());
return ASN1.getClass("Set").callMethod(context, "new", arr);
}
if (obj instanceof ASN1Enumerated) {
final RubyInteger value = RubyBignum.bignorm(runtime, ((ASN1Enumerated) obj).getValue());
return ASN1.getClass("Enumerated").callMethod(context, "new", value);
}
throw new IllegalArgumentException("unable to decode object: " + obj + " (" + (obj == null ? "" : obj.getClass().getName()) + ")");
}
Aggregations