Search in sources :

Example 56 with ASN1InputStream

use of org.bouncycastle.asn1.ASN1InputStream in project zm-mailbox by Zimbra.

the class CertUtil method getSubjectAttr.

private String getSubjectAttr(String needAttrName, String needAttrOid) {
    String subjectDN = getSubjectDN();
    try {
        LdapName dn = new LdapName(subjectDN);
        List<Rdn> rdns = dn.getRdns();
        for (Rdn rdn : rdns) {
            String type = rdn.getType();
            boolean isOid = type.contains(".");
            boolean matched = (isOid ? type.equals(needAttrOid) : type.equals(needAttrName));
            if (matched) {
                Object value = rdn.getValue();
                if (value == null) {
                    continue;
                }
                if (isOid) {
                    byte[] bytes = (byte[]) value;
                    ASN1InputStream decoder = null;
                    try {
                        decoder = new ASN1InputStream(bytes);
                        DEREncodable encoded = decoder.readObject();
                        DERIA5String str = DERIA5String.getInstance(encoded);
                        return str.getString();
                    } catch (IOException e) {
                        ZimbraLog.account.warn(LOG_PREFIX + "unable to decode " + type, e);
                    } finally {
                        ByteUtil.closeStream(decoder);
                    }
                } else {
                    return value.toString();
                }
            }
        }
    } catch (InvalidNameException e) {
        ZimbraLog.account.warn(LOG_PREFIX + "Invalid subject dn value" + subjectDN, e);
    }
    return null;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) DERIA5String(org.bouncycastle.asn1.DERIA5String) InvalidNameException(javax.naming.InvalidNameException) DEREncodable(org.bouncycastle.asn1.DEREncodable) ASN1Object(org.bouncycastle.asn1.ASN1Object) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) IOException(java.io.IOException) Rdn(javax.naming.ldap.Rdn) LdapName(javax.naming.ldap.LdapName)

Example 57 with ASN1InputStream

use of org.bouncycastle.asn1.ASN1InputStream in project zm-mailbox by Zimbra.

the class CertUtil method printSubjectAlternativeNames.

private void printSubjectAlternativeNames(PrintStream outStream) throws Exception {
    final String UPN_DISPLAY = "Principal Name";
    final String RFC822NAME_DISPLAY = "RFC822 Name";
    final String DNSNAME_DISPLAY = "DNS Name";
    outStream.format("X509v3 Subject Alternative Name: \n");
    ASN1InputStream decoder = null;
    try {
        Collection<List<?>> generalNames = cert.getSubjectAlternativeNames();
        // Check that the certificate includes the SubjectAltName extension
        if (generalNames == null) {
            return;
        }
        for (List<?> generalName : generalNames) {
            Integer tag = (Integer) generalName.get(0);
            if (GeneralName.otherName == tag.intValue()) {
                // Value is encoded using ASN.1
                decoder = new ASN1InputStream((byte[]) generalName.toArray()[1]);
                DEREncodable encoded = decoder.readObject();
                DERSequence derSeq = (DERSequence) encoded;
                DERObjectIdentifier typeId = DERObjectIdentifier.getInstance(derSeq.getObjectAt(0));
                String oid = typeId.getId();
                String value = null;
                ASN1TaggedObject otherNameValue = ASN1TaggedObject.getInstance(derSeq.getObjectAt(1));
                if (OID_UPN.equals(oid)) {
                    ASN1TaggedObject upnValue = ASN1TaggedObject.getInstance(otherNameValue.getObject());
                    DERUTF8String str = DERUTF8String.getInstance(upnValue.getObject());
                    value = str.getString();
                }
                outStream.format("    [%d] %s(%s) = %s\n", tag, oid, UPN_DISPLAY, value);
            } else if (GeneralName.rfc822Name == tag.intValue()) {
                String value = (String) generalName.get(1);
                outStream.format("    [%d] %s = %s\n", tag, RFC822NAME_DISPLAY, value);
            } else if (GeneralName.dNSName == tag.intValue()) {
                String value = (String) generalName.get(1);
                outStream.format("    [%d] %s = %s\n", tag, DNSNAME_DISPLAY, value);
            } else {
                outStream.format("    [%d] - not yet supported\n", tag);
            }
        }
    } catch (CertificateParsingException e) {
        e.printStackTrace();
    } finally {
        ByteUtil.closeStream(decoder);
    }
}
Also used : BigInteger(java.math.BigInteger) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERSequence(org.bouncycastle.asn1.DERSequence) CertificateParsingException(java.security.cert.CertificateParsingException) DEREncodable(org.bouncycastle.asn1.DEREncodable) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) List(java.util.List) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)

Example 58 with ASN1InputStream

use of org.bouncycastle.asn1.ASN1InputStream in project zm-mailbox by Zimbra.

the class CertUtil method getSubjectAltNameOtherNameUPN.

String getSubjectAltNameOtherNameUPN() {
    Collection<List<?>> generalNames = null;
    try {
        generalNames = cert.getSubjectAlternativeNames();
    } catch (CertificateParsingException e) {
        ZimbraLog.account.warn(LOG_PREFIX + "unable to get subject alternative names", e);
    }
    if (generalNames == null) {
        return null;
    }
    ASN1InputStream decoder = null;
    try {
        // Check that the certificate includes the SubjectAltName extension
        for (List<?> generalName : generalNames) {
            Integer tag = (Integer) generalName.get(0);
            if (GeneralName.otherName == tag.intValue()) {
                // Value is encoded using ASN.1
                decoder = new ASN1InputStream((byte[]) generalName.toArray()[1]);
                DEREncodable encoded = decoder.readObject();
                DERSequence derSeq = (DERSequence) encoded;
                DERObjectIdentifier typeId = DERObjectIdentifier.getInstance(derSeq.getObjectAt(0));
                String oid = typeId.getId();
                String value = null;
                ASN1TaggedObject otherNameValue = ASN1TaggedObject.getInstance(derSeq.getObjectAt(1));
                if (OID_UPN.equals(oid)) {
                    ASN1TaggedObject upnValue = ASN1TaggedObject.getInstance(otherNameValue.getObject());
                    DERUTF8String str = DERUTF8String.getInstance(upnValue.getObject());
                    value = str.getString();
                    return value;
                }
            }
        }
    } catch (IOException e) {
        ZimbraLog.account.warn(LOG_PREFIX + "unable to process ASN.1 data", e);
    } finally {
        ByteUtil.closeStream(decoder);
    }
    return null;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) CertificateParsingException(java.security.cert.CertificateParsingException) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) IOException(java.io.IOException) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) BigInteger(java.math.BigInteger) DERSequence(org.bouncycastle.asn1.DERSequence) DEREncodable(org.bouncycastle.asn1.DEREncodable) List(java.util.List)

Example 59 with ASN1InputStream

use of org.bouncycastle.asn1.ASN1InputStream in project oxAuth by GluuFederation.

the class CRLCertificateVerifier method getExtensionValue.

/**
	 * @param certificate
	 *            the certificate from which we need the ExtensionValue
	 * @param oid
	 *            the Object Identifier value for the extension.
	 * @return the extension value as an ASN1Primitive object
	 * @throws IOException
	 */
private static ASN1Primitive getExtensionValue(X509Certificate certificate, String oid) throws IOException {
    byte[] bytes = certificate.getExtensionValue(oid);
    if (bytes == null) {
        return null;
    }
    ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
    ASN1OctetString octs = (ASN1OctetString) aIn.readObject();
    aIn = new ASN1InputStream(new ByteArrayInputStream(octs.getOctets()));
    return aIn.readObject();
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ByteArrayInputStream(java.io.ByteArrayInputStream)

Example 60 with ASN1InputStream

use of org.bouncycastle.asn1.ASN1InputStream in project oxAuth by GluuFederation.

the class OCSPCertificateVerifier method getExtensionValue.

/**
	 * @param certificate
	 *            the certificate from which we need the ExtensionValue
	 * @param oid
	 *            the Object Identifier value for the extension.
	 * @return the extension value as an ASN1Primitive object
	 * @throws IOException
	 */
private static ASN1Primitive getExtensionValue(X509Certificate certificate, String oid) throws IOException {
    byte[] bytes = certificate.getExtensionValue(oid);
    if (bytes == null) {
        return null;
    }
    ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
    ASN1OctetString octs = (ASN1OctetString) aIn.readObject();
    aIn = new ASN1InputStream(new ByteArrayInputStream(octs.getOctets()));
    return aIn.readObject();
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ByteArrayInputStream(java.io.ByteArrayInputStream)

Aggregations

ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)53 IOException (java.io.IOException)44 CertificateParsingException (java.security.cert.CertificateParsingException)18 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)17 CertificateException (java.security.cert.CertificateException)16 Enumeration (java.util.Enumeration)16 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)14 CRLException (java.security.cert.CRLException)13 CertificateEncodingException (java.security.cert.CertificateEncodingException)13 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)13 NoSuchProviderException (java.security.NoSuchProviderException)11 InvalidKeyException (java.security.InvalidKeyException)10 SignatureException (java.security.SignatureException)10 CertificateExpiredException (java.security.cert.CertificateExpiredException)10 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)10 X509Certificate (java.security.cert.X509Certificate)9 List (java.util.List)9 ArrayList (java.util.ArrayList)8 ASN1InputStream (com.android.org.bouncycastle.asn1.ASN1InputStream)7 ByteArrayInputStream (java.io.ByteArrayInputStream)7