Search in sources :

Example 16 with ASN1InputStream

use of org.bouncycastle.asn1.ASN1InputStream in project poi by apache.

the class XAdESXLSignatureFacet method getCrlNumber.

private BigInteger getCrlNumber(X509CRL crl) {
    byte[] crlNumberExtensionValue = crl.getExtensionValue(Extension.cRLNumber.getId());
    if (null == crlNumberExtensionValue) {
        return null;
    }
    try {
        ASN1InputStream asn1IS1 = null, asn1IS2 = null;
        try {
            asn1IS1 = new ASN1InputStream(crlNumberExtensionValue);
            ASN1OctetString octetString = (ASN1OctetString) asn1IS1.readObject();
            byte[] octets = octetString.getOctets();
            asn1IS2 = new ASN1InputStream(octets);
            ASN1Integer integer = (ASN1Integer) asn1IS2.readObject();
            return integer.getPositiveValue();
        } finally {
            IOUtils.closeQuietly(asn1IS2);
            IOUtils.closeQuietly(asn1IS1);
        }
    } catch (IOException e) {
        throw new RuntimeException("I/O error: " + e.getMessage(), e);
    }
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException)

Example 17 with ASN1InputStream

use of org.bouncycastle.asn1.ASN1InputStream in project robovm by robovm.

the class CertificateFactory method engineGenerateCertificate.

/**
     * Generates a certificate object and initializes it with the data
     * read from the input stream inStream.
     */
public java.security.cert.Certificate engineGenerateCertificate(InputStream in) throws CertificateException {
    if (currentStream == null) {
        currentStream = in;
        sData = null;
        sDataObjectCount = 0;
    } else if (// reset if input stream has changed
    currentStream != in) {
        currentStream = in;
        sData = null;
        sDataObjectCount = 0;
    }
    try {
        if (sData != null) {
            if (sDataObjectCount != sData.size()) {
                return getCertificate();
            } else {
                sData = null;
                sDataObjectCount = 0;
                return null;
            }
        }
        PushbackInputStream pis = new PushbackInputStream(in);
        int tag = pis.read();
        if (tag == -1) {
            return null;
        }
        pis.unread(tag);
        if (// assume ascii PEM encoded.
        tag != 0x30) {
            return readPEMCertificate(pis);
        } else {
            return readDERCertificate(new ASN1InputStream(pis));
        }
    } catch (Exception e) {
        throw new ExCertificateException(e);
    }
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) PushbackInputStream(java.io.PushbackInputStream) CertificateParsingException(java.security.cert.CertificateParsingException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) CRLException(java.security.cert.CRLException)

Example 18 with ASN1InputStream

use of org.bouncycastle.asn1.ASN1InputStream in project robovm by robovm.

the class CertificateFactory method engineGenerateCRL.

/**
     * Generates a certificate revocation list (CRL) object and initializes
     * it with the data read from the input stream inStream.
     */
public CRL engineGenerateCRL(InputStream inStream) throws CRLException {
    if (currentCrlStream == null) {
        currentCrlStream = inStream;
        sCrlData = null;
        sCrlDataObjectCount = 0;
    } else if (// reset if input stream has changed
    currentCrlStream != inStream) {
        currentCrlStream = inStream;
        sCrlData = null;
        sCrlDataObjectCount = 0;
    }
    try {
        if (sCrlData != null) {
            if (sCrlDataObjectCount != sCrlData.size()) {
                return getCRL();
            } else {
                sCrlData = null;
                sCrlDataObjectCount = 0;
                return null;
            }
        }
        PushbackInputStream pis = new PushbackInputStream(inStream);
        int tag = pis.read();
        if (tag == -1) {
            return null;
        }
        pis.unread(tag);
        if (// assume ascii PEM encoded.
        tag != 0x30) {
            return readPEMCRL(pis);
        } else {
            // lazy evaluate to help processing of large CRLs
            return readDERCRL(new ASN1InputStream(pis, true));
        }
    } catch (CRLException e) {
        throw e;
    } catch (Exception e) {
        throw new CRLException(e.toString());
    }
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) PushbackInputStream(java.io.PushbackInputStream) CRLException(java.security.cert.CRLException) CertificateParsingException(java.security.cert.CertificateParsingException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) CRLException(java.security.cert.CRLException)

Example 19 with ASN1InputStream

use of org.bouncycastle.asn1.ASN1InputStream in project robovm by robovm.

the class X509CRLEntryObject method toString.

public String toString() {
    StringBuffer buf = new StringBuffer();
    String nl = System.getProperty("line.separator");
    buf.append("      userCertificate: ").append(this.getSerialNumber()).append(nl);
    buf.append("       revocationDate: ").append(this.getRevocationDate()).append(nl);
    buf.append("       certificateIssuer: ").append(this.getCertificateIssuer()).append(nl);
    Extensions extensions = c.getExtensions();
    if (extensions != null) {
        Enumeration e = extensions.oids();
        if (e.hasMoreElements()) {
            buf.append("   crlEntryExtensions:").append(nl);
            while (e.hasMoreElements()) {
                ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
                Extension ext = extensions.getExtension(oid);
                if (ext.getExtnValue() != null) {
                    byte[] octs = ext.getExtnValue().getOctets();
                    ASN1InputStream dIn = new ASN1InputStream(octs);
                    buf.append("                       critical(").append(ext.isCritical()).append(") ");
                    try {
                        if (oid.equals(X509Extension.reasonCode)) {
                            buf.append(CRLReason.getInstance(ASN1Enumerated.getInstance(dIn.readObject()))).append(nl);
                        } else if (oid.equals(X509Extension.certificateIssuer)) {
                            buf.append("Certificate issuer: ").append(GeneralNames.getInstance(dIn.readObject())).append(nl);
                        } else {
                            buf.append(oid.getId());
                            buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
                        }
                    } catch (Exception ex) {
                        buf.append(oid.getId());
                        buf.append(" value = ").append("*****").append(nl);
                    }
                } else {
                    buf.append(nl);
                }
            }
        }
    }
    return buf.toString();
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) X509Extension(org.bouncycastle.asn1.x509.X509Extension) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) Enumeration(java.util.Enumeration) Extensions(org.bouncycastle.asn1.x509.Extensions) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) IOException(java.io.IOException) CRLException(java.security.cert.CRLException)

Example 20 with ASN1InputStream

use of org.bouncycastle.asn1.ASN1InputStream in project robovm by robovm.

the class RFC3280CertPathUtilities method processCertBC.

protected static void processCertBC(CertPath certPath, int index, PKIXNameConstraintValidator nameConstraintValidator) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    int n = certs.size();
    // i as defined in the algorithm description
    int i = n - index;
    //
    if (!(CertPathValidatorUtilities.isSelfIssued(cert) && (i < n))) {
        X500Principal principal = CertPathValidatorUtilities.getSubjectPrincipal(cert);
        ASN1InputStream aIn = new ASN1InputStream(principal.getEncoded());
        ASN1Sequence dns;
        try {
            dns = DERSequence.getInstance(aIn.readObject());
        } catch (Exception e) {
            throw new CertPathValidatorException("Exception extracting subject name when checking subtrees.", e, certPath, index);
        }
        try {
            nameConstraintValidator.checkPermittedDN(dns);
            nameConstraintValidator.checkExcludedDN(dns);
        } catch (PKIXNameConstraintValidatorException e) {
            throw new CertPathValidatorException("Subtree check for certificate subject failed.", e, certPath, index);
        }
        GeneralNames altName = null;
        try {
            altName = GeneralNames.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME));
        } catch (Exception e) {
            throw new CertPathValidatorException("Subject alternative name extension could not be decoded.", e, certPath, index);
        }
        Vector emails = new X509Name(dns).getValues(X509Name.EmailAddress);
        for (Enumeration e = emails.elements(); e.hasMoreElements(); ) {
            String email = (String) e.nextElement();
            GeneralName emailAsGeneralName = new GeneralName(GeneralName.rfc822Name, email);
            try {
                nameConstraintValidator.checkPermitted(emailAsGeneralName);
                nameConstraintValidator.checkExcluded(emailAsGeneralName);
            } catch (PKIXNameConstraintValidatorException ex) {
                throw new CertPathValidatorException("Subtree check for certificate subject alternative email failed.", ex, certPath, index);
            }
        }
        if (altName != null) {
            GeneralName[] genNames = null;
            try {
                genNames = altName.getNames();
            } catch (Exception e) {
                throw new CertPathValidatorException("Subject alternative name contents could not be decoded.", e, certPath, index);
            }
            for (int j = 0; j < genNames.length; j++) {
                try {
                    nameConstraintValidator.checkPermitted(genNames[j]);
                    nameConstraintValidator.checkExcluded(genNames[j]);
                } catch (PKIXNameConstraintValidatorException e) {
                    throw new CertPathValidatorException("Subtree check for certificate subject alternative name failed.", e, certPath, index);
                }
            }
        }
    }
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) Enumeration(java.util.Enumeration) X509Certificate(java.security.cert.X509Certificate) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CertificateExpiredException(java.security.cert.CertificateExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) X509Name(org.bouncycastle.asn1.x509.X509Name) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) X500Principal(javax.security.auth.x500.X500Principal) List(java.util.List) ArrayList(java.util.ArrayList) GeneralName(org.bouncycastle.asn1.x509.GeneralName) Vector(java.util.Vector) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)

Aggregations

ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)104 IOException (java.io.IOException)85 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)34 ByteArrayInputStream (java.io.ByteArrayInputStream)33 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)25 BigInteger (java.math.BigInteger)22 ASN1InputStream (com.android.org.bouncycastle.asn1.ASN1InputStream)20 CertificateException (java.security.cert.CertificateException)20 CertificateParsingException (java.security.cert.CertificateParsingException)19 X509Certificate (java.security.cert.X509Certificate)19 DEROctetString (org.bouncycastle.asn1.DEROctetString)19 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)17 Enumeration (java.util.Enumeration)17 CertificateEncodingException (java.security.cert.CertificateEncodingException)16 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)15 InvalidKeyException (java.security.InvalidKeyException)14 CRLException (java.security.cert.CRLException)14 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)14 NoSuchProviderException (java.security.NoSuchProviderException)11 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)11