use of org.bouncycastle.asn1.ASN1OctetString in project zm-mailbox by Zimbra.
the class UBIDModificationList method removeAttr.
@Override
public void removeAttr(String name, String[] value, Entry entry, boolean containsBinaryData, boolean isBinaryTransfer) {
String[] currentValues = entry.getMultiAttr(name, false, true);
if (currentValues == null || currentValues.length == 0) {
return;
}
List<ASN1OctetString> valuesToRemove = null;
for (int i = 0; i < value.length; i++) {
if (!LdapUtil.contains(currentValues, value[i])) {
continue;
}
if (valuesToRemove == null) {
valuesToRemove = new ArrayList<ASN1OctetString>();
}
valuesToRemove.add(UBIDUtil.newASN1OctetString(containsBinaryData, value[i]));
}
if (valuesToRemove != null) {
String transferAttrName = LdapUtil.attrNameToBinaryTransferAttrName(isBinaryTransfer, name);
Modification mod = new Modification(ModificationType.DELETE, transferAttrName, valuesToRemove.toArray(new ASN1OctetString[valuesToRemove.size()]));
modList.add(mod);
}
}
use of org.bouncycastle.asn1.ASN1OctetString in project cas by apereo.
the class X509UPNExtractorUtils method getUPNStringFromSequence.
/**
* Get UPN String.
*
* @param seq ASN1Sequence abstraction representing subject alternative name.
* First element is the object identifier, second is the object itself.
* @return UPN string or null
*/
private String getUPNStringFromSequence(final ASN1Sequence seq) {
val id = seq != null ? ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0)) : null;
if (id != null && UPN_OBJECTID.equals(id.getId())) {
val obj = (ASN1TaggedObject) seq.getObjectAt(1);
val primitiveObj = obj.getObject();
val func = FunctionUtils.doIf(Predicates.instanceOf(ASN1TaggedObject.class), () -> ASN1TaggedObject.getInstance(primitiveObj).getObject(), () -> primitiveObj);
val prim = func.apply(primitiveObj);
if (prim instanceof ASN1OctetString) {
return new String(((ASN1OctetString) prim).getOctets(), StandardCharsets.UTF_8);
}
if (prim instanceof ASN1String) {
return ((ASN1String) prim).getString();
}
}
return null;
}
use of org.bouncycastle.asn1.ASN1OctetString in project pdfbox by apache.
the class CertificateVerifier method extractOCSPURL.
/**
* Extract the OCSP URL from an X.509 certificate if available.
*
* @param cert X.509 certificate
* @return the URL of the OCSP validation service
* @throws IOException
*/
private static String extractOCSPURL(X509Certificate cert) throws IOException {
byte[] authorityExtensionValue = cert.getExtensionValue(Extension.authorityInfoAccess.getId());
if (authorityExtensionValue != null) {
// copied from CertInformationHelper.getAuthorityInfoExtensionValue()
// DRY refactor should be done some day
ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue);
Enumeration<?> objects = asn1Seq.getObjects();
while (objects.hasMoreElements()) {
// AccessDescription
ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
ASN1Encodable oid = obj.getObjectAt(0);
// accessLocation
ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
if (X509ObjectIdentifiers.id_ad_ocsp.equals(oid) && location.getTagNo() == GeneralName.uniformResourceIdentifier) {
ASN1OctetString url = (ASN1OctetString) location.getBaseObject();
String ocspURL = new String(url.getOctets());
LOG.info("OCSP URL: " + ocspURL);
return ocspURL;
}
}
}
return null;
}
use of org.bouncycastle.asn1.ASN1OctetString in project pdfbox by apache.
the class CertInformationHelper method getAuthorityInfoExtensionValue.
/**
* Extracts authority information access extension values from the given data. The Data
* structure has to be implemented as described in RFC 2459, 4.2.2.1.
*
* @param extensionValue byte[] of the extension value.
* @param certInfo where to put the found values
* @throws IOException when there is a problem with the extensionValue
*/
protected static void getAuthorityInfoExtensionValue(byte[] extensionValue, CertSignatureInformation certInfo) throws IOException {
ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(extensionValue);
Enumeration<?> objects = asn1Seq.getObjects();
while (objects.hasMoreElements()) {
// AccessDescription
ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
ASN1Encodable oid = obj.getObjectAt(0);
// accessLocation
ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
if (X509ObjectIdentifiers.id_ad_ocsp.equals(oid) && location.getTagNo() == GeneralName.uniformResourceIdentifier) {
ASN1OctetString url = (ASN1OctetString) location.getBaseObject();
certInfo.setOcspUrl(new String(url.getOctets()));
} else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(oid)) {
ASN1OctetString uri = (ASN1OctetString) location.getBaseObject();
certInfo.setIssuerUrl(new String(uri.getOctets()));
}
}
}
use of org.bouncycastle.asn1.ASN1OctetString in project pdfbox by apache.
the class CertInformationHelper method extractCrlUrlFromSequence.
private static String extractCrlUrlFromSequence(ASN1Sequence sequence) {
ASN1TaggedObject taggedObject = (ASN1TaggedObject) sequence.getObjectAt(0);
taggedObject = (ASN1TaggedObject) taggedObject.getBaseObject();
if (taggedObject.getBaseObject() instanceof ASN1TaggedObject) {
taggedObject = (ASN1TaggedObject) taggedObject.getBaseObject();
} else if (taggedObject.getBaseObject() instanceof ASN1Sequence) {
// multiple URLs (we take the first)
ASN1Sequence seq = (ASN1Sequence) taggedObject.getBaseObject();
if (seq.getObjectAt(0) instanceof ASN1TaggedObject) {
taggedObject = (ASN1TaggedObject) seq.getObjectAt(0);
} else {
return null;
}
} else {
return null;
}
if (taggedObject.getBaseObject() instanceof ASN1OctetString) {
ASN1OctetString uri = (ASN1OctetString) taggedObject.getBaseObject();
String url = new String(uri.getOctets());
// return first http(s)-Url for crl
if (url.startsWith("http")) {
return url;
}
}
// else happens with http://blogs.adobe.com/security/SampleSignedPDFDocument.pdf
return null;
}
Aggregations