Search in sources :

Example 51 with ASN1OctetString

use of org.bouncycastle.asn1.ASN1OctetString in project zm-mailbox by Zimbra.

the class UBIDModificationList method removeAttr.

@Override
public void removeAttr(String name, String[] value, Entry entry, boolean containsBinaryData, boolean isBinaryTransfer) {
    String[] currentValues = entry.getMultiAttr(name, false, true);
    if (currentValues == null || currentValues.length == 0) {
        return;
    }
    List<ASN1OctetString> valuesToRemove = null;
    for (int i = 0; i < value.length; i++) {
        if (!LdapUtil.contains(currentValues, value[i])) {
            continue;
        }
        if (valuesToRemove == null) {
            valuesToRemove = new ArrayList<ASN1OctetString>();
        }
        valuesToRemove.add(UBIDUtil.newASN1OctetString(containsBinaryData, value[i]));
    }
    if (valuesToRemove != null) {
        String transferAttrName = LdapUtil.attrNameToBinaryTransferAttrName(isBinaryTransfer, name);
        Modification mod = new Modification(ModificationType.DELETE, transferAttrName, valuesToRemove.toArray(new ASN1OctetString[valuesToRemove.size()]));
        modList.add(mod);
    }
}
Also used : ASN1OctetString(com.unboundid.asn1.ASN1OctetString) Modification(com.unboundid.ldap.sdk.Modification) ASN1OctetString(com.unboundid.asn1.ASN1OctetString)

Example 52 with ASN1OctetString

use of org.bouncycastle.asn1.ASN1OctetString in project cas by apereo.

the class X509UPNExtractorUtils method getUPNStringFromSequence.

/**
 * Get UPN String.
 *
 * @param seq ASN1Sequence abstraction representing subject alternative name.
 *            First element is the object identifier, second is the object itself.
 * @return UPN string or null
 */
private String getUPNStringFromSequence(final ASN1Sequence seq) {
    val id = seq != null ? ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0)) : null;
    if (id != null && UPN_OBJECTID.equals(id.getId())) {
        val obj = (ASN1TaggedObject) seq.getObjectAt(1);
        val primitiveObj = obj.getObject();
        val func = FunctionUtils.doIf(Predicates.instanceOf(ASN1TaggedObject.class), () -> ASN1TaggedObject.getInstance(primitiveObj).getObject(), () -> primitiveObj);
        val prim = func.apply(primitiveObj);
        if (prim instanceof ASN1OctetString) {
            return new String(((ASN1OctetString) prim).getOctets(), StandardCharsets.UTF_8);
        }
        if (prim instanceof ASN1String) {
            return ((ASN1String) prim).getString();
        }
    }
    return null;
}
Also used : lombok.val(lombok.val) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1String(org.bouncycastle.asn1.ASN1String) ASN1String(org.bouncycastle.asn1.ASN1String)

Example 53 with ASN1OctetString

use of org.bouncycastle.asn1.ASN1OctetString in project pdfbox by apache.

the class CertificateVerifier method extractOCSPURL.

/**
 * Extract the OCSP URL from an X.509 certificate if available.
 *
 * @param cert X.509 certificate
 * @return the URL of the OCSP validation service
 * @throws IOException
 */
private static String extractOCSPURL(X509Certificate cert) throws IOException {
    byte[] authorityExtensionValue = cert.getExtensionValue(Extension.authorityInfoAccess.getId());
    if (authorityExtensionValue != null) {
        // copied from CertInformationHelper.getAuthorityInfoExtensionValue()
        // DRY refactor should be done some day
        ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue);
        Enumeration<?> objects = asn1Seq.getObjects();
        while (objects.hasMoreElements()) {
            // AccessDescription
            ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
            ASN1Encodable oid = obj.getObjectAt(0);
            // accessLocation
            ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
            if (X509ObjectIdentifiers.id_ad_ocsp.equals(oid) && location.getTagNo() == GeneralName.uniformResourceIdentifier) {
                ASN1OctetString url = (ASN1OctetString) location.getBaseObject();
                String ocspURL = new String(url.getOctets());
                LOG.info("OCSP URL: " + ocspURL);
                return ocspURL;
            }
        }
    }
    return null;
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)

Example 54 with ASN1OctetString

use of org.bouncycastle.asn1.ASN1OctetString in project pdfbox by apache.

the class CertInformationHelper method getAuthorityInfoExtensionValue.

/**
 * Extracts authority information access extension values from the given data. The Data
 * structure has to be implemented as described in RFC 2459, 4.2.2.1.
 *
 * @param extensionValue byte[] of the extension value.
 * @param certInfo where to put the found values
 * @throws IOException when there is a problem with the extensionValue
 */
protected static void getAuthorityInfoExtensionValue(byte[] extensionValue, CertSignatureInformation certInfo) throws IOException {
    ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(extensionValue);
    Enumeration<?> objects = asn1Seq.getObjects();
    while (objects.hasMoreElements()) {
        // AccessDescription
        ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
        ASN1Encodable oid = obj.getObjectAt(0);
        // accessLocation
        ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
        if (X509ObjectIdentifiers.id_ad_ocsp.equals(oid) && location.getTagNo() == GeneralName.uniformResourceIdentifier) {
            ASN1OctetString url = (ASN1OctetString) location.getBaseObject();
            certInfo.setOcspUrl(new String(url.getOctets()));
        } else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(oid)) {
            ASN1OctetString uri = (ASN1OctetString) location.getBaseObject();
            certInfo.setIssuerUrl(new String(uri.getOctets()));
        }
    }
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)

Example 55 with ASN1OctetString

use of org.bouncycastle.asn1.ASN1OctetString in project pdfbox by apache.

the class CertInformationHelper method extractCrlUrlFromSequence.

private static String extractCrlUrlFromSequence(ASN1Sequence sequence) {
    ASN1TaggedObject taggedObject = (ASN1TaggedObject) sequence.getObjectAt(0);
    taggedObject = (ASN1TaggedObject) taggedObject.getBaseObject();
    if (taggedObject.getBaseObject() instanceof ASN1TaggedObject) {
        taggedObject = (ASN1TaggedObject) taggedObject.getBaseObject();
    } else if (taggedObject.getBaseObject() instanceof ASN1Sequence) {
        // multiple URLs (we take the first)
        ASN1Sequence seq = (ASN1Sequence) taggedObject.getBaseObject();
        if (seq.getObjectAt(0) instanceof ASN1TaggedObject) {
            taggedObject = (ASN1TaggedObject) seq.getObjectAt(0);
        } else {
            return null;
        }
    } else {
        return null;
    }
    if (taggedObject.getBaseObject() instanceof ASN1OctetString) {
        ASN1OctetString uri = (ASN1OctetString) taggedObject.getBaseObject();
        String url = new String(uri.getOctets());
        // return first http(s)-Url for crl
        if (url.startsWith("http")) {
            return url;
        }
    }
    // else happens with http://blogs.adobe.com/security/SampleSignedPDFDocument.pdf
    return null;
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)

Aggregations

ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)89 IOException (java.io.IOException)40 DEROctetString (org.bouncycastle.asn1.DEROctetString)26 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)24 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)24 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)23 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)17 ByteArrayInputStream (java.io.ByteArrayInputStream)16 X509Certificate (java.security.cert.X509Certificate)16 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)16 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)15 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)15 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)12 CertificateException (java.security.cert.CertificateException)12 Enumeration (java.util.Enumeration)12 ASN1TaggedObject (org.bouncycastle.asn1.ASN1TaggedObject)12 DERBitString (org.bouncycastle.asn1.DERBitString)12 DERBMPString (org.bouncycastle.asn1.DERBMPString)11 DERIA5String (org.bouncycastle.asn1.DERIA5String)11 DERSequence (org.bouncycastle.asn1.DERSequence)11