Search in sources :

Example 66 with ASN1Sequence

use of org.bouncycastle.asn1.ASN1Sequence in project robovm by robovm.

the class CertPathValidatorUtilities method prepareNextCertB1.

protected static void prepareNextCertB1(int i, List[] policyNodes, String id_p, Map m_idp, X509Certificate cert) throws AnnotatedException, CertPathValidatorException {
    boolean idp_found = false;
    Iterator nodes_i = policyNodes[i].iterator();
    while (nodes_i.hasNext()) {
        PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
        if (node.getValidPolicy().equals(id_p)) {
            idp_found = true;
            node.expectedPolicies = (Set) m_idp.get(id_p);
            break;
        }
    }
    if (!idp_found) {
        nodes_i = policyNodes[i].iterator();
        while (nodes_i.hasNext()) {
            PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
            if (ANY_POLICY.equals(node.getValidPolicy())) {
                Set pq = null;
                ASN1Sequence policies = null;
                try {
                    policies = DERSequence.getInstance(getExtensionValue(cert, CERTIFICATE_POLICIES));
                } catch (Exception e) {
                    throw new AnnotatedException("Certificate policies cannot be decoded.", e);
                }
                Enumeration e = policies.getObjects();
                while (e.hasMoreElements()) {
                    PolicyInformation pinfo = null;
                    try {
                        pinfo = PolicyInformation.getInstance(e.nextElement());
                    } catch (Exception ex) {
                        throw new AnnotatedException("Policy information cannot be decoded.", ex);
                    }
                    if (ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId())) {
                        try {
                            pq = getQualifierSet(pinfo.getPolicyQualifiers());
                        } catch (CertPathValidatorException ex) {
                            throw new ExtCertPathValidatorException("Policy qualifier info set could not be built.", ex);
                        }
                        break;
                    }
                }
                boolean ci = false;
                if (cert.getCriticalExtensionOIDs() != null) {
                    ci = cert.getCriticalExtensionOIDs().contains(CERTIFICATE_POLICIES);
                }
                PKIXPolicyNode p_node = (PKIXPolicyNode) node.getParent();
                if (ANY_POLICY.equals(p_node.getValidPolicy())) {
                    PKIXPolicyNode c_node = new PKIXPolicyNode(new ArrayList(), i, (Set) m_idp.get(id_p), p_node, pq, id_p, ci);
                    p_node.addChild(c_node);
                    policyNodes[i].add(c_node);
                }
                break;
            }
        }
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) Set(java.util.Set) HashSet(java.util.HashSet) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) Enumeration(java.util.Enumeration) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) PolicyInformation(org.bouncycastle.asn1.x509.PolicyInformation) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ParseException(java.text.ParseException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertStoreException(java.security.cert.CertStoreException) CRLException(java.security.cert.CRLException) CertificateParsingException(java.security.cert.CertificateParsingException) StoreException(org.bouncycastle.util.StoreException) IOException(java.io.IOException)

Example 67 with ASN1Sequence

use of org.bouncycastle.asn1.ASN1Sequence in project robovm by robovm.

the class CertPathValidatorUtilities method getQualifierSet.

// crl checking
//
// policy checking
// 
protected static final Set getQualifierSet(ASN1Sequence qualifiers) throws CertPathValidatorException {
    Set pq = new HashSet();
    if (qualifiers == null) {
        return pq;
    }
    ByteArrayOutputStream bOut = new ByteArrayOutputStream();
    ASN1OutputStream aOut = new ASN1OutputStream(bOut);
    Enumeration e = qualifiers.getObjects();
    while (e.hasMoreElements()) {
        try {
            aOut.writeObject((ASN1Encodable) e.nextElement());
            pq.add(new PolicyQualifierInfo(bOut.toByteArray()));
        } catch (IOException ex) {
            throw new ExtCertPathValidatorException("Policy qualifier info cannot be decoded.", ex);
        }
        bOut.reset();
    }
    return pq;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) Enumeration(java.util.Enumeration) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) PolicyQualifierInfo(java.security.cert.PolicyQualifierInfo) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) ASN1OutputStream(org.bouncycastle.asn1.ASN1OutputStream) HashSet(java.util.HashSet)

Example 68 with ASN1Sequence

use of org.bouncycastle.asn1.ASN1Sequence in project robovm by robovm.

the class X509CertificateObject method getExtendedKeyUsage.

public List getExtendedKeyUsage() throws CertificateParsingException {
    byte[] bytes = this.getExtensionBytes("2.5.29.37");
    if (bytes != null) {
        try {
            ASN1InputStream dIn = new ASN1InputStream(bytes);
            ASN1Sequence seq = (ASN1Sequence) dIn.readObject();
            List list = new ArrayList();
            for (int i = 0; i != seq.size(); i++) {
                list.add(((ASN1ObjectIdentifier) seq.getObjectAt(i)).getId());
            }
            return Collections.unmodifiableList(list);
        } catch (Exception e) {
            throw new CertificateParsingException("error processing extended key usage extension");
        }
    }
    return null;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) CertificateParsingException(java.security.cert.CertificateParsingException) ArrayList(java.util.ArrayList) List(java.util.List) ArrayList(java.util.ArrayList) CertificateExpiredException(java.security.cert.CertificateExpiredException) SignatureException(java.security.SignatureException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) CertificateEncodingException(java.security.cert.CertificateEncodingException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertificateParsingException(java.security.cert.CertificateParsingException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) UnknownHostException(java.net.UnknownHostException) NoSuchProviderException(java.security.NoSuchProviderException)

Example 69 with ASN1Sequence

use of org.bouncycastle.asn1.ASN1Sequence in project robovm by robovm.

the class PEMUtil method readPEMObject.

ASN1Sequence readPEMObject(InputStream in) throws IOException {
    String line;
    StringBuffer pemBuf = new StringBuffer();
    while ((line = readLine(in)) != null) {
        if (line.startsWith(_header1) || line.startsWith(_header2)) {
            break;
        }
    }
    while ((line = readLine(in)) != null) {
        if (line.startsWith(_footer1) || line.startsWith(_footer2)) {
            break;
        }
        pemBuf.append(line);
    }
    if (pemBuf.length() != 0) {
        ASN1Primitive o = new ASN1InputStream(Base64.decode(pemBuf.toString())).readObject();
        if (!(o instanceof ASN1Sequence)) {
            throw new IOException("malformed PEM data encountered");
        }
        return (ASN1Sequence) o;
    }
    return null;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) IOException(java.io.IOException) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)

Example 70 with ASN1Sequence

use of org.bouncycastle.asn1.ASN1Sequence in project robovm by robovm.

the class RFC3280CertPathUtilities method wrapupCertB.

protected static int wrapupCertB(CertPath certPath, int index, int explicitPolicy) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    //
    // (b)
    //
    int tmpInt;
    ASN1Sequence pc = null;
    try {
        pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_CONSTRAINTS));
    } catch (AnnotatedException e) {
        throw new ExtCertPathValidatorException("Policy constraints could not be decoded.", e, certPath, index);
    }
    if (pc != null) {
        Enumeration policyConstraints = pc.getObjects();
        while (policyConstraints.hasMoreElements()) {
            ASN1TaggedObject constraint = (ASN1TaggedObject) policyConstraints.nextElement();
            switch(constraint.getTagNo()) {
                case 0:
                    try {
                        tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
                    } catch (Exception e) {
                        throw new ExtCertPathValidatorException("Policy constraints requireExplicitPolicy field could not be decoded.", e, certPath, index);
                    }
                    if (tmpInt == 0) {
                        return 0;
                    }
                    break;
            }
        }
    }
    return explicitPolicy;
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) Enumeration(java.util.Enumeration) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) List(java.util.List) ArrayList(java.util.ArrayList) X509Certificate(java.security.cert.X509Certificate) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CertificateExpiredException(java.security.cert.CertificateExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException)

Aggregations

ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)57 IOException (java.io.IOException)42 ArrayList (java.util.ArrayList)31 Enumeration (java.util.Enumeration)30 List (java.util.List)28 X509Certificate (java.security.cert.X509Certificate)25 ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)25 CertPathValidatorException (java.security.cert.CertPathValidatorException)21 GeneralSecurityException (java.security.GeneralSecurityException)20 CertificateExpiredException (java.security.cert.CertificateExpiredException)20 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)20 DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)18 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)18 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)18 IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)18 CertPathBuilderException (java.security.cert.CertPathBuilderException)16 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)16 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)15 HashSet (java.util.HashSet)12 Set (java.util.Set)12