Search in sources :

Example 71 with ASN1Sequence

use of org.bouncycastle.asn1.ASN1Sequence in project robovm by robovm.

the class RFC3280CertPathUtilities method processCertE.

protected static PKIXPolicyNode processCertE(CertPath certPath, int index, PKIXPolicyNode validPolicyTree) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    // 
    // (e)
    //
    ASN1Sequence certPolicies = null;
    try {
        certPolicies = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.CERTIFICATE_POLICIES));
    } catch (AnnotatedException e) {
        throw new ExtCertPathValidatorException("Could not read certificate policies extension from certificate.", e, certPath, index);
    }
    if (certPolicies == null) {
        validPolicyTree = null;
    }
    return validPolicyTree;
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) List(java.util.List) ArrayList(java.util.ArrayList) X509Certificate(java.security.cert.X509Certificate)

Example 72 with ASN1Sequence

use of org.bouncycastle.asn1.ASN1Sequence in project robovm by robovm.

the class RFC3280CertPathUtilities method prepareNextCertA.

protected static void prepareNextCertA(CertPath certPath, int index) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    //
    //
    // (a) check the policy mappings
    //
    ASN1Sequence pm = null;
    try {
        pm = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_MAPPINGS));
    } catch (AnnotatedException ex) {
        throw new ExtCertPathValidatorException("Policy mappings extension could not be decoded.", ex, certPath, index);
    }
    if (pm != null) {
        ASN1Sequence mappings = pm;
        for (int j = 0; j < mappings.size(); j++) {
            DERObjectIdentifier issuerDomainPolicy = null;
            DERObjectIdentifier subjectDomainPolicy = null;
            try {
                ASN1Sequence mapping = DERSequence.getInstance(mappings.getObjectAt(j));
                issuerDomainPolicy = DERObjectIdentifier.getInstance(mapping.getObjectAt(0));
                subjectDomainPolicy = DERObjectIdentifier.getInstance(mapping.getObjectAt(1));
            } catch (Exception e) {
                throw new ExtCertPathValidatorException("Policy mappings extension contents could not be decoded.", e, certPath, index);
            }
            if (RFC3280CertPathUtilities.ANY_POLICY.equals(issuerDomainPolicy.getId())) {
                throw new CertPathValidatorException("IssuerDomainPolicy is anyPolicy", null, certPath, index);
            }
            if (RFC3280CertPathUtilities.ANY_POLICY.equals(subjectDomainPolicy.getId())) {
                throw new CertPathValidatorException("SubjectDomainPolicy is anyPolicy,", null, certPath, index);
            }
        }
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) List(java.util.List) ArrayList(java.util.ArrayList) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) X509Certificate(java.security.cert.X509Certificate) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CertificateExpiredException(java.security.cert.CertificateExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException)

Example 73 with ASN1Sequence

use of org.bouncycastle.asn1.ASN1Sequence in project robovm by robovm.

the class RFC3280CertPathUtilities method prepareNextCertI1.

protected static int prepareNextCertI1(CertPath certPath, int index, int explicitPolicy) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    //
    // (i)
    //
    ASN1Sequence pc = null;
    try {
        pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_CONSTRAINTS));
    } catch (Exception e) {
        throw new ExtCertPathValidatorException("Policy constraints extension cannot be decoded.", e, certPath, index);
    }
    int tmpInt;
    if (pc != null) {
        Enumeration policyConstraints = pc.getObjects();
        while (policyConstraints.hasMoreElements()) {
            try {
                ASN1TaggedObject constraint = ASN1TaggedObject.getInstance(policyConstraints.nextElement());
                if (constraint.getTagNo() == 0) {
                    tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
                    if (tmpInt < explicitPolicy) {
                        return tmpInt;
                    }
                    break;
                }
            } catch (IllegalArgumentException e) {
                throw new ExtCertPathValidatorException("Policy constraints extension contents cannot be decoded.", e, certPath, index);
            }
        }
    }
    return explicitPolicy;
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) Enumeration(java.util.Enumeration) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) List(java.util.List) ArrayList(java.util.ArrayList) X509Certificate(java.security.cert.X509Certificate) CertificateExpiredException(java.security.cert.CertificateExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)

Example 74 with ASN1Sequence

use of org.bouncycastle.asn1.ASN1Sequence in project robovm by robovm.

the class JCEECPublicKey method populateFromPubKeyInfo.

private void populateFromPubKeyInfo(SubjectPublicKeyInfo info) {
    // BEGIN android-removed
    // if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001))
    // {
    //     DERBitString bits = info.getPublicKeyData();
    //     ASN1OctetString key;
    //     this.algorithm = "ECGOST3410";
    //
    //     try
    //     {
    //         key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes());
    //     }
    //     catch (IOException ex)
    //     {
    //         throw new IllegalArgumentException("error recovering public key");
    //     }
    //
    //     byte[]          keyEnc = key.getOctets();
    //     byte[]          x = new byte[32];
    //     byte[]          y = new byte[32];
    //
    //     for (int i = 0; i != x.length; i++)
    //     {
    //         x[i] = keyEnc[32 - 1 - i];
    //     }
    //
    //     for (int i = 0; i != y.length; i++)
    //     {
    //         y[i] = keyEnc[64 - 1 - i];
    //     }
    //
    //     gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters());
    //
    //     ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()));
    //
    //     ECCurve curve = spec.getCurve();
    //     EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed());
    //
    //     this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false);
    //
    //     ecSpec = new ECNamedCurveSpec(
    //             ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()),
    //             ellipticCurve,
    //             new ECPoint(
    //                     spec.getG().getX().toBigInteger(),
    //                     spec.getG().getY().toBigInteger()),
    //                     spec.getN(), spec.getH());
    //
    // }
    // else
    // END android-removed
    {
        X962Parameters params = new X962Parameters((ASN1Primitive) info.getAlgorithmId().getParameters());
        ECCurve curve;
        EllipticCurve ellipticCurve;
        if (params.isNamedCurve()) {
            ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) params.getParameters();
            X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid);
            curve = ecP.getCurve();
            ellipticCurve = EC5Util.convertCurve(curve, ecP.getSeed());
            ecSpec = new ECNamedCurveSpec(ECUtil.getCurveName(oid), ellipticCurve, new ECPoint(ecP.getG().getX().toBigInteger(), ecP.getG().getY().toBigInteger()), ecP.getN(), ecP.getH());
        } else if (params.isImplicitlyCA()) {
            ecSpec = null;
            curve = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa().getCurve();
        } else {
            X9ECParameters ecP = X9ECParameters.getInstance(params.getParameters());
            curve = ecP.getCurve();
            ellipticCurve = EC5Util.convertCurve(curve, ecP.getSeed());
            this.ecSpec = new ECParameterSpec(ellipticCurve, new ECPoint(ecP.getG().getX().toBigInteger(), ecP.getG().getY().toBigInteger()), ecP.getN(), ecP.getH().intValue());
        }
        DERBitString bits = info.getPublicKeyData();
        byte[] data = bits.getBytes();
        ASN1OctetString key = new DEROctetString(data);
        //
        if (data[0] == 0x04 && data[1] == data.length - 2 && (data[2] == 0x02 || data[2] == 0x03)) {
            int qLength = new X9IntegerConverter().getByteLength(curve);
            if (qLength >= data.length - 3) {
                try {
                    key = (ASN1OctetString) ASN1Primitive.fromByteArray(data);
                } catch (IOException ex) {
                    throw new IllegalArgumentException("error recovering public key");
                }
            }
        }
        X9ECPoint derQ = new X9ECPoint(curve, key);
        this.q = derQ.getPoint();
    }
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters) X9IntegerConverter(org.bouncycastle.asn1.x9.X9IntegerConverter) DERBitString(org.bouncycastle.asn1.DERBitString) IOException(java.io.IOException) X9ECPoint(org.bouncycastle.asn1.x9.X9ECPoint) ECPoint(java.security.spec.ECPoint) DEROctetString(org.bouncycastle.asn1.DEROctetString) X962Parameters(org.bouncycastle.asn1.x9.X962Parameters) EllipticCurve(java.security.spec.EllipticCurve) ECParameterSpec(java.security.spec.ECParameterSpec) X9ECPoint(org.bouncycastle.asn1.x9.X9ECPoint) ECCurve(org.bouncycastle.math.ec.ECCurve) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ECNamedCurveSpec(org.bouncycastle.jce.spec.ECNamedCurveSpec)

Example 75 with ASN1Sequence

use of org.bouncycastle.asn1.ASN1Sequence in project nhin-d by DirectProject.

the class CertificatePolicyCpsUriExtensionField method injectReferenceValue.

/**
	 * {@inheritDoc}
	 */
@Override
public void injectReferenceValue(X509Certificate value) throws PolicyProcessException {
    this.certificate = value;
    final DERObject exValue = getExtensionValue(value);
    if (exValue == null) {
        if (isRequired())
            throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
        else {
            final Collection<String> emptyList = Collections.emptyList();
            this.policyValue = PolicyValueFactory.getInstance(emptyList);
            return;
        }
    }
    final Collection<String> retVal = new ArrayList<String>();
    final ASN1Sequence seq = (ASN1Sequence) exValue;
    @SuppressWarnings("unchecked") final Enumeration<DEREncodable> pols = seq.getObjects();
    while (pols.hasMoreElements()) {
        final PolicyInformation pol = PolicyInformation.getInstance(pols.nextElement());
        if (pol.getPolicyQualifiers() != null) {
            @SuppressWarnings("unchecked") final Enumeration<DEREncodable> polInfos = pol.getPolicyQualifiers().getObjects();
            while (polInfos.hasMoreElements()) {
                final PolicyQualifierInfo polInfo = PolicyQualifierInfo.getInstance(polInfos.nextElement());
                if (polInfo.getPolicyQualifierId().equals(PolicyQualifierId.id_qt_cps)) {
                    retVal.add(polInfo.getQualifier().toString());
                }
            }
        }
    }
    ///CLOVER:OFF
    if (retVal.isEmpty() && isRequired())
        throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
    ///CLOVER:ON	
    this.policyValue = PolicyValueFactory.getInstance(retVal);
}
Also used : PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException) DERObject(org.bouncycastle.asn1.DERObject) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) PolicyInformation(org.bouncycastle.asn1.x509.PolicyInformation) DEREncodable(org.bouncycastle.asn1.DEREncodable) ArrayList(java.util.ArrayList) PolicyQualifierInfo(org.bouncycastle.asn1.x509.PolicyQualifierInfo)

Aggregations

ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)57 IOException (java.io.IOException)42 ArrayList (java.util.ArrayList)31 Enumeration (java.util.Enumeration)30 List (java.util.List)28 X509Certificate (java.security.cert.X509Certificate)25 ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)25 CertPathValidatorException (java.security.cert.CertPathValidatorException)21 GeneralSecurityException (java.security.GeneralSecurityException)20 CertificateExpiredException (java.security.cert.CertificateExpiredException)20 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)20 DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)18 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)18 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)18 IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)18 CertPathBuilderException (java.security.cert.CertPathBuilderException)16 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)16 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)15 HashSet (java.util.HashSet)12 Set (java.util.Set)12