Examples with ASN1TaggedObject - org.bouncycastle.asn1.ASN1TaggedObject

Example 26 with ASN1TaggedObject

use of org.bouncycastle.asn1.ASN1TaggedObject in project robovm by robovm.

the class RFC3280CertPathUtilities method prepareNextCertI1.

protected static int prepareNextCertI1(CertPath certPath, int index, int explicitPolicy) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    //
    // (i)
    //
    ASN1Sequence pc = null;
    try {
        pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_CONSTRAINTS));
    } catch (Exception e) {
        throw new ExtCertPathValidatorException("Policy constraints extension cannot be decoded.", e, certPath, index);
    }
    int tmpInt;
    if (pc != null) {
        Enumeration policyConstraints = pc.getObjects();
        while (policyConstraints.hasMoreElements()) {
            try {
                ASN1TaggedObject constraint = ASN1TaggedObject.getInstance(policyConstraints.nextElement());
                if (constraint.getTagNo() == 0) {
                    tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
                    if (tmpInt < explicitPolicy) {
                        return tmpInt;
                    }
                    break;
                }
            } catch (IllegalArgumentException e) {
                throw new ExtCertPathValidatorException("Policy constraints extension contents cannot be decoded.", e, certPath, index);
            }
        }
    }
    return explicitPolicy;
}

Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) Enumeration(java.util.Enumeration) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) List(java.util.List) ArrayList(java.util.ArrayList) X509Certificate(java.security.cert.X509Certificate) CertificateExpiredException(java.security.cert.CertificateExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)

Example 27 with ASN1TaggedObject

use of org.bouncycastle.asn1.ASN1TaggedObject in project oxAuth by GluuFederation.

the class OCSPCertificateVerifier method getOCSPUrl.

@SuppressWarnings({ "deprecation", "resource" })
private String getOCSPUrl(X509Certificate certificate) throws IOException {
    ASN1Primitive obj;
    try {
        obj = getExtensionValue(certificate, Extension.authorityInfoAccess.getId());
    } catch (IOException ex) {
        log.error("Failed to get OCSP URL", ex);
        return null;
    }
    if (obj == null) {
        return null;
    }
    AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(obj);
    AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
    for (AccessDescription accessDescription : accessDescriptions) {
        boolean correctAccessMethod = accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.ocspAccessMethod);
        if (!correctAccessMethod) {
            continue;
        }
        GeneralName name = accessDescription.getAccessLocation();
        if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
            continue;
        }
        DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
        return derStr.getString();
    }
    return null;
}

Also used : AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) DERIA5String(org.bouncycastle.asn1.DERIA5String) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) IOException(java.io.IOException) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)

Example 28 with ASN1TaggedObject

use of org.bouncycastle.asn1.ASN1TaggedObject in project cas by apereo.

the class X509SubjectAlternativeNameUPNPrincipalResolver method getUPNStringFromSequence.

/**
 * Get UPN String.
 *
 * @param seq ASN1Sequence abstraction representing subject alternative name.
 *            First element is the object identifier, second is the object itself.
 * @return UPN string or null
 */
private static String getUPNStringFromSequence(final ASN1Sequence seq) {
    if (seq != null) {
        // First in sequence is the object identifier, that we must check
        final ASN1ObjectIdentifier id = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0));
        if (id != null && UPN_OBJECTID.equals(id.getId())) {
            final ASN1TaggedObject obj = (ASN1TaggedObject) seq.getObjectAt(1);
            ASN1Primitive prim = obj.getObject();
            // Due to bug in java cert.getSubjectAltName, it can be tagged an extra time
            if (prim instanceof ASN1TaggedObject) {
                prim = ASN1TaggedObject.getInstance(prim).getObject();
            }
            if (prim instanceof ASN1OctetString) {
                return new String(((ASN1OctetString) prim).getOctets(), StandardCharsets.UTF_8);
            }
            if (prim instanceof ASN1String) {
                return ((ASN1String) prim).getString();
            }
            return null;
        }
    }
    return null;
}

Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ToString(lombok.ToString) ASN1String(org.bouncycastle.asn1.ASN1String) ASN1String(org.bouncycastle.asn1.ASN1String) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 29 with ASN1TaggedObject

use of org.bouncycastle.asn1.ASN1TaggedObject in project certmgr by hdecarne.

the class ASN1Data method decodeTagged.

/**
 * Decode an ASN.1 tagged object.
 *
 * @param primitive The ASN.1 data object to decode from.
 * @param tagNo The expected object tag.
 * @return The decoded tagged object.
 * @throws IOException if an I/O error occurs during decoding.
 */
protected static ASN1Primitive decodeTagged(ASN1Primitive primitive, int tagNo) throws IOException {
    ASN1TaggedObject taggedObject = decodePrimitive(primitive, ASN1TaggedObject.class);
    int taggedObjectTagNo = taggedObject.getTagNo();
    if (taggedObjectTagNo != tagNo) {
        throw new IOException("Unexpected ASN.1 object tag " + taggedObjectTagNo + " (expected " + tagNo);
    }
    return taggedObject.getObject();
}

Also used : ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) IOException(java.io.IOException)

Example 30 with ASN1TaggedObject

use of org.bouncycastle.asn1.ASN1TaggedObject in project certmgr by hdecarne.

the class DistributionPointName method decode.

/**
 * Decode {@code DistributionPointName} object from an ASN.1 data object.
 *
 * @param primitive The ASN.1 data object to decode.
 * @return The decoded distribution point name object.
 * @throws IOException if an I/O error occurs during decoding.
 */
public static DistributionPointName decode(ASN1Primitive primitive) throws IOException {
    ASN1TaggedObject taggedObject = decodePrimitive(primitive, ASN1TaggedObject.class);
    int taggedObjectTag = taggedObject.getTagNo();
    GeneralNames fullName = null;
    X500Principal nameRelativeToCRLIssuer = null;
    switch(taggedObjectTag) {
        case 0:
            fullName = GeneralNames.decode(taggedObject.getObject());
            break;
        case 1:
            nameRelativeToCRLIssuer = new X500Principal(taggedObject.getObject().getEncoded());
            break;
        default:
            throw new IOException("Unsupported tag: " + taggedObjectTag);
    }
    return new DistributionPointName(fullName, nameRelativeToCRLIssuer);
}

Also used : ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) X500Principal(javax.security.auth.x500.X500Principal) IOException(java.io.IOException)

Aggregations

ASN1TaggedObject (org.bouncycastle.asn1.ASN1TaggedObject)35 IOException (java.io.IOException)23 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)20 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)13 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)13 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)11 Enumeration (java.util.Enumeration)10 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)10 DERIA5String (org.bouncycastle.asn1.DERIA5String)10 DEROctetString (org.bouncycastle.asn1.DEROctetString)10 X509Certificate (java.security.cert.X509Certificate)9 List (java.util.List)8 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)8 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)8 BigInteger (java.math.BigInteger)6 GeneralSecurityException (java.security.GeneralSecurityException)6 CertPathBuilderException (java.security.cert.CertPathBuilderException)6 CertPathValidatorException (java.security.cert.CertPathValidatorException)6 CertificateExpiredException (java.security.cert.CertificateExpiredException)6 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)6