Search in sources :

Example 1 with ASN1UTCTime

use of org.bouncycastle.asn1.ASN1UTCTime in project keystore-explorer by kaikramer.

the class Asn1Dump method dumpUTCTime.

private String dumpUTCTime(ASN1UTCTime asn1Time) {
    StringBuilder sb = new StringBuilder();
    sb.append(indentSequence.toString(indentLevel));
    sb.append("UTC TIME=");
    // UTCTime, note does not support ms precision hence the different date format
    Date date;
    try {
        date = asn1Time.getDate();
    } catch (ParseException e) {
        throw new RuntimeException("Cannot parse utc time");
    }
    String formattedDate = new SimpleDateFormat("dd/MMM/yyyy HH:mm:ss z").format(date);
    sb.append(formattedDate);
    sb.append(" (");
    sb.append(asn1Time.getTime());
    sb.append(")");
    sb.append(NEWLINE);
    return sb.toString();
}
Also used : ParseException(java.text.ParseException) DERNumericString(org.bouncycastle.asn1.DERNumericString) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERGeneralString(org.bouncycastle.asn1.DERGeneralString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERT61String(org.bouncycastle.asn1.DERT61String) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERVisibleString(org.bouncycastle.asn1.DERVisibleString) ASN1String(org.bouncycastle.asn1.ASN1String) DERUniversalString(org.bouncycastle.asn1.DERUniversalString) SimpleDateFormat(java.text.SimpleDateFormat) Date(java.util.Date)

Example 2 with ASN1UTCTime

use of org.bouncycastle.asn1.ASN1UTCTime in project signer by demoiselle.

the class CAdESChecker method check.

/**
 * Validation is done only on digital signatures with a single signer. Valid
 * only with content of type DATA.: OID ContentType 1.2.840.113549.1.9.3 =
 * OID Data 1.2.840.113549.1.7.1
 *
 * @params content Is only necessary to inform if the PKCS7 package is NOT
 *         ATTACHED type. If it is of type attached, this parameter will be
 *         replaced by the contents of the PKCS7 package.
 * @params signedData Value in bytes of the PKCS7 package, such as the
 *         contents of a ".p7s" file. It is not only signature as in the
 *         case of PKCS1.
 */
// TODO: Implementar validação de co-assinaturas
public boolean check(byte[] content, byte[] signedData) throws SignerException {
    Security.addProvider(new BouncyCastleProvider());
    CMSSignedData cmsSignedData = null;
    try {
        if (content == null) {
            if (this.checkHash) {
                cmsSignedData = new CMSSignedData(this.hashes, signedData);
                this.checkHash = false;
            } else {
                cmsSignedData = new CMSSignedData(signedData);
            }
        } else {
            cmsSignedData = new CMSSignedData(new CMSProcessableByteArray(content), signedData);
        }
    } catch (CMSException ex) {
        throw new SignerException(cadesMessagesBundle.getString("error.invalid.bytes.pkcs7"), ex);
    }
    // Quantidade inicial de assinaturas validadas
    int verified = 0;
    Store<?> certStore = cmsSignedData.getCertificates();
    SignerInformationStore signers = cmsSignedData.getSignerInfos();
    Iterator<?> it = signers.getSigners().iterator();
    // Realização da verificação básica de todas as assinaturas
    while (it.hasNext()) {
        SignatureInformations signatureInfo = new SignatureInformations();
        try {
            SignerInformation signerInfo = (SignerInformation) it.next();
            SignerInformationStore signerInfoStore = signerInfo.getCounterSignatures();
            logger.info("Foi(ram) encontrada(s) " + signerInfoStore.size() + " contra-assinatura(s).");
            @SuppressWarnings("unchecked") Collection<?> certCollection = certStore.getMatches(signerInfo.getSID());
            Iterator<?> certIt = certCollection.iterator();
            X509CertificateHolder certificateHolder = (X509CertificateHolder) certIt.next();
            X509Certificate varCert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
            PeriodValidator pV = new PeriodValidator();
            try {
                pV.validate(varCert);
            } catch (CertificateValidatorException cve) {
                signatureInfo.getValidatorErrors().add(cve.getMessage());
            }
            CRLValidator cV = new CRLValidator();
            try {
                cV.validate(varCert);
            } catch (CertificateValidatorCRLException cvce) {
                signatureInfo.getValidatorErrors().add(cvce.getMessage());
            }
            if (signerInfo.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certificateHolder))) {
                verified++;
                logger.info(cadesMessagesBundle.getString("info.signature.valid.seq", verified));
            }
            // recupera atributos assinados
            logger.info(cadesMessagesBundle.getString("info.signed.attribute"));
            AttributeTable signedAttributes = signerInfo.getSignedAttributes();
            if ((signedAttributes == null) || (signedAttributes != null && signedAttributes.size() == 0)) {
                signatureInfo.getValidatorErrors().add(cadesMessagesBundle.getString("error.signed.attribute.table.not.found"));
                logger.info(cadesMessagesBundle.getString("error.signed.attribute.table.not.found"));
            } else {
                // Validando atributos assinados de acordo com a politica
                Attribute idSigningPolicy = null;
                idSigningPolicy = signedAttributes.get(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId.getId()));
                if (idSigningPolicy == null) {
                    signatureInfo.getValidatorErrors().add(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", "idSigningPolicy"));
                } else {
                    for (Enumeration<?> p = idSigningPolicy.getAttrValues().getObjects(); p.hasMoreElements(); ) {
                        String policyOnSignature = p.nextElement().toString();
                        for (PolicyFactory.Policies pv : PolicyFactory.Policies.values()) {
                            if (policyOnSignature.contains(pv.getUrl())) {
                                setSignaturePolicy(pv);
                                break;
                            }
                        }
                    }
                }
            }
            if (signaturePolicy == null) {
                signatureInfo.getValidatorErrors().add(cadesMessagesBundle.getString("error.policy.on.component.not.found", "idSigningPolicy"));
                logger.info(cadesMessagesBundle.getString("error.policy.on.component.not.found", "idSigningPolicy"));
            } else {
                if (signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules().getSignerAndVeriferRules().getSignerRules().getMandatedSignedAttr().getObjectIdentifiers() != null) {
                    for (ObjectIdentifier objectIdentifier : signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules().getSignerAndVeriferRules().getSignerRules().getMandatedSignedAttr().getObjectIdentifiers()) {
                        String oi = objectIdentifier.getValue();
                        Attribute signedAtt = signedAttributes.get(new ASN1ObjectIdentifier(oi));
                        logger.info(oi);
                        if (signedAtt == null) {
                            signatureInfo.getValidatorErrors().add(cadesMessagesBundle.getString("error.signed.attribute.not.found", oi, signaturePolicy.getSignPolicyInfo().getSignPolicyIdentifier().getValue()));
                        }
                    }
                }
            }
            // Mostra data e  hora da assinatura, não é carimbo de tempo
            Attribute timeAttribute = signedAttributes.get(CMSAttributes.signingTime);
            Date dataHora = null;
            if (timeAttribute != null) {
                dataHora = (((ASN1UTCTime) timeAttribute.getAttrValues().getObjectAt(0)).getDate());
                logger.info(cadesMessagesBundle.getString("info.date.utc", dataHora));
            } else {
                logger.info(cadesMessagesBundle.getString("info.date.utc", "N/D"));
                signatureInfo.getValidatorErrors().add(cadesMessagesBundle.getString("info.date.utc", "N/D"));
            }
            // recupera os atributos NÃO assinados
            logger.info(cadesMessagesBundle.getString("info.unsigned.attribute"));
            AttributeTable unsignedAttributes = signerInfo.getUnsignedAttributes();
            if ((unsignedAttributes == null) || (unsignedAttributes != null && unsignedAttributes.size() == 0)) {
                // Apenas info pois a RB não tem atributos não assinados
                logger.info(cadesMessagesBundle.getString("error.unsigned.attribute.table.not.found"));
            }
            if (signaturePolicy != null) {
                // Validando atributos NÃO assinados de acordo com a politica
                if (signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules().getSignerAndVeriferRules().getSignerRules().getMandatedUnsignedAttr().getObjectIdentifiers() != null) {
                    for (ObjectIdentifier objectIdentifier : signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules().getSignerAndVeriferRules().getSignerRules().getMandatedUnsignedAttr().getObjectIdentifiers()) {
                        String oi = objectIdentifier.getValue();
                        Attribute unSignedAtt = unsignedAttributes.get(new ASN1ObjectIdentifier(oi));
                        logger.info(oi);
                        if (unSignedAtt == null) {
                            signatureInfo.getValidatorErrors().add(cadesMessagesBundle.getString("error.unsigned.attribute.not.found", oi, signaturePolicy.getSignPolicyInfo().getSignPolicyIdentifier().getValue()));
                        }
                        if (oi.equalsIgnoreCase(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken.getId())) {
                            // Verificando timeStamp
                            try {
                                byte[] varSignature = signerInfo.getSignature();
                                Timestamp varTimeStampSigner = validateTimestamp(unSignedAtt, varSignature);
                                signatureInfo.setTimeStampSigner(varTimeStampSigner);
                            } catch (Exception ex) {
                                signatureInfo.getValidatorErrors().add(ex.getMessage());
                            // nas assinaturas feitas na applet o unsignedAttributes.get gera exceção.
                            }
                        }
                        if (oi.equalsIgnoreCase("1.2.840.113549.1.9.16.2.25")) {
                            logger.info("++++++++++  EscTimeStamp ++++++++++++");
                        }
                    }
                }
            }
            LinkedList<X509Certificate> varChain = (LinkedList<X509Certificate>) CAManager.getInstance().getCertificateChain(varCert);
            if (varChain.size() < 3) {
                signatureInfo.getValidatorErrors().add(cadesMessagesBundle.getString("error.no.ca", varCert.getIssuerDN()));
                logger.info(cadesMessagesBundle.getString("error.no.ca", varCert.getIssuerDN()));
            }
            signatureInfo.setSignDate(dataHora);
            signatureInfo.setChain(varChain);
            signatureInfo.setSignaturePolicy(signaturePolicy);
            this.getSignaturesInfo().add(signatureInfo);
        } catch (OperatorCreationException | java.security.cert.CertificateException ex) {
            signatureInfo.getValidatorErrors().add(ex.getMessage());
            logger.info(ex.getMessage());
        } catch (CMSException ex) {
            // When file is mismatch with sign
            if (ex instanceof CMSSignerDigestMismatchException) {
                signatureInfo.getValidatorErrors().add(cadesMessagesBundle.getString("error.signature.mismatch"));
                logger.info(cadesMessagesBundle.getString("error.signature.mismatch"));
            } else {
                signatureInfo.getValidatorErrors().add(cadesMessagesBundle.getString("error.signature.invalid"));
                logger.info(cadesMessagesBundle.getString("error.signature.invalid"));
            }
        } catch (ParseException e) {
            signatureInfo.getValidatorErrors().add(e.getMessage());
            logger.info(e.getMessage());
        } catch (Exception e) {
            signatureInfo.getValidatorErrors().add(e.getMessage());
            logger.info(e.getMessage());
        }
    }
    logger.info(cadesMessagesBundle.getString("info.signature.verified", verified));
    // TODO Efetuar o parsing da estrutura CMS
    return true;
}
Also used : PolicyFactory(org.demoiselle.signer.policy.engine.factory.PolicyFactory) Attribute(org.bouncycastle.asn1.cms.Attribute) AttributeTable(org.bouncycastle.asn1.cms.AttributeTable) ASN1UTCTime(org.bouncycastle.asn1.ASN1UTCTime) SignerInformation(org.bouncycastle.cms.SignerInformation) CRLValidator(org.demoiselle.signer.core.validator.CRLValidator) Timestamp(org.demoiselle.signer.timestamp.Timestamp) SignatureInformations(org.demoiselle.signer.policy.impl.cades.SignatureInformations) SignerInformationStore(org.bouncycastle.cms.SignerInformationStore) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) PeriodValidator(org.demoiselle.signer.core.validator.PeriodValidator) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ObjectIdentifier(org.demoiselle.signer.policy.engine.asn1.etsi.ObjectIdentifier) CMSSignerDigestMismatchException(org.bouncycastle.cms.CMSSignerDigestMismatchException) CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray) JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder) CertificateValidatorCRLException(org.demoiselle.signer.core.exception.CertificateValidatorCRLException) CMSSignedData(org.bouncycastle.cms.CMSSignedData) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) CertificateCoreException(org.demoiselle.signer.core.exception.CertificateCoreException) CertificateValidatorException(org.demoiselle.signer.core.exception.CertificateValidatorException) ParseException(java.text.ParseException) TSPException(org.bouncycastle.tsp.TSPException) CMSException(org.bouncycastle.cms.CMSException) CertificateValidatorCRLException(org.demoiselle.signer.core.exception.CertificateValidatorCRLException) CMSSignerDigestMismatchException(org.bouncycastle.cms.CMSSignerDigestMismatchException) IOException(java.io.IOException) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) LinkedList(java.util.LinkedList) CertificateValidatorException(org.demoiselle.signer.core.exception.CertificateValidatorException) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) ParseException(java.text.ParseException) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) CMSException(org.bouncycastle.cms.CMSException)

Example 3 with ASN1UTCTime

use of org.bouncycastle.asn1.ASN1UTCTime in project signer by demoiselle.

the class CAdESSigner method check.

/**
 * Validation is done only on digital signatures with a single signer. Valid
 * only with content of type DATA.: OID ContentType 1.2.840.113549.1.9.3 =
 * OID Data 1.2.840.113549.1.7.1
 *
 * @params content Is only necessary to inform if the PKCS7 package is NOT
 *         ATTACHED type. If it is of type attached, this parameter will be
 *         replaced by the contents of the PKCS7 package.
 * @params signedData Value in bytes of the PKCS7 package, such as the
 *         contents of a ".p7s" file. It is not only signature as in the
 *         case of PKCS1.
 */
@SuppressWarnings("unchecked")
// TODO: Implementar validação de co-assinaturas
@Override
@Deprecated
public boolean check(byte[] content, byte[] signedData) throws SignerException {
    Security.addProvider(new BouncyCastleProvider());
    CMSSignedData cmsSignedData = null;
    try {
        if (content == null) {
            if (this.checkHash) {
                cmsSignedData = new CMSSignedData(this.hashes, signedData);
                this.checkHash = false;
            } else {
                cmsSignedData = new CMSSignedData(signedData);
            }
        } else {
            cmsSignedData = new CMSSignedData(new CMSProcessableByteArray(content), signedData);
        }
    } catch (CMSException ex) {
        throw new SignerException(cadesMessagesBundle.getString("error.invalid.bytes.pkcs7"), ex);
    }
    // Quantidade inicial de assinaturas validadas
    int verified = 0;
    Store<?> certStore = cmsSignedData.getCertificates();
    SignerInformationStore signers = cmsSignedData.getSignerInfos();
    Iterator<?> it = signers.getSigners().iterator();
    // Realização da verificação básica de todas as assinaturas
    while (it.hasNext()) {
        try {
            SignerInformation signer = (SignerInformation) it.next();
            SignerInformationStore s = signer.getCounterSignatures();
            SignatureInformations si = new SignatureInformations();
            logger.info("Foi(ram) encontrada(s) " + s.size() + " contra-assinatura(s).");
            Collection<?> certCollection = certStore.getMatches(signer.getSID());
            Iterator<?> certIt = certCollection.iterator();
            X509CertificateHolder certificateHolder = (X509CertificateHolder) certIt.next();
            X509Certificate varCert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
            PeriodValidator pV = new PeriodValidator();
            try {
                pV.validate(varCert);
            } catch (CertificateValidatorException cve) {
                si.getValidatorErrors().add(cve.getMessage());
            }
            CRLValidator cV = new CRLValidator();
            try {
                cV.validate(varCert);
            } catch (CertificateValidatorCRLException cvce) {
                si.getValidatorErrors().add(cvce.getMessage());
            }
            if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certificateHolder))) {
                verified++;
                logger.info(cadesMessagesBundle.getString("info.signature.valid.seq", verified));
            }
            // Realiza a verificação dos atributos assinados
            logger.info(cadesMessagesBundle.getString("info.signed.attribute"));
            AttributeTable signedAttributes = signer.getSignedAttributes();
            if ((signedAttributes == null) || (signedAttributes != null && signedAttributes.size() == 0)) {
                throw new SignerException(cadesMessagesBundle.getString("error.signed.attribute.table.not.found"));
            }
            // Realiza a verificação dos atributos não assinados
            logger.info(cadesMessagesBundle.getString("info.unsigned.attribute"));
            AttributeTable unsignedAttributes = signer.getUnsignedAttributes();
            if ((unsignedAttributes == null) || (unsignedAttributes != null && unsignedAttributes.size() == 0)) {
                logger.info(cadesMessagesBundle.getString("error.unsigned.attribute.table.not.found"));
            }
            // Mostra data e  hora da assinatura, não é carimbo de tempo
            Attribute signingTime = signedAttributes.get(CMSAttributes.signingTime);
            Date dataHora = null;
            if (signingTime != null) {
                dataHora = (((ASN1UTCTime) signingTime.getAttrValues().getObjectAt(0)).getDate());
                logger.info(cadesMessagesBundle.getString("info.date.utc", dataHora));
            } else {
                logger.info(cadesMessagesBundle.getString("info.date.utc", "N/D"));
            }
            logger.info(cadesMessagesBundle.getString("info.attribute.validation"));
            // Valida o atributo ContentType
            Attribute attributeContentType = signedAttributes.get(CMSAttributes.contentType);
            if (attributeContentType == null) {
                throw new SignerException(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", "ContentType"));
            }
            if (!attributeContentType.getAttrValues().getObjectAt(0).equals(ContentInfo.data)) {
                throw new SignerException(cadesMessagesBundle.getString("error.content.not.data"));
            }
            // Validando o atributo MessageDigest
            Attribute attributeMessageDigest = signedAttributes.get(CMSAttributes.messageDigest);
            if (attributeMessageDigest == null) {
                throw new SignerException(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", "MessageDigest"));
            }
            // Validando o atributo MessageDigest
            Attribute idSigningPolicy = null;
            idSigningPolicy = signedAttributes.get(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId.getId()));
            if (idSigningPolicy == null) {
                throw new SignerException(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", "idSigningPolicy"));
            }
            // Verificando timeStamp
            try {
                Attribute attributeTimeStamp = null;
                attributeTimeStamp = unsignedAttributes.get(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken.getId()));
                if (attributeTimeStamp != null) {
                    byte[] varSignature = signer.getSignature();
                    Timestamp varTimeStampSigner = validateTimestamp(attributeTimeStamp, varSignature);
                    si.setTimeStampSigner(varTimeStampSigner);
                }
            } catch (Exception ex) {
            // nas assinaturas feitas na applet o unsignedAttributes.get gera exceção.
            }
            LinkedList<X509Certificate> varChain = (LinkedList<X509Certificate>) CAManager.getInstance().getCertificateChain(varCert);
            si.setSignDate(dataHora);
            si.setChain(varChain);
            si.setSignaturePolicy(signaturePolicy);
            this.getSignatureInfo().add(si);
        } catch (OperatorCreationException | java.security.cert.CertificateException ex) {
            throw new SignerException(ex);
        } catch (CMSException ex) {
            // When file is mismatch with sign
            if (ex instanceof CMSSignerDigestMismatchException)
                throw new SignerException(cadesMessagesBundle.getString("error.signature.mismatch"), ex);
            else
                throw new SignerException(cadesMessagesBundle.getString("error.signature.invalid"), ex);
        } catch (ParseException e) {
            throw new SignerException(e);
        }
    }
    logger.info(cadesMessagesBundle.getString("info.signature.verified", verified));
    // TODO Efetuar o parsing da estrutura CMS
    return true;
}
Also used : Attribute(org.bouncycastle.asn1.cms.Attribute) SignedOrUnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.SignedOrUnsignedAttribute) AttributeTable(org.bouncycastle.asn1.cms.AttributeTable) ASN1UTCTime(org.bouncycastle.asn1.ASN1UTCTime) SignerInformation(org.bouncycastle.cms.SignerInformation) CertificateException(java.security.cert.CertificateException) CRLValidator(org.demoiselle.signer.core.validator.CRLValidator) Timestamp(org.demoiselle.signer.timestamp.Timestamp) SignatureInformations(org.demoiselle.signer.policy.impl.cades.SignatureInformations) SignerInformationStore(org.bouncycastle.cms.SignerInformationStore) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) PeriodValidator(org.demoiselle.signer.core.validator.PeriodValidator) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) CMSSignerDigestMismatchException(org.bouncycastle.cms.CMSSignerDigestMismatchException) CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray) JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder) CertificateValidatorCRLException(org.demoiselle.signer.core.exception.CertificateValidatorCRLException) CMSSignedData(org.bouncycastle.cms.CMSSignedData) CertificateTrustPoint(org.demoiselle.signer.policy.engine.asn1.etsi.CertificateTrustPoint) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) CertificateCoreException(org.demoiselle.signer.core.exception.CertificateCoreException) CertificateValidatorException(org.demoiselle.signer.core.exception.CertificateValidatorException) ParseException(java.text.ParseException) TSPException(org.bouncycastle.tsp.TSPException) CertificateEncodingException(java.security.cert.CertificateEncodingException) CMSException(org.bouncycastle.cms.CMSException) CertificateValidatorCRLException(org.demoiselle.signer.core.exception.CertificateValidatorCRLException) CMSSignerDigestMismatchException(org.bouncycastle.cms.CMSSignerDigestMismatchException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) LinkedList(java.util.LinkedList) CertificateValidatorException(org.demoiselle.signer.core.exception.CertificateValidatorException) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) ParseException(java.text.ParseException) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) CMSException(org.bouncycastle.cms.CMSException)

Example 4 with ASN1UTCTime

use of org.bouncycastle.asn1.ASN1UTCTime in project jruby-openssl by jruby.

the class ASN1 method decodeObject.

// ObjectId
static IRubyObject decodeObject(final ThreadContext context, final RubyModule ASN1, final org.bouncycastle.asn1.ASN1Encodable obj) throws IOException, IllegalArgumentException {
    final Ruby runtime = context.runtime;
    if (obj instanceof ASN1Integer) {
        final BN val = BN.newBN(runtime, ((ASN1Integer) obj).getValue());
        return ASN1.getClass("Integer").callMethod(context, "new", val);
    }
    if (obj instanceof DERInteger) {
        final BN val = BN.newBN(runtime, ((DERInteger) obj).getValue());
        return ASN1.getClass("Integer").callMethod(context, "new", val);
    }
    if (obj instanceof DERBitString) {
        final DERBitString derObj = (DERBitString) obj;
        RubyString str = runtime.newString(new ByteList(derObj.getBytes(), false));
        IRubyObject bitString = ASN1.getClass("BitString").callMethod(context, "new", str);
        bitString.callMethod(context, "unused_bits=", runtime.newFixnum(derObj.getPadBits()));
        return bitString;
    }
    if (obj instanceof ASN1String) {
        final Integer typeId = typeId(obj.getClass());
        String type = typeId == null ? null : (String) (ASN1_INFO[typeId][2]);
        final ByteList bytes;
        if (obj instanceof DERUTF8String) {
            if (type == null)
                type = "UTF8String";
            bytes = new ByteList(((DERUTF8String) obj).getString().getBytes("UTF-8"), false);
        } else {
            if (type == null) {
                if (obj instanceof DERNumericString) {
                    type = "NumericString";
                } else if (obj instanceof DERPrintableString) {
                    type = "PrintableString";
                } else if (obj instanceof DERIA5String) {
                    type = "IA5String";
                } else if (obj instanceof DERT61String) {
                    type = "T61String";
                } else if (obj instanceof DERGeneralString) {
                    type = "GeneralString";
                } else if (obj instanceof DERUniversalString) {
                    type = "UniversalString";
                } else if (obj instanceof DERBMPString) {
                    type = "BMPString";
                } else {
                    // NOTE "VideotexString", "GraphicString", "ISO64String" not-handled in BC !
                    throw new IllegalArgumentException("could not handle ASN1 string type: " + obj + " (" + obj.getClass().getName() + ")");
                }
            }
            bytes = ByteList.create(((ASN1String) obj).getString());
        }
        return ASN1.getClass(type).callMethod(context, "new", runtime.newString(bytes));
    }
    if (obj instanceof ASN1OctetString) {
        final ByteList octets = new ByteList(((ASN1OctetString) obj).getOctets(), false);
        // final ByteList octets = new ByteList(((ASN1OctetString) obj).getEncoded(ASN1Encoding.DER), false);
        return ASN1.getClass("OctetString").callMethod(context, "new", runtime.newString(octets));
    }
    if (obj instanceof ASN1Null) {
        return ASN1.getClass("Null").callMethod(context, "new", runtime.getNil());
    }
    if (obj instanceof ASN1Boolean) {
        final boolean val = ((ASN1Boolean) obj).isTrue();
        return ASN1.getClass("Boolean").callMethod(context, "new", runtime.newBoolean(val));
    }
    // DERBoolean extends ASN1Boolean only since 1.51 (<= 1.50 the other way around)
    if (obj instanceof DERBoolean) {
        final boolean val = ((DERBoolean) obj).isTrue();
        return ASN1.getClass("Boolean").callMethod(context, "new", runtime.newBoolean(val));
    }
    if (obj instanceof ASN1UTCTime) {
        final Date adjustedTime;
        try {
            adjustedTime = ((ASN1UTCTime) obj).getAdjustedDate();
        } catch (ParseException e) {
            throw new IOException(e);
        }
        final RubyTime time = RubyTime.newTime(runtime, adjustedTime.getTime());
        return ASN1.getClass("UTCTime").callMethod(context, "new", time);
    }
    // NOTE: keep for BC versions compatibility ... extends ASN1UTCTime (since BC 1.51)
    if (obj instanceof DERUTCTime) {
        final Date adjustedTime;
        try {
            adjustedTime = ((DERUTCTime) obj).getAdjustedDate();
        } catch (ParseException e) {
            throw new IOException(e);
        }
        final RubyTime time = RubyTime.newTime(runtime, adjustedTime.getTime());
        return ASN1.getClass("UTCTime").callMethod(context, "new", time);
    }
    if (obj instanceof ASN1GeneralizedTime) {
        final Date generalTime;
        try {
            generalTime = ((ASN1GeneralizedTime) obj).getDate();
        } catch (ParseException e) {
            throw new IOException(e);
        }
        final RubyTime time = RubyTime.newTime(runtime, generalTime.getTime());
        return ASN1.getClass("GeneralizedTime").callMethod(context, "new", time);
    }
    // NOTE: keep for BC versions compatibility ... extends ASN1GeneralizedTime (since BC 1.51)
    if (obj instanceof DERGeneralizedTime) {
        final Date generalTime;
        try {
            generalTime = ((DERGeneralizedTime) obj).getDate();
        } catch (ParseException e) {
            throw new IOException(e);
        }
        final RubyTime time = RubyTime.newTime(runtime, generalTime.getTime());
        return ASN1.getClass("GeneralizedTime").callMethod(context, "new", time);
    }
    if (obj instanceof ASN1ObjectIdentifier) {
        final String objId = ((ASN1ObjectIdentifier) obj).getId();
        return ASN1.getClass("ObjectId").callMethod(context, "new", runtime.newString(objId));
    }
    // DERObjectIdentifier extends ASN1ObjectIdentifier = 1.51
    if (obj instanceof DERObjectIdentifier) {
        final String objId = ((DERObjectIdentifier) obj).getId();
        return ASN1.getClass("ObjectId").callMethod(context, "new", runtime.newString(objId));
    }
    if (obj instanceof ASN1TaggedObject) {
        final ASN1TaggedObject taggedObj = (ASN1TaggedObject) obj;
        IRubyObject val = decodeObject(context, ASN1, taggedObj.getObject());
        IRubyObject tag = runtime.newFixnum(taggedObj.getTagNo());
        IRubyObject tag_class = runtime.newSymbol("CONTEXT_SPECIFIC");
        final RubyArray valArr = runtime.newArray(val);
        return ASN1.getClass("ASN1Data").callMethod(context, "new", new IRubyObject[] { valArr, tag, tag_class });
    }
    if (obj instanceof DERApplicationSpecific) {
        final DERApplicationSpecific appSpecific = (DERApplicationSpecific) obj;
        IRubyObject tag = runtime.newFixnum(appSpecific.getApplicationTag());
        IRubyObject tag_class = runtime.newSymbol("APPLICATION");
        final ASN1Sequence sequence = (ASN1Sequence) appSpecific.getObject(SEQUENCE);
        @SuppressWarnings("unchecked") final RubyArray valArr = decodeObjects(context, ASN1, sequence.getObjects());
        return ASN1.getClass("ASN1Data").callMethod(context, "new", new IRubyObject[] { valArr, tag, tag_class });
    }
    if (obj instanceof ASN1Sequence) {
        @SuppressWarnings("unchecked") RubyArray arr = decodeObjects(context, ASN1, ((ASN1Sequence) obj).getObjects());
        return ASN1.getClass("Sequence").callMethod(context, "new", arr);
    }
    if (obj instanceof ASN1Set) {
        @SuppressWarnings("unchecked") RubyArray arr = decodeObjects(context, ASN1, ((ASN1Set) obj).getObjects());
        return ASN1.getClass("Set").callMethod(context, "new", arr);
    }
    if (obj instanceof ASN1Enumerated) {
        final RubyInteger value = RubyBignum.bignorm(runtime, ((ASN1Enumerated) obj).getValue());
        return ASN1.getClass("Enumerated").callMethod(context, "new", value);
    }
    throw new IllegalArgumentException("unable to decode object: " + obj + " (" + (obj == null ? "" : obj.getClass().getName()) + ")");
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) RubyTime(org.jruby.RubyTime) RubyArray(org.jruby.RubyArray) DERApplicationSpecific(org.bouncycastle.asn1.DERApplicationSpecific) RubyInteger(org.jruby.RubyInteger) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) ASN1UTCTime(org.bouncycastle.asn1.ASN1UTCTime) ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERGeneralString(org.bouncycastle.asn1.DERGeneralString) RubyString(org.jruby.RubyString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERNumericString(org.bouncycastle.asn1.DERNumericString) DEROctetString(org.bouncycastle.asn1.DEROctetString) BEROctetString(org.bouncycastle.asn1.BEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERT61String(org.bouncycastle.asn1.DERT61String) DERVisibleString(org.bouncycastle.asn1.DERVisibleString) ASN1String(org.bouncycastle.asn1.ASN1String) DERUniversalString(org.bouncycastle.asn1.DERUniversalString) IRubyObject(org.jruby.runtime.builtin.IRubyObject) DERInteger(org.bouncycastle.asn1.DERInteger) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERGeneralizedTime(org.bouncycastle.asn1.DERGeneralizedTime) DERUTCTime(org.bouncycastle.asn1.DERUTCTime) ASN1Enumerated(org.bouncycastle.asn1.ASN1Enumerated) DERGeneralString(org.bouncycastle.asn1.DERGeneralString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) Ruby(org.jruby.Ruby) DERBoolean(org.bouncycastle.asn1.DERBoolean) ByteList(org.jruby.util.ByteList) DERBMPString(org.bouncycastle.asn1.DERBMPString) RubyString(org.jruby.RubyString) DERUniversalString(org.bouncycastle.asn1.DERUniversalString) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) Date(java.util.Date) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) BigInteger(java.math.BigInteger) RubyInteger(org.jruby.RubyInteger) DERInteger(org.bouncycastle.asn1.DERInteger) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1Set(org.bouncycastle.asn1.ASN1Set) DERNumericString(org.bouncycastle.asn1.DERNumericString) DERT61String(org.bouncycastle.asn1.DERT61String) ASN1String(org.bouncycastle.asn1.ASN1String) ASN1Boolean(org.bouncycastle.asn1.ASN1Boolean) ParseException(java.text.ParseException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ASN1Null(org.bouncycastle.asn1.ASN1Null)

Aggregations

ParseException (java.text.ParseException)4 Date (java.util.Date)4 IOException (java.io.IOException)3 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)3 ASN1UTCTime (org.bouncycastle.asn1.ASN1UTCTime)3 X509Certificate (java.security.cert.X509Certificate)2 LinkedList (java.util.LinkedList)2 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)2 ASN1String (org.bouncycastle.asn1.ASN1String)2 DERBMPString (org.bouncycastle.asn1.DERBMPString)2 DERBitString (org.bouncycastle.asn1.DERBitString)2 DERGeneralString (org.bouncycastle.asn1.DERGeneralString)2 DERIA5String (org.bouncycastle.asn1.DERIA5String)2 DERNumericString (org.bouncycastle.asn1.DERNumericString)2 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)2 Attribute (org.bouncycastle.asn1.cms.Attribute)2 AttributeTable (org.bouncycastle.asn1.cms.AttributeTable)2 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)2 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)2 CMSException (org.bouncycastle.cms.CMSException)2