Examples with DLSequence org.bouncycastle.asn1.DLSequence used on opensource projects

Search in sources :

Example 11 with DLSequence

use of org.bouncycastle.asn1.DLSequence in project jruby-openssl by jruby.

the class X509Utils method checkIfIssuedBy.

/**
 * c: X509_check_issued
 */
public static int checkIfIssuedBy(final X509AuxCertificate issuer, final X509AuxCertificate subject) throws IOException {
    if (!issuer.getSubjectX500Principal().equals(subject.getIssuerX500Principal())) {
        return V_ERR_SUBJECT_ISSUER_MISMATCH;
    }
    if (subject.getExtensionValue("2.5.29.35") != null) {
        // authorityKeyID
        // I hate ASN1 and DER
        Object key = get(subject.getExtensionValue("2.5.29.35"));
        if (!(key instanceof ASN1Sequence))
            key = get((DEROctetString) key);
        final ASN1Sequence seq = (ASN1Sequence) key;
        final AuthorityKeyIdentifier sakid;
        if (seq.size() == 1 && (seq.getObjectAt(0) instanceof ASN1OctetString)) {
            sakid = AuthorityKeyIdentifier.getInstance(new DLSequence(new DERTaggedObject(0, seq.getObjectAt(0))));
        } else {
            sakid = AuthorityKeyIdentifier.getInstance(seq);
        }
        if (sakid.getKeyIdentifier() != null) {
            if (issuer.getExtensionValue("2.5.29.14") != null) {
                DEROctetString der = (DEROctetString) get(issuer.getExtensionValue("2.5.29.14"));
                SubjectKeyIdentifier iskid = SubjectKeyIdentifier.getInstance(get(der.getOctets()));
                if (iskid.getKeyIdentifier() != null) {
                    if (!Arrays.equals(sakid.getKeyIdentifier(), iskid.getKeyIdentifier())) {
                        return V_ERR_AKID_SKID_MISMATCH;
                    }
                }
            }
        }
        final BigInteger serialNumber = sakid.getAuthorityCertSerialNumber();
        if (serialNumber != null && !serialNumber.equals(issuer.getSerialNumber())) {
            return V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
        }
        if (sakid.getAuthorityCertIssuer() != null) {
            GeneralName[] gens = sakid.getAuthorityCertIssuer().getNames();
            X500Name x500Name = null;
            for (int i = 0; i < gens.length; i++) {
                if (gens[i].getTagNo() == GeneralName.directoryName) {
                    ASN1Encodable name = gens[i].getName();
                    if (name instanceof X500Name) {
                        x500Name = (X500Name) name;
                    } else if (name instanceof ASN1Sequence) {
                        x500Name = X500Name.getInstance((ASN1Sequence) name);
                    } else {
                        throw new RuntimeException("unknown name type: " + name);
                    }
                    break;
                }
            }
            if (x500Name != null) {
                if (!new Name(x500Name).equalTo(issuer.getIssuerX500Principal())) {
                    return V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
                }
            }
        }
    }
    final boolean[] keyUsage = issuer.getKeyUsage();
    if (subject.getExtensionValue("1.3.6.1.5.5.7.1.14") != null) {
        if (keyUsage != null && !keyUsage[0]) {
            // KU_DIGITAL_SIGNATURE
            return V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
        }
    } else if (keyUsage != null && !keyUsage[5]) {
        // KU_KEY_CERT_SIGN
        return V_ERR_KEYUSAGE_NO_CERTSIGN;
    }
    return V_OK;
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier) X500Name(org.bouncycastle.asn1.x500.X500Name) DEROctetString(org.bouncycastle.asn1.DEROctetString) GeneralName(org.bouncycastle.asn1.x509.GeneralName) X500Name(org.bouncycastle.asn1.x500.X500Name) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DLSequence(org.bouncycastle.asn1.DLSequence) BigInteger(java.math.BigInteger) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)

Example 12 with DLSequence

use of org.bouncycastle.asn1.DLSequence in project signer by demoiselle.

the class LPA method parse.

@Override
public void parse(ASN1Primitive derObject) {
    ASN1Sequence sequence = ASN1Object.getDERSequence(derObject);
    ASN1Primitive policyInfos = sequence.getObjectAt(0).toASN1Primitive();
    DLSequence policyInfosSequence = (DLSequence) policyInfos;
    if (policyInfosSequence != null && policyInfosSequence.size() > 0) {
        this.policyInfos = new ArrayList<>();
        for (int i = 0; i < policyInfosSequence.size(); i++) {
            PolicyInfo policyInfo = new PolicyInfo();
            policyInfo.parse(policyInfosSequence.getObjectAt(i).toASN1Primitive());
            this.policyInfos.add(policyInfo);
        }
    }
    this.nextUpdate = new Time();
    this.nextUpdate.parse(sequence.getObjectAt(1).toASN1Primitive());
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DLSequence(org.bouncycastle.asn1.DLSequence) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)

Example 13 with DLSequence

use of org.bouncycastle.asn1.DLSequence in project signer by demoiselle.

the class BasicCertificate method getCertificateLevel.

/**
 * returns the ICP-BRASIL Certificate Level(A1, A2, A3, A4, S1, S2, S3,
 * S4).<br>
 * DOC-ICP-04 Returns the <b>null</b> value if the CertificatePolicies is
 * NOT present.
 *
 * @return String Certificate level
 */
public String getCertificateLevel() {
    try {
        DLSequence sequence = (DLSequence) getExtensionValue(Extension.certificatePolicies.getId());
        if (sequence != null) {
            for (int pos = 0; pos < sequence.size(); pos++) {
                DLSequence sequence2 = (DLSequence) sequence.getObjectAt(pos);
                ASN1ObjectIdentifier policyIdentifier = (ASN1ObjectIdentifier) sequence2.getObjectAt(0);
                PolicyInformation policyInformation = new PolicyInformation(policyIdentifier);
                String id = policyInformation.getPolicyIdentifier().getId();
                if (id == null) {
                    continue;
                }
                if (id.startsWith(OID_A1_CERTIFICATE)) {
                    return "A1";
                }
                if (id.startsWith(OID_A2_CERTIFICATE)) {
                    return "A2";
                }
                if (id.startsWith(OID_A3_CERTIFICATE)) {
                    return "A3";
                }
                if (id.startsWith(OID_A4_CERTIFICATE)) {
                    return "A4";
                }
                if (id.startsWith(OID_S1_CERTIFICATE)) {
                    return "S1";
                }
                if (id.startsWith(OID_S2_CERTIFICATE)) {
                    return "S2";
                }
                if (id.startsWith(OID_S3_CERTIFICATE)) {
                    return "S3";
                }
                if (id.startsWith(OID_S4_CERTIFICATE)) {
                    return "S4";
                }
            }
        }
        return null;
    } catch (Exception e) {
        e.printStackTrace();
    }
    return null;
}
Also used : DLSequence(org.bouncycastle.asn1.DLSequence) PolicyInformation(org.bouncycastle.asn1.x509.PolicyInformation) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException)

Example 14 with DLSequence

use of org.bouncycastle.asn1.DLSequence in project signer by demoiselle.

the class BasicCertificate method getAuthorityKeyIdentifier.

/**
 * @return the authority key identifier of a certificate
 * @throws IOException exception
 */
public String getAuthorityKeyIdentifier() throws IOException {
    // TODO - Precisa validar este metodo com a RFC
    DLSequence sequence = (DLSequence) getExtensionValue(Extension.authorityKeyIdentifier.getId());
    if (sequence == null || sequence.size() == 0) {
        return null;
    }
    DERTaggedObject taggedObject = (DERTaggedObject) sequence.getObjectAt(0);
    DEROctetString oct = (DEROctetString) taggedObject.getObject();
    return toString(oct.getOctets());
}
Also used : DLSequence(org.bouncycastle.asn1.DLSequence) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 15 with DLSequence

use of org.bouncycastle.asn1.DLSequence in project netty by netty.

the class OcspUtils method ocspUri.

/**
 * Returns the OCSP responder {@link URI} or {@code null} if it doesn't have one.
 */
public static URI ocspUri(X509Certificate certificate) throws IOException {
    byte[] value = certificate.getExtensionValue(Extension.authorityInfoAccess.getId());
    if (value == null) {
        return null;
    }
    ASN1Primitive authorityInfoAccess = X509ExtensionUtil.fromExtensionValue(value);
    if (!(authorityInfoAccess instanceof DLSequence)) {
        return null;
    }
    DLSequence aiaSequence = (DLSequence) authorityInfoAccess;
    DERTaggedObject taggedObject = findObject(aiaSequence, OCSP_RESPONDER_OID, DERTaggedObject.class);
    if (taggedObject == null) {
        return null;
    }
    if (taggedObject.getTagNo() != BERTags.OBJECT_IDENTIFIER) {
        return null;
    }
    byte[] encoded = taggedObject.getEncoded();
    int length = (int) encoded[1] & 0xFF;
    String uri = new String(encoded, 2, length, CharsetUtil.UTF_8);
    return URI.create(uri);
}
Also used : DLSequence(org.bouncycastle.asn1.DLSequence) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)

Aggregations

DLSequence (org.bouncycastle.asn1.DLSequence)37 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)21 DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)14 IOException (java.io.IOException)13 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)12 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)9 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)9 DEROctetString (org.bouncycastle.asn1.DEROctetString)9 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)8 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)6 DERIA5String (org.bouncycastle.asn1.DERIA5String)6 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)6 BigInteger (java.math.BigInteger)5 Pair (android.util.Pair)3 BufferedWriter (java.io.BufferedWriter)3 ASN1OutputStream (org.bouncycastle.asn1.ASN1OutputStream)3 JRubyMethod (org.jruby.anno.JRubyMethod)3 ByteArrayOutputStream (org.jruby.ext.openssl.util.ByteArrayOutputStream)3 CertificateEncodingException (java.security.cert.CertificateEncodingException)2 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial