use of org.bouncycastle.asn1.x500.DirectoryString in project xipki by xipki.
the class ExtensionsChecker method checkDirectoryString.
private void checkDirectoryString(ASN1ObjectIdentifier extType, QaDirectoryString conf, StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) {
if (conf == null) {
byte[] expected = getExpectedExtValue(extType, requestedExtensions, extControl);
if (!Arrays.equals(expected, extensionValue)) {
addViolation(failureMsg, "extension values", hex(extensionValue), (expected == null) ? "not present" : hex(expected));
}
return;
}
ASN1Primitive asn1;
try {
asn1 = ASN1Primitive.fromByteArray(extensionValue);
} catch (IOException ex) {
failureMsg.append("invalid syntax of extension value; ");
return;
}
boolean correctStringType;
switch(conf.getType()) {
case bmpString:
correctStringType = (asn1 instanceof DERBMPString);
break;
case printableString:
correctStringType = (asn1 instanceof DERPrintableString);
break;
case teletexString:
correctStringType = (asn1 instanceof DERT61String);
break;
case utf8String:
correctStringType = (asn1 instanceof DERUTF8String);
break;
default:
throw new RuntimeException("should not reach here, unknown DirectoryStringType " + conf.getType());
}
if (!correctStringType) {
failureMsg.append("extension value is not of type DirectoryString.").append(conf.getText()).append("; ");
return;
}
String extTextValue = ((ASN1String) asn1).getString();
if (!conf.getText().equals(extTextValue)) {
addViolation(failureMsg, "content", extTextValue, conf.getText());
}
}
use of org.bouncycastle.asn1.x500.DirectoryString in project xipki by xipki.
the class AdmissionSyntaxOption method getExtensionValue.
public ExtensionValue getExtensionValue(List<List<String>> registrationNumbersList) throws BadCertTemplateException {
if (!this.inputFromRequestRequired) {
return this.extensionValue;
}
if (CollectionUtil.isEmpty(registrationNumbersList)) {
throw new BadCertTemplateException("registrationNumbersList must not be empty");
}
final int n = registrationNumbersList.size();
if (n != this.admissionsList.size()) {
throw new BadCertTemplateException("invalid size of Admissions in AdmissionSyntax: " + "is=" + n + ", expected=" + this.admissionsList.size());
}
// check registrationNumbers
List<List<String>> newRegNumbersList = new ArrayList<>(this.admissionsList.size());
for (int i = 0; i < n; i++) {
AdmissionsOption ao = this.admissionsList.get(i);
List<ProfessionInfoOption> pi = ao.getProfessionInfos();
List<String> registrationNumbers = registrationNumbersList.get(i);
final int k = registrationNumbers.size();
if (k != pi.size()) {
throw new BadCertTemplateException("invalid size of ProfessionInfo in Admissions[" + i + "], is=" + k + ", expected=" + pi.size());
}
List<String> newRegNumbers = new ArrayList<>(k);
newRegNumbersList.add(newRegNumbers);
for (int j = 0; j < k; j++) {
RegistrationNumberOption option = pi.get(j).getRegistrationNumberOption();
if (option == null || option.getConstant() != null) {
continue;
}
Pattern regex = option.getRegex();
String regNum = registrationNumbers.get(j);
if (regNum == null || !regex.matcher(regNum).matches()) {
throw new BadCertTemplateException("invalid registrationNumber[" + i + "][" + j + "]: '" + regNum + "'");
}
newRegNumbers.add(regNum);
}
}
ASN1EncodableVector vec = new ASN1EncodableVector();
for (int i = 0; i < this.admissionsList.size(); i++) {
AdmissionsOption ao = this.admissionsList.get(i);
List<ProfessionInfoOption> piList = ao.getProfessionInfos();
ProfessionInfo[] pis = new ProfessionInfo[piList.size()];
for (int j = 0; j < pis.length; j++) {
ProfessionInfoOption pio = piList.get(j);
DirectoryString[] professionItems = null;
int size = pio.getProfessionItems().size();
professionItems = new DirectoryString[size];
for (int k = 0; k < size; k++) {
professionItems[k] = new DirectoryString(pio.getProfessionItems().get(k));
}
ASN1OctetString addProfessionInfo = null;
if (pio.getAddProfessionalInfo() != null) {
addProfessionInfo = new DEROctetString(pio.getAddProfessionalInfo());
}
RegistrationNumberOption regNumOption = pio.getRegistrationNumberOption();
String registrationNumber = null;
if (regNumOption != null) {
if (regNumOption.getConstant() != null) {
registrationNumber = regNumOption.getConstant();
} else {
registrationNumber = newRegNumbersList.get(i).get(j);
}
}
pis[i] = new ProfessionInfo(pio.getNamingAuthority(), professionItems, pio.getProfessionOids().toArray(new ASN1ObjectIdentifier[0]), registrationNumber, addProfessionInfo);
}
vec.add(new Admissions(ao.getAdmissionAuthority(), ao.getNamingAuthority(), pis));
}
return new ExtensionValue(critical, new AdmissionSyntax(admissionAuthority, new DERSequence(vec)));
}
use of org.bouncycastle.asn1.x500.DirectoryString in project xipki by xipki.
the class X509CertprofileUtil method createGeneralName.
/**
* Creates GeneralName.
*
* @param requestedName
* Requested name. Must not be {@code null}.
* @param modes
* Modes to be considered. Must not be {@code null}.
* @return the created GeneralName
* @throws BadCertTemplateException
* If requestedName is invalid or contains entries which are not allowed in the modes.
*/
public static GeneralName createGeneralName(GeneralName requestedName, Set<GeneralNameMode> modes) throws BadCertTemplateException {
ParamUtil.requireNonNull("requestedName", requestedName);
int tag = requestedName.getTagNo();
GeneralNameMode mode = null;
if (modes != null) {
for (GeneralNameMode m : modes) {
if (m.getTag().getTag() == tag) {
mode = m;
break;
}
}
if (mode == null) {
throw new BadCertTemplateException("generalName tag " + tag + " is not allowed");
}
}
switch(tag) {
case GeneralName.rfc822Name:
case GeneralName.dNSName:
case GeneralName.uniformResourceIdentifier:
case GeneralName.iPAddress:
case GeneralName.registeredID:
case GeneralName.directoryName:
return new GeneralName(tag, requestedName.getName());
case GeneralName.otherName:
ASN1Sequence reqSeq = ASN1Sequence.getInstance(requestedName.getName());
int size = reqSeq.size();
if (size != 2) {
throw new BadCertTemplateException("invalid otherName sequence: size is not 2: " + size);
}
ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0));
if (mode != null && !mode.getAllowedTypes().contains(type)) {
throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed");
}
ASN1Encodable asn1 = reqSeq.getObjectAt(1);
if (!(asn1 instanceof ASN1TaggedObject)) {
throw new BadCertTemplateException("otherName.value is not tagged Object");
}
int tagNo = ASN1TaggedObject.getInstance(asn1).getTagNo();
if (tagNo != 0) {
throw new BadCertTemplateException("otherName.value does not have tag 0: " + tagNo);
}
ASN1EncodableVector vector = new ASN1EncodableVector();
vector.add(type);
vector.add(new DERTaggedObject(true, 0, ASN1TaggedObject.getInstance(asn1).getObject()));
DERSequence seq = new DERSequence(vector);
return new GeneralName(GeneralName.otherName, seq);
case GeneralName.ediPartyName:
reqSeq = ASN1Sequence.getInstance(requestedName.getName());
size = reqSeq.size();
String nameAssigner = null;
int idx = 0;
if (size > 1) {
DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
nameAssigner = ds.getString();
}
DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
String partyName = ds.getString();
vector = new ASN1EncodableVector();
if (nameAssigner != null) {
vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner)));
}
vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName)));
seq = new DERSequence(vector);
return new GeneralName(GeneralName.ediPartyName, seq);
default:
throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
}
// end switch (tag)
}
use of org.bouncycastle.asn1.x500.DirectoryString in project xipki by xipki.
the class P12ComplexCsrGenCmd method createComplexGeneralNames.
private static GeneralNames createComplexGeneralNames(String prefix) {
List<GeneralName> list = new LinkedList<>();
// otherName
ASN1EncodableVector vec = new ASN1EncodableVector();
vec.add(new ASN1ObjectIdentifier("1.2.3.1"));
vec.add(new DERTaggedObject(true, 0, new DERUTF8String(prefix + "I am otherName 1.2.3.1")));
list.add(new GeneralName(GeneralName.otherName, new DERSequence(vec)));
vec = new ASN1EncodableVector();
vec.add(new ASN1ObjectIdentifier("1.2.3.2"));
vec.add(new DERTaggedObject(true, 0, new DERUTF8String(prefix + "I am otherName 1.2.3.2")));
list.add(new GeneralName(GeneralName.otherName, new DERSequence(vec)));
// rfc822Name
list.add(new GeneralName(GeneralName.rfc822Name, prefix + "info@example.org"));
// dNSName
list.add(new GeneralName(GeneralName.dNSName, prefix + "dns.example.org"));
// directoryName
list.add(new GeneralName(GeneralName.directoryName, new X500Name("CN=demo,C=DE")));
// ediPartyName
vec = new ASN1EncodableVector();
vec.add(new DERTaggedObject(false, 0, new DirectoryString(prefix + "assigner1")));
vec.add(new DERTaggedObject(false, 1, new DirectoryString(prefix + "party1")));
list.add(new GeneralName(GeneralName.ediPartyName, new DERSequence(vec)));
// uniformResourceIdentifier
list.add(new GeneralName(GeneralName.uniformResourceIdentifier, prefix + "uri.example.org"));
// iPAddress
list.add(new GeneralName(GeneralName.iPAddress, "69.1.2.190"));
// registeredID
list.add(new GeneralName(GeneralName.registeredID, "2.3.4.5"));
return new GeneralNames(list.toArray(new GeneralName[0]));
}
use of org.bouncycastle.asn1.x500.DirectoryString in project xipki by xipki.
the class P12ComplexCsrGenCmd method getAdditionalExtensions.
@Override
protected List<Extension> getAdditionalExtensions() throws BadInputException {
List<Extension> extensions = new LinkedList<>();
// extension admission (Germany standard commonpki)
ASN1EncodableVector vec = new ASN1EncodableVector();
DirectoryString[] dummyItems = new DirectoryString[] { new DirectoryString("dummy") };
ProfessionInfo pi = new ProfessionInfo(null, dummyItems, null, "aaaab", null);
Admissions admissions = new Admissions(null, null, new ProfessionInfo[] { pi });
vec.add(admissions);
AdmissionSyntax adSyn = new AdmissionSyntax(null, new DERSequence(vec));
try {
extensions.add(new Extension(ObjectIdentifiers.id_extension_admission, false, adSyn.getEncoded()));
} catch (IOException ex) {
throw new BadInputException(ex.getMessage(), ex);
}
// extension subjectDirectoryAttributes (RFC 3739)
Vector<Attribute> attrs = new Vector<>();
ASN1GeneralizedTime dateOfBirth = new ASN1GeneralizedTime("19800122120000Z");
attrs.add(new Attribute(ObjectIdentifiers.DN_DATE_OF_BIRTH, new DERSet(dateOfBirth)));
DERPrintableString gender = new DERPrintableString("M");
attrs.add(new Attribute(ObjectIdentifiers.DN_GENDER, new DERSet(gender)));
DERUTF8String placeOfBirth = new DERUTF8String("Berlin");
attrs.add(new Attribute(ObjectIdentifiers.DN_PLACE_OF_BIRTH, new DERSet(placeOfBirth)));
String[] countryOfCitizenshipList = { "DE", "FR" };
for (String country : countryOfCitizenshipList) {
DERPrintableString val = new DERPrintableString(country);
attrs.add(new Attribute(ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP, new DERSet(val)));
}
String[] countryOfResidenceList = { "DE" };
for (String country : countryOfResidenceList) {
DERPrintableString val = new DERPrintableString(country);
attrs.add(new Attribute(ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE, new DERSet(val)));
}
SubjectDirectoryAttributes subjectDirAttrs = new SubjectDirectoryAttributes(attrs);
try {
extensions.add(new Extension(Extension.subjectDirectoryAttributes, false, subjectDirAttrs.getEncoded()));
} catch (IOException ex) {
throw new BadInputException(ex.getMessage(), ex);
}
return extensions;
}
Aggregations