Search in sources :

Example 6 with DirectoryString

use of org.bouncycastle.asn1.x500.DirectoryString in project xipki by xipki.

the class ExtensionsChecker method checkDirectoryString.

private void checkDirectoryString(ASN1ObjectIdentifier extType, QaDirectoryString conf, StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) {
    if (conf == null) {
        byte[] expected = getExpectedExtValue(extType, requestedExtensions, extControl);
        if (!Arrays.equals(expected, extensionValue)) {
            addViolation(failureMsg, "extension values", hex(extensionValue), (expected == null) ? "not present" : hex(expected));
        }
        return;
    }
    ASN1Primitive asn1;
    try {
        asn1 = ASN1Primitive.fromByteArray(extensionValue);
    } catch (IOException ex) {
        failureMsg.append("invalid syntax of extension value; ");
        return;
    }
    boolean correctStringType;
    switch(conf.getType()) {
        case bmpString:
            correctStringType = (asn1 instanceof DERBMPString);
            break;
        case printableString:
            correctStringType = (asn1 instanceof DERPrintableString);
            break;
        case teletexString:
            correctStringType = (asn1 instanceof DERT61String);
            break;
        case utf8String:
            correctStringType = (asn1 instanceof DERUTF8String);
            break;
        default:
            throw new RuntimeException("should not reach here, unknown DirectoryStringType " + conf.getType());
    }
    if (!correctStringType) {
        failureMsg.append("extension value is not of type DirectoryString.").append(conf.getText()).append("; ");
        return;
    }
    String extTextValue = ((ASN1String) asn1).getString();
    if (!conf.getText().equals(extTextValue)) {
        addViolation(failureMsg, "content", extTextValue, conf.getText());
    }
}
Also used : DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERT61String(org.bouncycastle.asn1.DERT61String) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) IOException(java.io.IOException) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERT61String(org.bouncycastle.asn1.DERT61String) ASN1String(org.bouncycastle.asn1.ASN1String) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)

Example 7 with DirectoryString

use of org.bouncycastle.asn1.x500.DirectoryString in project xipki by xipki.

the class AdmissionSyntaxOption method getExtensionValue.

public ExtensionValue getExtensionValue(List<List<String>> registrationNumbersList) throws BadCertTemplateException {
    if (!this.inputFromRequestRequired) {
        return this.extensionValue;
    }
    if (CollectionUtil.isEmpty(registrationNumbersList)) {
        throw new BadCertTemplateException("registrationNumbersList must not be empty");
    }
    final int n = registrationNumbersList.size();
    if (n != this.admissionsList.size()) {
        throw new BadCertTemplateException("invalid size of Admissions in AdmissionSyntax: " + "is=" + n + ", expected=" + this.admissionsList.size());
    }
    // check registrationNumbers
    List<List<String>> newRegNumbersList = new ArrayList<>(this.admissionsList.size());
    for (int i = 0; i < n; i++) {
        AdmissionsOption ao = this.admissionsList.get(i);
        List<ProfessionInfoOption> pi = ao.getProfessionInfos();
        List<String> registrationNumbers = registrationNumbersList.get(i);
        final int k = registrationNumbers.size();
        if (k != pi.size()) {
            throw new BadCertTemplateException("invalid size of ProfessionInfo in Admissions[" + i + "], is=" + k + ", expected=" + pi.size());
        }
        List<String> newRegNumbers = new ArrayList<>(k);
        newRegNumbersList.add(newRegNumbers);
        for (int j = 0; j < k; j++) {
            RegistrationNumberOption option = pi.get(j).getRegistrationNumberOption();
            if (option == null || option.getConstant() != null) {
                continue;
            }
            Pattern regex = option.getRegex();
            String regNum = registrationNumbers.get(j);
            if (regNum == null || !regex.matcher(regNum).matches()) {
                throw new BadCertTemplateException("invalid registrationNumber[" + i + "][" + j + "]: '" + regNum + "'");
            }
            newRegNumbers.add(regNum);
        }
    }
    ASN1EncodableVector vec = new ASN1EncodableVector();
    for (int i = 0; i < this.admissionsList.size(); i++) {
        AdmissionsOption ao = this.admissionsList.get(i);
        List<ProfessionInfoOption> piList = ao.getProfessionInfos();
        ProfessionInfo[] pis = new ProfessionInfo[piList.size()];
        for (int j = 0; j < pis.length; j++) {
            ProfessionInfoOption pio = piList.get(j);
            DirectoryString[] professionItems = null;
            int size = pio.getProfessionItems().size();
            professionItems = new DirectoryString[size];
            for (int k = 0; k < size; k++) {
                professionItems[k] = new DirectoryString(pio.getProfessionItems().get(k));
            }
            ASN1OctetString addProfessionInfo = null;
            if (pio.getAddProfessionalInfo() != null) {
                addProfessionInfo = new DEROctetString(pio.getAddProfessionalInfo());
            }
            RegistrationNumberOption regNumOption = pio.getRegistrationNumberOption();
            String registrationNumber = null;
            if (regNumOption != null) {
                if (regNumOption.getConstant() != null) {
                    registrationNumber = regNumOption.getConstant();
                } else {
                    registrationNumber = newRegNumbersList.get(i).get(j);
                }
            }
            pis[i] = new ProfessionInfo(pio.getNamingAuthority(), professionItems, pio.getProfessionOids().toArray(new ASN1ObjectIdentifier[0]), registrationNumber, addProfessionInfo);
        }
        vec.add(new Admissions(ao.getAdmissionAuthority(), ao.getNamingAuthority(), pis));
    }
    return new ExtensionValue(critical, new AdmissionSyntax(admissionAuthority, new DERSequence(vec)));
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) Pattern(java.util.regex.Pattern) ArrayList(java.util.ArrayList) DEROctetString(org.bouncycastle.asn1.DEROctetString) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERSequence(org.bouncycastle.asn1.DERSequence) ExtensionValue(org.xipki.ca.api.profile.ExtensionValue) AdmissionSyntax(org.bouncycastle.asn1.isismtt.x509.AdmissionSyntax) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) Admissions(org.bouncycastle.asn1.isismtt.x509.Admissions) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ArrayList(java.util.ArrayList) List(java.util.List) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) ProfessionInfo(org.bouncycastle.asn1.isismtt.x509.ProfessionInfo)

Example 8 with DirectoryString

use of org.bouncycastle.asn1.x500.DirectoryString in project xipki by xipki.

the class X509CertprofileUtil method createGeneralName.

/**
 * Creates GeneralName.
 *
 * @param requestedName
 *          Requested name. Must not be {@code null}.
 * @param modes
 *          Modes to be considered. Must not be {@code null}.
 * @return the created GeneralName
 * @throws BadCertTemplateException
 *         If requestedName is invalid or contains entries which are not allowed in the modes.
 */
public static GeneralName createGeneralName(GeneralName requestedName, Set<GeneralNameMode> modes) throws BadCertTemplateException {
    ParamUtil.requireNonNull("requestedName", requestedName);
    int tag = requestedName.getTagNo();
    GeneralNameMode mode = null;
    if (modes != null) {
        for (GeneralNameMode m : modes) {
            if (m.getTag().getTag() == tag) {
                mode = m;
                break;
            }
        }
        if (mode == null) {
            throw new BadCertTemplateException("generalName tag " + tag + " is not allowed");
        }
    }
    switch(tag) {
        case GeneralName.rfc822Name:
        case GeneralName.dNSName:
        case GeneralName.uniformResourceIdentifier:
        case GeneralName.iPAddress:
        case GeneralName.registeredID:
        case GeneralName.directoryName:
            return new GeneralName(tag, requestedName.getName());
        case GeneralName.otherName:
            ASN1Sequence reqSeq = ASN1Sequence.getInstance(requestedName.getName());
            int size = reqSeq.size();
            if (size != 2) {
                throw new BadCertTemplateException("invalid otherName sequence: size is not 2: " + size);
            }
            ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0));
            if (mode != null && !mode.getAllowedTypes().contains(type)) {
                throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed");
            }
            ASN1Encodable asn1 = reqSeq.getObjectAt(1);
            if (!(asn1 instanceof ASN1TaggedObject)) {
                throw new BadCertTemplateException("otherName.value is not tagged Object");
            }
            int tagNo = ASN1TaggedObject.getInstance(asn1).getTagNo();
            if (tagNo != 0) {
                throw new BadCertTemplateException("otherName.value does not have tag 0: " + tagNo);
            }
            ASN1EncodableVector vector = new ASN1EncodableVector();
            vector.add(type);
            vector.add(new DERTaggedObject(true, 0, ASN1TaggedObject.getInstance(asn1).getObject()));
            DERSequence seq = new DERSequence(vector);
            return new GeneralName(GeneralName.otherName, seq);
        case GeneralName.ediPartyName:
            reqSeq = ASN1Sequence.getInstance(requestedName.getName());
            size = reqSeq.size();
            String nameAssigner = null;
            int idx = 0;
            if (size > 1) {
                DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
                nameAssigner = ds.getString();
            }
            DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
            String partyName = ds.getString();
            vector = new ASN1EncodableVector();
            if (nameAssigner != null) {
                vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner)));
            }
            vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName)));
            seq = new DERSequence(vector);
            return new GeneralName(GeneralName.ediPartyName, seq);
        default:
            throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
    }
// end switch (tag)
}
Also used : GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERSequence(org.bouncycastle.asn1.DERSequence) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 9 with DirectoryString

use of org.bouncycastle.asn1.x500.DirectoryString in project xipki by xipki.

the class P12ComplexCsrGenCmd method createComplexGeneralNames.

private static GeneralNames createComplexGeneralNames(String prefix) {
    List<GeneralName> list = new LinkedList<>();
    // otherName
    ASN1EncodableVector vec = new ASN1EncodableVector();
    vec.add(new ASN1ObjectIdentifier("1.2.3.1"));
    vec.add(new DERTaggedObject(true, 0, new DERUTF8String(prefix + "I am otherName 1.2.3.1")));
    list.add(new GeneralName(GeneralName.otherName, new DERSequence(vec)));
    vec = new ASN1EncodableVector();
    vec.add(new ASN1ObjectIdentifier("1.2.3.2"));
    vec.add(new DERTaggedObject(true, 0, new DERUTF8String(prefix + "I am otherName 1.2.3.2")));
    list.add(new GeneralName(GeneralName.otherName, new DERSequence(vec)));
    // rfc822Name
    list.add(new GeneralName(GeneralName.rfc822Name, prefix + "info@example.org"));
    // dNSName
    list.add(new GeneralName(GeneralName.dNSName, prefix + "dns.example.org"));
    // directoryName
    list.add(new GeneralName(GeneralName.directoryName, new X500Name("CN=demo,C=DE")));
    // ediPartyName
    vec = new ASN1EncodableVector();
    vec.add(new DERTaggedObject(false, 0, new DirectoryString(prefix + "assigner1")));
    vec.add(new DERTaggedObject(false, 1, new DirectoryString(prefix + "party1")));
    list.add(new GeneralName(GeneralName.ediPartyName, new DERSequence(vec)));
    // uniformResourceIdentifier
    list.add(new GeneralName(GeneralName.uniformResourceIdentifier, prefix + "uri.example.org"));
    // iPAddress
    list.add(new GeneralName(GeneralName.iPAddress, "69.1.2.190"));
    // registeredID
    list.add(new GeneralName(GeneralName.registeredID, "2.3.4.5"));
    return new GeneralNames(list.toArray(new GeneralName[0]));
}
Also used : DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERSequence(org.bouncycastle.asn1.DERSequence) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) GeneralName(org.bouncycastle.asn1.x509.GeneralName) X500Name(org.bouncycastle.asn1.x500.X500Name) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) LinkedList(java.util.LinkedList) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 10 with DirectoryString

use of org.bouncycastle.asn1.x500.DirectoryString in project xipki by xipki.

the class P12ComplexCsrGenCmd method getAdditionalExtensions.

@Override
protected List<Extension> getAdditionalExtensions() throws BadInputException {
    List<Extension> extensions = new LinkedList<>();
    // extension admission (Germany standard commonpki)
    ASN1EncodableVector vec = new ASN1EncodableVector();
    DirectoryString[] dummyItems = new DirectoryString[] { new DirectoryString("dummy") };
    ProfessionInfo pi = new ProfessionInfo(null, dummyItems, null, "aaaab", null);
    Admissions admissions = new Admissions(null, null, new ProfessionInfo[] { pi });
    vec.add(admissions);
    AdmissionSyntax adSyn = new AdmissionSyntax(null, new DERSequence(vec));
    try {
        extensions.add(new Extension(ObjectIdentifiers.id_extension_admission, false, adSyn.getEncoded()));
    } catch (IOException ex) {
        throw new BadInputException(ex.getMessage(), ex);
    }
    // extension subjectDirectoryAttributes (RFC 3739)
    Vector<Attribute> attrs = new Vector<>();
    ASN1GeneralizedTime dateOfBirth = new ASN1GeneralizedTime("19800122120000Z");
    attrs.add(new Attribute(ObjectIdentifiers.DN_DATE_OF_BIRTH, new DERSet(dateOfBirth)));
    DERPrintableString gender = new DERPrintableString("M");
    attrs.add(new Attribute(ObjectIdentifiers.DN_GENDER, new DERSet(gender)));
    DERUTF8String placeOfBirth = new DERUTF8String("Berlin");
    attrs.add(new Attribute(ObjectIdentifiers.DN_PLACE_OF_BIRTH, new DERSet(placeOfBirth)));
    String[] countryOfCitizenshipList = { "DE", "FR" };
    for (String country : countryOfCitizenshipList) {
        DERPrintableString val = new DERPrintableString(country);
        attrs.add(new Attribute(ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP, new DERSet(val)));
    }
    String[] countryOfResidenceList = { "DE" };
    for (String country : countryOfResidenceList) {
        DERPrintableString val = new DERPrintableString(country);
        attrs.add(new Attribute(ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE, new DERSet(val)));
    }
    SubjectDirectoryAttributes subjectDirAttrs = new SubjectDirectoryAttributes(attrs);
    try {
        extensions.add(new Extension(Extension.subjectDirectoryAttributes, false, subjectDirAttrs.getEncoded()));
    } catch (IOException ex) {
        throw new BadInputException(ex.getMessage(), ex);
    }
    return extensions;
}
Also used : DERUTF8String(org.bouncycastle.asn1.DERUTF8String) Attribute(org.bouncycastle.asn1.x509.Attribute) SubjectDirectoryAttributes(org.bouncycastle.asn1.x509.SubjectDirectoryAttributes) ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) IOException(java.io.IOException) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERSet(org.bouncycastle.asn1.DERSet) LinkedList(java.util.LinkedList) Extension(org.bouncycastle.asn1.x509.Extension) BadInputException(org.xipki.security.exception.BadInputException) DERSequence(org.bouncycastle.asn1.DERSequence) AdmissionSyntax(org.bouncycastle.asn1.isismtt.x509.AdmissionSyntax) Admissions(org.bouncycastle.asn1.isismtt.x509.Admissions) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) Vector(java.util.Vector) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ProfessionInfo(org.bouncycastle.asn1.isismtt.x509.ProfessionInfo)

Aggregations

DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)14 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)10 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)8 DERIA5String (org.bouncycastle.asn1.DERIA5String)7 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)7 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)6 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)6 DERSequence (org.bouncycastle.asn1.DERSequence)6 GeneralName (org.bouncycastle.asn1.x509.GeneralName)6 DERBMPString (org.bouncycastle.asn1.DERBMPString)5 DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)5 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)4 DEROctetString (org.bouncycastle.asn1.DEROctetString)4 IOException (java.io.IOException)3 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)3 ASN1String (org.bouncycastle.asn1.ASN1String)3 DERBitString (org.bouncycastle.asn1.DERBitString)3 DERGeneralString (org.bouncycastle.asn1.DERGeneralString)3 AdmissionSyntax (org.bouncycastle.asn1.isismtt.x509.AdmissionSyntax)3 Admissions (org.bouncycastle.asn1.isismtt.x509.Admissions)3