Search in sources :

Example 1 with CertPolicyId

use of org.bouncycastle.asn1.x509.CertPolicyId in project robovm by robovm.

the class PolicyInformation method toASN1Primitive.

/* 
     * PolicyInformation ::= SEQUENCE {
     *      policyIdentifier   CertPolicyId,
     *      policyQualifiers   SEQUENCE SIZE (1..MAX) OF
     *              PolicyQualifierInfo OPTIONAL }
     */
public ASN1Primitive toASN1Primitive() {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(policyIdentifier);
    if (policyQualifiers != null) {
        v.add(policyQualifiers);
    }
    return new DERSequence(v);
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)

Example 2 with CertPolicyId

use of org.bouncycastle.asn1.x509.CertPolicyId in project XobotOS by xamarin.

the class PolicyInformation method toASN1Object.

/* 
     * PolicyInformation ::= SEQUENCE {
     *      policyIdentifier   CertPolicyId,
     *      policyQualifiers   SEQUENCE SIZE (1..MAX) OF
     *              PolicyQualifierInfo OPTIONAL }
     */
public DERObject toASN1Object() {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(policyIdentifier);
    if (policyQualifiers != null) {
        v.add(policyQualifiers);
    }
    return new DERSequence(v);
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)

Example 3 with CertPolicyId

use of org.bouncycastle.asn1.x509.CertPolicyId in project keystore-explorer by kaikramer.

the class X509Ext method getCertificatePoliciesStringValue.

private String getCertificatePoliciesStringValue(byte[] value) throws IOException {
    // @formatter:off
    /*
		 * CertificatePolicies ::= ASN1Sequence SIZE (1..MAX) OF PolicyInformation
		 *
		 * PolicyInformation ::= ASN1Sequence
		 * {
		 *      policyIdentifier CertPolicyId,
		 *      policyQualifiers ASN1Sequence SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL
		 * }
		 *
		 * CertPolicyId ::= OBJECT IDENTIFIER
		 *
		 * PolicyQualifierInfo ::= ASN1Sequence
		 * {
		 *      policyQualifierId PolicyQualifierId,
		 *      qualifier ANY DEFINED BY policyQualifierId
		 * }
		 *
		 * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
		 *
		 * Qualifier ::= CHOICE
		 * {
		 *      cPSuri CPSuri,
		 *      userNotice UserNotice
		 * }
		 *
		 * CPSuri ::= DERIA5String
		 *
		 * UserNotice ::= ASN1Sequence
		 * {
		 *      noticeRef NoticeReference OPTIONAL,
		 *      explicitText DisplayText OPTIONAL
		 * }
		 *
		 * NoticeReference ::= ASN1Sequence
		 * {
		 *      organization DisplayText,
		 *      noticeNumbers ASN1Sequence OF ASN1Integer
		 * }
		 *
		 * DisplayText ::= CHOICE
		 * {
		 *      ia5String DERIA5String (SIZE (1..200)),
		 *      visibleString VisibleString (SIZE (1..200)),
		 *      bmpString BMPString (SIZE (1..200)),
		 *      utf8String UTF8String (SIZE (1..200))
		 * }
		 */
    // @formatter:on
    StringBuilder sb = new StringBuilder();
    CertificatePolicies certificatePolicies = CertificatePolicies.getInstance(value);
    int certPolicy = 0;
    for (PolicyInformation policyInformation : certificatePolicies.getPolicyInformation()) {
        certPolicy++;
        sb.append(MessageFormat.format(res.getString("CertificatePolicy"), certPolicy));
        sb.append(NEWLINE);
        ASN1ObjectIdentifier policyIdentifier = policyInformation.getPolicyIdentifier();
        String policyIdentifierStr = ObjectIdUtil.toString(policyIdentifier);
        sb.append(INDENT);
        sb.append(MessageFormat.format(res.getString("PolicyIdentifier"), policyIdentifierStr));
        sb.append(NEWLINE);
        ASN1Sequence policyQualifiers = policyInformation.getPolicyQualifiers();
        if (policyQualifiers != null) {
            // Optional
            int policyQual = 0;
            for (ASN1Encodable policyQualifier : policyQualifiers.toArray()) {
                ASN1Sequence policyQualifierInfo = (ASN1Sequence) policyQualifier;
                sb.append(INDENT.toString(1));
                sb.append(MessageFormat.format(res.getString("PolicyQualifierInformation"), certPolicy, ++policyQual));
                sb.append(NEWLINE);
                ASN1ObjectIdentifier policyQualifierId = (ASN1ObjectIdentifier) policyQualifierInfo.getObjectAt(0);
                CertificatePolicyQualifierType certificatePolicyQualifierType = CertificatePolicyQualifierType.resolveOid(policyQualifierId.getId());
                if (certificatePolicyQualifierType != null) {
                    sb.append(INDENT.toString(2));
                    sb.append(certificatePolicyQualifierType.friendly());
                    sb.append(NEWLINE);
                    if (certificatePolicyQualifierType == PKIX_CPS_POINTER_QUALIFIER) {
                        DERIA5String cpsPointer = (DERIA5String) policyQualifierInfo.getObjectAt(1);
                        sb.append(INDENT.toString(2));
                        sb.append(MessageFormat.format(res.getString("CpsPointer"), "<a href=\"" + cpsPointer + "\">" + cpsPointer + "</a>"));
                        sb.append(NEWLINE);
                    } else if (certificatePolicyQualifierType == PKIX_USER_NOTICE_QUALIFIER) {
                        ASN1Encodable userNoticeObj = policyQualifierInfo.getObjectAt(1);
                        UserNotice userNotice = UserNotice.getInstance(userNoticeObj);
                        sb.append(INDENT.toString(2));
                        sb.append(res.getString("UserNotice"));
                        sb.append(NEWLINE);
                        NoticeReference noticeReference = userNotice.getNoticeRef();
                        DisplayText explicitText = userNotice.getExplicitText();
                        if (noticeReference != null) {
                            // Optional
                            sb.append(INDENT.toString(3));
                            sb.append(res.getString("NoticeReference"));
                            sb.append(NEWLINE);
                            DisplayText organization = noticeReference.getOrganization();
                            String organizationString = organization.getString();
                            sb.append(INDENT.toString(4));
                            sb.append(MessageFormat.format(res.getString("Organization"), organizationString));
                            sb.append(NEWLINE);
                            ASN1Integer[] noticeNumbers = noticeReference.getNoticeNumbers();
                            StringBuilder sbNoticeNumbers = new StringBuilder();
                            for (ASN1Integer noticeNumber : noticeNumbers) {
                                sbNoticeNumbers.append(noticeNumber.getValue().intValue());
                                sbNoticeNumbers.append(", ");
                            }
                            sbNoticeNumbers.setLength(sbNoticeNumbers.length() - 2);
                            sb.append(INDENT.toString(4));
                            sb.append(MessageFormat.format(res.getString("NoticeNumbers"), sbNoticeNumbers.toString()));
                            sb.append(NEWLINE);
                        }
                        if (explicitText != null) {
                            // Optional
                            String explicitTextString = explicitText.getString();
                            sb.append(INDENT.toString(3));
                            sb.append(MessageFormat.format(res.getString("ExplicitText"), explicitTextString));
                            sb.append(NEWLINE);
                        }
                    }
                }
            }
        }
    }
    return sb.toString();
}
Also used : PolicyInformation(org.bouncycastle.asn1.x509.PolicyInformation) UserNotice(org.bouncycastle.asn1.x509.UserNotice) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERGeneralString(org.bouncycastle.asn1.DERGeneralString) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERIA5String(org.bouncycastle.asn1.DERIA5String) NoticeReference(org.bouncycastle.asn1.x509.NoticeReference) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERIA5String(org.bouncycastle.asn1.DERIA5String) CertificatePolicies(org.bouncycastle.asn1.x509.CertificatePolicies) DisplayText(org.bouncycastle.asn1.x509.DisplayText) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 4 with CertPolicyId

use of org.bouncycastle.asn1.x509.CertPolicyId in project keystore-explorer by kaikramer.

the class X509Ext method getPolicyMappingsStringValue.

private String getPolicyMappingsStringValue(byte[] value) throws IOException {
    // @formatter:off
    /*
		 * PolicyMappings ::= ASN1Sequence SIZE (1..MAX) OF PolicyMappings
		 *
		 * PolicyMappings ::= ASN1Sequence { issuerDomainPolicy CertPolicyId,
		 * subjectDomainPolicy CertPolicyId }
		 *
		 * CertPolicyId ::= OBJECT IDENTIFIER
		 */
    // @formatter:on
    StringBuilder sb = new StringBuilder();
    PolicyMappings policyMappings = PolicyMappings.getInstance(value);
    ASN1Sequence policyMappingsSeq = (ASN1Sequence) policyMappings.toASN1Primitive();
    int polMap = 0;
    for (ASN1Encodable policyMapping : policyMappingsSeq.toArray()) {
        ASN1Sequence policyMappingSeq = ASN1Sequence.getInstance(policyMapping.toASN1Primitive());
        polMap++;
        sb.append(MessageFormat.format(res.getString("PolicyMapping"), polMap));
        sb.append(NEWLINE);
        ASN1ObjectIdentifier issuerDomainPolicy = (ASN1ObjectIdentifier) policyMappingSeq.getObjectAt(0);
        ASN1ObjectIdentifier subjectDomainPolicy = (ASN1ObjectIdentifier) policyMappingSeq.getObjectAt(1);
        sb.append(INDENT);
        sb.append(MessageFormat.format(res.getString("IssuerDomainPolicy"), ObjectIdUtil.toString(issuerDomainPolicy)));
        sb.append(NEWLINE);
        sb.append(INDENT);
        sb.append(MessageFormat.format(res.getString("SubjectDomainPolicy"), ObjectIdUtil.toString(subjectDomainPolicy)));
        sb.append(NEWLINE);
    }
    return sb.toString();
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) PolicyMappings(org.bouncycastle.asn1.x509.PolicyMappings) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 5 with CertPolicyId

use of org.bouncycastle.asn1.x509.CertPolicyId in project xipki by xipki.

the class ExtensionsChecker method checkExtensionPolicyMappings.

// method checkExtensionCertificatePolicies
private void checkExtensionPolicyMappings(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) {
    QaPolicyMappingsOption conf = policyMappings;
    if (conf == null) {
        byte[] expected = getExpectedExtValue(Extension.policyMappings, requestedExtensions, extControl);
        if (!Arrays.equals(expected, extensionValue)) {
            addViolation(failureMsg, "extension values", hex(extensionValue), (expected == null) ? "not present" : hex(expected));
        }
        return;
    }
    ASN1Sequence isPolicyMappings = DERSequence.getInstance(extensionValue);
    Map<String, String> isMap = new HashMap<>();
    int size = isPolicyMappings.size();
    for (int i = 0; i < size; i++) {
        ASN1Sequence seq = ASN1Sequence.getInstance(isPolicyMappings.getObjectAt(i));
        CertPolicyId issuerDomainPolicy = CertPolicyId.getInstance(seq.getObjectAt(0));
        CertPolicyId subjectDomainPolicy = CertPolicyId.getInstance(seq.getObjectAt(1));
        isMap.put(issuerDomainPolicy.getId(), subjectDomainPolicy.getId());
    }
    Set<String> expIssuerDomainPolicies = conf.getIssuerDomainPolicies();
    for (String expIssuerDomainPolicy : expIssuerDomainPolicies) {
        String expSubjectDomainPolicy = conf.addSubjectDomainPolicy(expIssuerDomainPolicy);
        String isSubjectDomainPolicy = isMap.remove(expIssuerDomainPolicy);
        if (isSubjectDomainPolicy == null) {
            failureMsg.append("issuerDomainPolicy '").append(expIssuerDomainPolicy).append("' is absent but is required; ");
        } else if (!isSubjectDomainPolicy.equals(expSubjectDomainPolicy)) {
            addViolation(failureMsg, "subjectDomainPolicy for issuerDomainPolicy", isSubjectDomainPolicy, expSubjectDomainPolicy);
        }
    }
    if (CollectionUtil.isNonEmpty(isMap)) {
        failureMsg.append("issuerDomainPolicies '").append(isMap.keySet()).append("' are present but not expected; ");
    }
}
Also used : CertPolicyId(org.bouncycastle.asn1.x509.CertPolicyId) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) HashMap(java.util.HashMap) QaPolicyMappingsOption(org.xipki.ca.qa.internal.QaPolicyMappingsOption) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERT61String(org.bouncycastle.asn1.DERT61String) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)

Aggregations

ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)5 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)4 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)3 CertPolicyId (org.bouncycastle.asn1.x509.CertPolicyId)3 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)3 PolicyMappings (org.bouncycastle.asn1.x509.PolicyMappings)3 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)2 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)2 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)2 DERBMPString (org.bouncycastle.asn1.DERBMPString)2 DERIA5String (org.bouncycastle.asn1.DERIA5String)2 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)2 DERSequence (org.bouncycastle.asn1.DERSequence)2 DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)2 IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)2 HashMap (java.util.HashMap)1 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)1 ASN1String (org.bouncycastle.asn1.ASN1String)1 DERBitString (org.bouncycastle.asn1.DERBitString)1 DERGeneralString (org.bouncycastle.asn1.DERGeneralString)1