Search in sources :

Example 96 with Certificate

use of org.bouncycastle.asn1.x509.Certificate in project robovm by robovm.

the class PKIXCertPath method getEncoded.

/**
     * Returns the encoded form of this certification path, using
     * the specified encoding.
     *
     * @param encoding the name of the encoding to use
     * @return the encoded bytes
     * @exception java.security.cert.CertificateEncodingException if an encoding error
     * occurs or the encoding requested is not supported
     *
     **/
public byte[] getEncoded(String encoding) throws CertificateEncodingException {
    if (encoding.equalsIgnoreCase("PkiPath")) {
        ASN1EncodableVector v = new ASN1EncodableVector();
        ListIterator iter = certificates.listIterator(certificates.size());
        while (iter.hasPrevious()) {
            v.add(toASN1Object((X509Certificate) iter.previous()));
        }
        return toDEREncoded(new DERSequence(v));
    } else if (encoding.equalsIgnoreCase("PKCS7")) {
        ContentInfo encInfo = new ContentInfo(PKCSObjectIdentifiers.data, null);
        ASN1EncodableVector v = new ASN1EncodableVector();
        for (int i = 0; i != certificates.size(); i++) {
            v.add(toASN1Object((X509Certificate) certificates.get(i)));
        }
        SignedData sd = new SignedData(new ASN1Integer(1), new DERSet(), encInfo, new DERSet(v), null, new DERSet());
        return toDEREncoded(new ContentInfo(PKCSObjectIdentifiers.signedData, sd));
    } else // BEGIN android-removed
    // else if (encoding.equalsIgnoreCase("PEM"))
    // {
    //     ByteArrayOutputStream bOut = new ByteArrayOutputStream();
    //     PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut));
    //
    //     try
    //     {
    //         for (int i = 0; i != certificates.size(); i++)
    //         {
    //             pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded()));
    //         }
    //
    //         pWrt.close();
    //     }
    //     catch (Exception e)
    //     {
    //         throw new CertificateEncodingException("can't encode certificate for PEM encoded path");
    //     }
    //
    //     return bOut.toByteArray();
    // }
    // END android-removed
    {
        throw new CertificateEncodingException("unsupported encoding: " + encoding);
    }
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) SignedData(org.bouncycastle.asn1.pkcs.SignedData) ContentInfo(org.bouncycastle.asn1.pkcs.ContentInfo) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) CertificateEncodingException(java.security.cert.CertificateEncodingException) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) ListIterator(java.util.ListIterator) DERSet(org.bouncycastle.asn1.DERSet) X509Certificate(java.security.cert.X509Certificate)

Example 97 with Certificate

use of org.bouncycastle.asn1.x509.Certificate in project robovm by robovm.

the class X509CRLObject method isRevoked.

/**
     * Checks whether the given certificate is on this CRL.
     *
     * @param cert the certificate to check for.
     * @return true if the given certificate is on this CRL,
     * false otherwise.
     */
public boolean isRevoked(Certificate cert) {
    if (!cert.getType().equals("X.509")) {
        throw new RuntimeException("X.509 CRL used with non X.509 Cert");
    }
    TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
    X500Name caName = c.getIssuer();
    if (certs != null) {
        BigInteger serial = ((X509Certificate) cert).getSerialNumber();
        for (int i = 0; i < certs.length; i++) {
            if (isIndirect && certs[i].hasExtensions()) {
                Extension currentCaName = certs[i].getExtensions().getExtension(Extension.certificateIssuer);
                if (currentCaName != null) {
                    caName = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName());
                }
            }
            if (certs[i].getUserCertificate().getValue().equals(serial)) {
                X500Name issuer;
                if (cert instanceof X509Certificate) {
                    issuer = X500Name.getInstance(((X509Certificate) cert).getIssuerX500Principal().getEncoded());
                } else {
                    try {
                        issuer = org.bouncycastle.asn1.x509.Certificate.getInstance(cert.getEncoded()).getIssuer();
                    } catch (CertificateEncodingException e) {
                        throw new RuntimeException("Cannot process certificate");
                    }
                }
                if (!caName.equals(issuer)) {
                    return false;
                }
                return true;
            }
        }
    }
    return false;
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) BigInteger(java.math.BigInteger) CertificateEncodingException(java.security.cert.CertificateEncodingException) X509CRLEntry(java.security.cert.X509CRLEntry) X500Name(org.bouncycastle.asn1.x500.X500Name) X509Certificate(java.security.cert.X509Certificate) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Example 98 with Certificate

use of org.bouncycastle.asn1.x509.Certificate in project robovm by robovm.

the class CertPathValidatorUtilities method getNextWorkingKey.

/**
     * Return the next working key inheriting DSA parameters if necessary.
     * <p>
     * This methods inherits DSA parameters from the indexed certificate or
     * previous certificates in the certificate chain to the returned
     * <code>PublicKey</code>. The list is searched upwards, meaning the end
     * certificate is at position 0 and previous certificates are following.
     * </p>
     * <p>
     * If the indexed certificate does not contain a DSA key this method simply
     * returns the public key. If the DSA key already contains DSA parameters
     * the key is also only returned.
     * </p>
     *
     * @param certs The certification path.
     * @param index The index of the certificate which contains the public key
     *              which should be extended with DSA parameters.
     * @return The public key of the certificate in list position
     *         <code>index</code> extended with DSA parameters if applicable.
     * @throws AnnotatedException if DSA parameters cannot be inherited.
     */
protected static PublicKey getNextWorkingKey(List certs, int index) throws CertPathValidatorException {
    Certificate cert = (Certificate) certs.get(index);
    PublicKey pubKey = cert.getPublicKey();
    if (!(pubKey instanceof DSAPublicKey)) {
        return pubKey;
    }
    DSAPublicKey dsaPubKey = (DSAPublicKey) pubKey;
    if (dsaPubKey.getParams() != null) {
        return dsaPubKey;
    }
    for (int i = index + 1; i < certs.size(); i++) {
        X509Certificate parentCert = (X509Certificate) certs.get(i);
        pubKey = parentCert.getPublicKey();
        if (!(pubKey instanceof DSAPublicKey)) {
            throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
        }
        DSAPublicKey prevDSAPubKey = (DSAPublicKey) pubKey;
        if (prevDSAPubKey.getParams() == null) {
            continue;
        }
        DSAParams dsaParams = prevDSAPubKey.getParams();
        DSAPublicKeySpec dsaPubKeySpec = new DSAPublicKeySpec(dsaPubKey.getY(), dsaParams.getP(), dsaParams.getQ(), dsaParams.getG());
        try {
            KeyFactory keyFactory = KeyFactory.getInstance("DSA", BouncyCastleProvider.PROVIDER_NAME);
            return keyFactory.generatePublic(dsaPubKeySpec);
        } catch (Exception exception) {
            throw new RuntimeException(exception.getMessage());
        }
    }
    throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) PublicKey(java.security.PublicKey) DSAPublicKey(java.security.interfaces.DSAPublicKey) DSAParams(java.security.interfaces.DSAParams) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) X509Certificate(java.security.cert.X509Certificate) KeyFactory(java.security.KeyFactory) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ParseException(java.text.ParseException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertStoreException(java.security.cert.CertStoreException) CRLException(java.security.cert.CRLException) CertificateParsingException(java.security.cert.CertificateParsingException) StoreException(org.bouncycastle.util.StoreException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) X509AttributeCertificate(org.bouncycastle.x509.X509AttributeCertificate) DSAPublicKey(java.security.interfaces.DSAPublicKey) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)

Example 99 with Certificate

use of org.bouncycastle.asn1.x509.Certificate in project robovm by robovm.

the class CertPathValidatorUtilities method prepareNextCertB1.

protected static void prepareNextCertB1(int i, List[] policyNodes, String id_p, Map m_idp, X509Certificate cert) throws AnnotatedException, CertPathValidatorException {
    boolean idp_found = false;
    Iterator nodes_i = policyNodes[i].iterator();
    while (nodes_i.hasNext()) {
        PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
        if (node.getValidPolicy().equals(id_p)) {
            idp_found = true;
            node.expectedPolicies = (Set) m_idp.get(id_p);
            break;
        }
    }
    if (!idp_found) {
        nodes_i = policyNodes[i].iterator();
        while (nodes_i.hasNext()) {
            PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
            if (ANY_POLICY.equals(node.getValidPolicy())) {
                Set pq = null;
                ASN1Sequence policies = null;
                try {
                    policies = DERSequence.getInstance(getExtensionValue(cert, CERTIFICATE_POLICIES));
                } catch (Exception e) {
                    throw new AnnotatedException("Certificate policies cannot be decoded.", e);
                }
                Enumeration e = policies.getObjects();
                while (e.hasMoreElements()) {
                    PolicyInformation pinfo = null;
                    try {
                        pinfo = PolicyInformation.getInstance(e.nextElement());
                    } catch (Exception ex) {
                        throw new AnnotatedException("Policy information cannot be decoded.", ex);
                    }
                    if (ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId())) {
                        try {
                            pq = getQualifierSet(pinfo.getPolicyQualifiers());
                        } catch (CertPathValidatorException ex) {
                            throw new ExtCertPathValidatorException("Policy qualifier info set could not be built.", ex);
                        }
                        break;
                    }
                }
                boolean ci = false;
                if (cert.getCriticalExtensionOIDs() != null) {
                    ci = cert.getCriticalExtensionOIDs().contains(CERTIFICATE_POLICIES);
                }
                PKIXPolicyNode p_node = (PKIXPolicyNode) node.getParent();
                if (ANY_POLICY.equals(p_node.getValidPolicy())) {
                    PKIXPolicyNode c_node = new PKIXPolicyNode(new ArrayList(), i, (Set) m_idp.get(id_p), p_node, pq, id_p, ci);
                    p_node.addChild(c_node);
                    policyNodes[i].add(c_node);
                }
                break;
            }
        }
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) Set(java.util.Set) HashSet(java.util.HashSet) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) Enumeration(java.util.Enumeration) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) PolicyInformation(org.bouncycastle.asn1.x509.PolicyInformation) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ParseException(java.text.ParseException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertStoreException(java.security.cert.CertStoreException) CRLException(java.security.cert.CRLException) CertificateParsingException(java.security.cert.CertificateParsingException) StoreException(org.bouncycastle.util.StoreException) IOException(java.io.IOException)

Example 100 with Certificate

use of org.bouncycastle.asn1.x509.Certificate in project robovm by robovm.

the class X509CertificateObject method checkSignature.

private void checkSignature(PublicKey key, Signature signature) throws CertificateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
    if (!isAlgIdEqual(c.getSignatureAlgorithm(), c.getTBSCertificate().getSignature())) {
        throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
    }
    ASN1Encodable params = c.getSignatureAlgorithm().getParameters();
    // TODO This should go after the initVerify?
    X509SignatureUtil.setSignatureParameters(signature, params);
    signature.initVerify(key);
    signature.update(this.getTBSCertificate());
    if (!signature.verify(this.getSignature())) {
        throw new SignatureException("certificate does not verify with supplied key");
    }
}
Also used : CertificateException(java.security.cert.CertificateException) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) SignatureException(java.security.SignatureException)

Aggregations

X509Certificate (java.security.cert.X509Certificate)88 IOException (java.io.IOException)74 ArrayList (java.util.ArrayList)39 X500Name (org.bouncycastle.asn1.x500.X500Name)38 Date (java.util.Date)29 List (java.util.List)27 CertificateParsingException (java.security.cert.CertificateParsingException)26 CertificateException (java.security.cert.CertificateException)25 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)25 GeneralName (org.bouncycastle.asn1.x509.GeneralName)25 BigInteger (java.math.BigInteger)24 GeneralSecurityException (java.security.GeneralSecurityException)23 Enumeration (java.util.Enumeration)23 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)23 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)23 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)22 ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)22 Certificate (java.security.cert.Certificate)21 CertificateEncodingException (java.security.cert.CertificateEncodingException)21 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)21