Example 86 with Extension
use of org.bouncycastle.asn1.x509.Extension in project zm-mailbox by Zimbra.
the class CertUtil method printCRLDistributionPoints.
private void printCRLDistributionPoints(PrintStream outStream) throws Exception {
outStream.format("X509v3 CRL Distribution Points: \n");
// 2.5.29.31
String extOid = X509Extension.cRLDistributionPoints.getId();
byte[] extVal = cert.getExtensionValue(extOid);
if (extVal == null) {
return;
}
/* http://download.oracle.com/javase/6/docs/api/java/security/cert/X509Extension.html#getExtensionValue(java.lang.String)
*
The ASN.1 definition for this is:
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE {
extnId OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING
-- contains a DER encoding of a value
-- of the type registered for use with
-- the extnId object identifier value
}
*/
byte[] extnValue = DEROctetString.getInstance(ASN1Object.fromByteArray(extVal)).getOctets();
CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(ASN1Object.fromByteArray(extnValue));
DistributionPoint[] distPoints = crlDistPoint.getDistributionPoints();
for (DistributionPoint distPoint : distPoints) {
DistributionPointName distPointName = distPoint.getDistributionPoint();
int type = distPointName.getType();
if (DistributionPointName.FULL_NAME == type) {
outStream.format("Full Name: \n");
GeneralNames generalNames = GeneralNames.getInstance(distPointName.getName());
GeneralName[] names = generalNames.getNames();
for (GeneralName generalname : names) {
int tag = generalname.getTagNo();
if (GeneralName.uniformResourceIdentifier == tag) {
DEREncodable name = generalname.getName();
DERIA5String str = DERIA5String.getInstance(name);
String value = str.getString();
outStream.format(" %s\n", value);
} else {
outStream.format("tag %d not yet implemented", tag);
}
}
} else {
outStream.format("type %d not yet implemented", type);
}
}
}
Also used :
DERIA5String(org.bouncycastle.asn1.DERIA5String)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
DEREncodable(org.bouncycastle.asn1.DEREncodable)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
Example 87 with Extension
use of org.bouncycastle.asn1.x509.Extension in project zm-mailbox by Zimbra.
the class CertUtil method printSubjectAlternativeNames.
private void printSubjectAlternativeNames(PrintStream outStream) throws Exception {
final String UPN_DISPLAY = "Principal Name";
final String RFC822NAME_DISPLAY = "RFC822 Name";
final String DNSNAME_DISPLAY = "DNS Name";
outStream.format("X509v3 Subject Alternative Name: \n");
ASN1InputStream decoder = null;
try {
Collection<List<?>> generalNames = cert.getSubjectAlternativeNames();
// Check that the certificate includes the SubjectAltName extension
if (generalNames == null) {
return;
}
for (List<?> generalName : generalNames) {
Integer tag = (Integer) generalName.get(0);
if (GeneralName.otherName == tag.intValue()) {
// Value is encoded using ASN.1
decoder = new ASN1InputStream((byte[]) generalName.toArray()[1]);
DEREncodable encoded = decoder.readObject();
DERSequence derSeq = (DERSequence) encoded;
DERObjectIdentifier typeId = DERObjectIdentifier.getInstance(derSeq.getObjectAt(0));
String oid = typeId.getId();
String value = null;
ASN1TaggedObject otherNameValue = ASN1TaggedObject.getInstance(derSeq.getObjectAt(1));
if (OID_UPN.equals(oid)) {
ASN1TaggedObject upnValue = ASN1TaggedObject.getInstance(otherNameValue.getObject());
DERUTF8String str = DERUTF8String.getInstance(upnValue.getObject());
value = str.getString();
}
outStream.format(" [%d] %s(%s) = %s\n", tag, oid, UPN_DISPLAY, value);
} else if (GeneralName.rfc822Name == tag.intValue()) {
String value = (String) generalName.get(1);
outStream.format(" [%d] %s = %s\n", tag, RFC822NAME_DISPLAY, value);
} else if (GeneralName.dNSName == tag.intValue()) {
String value = (String) generalName.get(1);
outStream.format(" [%d] %s = %s\n", tag, DNSNAME_DISPLAY, value);
} else {
outStream.format(" [%d] - not yet supported\n", tag);
}
}
} catch (CertificateParsingException e) {
e.printStackTrace();
} finally {
ByteUtil.closeStream(decoder);
}
}
Also used :
BigInteger(java.math.BigInteger)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DERSequence(org.bouncycastle.asn1.DERSequence)
CertificateParsingException(java.security.cert.CertificateParsingException)
DEREncodable(org.bouncycastle.asn1.DEREncodable)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
List(java.util.List)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)
Example 88 with Extension
use of org.bouncycastle.asn1.x509.Extension in project zm-mailbox by Zimbra.
the class CertUtil method getSubjectAltNameOtherNameUPN.
String getSubjectAltNameOtherNameUPN() {
Collection<List<?>> generalNames = null;
try {
generalNames = cert.getSubjectAlternativeNames();
} catch (CertificateParsingException e) {
ZimbraLog.account.warn(LOG_PREFIX + "unable to get subject alternative names", e);
}
if (generalNames == null) {
return null;
}
ASN1InputStream decoder = null;
try {
// Check that the certificate includes the SubjectAltName extension
for (List<?> generalName : generalNames) {
Integer tag = (Integer) generalName.get(0);
if (GeneralName.otherName == tag.intValue()) {
// Value is encoded using ASN.1
decoder = new ASN1InputStream((byte[]) generalName.toArray()[1]);
DEREncodable encoded = decoder.readObject();
DERSequence derSeq = (DERSequence) encoded;
DERObjectIdentifier typeId = DERObjectIdentifier.getInstance(derSeq.getObjectAt(0));
String oid = typeId.getId();
String value = null;
ASN1TaggedObject otherNameValue = ASN1TaggedObject.getInstance(derSeq.getObjectAt(1));
if (OID_UPN.equals(oid)) {
ASN1TaggedObject upnValue = ASN1TaggedObject.getInstance(otherNameValue.getObject());
DERUTF8String str = DERUTF8String.getInstance(upnValue.getObject());
value = str.getString();
return value;
}
}
}
} catch (IOException e) {
ZimbraLog.account.warn(LOG_PREFIX + "unable to process ASN.1 data", e);
} finally {
ByteUtil.closeStream(decoder);
}
return null;
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
CertificateParsingException(java.security.cert.CertificateParsingException)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
IOException(java.io.IOException)
DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)
BigInteger(java.math.BigInteger)
DERSequence(org.bouncycastle.asn1.DERSequence)
DEREncodable(org.bouncycastle.asn1.DEREncodable)
List(java.util.List)
Example 89 with Extension
use of org.bouncycastle.asn1.x509.Extension in project oxTrust by GluuFederation.
the class ExtensionDeserializer method deserialize.
@Override
public Extension deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException {
log.info(" deserialize() ");
try {
if (id == null || id.isEmpty()) {
throw new IllegalArgumentException("The URN cannot be null or empty");
}
JsonNode rootNode = jsonParser.readValueAsTree();
if (!rootNode.isObject()) {
throw new IllegalArgumentException("Extension is of wrong JSON type");
}
Extension.Builder extensionBuilder = new Extension.Builder(id);
Iterator<Map.Entry<String, JsonNode>> fieldIterator = rootNode.getFields();
while (fieldIterator.hasNext()) {
Map.Entry<String, JsonNode> entry = fieldIterator.next();
GluuAttribute gluuAttribute = attributeService.getAttributeByName(entry.getKey());
if (gluuAttribute != null) {
if (!(gluuAttribute.getOxSCIMCustomAttribute() != null && gluuAttribute.getOxSCIMCustomAttribute().equals(ScimCustomAtribute.TRUE))) {
log.info(" NOT A CUSTOM ATTRIBUTE: " + gluuAttribute.getName());
throw new IllegalArgumentException("NOT A CUSTOM ATTRIBUTE: " + gluuAttribute.getName());
}
GluuAttributeDataType attributeDataType = gluuAttribute.getDataType();
if ((gluuAttribute.getOxMultivaluedAttribute() != null) && gluuAttribute.getOxMultivaluedAttribute().equals(OxMultivalued.TRUE)) {
if (entry.getValue() instanceof ArrayNode) {
ArrayNode arrayNode = (ArrayNode) entry.getValue();
ObjectMapper mapper = new ObjectMapper();
mapper.disable(DeserializationConfig.Feature.FAIL_ON_UNKNOWN_PROPERTIES);
if (attributeDataType.equals(GluuAttributeDataType.STRING) || attributeDataType.equals(GluuAttributeDataType.PHOTO)) {
List<String> stringList = Arrays.asList(mapper.readValue(arrayNode, String[].class));
extensionBuilder.setFieldAsList(entry.getKey(), stringList);
} else if (attributeDataType.equals(GluuAttributeDataType.DATE)) {
// For validation
List<Date> dateList = Arrays.asList(mapper.readValue(arrayNode, Date[].class));
extensionBuilder.setFieldAsList(entry.getKey(), Arrays.asList(mapper.readValue(arrayNode, String[].class)));
} else if (attributeDataType.equals(GluuAttributeDataType.NUMERIC)) {
List<BigDecimal> numberList = Arrays.asList(mapper.readValue(arrayNode, BigDecimal[].class));
extensionBuilder.setFieldAsList(entry.getKey(), numberList);
} else {
log.info(" NO MATCH: attributeDataType.getDisplayName() = " + attributeDataType.getDisplayName());
throw new IllegalArgumentException("JSON type not supported: " + entry.getValue().toString());
}
} else {
throw new IllegalArgumentException("Attribute \"" + entry.getKey() + "\" is multi-valued but passed value is not of array type.");
}
} else {
if (entry.getValue() instanceof ArrayNode) {
throw new IllegalArgumentException("Attribute \"" + entry.getKey() + "\" is not multi-valued but passed value is of array type.");
} else {
if (attributeDataType.equals(GluuAttributeDataType.STRING) || attributeDataType.equals(GluuAttributeDataType.PHOTO)) {
handleString(extensionBuilder, entry);
} else if (attributeDataType.equals(GluuAttributeDataType.DATE)) {
handleDateTime(extensionBuilder, entry);
} else if (attributeDataType.equals(GluuAttributeDataType.NUMERIC)) {
handleNumber(extensionBuilder, entry);
} else {
log.info(" NO MATCH: attributeDataType.getDisplayName() = " + attributeDataType.getDisplayName());
throw new IllegalArgumentException("JSON type not supported: " + entry.getValue().toString());
}
}
}
} else {
throw new IllegalArgumentException("NOT FOUND: custom attribute = " + entry.getKey());
}
}
return extensionBuilder.build();
} catch (Exception e) {
e.printStackTrace();
throw new IOException(INTERNAL_SERVER_ERROR_MESSAGE);
}
}
Also used :
JsonNode(org.codehaus.jackson.JsonNode)
GluuAttributeDataType(org.xdi.model.GluuAttributeDataType)
IOException(java.io.IOException)
Date(java.util.Date)
BigDecimal(java.math.BigDecimal)
IOException(java.io.IOException)
GluuAttribute(org.xdi.model.GluuAttribute)
Extension(org.gluu.oxtrust.model.scim2.Extension)
List(java.util.List)
ArrayNode(org.codehaus.jackson.node.ArrayNode)
Map(java.util.Map)
ObjectMapper(org.codehaus.jackson.map.ObjectMapper)
Example 90 with Extension
use of org.bouncycastle.asn1.x509.Extension in project oxTrust by GluuFederation.
the class GluuCustomPerson method setExtensions.
public void setExtensions(Map<String, Extension> extensions) throws Exception {
this.extensions = extensions;
for (Map.Entry<String, Extension> extensionEntry : extensions.entrySet()) {
Extension extension = extensionEntry.getValue();
for (Map.Entry<String, Extension.Field> fieldEntry : extension.getFields().entrySet()) {
if (fieldEntry.getValue().isMultiValued() && (fieldEntry.getValue().getValue() != null)) {
ObjectMapper mapper = new ObjectMapper();
mapper.disable(DeserializationConfig.Feature.FAIL_ON_UNKNOWN_PROPERTIES);
String[] values = mapper.readValue(fieldEntry.getValue().getValue(), String[].class);
setAttribute(fieldEntry.getKey(), values);
} else {
setAttribute(fieldEntry.getKey(), fieldEntry.getValue().getValue());
}
}
}
}
Also used :
Extension(org.gluu.oxtrust.model.scim2.Extension)
HashMap(java.util.HashMap)
Map(java.util.Map)
ObjectMapper(org.codehaus.jackson.map.ObjectMapper)
Aggregations
IOException (java.io.IOException)52
Enumeration (java.util.Enumeration)37
ArrayList (java.util.ArrayList)36
ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)36
List (java.util.List)35
CertPathValidatorException (java.security.cert.CertPathValidatorException)34
X509Certificate (java.security.cert.X509Certificate)34
GeneralSecurityException (java.security.GeneralSecurityException)33
CertificateExpiredException (java.security.cert.CertificateExpiredException)31
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)31
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)31
IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)31
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)28
CertPathBuilderException (java.security.cert.CertPathBuilderException)26
Extension (org.bouncycastle.asn1.x509.Extension)25
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)22
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)22
HashSet (java.util.HashSet)21
Set (java.util.Set)21
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)20
