Examples with Extensions org.bouncycastle.asn1.x509.Extensions used on opensource projects

Example 56 with Extensions

use of org.bouncycastle.asn1.x509.Extensions in project jruby-openssl by jruby.

the class X509CRL method sign.

@JRubyMethod
public IRubyObject sign(final ThreadContext context, final IRubyObject key, IRubyObject digest) {
    final Ruby runtime = context.runtime;
    final String signatureAlgorithm = getSignatureAlgorithm(runtime, (PKey) key, (Digest) digest);
    final X500Name issuerName = ((X509Name) issuer).getX500Name();
    final java.util.Date thisUpdate = getLastUpdate().toDate();
    final X509v2CRLBuilder generator = new X509v2CRLBuilder(issuerName, thisUpdate);
    final java.util.Date nextUpdate = getNextUpdate().toDate();
    generator.setNextUpdate(nextUpdate);
    if (revoked != null) {
        for (int i = 0; i < revoked.size(); i++) {
            final X509Revoked rev = (X509Revoked) revoked.entry(i);
            BigInteger serial = new BigInteger(rev.callMethod(context, "serial").toString());
            RubyTime t1 = (RubyTime) rev.callMethod(context, "time").callMethod(context, "getutc");
            t1.setMicroseconds(0);
            final Extensions revExts;
            if (rev.hasExtensions()) {
                final RubyArray exts = rev.extensions();
                final ASN1Encodable[] array = new ASN1Encodable[exts.size()];
                for (int j = 0; j < exts.size(); j++) {
                    final X509Extension ext = (X509Extension) exts.entry(j);
                    try {
                        array[j] = ext.toASN1Sequence();
                    } catch (IOException e) {
                        throw newCRLError(runtime, e);
                    }
                }
                revExts = Extensions.getInstance(new DERSequence(array));
            } else {
                revExts = null;
            }
            generator.addCRLEntry(serial, t1.getJavaDate(), revExts);
        }
    }
    try {
        for (int i = 0; i < extensions.size(); i++) {
            X509Extension ext = (X509Extension) extensions.entry(i);
            ASN1Encodable value = ext.getRealValue();
            generator.addExtension(ext.getRealObjectID(), ext.isRealCritical(), value);
        }
    } catch (IOException e) {
        throw newCRLError(runtime, e);
    }
    final PrivateKey privateKey = ((PKey) key).getPrivateKey();
    try {
        if (avoidJavaSecurity) {
        // NOT IMPLEMENTED
        } else {
        // crl = generator.generate(((PKey) key).getPrivateKey());
        }
        /*
            AlgorithmIdentifier keyAldID = new AlgorithmIdentifier(new ASN1ObjectIdentifier(keyAlg));
            AlgorithmIdentifier digAldID = new AlgorithmIdentifier(new ASN1ObjectIdentifier(digAlg));
            final BcContentSignerBuilder signerBuilder;
            final AsymmetricKeyParameter signerPrivateKey;
            if ( isDSA ) {
                signerBuilder = new BcDSAContentSignerBuilder(keyAldID, digAldID);
                DSAPrivateKey privateKey = (DSAPrivateKey) ((PKey) key).getPrivateKey();
                DSAParameters params = new DSAParameters(
                        privateKey.getParams().getP(),
                        privateKey.getParams().getQ(),
                        privateKey.getParams().getG()
                );
                signerPrivateKey = new DSAPrivateKeyParameters(privateKey.getX(), params);
            }
            */
        ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(privateKey);
        this.crlHolder = generator.build(signer);
        this.crl = null;
    } catch (IllegalStateException e) {
        debugStackTrace(e);
        throw newCRLError(runtime, e);
    } catch (Exception e) {
        debugStackTrace(e);
        throw newCRLError(runtime, e.getMessage());
    }
    final ASN1Primitive crlVal = getCRLValue(runtime);
    ASN1Sequence v1 = (ASN1Sequence) (((ASN1Sequence) crlVal).getObjectAt(0));
    final ASN1EncodableVector build1 = new ASN1EncodableVector();
    int copyIndex = 0;
    if (v1.getObjectAt(0) instanceof ASN1Integer)
        copyIndex++;
    build1.add(new ASN1Integer(new BigInteger(version.toString())));
    while (copyIndex < v1.size()) {
        build1.add(v1.getObjectAt(copyIndex++));
    }
    final ASN1EncodableVector build2 = new ASN1EncodableVector();
    build2.add(new DLSequence(build1));
    build2.add(((ASN1Sequence) crlVal).getObjectAt(1));
    build2.add(((ASN1Sequence) crlVal).getObjectAt(2));
    this.crlValue = new DLSequence(build2);
    changed = false;
    return this;
}

Example 57 with Extensions

use of org.bouncycastle.asn1.x509.Extensions in project jruby-openssl by jruby.

the class OCSPRequest method addNonceImpl.

// BC doesn't have support for nonces... gotta do things manually
private void addNonceImpl() {
    GeneralName requestorName = null;
    ASN1Sequence requestList = new DERSequence();
    Extensions extensions = null;
    Signature sig = null;
    List<Extension> tmpExtensions = new ArrayList<Extension>();
    if (asn1bcReq != null) {
        TBSRequest currentTbsReq = asn1bcReq.getTbsRequest();
        extensions = currentTbsReq.getRequestExtensions();
        sig = asn1bcReq.getOptionalSignature();
        Enumeration<ASN1ObjectIdentifier> oids = extensions.oids();
        while (oids.hasMoreElements()) {
            tmpExtensions.add(extensions.getExtension(oids.nextElement()));
        }
    }
    tmpExtensions.add(new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, nonce));
    Extension[] exts = new Extension[tmpExtensions.size()];
    Extensions newExtensions = new Extensions(tmpExtensions.toArray(exts));
    TBSRequest newTbsReq = new TBSRequest(requestorName, requestList, newExtensions);
    asn1bcReq = new org.bouncycastle.asn1.ocsp.OCSPRequest(newTbsReq, sig);
}

Example 58 with Extensions

use of org.bouncycastle.asn1.x509.Extensions in project jruby-openssl by jruby.

the class OCSPSingleResponse method extensions.

@JRubyMethod(name = "extensions")
public IRubyObject extensions() {
    Ruby runtime = getRuntime();
    Extensions exts = bcSingleResponse.getSingleExtensions();
    if (exts == null)
        return RubyArray.newEmptyArray(runtime);
    ASN1ObjectIdentifier[] extOIDs = exts.getExtensionOIDs();
    RubyArray retExts = runtime.newArray(extOIDs.length);
    for (ASN1ObjectIdentifier extOID : extOIDs) {
        Extension ext = exts.getExtension(extOID);
        ASN1Encodable extAsn1 = ext.getParsedValue();
        X509Extension retExt = X509Extension.newExtension(runtime, extOID, extAsn1, ext.isCritical());
        retExts.append(retExt);
    }
    return retExts;
}

Example 59 with Extensions

use of org.bouncycastle.asn1.x509.Extensions in project jruby-openssl by jruby.

the class OCSPBasicResponse method add_status.

@JRubyMethod(name = "add_status", rest = true)
public OCSPBasicResponse add_status(final ThreadContext context, IRubyObject[] args) {
    Ruby runtime = context.getRuntime();
    Arity.checkArgumentCount(runtime, args, 7, 7);
    IRubyObject certificateId = args[0];
    IRubyObject status = args[1];
    IRubyObject reason = args[2];
    IRubyObject revocation_time = args[3];
    IRubyObject this_update = args[4];
    IRubyObject next_update = args[5];
    IRubyObject extensions = args[6];
    CertStatus certStatus = null;
    switch(RubyFixnum.fix2int((RubyFixnum) status)) {
        case 0:
            certStatus = new CertStatus();
            break;
        case 1:
            ASN1GeneralizedTime revTime = rubyIntOrTimeToGenTime(revocation_time);
            RevokedInfo revokedInfo = new RevokedInfo(revTime, CRLReason.lookup(RubyFixnum.fix2int((RubyFixnum) reason)));
            certStatus = new CertStatus(revokedInfo);
            break;
        case 2:
            certStatus = new CertStatus(2, DERNull.INSTANCE);
            break;
        default:
            break;
    }
    ASN1GeneralizedTime thisUpdate = rubyIntOrTimeToGenTime(this_update);
    ASN1GeneralizedTime nextUpdate = rubyIntOrTimeToGenTime(next_update);
    Extensions singleExtensions = convertRubyExtensions(extensions);
    CertID certID = ((OCSPCertificateId) certificateId).getCertID();
    SingleResponse ocspSingleResp = new SingleResponse(certID, certStatus, thisUpdate, nextUpdate, singleExtensions);
    OCSPSingleResponse rubySingleResp = new OCSPSingleResponse(runtime);
    try {
        rubySingleResp.initialize(context, RubyString.newString(runtime, ocspSingleResp.getEncoded()));
        singleResponses.add(rubySingleResp);
    } catch (IOException e) {
        throw newOCSPError(runtime, e);
    }
    return this;
}

Example 60 with Extensions

use of org.bouncycastle.asn1.x509.Extensions in project jruby-openssl by jruby.

the class OCSPBasicResponse method convertRubyExtensions.

private Extensions convertRubyExtensions(IRubyObject extensions) {
    if (extensions.isNil())
        return null;
    List<Extension> retExtensions = new ArrayList<Extension>();
    Iterator<IRubyObject> rubyExtensions = ((RubyArray) extensions).iterator();
    while (rubyExtensions.hasNext()) {
        X509Extension rubyExt = (X509Extension) rubyExtensions.next();
        Extension ext = Extension.getInstance(((RubyString) rubyExt.to_der()).getBytes());
        retExtensions.add(ext);
    }
    Extension[] exts = new Extension[retExtensions.size()];
    retExtensions.toArray(exts);
    return new Extensions(exts);
}