Example 11 with PolicyConstraints
use of org.bouncycastle.asn1.x509.PolicyConstraints in project signer by demoiselle.
the class CertificateTrustPoint method parse.
@Override
public void parse(ASN1Primitive derObject) {
ASN1Sequence derSequence = ASN1Object.getDERSequence(derObject);
DERSequence x509Sequence = (DERSequence) derSequence.getObjectAt(0).toASN1Primitive();
try {
ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(x509Sequence.getEncoded());
this.trustpoint = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(byteArrayInputStream);
} catch (Throwable error) {
error.printStackTrace();
}
int total = derSequence.size();
if (total > 0) {
for (int i = 0; i < total; i++) {
ASN1Primitive object = derSequence.getObjectAt(i).toASN1Primitive();
if (object instanceof DERTaggedObject) {
DERTaggedObject derTaggedObject = (DERTaggedObject) object;
TAG tag = TAG.getTag(derTaggedObject.getTagNo());
switch(tag) {
case pathLenConstraint:
this.pathLenConstraint = new PathLenConstraint();
this.pathLenConstraint.parse(object);
break;
case acceptablePolicySet:
this.acceptablePolicySet = new AcceptablePolicySet();
this.acceptablePolicySet.parse(object);
break;
case nameConstraints:
this.nameConstraints = new NameConstraints();
this.nameConstraints.parse(object);
break;
case policyConstraints:
this.policyConstraints = new PolicyConstraints();
this.policyConstraints.parse(object);
break;
default:
break;
}
}
}
}
}
Also used :
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DERSequence(org.bouncycastle.asn1.DERSequence)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
Example 12 with PolicyConstraints
use of org.bouncycastle.asn1.x509.PolicyConstraints in project XobotOS by xamarin.
the class RFC3280CertPathUtilities method prepareNextCertI1.
protected static int prepareNextCertI1(CertPath certPath, int index, int explicitPolicy) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (i)
//
ASN1Sequence pc = null;
try {
pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_CONSTRAINTS));
} catch (Exception e) {
throw new ExtCertPathValidatorException("Policy constraints extension cannot be decoded.", e, certPath, index);
}
int tmpInt;
if (pc != null) {
Enumeration policyConstraints = pc.getObjects();
while (policyConstraints.hasMoreElements()) {
try {
ASN1TaggedObject constraint = ASN1TaggedObject.getInstance(policyConstraints.nextElement());
if (constraint.getTagNo() == 0) {
tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
if (tmpInt < explicitPolicy) {
return tmpInt;
}
break;
}
} catch (IllegalArgumentException e) {
throw new ExtCertPathValidatorException("Policy constraints extension contents cannot be decoded.", e, certPath, index);
}
}
}
return explicitPolicy;
}
Also used :
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
Enumeration(java.util.Enumeration)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
List(java.util.List)
ArrayList(java.util.ArrayList)
X509Certificate(java.security.cert.X509Certificate)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
Example 13 with PolicyConstraints
use of org.bouncycastle.asn1.x509.PolicyConstraints in project robovm by robovm.
the class RFC3280CertPathUtilities method wrapupCertB.
protected static int wrapupCertB(CertPath certPath, int index, int explicitPolicy) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (b)
//
int tmpInt;
ASN1Sequence pc = null;
try {
pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_CONSTRAINTS));
} catch (AnnotatedException e) {
throw new ExtCertPathValidatorException("Policy constraints could not be decoded.", e, certPath, index);
}
if (pc != null) {
Enumeration policyConstraints = pc.getObjects();
while (policyConstraints.hasMoreElements()) {
ASN1TaggedObject constraint = (ASN1TaggedObject) policyConstraints.nextElement();
switch(constraint.getTagNo()) {
case 0:
try {
tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
} catch (Exception e) {
throw new ExtCertPathValidatorException("Policy constraints requireExplicitPolicy field could not be decoded.", e, certPath, index);
}
if (tmpInt == 0) {
return 0;
}
break;
}
}
}
return explicitPolicy;
}
Also used :
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
Enumeration(java.util.Enumeration)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
List(java.util.List)
ArrayList(java.util.ArrayList)
X509Certificate(java.security.cert.X509Certificate)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
Example 14 with PolicyConstraints
use of org.bouncycastle.asn1.x509.PolicyConstraints in project robovm by robovm.
the class RFC3280CertPathUtilities method prepareNextCertI1.
protected static int prepareNextCertI1(CertPath certPath, int index, int explicitPolicy) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (i)
//
ASN1Sequence pc = null;
try {
pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_CONSTRAINTS));
} catch (Exception e) {
throw new ExtCertPathValidatorException("Policy constraints extension cannot be decoded.", e, certPath, index);
}
int tmpInt;
if (pc != null) {
Enumeration policyConstraints = pc.getObjects();
while (policyConstraints.hasMoreElements()) {
try {
ASN1TaggedObject constraint = ASN1TaggedObject.getInstance(policyConstraints.nextElement());
if (constraint.getTagNo() == 0) {
tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
if (tmpInt < explicitPolicy) {
return tmpInt;
}
break;
}
} catch (IllegalArgumentException e) {
throw new ExtCertPathValidatorException("Policy constraints extension contents cannot be decoded.", e, certPath, index);
}
}
}
return explicitPolicy;
}
Also used :
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
Enumeration(java.util.Enumeration)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
List(java.util.List)
ArrayList(java.util.ArrayList)
X509Certificate(java.security.cert.X509Certificate)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
Example 15 with PolicyConstraints
use of org.bouncycastle.asn1.x509.PolicyConstraints in project xipki by xipki.
the class ProfileConfCreatorDemo method certprofileSubCaComplex.
// method certprofileSubCa
private static X509ProfileType certprofileSubCaComplex() throws Exception {
X509ProfileType profile = getBaseProfile("certprofile subca-complex (with most extensions)", X509CertLevel.SubCA, "8y", false);
// Subject
Subject subject = profile.getSubject();
subject.setIncSerialNumber(false);
List<RdnType> rdnControls = subject.getRdn();
rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, null, "PREFIX ", " SUFFIX"));
// Extensions
ExtensionsType extensions = profile.getExtensions();
List<ExtensionType> list = extensions.getExtension();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
ExtensionValueType extensionValue = createBasicConstraints(1);
list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
// Extensions - AuthorityInfoAccess
extensionValue = createAuthorityInfoAccess();
list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
// Extensions - AuthorityKeyIdentifier
extensionValue = createAuthorityKeyIdentifier(false);
list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
// Extensions - keyUsage
extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.KEY_CERT_SIGN }, new KeyUsageEnum[] { KeyUsageEnum.CRL_SIGN });
list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
// Certificate Policies
extensionValue = createCertificatePolicies(new ASN1ObjectIdentifier("1.2.3.4.5"), new ASN1ObjectIdentifier("2.4.3.2.1"));
list.add(createExtension(Extension.certificatePolicies, true, false, extensionValue));
// Policy Mappings
PolicyMappings policyMappings = new PolicyMappings();
policyMappings.getMapping().add(createPolicyIdMapping(new ASN1ObjectIdentifier("1.1.1.1.1"), new ASN1ObjectIdentifier("2.1.1.1.1")));
policyMappings.getMapping().add(createPolicyIdMapping(new ASN1ObjectIdentifier("1.1.1.1.2"), new ASN1ObjectIdentifier("2.1.1.1.2")));
extensionValue = createExtensionValueType(policyMappings);
list.add(createExtension(Extension.policyMappings, true, true, extensionValue));
// Policy Constraints
PolicyConstraints policyConstraints = createPolicyConstraints(2, 2);
extensionValue = createExtensionValueType(policyConstraints);
list.add(createExtension(Extension.policyConstraints, true, true, extensionValue));
// Name Constrains
NameConstraints nameConstraints = createNameConstraints();
extensionValue = createExtensionValueType(nameConstraints);
list.add(createExtension(Extension.nameConstraints, true, true, extensionValue));
// Inhibit anyPolicy
InhibitAnyPolicy inhibitAnyPolicy = createInhibitAnyPolicy(1);
extensionValue = createExtensionValueType(inhibitAnyPolicy);
list.add(createExtension(Extension.inhibitAnyPolicy, true, true, extensionValue));
// SubjectAltName
SubjectAltName subjectAltNameMode = new SubjectAltName();
OtherName otherName = new OtherName();
otherName.getType().add(createOidType(ObjectIdentifiers.DN_O));
subjectAltNameMode.setOtherName(otherName);
subjectAltNameMode.setRfc822Name("");
subjectAltNameMode.setDnsName("");
subjectAltNameMode.setDirectoryName("");
subjectAltNameMode.setEdiPartyName("");
subjectAltNameMode.setUniformResourceIdentifier("");
subjectAltNameMode.setIpAddress("");
subjectAltNameMode.setRegisteredID("");
extensionValue = createExtensionValueType(subjectAltNameMode);
list.add(createExtension(Extension.subjectAlternativeName, true, false, extensionValue));
// SubjectInfoAccess
SubjectInfoAccess subjectInfoAccessMode = new SubjectInfoAccess();
SubjectInfoAccess.Access access = new SubjectInfoAccess.Access();
subjectInfoAccessMode.getAccess().add(access);
access.setAccessMethod(createOidType(ObjectIdentifiers.id_ad_caRepository));
GeneralNameType accessLocation = new GeneralNameType();
access.setAccessLocation(accessLocation);
accessLocation.setDirectoryName("");
accessLocation.setUniformResourceIdentifier("");
extensionValue = createExtensionValueType(subjectInfoAccessMode);
list.add(createExtension(Extension.subjectInfoAccess, true, false, extensionValue));
// Custom Extension
ASN1ObjectIdentifier customExtensionOid = new ASN1ObjectIdentifier("1.2.3.4");
extensionValue = createConstantExtValue(DERNull.INSTANCE.getEncoded(), "DER Null");
list.add(createExtension(customExtensionOid, true, false, extensionValue, "custom extension 1"));
return profile;
}
Also used :
PolicyConstraints(org.xipki.ca.certprofile.x509.jaxb.PolicyConstraints)
NameConstraints(org.xipki.ca.certprofile.x509.jaxb.NameConstraints)
InhibitAnyPolicy(org.xipki.ca.certprofile.x509.jaxb.InhibitAnyPolicy)
OtherName(org.xipki.ca.certprofile.x509.jaxb.GeneralNameType.OtherName)
AuthorityInfoAccess(org.xipki.ca.certprofile.x509.jaxb.AuthorityInfoAccess)
SubjectInfoAccess(org.xipki.ca.certprofile.x509.jaxb.SubjectInfoAccess)
X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType)
ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType)
Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject)
RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType)
KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)
SubjectAltName(org.xipki.ca.certprofile.x509.jaxb.SubjectAltName)
SubjectInfoAccess(org.xipki.ca.certprofile.x509.jaxb.SubjectInfoAccess)
ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType)
ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType)
TlsExtensionType(org.xipki.security.TlsExtensionType)
PolicyMappings(org.xipki.ca.certprofile.x509.jaxb.PolicyMappings)
GeneralNameType(org.xipki.ca.certprofile.x509.jaxb.GeneralNameType)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)9
IOException (java.io.IOException)7
ArrayList (java.util.ArrayList)7
List (java.util.List)7
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)7
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)7
IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)7
GeneralSecurityException (java.security.GeneralSecurityException)6
CertPathBuilderException (java.security.cert.CertPathBuilderException)6
CertPathValidatorException (java.security.cert.CertPathValidatorException)6
CertificateExpiredException (java.security.cert.CertificateExpiredException)6
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)6
X509Certificate (java.security.cert.X509Certificate)6
Enumeration (java.util.Enumeration)6
ASN1TaggedObject (org.bouncycastle.asn1.ASN1TaggedObject)6
ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)6
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)4
DERSequence (org.bouncycastle.asn1.DERSequence)3
DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)3
BigInteger (java.math.BigInteger)2
