Example 16 with X509Extension
use of org.bouncycastle.asn1.x509.X509Extension in project jruby-openssl by jruby.
the class OCSPSingleResponse method extensions.
@JRubyMethod(name = "extensions")
public IRubyObject extensions() {
Ruby runtime = getRuntime();
Extensions exts = bcSingleResponse.getSingleExtensions();
if (exts == null)
return RubyArray.newEmptyArray(runtime);
ASN1ObjectIdentifier[] extOIDs = exts.getExtensionOIDs();
RubyArray retExts = runtime.newArray(extOIDs.length);
for (ASN1ObjectIdentifier extOID : extOIDs) {
Extension ext = exts.getExtension(extOID);
ASN1Encodable extAsn1 = ext.getParsedValue();
X509Extension retExt = X509Extension.newExtension(runtime, extOID, extAsn1, ext.isCritical());
retExts.append(retExt);
}
return retExts;
}
Also used :
Extension(org.bouncycastle.asn1.x509.Extension)
RubyArray(org.jruby.RubyArray)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Extensions(org.bouncycastle.asn1.x509.Extensions)
Ruby(org.jruby.Ruby)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
JRubyMethod(org.jruby.anno.JRubyMethod)
Example 17 with X509Extension
use of org.bouncycastle.asn1.x509.X509Extension in project jruby-openssl by jruby.
the class X509Cert method uniqueExtensions.
private Collection<X509Extension> uniqueExtensions() {
final Map<ASN1ObjectIdentifier, X509Extension> unique = new LinkedHashMap<ASN1ObjectIdentifier, X509Extension>();
for (X509Extension current : this.extensions) {
final ASN1ObjectIdentifier oid = current.getRealObjectID();
final X509Extension existing = unique.get(oid);
if (existing == null) {
unique.put(oid, current);
continue;
}
// commonly used e.g. with subjectAltName || issuserAltName :
if ("2.5.29.17".equals(oid.getId()) || "2.5.29.18".equals(oid.getId())) {
final ASN1EncodableVector vec = new ASN1EncodableVector();
try {
GeneralName[] n1 = extRealNames(existing);
for (int i = 0; i < n1.length; i++) vec.add(n1[i]);
GeneralName[] n2 = extRealNames(current);
for (int i = 0; i < n2.length; i++) vec.add(n2[i]);
GeneralNames nn = GeneralNames.getInstance(new DLSequence(vec));
final X509Extension existingDup = existing.clone();
existingDup.setRealValue(nn);
unique.put(oid, existingDup);
} catch (IOException ex) {
throw getRuntime().newIOErrorFromException(ex);
}
continue;
}
// TODO do we need special care for any others here ?!?
final ASN1EncodableVector vec = new ASN1EncodableVector();
try {
final ASN1Encodable existingValue = existing.getRealValue();
if (existingValue instanceof ASN1Sequence) {
final ASN1Sequence seq = (ASN1Sequence) existingValue;
for (int i = 0; i < seq.size(); i++) {
vec.add(seq.getObjectAt(i));
}
} else {
vec.add(existingValue);
}
vec.add(current.getRealValue());
// existing.setRealValue( new DLSequence(vec) );
final X509Extension existingDup = existing.clone();
existingDup.setRealValue(new DLSequence(vec));
unique.put(oid, existingDup);
} catch (IOException ex) {
throw getRuntime().newIOErrorFromException(ex);
}
}
return unique.values();
}
Also used :
IOException(java.io.IOException)
LinkedHashMap(java.util.LinkedHashMap)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
DLSequence(org.bouncycastle.asn1.DLSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 18 with X509Extension
use of org.bouncycastle.asn1.x509.X509Extension in project jruby-openssl by jruby.
the class X509CRL method sign.
@JRubyMethod
public IRubyObject sign(final ThreadContext context, final IRubyObject key, IRubyObject digest) {
final Ruby runtime = context.runtime;
final String signatureAlgorithm = getSignatureAlgorithm(runtime, (PKey) key, (Digest) digest);
final X500Name issuerName = ((X509Name) issuer).getX500Name();
final java.util.Date thisUpdate = getLastUpdate().toDate();
final X509v2CRLBuilder generator = new X509v2CRLBuilder(issuerName, thisUpdate);
final java.util.Date nextUpdate = getNextUpdate().toDate();
generator.setNextUpdate(nextUpdate);
if (revoked != null) {
for (int i = 0; i < revoked.size(); i++) {
final X509Revoked rev = (X509Revoked) revoked.entry(i);
BigInteger serial = new BigInteger(rev.callMethod(context, "serial").toString());
RubyTime t1 = (RubyTime) rev.callMethod(context, "time").callMethod(context, "getutc");
t1.setMicroseconds(0);
final Extensions revExts;
if (rev.hasExtensions()) {
final RubyArray exts = rev.extensions();
final ASN1Encodable[] array = new ASN1Encodable[exts.size()];
for (int j = 0; j < exts.size(); j++) {
final X509Extension ext = (X509Extension) exts.entry(j);
try {
array[j] = ext.toASN1Sequence();
} catch (IOException e) {
throw newCRLError(runtime, e);
}
}
revExts = Extensions.getInstance(new DERSequence(array));
} else {
revExts = null;
}
generator.addCRLEntry(serial, t1.getJavaDate(), revExts);
}
}
try {
for (int i = 0; i < extensions.size(); i++) {
X509Extension ext = (X509Extension) extensions.entry(i);
ASN1Encodable value = ext.getRealValue();
generator.addExtension(ext.getRealObjectID(), ext.isRealCritical(), value);
}
} catch (IOException e) {
throw newCRLError(runtime, e);
}
final PrivateKey privateKey = ((PKey) key).getPrivateKey();
try {
if (avoidJavaSecurity) {
// NOT IMPLEMENTED
} else {
// crl = generator.generate(((PKey) key).getPrivateKey());
}
/*
AlgorithmIdentifier keyAldID = new AlgorithmIdentifier(new ASN1ObjectIdentifier(keyAlg));
AlgorithmIdentifier digAldID = new AlgorithmIdentifier(new ASN1ObjectIdentifier(digAlg));
final BcContentSignerBuilder signerBuilder;
final AsymmetricKeyParameter signerPrivateKey;
if ( isDSA ) {
signerBuilder = new BcDSAContentSignerBuilder(keyAldID, digAldID);
DSAPrivateKey privateKey = (DSAPrivateKey) ((PKey) key).getPrivateKey();
DSAParameters params = new DSAParameters(
privateKey.getParams().getP(),
privateKey.getParams().getQ(),
privateKey.getParams().getG()
);
signerPrivateKey = new DSAPrivateKeyParameters(privateKey.getX(), params);
}
*/
ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(privateKey);
this.crlHolder = generator.build(signer);
this.crl = null;
} catch (IllegalStateException e) {
debugStackTrace(e);
throw newCRLError(runtime, e);
} catch (Exception e) {
debugStackTrace(e);
throw newCRLError(runtime, e.getMessage());
}
final ASN1Primitive crlVal = getCRLValue(runtime);
ASN1Sequence v1 = (ASN1Sequence) (((ASN1Sequence) crlVal).getObjectAt(0));
final ASN1EncodableVector build1 = new ASN1EncodableVector();
int copyIndex = 0;
if (v1.getObjectAt(0) instanceof ASN1Integer)
copyIndex++;
build1.add(new ASN1Integer(new BigInteger(version.toString())));
while (copyIndex < v1.size()) {
build1.add(v1.getObjectAt(copyIndex++));
}
final ASN1EncodableVector build2 = new ASN1EncodableVector();
build2.add(new DLSequence(build1));
build2.add(((ASN1Sequence) crlVal).getObjectAt(1));
build2.add(((ASN1Sequence) crlVal).getObjectAt(2));
this.crlValue = new DLSequence(build2);
changed = false;
return this;
}
Also used :
RubyTime(org.jruby.RubyTime)
PrivateKey(java.security.PrivateKey)
RubyArray(org.jruby.RubyArray)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
RubyString(org.jruby.RubyString)
X500Name(org.bouncycastle.asn1.x500.X500Name)
Extensions(org.bouncycastle.asn1.x509.Extensions)
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Ruby(org.jruby.Ruby)
ContentSigner(org.bouncycastle.operator.ContentSigner)
IOException(java.io.IOException)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
RaiseException(org.jruby.exceptions.RaiseException)
GeneralSecurityException(java.security.GeneralSecurityException)
CRLException(java.security.cert.CRLException)
IOException(java.io.IOException)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DLSequence(org.bouncycastle.asn1.DLSequence)
BigInteger(java.math.BigInteger)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
JRubyMethod(org.jruby.anno.JRubyMethod)
Example 19 with X509Extension
use of org.bouncycastle.asn1.x509.X509Extension in project jruby-openssl by jruby.
the class X509Extension method newExtension.
static X509Extension[] newExtension(final ThreadContext context, final String oid, final byte[] extValue, final boolean critical) throws IOException {
final Ruby runtime = context.runtime;
final ASN1ObjectIdentifier objectId = ASN1.getObjectID(runtime, oid);
final ASN1Encodable value = ASN1.readObject(extValue);
return new X509Extension[] { newExtension(runtime, objectId, value, critical) };
}
Also used :
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Ruby(org.jruby.Ruby)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 20 with X509Extension
use of org.bouncycastle.asn1.x509.X509Extension in project jruby-openssl by jruby.
the class X509CRL method extensions_to_text.
static void extensions_to_text(final ThreadContext context, final List<X509Extension> exts, final StringBuilder text, final int indent) {
final char[] S20 = StringHelper.S20;
for (int i = 0; i < exts.size(); i++) {
final X509Extension ext = exts.get(i);
final ASN1ObjectIdentifier oid = ext.getRealObjectID();
String no = ASN1.o2a(context.runtime, oid, true);
if (no == null) {
// MRI here just appends the OID string
no = ASN1.oid2Sym(context.runtime, oid, true);
if (no == null)
no = oid.toString();
}
text.append(S20, 0, indent).append(no).append(": ");
if (ext.isRealCritical())
text.append("critical");
text.append('\n');
final String value = ext.value(context).toString();
for (String val : value.split("\n")) {
text.append(S20, 0, 16).append(val).append('\n');
}
}
}
Also used :
RubyString(org.jruby.RubyString)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
X509Extension (org.bouncycastle.asn1.x509.X509Extension)21
Enumeration (java.util.Enumeration)20
X509Extensions (org.bouncycastle.asn1.x509.X509Extensions)20
IOException (java.io.IOException)18
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)12
HashSet (java.util.HashSet)11
X509Extension (org.gudy.bouncycastle.asn1.x509.X509Extension)11
X509Certificate (java.security.cert.X509Certificate)10
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)10
DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)10
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)8
DERBitString (org.bouncycastle.asn1.DERBitString)8
DERSequence (org.bouncycastle.asn1.DERSequence)8
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)8
CertificateException (java.security.cert.CertificateException)7
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)7
GeneralSecurityException (java.security.GeneralSecurityException)6
ArrayList (java.util.ArrayList)6
Set (java.util.Set)6
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)6
