Example 41 with X509Extension
use of org.bouncycastle.asn1.x509.X509Extension in project BiglyBT by BiglySoftware.
the class X509CertificateObject method toString.
public String toString() {
StringBuilder buf = new StringBuilder();
String nl = System.getProperty("line.separator");
buf.append(" [0] Version: ").append(this.getVersion()).append(nl);
buf.append(" SerialNumber: ").append(this.getSerialNumber()).append(nl);
buf.append(" IssuerDN: ").append(this.getIssuerDN()).append(nl);
buf.append(" Start Date: ").append(this.getNotBefore()).append(nl);
buf.append(" Final Date: ").append(this.getNotAfter()).append(nl);
buf.append(" SubjectDN: ").append(this.getSubjectDN()).append(nl);
buf.append(" Public Key: ").append(this.getPublicKey()).append(nl);
buf.append(" Signature Algorithm: ").append(this.getSigAlgName()).append(nl);
byte[] sig = this.getSignature();
buf.append(" Signature: ").append(new String(Hex.encode(sig, 0, 20))).append(nl);
for (int i = 20; i < sig.length; i += 20) {
if (i < sig.length - 20) {
buf.append(" ").append(new String(Hex.encode(sig, i, 20))).append(nl);
} else {
buf.append(" ").append(new String(Hex.encode(sig, i, sig.length - i))).append(nl);
}
}
X509Extensions extensions = c.getTBSCertificate().getExtensions();
if (extensions != null) {
Enumeration e = extensions.oids();
if (e.hasMoreElements()) {
buf.append(" Extensions: \n");
}
while (e.hasMoreElements()) {
DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
X509Extension ext = extensions.getExtension(oid);
if (ext.getValue() != null) {
byte[] octs = ext.getValue().getOctets();
ByteArrayInputStream bIn = new ByteArrayInputStream(octs);
DERInputStream dIn = new DERInputStream(bIn);
buf.append(" critical(").append(ext.isCritical()).append(") ");
try {
if (oid.equals(X509Extensions.BasicConstraints)) {
buf.append(new BasicConstraints((ASN1Sequence) dIn.readObject())).append(nl);
} else if (oid.equals(X509Extensions.KeyUsage)) {
buf.append(new KeyUsage((DERBitString) dIn.readObject())).append(nl);
} else if (oid.equals(MiscObjectIdentifiers.netscapeCertType)) {
buf.append(new NetscapeCertType((DERBitString) dIn.readObject())).append(nl);
} else if (oid.equals(MiscObjectIdentifiers.netscapeRevocationURL)) {
buf.append(new NetscapeRevocationURL((DERIA5String) dIn.readObject())).append(nl);
} else if (oid.equals(MiscObjectIdentifiers.verisignCzagExtension)) {
buf.append(new VerisignCzagExtension((DERIA5String) dIn.readObject())).append(nl);
} else {
buf.append(oid.getId());
buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
// buf.append(" value = " + "*****" + nl);
}
} catch (Exception ex) {
buf.append(oid.getId());
// buf.append(" value = " + new String(Hex.encode(ext.getValue().getOctets())) + nl);
buf.append(" value = " + "*****").append(nl);
}
} else {
buf.append(nl);
}
}
}
return buf.toString();
}
Also used :
VerisignCzagExtension(org.gudy.bouncycastle.asn1.misc.VerisignCzagExtension)
X509Extension(org.gudy.bouncycastle.asn1.x509.X509Extension)
NetscapeRevocationURL(org.gudy.bouncycastle.asn1.misc.NetscapeRevocationURL)
IOException(java.io.IOException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
NetscapeCertType(org.gudy.bouncycastle.asn1.misc.NetscapeCertType)
Example 42 with X509Extension
use of org.bouncycastle.asn1.x509.X509Extension in project BiglyBT by BiglySoftware.
the class X509CertificateObject method getExtensionValue.
@Override
public byte[] getExtensionValue(String oid) {
X509Extensions exts = c.getTBSCertificate().getExtensions();
if (exts != null) {
X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid));
if (ext != null) {
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
DEROutputStream dOut = new DEROutputStream(bOut);
try {
dOut.writeObject(ext.getValue());
return bOut.toByteArray();
} catch (Exception e) {
throw new RuntimeException("error encoding " + e.toString());
}
}
}
return null;
}
Also used :
X509Extension(org.gudy.bouncycastle.asn1.x509.X509Extension)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
Example 43 with X509Extension
use of org.bouncycastle.asn1.x509.X509Extension in project BiglyBT by BiglySoftware.
the class X509V2AttributeCertificate method getExtensionOIDs.
private Set getExtensionOIDs(boolean critical) {
X509Extensions extensions = cert.getAcinfo().getExtensions();
if (extensions != null) {
Set set = new HashSet();
Enumeration e = extensions.oids();
while (e.hasMoreElements()) {
DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
X509Extension ext = extensions.getExtension(oid);
if (ext.isCritical() == critical) {
set.add(oid.getId());
}
}
return set;
}
return null;
}
Also used :
X509Extension(org.gudy.bouncycastle.asn1.x509.X509Extension)
X509Extensions(org.gudy.bouncycastle.asn1.x509.X509Extensions)
Example 44 with X509Extension
use of org.bouncycastle.asn1.x509.X509Extension in project jruby-openssl by jruby.
the class X509Extension method newExtension.
static X509Extension newExtension(final ThreadContext context, final String oid, final java.security.cert.X509Extension ext, final boolean critical) throws IOException {
// DER encoded
final byte[] extValue = ext.getExtensionValue(oid);
// TODO: wired. J9 returns null for an OID given in getNonCriticalExtensionOIDs()
if (extValue == null) {
warn(context, ext + " getExtensionValue returns null for '" + oid + "'");
return null;
}
final Ruby runtime = context.runtime;
final ASN1Encodable value = ASN1.readObject(extValue);
return newExtension(runtime, ASN1.getObjectID(runtime, oid), value, critical);
}
Also used :
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Ruby(org.jruby.Ruby)
Example 45 with X509Extension
use of org.bouncycastle.asn1.x509.X509Extension in project LinLong-Java by zhenwei1108.
the class RFC3280CertPathUtilities method processCRLB2.
/**
* If the complete CRL includes an issuing distribution point (IDP) CRL extension check the
* following:
* <p>
* (i) If the distribution point name is present in the IDP CRL extension and the distribution
* field is present in the DP, then verify that one of the names in the IDP matches one of the
* names in the DP. If the distribution point name is present in the IDP CRL extension and the
* distribution field is omitted from the DP, then verify that one of the names in the IDP matches
* one of the names in the cRLIssuer field of the DP.
* </p>
* <p>
* (ii) If the onlyContainsUserCerts boolean is asserted in the IDP CRL extension, verify that the
* certificate does not include the basic constraints extension with the cA boolean asserted.
* </p>
* <p>
* (iii) If the onlyContainsCACerts boolean is asserted in the IDP CRL extension, verify that the
* certificate includes the basic constraints extension with the cA boolean asserted.
* </p>
* <p>
* (iv) Verify that the onlyContainsAttributeCerts boolean is not asserted.
* </p>
*
* @param dp The distribution point.
* @param cert The certificate.
* @param crl The CRL.
* @throws AnnotatedException if one of the conditions is not met or an error occurs.
*/
protected static void processCRLB2(DistributionPoint dp, Object cert, X509CRL crl) throws AnnotatedException {
IssuingDistributionPoint idp = null;
try {
idp = IssuingDistributionPoint.getInstance(RevocationUtilities.getExtensionValue(crl, Extension.issuingDistributionPoint));
} catch (Exception e) {
throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e);
}
// distribution point name is present
if (idp != null) {
if (idp.getDistributionPoint() != null) {
// make list of names
DistributionPointName dpName = IssuingDistributionPoint.getInstance(idp).getDistributionPoint();
List names = new ArrayList();
if (dpName.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] genNames = GeneralNames.getInstance(dpName.getName()).getNames();
for (int j = 0; j < genNames.length; j++) {
names.add(genNames[j]);
}
}
if (dpName.getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER) {
ASN1EncodableVector vec = new ASN1EncodableVector();
try {
Enumeration e = ASN1Sequence.getInstance(crl.getIssuerX500Principal().getEncoded()).getObjects();
while (e.hasMoreElements()) {
vec.add((ASN1Encodable) e.nextElement());
}
} catch (Exception e) {
throw new AnnotatedException("Could not read CRL issuer.", e);
}
vec.add(dpName.getName());
names.add(new GeneralName(X500Name.getInstance(new DERSequence(vec))));
}
boolean matches = false;
// of the names in the DP.
if (dp.getDistributionPoint() != null) {
dpName = dp.getDistributionPoint();
GeneralName[] genNames = null;
if (dpName.getType() == DistributionPointName.FULL_NAME) {
genNames = GeneralNames.getInstance(dpName.getName()).getNames();
}
if (dpName.getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER) {
if (dp.getCRLIssuer() != null) {
genNames = dp.getCRLIssuer().getNames();
} else {
genNames = new GeneralName[1];
try {
genNames[0] = new GeneralName(X500Name.getInstance(((X509Certificate) cert).getIssuerX500Principal().getEncoded()));
} catch (Exception e) {
throw new AnnotatedException("Could not read certificate issuer.", e);
}
}
for (int j = 0; j < genNames.length; j++) {
Enumeration e = ASN1Sequence.getInstance(genNames[j].getName().toASN1Primitive()).getObjects();
ASN1EncodableVector vec = new ASN1EncodableVector();
while (e.hasMoreElements()) {
vec.add((ASN1Encodable) e.nextElement());
}
vec.add(dpName.getName());
genNames[j] = new GeneralName(X500Name.getInstance(new DERSequence(vec)));
}
}
if (genNames != null) {
for (int j = 0; j < genNames.length; j++) {
if (names.contains(genNames[j])) {
matches = true;
break;
}
}
}
if (!matches) {
throw new AnnotatedException("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
}
} else // verify that one of the names in
// the IDP matches one of the names in the cRLIssuer field of
// the DP
{
if (dp.getCRLIssuer() == null) {
throw new AnnotatedException("Either the cRLIssuer or the distributionPoint field must " + "be contained in DistributionPoint.");
}
GeneralName[] genNames = dp.getCRLIssuer().getNames();
for (int j = 0; j < genNames.length; j++) {
if (names.contains(genNames[j])) {
matches = true;
break;
}
}
if (!matches) {
throw new AnnotatedException("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
}
}
}
BasicConstraints bc = null;
try {
bc = BasicConstraints.getInstance(RevocationUtilities.getExtensionValue((X509Extension) cert, Extension.basicConstraints));
} catch (Exception e) {
throw new AnnotatedException("Basic constraints extension could not be decoded.", e);
}
if (cert instanceof X509Certificate) {
// (b) (2) (ii)
if (idp.onlyContainsUserCerts() && (bc != null && bc.isCA())) {
throw new AnnotatedException("CA Cert CRL only contains user certificates.");
}
// (b) (2) (iii)
if (idp.onlyContainsCACerts() && (bc == null || !bc.isCA())) {
throw new AnnotatedException("End CRL only contains CA certificates.");
}
}
// (b) (2) (iv)
if (idp.onlyContainsAttributeCerts()) {
throw new AnnotatedException("onlyContainsAttributeCerts boolean is asserted.");
}
}
}
Also used :
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
Enumeration(java.util.Enumeration)
DistributionPointName(com.github.zhenwei.core.asn1.x509.DistributionPointName)
ArrayList(java.util.ArrayList)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
IOException(java.io.IOException)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
X509Certificate(java.security.cert.X509Certificate)
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
ArrayList(java.util.ArrayList)
List(java.util.List)
GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName)
BasicConstraints(com.github.zhenwei.core.asn1.x509.BasicConstraints)
Aggregations
X509Extension (org.bouncycastle.asn1.x509.X509Extension)21
Enumeration (java.util.Enumeration)20
X509Extensions (org.bouncycastle.asn1.x509.X509Extensions)20
IOException (java.io.IOException)18
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)12
HashSet (java.util.HashSet)11
X509Extension (org.gudy.bouncycastle.asn1.x509.X509Extension)11
X509Certificate (java.security.cert.X509Certificate)10
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)10
DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)10
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)8
DERBitString (org.bouncycastle.asn1.DERBitString)8
DERSequence (org.bouncycastle.asn1.DERSequence)8
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)8
CertificateException (java.security.cert.CertificateException)7
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)7
GeneralSecurityException (java.security.GeneralSecurityException)6
ArrayList (java.util.ArrayList)6
Set (java.util.Set)6
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)6
