use of org.gudy.bouncycastle.asn1.ASN1Encodable in project jruby-openssl by jruby.
the class X509Extension method newExtension.
static X509Extension[] newExtension(final ThreadContext context, final String oid, final byte[] extValue, final boolean critical) throws IOException {
final Ruby runtime = context.runtime;
final ASN1ObjectIdentifier objectId = ASN1.getObjectID(runtime, oid);
final ASN1Encodable value = ASN1.readObject(extValue);
return new X509Extension[] { newExtension(runtime, objectId, value, critical) };
}
use of org.gudy.bouncycastle.asn1.ASN1Encodable in project jruby-openssl by jruby.
the class X509Extension method formatGeneralName.
@SuppressWarnings("unchecked")
private static boolean formatGeneralName(final GeneralName name, final ByteList out, final boolean slashed) {
final ASN1Encodable obj = name.getName();
String val;
boolean tagged = false;
switch(name.getTagNo()) {
case GeneralName.rfc822Name:
if (!tagged)
out.append('e').append('m').append('a').append('i').append('l').append(':');
tagged = true;
case GeneralName.dNSName:
if (!tagged)
out.append('D').append('N').append('S').append(':');
tagged = true;
case GeneralName.uniformResourceIdentifier:
if (!tagged)
out.append('U').append('R').append('I').append(':');
val = DERIA5String.getInstance(obj).getString();
out.append(ByteList.plain(val));
break;
case GeneralName.directoryName:
out.append('D').append('i').append('r').append('N').append('a').append('m').append('e').append(':');
final X500Name dirName = X500Name.getInstance(obj);
if (slashed) {
final RDN[] rdns = dirName.getRDNs();
final Hashtable defaultSymbols = getDefaultSymbols();
for (int i = 0; i < rdns.length; i++) {
appendRDN(out.append('/'), rdns[i], defaultSymbols);
}
} else {
out.append(ByteList.plain(dirName.toString()));
}
break;
case GeneralName.iPAddress:
out.append('I').append('P').append(':');
final byte[] ip = ((ASN1OctetString) name.getName()).getOctets();
int len = ip.length;
boolean ip4 = len == 4;
if (ip4) {
for (int i = 0; i < ip.length; i++) {
out.append(ConvertBytes.intToCharBytes(((int) ip[i]) & 0xff));
if (i != len - 1)
out.append('.');
}
} else {
for (int i = 0; i < ip.length; i += 2) {
out.append(ConvertBytes.intToHexBytes(((ip[i] & 0xff) << 8 | (ip[i + 1] & 0xff))));
if (i != len - 2)
out.append(':');
}
}
break;
case GeneralName.otherName:
out.append('o').append('t').append('h').append('e').append('r').append('N').append('a').append('m').append('e').append(':');
out.append(ByteList.plain(obj.toString()));
return true;
// tagged = true;
case GeneralName.registeredID:
out.append('R').append('I').append('D').append(':');
// tagged = true;
default:
out.append(ByteList.plain(obj.toString()));
}
return false;
}
use of org.gudy.bouncycastle.asn1.ASN1Encodable in project jruby-openssl by jruby.
the class X509Name method fromRDNElement.
private void fromRDNElement(final RDN rdn) {
final Ruby runtime = getRuntime();
for (AttributeTypeAndValue tv : rdn.getTypesAndValues()) {
oids.add(tv.getType());
final ASN1Encodable val = tv.getValue();
addValue(val);
addType(runtime, val);
}
}
use of org.gudy.bouncycastle.asn1.ASN1Encodable in project jruby-openssl by jruby.
the class X509Name method fromASN1Sequence.
private void fromASN1Sequence(final ASN1Encodable element) {
ASN1Sequence typeAndValue = ASN1Sequence.getInstance(element);
oids.add((ASN1ObjectIdentifier) typeAndValue.getObjectAt(0));
final ASN1Encodable val = typeAndValue.getObjectAt(1);
addValue(val);
addType(getRuntime(), val);
}
use of org.gudy.bouncycastle.asn1.ASN1Encodable in project jruby-openssl by jruby.
the class OCSPRequest method verify.
@JRubyMethod(name = "verify", rest = true)
public IRubyObject verify(IRubyObject[] args) {
Ruby runtime = getRuntime();
ThreadContext context = runtime.getCurrentContext();
int flags = 0;
boolean ret = false;
if (Arity.checkArgumentCount(runtime, args, 2, 3) == 3) {
flags = RubyFixnum.fix2int((RubyFixnum) args[2]);
}
IRubyObject certificates = args[0];
IRubyObject store = args[1];
OCSPReq bcOCSPReq = getBCOCSPReq();
if (bcOCSPReq == null) {
throw newOCSPError(runtime, new NullPointerException("Missing BC asn1bcReq. Missing certIDs or signature?"));
}
if (!bcOCSPReq.isSigned()) {
return RubyBoolean.newBoolean(runtime, ret);
}
GeneralName genName = bcOCSPReq.getRequestorName();
if (genName.getTagNo() != 4) {
return RubyBoolean.newBoolean(runtime, ret);
}
X500Name genX500Name = X500Name.getInstance(genName.getName());
X509StoreContext storeContext = null;
JcaContentVerifierProviderBuilder jcacvpb = new JcaContentVerifierProviderBuilder();
jcacvpb.setProvider("BC");
try {
java.security.cert.Certificate signer = findCertByName(genX500Name, certificates, flags);
if (signer == null)
return RubyBoolean.newBoolean(runtime, ret);
if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOINTERN))) > 0 && ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_TRUSTOTHER))) > 0))
flags |= RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOVERIFY));
if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOSIGS))) == 0) {
PublicKey signerPubKey = signer.getPublicKey();
ContentVerifierProvider cvp = jcacvpb.build(signerPubKey);
ret = bcOCSPReq.isSignatureValid(cvp);
if (!ret) {
return RubyBoolean.newBoolean(runtime, ret);
}
}
if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOVERIFY))) == 0) {
if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOCHAIN))) > 0) {
storeContext = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), context.nil);
} else {
RubyArray certs = RubyArray.newEmptyArray(runtime);
ASN1Sequence bcCerts = asn1bcReq.getOptionalSignature().getCerts();
if (bcCerts != null) {
Iterator<ASN1Encodable> it = bcCerts.iterator();
while (it.hasNext()) {
Certificate cert = Certificate.getInstance(it.next());
certs.add(X509Cert.wrap(runtime, new X509AuxCertificate(cert)));
}
}
storeContext = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), certs);
}
storeContext.set_purpose(context, _X509(runtime).getConstant("PURPOSE_OCSP_HELPER"));
storeContext.set_trust(context, _X509(runtime).getConstant("TRUST_OCSP_REQUEST"));
ret = storeContext.verify(context).isTrue();
if (!ret)
return RubyBoolean.newBoolean(runtime, false);
}
} catch (Exception e) {
debugStackTrace(e);
throw newOCSPError(runtime, e);
}
return RubyBoolean.newBoolean(getRuntime(), ret);
}
Aggregations