Search in sources :

Example 71 with ASN1Encodable

use of org.gudy.bouncycastle.asn1.ASN1Encodable in project jruby-openssl by jruby.

the class X509Extension method newExtension.

static X509Extension[] newExtension(final ThreadContext context, final String oid, final byte[] extValue, final boolean critical) throws IOException {
    final Ruby runtime = context.runtime;
    final ASN1ObjectIdentifier objectId = ASN1.getObjectID(runtime, oid);
    final ASN1Encodable value = ASN1.readObject(extValue);
    return new X509Extension[] { newExtension(runtime, objectId, value, critical) };
}
Also used : ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) Ruby(org.jruby.Ruby) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 72 with ASN1Encodable

use of org.gudy.bouncycastle.asn1.ASN1Encodable in project jruby-openssl by jruby.

the class X509Extension method formatGeneralName.

@SuppressWarnings("unchecked")
private static boolean formatGeneralName(final GeneralName name, final ByteList out, final boolean slashed) {
    final ASN1Encodable obj = name.getName();
    String val;
    boolean tagged = false;
    switch(name.getTagNo()) {
        case GeneralName.rfc822Name:
            if (!tagged)
                out.append('e').append('m').append('a').append('i').append('l').append(':');
            tagged = true;
        case GeneralName.dNSName:
            if (!tagged)
                out.append('D').append('N').append('S').append(':');
            tagged = true;
        case GeneralName.uniformResourceIdentifier:
            if (!tagged)
                out.append('U').append('R').append('I').append(':');
            val = DERIA5String.getInstance(obj).getString();
            out.append(ByteList.plain(val));
            break;
        case GeneralName.directoryName:
            out.append('D').append('i').append('r').append('N').append('a').append('m').append('e').append(':');
            final X500Name dirName = X500Name.getInstance(obj);
            if (slashed) {
                final RDN[] rdns = dirName.getRDNs();
                final Hashtable defaultSymbols = getDefaultSymbols();
                for (int i = 0; i < rdns.length; i++) {
                    appendRDN(out.append('/'), rdns[i], defaultSymbols);
                }
            } else {
                out.append(ByteList.plain(dirName.toString()));
            }
            break;
        case GeneralName.iPAddress:
            out.append('I').append('P').append(':');
            final byte[] ip = ((ASN1OctetString) name.getName()).getOctets();
            int len = ip.length;
            boolean ip4 = len == 4;
            if (ip4) {
                for (int i = 0; i < ip.length; i++) {
                    out.append(ConvertBytes.intToCharBytes(((int) ip[i]) & 0xff));
                    if (i != len - 1)
                        out.append('.');
                }
            } else {
                for (int i = 0; i < ip.length; i += 2) {
                    out.append(ConvertBytes.intToHexBytes(((ip[i] & 0xff) << 8 | (ip[i + 1] & 0xff))));
                    if (i != len - 2)
                        out.append(':');
                }
            }
            break;
        case GeneralName.otherName:
            out.append('o').append('t').append('h').append('e').append('r').append('N').append('a').append('m').append('e').append(':');
            out.append(ByteList.plain(obj.toString()));
            return true;
        // tagged = true;
        case GeneralName.registeredID:
            out.append('R').append('I').append('D').append(':');
        // tagged = true;
        default:
            out.append(ByteList.plain(obj.toString()));
    }
    return false;
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) Hashtable(java.util.Hashtable) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) RubyString(org.jruby.RubyString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) ASN1String(org.bouncycastle.asn1.ASN1String) DERUniversalString(org.bouncycastle.asn1.DERUniversalString) X500Name(org.bouncycastle.asn1.x500.X500Name) RDN(org.bouncycastle.asn1.x500.RDN)

Example 73 with ASN1Encodable

use of org.gudy.bouncycastle.asn1.ASN1Encodable in project jruby-openssl by jruby.

the class X509Name method fromRDNElement.

private void fromRDNElement(final RDN rdn) {
    final Ruby runtime = getRuntime();
    for (AttributeTypeAndValue tv : rdn.getTypesAndValues()) {
        oids.add(tv.getType());
        final ASN1Encodable val = tv.getValue();
        addValue(val);
        addType(runtime, val);
    }
}
Also used : ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) Ruby(org.jruby.Ruby) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)

Example 74 with ASN1Encodable

use of org.gudy.bouncycastle.asn1.ASN1Encodable in project jruby-openssl by jruby.

the class X509Name method fromASN1Sequence.

private void fromASN1Sequence(final ASN1Encodable element) {
    ASN1Sequence typeAndValue = ASN1Sequence.getInstance(element);
    oids.add((ASN1ObjectIdentifier) typeAndValue.getObjectAt(0));
    final ASN1Encodable val = typeAndValue.getObjectAt(1);
    addValue(val);
    addType(getRuntime(), val);
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)

Example 75 with ASN1Encodable

use of org.gudy.bouncycastle.asn1.ASN1Encodable in project jruby-openssl by jruby.

the class OCSPRequest method verify.

@JRubyMethod(name = "verify", rest = true)
public IRubyObject verify(IRubyObject[] args) {
    Ruby runtime = getRuntime();
    ThreadContext context = runtime.getCurrentContext();
    int flags = 0;
    boolean ret = false;
    if (Arity.checkArgumentCount(runtime, args, 2, 3) == 3) {
        flags = RubyFixnum.fix2int((RubyFixnum) args[2]);
    }
    IRubyObject certificates = args[0];
    IRubyObject store = args[1];
    OCSPReq bcOCSPReq = getBCOCSPReq();
    if (bcOCSPReq == null) {
        throw newOCSPError(runtime, new NullPointerException("Missing BC asn1bcReq. Missing certIDs or signature?"));
    }
    if (!bcOCSPReq.isSigned()) {
        return RubyBoolean.newBoolean(runtime, ret);
    }
    GeneralName genName = bcOCSPReq.getRequestorName();
    if (genName.getTagNo() != 4) {
        return RubyBoolean.newBoolean(runtime, ret);
    }
    X500Name genX500Name = X500Name.getInstance(genName.getName());
    X509StoreContext storeContext = null;
    JcaContentVerifierProviderBuilder jcacvpb = new JcaContentVerifierProviderBuilder();
    jcacvpb.setProvider("BC");
    try {
        java.security.cert.Certificate signer = findCertByName(genX500Name, certificates, flags);
        if (signer == null)
            return RubyBoolean.newBoolean(runtime, ret);
        if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOINTERN))) > 0 && ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_TRUSTOTHER))) > 0))
            flags |= RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOVERIFY));
        if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOSIGS))) == 0) {
            PublicKey signerPubKey = signer.getPublicKey();
            ContentVerifierProvider cvp = jcacvpb.build(signerPubKey);
            ret = bcOCSPReq.isSignatureValid(cvp);
            if (!ret) {
                return RubyBoolean.newBoolean(runtime, ret);
            }
        }
        if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOVERIFY))) == 0) {
            if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOCHAIN))) > 0) {
                storeContext = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), context.nil);
            } else {
                RubyArray certs = RubyArray.newEmptyArray(runtime);
                ASN1Sequence bcCerts = asn1bcReq.getOptionalSignature().getCerts();
                if (bcCerts != null) {
                    Iterator<ASN1Encodable> it = bcCerts.iterator();
                    while (it.hasNext()) {
                        Certificate cert = Certificate.getInstance(it.next());
                        certs.add(X509Cert.wrap(runtime, new X509AuxCertificate(cert)));
                    }
                }
                storeContext = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), certs);
            }
            storeContext.set_purpose(context, _X509(runtime).getConstant("PURPOSE_OCSP_HELPER"));
            storeContext.set_trust(context, _X509(runtime).getConstant("TRUST_OCSP_REQUEST"));
            ret = storeContext.verify(context).isTrue();
            if (!ret)
                return RubyBoolean.newBoolean(runtime, false);
        }
    } catch (Exception e) {
        debugStackTrace(e);
        throw newOCSPError(runtime, e);
    }
    return RubyBoolean.newBoolean(getRuntime(), ret);
}
Also used : RubyArray(org.jruby.RubyArray) X500Name(org.bouncycastle.asn1.x500.X500Name) IRubyObject(org.jruby.runtime.builtin.IRubyObject) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) Ruby(org.jruby.Ruby) ContentVerifierProvider(org.bouncycastle.operator.ContentVerifierProvider) PublicKey(java.security.PublicKey) ThreadContext(org.jruby.runtime.ThreadContext) RubyFixnum(org.jruby.RubyFixnum) RaiseException(org.jruby.exceptions.RaiseException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) JcaContentVerifierProviderBuilder(org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) OCSPReq(org.bouncycastle.cert.ocsp.OCSPReq) GeneralName(org.bouncycastle.asn1.x509.GeneralName) X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate) X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate) JRubyMethod(org.jruby.anno.JRubyMethod)

Aggregations

ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)129 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)71 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)56 IOException (java.io.IOException)32 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)31 DEROctetString (org.bouncycastle.asn1.DEROctetString)29 DERIA5String (org.bouncycastle.asn1.DERIA5String)25 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)23 DERSequence (org.bouncycastle.asn1.DERSequence)22 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)21 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)21 ArrayList (java.util.ArrayList)20 GeneralName (org.bouncycastle.asn1.x509.GeneralName)19 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)17 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)17 X509Certificate (java.security.cert.X509Certificate)15 HashSet (java.util.HashSet)15 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)15 DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)15 DERBMPString (org.bouncycastle.asn1.DERBMPString)14