Search in sources :

Example 41 with ASN1Encodable

use of org.gudy.bouncycastle.asn1.ASN1Encodable in project xipki by xipki.

the class ExtensionsChecker method checkExtensionSubjectInfoAccess.

private void checkExtensionSubjectInfoAccess(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) {
    Map<ASN1ObjectIdentifier, Set<GeneralNameMode>> conf = certProfile.getSubjectInfoAccessModes();
    if (conf == null) {
        failureMsg.append("extension is present but not expected; ");
        return;
    }
    ASN1Encodable requestExtValue = null;
    if (requestedExtensions != null) {
        requestExtValue = requestedExtensions.getExtensionParsedValue(Extension.subjectInfoAccess);
    }
    if (requestExtValue == null) {
        failureMsg.append("extension is present but not expected; ");
        return;
    }
    ASN1Sequence requestSeq = ASN1Sequence.getInstance(requestExtValue);
    ASN1Sequence certSeq = ASN1Sequence.getInstance(extensionValue);
    int size = requestSeq.size();
    if (certSeq.size() != size) {
        addViolation(failureMsg, "size of GeneralNames", certSeq.size(), size);
        return;
    }
    for (int i = 0; i < size; i++) {
        AccessDescription ad = AccessDescription.getInstance(requestSeq.getObjectAt(i));
        ASN1ObjectIdentifier accessMethod = ad.getAccessMethod();
        Set<GeneralNameMode> generalNameModes = conf.get(accessMethod);
        if (generalNameModes == null) {
            failureMsg.append("accessMethod in requestedExtension ").append(accessMethod.getId()).append(" is not allowed; ");
            continue;
        }
        AccessDescription certAccessDesc = AccessDescription.getInstance(certSeq.getObjectAt(i));
        ASN1ObjectIdentifier certAccessMethod = certAccessDesc.getAccessMethod();
        boolean bo = (accessMethod == null) ? (certAccessMethod == null) : accessMethod.equals(certAccessMethod);
        if (!bo) {
            addViolation(failureMsg, "accessMethod", (certAccessMethod == null) ? "null" : certAccessMethod.getId(), (accessMethod == null) ? "null" : accessMethod.getId());
            continue;
        }
        GeneralName accessLocation;
        try {
            accessLocation = createGeneralName(ad.getAccessLocation(), generalNameModes);
        } catch (BadCertTemplateException ex) {
            failureMsg.append("invalid requestedExtension: ").append(ex.getMessage()).append("; ");
            continue;
        }
        GeneralName certAccessLocation = certAccessDesc.getAccessLocation();
        if (!certAccessLocation.equals(accessLocation)) {
            failureMsg.append("accessLocation does not match the requested one; ");
        }
    }
}
Also used : GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode) Set(java.util.Set) HashSet(java.util.HashSet) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)

Example 42 with ASN1Encodable

use of org.gudy.bouncycastle.asn1.ASN1Encodable in project xipki by xipki.

the class SubjectChecker method getRdnTextValueOfRequest.

private static String getRdnTextValueOfRequest(RDN requestedRdn) throws BadCertTemplateException {
    ASN1ObjectIdentifier type = requestedRdn.getFirst().getType();
    ASN1Encodable vec = requestedRdn.getFirst().getValue();
    if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(type)) {
        if (!(vec instanceof ASN1GeneralizedTime)) {
            throw new BadCertTemplateException("requested RDN is not of GeneralizedTime");
        }
        return ((ASN1GeneralizedTime) vec).getTimeString();
    } else if (ObjectIdentifiers.DN_POSTAL_ADDRESS.equals(type)) {
        if (!(vec instanceof ASN1Sequence)) {
            throw new BadCertTemplateException("requested RDN is not of Sequence");
        }
        ASN1Sequence seq = (ASN1Sequence) vec;
        final int n = seq.size();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < n; i++) {
            ASN1Encodable obj = seq.getObjectAt(i);
            String textValue = X509Util.rdnValueToString(obj);
            sb.append("[").append(i).append("]=").append(textValue).append(",");
        }
        return sb.toString();
    } else {
        return X509Util.rdnValueToString(vec);
    }
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERT61String(org.bouncycastle.asn1.DERT61String) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 43 with ASN1Encodable

use of org.gudy.bouncycastle.asn1.ASN1Encodable in project xipki by xipki.

the class SubjectChecker method getAtvValueString.

private static String getAtvValueString(String name, AttributeTypeAndValue atv, StringType stringType, StringBuilder failureMsg) {
    ASN1ObjectIdentifier type = atv.getType();
    ASN1Encodable atvValue = atv.getValue();
    if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(type)) {
        if (!(atvValue instanceof ASN1GeneralizedTime)) {
            failureMsg.append(name).append(" is not of type GeneralizedTime; ");
            return null;
        }
        return ((ASN1GeneralizedTime) atvValue).getTimeString();
    } else if (ObjectIdentifiers.DN_POSTAL_ADDRESS.equals(type)) {
        if (!(atvValue instanceof ASN1Sequence)) {
            failureMsg.append(name).append(" is not of type Sequence; ");
            return null;
        }
        ASN1Sequence seq = (ASN1Sequence) atvValue;
        final int n = seq.size();
        StringBuilder sb = new StringBuilder();
        boolean validEncoding = true;
        for (int i = 0; i < n; i++) {
            ASN1Encodable obj = seq.getObjectAt(i);
            if (!matchStringType(obj, stringType)) {
                failureMsg.append(name).append(".[").append(i).append("] is not of type ").append(stringType.name()).append("; ");
                validEncoding = false;
                break;
            }
            String textValue = X509Util.rdnValueToString(obj);
            sb.append("[").append(i).append("]=").append(textValue).append(",");
        }
        if (!validEncoding) {
            return null;
        }
        return sb.toString();
    } else {
        if (!matchStringType(atvValue, stringType)) {
            failureMsg.append(name).append(" is not of type " + stringType.name()).append("; ");
            return null;
        }
        return X509Util.rdnValueToString(atvValue);
    }
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERT61String(org.bouncycastle.asn1.DERT61String) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 44 with ASN1Encodable

use of org.gudy.bouncycastle.asn1.ASN1Encodable in project xipki by xipki.

the class ExtensionsChecker method createGeneralName.

private static GeneralName createGeneralName(GeneralName reqName, Set<GeneralNameMode> modes) throws BadCertTemplateException {
    int tag = reqName.getTagNo();
    GeneralNameMode mode = null;
    if (modes != null) {
        for (GeneralNameMode m : modes) {
            if (m.getTag().getTag() == tag) {
                mode = m;
                break;
            }
        }
        if (mode == null) {
            throw new BadCertTemplateException("generalName tag " + tag + " is not allowed");
        }
    }
    switch(tag) {
        case GeneralName.rfc822Name:
        case GeneralName.dNSName:
        case GeneralName.uniformResourceIdentifier:
        case GeneralName.iPAddress:
        case GeneralName.registeredID:
        case GeneralName.directoryName:
            return new GeneralName(tag, reqName.getName());
        case GeneralName.otherName:
            ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName());
            ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0));
            if (mode != null && !mode.getAllowedTypes().contains(type)) {
                throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed");
            }
            ASN1Encodable value = ASN1TaggedObject.getInstance(reqSeq.getObjectAt(1)).getObject();
            String text;
            if (!(value instanceof ASN1String)) {
                throw new BadCertTemplateException("otherName.value is not a String");
            } else {
                text = ((ASN1String) value).getString();
            }
            ASN1EncodableVector vector = new ASN1EncodableVector();
            vector.add(type);
            vector.add(new DERTaggedObject(true, 0, new DERUTF8String(text)));
            DERSequence seq = new DERSequence(vector);
            return new GeneralName(GeneralName.otherName, seq);
        case GeneralName.ediPartyName:
            reqSeq = ASN1Sequence.getInstance(reqName.getName());
            int size = reqSeq.size();
            String nameAssigner = null;
            int idx = 0;
            if (size > 1) {
                DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
                nameAssigner = ds.getString();
            }
            DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
            String partyName = ds.getString();
            vector = new ASN1EncodableVector();
            if (nameAssigner != null) {
                vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner)));
            }
            vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName)));
            seq = new DERSequence(vector);
            return new GeneralName(GeneralName.ediPartyName, seq);
        default:
            throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
    }
// end switch
}
Also used : GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERT61String(org.bouncycastle.asn1.DERT61String) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERSequence(org.bouncycastle.asn1.DERSequence) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 45 with ASN1Encodable

use of org.gudy.bouncycastle.asn1.ASN1Encodable in project xipki by xipki.

the class ScepUtil method generateRequest.

public static PKCS10CertificationRequest generateRequest(PrivateKey privatekey, SubjectPublicKeyInfo subjectPublicKeyInfo, X500Name subjectDn, String challengePassword, List<Extension> extensions) throws OperatorCreationException {
    requireNonNull("privatekey", privatekey);
    requireNonNull("subjectPublicKeyInfo", subjectPublicKeyInfo);
    requireNonNull("subjectDn", subjectDn);
    Map<ASN1ObjectIdentifier, ASN1Encodable> attributes = new HashMap<ASN1ObjectIdentifier, ASN1Encodable>();
    if (challengePassword != null && !challengePassword.isEmpty()) {
        DERPrintableString asn1Pwd = new DERPrintableString(challengePassword);
        attributes.put(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, asn1Pwd);
    }
    if (extensions != null && !extensions.isEmpty()) {
        Extensions asn1Extensions = new Extensions(extensions.toArray(new Extension[0]));
        attributes.put(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, asn1Extensions);
    }
    return generateRequest(privatekey, subjectPublicKeyInfo, subjectDn, attributes);
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) HashMap(java.util.HashMap) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) Extensions(org.bouncycastle.asn1.x509.Extensions) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)129 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)71 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)56 IOException (java.io.IOException)32 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)31 DEROctetString (org.bouncycastle.asn1.DEROctetString)29 DERIA5String (org.bouncycastle.asn1.DERIA5String)25 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)23 DERSequence (org.bouncycastle.asn1.DERSequence)22 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)21 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)21 ArrayList (java.util.ArrayList)20 GeneralName (org.bouncycastle.asn1.x509.GeneralName)19 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)17 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)17 X509Certificate (java.security.cert.X509Certificate)15 HashSet (java.util.HashSet)15 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)15 DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)15 DERBMPString (org.bouncycastle.asn1.DERBMPString)14