Search in sources :

Example 11 with X509Extension

use of org.gudy.bouncycastle.asn1.x509.X509Extension in project BiglyBT by BiglySoftware.

the class X509CRLObject method getExtensionOIDs.

private Set getExtensionOIDs(boolean critical) {
    if (this.getVersion() == 2) {
        HashSet set = new HashSet();
        X509Extensions extensions = c.getTBSCertList().getExtensions();
        Enumeration e = extensions.oids();
        while (e.hasMoreElements()) {
            DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
            X509Extension ext = extensions.getExtension(oid);
            if (critical == ext.isCritical()) {
                set.add(oid.getId());
            }
        }
        return set;
    }
    return null;
}
Also used : Enumeration(java.util.Enumeration) X509Extension(org.gudy.bouncycastle.asn1.x509.X509Extension) X509Extensions(org.gudy.bouncycastle.asn1.x509.X509Extensions) DERObjectIdentifier(org.gudy.bouncycastle.asn1.DERObjectIdentifier) HashSet(java.util.HashSet)

Example 12 with X509Extension

use of org.gudy.bouncycastle.asn1.x509.X509Extension in project BiglyBT by BiglySoftware.

the class X509CertificateObject method getNonCriticalExtensionOIDs.

@Override
public Set getNonCriticalExtensionOIDs() {
    if (this.getVersion() == 3) {
        HashSet set = new HashSet();
        X509Extensions extensions = c.getTBSCertificate().getExtensions();
        if (extensions != null) {
            Enumeration e = extensions.oids();
            while (e.hasMoreElements()) {
                DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
                X509Extension ext = extensions.getExtension(oid);
                if (!ext.isCritical()) {
                    set.add(oid.getId());
                }
            }
            return set;
        }
    }
    return null;
}
Also used : X509Extension(org.gudy.bouncycastle.asn1.x509.X509Extension)

Example 13 with X509Extension

use of org.gudy.bouncycastle.asn1.x509.X509Extension in project BiglyBT by BiglySoftware.

the class X509V2AttributeCertificate method getExtensionValue.

@Override
public byte[] getExtensionValue(String oid) {
    X509Extensions extensions = cert.getAcinfo().getExtensions();
    if (extensions != null) {
        X509Extension ext = extensions.getExtension(new DERObjectIdentifier(oid));
        if (ext != null) {
            ByteArrayOutputStream bOut = new ByteArrayOutputStream();
            DEROutputStream dOut = new DEROutputStream(bOut);
            try {
                dOut.writeObject(ext.getValue());
                return bOut.toByteArray();
            } catch (Exception e) {
                throw new RuntimeException("error encoding " + e.toString());
            }
        }
    }
    return null;
}
Also used : X509Extension(org.gudy.bouncycastle.asn1.x509.X509Extension) X509Extensions(org.gudy.bouncycastle.asn1.x509.X509Extensions) ByteArrayOutputStream(java.io.ByteArrayOutputStream) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) CertificateExpiredException(java.security.cert.CertificateExpiredException) ParseException(java.text.ParseException)

Example 14 with X509Extension

use of org.gudy.bouncycastle.asn1.x509.X509Extension in project jruby-openssl by jruby.

the class X509CRL method sign.

@JRubyMethod
public IRubyObject sign(final ThreadContext context, final IRubyObject key, IRubyObject digest) {
    final Ruby runtime = context.runtime;
    final String signatureAlgorithm = getSignatureAlgorithm(runtime, (PKey) key, (Digest) digest);
    final X500Name issuerName = ((X509Name) issuer).getX500Name();
    final java.util.Date thisUpdate = getLastUpdate().toDate();
    final X509v2CRLBuilder generator = new X509v2CRLBuilder(issuerName, thisUpdate);
    final java.util.Date nextUpdate = getNextUpdate().toDate();
    generator.setNextUpdate(nextUpdate);
    if (revoked != null) {
        for (int i = 0; i < revoked.size(); i++) {
            final X509Revoked rev = (X509Revoked) revoked.entry(i);
            BigInteger serial = new BigInteger(rev.callMethod(context, "serial").toString());
            RubyTime t1 = (RubyTime) rev.callMethod(context, "time").callMethod(context, "getutc");
            t1.setMicroseconds(0);
            final Extensions revExts;
            if (rev.hasExtensions()) {
                final RubyArray exts = rev.extensions();
                final ASN1Encodable[] array = new ASN1Encodable[exts.size()];
                for (int j = 0; j < exts.size(); j++) {
                    final X509Extension ext = (X509Extension) exts.entry(j);
                    try {
                        array[j] = ext.toASN1Sequence();
                    } catch (IOException e) {
                        throw newCRLError(runtime, e);
                    }
                }
                revExts = Extensions.getInstance(new DERSequence(array));
            } else {
                revExts = null;
            }
            generator.addCRLEntry(serial, t1.getJavaDate(), revExts);
        }
    }
    try {
        for (int i = 0; i < extensions.size(); i++) {
            X509Extension ext = (X509Extension) extensions.entry(i);
            ASN1Encodable value = ext.getRealValue();
            generator.addExtension(ext.getRealObjectID(), ext.isRealCritical(), value);
        }
    } catch (IOException e) {
        throw newCRLError(runtime, e);
    }
    final PrivateKey privateKey = ((PKey) key).getPrivateKey();
    try {
        if (avoidJavaSecurity) {
        // NOT IMPLEMENTED
        } else {
        // crl = generator.generate(((PKey) key).getPrivateKey());
        }
        /*
            AlgorithmIdentifier keyAldID = new AlgorithmIdentifier(new ASN1ObjectIdentifier(keyAlg));
            AlgorithmIdentifier digAldID = new AlgorithmIdentifier(new ASN1ObjectIdentifier(digAlg));
            final BcContentSignerBuilder signerBuilder;
            final AsymmetricKeyParameter signerPrivateKey;
            if ( isDSA ) {
                signerBuilder = new BcDSAContentSignerBuilder(keyAldID, digAldID);
                DSAPrivateKey privateKey = (DSAPrivateKey) ((PKey) key).getPrivateKey();
                DSAParameters params = new DSAParameters(
                        privateKey.getParams().getP(),
                        privateKey.getParams().getQ(),
                        privateKey.getParams().getG()
                );
                signerPrivateKey = new DSAPrivateKeyParameters(privateKey.getX(), params);
            }
            */
        ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(privateKey);
        this.crlHolder = generator.build(signer);
        this.crl = null;
    } catch (IllegalStateException e) {
        debugStackTrace(e);
        throw newCRLError(runtime, e);
    } catch (Exception e) {
        debugStackTrace(e);
        throw newCRLError(runtime, e.getMessage());
    }
    final ASN1Primitive crlVal = getCRLValue(runtime);
    ASN1Sequence v1 = (ASN1Sequence) (((ASN1Sequence) crlVal).getObjectAt(0));
    final ASN1EncodableVector build1 = new ASN1EncodableVector();
    int copyIndex = 0;
    if (v1.getObjectAt(0) instanceof ASN1Integer)
        copyIndex++;
    build1.add(new ASN1Integer(new BigInteger(version.toString())));
    while (copyIndex < v1.size()) {
        build1.add(v1.getObjectAt(copyIndex++));
    }
    final ASN1EncodableVector build2 = new ASN1EncodableVector();
    build2.add(new DLSequence(build1));
    build2.add(((ASN1Sequence) crlVal).getObjectAt(1));
    build2.add(((ASN1Sequence) crlVal).getObjectAt(2));
    this.crlValue = new DLSequence(build2);
    changed = false;
    return this;
}
Also used : RubyTime(org.jruby.RubyTime) PrivateKey(java.security.PrivateKey) RubyArray(org.jruby.RubyArray) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) RubyString(org.jruby.RubyString) X500Name(org.bouncycastle.asn1.x500.X500Name) Extensions(org.bouncycastle.asn1.x509.Extensions) DERSequence(org.bouncycastle.asn1.DERSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) Ruby(org.jruby.Ruby) ContentSigner(org.bouncycastle.operator.ContentSigner) IOException(java.io.IOException) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) RaiseException(org.jruby.exceptions.RaiseException) GeneralSecurityException(java.security.GeneralSecurityException) CRLException(java.security.cert.CRLException) IOException(java.io.IOException) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DLSequence(org.bouncycastle.asn1.DLSequence) BigInteger(java.math.BigInteger) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) JRubyMethod(org.jruby.anno.JRubyMethod)

Example 15 with X509Extension

use of org.gudy.bouncycastle.asn1.x509.X509Extension in project jruby-openssl by jruby.

the class X509Cert method uniqueExtensions.

private Collection<X509Extension> uniqueExtensions() {
    final Map<ASN1ObjectIdentifier, X509Extension> unique = new LinkedHashMap<ASN1ObjectIdentifier, X509Extension>();
    for (X509Extension current : this.extensions) {
        final ASN1ObjectIdentifier oid = current.getRealObjectID();
        final X509Extension existing = unique.get(oid);
        if (existing == null) {
            unique.put(oid, current);
            continue;
        }
        // commonly used e.g. with subjectAltName || issuserAltName :
        if ("2.5.29.17".equals(oid.getId()) || "2.5.29.18".equals(oid.getId())) {
            final ASN1EncodableVector vec = new ASN1EncodableVector();
            try {
                GeneralName[] n1 = extRealNames(existing);
                for (int i = 0; i < n1.length; i++) vec.add(n1[i]);
                GeneralName[] n2 = extRealNames(current);
                for (int i = 0; i < n2.length; i++) vec.add(n2[i]);
                GeneralNames nn = GeneralNames.getInstance(new DLSequence(vec));
                final X509Extension existingDup = existing.clone();
                existingDup.setRealValue(nn);
                unique.put(oid, existingDup);
            } catch (IOException ex) {
                throw getRuntime().newIOErrorFromException(ex);
            }
            continue;
        }
        // TODO do we need special care for any others here ?!?
        final ASN1EncodableVector vec = new ASN1EncodableVector();
        try {
            final ASN1Encodable existingValue = existing.getRealValue();
            if (existingValue instanceof ASN1Sequence) {
                final ASN1Sequence seq = (ASN1Sequence) existingValue;
                for (int i = 0; i < seq.size(); i++) {
                    vec.add(seq.getObjectAt(i));
                }
            } else {
                vec.add(existingValue);
            }
            vec.add(current.getRealValue());
            // existing.setRealValue( new DLSequence(vec) );
            final X509Extension existingDup = existing.clone();
            existingDup.setRealValue(new DLSequence(vec));
            unique.put(oid, existingDup);
        } catch (IOException ex) {
            throw getRuntime().newIOErrorFromException(ex);
        }
    }
    return unique.values();
}
Also used : IOException(java.io.IOException) LinkedHashMap(java.util.LinkedHashMap) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) DLSequence(org.bouncycastle.asn1.DLSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

Enumeration (java.util.Enumeration)14 IOException (java.io.IOException)11 X509Extension (org.gudy.bouncycastle.asn1.x509.X509Extension)11 DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)10 X509Extension (org.bouncycastle.asn1.x509.X509Extension)10 X509Extensions (org.bouncycastle.asn1.x509.X509Extensions)10 HashSet (java.util.HashSet)8 Set (java.util.Set)6 X509Extensions (org.gudy.bouncycastle.asn1.x509.X509Extensions)6 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)5 CertificateExpiredException (java.security.cert.CertificateExpiredException)4 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)4 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)4 DERSequence (org.bouncycastle.asn1.DERSequence)4 DERObjectIdentifier (org.gudy.bouncycastle.asn1.DERObjectIdentifier)4 ByteArrayOutputStream (java.io.ByteArrayOutputStream)3 GeneralSecurityException (java.security.GeneralSecurityException)3 CRLException (java.security.cert.CRLException)3 ArrayList (java.util.ArrayList)3 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)3