Search in sources :

Example 16 with X509Extension

use of org.gudy.bouncycastle.asn1.x509.X509Extension in project jruby-openssl by jruby.

the class OCSPSingleResponse method extensions.

@JRubyMethod(name = "extensions")
public IRubyObject extensions() {
    Ruby runtime = getRuntime();
    Extensions exts = bcSingleResponse.getSingleExtensions();
    if (exts == null)
        return RubyArray.newEmptyArray(runtime);
    ASN1ObjectIdentifier[] extOIDs = exts.getExtensionOIDs();
    RubyArray retExts = runtime.newArray(extOIDs.length);
    for (ASN1ObjectIdentifier extOID : extOIDs) {
        Extension ext = exts.getExtension(extOID);
        ASN1Encodable extAsn1 = ext.getParsedValue();
        X509Extension retExt = X509Extension.newExtension(runtime, extOID, extAsn1, ext.isCritical());
        retExts.append(retExt);
    }
    return retExts;
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) RubyArray(org.jruby.RubyArray) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) Extensions(org.bouncycastle.asn1.x509.Extensions) Ruby(org.jruby.Ruby) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) JRubyMethod(org.jruby.anno.JRubyMethod)

Example 17 with X509Extension

use of org.gudy.bouncycastle.asn1.x509.X509Extension in project jruby-openssl by jruby.

the class OCSPBasicResponse method convertRubyExtensions.

private Extensions convertRubyExtensions(IRubyObject extensions) {
    if (extensions.isNil())
        return null;
    List<Extension> retExtensions = new ArrayList<Extension>();
    Iterator<IRubyObject> rubyExtensions = ((RubyArray) extensions).iterator();
    while (rubyExtensions.hasNext()) {
        X509Extension rubyExt = (X509Extension) rubyExtensions.next();
        Extension ext = Extension.getInstance(((RubyString) rubyExt.to_der()).getBytes());
        retExtensions.add(ext);
    }
    Extension[] exts = new Extension[retExtensions.size()];
    retExtensions.toArray(exts);
    return new Extensions(exts);
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) RubyArray(org.jruby.RubyArray) ArrayList(java.util.ArrayList) IRubyObject(org.jruby.runtime.builtin.IRubyObject) Extensions(org.bouncycastle.asn1.x509.Extensions)

Example 18 with X509Extension

use of org.gudy.bouncycastle.asn1.x509.X509Extension in project XobotOS by xamarin.

the class RFC3280CertPathUtilities method processCRLB2.

/**
     * If the complete CRL includes an issuing distribution point (IDP) CRL
     * extension check the following:
     * <p/>
     * (i) If the distribution point name is present in the IDP CRL extension
     * and the distribution field is present in the DP, then verify that one of
     * the names in the IDP matches one of the names in the DP. If the
     * distribution point name is present in the IDP CRL extension and the
     * distribution field is omitted from the DP, then verify that one of the
     * names in the IDP matches one of the names in the cRLIssuer field of the
     * DP.
     * </p>
     * <p/>
     * (ii) If the onlyContainsUserCerts boolean is asserted in the IDP CRL
     * extension, verify that the certificate does not include the basic
     * constraints extension with the cA boolean asserted.
     * </p>
     * <p/>
     * (iii) If the onlyContainsCACerts boolean is asserted in the IDP CRL
     * extension, verify that the certificate includes the basic constraints
     * extension with the cA boolean asserted.
     * </p>
     * <p/>
     * (iv) Verify that the onlyContainsAttributeCerts boolean is not asserted.
     * </p>
     *
     * @param dp   The distribution point.
     * @param cert The certificate.
     * @param crl  The CRL.
     * @throws AnnotatedException if one of the conditions is not met or an error occurs.
     */
protected static void processCRLB2(DistributionPoint dp, Object cert, X509CRL crl) throws AnnotatedException {
    IssuingDistributionPoint idp = null;
    try {
        idp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(crl, RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT));
    } catch (Exception e) {
        throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e);
    }
    // distribution point name is present
    if (idp != null) {
        if (idp.getDistributionPoint() != null) {
            // make list of names
            DistributionPointName dpName = IssuingDistributionPoint.getInstance(idp).getDistributionPoint();
            List names = new ArrayList();
            if (dpName.getType() == DistributionPointName.FULL_NAME) {
                GeneralName[] genNames = GeneralNames.getInstance(dpName.getName()).getNames();
                for (int j = 0; j < genNames.length; j++) {
                    names.add(genNames[j]);
                }
            }
            if (dpName.getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER) {
                ASN1EncodableVector vec = new ASN1EncodableVector();
                try {
                    Enumeration e = ASN1Sequence.getInstance(ASN1Sequence.fromByteArray(CertPathValidatorUtilities.getIssuerPrincipal(crl).getEncoded())).getObjects();
                    while (e.hasMoreElements()) {
                        vec.add((DEREncodable) e.nextElement());
                    }
                } catch (IOException e) {
                    throw new AnnotatedException("Could not read CRL issuer.", e);
                }
                vec.add(dpName.getName());
                names.add(new GeneralName(X509Name.getInstance(new DERSequence(vec))));
            }
            boolean matches = false;
            // of the names in the DP.
            if (dp.getDistributionPoint() != null) {
                dpName = dp.getDistributionPoint();
                GeneralName[] genNames = null;
                if (dpName.getType() == DistributionPointName.FULL_NAME) {
                    genNames = GeneralNames.getInstance(dpName.getName()).getNames();
                }
                if (dpName.getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER) {
                    if (dp.getCRLIssuer() != null) {
                        genNames = dp.getCRLIssuer().getNames();
                    } else {
                        genNames = new GeneralName[1];
                        try {
                            genNames[0] = new GeneralName(new X509Name((ASN1Sequence) ASN1Sequence.fromByteArray(CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert).getEncoded())));
                        } catch (IOException e) {
                            throw new AnnotatedException("Could not read certificate issuer.", e);
                        }
                    }
                    for (int j = 0; j < genNames.length; j++) {
                        Enumeration e = ASN1Sequence.getInstance(genNames[j].getName().getDERObject()).getObjects();
                        ASN1EncodableVector vec = new ASN1EncodableVector();
                        while (e.hasMoreElements()) {
                            vec.add((DEREncodable) e.nextElement());
                        }
                        vec.add(dpName.getName());
                        genNames[j] = new GeneralName(new X509Name(new DERSequence(vec)));
                    }
                }
                if (genNames != null) {
                    for (int j = 0; j < genNames.length; j++) {
                        if (names.contains(genNames[j])) {
                            matches = true;
                            break;
                        }
                    }
                }
                if (!matches) {
                    throw new AnnotatedException("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                }
            } else // verify that one of the names in
            // the IDP matches one of the names in the cRLIssuer field of
            // the DP
            {
                if (dp.getCRLIssuer() == null) {
                    throw new AnnotatedException("Either the cRLIssuer or the distributionPoint field must " + "be contained in DistributionPoint.");
                }
                GeneralName[] genNames = dp.getCRLIssuer().getNames();
                for (int j = 0; j < genNames.length; j++) {
                    if (names.contains(genNames[j])) {
                        matches = true;
                        break;
                    }
                }
                if (!matches) {
                    throw new AnnotatedException("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                }
            }
        }
        BasicConstraints bc = null;
        try {
            bc = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue((X509Extension) cert, BASIC_CONSTRAINTS));
        } catch (Exception e) {
            throw new AnnotatedException("Basic constraints extension could not be decoded.", e);
        }
        if (cert instanceof X509Certificate) {
            // (b) (2) (ii)
            if (idp.onlyContainsUserCerts() && (bc != null && bc.isCA())) {
                throw new AnnotatedException("CA Cert CRL only contains user certificates.");
            }
            // (b) (2) (iii)
            if (idp.onlyContainsCACerts() && (bc == null || !bc.isCA())) {
                throw new AnnotatedException("End CRL only contains CA certificates.");
            }
        }
        // (b) (2) (iv)
        if (idp.onlyContainsAttributeCerts()) {
            throw new AnnotatedException("onlyContainsAttributeCerts boolean is asserted.");
        }
    }
}
Also used : IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) Enumeration(java.util.Enumeration) DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName) ArrayList(java.util.ArrayList) IOException(java.io.IOException) CertificateExpiredException(java.security.cert.CertificateExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) X509Certificate(java.security.cert.X509Certificate) DERSequence(org.bouncycastle.asn1.DERSequence) X509Name(org.bouncycastle.asn1.x509.X509Name) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) List(java.util.List) ArrayList(java.util.ArrayList) GeneralName(org.bouncycastle.asn1.x509.GeneralName) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Example 19 with X509Extension

use of org.gudy.bouncycastle.asn1.x509.X509Extension in project XobotOS by xamarin.

the class X509CRLEntryObject method getExtensionOIDs.

private Set getExtensionOIDs(boolean critical) {
    X509Extensions extensions = c.getExtensions();
    if (extensions != null) {
        Set set = new HashSet();
        Enumeration e = extensions.oids();
        while (e.hasMoreElements()) {
            DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
            X509Extension ext = extensions.getExtension(oid);
            if (critical == ext.isCritical()) {
                set.add(oid.getId());
            }
        }
        return set;
    }
    return null;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) Enumeration(java.util.Enumeration) X509Extension(org.bouncycastle.asn1.x509.X509Extension) X509Extensions(org.bouncycastle.asn1.x509.X509Extensions) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) HashSet(java.util.HashSet)

Example 20 with X509Extension

use of org.gudy.bouncycastle.asn1.x509.X509Extension in project XobotOS by xamarin.

the class X509CRLObject method toString.

/**
     * Returns a string representation of this CRL.
     *
     * @return a string representation of this CRL.
     */
public String toString() {
    StringBuffer buf = new StringBuffer();
    String nl = System.getProperty("line.separator");
    buf.append("              Version: ").append(this.getVersion()).append(nl);
    buf.append("             IssuerDN: ").append(this.getIssuerDN()).append(nl);
    buf.append("          This update: ").append(this.getThisUpdate()).append(nl);
    buf.append("          Next update: ").append(this.getNextUpdate()).append(nl);
    buf.append("  Signature Algorithm: ").append(this.getSigAlgName()).append(nl);
    byte[] sig = this.getSignature();
    buf.append("            Signature: ").append(new String(Hex.encode(sig, 0, 20))).append(nl);
    for (int i = 20; i < sig.length; i += 20) {
        if (i < sig.length - 20) {
            buf.append("                       ").append(new String(Hex.encode(sig, i, 20))).append(nl);
        } else {
            buf.append("                       ").append(new String(Hex.encode(sig, i, sig.length - i))).append(nl);
        }
    }
    X509Extensions extensions = c.getTBSCertList().getExtensions();
    if (extensions != null) {
        Enumeration e = extensions.oids();
        if (e.hasMoreElements()) {
            buf.append("           Extensions: ").append(nl);
        }
        while (e.hasMoreElements()) {
            DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
            X509Extension ext = extensions.getExtension(oid);
            if (ext.getValue() != null) {
                byte[] octs = ext.getValue().getOctets();
                ASN1InputStream dIn = new ASN1InputStream(octs);
                buf.append("                       critical(").append(ext.isCritical()).append(") ");
                try {
                    if (oid.equals(X509Extensions.CRLNumber)) {
                        buf.append(new CRLNumber(DERInteger.getInstance(dIn.readObject()).getPositiveValue())).append(nl);
                    } else if (oid.equals(X509Extensions.DeltaCRLIndicator)) {
                        buf.append("Base CRL: " + new CRLNumber(DERInteger.getInstance(dIn.readObject()).getPositiveValue())).append(nl);
                    } else if (oid.equals(X509Extensions.IssuingDistributionPoint)) {
                        buf.append(new IssuingDistributionPoint((ASN1Sequence) dIn.readObject())).append(nl);
                    } else if (oid.equals(X509Extensions.CRLDistributionPoints)) {
                        buf.append(new CRLDistPoint((ASN1Sequence) dIn.readObject())).append(nl);
                    } else if (oid.equals(X509Extensions.FreshestCRL)) {
                        buf.append(new CRLDistPoint((ASN1Sequence) dIn.readObject())).append(nl);
                    } else {
                        buf.append(oid.getId());
                        buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
                    }
                } catch (Exception ex) {
                    buf.append(oid.getId());
                    buf.append(" value = ").append("*****").append(nl);
                }
            } else {
                buf.append(nl);
            }
        }
    }
    Set set = getRevokedCertificates();
    if (set != null) {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            buf.append(it.next());
            buf.append(nl);
        }
    }
    return buf.toString();
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) Enumeration(java.util.Enumeration) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) HashSet(java.util.HashSet) Set(java.util.Set) X509Extension(org.bouncycastle.asn1.x509.X509Extension) CRLNumber(org.bouncycastle.asn1.x509.CRLNumber) X509Extensions(org.bouncycastle.asn1.x509.X509Extensions) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) SignatureException(java.security.SignatureException) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) CRLException(java.security.cert.CRLException) NoSuchProviderException(java.security.NoSuchProviderException) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) Iterator(java.util.Iterator) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Aggregations

Enumeration (java.util.Enumeration)14 IOException (java.io.IOException)11 X509Extension (org.gudy.bouncycastle.asn1.x509.X509Extension)11 DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)10 X509Extension (org.bouncycastle.asn1.x509.X509Extension)10 X509Extensions (org.bouncycastle.asn1.x509.X509Extensions)10 HashSet (java.util.HashSet)8 Set (java.util.Set)6 X509Extensions (org.gudy.bouncycastle.asn1.x509.X509Extensions)6 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)5 CertificateExpiredException (java.security.cert.CertificateExpiredException)4 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)4 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)4 DERSequence (org.bouncycastle.asn1.DERSequence)4 DERObjectIdentifier (org.gudy.bouncycastle.asn1.DERObjectIdentifier)4 ByteArrayOutputStream (java.io.ByteArrayOutputStream)3 GeneralSecurityException (java.security.GeneralSecurityException)3 CRLException (java.security.cert.CRLException)3 ArrayList (java.util.ArrayList)3 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)3