Search in sources :

Example 1 with X509AttributeCertificate

use of org.gudy.bouncycastle.x509.X509AttributeCertificate in project XobotOS by xamarin.

the class CertPathValidatorUtilities method getCompleteCRLs.

/**
     * Fetches complete CRLs according to RFC 3280.
     *
     * @param dp The distribution point for which the complete CRL
     * @param cert The <code>X509Certificate</code> or
     *            {@link org.bouncycastle.x509.X509AttributeCertificate} for
     *            which the CRL should be searched.
     * @param currentDate The date for which the delta CRLs must be valid.
     * @param paramsPKIX The extended PKIX parameters.
     * @return A <code>Set</code> of <code>X509CRL</code>s with complete
     *         CRLs.
     * @throws AnnotatedException if an exception occurs while picking the CRLs
     *             or no CRLs are found.
     */
protected static Set getCompleteCRLs(DistributionPoint dp, Object cert, Date currentDate, ExtendedPKIXParameters paramsPKIX) throws AnnotatedException {
    X509CRLStoreSelector crlselect = new X509CRLStoreSelector();
    try {
        Set issuers = new HashSet();
        if (cert instanceof X509AttributeCertificate) {
            issuers.add(((X509AttributeCertificate) cert).getIssuer().getPrincipals()[0]);
        } else {
            issuers.add(getEncodedIssuerPrincipal(cert));
        }
        CertPathValidatorUtilities.getCRLIssuersFromDistributionPoint(dp, issuers, crlselect, paramsPKIX);
    } catch (AnnotatedException e) {
        new AnnotatedException("Could not get issuer information from distribution point.", e);
    }
    if (cert instanceof X509Certificate) {
        crlselect.setCertificateChecking((X509Certificate) cert);
    } else if (cert instanceof X509AttributeCertificate) {
        crlselect.setAttrCertificateChecking((X509AttributeCertificate) cert);
    }
    crlselect.setCompleteCRLEnabled(true);
    Set crls = CRL_UTIL.findCRLs(crlselect, paramsPKIX, currentDate);
    if (crls.isEmpty()) {
        if (cert instanceof X509AttributeCertificate) {
            X509AttributeCertificate aCert = (X509AttributeCertificate) cert;
            throw new AnnotatedException("No CRLs found for issuer \"" + aCert.getIssuer().getPrincipals()[0] + "\"");
        } else {
            X509Certificate xCert = (X509Certificate) cert;
            throw new AnnotatedException("No CRLs found for issuer \"" + xCert.getIssuerX500Principal() + "\"");
        }
    }
    return crls;
}
Also used : X509CRLStoreSelector(org.bouncycastle.x509.X509CRLStoreSelector) Set(java.util.Set) HashSet(java.util.HashSet) X509AttributeCertificate(org.bouncycastle.x509.X509AttributeCertificate) X509Certificate(java.security.cert.X509Certificate) HashSet(java.util.HashSet)

Example 2 with X509AttributeCertificate

use of org.gudy.bouncycastle.x509.X509AttributeCertificate in project XobotOS by xamarin.

the class MiscPEMGenerator method createPemObject.

private PemObject createPemObject(Object o) throws IOException {
    String type;
    byte[] encoding;
    if (o instanceof PemObject) {
        return (PemObject) o;
    }
    if (o instanceof PemObjectGenerator) {
        return ((PemObjectGenerator) o).generate();
    }
    if (o instanceof X509Certificate) {
        type = "CERTIFICATE";
        try {
            encoding = ((X509Certificate) o).getEncoded();
        } catch (CertificateEncodingException e) {
            throw new PemGenerationException("Cannot encode object: " + e.toString());
        }
    } else if (o instanceof X509CRL) {
        type = "X509 CRL";
        try {
            encoding = ((X509CRL) o).getEncoded();
        } catch (CRLException e) {
            throw new PemGenerationException("Cannot encode object: " + e.toString());
        }
    } else if (o instanceof KeyPair) {
        return createPemObject(((KeyPair) o).getPrivate());
    } else if (o instanceof PrivateKey) {
        PrivateKeyInfo info = new PrivateKeyInfo((ASN1Sequence) ASN1Object.fromByteArray(((Key) o).getEncoded()));
        if (o instanceof RSAPrivateKey) {
            type = "RSA PRIVATE KEY";
            encoding = info.getPrivateKey().getEncoded();
        } else if (o instanceof DSAPrivateKey) {
            type = "DSA PRIVATE KEY";
            DSAParameter p = DSAParameter.getInstance(info.getAlgorithmId().getParameters());
            ASN1EncodableVector v = new ASN1EncodableVector();
            v.add(new DERInteger(0));
            v.add(new DERInteger(p.getP()));
            v.add(new DERInteger(p.getQ()));
            v.add(new DERInteger(p.getG()));
            BigInteger x = ((DSAPrivateKey) o).getX();
            BigInteger y = p.getG().modPow(x, p.getP());
            v.add(new DERInteger(y));
            v.add(new DERInteger(x));
            encoding = new DERSequence(v).getEncoded();
        } else if (((PrivateKey) o).getAlgorithm().equals("ECDSA")) {
            type = "EC PRIVATE KEY";
            encoding = info.getPrivateKey().getEncoded();
        } else {
            throw new IOException("Cannot identify private key");
        }
    } else if (o instanceof PublicKey) {
        type = "PUBLIC KEY";
        encoding = ((PublicKey) o).getEncoded();
    } else if (o instanceof X509AttributeCertificate) {
        type = "ATTRIBUTE CERTIFICATE";
        encoding = ((X509V2AttributeCertificate) o).getEncoded();
    } else if (o instanceof PKCS10CertificationRequest) {
        type = "CERTIFICATE REQUEST";
        encoding = ((PKCS10CertificationRequest) o).getEncoded();
    } else if (o instanceof ContentInfo) {
        type = "PKCS7";
        encoding = ((ContentInfo) o).getEncoded();
    } else {
        throw new PemGenerationException("unknown object passed - can't encode.");
    }
    return new PemObject(type, encoding);
}
Also used : X509CRL(java.security.cert.X509CRL) DSAPrivateKey(java.security.interfaces.DSAPrivateKey) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) X509AttributeCertificate(org.bouncycastle.x509.X509AttributeCertificate) DERInteger(org.bouncycastle.asn1.DERInteger) PemObjectGenerator(org.bouncycastle.util.io.pem.PemObjectGenerator) DERSequence(org.bouncycastle.asn1.DERSequence) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) DSAParameter(org.bouncycastle.asn1.x509.DSAParameter) CRLException(java.security.cert.CRLException) PKCS10CertificationRequest(org.bouncycastle.jce.PKCS10CertificationRequest) KeyPair(java.security.KeyPair) PemGenerationException(org.bouncycastle.util.io.pem.PemGenerationException) PublicKey(java.security.PublicKey) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) X509V2AttributeCertificate(org.bouncycastle.x509.X509V2AttributeCertificate) X509Certificate(java.security.cert.X509Certificate) PemObject(org.bouncycastle.util.io.pem.PemObject) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DSAPrivateKey(java.security.interfaces.DSAPrivateKey) BigInteger(java.math.BigInteger) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) DSAPrivateKey(java.security.interfaces.DSAPrivateKey) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PublicKey(java.security.PublicKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey) RSAPrivateCrtKey(java.security.interfaces.RSAPrivateCrtKey)

Example 3 with X509AttributeCertificate

use of org.gudy.bouncycastle.x509.X509AttributeCertificate in project jruby-openssl by jruby.

the class MiscPEMGenerator method createPemObject.

private PemObject createPemObject(Object o) throws IOException {
    String type;
    byte[] encoding;
    if (o instanceof PemObject) {
        return (PemObject) o;
    }
    if (o instanceof PemObjectGenerator) {
        return ((PemObjectGenerator) o).generate();
    }
    if (o instanceof X509CertificateHolder) {
        type = "CERTIFICATE";
        encoding = ((X509CertificateHolder) o).getEncoded();
    } else if (o instanceof X509CRLHolder) {
        type = "X509 CRL";
        encoding = ((X509CRLHolder) o).getEncoded();
    } else if (o instanceof PrivateKeyInfo) {
        PrivateKeyInfo info = (PrivateKeyInfo) o;
        ASN1ObjectIdentifier algOID = info.getPrivateKeyAlgorithm().getAlgorithm();
        if (algOID.equals(PKCSObjectIdentifiers.rsaEncryption)) {
            type = "RSA PRIVATE KEY";
            encoding = info.parsePrivateKey().toASN1Primitive().getEncoded();
        } else if (algOID.equals(dsaOids[0]) || algOID.equals(dsaOids[1])) {
            type = "DSA PRIVATE KEY";
            DSAParameter p = DSAParameter.getInstance(info.getPrivateKeyAlgorithm().getParameters());
            ASN1EncodableVector v = new ASN1EncodableVector();
            v.add(new ASN1Integer(BigInteger.ZERO));
            v.add(new ASN1Integer(p.getP()));
            v.add(new ASN1Integer(p.getQ()));
            v.add(new ASN1Integer(p.getG()));
            BigInteger x = ASN1Integer.getInstance(info.parsePrivateKey()).getValue();
            BigInteger y = p.getG().modPow(x, p.getP());
            v.add(new ASN1Integer(y));
            v.add(new ASN1Integer(x));
            encoding = new DERSequence(v).getEncoded();
        } else if (algOID.equals(X9ObjectIdentifiers.id_ecPublicKey)) {
            type = "EC PRIVATE KEY";
            encoding = info.parsePrivateKey().toASN1Primitive().getEncoded();
        } else {
            throw new IOException("Cannot identify private key");
        }
    } else if (o instanceof SubjectPublicKeyInfo) {
        type = "PUBLIC KEY";
        encoding = ((SubjectPublicKeyInfo) o).getEncoded();
    } else if (o instanceof X509AttributeCertificateHolder) {
        type = "ATTRIBUTE CERTIFICATE";
        encoding = ((X509AttributeCertificateHolder) o).getEncoded();
    } else if (o instanceof PKCS10CertificationRequest) {
        type = "CERTIFICATE REQUEST";
        encoding = ((PKCS10CertificationRequest) o).getEncoded();
    } else if (o instanceof ContentInfo) {
        type = "PKCS7";
        encoding = ((ContentInfo) o).getEncoded();
    } else // 
    if (// 1.47 compatibility
    o instanceof java.security.cert.X509Certificate) {
        type = "CERTIFICATE";
        try {
            encoding = ((java.security.cert.X509Certificate) o).getEncoded();
        } catch (CertificateEncodingException e) {
            throw new PemGenerationException("Cannot encode object: " + e.toString());
        }
    } else if (// 1.47 compatibility
    o instanceof java.security.cert.X509CRL) {
        type = "X509 CRL";
        try {
            encoding = ((java.security.cert.X509CRL) o).getEncoded();
        } catch (CRLException e) {
            throw new PemGenerationException("Cannot encode object: " + e.toString());
        }
    } else if (// 1.47 compatibility
    o instanceof java.security.KeyPair) {
        return createPemObject(((java.security.KeyPair) o).getPrivate());
    } else if (// 1.47 compatibility
    o instanceof java.security.PrivateKey) {
        PrivateKeyInfo info = new PrivateKeyInfo((ASN1Sequence) ASN1Primitive.fromByteArray(((java.security.Key) o).getEncoded()));
        if (o instanceof java.security.interfaces.RSAPrivateKey) {
            type = "RSA PRIVATE KEY";
            encoding = info.parsePrivateKey().toASN1Primitive().getEncoded();
        } else if (o instanceof java.security.interfaces.DSAPrivateKey) {
            type = "DSA PRIVATE KEY";
            DSAParameter p = DSAParameter.getInstance(info.getPrivateKeyAlgorithm().getParameters());
            ASN1EncodableVector v = new ASN1EncodableVector();
            v.add(new DERInteger(0));
            v.add(new DERInteger(p.getP()));
            v.add(new DERInteger(p.getQ()));
            v.add(new DERInteger(p.getG()));
            BigInteger x = ((java.security.interfaces.DSAPrivateKey) o).getX();
            BigInteger y = p.getG().modPow(x, p.getP());
            v.add(new DERInteger(y));
            v.add(new DERInteger(x));
            encoding = new DERSequence(v).getEncoded();
        } else if (((java.security.PrivateKey) o).getAlgorithm().equals("ECDSA")) {
            type = "EC PRIVATE KEY";
            encoding = info.parsePrivateKey().toASN1Primitive().getEncoded();
        } else {
            throw new IOException("Cannot identify private key");
        }
    } else if (// 1.47 compatibility
    o instanceof java.security.PublicKey) {
        type = "PUBLIC KEY";
        encoding = ((java.security.PublicKey) o).getEncoded();
    } else if (// 1.47 compatibility
    o instanceof X509AttributeCertificate) {
        type = "ATTRIBUTE CERTIFICATE";
        encoding = ((X509AttributeCertificate) o).getEncoded();
    } else // 
    // 
    // 
    {
        throw new PemGenerationException("unknown object passed - can't encode.");
    }
    if (// NEW STUFF (NOT IN OLD)
    encryptor != null) {
        String dekAlgName = Strings.toUpperCase(encryptor.getAlgorithm());
        // Note: For backward compatibility
        if (dekAlgName.equals("DESEDE")) {
            dekAlgName = "DES-EDE3-CBC";
        }
        byte[] iv = encryptor.getIV();
        byte[] encData = encryptor.encrypt(encoding);
        List<PemHeader> headers = new ArrayList<PemHeader>(2);
        headers.add(new PemHeader("Proc-Type", "4,ENCRYPTED"));
        headers.add(new PemHeader("DEK-Info", dekAlgName + "," + getHexEncoded(iv)));
        return new PemObject(type, headers, encData);
    }
    return new PemObject(type, encoding);
}
Also used : ArrayList(java.util.ArrayList) X509AttributeCertificate(org.bouncycastle.x509.X509AttributeCertificate) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) DERInteger(org.bouncycastle.asn1.DERInteger) PemObjectGenerator(org.bouncycastle.util.io.pem.PemObjectGenerator) DERSequence(org.bouncycastle.asn1.DERSequence) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) DSAParameter(org.bouncycastle.asn1.x509.DSAParameter) CRLException(java.security.cert.CRLException) PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) PemGenerationException(org.bouncycastle.util.io.pem.PemGenerationException) X509AttributeCertificateHolder(org.bouncycastle.cert.X509AttributeCertificateHolder) CertificateEncodingException(java.security.cert.CertificateEncodingException) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) PemObject(org.bouncycastle.util.io.pem.PemObject) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) PemHeader(org.bouncycastle.util.io.pem.PemHeader)

Example 4 with X509AttributeCertificate

use of org.gudy.bouncycastle.x509.X509AttributeCertificate in project robovm by robovm.

the class CertPathValidatorUtilities method getCompleteCRLs.

/**
     * Fetches complete CRLs according to RFC 3280.
     *
     * @param dp          The distribution point for which the complete CRL
     * @param cert        The <code>X509Certificate</code> or
     *                    {@link org.bouncycastle.x509.X509AttributeCertificate} for
     *                    which the CRL should be searched.
     * @param currentDate The date for which the delta CRLs must be valid.
     * @param paramsPKIX  The extended PKIX parameters.
     * @return A <code>Set</code> of <code>X509CRL</code>s with complete
     *         CRLs.
     * @throws AnnotatedException if an exception occurs while picking the CRLs
     * or no CRLs are found.
     */
protected static Set getCompleteCRLs(DistributionPoint dp, Object cert, Date currentDate, ExtendedPKIXParameters paramsPKIX) throws AnnotatedException {
    X509CRLStoreSelector crlselect = new X509CRLStoreSelector();
    try {
        Set issuers = new HashSet();
        if (cert instanceof X509AttributeCertificate) {
            issuers.add(((X509AttributeCertificate) cert).getIssuer().getPrincipals()[0]);
        } else {
            issuers.add(getEncodedIssuerPrincipal(cert));
        }
        CertPathValidatorUtilities.getCRLIssuersFromDistributionPoint(dp, issuers, crlselect, paramsPKIX);
    } catch (AnnotatedException e) {
        throw new AnnotatedException("Could not get issuer information from distribution point.", e);
    }
    if (cert instanceof X509Certificate) {
        crlselect.setCertificateChecking((X509Certificate) cert);
    } else if (cert instanceof X509AttributeCertificate) {
        crlselect.setAttrCertificateChecking((X509AttributeCertificate) cert);
    }
    crlselect.setCompleteCRLEnabled(true);
    Set crls = CRL_UTIL.findCRLs(crlselect, paramsPKIX, currentDate);
    if (crls.isEmpty()) {
        if (cert instanceof X509AttributeCertificate) {
            X509AttributeCertificate aCert = (X509AttributeCertificate) cert;
            throw new AnnotatedException("No CRLs found for issuer \"" + aCert.getIssuer().getPrincipals()[0] + "\"");
        } else {
            X509Certificate xCert = (X509Certificate) cert;
            throw new AnnotatedException("No CRLs found for issuer \"" + xCert.getIssuerX500Principal() + "\"");
        }
    }
    return crls;
}
Also used : X509CRLStoreSelector(org.bouncycastle.x509.X509CRLStoreSelector) Set(java.util.Set) HashSet(java.util.HashSet) X509AttributeCertificate(org.bouncycastle.x509.X509AttributeCertificate) X509Certificate(java.security.cert.X509Certificate) HashSet(java.util.HashSet)

Example 5 with X509AttributeCertificate

use of org.gudy.bouncycastle.x509.X509AttributeCertificate in project robovm by robovm.

the class CMSSignedGenerator method addAttributeCertificates.

// BEGIN android-removed
// /**
//  * Add a single instance of otherRevocationData to the CRL set to be included with the generated SignedData message.
//  *
//  * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data.
//  * @param otherRevocationInfo the otherRevocationInfo ASN.1 structure.
//  */
// public void addOtherRevocationInfo(
//     ASN1ObjectIdentifier   otherRevocationInfoFormat,
//     ASN1Encodable          otherRevocationInfo)
// {
//     crls.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, otherRevocationInfo)));
// }
//
// /**
//  * Add a Store of otherRevocationData to the CRL set to be included with the generated SignedData message.
//  *
//  * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data.
//  * @param otherRevocationInfos a Store of otherRevocationInfo data to add.
//  */
// public void addOtherRevocationInfo(
//     ASN1ObjectIdentifier   otherRevocationInfoFormat,
//     Store                  otherRevocationInfos)
// {
//     crls.addAll(CMSUtils.getOthersFromStore(otherRevocationInfoFormat, otherRevocationInfos));
// }
// END android-removed
/**
     * Add the attribute certificates contained in the passed in store to the
     * generator.
     *
     * @param store a store of Version 2 attribute certificates
     * @throws CMSException if an error occurse processing the store.
     * @deprecated use basic Store method
     */
public void addAttributeCertificates(X509Store store) throws CMSException {
    try {
        for (Iterator it = store.getMatches(null).iterator(); it.hasNext(); ) {
            X509AttributeCertificate attrCert = (X509AttributeCertificate) it.next();
            certs.add(new DERTaggedObject(false, 2, AttributeCertificate.getInstance(ASN1Primitive.fromByteArray(attrCert.getEncoded()))));
        }
    } catch (IllegalArgumentException e) {
        throw new CMSException("error processing attribute certs", e);
    } catch (IOException e) {
        throw new CMSException("error processing attribute certs", e);
    }
}
Also used : DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) Iterator(java.util.Iterator) X509AttributeCertificate(org.bouncycastle.x509.X509AttributeCertificate) IOException(java.io.IOException)

Aggregations

X509AttributeCertificate (org.bouncycastle.x509.X509AttributeCertificate)5 IOException (java.io.IOException)4 X509Certificate (java.security.cert.X509Certificate)4 BigInteger (java.math.BigInteger)3 CRLException (java.security.cert.CRLException)3 CertificateEncodingException (java.security.cert.CertificateEncodingException)3 X509CRL (java.security.cert.X509CRL)2 DSAPrivateKey (java.security.interfaces.DSAPrivateKey)2 RSAPrivateCrtKey (java.security.interfaces.RSAPrivateCrtKey)2 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)2 HashSet (java.util.HashSet)2 Set (java.util.Set)2 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)2 DERInteger (org.bouncycastle.asn1.DERInteger)2 DERSequence (org.bouncycastle.asn1.DERSequence)2 ContentInfo (org.bouncycastle.asn1.cms.ContentInfo)2 PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)2 DSAParameter (org.bouncycastle.asn1.x509.DSAParameter)2 PemGenerationException (org.bouncycastle.util.io.pem.PemGenerationException)2 PemObject (org.bouncycastle.util.io.pem.PemObject)2