Search in sources :

Example 41 with ASN1Integer

use of org.openecard.bouncycastle.asn1.ASN1Integer in project xipki by xipki.

the class ExtensionsChecker method checkExtensionTlsFeature.

// method checkExtensionExtendedKeyUsage
private void checkExtensionTlsFeature(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) {
    QaTlsFeature conf = tlsFeature;
    if (conf == null) {
        byte[] expected = getExpectedExtValue(ObjectIdentifiers.id_pe_tlsfeature, requestedExtensions, extControl);
        if (!Arrays.equals(expected, extensionValue)) {
            addViolation(failureMsg, "extension values", hex(extensionValue), (expected == null) ? "not present" : hex(expected));
        }
        return;
    }
    Set<String> isFeatures = new HashSet<>();
    ASN1Sequence seq = ASN1Sequence.getInstance(extensionValue);
    final int n = seq.size();
    for (int i = 0; i < n; i++) {
        ASN1Integer asn1Feature = ASN1Integer.getInstance(seq.getObjectAt(i));
        isFeatures.add(asn1Feature.getPositiveValue().toString());
    }
    Set<String> expFeatures = new HashSet<>();
    for (Integer m : conf.getFeatures()) {
        expFeatures.add(m.toString());
    }
    Set<String> diffs = strInBnotInA(expFeatures, isFeatures);
    if (CollectionUtil.isNonEmpty(diffs)) {
        failureMsg.append("features ").append(diffs.toString()).append(" are present but not expected; ");
    }
    diffs = strInBnotInA(isFeatures, expFeatures);
    if (CollectionUtil.isNonEmpty(diffs)) {
        failureMsg.append("features ").append(diffs.toString()).append(" are absent but are required; ");
    }
}
Also used : ASN1Integer(org.bouncycastle.asn1.ASN1Integer) BigInteger(java.math.BigInteger) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERT61String(org.bouncycastle.asn1.DERT61String) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) QaTlsFeature(org.xipki.ca.qa.internal.QaTlsFeature) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) HashSet(java.util.HashSet)

Example 42 with ASN1Integer

use of org.openecard.bouncycastle.asn1.ASN1Integer in project xipki by xipki.

the class CaEmulator method getCrl.

public synchronized CertificateList getCrl(X500Name issuer, BigInteger serialNumber) throws Exception {
    if (crl != null) {
        return crl;
    }
    Date thisUpdate = new Date();
    X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(caSubject, thisUpdate);
    Date nextUpdate = new Date(thisUpdate.getTime() + 30 * DAY_IN_MS);
    crlBuilder.setNextUpdate(nextUpdate);
    Date caStartTime = caCert.getTBSCertificate().getStartDate().getDate();
    Date revocationTime = new Date(caStartTime.getTime() + 1);
    if (revocationTime.after(thisUpdate)) {
        revocationTime = caStartTime;
    }
    crlBuilder.addCRLEntry(BigInteger.valueOf(2), revocationTime, CRLReason.keyCompromise);
    crlBuilder.addExtension(Extension.cRLNumber, false, new ASN1Integer(crlNumber.getAndAdd(1)));
    String signatureAlgorithm = ScepUtil.getSignatureAlgorithm(caKey, ScepHashAlgo.SHA256);
    ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).build(caKey);
    X509CRLHolder crl = crlBuilder.build(contentSigner);
    return crl.toASN1Structure();
}
Also used : JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) Date(java.util.Date)

Example 43 with ASN1Integer

use of org.openecard.bouncycastle.asn1.ASN1Integer in project certmgr by hdecarne.

the class AuthorityKeyIdentifierExtensionData method encode.

@Override
public ASN1Encodable encode() throws IOException {
    ASN1EncodableVector sequence = new ASN1EncodableVector();
    byte[] checkedKeyIdentifier = this.keyIdentifier;
    if (checkedKeyIdentifier != null) {
        sequence.add(new DERTaggedObject(false, 0, new DEROctetString(checkedKeyIdentifier)));
    }
    GeneralNames checkedAuthorityCertIssuer = this.authorityCertIssuer;
    if (checkedAuthorityCertIssuer != null) {
        sequence.add(new DERTaggedObject(false, 1, checkedAuthorityCertIssuer.encode()));
    }
    BigInteger checkedAuthorityCertSerialNumber = this.authorityCertSerialNumber;
    if (checkedAuthorityCertSerialNumber != null) {
        sequence.add(new DERTaggedObject(false, 2, new ASN1Integer(checkedAuthorityCertSerialNumber)));
    }
    return new DERSequence(sequence);
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) BigInteger(java.math.BigInteger) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 44 with ASN1Integer

use of org.openecard.bouncycastle.asn1.ASN1Integer in project xipki by xipki.

the class XmlX509Certprofile method initQcStatements.

private void initQcStatements(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
    ASN1ObjectIdentifier type = Extension.qCStatements;
    if (!extensionControls.containsKey(type)) {
        return;
    }
    extnIds.remove(type);
    QcStatements extConf = (QcStatements) getExtensionValue(type, extensionsType, QcStatements.class);
    if (extConf == null) {
        return;
    }
    List<QcStatementType> qcStatementTypes = extConf.getQcStatement();
    this.qcStatementsOption = new ArrayList<>(qcStatementTypes.size());
    Set<String> currencyCodes = new HashSet<>();
    boolean requireInfoFromReq = false;
    for (QcStatementType m : qcStatementTypes) {
        ASN1ObjectIdentifier qcStatementId = new ASN1ObjectIdentifier(m.getStatementId().getValue());
        QcStatementOption qcStatementOption;
        QcStatementValueType statementValue = m.getStatementValue();
        if (statementValue == null) {
            QCStatement qcStatment = new QCStatement(qcStatementId);
            qcStatementOption = new QcStatementOption(qcStatment);
        } else if (statementValue.getQcRetentionPeriod() != null) {
            QCStatement qcStatment = new QCStatement(qcStatementId, new ASN1Integer(statementValue.getQcRetentionPeriod()));
            qcStatementOption = new QcStatementOption(qcStatment);
        } else if (statementValue.getConstant() != null) {
            ASN1Encodable constantStatementValue;
            try {
                constantStatementValue = new ASN1StreamParser(statementValue.getConstant().getValue()).readObject();
            } catch (IOException ex) {
                throw new CertprofileException("can not parse the constant value of QcStatement");
            }
            QCStatement qcStatment = new QCStatement(qcStatementId, constantStatementValue);
            qcStatementOption = new QcStatementOption(qcStatment);
        } else if (statementValue.getQcEuLimitValue() != null) {
            QcEuLimitValueType euLimitType = statementValue.getQcEuLimitValue();
            String tmpCurrency = euLimitType.getCurrency().toUpperCase();
            if (currencyCodes.contains(tmpCurrency)) {
                throw new CertprofileException("Duplicated definition of qcStatments with QCEuLimitValue" + " for the currency " + tmpCurrency);
            }
            Iso4217CurrencyCode currency = StringUtil.isNumber(tmpCurrency) ? new Iso4217CurrencyCode(Integer.parseInt(tmpCurrency)) : new Iso4217CurrencyCode(tmpCurrency);
            Range2Type r1 = euLimitType.getAmount();
            Range2Type r2 = euLimitType.getExponent();
            if (r1.getMin() == r1.getMax() && r2.getMin() == r2.getMax()) {
                MonetaryValue monetaryValue = new MonetaryValue(currency, r1.getMin(), r2.getMin());
                QCStatement qcStatement = new QCStatement(qcStatementId, monetaryValue);
                qcStatementOption = new QcStatementOption(qcStatement);
            } else {
                MonetaryValueOption monetaryValueOption = new MonetaryValueOption(currency, r1, r2);
                qcStatementOption = new QcStatementOption(qcStatementId, monetaryValueOption);
                requireInfoFromReq = true;
            }
            currencyCodes.add(tmpCurrency);
        } else if (statementValue.getPdsLocations() != null) {
            ASN1EncodableVector vec = new ASN1EncodableVector();
            for (PdsLocationType pl : statementValue.getPdsLocations().getPdsLocation()) {
                ASN1EncodableVector vec2 = new ASN1EncodableVector();
                vec2.add(new DERIA5String(pl.getUrl()));
                String lang = pl.getLanguage();
                if (lang.length() != 2) {
                    throw new RuntimeException("invalid language '" + lang + "'");
                }
                vec2.add(new DERPrintableString(lang));
                DERSequence seq = new DERSequence(vec2);
                vec.add(seq);
            }
            QCStatement qcStatement = new QCStatement(qcStatementId, new DERSequence(vec));
            qcStatementOption = new QcStatementOption(qcStatement);
        } else {
            throw new RuntimeException("unknown value of qcStatment");
        }
        this.qcStatementsOption.add(qcStatementOption);
    }
    if (requireInfoFromReq) {
        return;
    }
    ASN1EncodableVector vec = new ASN1EncodableVector();
    for (QcStatementOption m : qcStatementsOption) {
        if (m.getStatement() == null) {
            throw new RuntimeException("should not reach here");
        }
        vec.add(m.getStatement());
    }
    ASN1Sequence seq = new DERSequence(vec);
    qcStatments = new ExtensionValue(extensionControls.get(type).isCritical(), seq);
    qcStatementsOption = null;
}
Also used : QCStatement(org.bouncycastle.asn1.x509.qualified.QCStatement) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) Iso4217CurrencyCode(org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode) QcStatements(org.xipki.ca.certprofile.x509.jaxb.QcStatements) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERSequence(org.bouncycastle.asn1.DERSequence) ExtensionValue(org.xipki.ca.api.profile.ExtensionValue) CertprofileException(org.xipki.ca.api.profile.CertprofileException) Range2Type(org.xipki.ca.certprofile.x509.jaxb.Range2Type) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) HashSet(java.util.HashSet) ASN1StreamParser(org.bouncycastle.asn1.ASN1StreamParser) QcStatementValueType(org.xipki.ca.certprofile.x509.jaxb.QcStatementValueType) MonetaryValue(org.bouncycastle.asn1.x509.qualified.MonetaryValue) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) PdsLocationType(org.xipki.ca.certprofile.x509.jaxb.PdsLocationType) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) QcStatementType(org.xipki.ca.certprofile.x509.jaxb.QcStatementType) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) QcEuLimitValueType(org.xipki.ca.certprofile.x509.jaxb.QcEuLimitValueType)

Example 45 with ASN1Integer

use of org.openecard.bouncycastle.asn1.ASN1Integer in project xipki by xipki.

the class XmlX509Certprofile method initTlsFeature.

private void initTlsFeature(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
    ASN1ObjectIdentifier type = ObjectIdentifiers.id_pe_tlsfeature;
    if (!extensionControls.containsKey(type)) {
        return;
    }
    extnIds.remove(type);
    TlsFeature extConf = (TlsFeature) getExtensionValue(type, extensionsType, TlsFeature.class);
    if (extConf == null) {
        return;
    }
    List<Integer> features = new ArrayList<>(extConf.getFeature().size());
    for (IntWithDescType m : extConf.getFeature()) {
        int value = m.getValue();
        if (value < 0 || value > 65535) {
            throw new CertprofileException("invalid TLS feature (extensionType) " + value);
        }
        features.add(value);
    }
    Collections.sort(features);
    ASN1EncodableVector vec = new ASN1EncodableVector();
    for (Integer m : features) {
        vec.add(new ASN1Integer(m));
    }
    ASN1Encodable extValue = new DERSequence(vec);
    tlsFeature = new ExtensionValue(extensionControls.get(type).isCritical(), extValue);
}
Also used : TlsFeature(org.xipki.ca.certprofile.x509.jaxb.TlsFeature) ArrayList(java.util.ArrayList) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) BigInteger(java.math.BigInteger) DERSequence(org.bouncycastle.asn1.DERSequence) ExtensionValue(org.xipki.ca.api.profile.ExtensionValue) CertprofileException(org.xipki.ca.api.profile.CertprofileException) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) IntWithDescType(org.xipki.ca.certprofile.x509.jaxb.IntWithDescType) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

ASN1Integer (org.bouncycastle.asn1.ASN1Integer)120 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)54 DERSequence (org.bouncycastle.asn1.DERSequence)48 IOException (java.io.IOException)43 BigInteger (java.math.BigInteger)43 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)39 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)28 DEROctetString (org.bouncycastle.asn1.DEROctetString)21 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)20 ArrayList (java.util.ArrayList)18 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)18 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)15 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)15 X509Certificate (java.security.cert.X509Certificate)14 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)14 Date (java.util.Date)12 DLSequence (org.bouncycastle.asn1.DLSequence)12 KeyPair (java.security.KeyPair)11 HashMap (java.util.HashMap)11 HashSet (java.util.HashSet)11