use of org.openecard.bouncycastle.asn1.ASN1Integer in project xipki by xipki.
the class ExtensionsChecker method checkExtensionTlsFeature.
// method checkExtensionExtendedKeyUsage
private void checkExtensionTlsFeature(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) {
QaTlsFeature conf = tlsFeature;
if (conf == null) {
byte[] expected = getExpectedExtValue(ObjectIdentifiers.id_pe_tlsfeature, requestedExtensions, extControl);
if (!Arrays.equals(expected, extensionValue)) {
addViolation(failureMsg, "extension values", hex(extensionValue), (expected == null) ? "not present" : hex(expected));
}
return;
}
Set<String> isFeatures = new HashSet<>();
ASN1Sequence seq = ASN1Sequence.getInstance(extensionValue);
final int n = seq.size();
for (int i = 0; i < n; i++) {
ASN1Integer asn1Feature = ASN1Integer.getInstance(seq.getObjectAt(i));
isFeatures.add(asn1Feature.getPositiveValue().toString());
}
Set<String> expFeatures = new HashSet<>();
for (Integer m : conf.getFeatures()) {
expFeatures.add(m.toString());
}
Set<String> diffs = strInBnotInA(expFeatures, isFeatures);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("features ").append(diffs.toString()).append(" are present but not expected; ");
}
diffs = strInBnotInA(isFeatures, expFeatures);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("features ").append(diffs.toString()).append(" are absent but are required; ");
}
}
use of org.openecard.bouncycastle.asn1.ASN1Integer in project xipki by xipki.
the class CaEmulator method getCrl.
public synchronized CertificateList getCrl(X500Name issuer, BigInteger serialNumber) throws Exception {
if (crl != null) {
return crl;
}
Date thisUpdate = new Date();
X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(caSubject, thisUpdate);
Date nextUpdate = new Date(thisUpdate.getTime() + 30 * DAY_IN_MS);
crlBuilder.setNextUpdate(nextUpdate);
Date caStartTime = caCert.getTBSCertificate().getStartDate().getDate();
Date revocationTime = new Date(caStartTime.getTime() + 1);
if (revocationTime.after(thisUpdate)) {
revocationTime = caStartTime;
}
crlBuilder.addCRLEntry(BigInteger.valueOf(2), revocationTime, CRLReason.keyCompromise);
crlBuilder.addExtension(Extension.cRLNumber, false, new ASN1Integer(crlNumber.getAndAdd(1)));
String signatureAlgorithm = ScepUtil.getSignatureAlgorithm(caKey, ScepHashAlgo.SHA256);
ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).build(caKey);
X509CRLHolder crl = crlBuilder.build(contentSigner);
return crl.toASN1Structure();
}
use of org.openecard.bouncycastle.asn1.ASN1Integer in project certmgr by hdecarne.
the class AuthorityKeyIdentifierExtensionData method encode.
@Override
public ASN1Encodable encode() throws IOException {
ASN1EncodableVector sequence = new ASN1EncodableVector();
byte[] checkedKeyIdentifier = this.keyIdentifier;
if (checkedKeyIdentifier != null) {
sequence.add(new DERTaggedObject(false, 0, new DEROctetString(checkedKeyIdentifier)));
}
GeneralNames checkedAuthorityCertIssuer = this.authorityCertIssuer;
if (checkedAuthorityCertIssuer != null) {
sequence.add(new DERTaggedObject(false, 1, checkedAuthorityCertIssuer.encode()));
}
BigInteger checkedAuthorityCertSerialNumber = this.authorityCertSerialNumber;
if (checkedAuthorityCertSerialNumber != null) {
sequence.add(new DERTaggedObject(false, 2, new ASN1Integer(checkedAuthorityCertSerialNumber)));
}
return new DERSequence(sequence);
}
use of org.openecard.bouncycastle.asn1.ASN1Integer in project xipki by xipki.
the class XmlX509Certprofile method initQcStatements.
private void initQcStatements(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
ASN1ObjectIdentifier type = Extension.qCStatements;
if (!extensionControls.containsKey(type)) {
return;
}
extnIds.remove(type);
QcStatements extConf = (QcStatements) getExtensionValue(type, extensionsType, QcStatements.class);
if (extConf == null) {
return;
}
List<QcStatementType> qcStatementTypes = extConf.getQcStatement();
this.qcStatementsOption = new ArrayList<>(qcStatementTypes.size());
Set<String> currencyCodes = new HashSet<>();
boolean requireInfoFromReq = false;
for (QcStatementType m : qcStatementTypes) {
ASN1ObjectIdentifier qcStatementId = new ASN1ObjectIdentifier(m.getStatementId().getValue());
QcStatementOption qcStatementOption;
QcStatementValueType statementValue = m.getStatementValue();
if (statementValue == null) {
QCStatement qcStatment = new QCStatement(qcStatementId);
qcStatementOption = new QcStatementOption(qcStatment);
} else if (statementValue.getQcRetentionPeriod() != null) {
QCStatement qcStatment = new QCStatement(qcStatementId, new ASN1Integer(statementValue.getQcRetentionPeriod()));
qcStatementOption = new QcStatementOption(qcStatment);
} else if (statementValue.getConstant() != null) {
ASN1Encodable constantStatementValue;
try {
constantStatementValue = new ASN1StreamParser(statementValue.getConstant().getValue()).readObject();
} catch (IOException ex) {
throw new CertprofileException("can not parse the constant value of QcStatement");
}
QCStatement qcStatment = new QCStatement(qcStatementId, constantStatementValue);
qcStatementOption = new QcStatementOption(qcStatment);
} else if (statementValue.getQcEuLimitValue() != null) {
QcEuLimitValueType euLimitType = statementValue.getQcEuLimitValue();
String tmpCurrency = euLimitType.getCurrency().toUpperCase();
if (currencyCodes.contains(tmpCurrency)) {
throw new CertprofileException("Duplicated definition of qcStatments with QCEuLimitValue" + " for the currency " + tmpCurrency);
}
Iso4217CurrencyCode currency = StringUtil.isNumber(tmpCurrency) ? new Iso4217CurrencyCode(Integer.parseInt(tmpCurrency)) : new Iso4217CurrencyCode(tmpCurrency);
Range2Type r1 = euLimitType.getAmount();
Range2Type r2 = euLimitType.getExponent();
if (r1.getMin() == r1.getMax() && r2.getMin() == r2.getMax()) {
MonetaryValue monetaryValue = new MonetaryValue(currency, r1.getMin(), r2.getMin());
QCStatement qcStatement = new QCStatement(qcStatementId, monetaryValue);
qcStatementOption = new QcStatementOption(qcStatement);
} else {
MonetaryValueOption monetaryValueOption = new MonetaryValueOption(currency, r1, r2);
qcStatementOption = new QcStatementOption(qcStatementId, monetaryValueOption);
requireInfoFromReq = true;
}
currencyCodes.add(tmpCurrency);
} else if (statementValue.getPdsLocations() != null) {
ASN1EncodableVector vec = new ASN1EncodableVector();
for (PdsLocationType pl : statementValue.getPdsLocations().getPdsLocation()) {
ASN1EncodableVector vec2 = new ASN1EncodableVector();
vec2.add(new DERIA5String(pl.getUrl()));
String lang = pl.getLanguage();
if (lang.length() != 2) {
throw new RuntimeException("invalid language '" + lang + "'");
}
vec2.add(new DERPrintableString(lang));
DERSequence seq = new DERSequence(vec2);
vec.add(seq);
}
QCStatement qcStatement = new QCStatement(qcStatementId, new DERSequence(vec));
qcStatementOption = new QcStatementOption(qcStatement);
} else {
throw new RuntimeException("unknown value of qcStatment");
}
this.qcStatementsOption.add(qcStatementOption);
}
if (requireInfoFromReq) {
return;
}
ASN1EncodableVector vec = new ASN1EncodableVector();
for (QcStatementOption m : qcStatementsOption) {
if (m.getStatement() == null) {
throw new RuntimeException("should not reach here");
}
vec.add(m.getStatement());
}
ASN1Sequence seq = new DERSequence(vec);
qcStatments = new ExtensionValue(extensionControls.get(type).isCritical(), seq);
qcStatementsOption = null;
}
use of org.openecard.bouncycastle.asn1.ASN1Integer in project xipki by xipki.
the class XmlX509Certprofile method initTlsFeature.
private void initTlsFeature(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
ASN1ObjectIdentifier type = ObjectIdentifiers.id_pe_tlsfeature;
if (!extensionControls.containsKey(type)) {
return;
}
extnIds.remove(type);
TlsFeature extConf = (TlsFeature) getExtensionValue(type, extensionsType, TlsFeature.class);
if (extConf == null) {
return;
}
List<Integer> features = new ArrayList<>(extConf.getFeature().size());
for (IntWithDescType m : extConf.getFeature()) {
int value = m.getValue();
if (value < 0 || value > 65535) {
throw new CertprofileException("invalid TLS feature (extensionType) " + value);
}
features.add(value);
}
Collections.sort(features);
ASN1EncodableVector vec = new ASN1EncodableVector();
for (Integer m : features) {
vec.add(new ASN1Integer(m));
}
ASN1Encodable extValue = new DERSequence(vec);
tlsFeature = new ExtensionValue(extensionControls.get(type).isCritical(), extValue);
}
Aggregations