Examples with ASN1ObjectIdentifier org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier used on opensource projects

Search in sources :

Example 66 with ASN1ObjectIdentifier

use of org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier in project xipki by xipki.

the class XmlX509CertprofileUtil method buildKeyAlgorithms.

public static Map<ASN1ObjectIdentifier, KeyParametersOption> buildKeyAlgorithms(KeyAlgorithms keyAlgos) throws CertprofileException {
    ParamUtil.requireNonNull("keyAlgos", keyAlgos);
    Map<ASN1ObjectIdentifier, KeyParametersOption> keyAlgorithms = new HashMap<>();
    for (AlgorithmType type : keyAlgos.getAlgorithm()) {
        List<OidWithDescType> algIds = type.getAlgorithm();
        List<ASN1ObjectIdentifier> oids = new ArrayList<>(algIds.size());
        for (OidWithDescType algId : algIds) {
            ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(algId.getValue());
            if (keyAlgorithms.containsKey(oid)) {
                throw new CertprofileException("duplicate definition of keyAlgorithm " + oid.getId());
            }
            oids.add(oid);
        }
        KeyParametersOption keyParamsOption = convertKeyParametersOption(type);
        for (ASN1ObjectIdentifier oid : oids) {
            keyAlgorithms.put(oid, keyParamsOption);
        }
    }
    return CollectionUtil.unmodifiableMap(keyAlgorithms);
}
Also used : OidWithDescType(org.xipki.ca.certprofile.x509.jaxb.OidWithDescType) AlgorithmType(org.xipki.ca.certprofile.x509.jaxb.AlgorithmType) KeyParametersOption(org.xipki.ca.api.profile.KeyParametersOption) HashMap(java.util.HashMap) CertprofileException(org.xipki.ca.api.profile.CertprofileException) ArrayList(java.util.ArrayList) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 67 with ASN1ObjectIdentifier

use of org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier in project xipki by xipki.

the class BaseX509Certprofile method verifySubjectDnOccurence.

protected void verifySubjectDnOccurence(X500Name requestedSubject) throws BadCertTemplateException {
    ParamUtil.requireNonNull("requestedSubject", requestedSubject);
    SubjectControl occurences = getSubjectControl();
    if (occurences == null) {
        return;
    }
    ASN1ObjectIdentifier[] types = requestedSubject.getAttributeTypes();
    for (ASN1ObjectIdentifier type : types) {
        RdnControl occu = occurences.getControl(type);
        if (occu == null) {
            throw new BadCertTemplateException(String.format("subject DN of type %s is not allowed", oidToDisplayName(type)));
        }
        RDN[] rdns = requestedSubject.getRDNs(type);
        if (rdns.length > occu.getMaxOccurs() || rdns.length < occu.getMinOccurs()) {
            throw new BadCertTemplateException(String.format("occurrence of subject DN of type %s not within the allowed range. " + "%d is not within [%d, %d]", oidToDisplayName(type), rdns.length, occu.getMinOccurs(), occu.getMaxOccurs()));
        }
    }
    for (ASN1ObjectIdentifier m : occurences.getTypes()) {
        RdnControl occurence = occurences.getControl(m);
        if (occurence.getMinOccurs() == 0) {
            continue;
        }
        boolean present = false;
        for (ASN1ObjectIdentifier type : types) {
            if (occurence.getType().equals(type)) {
                present = true;
                break;
            }
        }
        if (!present) {
            throw new BadCertTemplateException(String.format("required subject DN of type %s is not present", oidToDisplayName(occurence.getType())));
        }
    }
}
Also used : RdnControl(org.xipki.ca.api.profile.RdnControl) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) RDN(org.bouncycastle.asn1.x500.RDN) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 68 with ASN1ObjectIdentifier

use of org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier in project xipki by xipki.

the class BaseX509Certprofile method checkPublicKey.

@Override
public SubjectPublicKeyInfo checkPublicKey(SubjectPublicKeyInfo publicKey) throws BadCertTemplateException {
    ParamUtil.requireNonNull("publicKey", publicKey);
    Map<ASN1ObjectIdentifier, KeyParametersOption> keyAlgorithms = getKeyAlgorithms();
    if (CollectionUtil.isEmpty(keyAlgorithms)) {
        return publicKey;
    }
    ASN1ObjectIdentifier keyType = publicKey.getAlgorithm().getAlgorithm();
    if (!keyAlgorithms.containsKey(keyType)) {
        throw new BadCertTemplateException("key type " + keyType.getId() + " is not permitted");
    }
    KeyParametersOption keyParamsOption = keyAlgorithms.get(keyType);
    if (keyParamsOption instanceof AllowAllParametersOption) {
        return publicKey;
    } else if (keyParamsOption instanceof ECParamatersOption) {
        ECParamatersOption ecOption = (ECParamatersOption) keyParamsOption;
        // parameters
        ASN1Encodable algParam = publicKey.getAlgorithm().getParameters();
        ASN1ObjectIdentifier curveOid;
        if (algParam instanceof ASN1ObjectIdentifier) {
            curveOid = (ASN1ObjectIdentifier) algParam;
            if (!ecOption.allowsCurve(curveOid)) {
                throw new BadCertTemplateException(String.format("EC curve %s (OID: %s) is not allowed", AlgorithmUtil.getCurveName(curveOid), curveOid.getId()));
            }
        } else {
            throw new BadCertTemplateException("only namedCurve EC public key is supported");
        }
        // point encoding
        if (ecOption.pointEncodings() != null) {
            byte[] keyData = publicKey.getPublicKeyData().getBytes();
            if (keyData.length < 1) {
                throw new BadCertTemplateException("invalid publicKeyData");
            }
            byte pointEncoding = keyData[0];
            if (!ecOption.pointEncodings().contains(pointEncoding)) {
                throw new BadCertTemplateException(String.format("not accepted EC point encoding '%s'", pointEncoding));
            }
        }
        byte[] keyData = publicKey.getPublicKeyData().getBytes();
        try {
            checkEcSubjectPublicKeyInfo(curveOid, keyData);
        } catch (BadCertTemplateException ex) {
            throw ex;
        } catch (Exception ex) {
            LogUtil.warn(LOG, ex, "checkEcSubjectPublicKeyInfo");
            throw new BadCertTemplateException(String.format("invalid public key: %s", ex.getMessage()));
        }
        return publicKey;
    } else if (keyParamsOption instanceof RSAParametersOption) {
        RSAParametersOption rsaOption = (RSAParametersOption) keyParamsOption;
        ASN1Integer modulus;
        try {
            ASN1Sequence seq = ASN1Sequence.getInstance(publicKey.getPublicKeyData().getBytes());
            modulus = ASN1Integer.getInstance(seq.getObjectAt(0));
        } catch (IllegalArgumentException ex) {
            throw new BadCertTemplateException("invalid publicKeyData");
        }
        int modulusLength = modulus.getPositiveValue().bitLength();
        if ((rsaOption.allowsModulusLength(modulusLength))) {
            return publicKey;
        }
    } else if (keyParamsOption instanceof DSAParametersOption) {
        DSAParametersOption dsaOption = (DSAParametersOption) keyParamsOption;
        ASN1Encodable params = publicKey.getAlgorithm().getParameters();
        if (params == null) {
            throw new BadCertTemplateException("null Dss-Parms is not permitted");
        }
        int plength;
        int qlength;
        try {
            ASN1Sequence seq = ASN1Sequence.getInstance(params);
            ASN1Integer rsaP = ASN1Integer.getInstance(seq.getObjectAt(0));
            ASN1Integer rsaQ = ASN1Integer.getInstance(seq.getObjectAt(1));
            plength = rsaP.getPositiveValue().bitLength();
            qlength = rsaQ.getPositiveValue().bitLength();
        } catch (IllegalArgumentException | ArrayIndexOutOfBoundsException ex) {
            throw new BadCertTemplateException("illegal Dss-Parms");
        }
        boolean match = dsaOption.allowsPlength(plength);
        if (match) {
            match = dsaOption.allowsQlength(qlength);
        }
        if (match) {
            return publicKey;
        }
    } else {
        throw new RuntimeException(String.format("should not reach here, unknown KeyParametersOption %s", keyParamsOption));
    }
    throw new BadCertTemplateException("the given publicKey is not permitted");
}
Also used : ECParamatersOption(org.xipki.ca.api.profile.KeyParametersOption.ECParamatersOption) DSAParametersOption(org.xipki.ca.api.profile.KeyParametersOption.DSAParametersOption) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) CertprofileException(org.xipki.ca.api.profile.CertprofileException) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) KeyParametersOption(org.xipki.ca.api.profile.KeyParametersOption) RSAParametersOption(org.xipki.ca.api.profile.KeyParametersOption.RSAParametersOption) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) AllowAllParametersOption(org.xipki.ca.api.profile.KeyParametersOption.AllowAllParametersOption) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 69 with ASN1ObjectIdentifier

use of org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier in project xipki by xipki.

the class BaseX509Certprofile method getSubject.

@Override
public SubjectInfo getSubject(X500Name requestedSubject) throws CertprofileException, BadCertTemplateException {
    ParamUtil.requireNonNull("requestedSubject", requestedSubject);
    verifySubjectDnOccurence(requestedSubject);
    RDN[] requstedRdns = requestedSubject.getRDNs();
    SubjectControl scontrol = getSubjectControl();
    List<RDN> rdns = new LinkedList<>();
    for (ASN1ObjectIdentifier type : scontrol.getTypes()) {
        RdnControl control = scontrol.getControl(type);
        if (control == null) {
            continue;
        }
        RDN[] thisRdns = getRdns(requstedRdns, type);
        if (thisRdns == null) {
            continue;
        }
        int len = thisRdns.length;
        if (len == 0) {
            continue;
        }
        if (ObjectIdentifiers.DN_EmailAddress.equals(type)) {
            throw new BadCertTemplateException("emailAddress is not allowed");
        }
        if (len == 1) {
            ASN1Encodable rdnValue = thisRdns[0].getFirst().getValue();
            RDN rdn;
            if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(type)) {
                rdn = createDateOfBirthRdn(type, rdnValue);
            } else if (ObjectIdentifiers.DN_POSTAL_ADDRESS.equals(type)) {
                rdn = createPostalAddressRdn(type, rdnValue, control, 0);
            } else {
                String value = X509Util.rdnValueToString(rdnValue);
                rdn = createSubjectRdn(value, type, control, 0);
            }
            if (rdn != null) {
                rdns.add(rdn);
            }
        } else {
            if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(type)) {
                for (int i = 0; i < len; i++) {
                    RDN rdn = createDateOfBirthRdn(type, thisRdns[i].getFirst().getValue());
                    rdns.add(rdn);
                }
            } else if (ObjectIdentifiers.DN_POSTAL_ADDRESS.equals(type)) {
                for (int i = 0; i < len; i++) {
                    RDN rdn = createPostalAddressRdn(type, thisRdns[i].getFirst().getValue(), control, i);
                    rdns.add(rdn);
                }
            } else {
                String[] values = new String[len];
                for (int i = 0; i < len; i++) {
                    values[i] = X509Util.rdnValueToString(thisRdns[i].getFirst().getValue());
                }
                values = sortRdns(control, values);
                int idx = 0;
                for (String value : values) {
                    rdns.add(createSubjectRdn(value, type, control, idx++));
                }
            }
        // if
        }
    // if
    }
    // for
    Set<String> subjectDnGroups = scontrol.getGroups();
    if (CollectionUtil.isNonEmpty(subjectDnGroups)) {
        Set<String> consideredGroups = new HashSet<>();
        final int n = rdns.size();
        List<RDN> newRdns = new ArrayList<>(rdns.size());
        for (int i = 0; i < n; i++) {
            RDN rdn = rdns.get(i);
            ASN1ObjectIdentifier type = rdn.getFirst().getType();
            String group = scontrol.getGroup(type);
            if (group == null) {
                newRdns.add(rdn);
            } else if (!consideredGroups.contains(group)) {
                List<AttributeTypeAndValue> atvs = new LinkedList<>();
                atvs.add(rdn.getFirst());
                for (int j = i + 1; j < n; j++) {
                    RDN rdn2 = rdns.get(j);
                    ASN1ObjectIdentifier type2 = rdn2.getFirst().getType();
                    String group2 = scontrol.getGroup(type2);
                    if (group.equals(group2)) {
                        atvs.add(rdn2.getFirst());
                    }
                }
                newRdns.add(new RDN(atvs.toArray(new AttributeTypeAndValue[0])));
                consideredGroups.add(group);
            }
        }
        // for
        rdns = newRdns;
    }
    // if
    X500Name grantedSubject = new X500Name(rdns.toArray(new RDN[0]));
    return new SubjectInfo(grantedSubject, null);
}
Also used : ArrayList(java.util.ArrayList) ASN1String(org.bouncycastle.asn1.ASN1String) DERUniversalString(org.bouncycastle.asn1.DERUniversalString) X500Name(org.bouncycastle.asn1.x500.X500Name) LinkedList(java.util.LinkedList) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue) RdnControl(org.xipki.ca.api.profile.RdnControl) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) ArrayList(java.util.ArrayList) LinkedList(java.util.LinkedList) List(java.util.List) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) RDN(org.bouncycastle.asn1.x500.RDN) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) HashSet(java.util.HashSet)

Example 70 with ASN1ObjectIdentifier

use of org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier in project xipki by xipki.

the class SubjectDnSpec method fixRdnControl.

// static
public static void fixRdnControl(RdnControl control) throws CertprofileException {
    ParamUtil.requireNonNull("control", control);
    ASN1ObjectIdentifier type = control.getType();
    StringType stringType = control.getStringType();
    if (stringType != null) {
        if (STRING_TYPE_SET.containsKey(type) && !STRING_TYPE_SET.get(type).contains(stringType)) {
            throw new CertprofileException(String.format("%s is not allowed %s", stringType.name(), type.getId()));
        }
    } else {
        StringType specStrType = DFLT_STRING_TYPES.get(type);
        if (specStrType != null) {
            control.setStringType(specStrType);
        }
    }
    if (control.getPatterns() == null && PATTERNS.containsKey(type)) {
        control.setPatterns(Arrays.asList(PATTERNS.get(type)));
    }
    Range specRange = RANGES.get(type);
    if (specRange == null) {
        control.setStringLengthRange(null);
        return;
    }
    Range isRange = control.getStringLengthRange();
    if (isRange == null) {
        control.setStringLengthRange(specRange);
        return;
    }
    boolean changed = false;
    Integer specMin = specRange.getMin();
    Integer min = isRange.getMin();
    if (min == null) {
        changed = true;
        min = specMin;
    } else if (specMin != null && specMin > min) {
        changed = true;
        min = specMin;
    }
    Integer specMax = specRange.getMax();
    Integer max = isRange.getMax();
    if (max == null) {
        changed = true;
        max = specMax;
    } else if (specMax != null && specMax < max) {
        changed = true;
        max = specMax;
    }
    if (changed) {
        isRange.setRange(min, max);
    }
// isRange
}
Also used : StringType(org.xipki.ca.api.profile.StringType) CertprofileException(org.xipki.ca.api.profile.CertprofileException) Range(org.xipki.ca.api.profile.Range) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)327 IOException (java.io.IOException)76 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)70 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)53 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)49 DEROctetString (org.bouncycastle.asn1.DEROctetString)48 DERIA5String (org.bouncycastle.asn1.DERIA5String)47 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)44 DERSequence (org.bouncycastle.asn1.DERSequence)41 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)38 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)36 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)35 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)35 Extension (org.bouncycastle.asn1.x509.Extension)33 ASN1String (org.bouncycastle.asn1.ASN1String)31 HashSet (java.util.HashSet)30 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)29 ArrayList (java.util.ArrayList)28 DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)27 X500Name (org.bouncycastle.asn1.x500.X500Name)27
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial