Examples with ASN1ObjectIdentifier org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier used on opensource projects

Search in sources :

Example 96 with ASN1ObjectIdentifier

use of org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier in project xipki by xipki.

the class ExtensionsChecker method checkExtensionAuthorizationTemplate.

// method checkExtensionBiometricInfo
private void checkExtensionAuthorizationTemplate(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) {
    QaAuthorizationTemplate conf = authorizationTemplate;
    if (conf == null) {
        byte[] expected = getExpectedExtValue(ObjectIdentifiers.id_xipki_ext_authorizationTemplate, requestedExtensions, extControl);
        if (!Arrays.equals(expected, extensionValue)) {
            addViolation(failureMsg, "extension values", hex(extensionValue), (expected == null) ? "not present" : hex(expected));
        }
        return;
    }
    ASN1Sequence seq = ASN1Sequence.getInstance(extensionValue);
    ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0));
    ASN1OctetString accessRights = DEROctetString.getInstance(seq.getObjectAt(1));
    if (!conf.getType().equals(type.getId())) {
        addViolation(failureMsg, "type", type.getId(), conf.getType());
    }
    byte[] isRights = accessRights.getOctets();
    if (!Arrays.equals(conf.getAccessRights(), isRights)) {
        addViolation(failureMsg, "accessRights", hex(isRights), hex(conf.getAccessRights()));
    }
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) QaAuthorizationTemplate(org.xipki.ca.qa.internal.QaAuthorizationTemplate) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 97 with ASN1ObjectIdentifier

use of org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier in project xipki by xipki.

the class ExtensionsChecker method checkExtensionAdmission.

// method checkExtensionDeltaCrlDistributionPoints
private void checkExtensionAdmission(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) {
    AdmissionSyntaxOption conf = certProfile.getAdmission();
    ASN1ObjectIdentifier type = ObjectIdentifiers.id_extension_admission;
    if (conf == null) {
        byte[] expected = getExpectedExtValue(type, requestedExtensions, extControl);
        if (!Arrays.equals(expected, extensionValue)) {
            addViolation(failureMsg, "extension value", hex(extensionValue), (expected == null) ? "not present" : hex(expected));
        }
        return;
    }
    List<List<String>> reqRegNumsList = null;
    if (requestedExtensions != null && conf.isInputFromRequestRequired()) {
        Extension extension = requestedExtensions.getExtension(type);
        if (extension == null) {
            failureMsg.append("no Admission extension is contained in the request;");
            return;
        }
        Admissions[] reqAdmissions = org.bouncycastle.asn1.isismtt.x509.AdmissionSyntax.getInstance(extension.getParsedValue()).getContentsOfAdmissions();
        final int n = reqAdmissions.length;
        reqRegNumsList = new ArrayList<>(n);
        for (int i = 0; i < n; i++) {
            Admissions reqAdmission = reqAdmissions[i];
            ProfessionInfo[] reqPis = reqAdmission.getProfessionInfos();
            List<String> reqNums = new ArrayList<>(reqPis.length);
            reqRegNumsList.add(reqNums);
            for (ProfessionInfo reqPi : reqPis) {
                String reqNum = reqPi.getRegistrationNumber();
                reqNums.add(reqNum);
            }
        }
    }
    try {
        byte[] expected = conf.getExtensionValue(reqRegNumsList).getValue().toASN1Primitive().getEncoded();
        if (!Arrays.equals(expected, extensionValue)) {
            addViolation(failureMsg, "extension valus", hex(extensionValue), hex(expected));
        }
    } catch (IOException ex) {
        LogUtil.error(LOG, ex);
        failureMsg.append("IOException while computing the expected extension value;");
        return;
    } catch (BadCertTemplateException ex) {
        LogUtil.error(LOG, ex);
        failureMsg.append("BadCertTemplateException while computing the expected extension value;");
    }
}
Also used : AdmissionSyntaxOption(org.xipki.ca.certprofile.commonpki.AdmissionSyntaxOption) ArrayList(java.util.ArrayList) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERT61String(org.bouncycastle.asn1.DERT61String) IOException(java.io.IOException) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) Extension(org.bouncycastle.asn1.x509.Extension) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) Admissions(org.bouncycastle.asn1.isismtt.x509.Admissions) ArrayList(java.util.ArrayList) List(java.util.List) LinkedList(java.util.LinkedList) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ProfessionInfo(org.bouncycastle.asn1.isismtt.x509.ProfessionInfo)

Example 98 with ASN1ObjectIdentifier

use of org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier in project xipki by xipki.

the class SubjectChecker method getRdnTextValueOfRequest.

private static String getRdnTextValueOfRequest(RDN requestedRdn) throws BadCertTemplateException {
    ASN1ObjectIdentifier type = requestedRdn.getFirst().getType();
    ASN1Encodable vec = requestedRdn.getFirst().getValue();
    if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(type)) {
        if (!(vec instanceof ASN1GeneralizedTime)) {
            throw new BadCertTemplateException("requested RDN is not of GeneralizedTime");
        }
        return ((ASN1GeneralizedTime) vec).getTimeString();
    } else if (ObjectIdentifiers.DN_POSTAL_ADDRESS.equals(type)) {
        if (!(vec instanceof ASN1Sequence)) {
            throw new BadCertTemplateException("requested RDN is not of Sequence");
        }
        ASN1Sequence seq = (ASN1Sequence) vec;
        final int n = seq.size();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < n; i++) {
            ASN1Encodable obj = seq.getObjectAt(i);
            String textValue = X509Util.rdnValueToString(obj);
            sb.append("[").append(i).append("]=").append(textValue).append(",");
        }
        return sb.toString();
    } else {
        return X509Util.rdnValueToString(vec);
    }
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERT61String(org.bouncycastle.asn1.DERT61String) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 99 with ASN1ObjectIdentifier

use of org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier in project xipki by xipki.

the class SubjectChecker method getAtvValueString.

private static String getAtvValueString(String name, AttributeTypeAndValue atv, StringType stringType, StringBuilder failureMsg) {
    ASN1ObjectIdentifier type = atv.getType();
    ASN1Encodable atvValue = atv.getValue();
    if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(type)) {
        if (!(atvValue instanceof ASN1GeneralizedTime)) {
            failureMsg.append(name).append(" is not of type GeneralizedTime; ");
            return null;
        }
        return ((ASN1GeneralizedTime) atvValue).getTimeString();
    } else if (ObjectIdentifiers.DN_POSTAL_ADDRESS.equals(type)) {
        if (!(atvValue instanceof ASN1Sequence)) {
            failureMsg.append(name).append(" is not of type Sequence; ");
            return null;
        }
        ASN1Sequence seq = (ASN1Sequence) atvValue;
        final int n = seq.size();
        StringBuilder sb = new StringBuilder();
        boolean validEncoding = true;
        for (int i = 0; i < n; i++) {
            ASN1Encodable obj = seq.getObjectAt(i);
            if (!matchStringType(obj, stringType)) {
                failureMsg.append(name).append(".[").append(i).append("] is not of type ").append(stringType.name()).append("; ");
                validEncoding = false;
                break;
            }
            String textValue = X509Util.rdnValueToString(obj);
            sb.append("[").append(i).append("]=").append(textValue).append(",");
        }
        if (!validEncoding) {
            return null;
        }
        return sb.toString();
    } else {
        if (!matchStringType(atvValue, stringType)) {
            failureMsg.append(name).append(" is not of type " + stringType.name()).append("; ");
            return null;
        }
        return X509Util.rdnValueToString(atvValue);
    }
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERT61String(org.bouncycastle.asn1.DERT61String) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 100 with ASN1ObjectIdentifier

use of org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier in project xipki by xipki.

the class ExtensionsChecker method createGeneralName.

private static GeneralName createGeneralName(GeneralName reqName, Set<GeneralNameMode> modes) throws BadCertTemplateException {
    int tag = reqName.getTagNo();
    GeneralNameMode mode = null;
    if (modes != null) {
        for (GeneralNameMode m : modes) {
            if (m.getTag().getTag() == tag) {
                mode = m;
                break;
            }
        }
        if (mode == null) {
            throw new BadCertTemplateException("generalName tag " + tag + " is not allowed");
        }
    }
    switch(tag) {
        case GeneralName.rfc822Name:
        case GeneralName.dNSName:
        case GeneralName.uniformResourceIdentifier:
        case GeneralName.iPAddress:
        case GeneralName.registeredID:
        case GeneralName.directoryName:
            return new GeneralName(tag, reqName.getName());
        case GeneralName.otherName:
            ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName());
            ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0));
            if (mode != null && !mode.getAllowedTypes().contains(type)) {
                throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed");
            }
            ASN1Encodable value = ASN1TaggedObject.getInstance(reqSeq.getObjectAt(1)).getObject();
            String text;
            if (!(value instanceof ASN1String)) {
                throw new BadCertTemplateException("otherName.value is not a String");
            } else {
                text = ((ASN1String) value).getString();
            }
            ASN1EncodableVector vector = new ASN1EncodableVector();
            vector.add(type);
            vector.add(new DERTaggedObject(true, 0, new DERUTF8String(text)));
            DERSequence seq = new DERSequence(vector);
            return new GeneralName(GeneralName.otherName, seq);
        case GeneralName.ediPartyName:
            reqSeq = ASN1Sequence.getInstance(reqName.getName());
            int size = reqSeq.size();
            String nameAssigner = null;
            int idx = 0;
            if (size > 1) {
                DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
                nameAssigner = ds.getString();
            }
            DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
            String partyName = ds.getString();
            vector = new ASN1EncodableVector();
            if (nameAssigner != null) {
                vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner)));
            }
            vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName)));
            seq = new DERSequence(vector);
            return new GeneralName(GeneralName.ediPartyName, seq);
        default:
            throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
    }
// end switch
}
Also used : GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERT61String(org.bouncycastle.asn1.DERT61String) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERSequence(org.bouncycastle.asn1.DERSequence) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)327 IOException (java.io.IOException)76 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)70 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)53 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)49 DEROctetString (org.bouncycastle.asn1.DEROctetString)48 DERIA5String (org.bouncycastle.asn1.DERIA5String)47 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)44 DERSequence (org.bouncycastle.asn1.DERSequence)41 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)38 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)36 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)35 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)35 Extension (org.bouncycastle.asn1.x509.Extension)33 ASN1String (org.bouncycastle.asn1.ASN1String)31 HashSet (java.util.HashSet)30 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)29 ArrayList (java.util.ArrayList)28 DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)27 X500Name (org.bouncycastle.asn1.x500.X500Name)27
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial