use of org.openecard.bouncycastle.asn1.ASN1OctetString in project oxCore by GluuFederation.
the class LdapOperationsServiceImpl method search.
/*
* (non-Javadoc)
*
* @see org.gluu.site.ldap.PlatformOperationFacade#search(java.lang.String,
* com.unboundid.ldap.sdk.Filter, org.xdi.ldap.model.SearchScope,
* org.gluu.site.ldap.persistence.BatchOperation, int, int, int,
* com.unboundid.ldap.sdk.Control[], java.lang.String)
*/
@Override
public <T> SearchResult search(String dn, Filter filter, SearchScope scope, LdapBatchOperationWraper<T> batchOperationWraper, int startIndex, int searchLimit, int sizeLimit, Control[] controls, String... attributes) throws SearchException {
SearchRequest searchRequest;
BatchOperation<T> ldapBatchOperation = null;
if (batchOperationWraper != null) {
ldapBatchOperation = (BatchOperation<T>) batchOperationWraper.getBatchOperation();
}
if (LOG.isTraceEnabled()) {
// Find whole tree search
if (StringHelper.equalsIgnoreCase(dn, "o=gluu")) {
LOG.trace("Search in whole LDAP tree", new Exception());
}
}
if (attributes == null) {
searchRequest = new SearchRequest(dn, scope, filter);
} else {
searchRequest = new SearchRequest(dn, scope, filter, attributes);
}
boolean useSizeLimit = sizeLimit > 0;
if (useSizeLimit) {
// Use paged result to limit search
searchLimit = sizeLimit;
}
SearchResult searchResult = null;
List<SearchResult> searchResultList = new ArrayList<SearchResult>();
List<SearchResultEntry> searchResultEntries = new ArrayList<SearchResultEntry>();
List<SearchResultReference> searchResultReferences = new ArrayList<SearchResultReference>();
if ((searchLimit > 0) || (startIndex > 0)) {
if (searchLimit == 0) {
// Default page size
searchLimit = 100;
}
boolean collectSearchResult;
LDAPConnection ldapConnection = null;
try {
ldapConnection = getConnectionPool().getConnection();
ASN1OctetString cookie = null;
if (startIndex > 0) {
try {
cookie = scrollSimplePagedResultsControl(ldapConnection, dn, filter, scope, controls, startIndex);
} catch (InvalidSimplePageControlException ex) {
throw new LDAPSearchException(ex.getResultCode(), "Failed to scroll to specified startIndex", ex);
} catch (LDAPException ex) {
throw new LDAPSearchException(ex.getResultCode(), "Failed to scroll to specified startIndex", ex);
}
}
do {
collectSearchResult = true;
searchRequest.setControls(new Control[] { new SimplePagedResultsControl(searchLimit, cookie) });
setControls(searchRequest, controls);
searchResult = ldapConnection.search(searchRequest);
if (ldapBatchOperation != null) {
collectSearchResult = ldapBatchOperation.collectSearchResult(searchResult.getEntryCount());
}
if (collectSearchResult) {
searchResultList.add(searchResult);
searchResultEntries.addAll(searchResult.getSearchEntries());
searchResultReferences.addAll(searchResult.getSearchReferences());
}
if (ldapBatchOperation != null) {
List<T> entries = batchOperationWraper.createEntities(searchResult);
ldapBatchOperation.performAction(entries);
}
cookie = null;
try {
SimplePagedResultsControl c = SimplePagedResultsControl.get(searchResult);
if (c != null) {
cookie = c.getCookie();
}
} catch (LDAPException ex) {
LOG.error("Error while accessing cookies" + ex.getMessage());
}
if (useSizeLimit) {
break;
}
} while ((cookie != null) && (cookie.getValueLength() > 0));
} catch (LDAPException ex) {
throw new SearchException("Failed to scroll to specified startIndex", ex, ex.getResultCode().intValue());
} finally {
if (ldapConnection != null) {
getConnectionPool().releaseConnection(ldapConnection);
}
}
if (!collectSearchResult) {
return new SearchResult(searchResult.getMessageID(), searchResult.getResultCode(), searchResult.getDiagnosticMessage(), searchResult.getMatchedDN(), searchResult.getReferralURLs(), searchResultEntries, searchResultReferences, searchResultEntries.size(), searchResultReferences.size(), searchResult.getResponseControls());
}
if (!searchResultList.isEmpty()) {
SearchResult searchResultTemp = searchResultList.get(0);
return new SearchResult(searchResultTemp.getMessageID(), searchResultTemp.getResultCode(), searchResultTemp.getDiagnosticMessage(), searchResultTemp.getMatchedDN(), searchResultTemp.getReferralURLs(), searchResultEntries, searchResultReferences, searchResultEntries.size(), searchResultReferences.size(), searchResultTemp.getResponseControls());
}
} else {
setControls(searchRequest, controls);
try {
searchResult = getConnectionPool().search(searchRequest);
} catch (LDAPSearchException ex) {
throw new SearchException(ex.getMessage(), ex, ex.getResultCode().intValue());
}
}
return searchResult;
}
use of org.openecard.bouncycastle.asn1.ASN1OctetString in project xipki by xipki.
the class X509CaCmpResponderImpl method postProcessCertInfo.
// method generateCertificates
private CertResponse postProcessCertInfo(ASN1Integer certReqId, X509CertificateInfo certInfo, ASN1OctetString tid, CmpControl cmpControl) {
if (cmpControl.isConfirmCert()) {
pendingCertPool.addCertificate(tid.getOctets(), certReqId.getPositiveValue(), certInfo, System.currentTimeMillis() + cmpControl.getConfirmWaitTimeMs());
}
String warningMsg = certInfo.getWarningMessage();
PKIStatusInfo statusInfo;
if (StringUtil.isBlank(warningMsg)) {
statusInfo = certInfo.isAlreadyIssued() ? new PKIStatusInfo(PKIStatus.grantedWithMods, new PKIFreeText("ALREADY_ISSUED")) : new PKIStatusInfo(PKIStatus.granted);
} else {
statusInfo = new PKIStatusInfo(PKIStatus.grantedWithMods, new PKIFreeText(warningMsg));
}
CertOrEncCert cec = new CertOrEncCert(CMPCertificate.getInstance(certInfo.getCert().getEncodedCert()));
CertifiedKeyPair kp = new CertifiedKeyPair(cec);
return new CertResponse(certReqId, statusInfo, kp, null);
}
use of org.openecard.bouncycastle.asn1.ASN1OctetString in project xipki by xipki.
the class X509CaCmpResponderImpl method processPkiMessage0.
@Override
protected PKIMessage processPkiMessage0(PKIMessage request, RequestorInfo requestor, ASN1OctetString tid, GeneralPKIMessage message, String msgId, AuditEvent event) {
if (!(requestor instanceof CmpRequestorInfo)) {
throw new IllegalArgumentException("unknown requestor type " + requestor.getClass().getName());
}
CmpRequestorInfo tmpRequestor = (CmpRequestorInfo) requestor;
event.addEventData(CaAuditConstants.NAME_requestor, tmpRequestor.getIdent().getName());
PKIHeader reqHeader = message.getHeader();
PKIHeaderBuilder respHeader = new PKIHeaderBuilder(reqHeader.getPvno().getValue().intValue(), getSender(), reqHeader.getSender());
respHeader.setTransactionID(tid);
ASN1OctetString senderNonce = reqHeader.getSenderNonce();
if (senderNonce != null) {
respHeader.setRecipNonce(senderNonce);
}
PKIBody respBody;
PKIBody reqBody = message.getBody();
final int type = reqBody.getType();
CmpControl cmpControl = getCmpControl();
try {
switch(type) {
case PKIBody.TYPE_CERT_REQ:
case PKIBody.TYPE_KEY_UPDATE_REQ:
case PKIBody.TYPE_P10_CERT_REQ:
case PKIBody.TYPE_CROSS_CERT_REQ:
String eventType = null;
if (PKIBody.TYPE_CERT_REQ == type) {
eventType = CaAuditConstants.TYPE_CMP_cr;
} else if (PKIBody.TYPE_KEY_UPDATE_REQ == type) {
eventType = CaAuditConstants.TYPE_CMP_kur;
} else if (PKIBody.TYPE_P10_CERT_REQ == type) {
eventType = CaAuditConstants.TYPE_CMP_p10Cr;
} else if (PKIBody.TYPE_CROSS_CERT_REQ == type) {
eventType = CaAuditConstants.TYPE_CMP_ccr;
}
if (eventType != null) {
event.addEventType(eventType);
}
respBody = cmpEnrollCert(request, respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, tid, msgId, event);
break;
case PKIBody.TYPE_CERT_CONFIRM:
event.addEventType(CaAuditConstants.TYPE_CMP_certConf);
CertConfirmContent certConf = (CertConfirmContent) reqBody.getContent();
respBody = confirmCertificates(tid, certConf, msgId);
break;
case PKIBody.TYPE_REVOCATION_REQ:
respBody = cmpUnRevokeRemoveCertificates(request, respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, msgId, event);
break;
case PKIBody.TYPE_CONFIRM:
event.addEventType(CaAuditConstants.TYPE_CMP_pkiConf);
respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE);
break;
case PKIBody.TYPE_GEN_MSG:
respBody = cmpGeneralMsg(respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, tid, msgId, event);
break;
case PKIBody.TYPE_ERROR:
event.addEventType(CaAuditConstants.TYPE_CMP_error);
revokePendingCertificates(tid, msgId);
respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE);
break;
default:
event.addEventType("PKIBody." + type);
respBody = buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badRequest, "unsupported type " + type);
break;
}
// end switch (type)
} catch (InsuffientPermissionException ex) {
ErrorMsgContent emc = new ErrorMsgContent(new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText(ex.getMessage()), new PKIFailureInfo(PKIFailureInfo.notAuthorized)));
respBody = new PKIBody(PKIBody.TYPE_ERROR, emc);
}
if (respBody.getType() == PKIBody.TYPE_ERROR) {
ErrorMsgContent errorMsgContent = (ErrorMsgContent) respBody.getContent();
AuditStatus auditStatus = AuditStatus.FAILED;
org.xipki.cmp.PkiStatusInfo pkiStatus = new org.xipki.cmp.PkiStatusInfo(errorMsgContent.getPKIStatusInfo());
if (pkiStatus.pkiFailureInfo() == PKIFailureInfo.systemFailure) {
auditStatus = AuditStatus.FAILED;
}
event.setStatus(auditStatus);
String statusString = pkiStatus.statusMessage();
if (statusString != null) {
event.addEventData(CaAuditConstants.NAME_message, statusString);
}
} else if (event.getStatus() == null) {
event.setStatus(AuditStatus.SUCCESSFUL);
}
return new PKIMessage(respHeader.build(), respBody);
}
use of org.openecard.bouncycastle.asn1.ASN1OctetString in project xipki by xipki.
the class X509CrlSignerEntryWrapper method initSigner.
public void initSigner(SecurityFactory securityFactory) throws XiSecurityException, OperationException, InvalidConfException {
ParamUtil.requireNonNull("securityFactory", securityFactory);
if (signer != null) {
return;
}
if (dbEntry == null) {
throw new XiSecurityException("dbEntry is null");
}
if ("CA".equals(dbEntry.getType())) {
return;
}
dbEntry.setConfFaulty(true);
X509Certificate responderCert = dbEntry.getCert();
try {
signer = securityFactory.createSigner(dbEntry.getType(), new SignerConf(dbEntry.getConf()), responderCert);
} catch (ObjectCreationException ex1) {
throw new XiSecurityException("signer without certificate is not allowed");
}
X509Certificate signerCert = signer.getCertificate();
if (signerCert == null) {
throw new XiSecurityException("signer without certificate is not allowed");
}
if (dbEntry.getBase64Cert() == null) {
dbEntry.setCert(signerCert);
}
byte[] encodedSkiValue = signerCert.getExtensionValue(Extension.subjectKeyIdentifier.getId());
if (encodedSkiValue == null) {
throw new OperationException(ErrorCode.INVALID_EXTENSION, "CA certificate does not have required extension SubjectKeyIdentifier");
}
ASN1OctetString ski;
try {
ski = (ASN1OctetString) X509ExtensionUtil.fromExtensionValue(encodedSkiValue);
} catch (IOException ex) {
throw new OperationException(ErrorCode.INVALID_EXTENSION, ex);
}
this.subjectKeyIdentifier = ski.getOctets();
if (!X509Util.hasKeyusage(signerCert, KeyUsage.cRLSign)) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, "CRL signer does not have keyusage cRLSign");
}
dbEntry.setConfFaulty(false);
}
use of org.openecard.bouncycastle.asn1.ASN1OctetString in project xipki by xipki.
the class CsrGenAction method execute0.
@Override
protected Object execute0() throws Exception {
hashAlgo = hashAlgo.trim().toUpperCase();
if (hashAlgo.indexOf('-') != -1) {
hashAlgo = hashAlgo.replaceAll("-", "");
}
if (needExtensionTypes == null) {
needExtensionTypes = new LinkedList<>();
}
if (wantExtensionTypes == null) {
wantExtensionTypes = new LinkedList<>();
}
// SubjectAltNames
List<Extension> extensions = new LinkedList<>();
ASN1OctetString extnValue = createExtnValueSubjectAltName();
if (extnValue != null) {
ASN1ObjectIdentifier oid = Extension.subjectAlternativeName;
extensions.add(new Extension(oid, false, extnValue));
needExtensionTypes.add(oid.getId());
}
// SubjectInfoAccess
extnValue = createExtnValueSubjectInfoAccess();
if (extnValue != null) {
ASN1ObjectIdentifier oid = Extension.subjectInfoAccess;
extensions.add(new Extension(oid, false, extnValue));
needExtensionTypes.add(oid.getId());
}
// Keyusage
if (isNotEmpty(keyusages)) {
Set<KeyUsage> usages = new HashSet<>();
for (String usage : keyusages) {
usages.add(KeyUsage.getKeyUsage(usage));
}
org.bouncycastle.asn1.x509.KeyUsage extValue = X509Util.createKeyUsage(usages);
ASN1ObjectIdentifier extType = Extension.keyUsage;
extensions.add(new Extension(extType, false, extValue.getEncoded()));
needExtensionTypes.add(extType.getId());
}
// ExtendedKeyusage
if (isNotEmpty(extkeyusages)) {
ExtendedKeyUsage extValue = X509Util.createExtendedUsage(textToAsn1ObjectIdentifers(extkeyusages));
ASN1ObjectIdentifier extType = Extension.extendedKeyUsage;
extensions.add(new Extension(extType, false, extValue.getEncoded()));
needExtensionTypes.add(extType.getId());
}
// QcEuLimitValue
if (isNotEmpty(qcEuLimits)) {
ASN1EncodableVector vec = new ASN1EncodableVector();
for (String m : qcEuLimits) {
StringTokenizer st = new StringTokenizer(m, ":");
try {
String currencyS = st.nextToken();
String amountS = st.nextToken();
String exponentS = st.nextToken();
Iso4217CurrencyCode currency;
try {
int intValue = Integer.parseInt(currencyS);
currency = new Iso4217CurrencyCode(intValue);
} catch (NumberFormatException ex) {
currency = new Iso4217CurrencyCode(currencyS);
}
int amount = Integer.parseInt(amountS);
int exponent = Integer.parseInt(exponentS);
MonetaryValue monterayValue = new MonetaryValue(currency, amount, exponent);
QCStatement statment = new QCStatement(ObjectIdentifiers.id_etsi_qcs_QcLimitValue, monterayValue);
vec.add(statment);
} catch (Exception ex) {
throw new Exception("invalid qc-eu-limit '" + m + "'");
}
}
ASN1ObjectIdentifier extType = Extension.qCStatements;
ASN1Sequence extValue = new DERSequence(vec);
extensions.add(new Extension(extType, false, extValue.getEncoded()));
needExtensionTypes.add(extType.getId());
}
// biometricInfo
if (biometricType != null && biometricHashAlgo != null && biometricFile != null) {
TypeOfBiometricData tmpBiometricType = StringUtil.isNumber(biometricType) ? new TypeOfBiometricData(Integer.parseInt(biometricType)) : new TypeOfBiometricData(new ASN1ObjectIdentifier(biometricType));
ASN1ObjectIdentifier tmpBiometricHashAlgo = AlgorithmUtil.getHashAlg(biometricHashAlgo);
byte[] biometricBytes = IoUtil.read(biometricFile);
MessageDigest md = MessageDigest.getInstance(tmpBiometricHashAlgo.getId());
md.reset();
byte[] tmpBiometricDataHash = md.digest(biometricBytes);
DERIA5String tmpSourceDataUri = null;
if (biometricUri != null) {
tmpSourceDataUri = new DERIA5String(biometricUri);
}
BiometricData biometricData = new BiometricData(tmpBiometricType, new AlgorithmIdentifier(tmpBiometricHashAlgo), new DEROctetString(tmpBiometricDataHash), tmpSourceDataUri);
ASN1EncodableVector vec = new ASN1EncodableVector();
vec.add(biometricData);
ASN1ObjectIdentifier extType = Extension.biometricInfo;
ASN1Sequence extValue = new DERSequence(vec);
extensions.add(new Extension(extType, false, extValue.getEncoded()));
needExtensionTypes.add(extType.getId());
} else if (biometricType == null && biometricHashAlgo == null && biometricFile == null) {
// Do nothing
} else {
throw new Exception("either all of biometric triples (type, hash algo, file)" + " must be set or none of them should be set");
}
for (Extension addExt : getAdditionalExtensions()) {
extensions.add(addExt);
}
needExtensionTypes.addAll(getAdditionalNeedExtensionTypes());
wantExtensionTypes.addAll(getAdditionalWantExtensionTypes());
if (isNotEmpty(needExtensionTypes) || isNotEmpty(wantExtensionTypes)) {
ExtensionExistence ee = new ExtensionExistence(textToAsn1ObjectIdentifers(needExtensionTypes), textToAsn1ObjectIdentifers(wantExtensionTypes));
extensions.add(new Extension(ObjectIdentifiers.id_xipki_ext_cmpRequestExtensions, false, ee.toASN1Primitive().getEncoded()));
}
ConcurrentContentSigner signer = getSigner(new SignatureAlgoControl(rsaMgf1, dsaPlain, gm));
Map<ASN1ObjectIdentifier, ASN1Encodable> attributes = new HashMap<>();
if (CollectionUtil.isNonEmpty(extensions)) {
attributes.put(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new Extensions(extensions.toArray(new Extension[0])));
}
if (StringUtil.isNotBlank(challengePassword)) {
attributes.put(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(challengePassword));
}
SubjectPublicKeyInfo subjectPublicKeyInfo;
if (signer.getCertificate() != null) {
Certificate cert = Certificate.getInstance(signer.getCertificate().getEncoded());
subjectPublicKeyInfo = cert.getSubjectPublicKeyInfo();
} else {
subjectPublicKeyInfo = KeyUtil.createSubjectPublicKeyInfo(signer.getPublicKey());
}
X500Name subjectDn = getSubject(subject);
PKCS10CertificationRequest csr = generateRequest(signer, subjectPublicKeyInfo, subjectDn, attributes);
File file = new File(outputFilename);
saveVerbose("saved CSR to file", file, csr.getEncoded());
return null;
}
Aggregations