use of org.openecard.bouncycastle.asn1.ASN1OctetString in project xipki by xipki.
the class CmpUtil method addProtection.
public static PKIMessage addProtection(PKIMessage pkiMessage, ConcurrentContentSigner signer, GeneralName signerName, boolean addSignerCert) throws CMPException, NoIdleSignerException {
ParamUtil.requireNonNull("pkiMessage", pkiMessage);
ParamUtil.requireNonNull("signer", signer);
final GeneralName tmpSignerName;
if (signerName != null) {
tmpSignerName = signerName;
} else {
if (signer.getCertificate() == null) {
throw new IllegalArgumentException("signer without certificate is not allowed");
}
X500Name x500Name = X500Name.getInstance(signer.getCertificate().getSubjectX500Principal().getEncoded());
tmpSignerName = new GeneralName(x500Name);
}
PKIHeader header = pkiMessage.getHeader();
ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(tmpSignerName, header.getRecipient());
PKIFreeText freeText = header.getFreeText();
if (freeText != null) {
builder.setFreeText(freeText);
}
InfoTypeAndValue[] generalInfo = header.getGeneralInfo();
if (generalInfo != null) {
for (InfoTypeAndValue gi : generalInfo) {
builder.addGeneralInfo(gi);
}
}
ASN1OctetString octet = header.getRecipKID();
if (octet != null) {
builder.setRecipKID(octet.getOctets());
}
octet = header.getRecipNonce();
if (octet != null) {
builder.setRecipNonce(octet.getOctets());
}
octet = header.getSenderKID();
if (octet != null) {
builder.setSenderKID(octet.getOctets());
}
octet = header.getSenderNonce();
if (octet != null) {
builder.setSenderNonce(octet.getOctets());
}
octet = header.getTransactionID();
if (octet != null) {
builder.setTransactionID(octet.getOctets());
}
if (header.getMessageTime() != null) {
builder.setMessageTime(new Date());
}
builder.setBody(pkiMessage.getBody());
if (addSignerCert) {
X509CertificateHolder signerCert = signer.getBcCertificate();
builder.addCMPCertificate(signerCert);
}
ConcurrentBagEntrySigner signer0 = signer.borrowSigner();
ProtectedPKIMessage signedMessage;
try {
signedMessage = builder.build(signer0.value());
} finally {
signer.requiteSigner(signer0);
}
return signedMessage.toASN1Structure();
}
use of org.openecard.bouncycastle.asn1.ASN1OctetString in project candlepin by candlepin.
the class X509CRLStreamWriter method writeToEmptyCrl.
protected void writeToEmptyCrl(OutputStream out) throws IOException {
ASN1InputStream asn1in = null;
try {
asn1in = new ASN1InputStream(crlIn);
ASN1Sequence certListSeq = (ASN1Sequence) asn1in.readObject();
CertificateList certList = CertificateList.getInstance(certListSeq);
X509CRLHolder oldCrl = new X509CRLHolder(certList);
X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(oldCrl.getIssuer(), new Date());
crlBuilder.addCRL(oldCrl);
Date now = new Date();
Date oldNextUpdate = certList.getNextUpdate().getDate();
Date oldThisUpdate = certList.getThisUpdate().getDate();
Date nextUpdate = new Date(now.getTime() + (oldNextUpdate.getTime() - oldThisUpdate.getTime()));
crlBuilder.setNextUpdate(nextUpdate);
for (Object o : oldCrl.getExtensionOIDs()) {
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) o;
Extension ext = oldCrl.getExtension(oid);
if (oid.equals(Extension.cRLNumber)) {
ASN1OctetString octet = ext.getExtnValue();
ASN1Integer currentNumber = (ASN1Integer) new ASN1InputStream(octet.getOctets()).readObject();
ASN1Integer nextNumber = new ASN1Integer(currentNumber.getValue().add(BigInteger.ONE));
crlBuilder.addExtension(oid, ext.isCritical(), nextNumber);
} else if (oid.equals(Extension.authorityKeyIdentifier)) {
crlBuilder.addExtension(oid, ext.isCritical(), ext.getParsedValue());
}
}
for (DERSequence entry : newEntries) {
// XXX: This is all a bit messy considering the user already passed in the serial, date
// and reason.
BigInteger serial = ((ASN1Integer) entry.getObjectAt(0)).getValue();
Date revokeDate = ((Time) entry.getObjectAt(1)).getDate();
int reason = CRLReason.unspecified;
if (entry.size() == 3) {
Extensions extensions = (Extensions) entry.getObjectAt(2);
Extension reasonExt = extensions.getExtension(Extension.reasonCode);
if (reasonExt != null) {
reason = ((ASN1Enumerated) reasonExt.getParsedValue()).getValue().intValue();
}
}
crlBuilder.addCRLEntry(serial, revokeDate, reason);
}
if (signingAlg == null) {
signingAlg = oldCrl.toASN1Structure().getSignatureAlgorithm();
}
ContentSigner s;
try {
s = createContentSigner(signingAlg, key);
X509CRLHolder newCrl = crlBuilder.build(s);
out.write(newCrl.getEncoded());
} catch (OperatorCreationException e) {
throw new IOException("Could not sign CRL", e);
}
} finally {
IOUtils.closeQuietly(asn1in);
}
}
use of org.openecard.bouncycastle.asn1.ASN1OctetString in project candlepin by candlepin.
the class X509CRLStreamWriter method updateExtensions.
/**
* This method updates the crlNumber and authorityKeyIdentifier extensions. Any
* other extensions are copied over unchanged.
* @param obj
* @return
* @throws IOException
*/
@SuppressWarnings("rawtypes")
protected byte[] updateExtensions(byte[] obj) throws IOException {
ASN1TaggedObject taggedExts = (ASN1TaggedObject) new ASN1InputStream(obj).readObject();
ASN1Sequence seq = (ASN1Sequence) taggedExts.getObject();
ASN1EncodableVector modifiedExts = new ASN1EncodableVector();
// Now we need to read the extensions and find the CRL number and increment it,
// and determine if its length changed.
Enumeration objs = seq.getObjects();
while (objs.hasMoreElements()) {
ASN1Sequence ext = (ASN1Sequence) objs.nextElement();
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) ext.getObjectAt(0);
if (Extension.cRLNumber.equals(oid)) {
ASN1OctetString s = (ASN1OctetString) ext.getObjectAt(1);
ASN1Integer i = (ASN1Integer) new ASN1InputStream(s.getOctets()).readObject();
ASN1Integer newCrlNumber = new ASN1Integer(i.getValue().add(BigInteger.ONE));
Extension newNumberExt = new Extension(Extension.cRLNumber, false, new DEROctetString(newCrlNumber.getEncoded()));
ASN1EncodableVector crlNumber = new ASN1EncodableVector();
crlNumber.add(Extension.cRLNumber);
crlNumber.add(newNumberExt.getExtnValue());
modifiedExts.add(new DERSequence(crlNumber));
} else if (Extension.authorityKeyIdentifier.equals(oid)) {
Extension newAuthorityKeyExt = new Extension(Extension.authorityKeyIdentifier, false, aki.getEncoded());
ASN1EncodableVector aki = new ASN1EncodableVector();
aki.add(Extension.authorityKeyIdentifier);
aki.add(newAuthorityKeyExt.getExtnValue());
modifiedExts.add(new DERSequence(aki));
} else {
modifiedExts.add(ext);
}
}
ASN1Sequence seqOut = new DERSequence(modifiedExts);
ASN1TaggedObject out = new DERTaggedObject(true, 0, seqOut);
return out.getEncoded();
}
use of org.openecard.bouncycastle.asn1.ASN1OctetString in project keystore-explorer by kaikramer.
the class X509Ext method getStringValue.
/**
* Get extension value as a string.
*
* @return X509Extension value as a string
* @throws IOException If an ASN.1 coding problem occurs
* @throws IOException If an I/O problem occurs
*/
public String getStringValue() throws IOException {
// Convert value from DER encoded octet string value to binary DER encoding
ASN1OctetString octetString = ASN1OctetString.getInstance(ASN1Primitive.fromByteArray(value));
byte[] octets = octetString.getOctets();
X509ExtensionType type = X509ExtensionType.resolveOid(oid.getId());
// handle unknown OID
if (type == null) {
return HexUtil.getHexClearDump(octets);
}
switch(type) {
case ENTRUST_VERSION_INFORMATION:
return getEntrustVersionInformationStringValue(octets);
case AUTHORITY_INFORMATION_ACCESS:
return getAuthorityInformationAccessStringValue(octets);
case SUBJECT_INFORMATION_ACCESS:
return getSubjectInformationAccessStringValue(octets);
case SUBJECT_DIRECTORY_ATTRIBUTES:
return getSubjectDirectoryAttributesStringValue(octets);
case SUBJECT_KEY_IDENTIFIER:
return getSubjectKeyIndentifierStringValue(octets);
case KEY_USAGE:
return getKeyUsageStringValue(octets);
case PRIVATE_KEY_USAGE_PERIOD:
return getPrivateKeyUsagePeriodStringValue(octets);
case SUBJECT_ALTERNATIVE_NAME:
return getSubjectAlternativeNameStringValue(octets);
case ISSUER_ALTERNATIVE_NAME:
return getIssuerAlternativeNameStringValue(octets);
case BASIC_CONSTRAINTS:
return getBasicConstraintsStringValue(octets);
case CRL_NUMBER:
return getCrlNumberStringValue(octets);
case REASON_CODE:
return getReasonCodeStringValue(octets);
case HOLD_INSTRUCTION_CODE:
return getHoldInstructionCodeStringValue(octets);
case INVALIDITY_DATE:
return getInvalidityDateStringValue(octets);
case DELTA_CRL_INDICATOR:
return getDeltaCrlIndicatorStringValue(octets);
case ISSUING_DISTRIBUTION_POINT:
return getIssuingDistributionPointStringValue(octets);
case CERTIFICATE_ISSUER:
return getCertificateIssuerStringValue(octets);
case NAME_CONSTRAINTS:
return getNameConstraintsStringValue(octets);
case CRL_DISTRIBUTION_POINTS:
return getCrlDistributionPointsStringValue(octets);
case CERTIFICATE_POLICIES:
return getCertificatePoliciesStringValue(octets);
case POLICY_MAPPINGS:
return getPolicyMappingsStringValue(octets);
case AUTHORITY_KEY_IDENTIFIER:
return getAuthorityKeyIdentifierStringValue(octets);
case POLICY_CONSTRAINTS:
return getPolicyConstraintsStringValue(octets);
case EXTENDED_KEY_USAGE:
return getExtendedKeyUsageStringValue(octets);
case FRESHEST_CRL:
return getFreshestCrlStringValue(octets);
case INHIBIT_ANY_POLICY:
return getInhibitAnyPolicyStringValue(octets);
case NETSCAPE_CERTIFICATE_TYPE:
return getNetscapeCertificateTypeStringValue(octets);
case NETSCAPE_BASE_URL:
return getNetscapeBaseUrlStringValue(octets);
case NETSCAPE_REVOCATION_URL:
return getNetscapeRevocationUrlStringValue(octets);
case NETSCAPE_CA_REVOCATION_URL:
return getNetscapeCaRevocationUrlStringValue(octets);
case NETSCAPE_CERTIFICATE_RENEWAL_URL:
return getNetscapeCertificateRenewalStringValue(octets);
case NETSCAPE_CA_POLICY_URL:
return getNetscapeCaPolicyUrlStringValue(octets);
case NETSCAPE_SSL_SERVER_NAME:
return getNetscapeSslServerNameStringValue(octets);
case NETSCAPE_COMMENT:
return getNetscapeCommentStringValue(octets);
case BIOMETRIC_INFO:
return getBiometricInfoStringValue(octets);
case QC_STATEMENTS:
return getQcStatementsStringValue(octets);
case OCSP_NO_CHECK:
return getOcspNoCheckStringValue(octets);
case LIABILITY_LIMITATION_FLAG:
return getLiabilityLimitationFlagStringValue(octets);
case DATE_OF_CERT_GEN:
return getDateOfCertGenStringValue(octets);
case PROCURATION:
return getProcurationStringValue(octets);
case ADMISSION:
return getAdmissionStringValue(octets);
case MONETARY_LIMIT:
return getMonetaryLimitStringValue(octets);
case DECLARATION_OF_MAJORITY:
return getDeclarationOfMajorityStringValue(octets);
case ICCSN:
return getICCSNStringValue(octets);
case RESTRICTION:
return getRestrictionStringValue(octets);
case ADDITIONAL_INFORMATION:
return getAdditionalInformationStringValue(octets);
case VALIDITY_MODEL:
return getValidityModelStringValue(octets);
case MS_ENROLL_CERT_TYPE_EXTENSION:
return getMsCertTypeStringValue(octets);
case MS_CA_VERSION:
return getMsCaVersionStringValue(octets);
case MS_CRL_NEXT_PUBLISH:
return getMsCrlNextPublishStringValue(octets);
case MS_CERTIFICATE_TEMPLATE:
return getMsCertificateTemplateStringValue(octets);
case MS_APPLICATION_POLICIES:
return HexUtil.getHexClearDump(octets);
case SMIME_CAPABILITIES:
return getSMIMECapabilitiesStringValue(octets);
case VS_CZAG:
case VS_FIDELITY_TOKEN:
case VS_IN_BOX_V1:
case VS_IN_BOX_V2:
case VS_SERIAL_NUMBER_ROLLOVER:
case VS_ON_SITE_JURISDICTION_HASH:
// most VeriSign extensions contain just an IA5STRING
return DERIA5String.getInstance(octets).getString();
case VS_TOKEN_TYPE:
case VS_UNKNOWN:
return getBitString(octets);
case VS_NON_VERIFIED:
return getVeriSignNonVerified(octets);
default:
// X509Extension not recognized or means to output it not defined - just dump out hex and clear text
return HexUtil.getHexClearDump(octets);
}
}
use of org.openecard.bouncycastle.asn1.ASN1OctetString in project keystore-explorer by kaikramer.
the class X509Ext method getBiometricInfoStringValue.
private String getBiometricInfoStringValue(byte[] octets) {
// @formatter:off
/*
BiometricSyntax ::= SEQUENCE OF BiometricData
BiometricData ::= SEQUENCE
{
typeOfBiometricData TypeOfBiometricData,
hashAlgorithm AlgorithmIdentifier,
biometricDataHash OCTET STRING,
sourceDataUri IA5String OPTIONAL
}
TypeOfBiometricData ::= CHOICE
{
predefinedBiometricType PredefinedBiometricType,
biometricDataId OBJECT IDENTIIFER
}
PredefinedBiometricType ::= INTEGER
{
picture(0),
handwritten-signature(1)
}
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
int biometricDataNr = 0;
ASN1Sequence asn1Sequence = ASN1Sequence.getInstance(octets);
for (ASN1Encodable asn1Encodable : asn1Sequence.toArray()) {
BiometricData biometricData = BiometricData.getInstance(asn1Encodable);
TypeOfBiometricData typeOfBiometricData = biometricData.getTypeOfBiometricData();
AlgorithmIdentifier hashAlgorithm = biometricData.getHashAlgorithm();
ASN1OctetString biometricDataHash = biometricData.getBiometricDataHash();
DERIA5String sourceDataUri = biometricData.getSourceDataUri();
sb.append(MessageFormat.format(res.getString("BiometricInfo.BiometricData"), biometricDataNr));
sb.append(NEWLINE);
sb.append(INDENT);
if (typeOfBiometricData.isPredefined()) {
int type = typeOfBiometricData.getPredefinedBiometricType();
sb.append(MessageFormat.format(res.getString("BiometricInfo.TypeOfBiometricData"), type));
} else {
String biometricDataOid = typeOfBiometricData.getBiometricDataOid().getId();
sb.append(MessageFormat.format(res.getString("BiometricInfo.TypeOfBiometricData"), biometricDataOid));
}
sb.append(NEWLINE);
sb.append(INDENT);
sb.append(MessageFormat.format(res.getString("BiometricInfo.HashAlgorithm"), hashAlgorithm.getAlgorithm().getId()));
sb.append(NEWLINE);
sb.append(INDENT);
sb.append(MessageFormat.format(res.getString("BiometricInfo.BiometricDataHash"), HexUtil.getHexString(biometricDataHash.getOctets())));
sb.append(NEWLINE);
if (sourceDataUri != null) {
// optional
sb.append(INDENT);
sb.append(MessageFormat.format(res.getString("BiometricInfo.SourceDataUri"), sourceDataUri.toString()));
sb.append(NEWLINE);
}
}
return sb.toString();
}
Aggregations