Search in sources :

Example 76 with ASN1Sequence

use of org.openecard.bouncycastle.asn1.ASN1Sequence in project xipki by xipki.

the class X509CmpRequestor method retrieveCaInfo.

public CaInfo retrieveCaInfo(String caName, RequestResponseDebug debug) throws CmpRequestorException, PkiErrorException {
    ParamUtil.requireNonBlank("caName", caName);
    ASN1EncodableVector vec = new ASN1EncodableVector();
    vec.add(new ASN1Integer(2));
    ASN1Sequence acceptVersions = new DERSequence(vec);
    int action = XiSecurityConstants.CMP_ACTION_GET_CAINFO;
    PKIMessage request = buildMessageWithXipkAction(action, acceptVersions);
    PkiResponse response = signAndSend(request, debug);
    ASN1Encodable itvValue = extractXipkiActionRepContent(response, action);
    DERUTF8String utf8Str = DERUTF8String.getInstance(itvValue);
    String systemInfoStr = utf8Str.getString();
    LOG.debug("CAInfo for CA {}: {}", caName, systemInfoStr);
    Document doc;
    try {
        doc = xmlDocBuilder.parse(new ByteArrayInputStream(systemInfoStr.getBytes("UTF-8")));
    } catch (SAXException | IOException ex) {
        throw new CmpRequestorException("could not parse the returned systemInfo for CA " + caName + ": " + ex.getMessage(), ex);
    }
    final String namespace = null;
    Element root = doc.getDocumentElement();
    String str = root.getAttribute("version");
    if (StringUtil.isBlank(str)) {
        str = root.getAttributeNS(namespace, "version");
    }
    int version = StringUtil.isBlank(str) ? 1 : Integer.parseInt(str);
    if (version == 2) {
        // CACert
        X509Certificate caCert;
        String b64CaCert = XmlUtil.getValueOfFirstElementChild(root, namespace, "CACert");
        try {
            caCert = X509Util.parseBase64EncodedCert(b64CaCert);
        } catch (CertificateException ex) {
            throw new CmpRequestorException("could no parse the CA certificate", ex);
        }
        // CmpControl
        ClientCmpControl cmpControl = null;
        Element cmpCtrlElement = XmlUtil.getFirstElementChild(root, namespace, "cmpControl");
        if (cmpCtrlElement != null) {
            String tmpStr = XmlUtil.getValueOfFirstElementChild(cmpCtrlElement, namespace, "rrAkiRequired");
            boolean required = (tmpStr == null) ? false : Boolean.parseBoolean(tmpStr);
            cmpControl = new ClientCmpControl(required);
        }
        // certprofiles
        Set<String> profileNames = new HashSet<>();
        Element profilesElement = XmlUtil.getFirstElementChild(root, namespace, "certprofiles");
        Set<CertprofileInfo> profiles = new HashSet<>();
        if (profilesElement != null) {
            List<Element> profileElements = XmlUtil.getElementChilden(profilesElement, namespace, "certprofile");
            for (Element element : profileElements) {
                String name = XmlUtil.getValueOfFirstElementChild(element, namespace, "name");
                String type = XmlUtil.getValueOfFirstElementChild(element, namespace, "type");
                String conf = XmlUtil.getValueOfFirstElementChild(element, namespace, "conf");
                CertprofileInfo profile = new CertprofileInfo(name, type, conf);
                profiles.add(profile);
                profileNames.add(name);
                LOG.debug("configured for CA {} certprofile (name={}, type={}, conf={})", caName, name, type, conf);
            }
        }
        LOG.info("CA {} supports profiles {}", caName, profileNames);
        return new CaInfo(caCert, cmpControl, profiles);
    } else {
        throw new CmpRequestorException("unknown CAInfo version " + version);
    }
}
Also used : PkiResponse(org.xipki.cmp.PkiResponse) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) Element(org.w3c.dom.Element) CertificateException(java.security.cert.CertificateException) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DEROctetString(org.bouncycastle.asn1.DEROctetString) Document(org.w3c.dom.Document) SAXException(org.xml.sax.SAXException) DERSequence(org.bouncycastle.asn1.DERSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) HashSet(java.util.HashSet) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) CertprofileInfo(org.xipki.ca.client.api.CertprofileInfo) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ByteArrayInputStream(java.io.ByteArrayInputStream)

Example 77 with ASN1Sequence

use of org.openecard.bouncycastle.asn1.ASN1Sequence in project xipki by xipki.

the class X509CertprofileUtil method createGeneralName.

/**
 * Creates GeneralName.
 *
 * @param requestedName
 *          Requested name. Must not be {@code null}.
 * @param modes
 *          Modes to be considered. Must not be {@code null}.
 * @return the created GeneralName
 * @throws BadCertTemplateException
 *         If requestedName is invalid or contains entries which are not allowed in the modes.
 */
public static GeneralName createGeneralName(GeneralName requestedName, Set<GeneralNameMode> modes) throws BadCertTemplateException {
    ParamUtil.requireNonNull("requestedName", requestedName);
    int tag = requestedName.getTagNo();
    GeneralNameMode mode = null;
    if (modes != null) {
        for (GeneralNameMode m : modes) {
            if (m.getTag().getTag() == tag) {
                mode = m;
                break;
            }
        }
        if (mode == null) {
            throw new BadCertTemplateException("generalName tag " + tag + " is not allowed");
        }
    }
    switch(tag) {
        case GeneralName.rfc822Name:
        case GeneralName.dNSName:
        case GeneralName.uniformResourceIdentifier:
        case GeneralName.iPAddress:
        case GeneralName.registeredID:
        case GeneralName.directoryName:
            return new GeneralName(tag, requestedName.getName());
        case GeneralName.otherName:
            ASN1Sequence reqSeq = ASN1Sequence.getInstance(requestedName.getName());
            int size = reqSeq.size();
            if (size != 2) {
                throw new BadCertTemplateException("invalid otherName sequence: size is not 2: " + size);
            }
            ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0));
            if (mode != null && !mode.getAllowedTypes().contains(type)) {
                throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed");
            }
            ASN1Encodable asn1 = reqSeq.getObjectAt(1);
            if (!(asn1 instanceof ASN1TaggedObject)) {
                throw new BadCertTemplateException("otherName.value is not tagged Object");
            }
            int tagNo = ASN1TaggedObject.getInstance(asn1).getTagNo();
            if (tagNo != 0) {
                throw new BadCertTemplateException("otherName.value does not have tag 0: " + tagNo);
            }
            ASN1EncodableVector vector = new ASN1EncodableVector();
            vector.add(type);
            vector.add(new DERTaggedObject(true, 0, ASN1TaggedObject.getInstance(asn1).getObject()));
            DERSequence seq = new DERSequence(vector);
            return new GeneralName(GeneralName.otherName, seq);
        case GeneralName.ediPartyName:
            reqSeq = ASN1Sequence.getInstance(requestedName.getName());
            size = reqSeq.size();
            String nameAssigner = null;
            int idx = 0;
            if (size > 1) {
                DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
                nameAssigner = ds.getString();
            }
            DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
            String partyName = ds.getString();
            vector = new ASN1EncodableVector();
            if (nameAssigner != null) {
                vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner)));
            }
            vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName)));
            seq = new DERSequence(vector);
            return new GeneralName(GeneralName.ediPartyName, seq);
        default:
            throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
    }
// end switch (tag)
}
Also used : GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERSequence(org.bouncycastle.asn1.DERSequence) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 78 with ASN1Sequence

use of org.openecard.bouncycastle.asn1.ASN1Sequence in project xipki by xipki.

the class ProxyP11Module method refresh.

public void refresh() throws P11TokenException {
    byte[] resp = send(P11ProxyConstants.ACTION_GET_SERVER_CAPS, null);
    Asn1ServerCaps caps;
    try {
        caps = Asn1ServerCaps.getInstance(resp);
    } catch (BadAsn1ObjectException ex) {
        throw new P11TokenException("response is a valid Asn1ServerCaps", ex);
    }
    if (!caps.getVersions().contains(version)) {
        throw new P11TokenException("Server does not support any version supported by the client");
    }
    this.readOnly = caps.isReadOnly();
    resp = send(P11ProxyConstants.ACTION_GET_SLOT_IDS, null);
    ASN1Sequence seq;
    try {
        seq = ASN1Sequence.getInstance(resp);
    } catch (IllegalArgumentException ex) {
        throw new P11TokenException("response is not ASN1Sequence", ex);
    }
    final int n = seq.size();
    Set<P11Slot> slots = new HashSet<>();
    for (int i = 0; i < n; i++) {
        Asn1P11SlotIdentifier asn1SlotId;
        try {
            ASN1Encodable obj = seq.getObjectAt(i);
            asn1SlotId = Asn1P11SlotIdentifier.getInstance(obj);
        } catch (Exception ex) {
            throw new P11TokenException(ex.getMessage(), ex);
        }
        P11SlotIdentifier slotId = asn1SlotId.getSlotId();
        if (!conf.isSlotIncluded(slotId)) {
            continue;
        }
        if (!conf.isSlotIncluded(slotId)) {
            LOG.info("skipped slot {}", slotId);
            continue;
        }
        P11Slot slot = new ProxyP11Slot(this, slotId, conf.isReadOnly(), conf.getP11MechanismFilter());
        slots.add(slot);
    }
    setSlots(slots);
}
Also used : Asn1ServerCaps(org.xipki.p11proxy.msg.Asn1ServerCaps) Asn1P11SlotIdentifier(org.xipki.p11proxy.msg.Asn1P11SlotIdentifier) P11SlotIdentifier(org.xipki.security.pkcs11.P11SlotIdentifier) P11TokenException(org.xipki.security.exception.P11TokenException) P11Slot(org.xipki.security.pkcs11.P11Slot) P11TokenException(org.xipki.security.exception.P11TokenException) BadAsn1ObjectException(org.xipki.security.exception.BadAsn1ObjectException) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) BadAsn1ObjectException(org.xipki.security.exception.BadAsn1ObjectException) HashSet(java.util.HashSet) Asn1P11SlotIdentifier(org.xipki.p11proxy.msg.Asn1P11SlotIdentifier)

Example 79 with ASN1Sequence

use of org.openecard.bouncycastle.asn1.ASN1Sequence in project android_packages_apps_Settings by DirtyUnicorns.

the class CertInstallerHelper method isCa.

private boolean isCa(X509Certificate cert) {
    try {
        byte[] asn1EncodedBytes = cert.getExtensionValue("2.5.29.19");
        if (asn1EncodedBytes == null) {
            return false;
        }
        DEROctetString derOctetString = (DEROctetString) new ASN1InputStream(asn1EncodedBytes).readObject();
        byte[] octets = derOctetString.getOctets();
        ASN1Sequence sequence = (ASN1Sequence) new ASN1InputStream(octets).readObject();
        return BasicConstraints.getInstance(sequence).isCA();
    } catch (IOException e) {
        return false;
    }
}
Also used : ASN1InputStream(com.android.org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(com.android.org.bouncycastle.asn1.ASN1Sequence) IOException(java.io.IOException) DEROctetString(com.android.org.bouncycastle.asn1.DEROctetString)

Example 80 with ASN1Sequence

use of org.openecard.bouncycastle.asn1.ASN1Sequence in project signer by demoiselle.

the class SignPolicyInfo method parse.

@Override
public void parse(ASN1Primitive derObject) {
    ASN1Sequence derSequence = ASN1Object.getDERSequence(derObject);
    this.signPolicyIdentifier = new SignPolicyId();
    this.signPolicyIdentifier.parse(derSequence.getObjectAt(0).toASN1Primitive());
    this.dateOfIssue = new GeneralizedTime();
    this.dateOfIssue.parse(derSequence.getObjectAt(1).toASN1Primitive());
    this.policyIssuerName = new PolicyIssuerName();
    this.policyIssuerName.parse(derSequence.getObjectAt(2).toASN1Primitive());
    this.fieldOfApplication = new FieldOfApplication();
    this.fieldOfApplication.parse(derSequence.getObjectAt(3).toASN1Primitive());
    this.signatureValidationPolicy = new SignatureValidationPolicy();
    this.signatureValidationPolicy.parse(derSequence.getObjectAt(4).toASN1Primitive());
    if (derSequence.size() == 6) {
        this.signPolExtensions = new SignPolExtensions();
        this.signPolExtensions.parse(derSequence.getObjectAt(5).toASN1Primitive());
    }
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) GeneralizedTime(org.demoiselle.signer.policy.engine.asn1.GeneralizedTime)

Aggregations

ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)198 IOException (java.io.IOException)68 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)56 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)49 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)39 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)37 ArrayList (java.util.ArrayList)36 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)34 DEROctetString (org.bouncycastle.asn1.DEROctetString)34 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)32 X509Certificate (java.security.cert.X509Certificate)31 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)30 DERSequence (org.bouncycastle.asn1.DERSequence)30 Enumeration (java.util.Enumeration)29 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)29 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)28 DERIA5String (org.bouncycastle.asn1.DERIA5String)28 List (java.util.List)27 BigInteger (java.math.BigInteger)26 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)26