Search in sources :

Example 31 with ASN1Sequence

use of org.openecard.bouncycastle.asn1.ASN1Sequence in project robovm by robovm.

the class PKIXNameConstraintValidator method unionDN.

private Set unionDN(Set excluded, ASN1Sequence dn) {
    if (excluded.isEmpty()) {
        if (dn == null) {
            return excluded;
        }
        excluded.add(dn);
        return excluded;
    } else {
        Set intersect = new HashSet();
        Iterator it = excluded.iterator();
        while (it.hasNext()) {
            ASN1Sequence subtree = (ASN1Sequence) it.next();
            if (withinDNSubtree(dn, subtree)) {
                intersect.add(subtree);
            } else if (withinDNSubtree(subtree, dn)) {
                intersect.add(dn);
            } else {
                intersect.add(subtree);
                intersect.add(dn);
            }
        }
        return intersect;
    }
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) Iterator(java.util.Iterator) HashSet(java.util.HashSet)

Example 32 with ASN1Sequence

use of org.openecard.bouncycastle.asn1.ASN1Sequence in project cas by apereo.

the class CRLDistributionPointRevocationChecker method getDistributionPoints.

/**
 * Gets the distribution points.
 *
 * @param cert the cert
 * @return the url distribution points
 */
private static URI[] getDistributionPoints(final X509Certificate cert) {
    final List<DistributionPoint> points;
    try {
        points = new ExtensionReader(cert).readCRLDistributionPoints();
    } catch (final Exception e) {
        LOGGER.error("Error reading CRLDistributionPoints extension field on [{}]", CertUtils.toString(cert), e);
        return new URI[0];
    }
    final List<URI> urls = new ArrayList<>();
    if (points != null) {
        points.stream().map(DistributionPoint::getDistributionPoint).filter(Objects::nonNull).forEach(pointName -> {
            final ASN1Sequence nameSequence = ASN1Sequence.getInstance(pointName.getName());
            IntStream.range(0, nameSequence.size()).mapToObj(i -> GeneralName.getInstance(nameSequence.getObjectAt(i))).forEach(name -> {
                LOGGER.debug("Found CRL distribution point [{}].", name);
                try {
                    addURL(urls, DERIA5String.getInstance(name.getName()).getString());
                } catch (final Exception e) {
                    LOGGER.warn("[{}] not supported. String or GeneralNameList expected.", pointName);
                }
            });
        });
    }
    return urls.toArray(new URI[urls.size()]);
}
Also used : X509Certificate(java.security.cert.X509Certificate) IntStream(java.util.stream.IntStream) RevocationPolicy(org.apereo.cas.adaptors.x509.authentication.revocation.policy.RevocationPolicy) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) URLDecoder(java.net.URLDecoder) SneakyThrows(lombok.SneakyThrows) URL(java.net.URL) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) X509CRL(java.security.cert.X509CRL) ByteArrayResource(org.springframework.core.io.ByteArrayResource) ArrayList(java.util.ArrayList) CollectionUtils(org.apereo.cas.util.CollectionUtils) URI(java.net.URI) DERIA5String(org.bouncycastle.asn1.DERIA5String) CRLFetcher(org.apereo.cas.adaptors.x509.authentication.CRLFetcher) MalformedURLException(java.net.MalformedURLException) Element(net.sf.ehcache.Element) StandardCharsets(java.nio.charset.StandardCharsets) CertUtils(org.apereo.cas.util.crypto.CertUtils) ExtensionReader(org.cryptacular.x509.ExtensionReader) Objects(java.util.Objects) Slf4j(lombok.extern.slf4j.Slf4j) GeneralName(org.bouncycastle.asn1.x509.GeneralName) List(java.util.List) ResourceCRLFetcher(org.apereo.cas.adaptors.x509.authentication.ResourceCRLFetcher) Cache(net.sf.ehcache.Cache) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ArrayList(java.util.ArrayList) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) URI(java.net.URI) MalformedURLException(java.net.MalformedURLException) ExtensionReader(org.cryptacular.x509.ExtensionReader)

Example 33 with ASN1Sequence

use of org.openecard.bouncycastle.asn1.ASN1Sequence in project android_packages_apps_Settings by LineageOS.

the class CertInstallerHelper method isCa.

private boolean isCa(X509Certificate cert) {
    try {
        byte[] asn1EncodedBytes = cert.getExtensionValue("2.5.29.19");
        if (asn1EncodedBytes == null) {
            return false;
        }
        DEROctetString derOctetString = (DEROctetString) new ASN1InputStream(asn1EncodedBytes).readObject();
        byte[] octets = derOctetString.getOctets();
        ASN1Sequence sequence = (ASN1Sequence) new ASN1InputStream(octets).readObject();
        return BasicConstraints.getInstance(sequence).isCA();
    } catch (IOException e) {
        return false;
    }
}
Also used : ASN1InputStream(com.android.org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(com.android.org.bouncycastle.asn1.ASN1Sequence) IOException(java.io.IOException) DEROctetString(com.android.org.bouncycastle.asn1.DEROctetString)

Example 34 with ASN1Sequence

use of org.openecard.bouncycastle.asn1.ASN1Sequence in project pdfbox by apache.

the class CertInformationHelper method getAuthorityInfoExtensionValue.

/**
 * Extracts authority information access extension values from the given data. The Data
 * structure has to be implemented as described in RFC 2459, 4.2.2.1.
 *
 * @param extensionValue byte[] of the extension value.
 * @param certInfo where to put the found values
 * @throws IOException when there is a problem with the extensionValue
 */
protected static void getAuthorityInfoExtensionValue(byte[] extensionValue, CertSignatureInformation certInfo) throws IOException {
    ASN1Sequence asn1Seq = (ASN1Sequence) X509ExtensionUtil.fromExtensionValue(extensionValue);
    Enumeration<?> objects = asn1Seq.getObjects();
    while (objects.hasMoreElements()) {
        // AccessDescription
        ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
        ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) obj.getObjectAt(0);
        // accessLocation
        DERTaggedObject location = (DERTaggedObject) obj.getObjectAt(1);
        if (oid.equals(X509ObjectIdentifiers.id_ad_ocsp) && location.getTagNo() == GeneralName.uniformResourceIdentifier) {
            DEROctetString url = (DEROctetString) location.getObject();
            certInfo.setOcspUrl(new String(url.getOctets()));
        } else if (oid.equals(X509ObjectIdentifiers.id_ad_caIssuers)) {
            DEROctetString uri = (DEROctetString) location.getObject();
            certInfo.setIssuerUrl(new String(uri.getOctets()));
        }
    }
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) DEROctetString(org.bouncycastle.asn1.DEROctetString) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 35 with ASN1Sequence

use of org.openecard.bouncycastle.asn1.ASN1Sequence in project keystore-explorer by kaikramer.

the class X509Ext method getMsCertificateTemplateStringValue.

private String getMsCertificateTemplateStringValue(byte[] octets) {
    // @formatter:off
    /*
			CertificateTemplate ::= SEQUENCE
			{
				templateID              EncodedObjectID,
				templateMajorVersion    TemplateVersion,
				templateMinorVersion    TemplateVersion OPTIONAL
			}
			TemplateVersion ::= INTEGER (0..4294967295)
		 */
    // @formatter:on
    ASN1Sequence asn1Sequence = ASN1Sequence.getInstance(octets);
    ASN1ObjectIdentifier templateID = (ASN1ObjectIdentifier) asn1Sequence.getObjectAt(0);
    ASN1Integer majorVersion = (ASN1Integer) asn1Sequence.getObjectAt(1);
    ASN1Integer minorVersion = (ASN1Integer) asn1Sequence.getObjectAt(2);
    StringBuilder sb = new StringBuilder();
    sb.append(MessageFormat.format(res.getString("MSCertificateTemplate.ID"), templateID.getId()));
    sb.append(NEWLINE);
    sb.append(MessageFormat.format(res.getString("MSCertificateTemplate.MajorVersion"), majorVersion));
    sb.append(NEWLINE);
    if (minorVersion != null) {
        sb.append(MessageFormat.format(res.getString("MSCertificateTemplate.MinorVersion"), minorVersion));
        sb.append(NEWLINE);
    }
    return sb.toString();
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)198 IOException (java.io.IOException)68 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)56 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)49 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)39 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)37 ArrayList (java.util.ArrayList)36 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)34 DEROctetString (org.bouncycastle.asn1.DEROctetString)34 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)32 X509Certificate (java.security.cert.X509Certificate)31 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)30 DERSequence (org.bouncycastle.asn1.DERSequence)30 Enumeration (java.util.Enumeration)29 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)29 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)28 DERIA5String (org.bouncycastle.asn1.DERIA5String)28 List (java.util.List)27 BigInteger (java.math.BigInteger)26 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)26