use of org.openecard.bouncycastle.asn1.ASN1String in project cas by apereo.
the class X509SubjectAlternativeNameUPNPrincipalResolver method getUPNStringFromSequence.
/**
* Get UPN String.
*
* @param seq ASN1Sequence abstraction representing subject alternative name.
* First element is the object identifier, second is the object itself.
* @return UPN string or null
*/
private static String getUPNStringFromSequence(final ASN1Sequence seq) {
if (seq != null) {
// First in sequence is the object identifier, that we must check
final ASN1ObjectIdentifier id = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0));
if (id != null && UPN_OBJECTID.equals(id.getId())) {
final ASN1TaggedObject obj = (ASN1TaggedObject) seq.getObjectAt(1);
ASN1Primitive prim = obj.getObject();
// Due to bug in java cert.getSubjectAltName, it can be tagged an extra time
if (prim instanceof ASN1TaggedObject) {
prim = ASN1TaggedObject.getInstance(prim).getObject();
}
if (prim instanceof ASN1OctetString) {
return new String(((ASN1OctetString) prim).getOctets(), StandardCharsets.UTF_8);
}
if (prim instanceof ASN1String) {
return ((ASN1String) prim).getString();
}
return null;
}
}
return null;
}
use of org.openecard.bouncycastle.asn1.ASN1String in project xipki by xipki.
the class CaUtil method getChallengePassword.
public static String getChallengePassword(CertificationRequestInfo csr) {
ParamUtil.requireNonNull("csr", csr);
ASN1Set attrs = csr.getAttributes();
for (int i = 0; i < attrs.size(); i++) {
Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
if (PKCSObjectIdentifiers.pkcs_9_at_challengePassword.equals(attr.getAttrType())) {
ASN1String str = (ASN1String) attr.getAttributeValues()[0];
return str.getString();
}
}
return null;
}
use of org.openecard.bouncycastle.asn1.ASN1String in project xipki by xipki.
the class BaseOcspStatusAction method extractOcspUrls.
public static List<String> extractOcspUrls(AuthorityInformationAccess aia) throws CertificateEncodingException {
AccessDescription[] accessDescriptions = aia.getAccessDescriptions();
List<AccessDescription> ocspAccessDescriptions = new LinkedList<>();
for (AccessDescription accessDescription : accessDescriptions) {
if (accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.id_ad_ocsp)) {
ocspAccessDescriptions.add(accessDescription);
}
}
final int n = ocspAccessDescriptions.size();
List<String> ocspUris = new ArrayList<>(n);
for (int i = 0; i < n; i++) {
GeneralName accessLocation = ocspAccessDescriptions.get(i).getAccessLocation();
if (accessLocation.getTagNo() == GeneralName.uniformResourceIdentifier) {
String ocspUri = ((ASN1String) accessLocation.getName()).getString();
ocspUris.add(ocspUri);
}
}
return ocspUris;
}
use of org.openecard.bouncycastle.asn1.ASN1String in project xipki by xipki.
the class ExtensionsChecker method checkExtensionCrlDistributionPoints.
// method checkExtensionIssuerAltNames
private void checkExtensionCrlDistributionPoints(StringBuilder failureMsg, byte[] extensionValue, X509IssuerInfo issuerInfo) {
CRLDistPoint isCrlDistPoints = CRLDistPoint.getInstance(extensionValue);
DistributionPoint[] isDistributionPoints = isCrlDistPoints.getDistributionPoints();
if (isDistributionPoints == null) {
addViolation(failureMsg, "size of CRLDistributionPoints", 0, 1);
return;
} else {
int len = isDistributionPoints.length;
if (len != 1) {
addViolation(failureMsg, "size of CRLDistributionPoints", len, 1);
return;
}
}
Set<String> isCrlUrls = new HashSet<>();
for (DistributionPoint entry : isDistributionPoints) {
int asn1Type = entry.getDistributionPoint().getType();
if (asn1Type != DistributionPointName.FULL_NAME) {
addViolation(failureMsg, "tag of DistributionPointName of CRLDistibutionPoints", asn1Type, DistributionPointName.FULL_NAME);
continue;
}
GeneralNames isDistributionPointNames = GeneralNames.getInstance(entry.getDistributionPoint().getName());
GeneralName[] names = isDistributionPointNames.getNames();
for (int i = 0; i < names.length; i++) {
GeneralName name = names[i];
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
addViolation(failureMsg, "tag of CRL URL", name.getTagNo(), GeneralName.uniformResourceIdentifier);
} else {
String uri = ((ASN1String) name.getName()).getString();
isCrlUrls.add(uri);
}
}
Set<String> expCrlUrls = issuerInfo.getCrlUrls();
Set<String> diffs = strInBnotInA(expCrlUrls, isCrlUrls);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("CRL URLs ").append(diffs).append(" are present but not expected; ");
}
diffs = strInBnotInA(isCrlUrls, expCrlUrls);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("CRL URLs ").append(diffs).append(" are absent but are required; ");
}
}
}
use of org.openecard.bouncycastle.asn1.ASN1String in project xipki by xipki.
the class ExtensionsChecker method checkExtensionDeltaCrlDistributionPoints.
// method checkExtensionCrlDistributionPoints
private void checkExtensionDeltaCrlDistributionPoints(StringBuilder failureMsg, byte[] extensionValue, X509IssuerInfo issuerInfo) {
CRLDistPoint isCrlDistPoints = CRLDistPoint.getInstance(extensionValue);
DistributionPoint[] isDistributionPoints = isCrlDistPoints.getDistributionPoints();
if (isDistributionPoints == null) {
addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", 0, 1);
return;
} else {
int len = isDistributionPoints.length;
if (len != 1) {
addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", len, 1);
return;
}
}
Set<String> isCrlUrls = new HashSet<>();
for (DistributionPoint entry : isDistributionPoints) {
int asn1Type = entry.getDistributionPoint().getType();
if (asn1Type != DistributionPointName.FULL_NAME) {
addViolation(failureMsg, "tag of DistributionPointName of CRLDistibutionPoints (deltaCRL)", asn1Type, DistributionPointName.FULL_NAME);
continue;
}
GeneralNames isDistributionPointNames = GeneralNames.getInstance(entry.getDistributionPoint().getName());
GeneralName[] names = isDistributionPointNames.getNames();
for (int i = 0; i < names.length; i++) {
GeneralName name = names[i];
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
addViolation(failureMsg, "tag of deltaCRL URL", name.getTagNo(), GeneralName.uniformResourceIdentifier);
} else {
String uri = ((ASN1String) name.getName()).getString();
isCrlUrls.add(uri);
}
}
Set<String> expCrlUrls = issuerInfo.getCrlUrls();
Set<String> diffs = strInBnotInA(expCrlUrls, isCrlUrls);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("deltaCRL URLs ").append(diffs).append(" are present but not expected; ");
}
diffs = strInBnotInA(isCrlUrls, expCrlUrls);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("deltaCRL URLs ").append(diffs).append(" are absent but are required; ");
}
}
}
Aggregations