Search in sources :

Example 1 with RDN

use of org.openecard.bouncycastle.asn1.x500.RDN in project OpenAttestation by OpenAttestation.

the class X509AttributeCertificate method valueOf.

/**
     *
     * @param encodedCertificate
     * @return
     */
@JsonCreator
public static X509AttributeCertificate valueOf(@JsonProperty("encoded") byte[] encodedCertificate) {
    X509AttributeCertificate result = new X509AttributeCertificate(encodedCertificate);
    X509AttributeCertificateHolder cert;
    try {
        cert = new X509AttributeCertificateHolder(encodedCertificate);
    } catch (IOException e) {
        throw new IllegalArgumentException(e);
    }
    // calls toString() on each X500Name so we get the default representation; we can do it ourselves for custom display;  output example: CN=Attr CA,OU=CPG,OU=DCSG,O=Intel,ST=CA,C=US
    log.debug("issuer: {}", StringUtils.join(cert.getIssuer().getNames(), "; "));
    // but expected to be only one
    result.issuer = StringUtils.join(cert.getIssuer().getNames(), "; ");
    // output example:   1
    log.debug("serial number: {}", cert.getSerialNumber().toString());
    result.serialNumber = cert.getSerialNumber();
    // output example:  2.25=#041092a71a228c174522a18bfd3ed3d00b39
    log.debug("holder: {}", StringUtils.join(cert.getHolder().getEntityNames(), ", "));
    // now let's get the UUID specifically out of this
    log.debug("holder has {} entity names", cert.getHolder().getEntityNames().length);
    for (X500Name entityName : cert.getHolder().getEntityNames()) {
        log.debug("holder entity name has {} rdns", entityName.getRDNs().length);
        for (RDN rdn : entityName.getRDNs()) {
            log.debug("entity rdn is multivalued? {}", rdn.isMultiValued());
            AttributeTypeAndValue attr = rdn.getFirst();
            if (attr.getType().toString().equals(OID.HOST_UUID)) {
                UUID uuid = UUID.valueOf(DEROctetString.getInstance(attr.getValue()).getOctets());
                log.debug("holder uuid: {}", uuid);
                // example: 33766a63-5c55-4461-8a84-5936577df450
                result.subject = uuid.toString();
            }
        }
    }
    // if we ddin't identify the UUID,  just display the subject same way we did the issuer... concat all the entity names. example: 2.25=#041033766a635c5544618a845936577df450  (notice that in the value, there's a #0410 prepended to the uuid 33766a635c5544618a845936577df450)
    if (result.subject == null) {
        result.subject = StringUtils.join(cert.getHolder().getEntityNames(), "; ");
    }
    // output example: Thu Aug 08 15:21:13 PDT 2013
    log.debug("not before: {}", cert.getNotBefore());
    // output example: Sun Sep 08 15:21:13 PDT 2013
    log.debug("not after: {}", cert.getNotAfter());
    result.notBefore = cert.getNotBefore();
    result.notAfter = cert.getNotAfter();
    Attribute[] attributes = cert.getAttributes();
    result.tags1 = new ArrayList<UTF8NameValueMicroformat>();
    result.tags2 = new ArrayList<UTF8NameValueSequence>();
    result.tagsOther = new ArrayList<ASN1Encodable>();
    for (Attribute attr : attributes) {
        log.debug("attr {} is {}", attr.hashCode(), attr.toString());
        result.attributes.add(attr);
        for (ASN1Encodable value : attr.getAttributeValues()) {
            //                result.tags.add(new AttributeOidAndValue(attr.getAttrType().toString(), DERUTF8String.getInstance(value).getString()));
            if (attr.getAttrType().toString().equals(UTF8NameValueMicroformat.OID)) {
                // our values are just UTF-8 strings  but if you use new String(value.getEncoded())  you will get two extra spaces at the beginning of the string                    
                log.debug("name-value microformat attribute: {}", DERUTF8String.getInstance(value).getString());
                UTF8NameValueMicroformat microformat = new UTF8NameValueMicroformat(DERUTF8String.getInstance(value));
                log.debug("name-value microformat attribute (2)  name {} value {}", microformat.getName(), microformat.getValue());
                result.tags1.add(microformat);
            } else if (attr.getAttrType().toString().equals(UTF8NameValueSequence.OID)) {
                UTF8NameValueSequence sequence = new UTF8NameValueSequence(ASN1Sequence.getInstance(value));
                String name = sequence.getName();
                List<String> values = sequence.getValues();
                log.debug("name-values asn.1 attribute {} values {}", name, values);
                result.tags2.add(sequence);
            } else {
                log.debug("unrecognzied attribute type {}", attr.getAttrType().toString());
                result.tagsOther.add(value);
            }
        /*
                 * output examples:
                 * attribute: 1.3.6.1.4.1.99999.1.1.1.1 is US
                 * attribute: 1.3.6.1.4.1.99999.2.2.2.2 is CA
                 * attribute: 1.3.6.1.4.1.99999.3.3.3.3 is Folsom
                 */
        }
    }
    log.debug("valueOf ok");
    return result;
}
Also used : Attribute(org.bouncycastle.asn1.x509.Attribute) X509AttributeCertificateHolder(org.bouncycastle.cert.X509AttributeCertificateHolder) IOException(java.io.IOException) X500Name(org.bouncycastle.asn1.x500.X500Name) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue) ArrayList(java.util.ArrayList) List(java.util.List) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) UUID(com.intel.mtwilson.util.io.UUID) RDN(org.bouncycastle.asn1.x500.RDN) JsonCreator(org.codehaus.jackson.annotate.JsonCreator)

Example 2 with RDN

use of org.openecard.bouncycastle.asn1.x500.RDN in project OpenAttestation by OpenAttestation.

the class X509AttrBuilder method subjectUuid.

/*
     public X509AttrBuilder subjectName(sun.security.x509.X500Name subjectName) {
     return subjectName(subjectName.getRFC2253Name());
     }
     */
public X509AttrBuilder subjectUuid(UUID uuid) {
    DEROctetString uuidText = new DEROctetString(uuid.toByteArray().getBytes());
    ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(OID.HOST_UUID);
    AttributeTypeAndValue attr = new AttributeTypeAndValue(oid, uuidText);
    RDN rdn = new RDN(attr);
    subjectName = new X500Name(new RDN[] { rdn });
    return this;
}
Also used : X500Name(org.bouncycastle.asn1.x500.X500Name) RDN(org.bouncycastle.asn1.x500.RDN) DEROctetString(org.bouncycastle.asn1.DEROctetString) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)

Example 3 with RDN

use of org.openecard.bouncycastle.asn1.x500.RDN in project nhin-d by DirectProject.

the class ViewTrustBundlePKCS7 method viewBundle.

@SuppressWarnings({ "rawtypes" })
public boolean viewBundle(File trustDir) {
    try {
        //System.out.println("File:"+trustDir.getName());
        if (!trustDir.getName().endsWith(".p7m")) {
            byte[] trustBundleByte = loadFileData(trustDir);
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            CMSSignedData dataParser = new CMSSignedData(trustBundleByte);
            ContentInfo contentInfo = dataParser.getContentInfo();
            SignedData signedData = SignedData.getInstance(contentInfo.getContent());
            Enumeration certificates = signedData.getCertificates().getObjects();
            StringBuffer output = new StringBuffer();
            int counter = 1;
            String chk = "Absent";
            while (certificates.hasMoreElements()) {
                DERObject certObj = (DERObject) certificates.nextElement();
                InputStream in = new ByteArrayInputStream(certObj.getDEREncoded());
                X509Certificate cert = (X509Certificate) cf.generateCertificate(in);
                X500Name x500name = new JcaX509CertificateHolder(cert).getSubject();
                RDN cn = x500name.getRDNs(BCStyle.CN)[0];
                output.append("Trust Anchor :" + counter + "\n");
                output.append("Common Name :" + IETFUtils.valueToString(cn.getFirst().getValue()) + "\n");
                output.append("DN :" + cert.getSubjectDN().getName() + "\n\n");
                counter++;
            }
            if (signedData.getEncapContentInfo().getContent() != null) {
                //chk = new String(signedData.getEncapContentInfo().getContent().getDERObject().getEncoded(),"UTF-8");
                chk = new String(signedData.getEncapContentInfo().getContent().getDERObject().getDEREncoded(), "UTF-8");
            }
            output.append("Meta Data :\n" + chk);
            error = output.toString();
        } else //end of if check of file type
        {
            StringBuffer output = new StringBuffer();
            int counter = 1;
            String chk = "Absent";
            byte[] trustBundleByte = loadFileData(trustDir);
            CMSSignedData dataParser = new CMSSignedData(trustBundleByte);
            ContentInfo contentInfo = dataParser.getContentInfo();
            SignedData signedData = SignedData.getInstance(contentInfo.getContent());
            CMSSignedData encapInfoBundle = new CMSSignedData(new CMSProcessableByteArray(signedData.getEncapContentInfo().getContent().getDERObject().getEncoded()), contentInfo);
            SignedData encapMetaData = SignedData.getInstance(encapInfoBundle.getContentInfo().getContent());
            //System.out.println("ENCAP META DATA"+new String(encapMetaData.getEncapContentInfo().getContent().getDERObject().getEncoded(),"UTF-8"));
            CMSProcessableByteArray cin = new CMSProcessableByteArray(((ASN1OctetString) encapMetaData.getEncapContentInfo().getContent()).getOctets());
            CertificateFactory ucf = CertificateFactory.getInstance("X.509");
            CMSSignedData unsignedParser = new CMSSignedData(cin.getInputStream());
            ContentInfo unsginedEncapInfo = unsignedParser.getContentInfo();
            SignedData metaData = SignedData.getInstance(unsginedEncapInfo.getContent());
            Enumeration certificates = metaData.getCertificates().getObjects();
            while (certificates.hasMoreElements()) {
                DERObject certObj = (DERObject) certificates.nextElement();
                InputStream bin = new ByteArrayInputStream(certObj.getDEREncoded());
                X509Certificate cert = (X509Certificate) ucf.generateCertificate(bin);
                X500Name x500name = new JcaX509CertificateHolder(cert).getSubject();
                RDN cn = x500name.getRDNs(BCStyle.CN)[0];
                output.append("Trust Anchor :" + counter + "\n");
                output.append("Common Name :" + IETFUtils.valueToString(cn.getFirst().getValue()) + "\n");
                output.append("DN :" + cert.getSubjectDN().getName() + "\n\n");
                counter++;
            }
            if (metaData.getEncapContentInfo().getContent() != null) {
                //chk = new String(signedData.getEncapContentInfo().getContent().getDERObject().getEncoded(),"UTF-8");
                chk = new String(metaData.getEncapContentInfo().getContent().getDERObject().getDEREncoded(), "UTF-8");
            }
            output.append("Meta Data :\n" + chk);
            error = output.toString();
        }
    //end of .p7m check if
    }//end of try
     catch (IOException io) {
        //io.printStackTrace(System.err);
        return false;
    } catch (CMSException cm) {
        //cm.printStackTrace(System.err);
        return false;
    } catch (Exception e) {
        //e.printStackTrace(System.err);
        return false;
    }
    return true;
}
Also used : CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray) Enumeration(java.util.Enumeration) SignedData(org.bouncycastle.asn1.cms.SignedData) CMSSignedData(org.bouncycastle.cms.CMSSignedData) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) X500Name(org.bouncycastle.asn1.x500.X500Name) IOException(java.io.IOException) CertificateFactory(java.security.cert.CertificateFactory) CMSSignedData(org.bouncycastle.cms.CMSSignedData) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) X509Certificate(java.security.cert.X509Certificate) CMSException(org.bouncycastle.cms.CMSException) IOException(java.io.IOException) DERObject(org.bouncycastle.asn1.DERObject) EncryptedContentInfo(org.bouncycastle.asn1.cms.EncryptedContentInfo) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) ByteArrayInputStream(java.io.ByteArrayInputStream) RDN(org.bouncycastle.asn1.x500.RDN) CMSException(org.bouncycastle.cms.CMSException)

Example 4 with RDN

use of org.openecard.bouncycastle.asn1.x500.RDN in project Conversations by siacs.

the class XmppDomainVerifier method verify.

@Override
public boolean verify(String domain, SSLSession sslSession) {
    try {
        Certificate[] chain = sslSession.getPeerCertificates();
        if (chain.length == 0 || !(chain[0] instanceof X509Certificate)) {
            return false;
        }
        X509Certificate certificate = (X509Certificate) chain[0];
        Collection<List<?>> alternativeNames = certificate.getSubjectAlternativeNames();
        List<String> xmppAddrs = new ArrayList<>();
        List<String> srvNames = new ArrayList<>();
        List<String> domains = new ArrayList<>();
        if (alternativeNames != null) {
            for (List<?> san : alternativeNames) {
                Integer type = (Integer) san.get(0);
                if (type == 0) {
                    Pair<String, String> otherName = parseOtherName((byte[]) san.get(1));
                    if (otherName != null) {
                        switch(otherName.first) {
                            case SRVName:
                                srvNames.add(otherName.second);
                                break;
                            case xmppAddr:
                                xmppAddrs.add(otherName.second);
                                break;
                            default:
                                Log.d(LOGTAG, "oid: " + otherName.first + " value: " + otherName.second);
                        }
                    }
                } else if (type == 2) {
                    Object value = san.get(1);
                    if (value instanceof String) {
                        domains.add((String) value);
                    }
                }
            }
        }
        if (srvNames.size() == 0 && xmppAddrs.size() == 0 && domains.size() == 0) {
            X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
            RDN[] rdns = x500name.getRDNs(BCStyle.CN);
            for (int i = 0; i < rdns.length; ++i) {
                domains.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[i].getFirst().getValue()));
            }
        }
        Log.d(LOGTAG, "searching for " + domain + " in srvNames: " + srvNames + " xmppAddrs: " + xmppAddrs + " domains:" + domains);
        return xmppAddrs.contains(domain) || srvNames.contains("_xmpp-client." + domain) || matchDomain(domain, domains);
    } catch (Exception e) {
        return false;
    }
}
Also used : ArrayList(java.util.ArrayList) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) X500Name(org.bouncycastle.asn1.x500.X500Name) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) X509Certificate(java.security.cert.X509Certificate) IOException(java.io.IOException) ArrayList(java.util.ArrayList) List(java.util.List) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) RDN(org.bouncycastle.asn1.x500.RDN) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 5 with RDN

use of org.openecard.bouncycastle.asn1.x500.RDN in project XobotOS by xamarin.

the class IETFUtils method rDNsFromString.

public static RDN[] rDNsFromString(String name, X500NameStyle x500Style) {
    X500NameTokenizer nTok = new X500NameTokenizer(name);
    X500NameBuilder builder = new X500NameBuilder(x500Style);
    while (nTok.hasMoreTokens()) {
        String token = nTok.nextToken();
        int index = token.indexOf('=');
        if (index == -1) {
            throw new IllegalArgumentException("badly formated directory string");
        }
        String attr = token.substring(0, index);
        String value = token.substring(index + 1);
        ASN1ObjectIdentifier oid = x500Style.attrNameToOID(attr);
        if (value.indexOf('+') > 0) {
            X500NameTokenizer vTok = new X500NameTokenizer(value, '+');
            String v = vTok.nextToken();
            Vector oids = new Vector();
            Vector values = new Vector();
            oids.addElement(oid);
            values.addElement(v);
            while (vTok.hasMoreTokens()) {
                String sv = vTok.nextToken();
                int ndx = sv.indexOf('=');
                String nm = sv.substring(0, ndx);
                String vl = sv.substring(ndx + 1);
                oids.addElement(x500Style.attrNameToOID(nm));
                values.addElement(vl);
            }
            builder.addMultiValuedRDN(toOIDArray(oids), toValueArray(values));
        } else {
            builder.addRDN(oid, value);
        }
    }
    return builder.build().getRDNs();
}
Also used : X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder) ASN1String(org.bouncycastle.asn1.ASN1String) DERUniversalString(org.bouncycastle.asn1.DERUniversalString) Vector(java.util.Vector) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

RDN (org.bouncycastle.asn1.x500.RDN)55 X500Name (org.bouncycastle.asn1.x500.X500Name)33 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)18 ArrayList (java.util.ArrayList)15 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)15 X509Certificate (java.security.cert.X509Certificate)13 DERIA5String (org.bouncycastle.asn1.DERIA5String)13 AttributeTypeAndValue (org.bouncycastle.asn1.x500.AttributeTypeAndValue)13 IOException (java.io.IOException)12 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)12 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)12 LinkedList (java.util.LinkedList)10 DEROctetString (org.bouncycastle.asn1.DEROctetString)10 JcaX509CertificateHolder (org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)10 KeyStoreException (java.security.KeyStoreException)8 List (java.util.List)8 InputStream (java.io.InputStream)7 KeyStore (java.security.KeyStore)7 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7 CertificateException (java.security.cert.CertificateException)7