use of org.spongycastle.asn1.ASN1InputStream in project poi by apache.
the class XAdESXLSignatureFacet method getCrlNumber.
private BigInteger getCrlNumber(X509CRL crl) {
byte[] crlNumberExtensionValue = crl.getExtensionValue(Extension.cRLNumber.getId());
if (null == crlNumberExtensionValue) {
return null;
}
try {
ASN1InputStream asn1IS1 = null, asn1IS2 = null;
try {
asn1IS1 = new ASN1InputStream(crlNumberExtensionValue);
ASN1OctetString octetString = (ASN1OctetString) asn1IS1.readObject();
byte[] octets = octetString.getOctets();
asn1IS2 = new ASN1InputStream(octets);
ASN1Integer integer = (ASN1Integer) asn1IS2.readObject();
return integer.getPositiveValue();
} finally {
IOUtils.closeQuietly(asn1IS2);
IOUtils.closeQuietly(asn1IS1);
}
} catch (IOException e) {
throw new RuntimeException("I/O error: " + e.getMessage(), e);
}
}
use of org.spongycastle.asn1.ASN1InputStream in project robovm by robovm.
the class CertificateFactory method engineGenerateCertificate.
/**
* Generates a certificate object and initializes it with the data
* read from the input stream inStream.
*/
public java.security.cert.Certificate engineGenerateCertificate(InputStream in) throws CertificateException {
if (currentStream == null) {
currentStream = in;
sData = null;
sDataObjectCount = 0;
} else if (// reset if input stream has changed
currentStream != in) {
currentStream = in;
sData = null;
sDataObjectCount = 0;
}
try {
if (sData != null) {
if (sDataObjectCount != sData.size()) {
return getCertificate();
} else {
sData = null;
sDataObjectCount = 0;
return null;
}
}
PushbackInputStream pis = new PushbackInputStream(in);
int tag = pis.read();
if (tag == -1) {
return null;
}
pis.unread(tag);
if (// assume ascii PEM encoded.
tag != 0x30) {
return readPEMCertificate(pis);
} else {
return readDERCertificate(new ASN1InputStream(pis));
}
} catch (Exception e) {
throw new ExCertificateException(e);
}
}
use of org.spongycastle.asn1.ASN1InputStream in project robovm by robovm.
the class CertificateFactory method engineGenerateCRL.
/**
* Generates a certificate revocation list (CRL) object and initializes
* it with the data read from the input stream inStream.
*/
public CRL engineGenerateCRL(InputStream inStream) throws CRLException {
if (currentCrlStream == null) {
currentCrlStream = inStream;
sCrlData = null;
sCrlDataObjectCount = 0;
} else if (// reset if input stream has changed
currentCrlStream != inStream) {
currentCrlStream = inStream;
sCrlData = null;
sCrlDataObjectCount = 0;
}
try {
if (sCrlData != null) {
if (sCrlDataObjectCount != sCrlData.size()) {
return getCRL();
} else {
sCrlData = null;
sCrlDataObjectCount = 0;
return null;
}
}
PushbackInputStream pis = new PushbackInputStream(inStream);
int tag = pis.read();
if (tag == -1) {
return null;
}
pis.unread(tag);
if (// assume ascii PEM encoded.
tag != 0x30) {
return readPEMCRL(pis);
} else {
// lazy evaluate to help processing of large CRLs
return readDERCRL(new ASN1InputStream(pis, true));
}
} catch (CRLException e) {
throw e;
} catch (Exception e) {
throw new CRLException(e.toString());
}
}
use of org.spongycastle.asn1.ASN1InputStream in project robovm by robovm.
the class X509CRLEntryObject method toString.
public String toString() {
StringBuffer buf = new StringBuffer();
String nl = System.getProperty("line.separator");
buf.append(" userCertificate: ").append(this.getSerialNumber()).append(nl);
buf.append(" revocationDate: ").append(this.getRevocationDate()).append(nl);
buf.append(" certificateIssuer: ").append(this.getCertificateIssuer()).append(nl);
Extensions extensions = c.getExtensions();
if (extensions != null) {
Enumeration e = extensions.oids();
if (e.hasMoreElements()) {
buf.append(" crlEntryExtensions:").append(nl);
while (e.hasMoreElements()) {
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
Extension ext = extensions.getExtension(oid);
if (ext.getExtnValue() != null) {
byte[] octs = ext.getExtnValue().getOctets();
ASN1InputStream dIn = new ASN1InputStream(octs);
buf.append(" critical(").append(ext.isCritical()).append(") ");
try {
if (oid.equals(X509Extension.reasonCode)) {
buf.append(CRLReason.getInstance(ASN1Enumerated.getInstance(dIn.readObject()))).append(nl);
} else if (oid.equals(X509Extension.certificateIssuer)) {
buf.append("Certificate issuer: ").append(GeneralNames.getInstance(dIn.readObject())).append(nl);
} else {
buf.append(oid.getId());
buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
}
} catch (Exception ex) {
buf.append(oid.getId());
buf.append(" value = ").append("*****").append(nl);
}
} else {
buf.append(nl);
}
}
}
}
return buf.toString();
}
use of org.spongycastle.asn1.ASN1InputStream in project robovm by robovm.
the class RFC3280CertPathUtilities method processCertBC.
protected static void processCertBC(CertPath certPath, int index, PKIXNameConstraintValidator nameConstraintValidator) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
int n = certs.size();
// i as defined in the algorithm description
int i = n - index;
//
if (!(CertPathValidatorUtilities.isSelfIssued(cert) && (i < n))) {
X500Principal principal = CertPathValidatorUtilities.getSubjectPrincipal(cert);
ASN1InputStream aIn = new ASN1InputStream(principal.getEncoded());
ASN1Sequence dns;
try {
dns = DERSequence.getInstance(aIn.readObject());
} catch (Exception e) {
throw new CertPathValidatorException("Exception extracting subject name when checking subtrees.", e, certPath, index);
}
try {
nameConstraintValidator.checkPermittedDN(dns);
nameConstraintValidator.checkExcludedDN(dns);
} catch (PKIXNameConstraintValidatorException e) {
throw new CertPathValidatorException("Subtree check for certificate subject failed.", e, certPath, index);
}
GeneralNames altName = null;
try {
altName = GeneralNames.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME));
} catch (Exception e) {
throw new CertPathValidatorException("Subject alternative name extension could not be decoded.", e, certPath, index);
}
Vector emails = new X509Name(dns).getValues(X509Name.EmailAddress);
for (Enumeration e = emails.elements(); e.hasMoreElements(); ) {
String email = (String) e.nextElement();
GeneralName emailAsGeneralName = new GeneralName(GeneralName.rfc822Name, email);
try {
nameConstraintValidator.checkPermitted(emailAsGeneralName);
nameConstraintValidator.checkExcluded(emailAsGeneralName);
} catch (PKIXNameConstraintValidatorException ex) {
throw new CertPathValidatorException("Subtree check for certificate subject alternative email failed.", ex, certPath, index);
}
}
if (altName != null) {
GeneralName[] genNames = null;
try {
genNames = altName.getNames();
} catch (Exception e) {
throw new CertPathValidatorException("Subject alternative name contents could not be decoded.", e, certPath, index);
}
for (int j = 0; j < genNames.length; j++) {
try {
nameConstraintValidator.checkPermitted(genNames[j]);
nameConstraintValidator.checkExcluded(genNames[j]);
} catch (PKIXNameConstraintValidatorException e) {
throw new CertPathValidatorException("Subtree check for certificate subject alternative name failed.", e, certPath, index);
}
}
}
}
}
Aggregations