Examples with SubjectDirectoryAttributesControl org.xipki.ca.api.profile.x509.SubjectDirectoryAttributesControl used on opensource projects

Search in sources :

Example 1 with SubjectDirectoryAttributesControl

use of org.xipki.ca.api.profile.x509.SubjectDirectoryAttributesControl in project xipki by xipki.

the class XmlX509Certprofile method initSubjectDirAttrs.

private void initSubjectDirAttrs(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
    ASN1ObjectIdentifier type = Extension.subjectDirectoryAttributes;
    if (!extensionControls.containsKey(type)) {
        return;
    }
    extnIds.remove(type);
    SubjectDirectoryAttributs extConf = (SubjectDirectoryAttributs) getExtensionValue(type, extensionsType, SubjectDirectoryAttributs.class);
    if (extConf == null) {
        return;
    }
    List<ASN1ObjectIdentifier> types = XmlX509CertprofileUtil.toOidList(extConf.getType());
    subjectDirAttrsControl = new SubjectDirectoryAttributesControl(types);
}
Also used : SubjectDirectoryAttributesControl(org.xipki.ca.api.profile.x509.SubjectDirectoryAttributesControl) SubjectDirectoryAttributs(org.xipki.ca.certprofile.x509.jaxb.SubjectDirectoryAttributs) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 2 with SubjectDirectoryAttributesControl

use of org.xipki.ca.api.profile.x509.SubjectDirectoryAttributesControl in project xipki by xipki.

the class ExtensionsChecker method checkExtensionSubjectDirAttrs.

// method checkExtensionInhibitAnyPolicy
private void checkExtensionSubjectDirAttrs(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) {
    SubjectDirectoryAttributesControl conf = certProfile.getSubjectDirAttrsControl();
    if (conf == null) {
        failureMsg.append("extension is present but not expected; ");
        return;
    }
    ASN1Encodable extInRequest = null;
    if (requestedExtensions != null) {
        extInRequest = requestedExtensions.getExtensionParsedValue(Extension.subjectDirectoryAttributes);
    }
    if (extInRequest == null) {
        failureMsg.append("extension is present but not expected; ");
        return;
    }
    SubjectDirectoryAttributes requested = SubjectDirectoryAttributes.getInstance(extInRequest);
    Vector<?> reqSubDirAttrs = requested.getAttributes();
    ASN1GeneralizedTime expDateOfBirth = null;
    String expPlaceOfBirth = null;
    String expGender = null;
    Set<String> expCountryOfCitizenshipList = new HashSet<>();
    Set<String> expCountryOfResidenceList = new HashSet<>();
    Map<ASN1ObjectIdentifier, Set<ASN1Encodable>> expOtherAttrs = new HashMap<>();
    final int expN = reqSubDirAttrs.size();
    for (int i = 0; i < expN; i++) {
        Attribute attr = Attribute.getInstance(reqSubDirAttrs.get(i));
        ASN1ObjectIdentifier attrType = attr.getAttrType();
        ASN1Encodable attrVal = attr.getAttributeValues()[0];
        if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(attrType)) {
            expDateOfBirth = ASN1GeneralizedTime.getInstance(attrVal);
        } else if (ObjectIdentifiers.DN_PLACE_OF_BIRTH.equals(attrType)) {
            expPlaceOfBirth = DirectoryString.getInstance(attrVal).getString();
        } else if (ObjectIdentifiers.DN_GENDER.equals(attrType)) {
            expGender = DERPrintableString.getInstance(attrVal).getString();
        } else if (ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP.equals(attrType)) {
            String country = DERPrintableString.getInstance(attrVal).getString();
            expCountryOfCitizenshipList.add(country);
        } else if (ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE.equals(attrType)) {
            String country = DERPrintableString.getInstance(attrVal).getString();
            expCountryOfResidenceList.add(country);
        } else {
            Set<ASN1Encodable> otherAttrVals = expOtherAttrs.get(attrType);
            if (otherAttrVals == null) {
                otherAttrVals = new HashSet<>();
                expOtherAttrs.put(attrType, otherAttrVals);
            }
            otherAttrVals.add(attrVal);
        }
    }
    SubjectDirectoryAttributes ext = SubjectDirectoryAttributes.getInstance(extensionValue);
    Vector<?> subDirAttrs = ext.getAttributes();
    ASN1GeneralizedTime dateOfBirth = null;
    String placeOfBirth = null;
    String gender = null;
    Set<String> countryOfCitizenshipList = new HashSet<>();
    Set<String> countryOfResidenceList = new HashSet<>();
    Map<ASN1ObjectIdentifier, Set<ASN1Encodable>> otherAttrs = new HashMap<>();
    List<ASN1ObjectIdentifier> attrTypes = new LinkedList<>(conf.getTypes());
    final int n = subDirAttrs.size();
    for (int i = 0; i < n; i++) {
        Attribute attr = Attribute.getInstance(subDirAttrs.get(i));
        ASN1ObjectIdentifier attrType = attr.getAttrType();
        if (!attrTypes.contains(attrType)) {
            failureMsg.append("attribute of type " + attrType.getId()).append(" is present but not expected; ");
            continue;
        }
        ASN1Encodable[] attrs = attr.getAttributeValues();
        if (attrs.length != 1) {
            failureMsg.append("attribute of type ").append(attrType.getId()).append(" does not single-value value: ").append(attrs.length).append("; ");
            continue;
        }
        ASN1Encodable attrVal = attrs[0];
        if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(attrType)) {
            dateOfBirth = ASN1GeneralizedTime.getInstance(attrVal);
        } else if (ObjectIdentifiers.DN_PLACE_OF_BIRTH.equals(attrType)) {
            placeOfBirth = DirectoryString.getInstance(attrVal).getString();
        } else if (ObjectIdentifiers.DN_GENDER.equals(attrType)) {
            gender = DERPrintableString.getInstance(attrVal).getString();
        } else if (ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP.equals(attrType)) {
            String country = DERPrintableString.getInstance(attrVal).getString();
            countryOfCitizenshipList.add(country);
        } else if (ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE.equals(attrType)) {
            String country = DERPrintableString.getInstance(attrVal).getString();
            countryOfResidenceList.add(country);
        } else {
            Set<ASN1Encodable> otherAttrVals = otherAttrs.get(attrType);
            if (otherAttrVals == null) {
                otherAttrVals = new HashSet<>();
                otherAttrs.put(attrType, otherAttrVals);
            }
            otherAttrVals.add(attrVal);
        }
    }
    if (dateOfBirth != null) {
        attrTypes.remove(ObjectIdentifiers.DN_DATE_OF_BIRTH);
    }
    if (placeOfBirth != null) {
        attrTypes.remove(ObjectIdentifiers.DN_PLACE_OF_BIRTH);
    }
    if (gender != null) {
        attrTypes.remove(ObjectIdentifiers.DN_GENDER);
    }
    if (!countryOfCitizenshipList.isEmpty()) {
        attrTypes.remove(ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP);
    }
    if (!countryOfResidenceList.isEmpty()) {
        attrTypes.remove(ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE);
    }
    attrTypes.removeAll(otherAttrs.keySet());
    if (!attrTypes.isEmpty()) {
        List<String> attrTypeTexts = new LinkedList<>();
        for (ASN1ObjectIdentifier oid : attrTypes) {
            attrTypeTexts.add(oid.getId());
        }
        failureMsg.append("required attributes of types ").append(attrTypeTexts).append(" are not present; ");
    }
    if (dateOfBirth != null) {
        String timeStirng = dateOfBirth.getTimeString();
        if (!SubjectDnSpec.PATTERN_DATE_OF_BIRTH.matcher(timeStirng).matches()) {
            failureMsg.append("invalid dateOfBirth: " + timeStirng + "; ");
        }
        String exp = (expDateOfBirth == null) ? null : expDateOfBirth.getTimeString();
        if (!timeStirng.equalsIgnoreCase(exp)) {
            addViolation(failureMsg, "dateOfBirth", timeStirng, exp);
        }
    }
    if (gender != null) {
        if (!(gender.equalsIgnoreCase("F") || gender.equalsIgnoreCase("M"))) {
            failureMsg.append("invalid gender: ").append(gender).append("; ");
        }
        if (!gender.equalsIgnoreCase(expGender)) {
            addViolation(failureMsg, "gender", gender, expGender);
        }
    }
    if (placeOfBirth != null) {
        if (!placeOfBirth.equals(expPlaceOfBirth)) {
            addViolation(failureMsg, "placeOfBirth", placeOfBirth, expPlaceOfBirth);
        }
    }
    if (!countryOfCitizenshipList.isEmpty()) {
        Set<String> diffs = strInBnotInA(expCountryOfCitizenshipList, countryOfCitizenshipList);
        if (CollectionUtil.isNonEmpty(diffs)) {
            failureMsg.append("countryOfCitizenship ").append(diffs.toString()).append(" are present but not expected; ");
        }
        diffs = strInBnotInA(countryOfCitizenshipList, expCountryOfCitizenshipList);
        if (CollectionUtil.isNonEmpty(diffs)) {
            failureMsg.append("countryOfCitizenship ").append(diffs.toString()).append(" are absent but are required; ");
        }
    }
    if (!countryOfResidenceList.isEmpty()) {
        Set<String> diffs = strInBnotInA(expCountryOfResidenceList, countryOfResidenceList);
        if (CollectionUtil.isNonEmpty(diffs)) {
            failureMsg.append("countryOfResidence ").append(diffs.toString()).append(" are present but not expected; ");
        }
        diffs = strInBnotInA(countryOfResidenceList, expCountryOfResidenceList);
        if (CollectionUtil.isNonEmpty(diffs)) {
            failureMsg.append("countryOfResidence ").append(diffs.toString()).append(" are absent but are required; ");
        }
    }
    if (!otherAttrs.isEmpty()) {
        for (ASN1ObjectIdentifier attrType : otherAttrs.keySet()) {
            Set<ASN1Encodable> expAttrValues = expOtherAttrs.get(attrType);
            if (expAttrValues == null) {
                failureMsg.append("attribute of type ").append(attrType.getId()).append(" is present but not requested; ");
                continue;
            }
            Set<ASN1Encodable> attrValues = otherAttrs.get(attrType);
            if (!attrValues.equals(expAttrValues)) {
                failureMsg.append("attribute of type ").append(attrType.getId()).append(" differs from the requested one; ");
                continue;
            }
        }
    }
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) Attribute(org.bouncycastle.asn1.x509.Attribute) SubjectDirectoryAttributes(org.bouncycastle.asn1.x509.SubjectDirectoryAttributes) ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERT61String(org.bouncycastle.asn1.DERT61String) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) LinkedList(java.util.LinkedList) SubjectDirectoryAttributesControl(org.xipki.ca.api.profile.x509.SubjectDirectoryAttributesControl) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) HashSet(java.util.HashSet)

Aggregations

ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)2 SubjectDirectoryAttributesControl (org.xipki.ca.api.profile.x509.SubjectDirectoryAttributesControl)2 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 LinkedList (java.util.LinkedList)1 Set (java.util.Set)1 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)1 ASN1GeneralizedTime (org.bouncycastle.asn1.ASN1GeneralizedTime)1 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)1 ASN1String (org.bouncycastle.asn1.ASN1String)1 DERBMPString (org.bouncycastle.asn1.DERBMPString)1 DERIA5String (org.bouncycastle.asn1.DERIA5String)1 DEROctetString (org.bouncycastle.asn1.DEROctetString)1 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)1 DERT61String (org.bouncycastle.asn1.DERT61String)1 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)1 DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)1 Attribute (org.bouncycastle.asn1.x509.Attribute)1 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)1 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial