Example 1 with AdmissionSyntaxOption
use of org.xipki.ca.certprofile.commonpki.AdmissionSyntaxOption in project xipki by xipki.
the class ExtensionsChecker method checkExtensionAdmission.
// method checkExtensionDeltaCrlDistributionPoints
private void checkExtensionAdmission(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) {
AdmissionSyntaxOption conf = certProfile.getAdmission();
ASN1ObjectIdentifier type = ObjectIdentifiers.id_extension_admission;
if (conf == null) {
byte[] expected = getExpectedExtValue(type, requestedExtensions, extControl);
if (!Arrays.equals(expected, extensionValue)) {
addViolation(failureMsg, "extension value", hex(extensionValue), (expected == null) ? "not present" : hex(expected));
}
return;
}
List<List<String>> reqRegNumsList = null;
if (requestedExtensions != null && conf.isInputFromRequestRequired()) {
Extension extension = requestedExtensions.getExtension(type);
if (extension == null) {
failureMsg.append("no Admission extension is contained in the request;");
return;
}
Admissions[] reqAdmissions = org.bouncycastle.asn1.isismtt.x509.AdmissionSyntax.getInstance(extension.getParsedValue()).getContentsOfAdmissions();
final int n = reqAdmissions.length;
reqRegNumsList = new ArrayList<>(n);
for (int i = 0; i < n; i++) {
Admissions reqAdmission = reqAdmissions[i];
ProfessionInfo[] reqPis = reqAdmission.getProfessionInfos();
List<String> reqNums = new ArrayList<>(reqPis.length);
reqRegNumsList.add(reqNums);
for (ProfessionInfo reqPi : reqPis) {
String reqNum = reqPi.getRegistrationNumber();
reqNums.add(reqNum);
}
}
}
try {
byte[] expected = conf.getExtensionValue(reqRegNumsList).getValue().toASN1Primitive().getEncoded();
if (!Arrays.equals(expected, extensionValue)) {
addViolation(failureMsg, "extension valus", hex(extensionValue), hex(expected));
}
} catch (IOException ex) {
LogUtil.error(LOG, ex);
failureMsg.append("IOException while computing the expected extension value;");
return;
} catch (BadCertTemplateException ex) {
LogUtil.error(LOG, ex);
failureMsg.append("BadCertTemplateException while computing the expected extension value;");
}
}
Also used :
AdmissionSyntaxOption(org.xipki.ca.certprofile.commonpki.AdmissionSyntaxOption)
ArrayList(java.util.ArrayList)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
ASN1String(org.bouncycastle.asn1.ASN1String)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERT61String(org.bouncycastle.asn1.DERT61String)
IOException(java.io.IOException)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
Extension(org.bouncycastle.asn1.x509.Extension)
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
Admissions(org.bouncycastle.asn1.isismtt.x509.Admissions)
ArrayList(java.util.ArrayList)
List(java.util.List)
LinkedList(java.util.LinkedList)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
ProfessionInfo(org.bouncycastle.asn1.isismtt.x509.ProfessionInfo)
Example 2 with AdmissionSyntaxOption
use of org.xipki.ca.certprofile.commonpki.AdmissionSyntaxOption in project xipki by xipki.
the class XmlX509CertprofileUtil method buildAdmissionSyntax.
public static AdmissionSyntaxOption buildAdmissionSyntax(boolean critical, AdmissionSyntax type) throws CertprofileException {
List<AdmissionsOption> admissionsList = new LinkedList<>();
for (AdmissionsType at : type.getContentsOfAdmissions()) {
List<ProfessionInfoOption> professionInfos = new LinkedList<>();
for (ProfessionInfoType pi : at.getProfessionInfo()) {
NamingAuthority namingAuthorityL3 = null;
if (pi.getNamingAuthority() != null) {
namingAuthorityL3 = buildNamingAuthority(pi.getNamingAuthority());
}
List<OidWithDescType> oidTypes = pi.getProfessionOid();
List<ASN1ObjectIdentifier> oids = null;
if (CollectionUtil.isNonEmpty(oidTypes)) {
oids = new LinkedList<>();
for (OidWithDescType k : oidTypes) {
oids.add(new ASN1ObjectIdentifier(k.getValue()));
}
}
RegistrationNumber rnType = pi.getRegistrationNumber();
RegistrationNumberOption rno = (rnType == null) ? null : new RegistrationNumberOption(rnType.getRegex(), rnType.getConstant());
ProfessionInfoOption pio = new ProfessionInfoOption(namingAuthorityL3, pi.getProfessionItem(), oids, rno, pi.getAddProfessionInfo());
professionInfos.add(pio);
}
GeneralName admissionAuthority = null;
if (at.getNamingAuthority() != null) {
admissionAuthority = GeneralName.getInstance(asn1PrimitivefromByteArray(at.getAdmissionAuthority()));
}
NamingAuthority namingAuthority = null;
if (at.getNamingAuthority() != null) {
namingAuthority = buildNamingAuthority(at.getNamingAuthority());
}
AdmissionsOption admissionsOption = new AdmissionsOption(admissionAuthority, namingAuthority, professionInfos);
admissionsList.add(admissionsOption);
}
GeneralName admissionAuthority = null;
if (type.getAdmissionAuthority() != null) {
admissionAuthority = GeneralName.getInstance(type.getAdmissionAuthority());
}
return new AdmissionSyntaxOption(critical, admissionAuthority, admissionsList);
}
Also used :
ProfessionInfoOption(org.xipki.ca.certprofile.commonpki.ProfessionInfoOption)
OidWithDescType(org.xipki.ca.certprofile.x509.jaxb.OidWithDescType)
AdmissionsOption(org.xipki.ca.certprofile.commonpki.AdmissionsOption)
RegistrationNumberOption(org.xipki.ca.certprofile.commonpki.RegistrationNumberOption)
AdmissionSyntaxOption(org.xipki.ca.certprofile.commonpki.AdmissionSyntaxOption)
LinkedList(java.util.LinkedList)
AdmissionsType(org.xipki.ca.certprofile.x509.jaxb.AdmissionsType)
ProfessionInfoType(org.xipki.ca.certprofile.x509.jaxb.ProfessionInfoType)
NamingAuthority(org.bouncycastle.asn1.isismtt.x509.NamingAuthority)
RegistrationNumber(org.xipki.ca.certprofile.x509.jaxb.ProfessionInfoType.RegistrationNumber)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
LinkedList (java.util.LinkedList)2
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)2
AdmissionSyntaxOption (org.xipki.ca.certprofile.commonpki.AdmissionSyntaxOption)2
IOException (java.io.IOException)1
ArrayList (java.util.ArrayList)1
List (java.util.List)1
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)1
ASN1String (org.bouncycastle.asn1.ASN1String)1
DERBMPString (org.bouncycastle.asn1.DERBMPString)1
DERIA5String (org.bouncycastle.asn1.DERIA5String)1
DEROctetString (org.bouncycastle.asn1.DEROctetString)1
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)1
DERT61String (org.bouncycastle.asn1.DERT61String)1
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)1
Admissions (org.bouncycastle.asn1.isismtt.x509.Admissions)1
NamingAuthority (org.bouncycastle.asn1.isismtt.x509.NamingAuthority)1
ProfessionInfo (org.bouncycastle.asn1.isismtt.x509.ProfessionInfo)1
DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)1
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)1
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)1
