Example 91 with X500Name
use of sun.security.x509.X500Name in project jruby-openssl by jruby.
the class X509Extension method formatGeneralName.
@SuppressWarnings("unchecked")
private static boolean formatGeneralName(final GeneralName name, final ByteList out, final boolean slashed) {
final ASN1Encodable obj = name.getName();
String val;
boolean tagged = false;
switch(name.getTagNo()) {
case GeneralName.rfc822Name:
if (!tagged)
out.append('e').append('m').append('a').append('i').append('l').append(':');
tagged = true;
case GeneralName.dNSName:
if (!tagged)
out.append('D').append('N').append('S').append(':');
tagged = true;
case GeneralName.uniformResourceIdentifier:
if (!tagged)
out.append('U').append('R').append('I').append(':');
val = DERIA5String.getInstance(obj).getString();
out.append(ByteList.plain(val));
break;
case GeneralName.directoryName:
out.append('D').append('i').append('r').append('N').append('a').append('m').append('e').append(':');
final X500Name dirName = X500Name.getInstance(obj);
if (slashed) {
final RDN[] rdns = dirName.getRDNs();
final Hashtable defaultSymbols = getDefaultSymbols();
for (int i = 0; i < rdns.length; i++) {
appendRDN(out.append('/'), rdns[i], defaultSymbols);
}
} else {
out.append(ByteList.plain(dirName.toString()));
}
break;
case GeneralName.iPAddress:
out.append('I').append('P').append(':');
final byte[] ip = ((ASN1OctetString) name.getName()).getOctets();
int len = ip.length;
boolean ip4 = len == 4;
if (ip4) {
for (int i = 0; i < ip.length; i++) {
out.append(ConvertBytes.intToCharBytes(((int) ip[i]) & 0xff));
if (i != len - 1)
out.append('.');
}
} else {
for (int i = 0; i < ip.length; i += 2) {
out.append(ConvertBytes.intToHexBytes(((ip[i] & 0xff) << 8 | (ip[i + 1] & 0xff))));
if (i != len - 2)
out.append(':');
}
}
break;
case GeneralName.otherName:
out.append('o').append('t').append('h').append('e').append('r').append('N').append('a').append('m').append('e').append(':');
out.append(ByteList.plain(obj.toString()));
return true;
// tagged = true;
case GeneralName.registeredID:
out.append('R').append('I').append('D').append(':');
// tagged = true;
default:
out.append(ByteList.plain(obj.toString()));
}
return false;
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
Hashtable(java.util.Hashtable)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
RubyString(org.jruby.RubyString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
ASN1String(org.bouncycastle.asn1.ASN1String)
DERUniversalString(org.bouncycastle.asn1.DERUniversalString)
X500Name(org.bouncycastle.asn1.x500.X500Name)
RDN(org.bouncycastle.asn1.x500.RDN)
Example 92 with X500Name
use of sun.security.x509.X500Name in project jruby-openssl by jruby.
the class X509Name method equals.
@Override
public boolean equals(Object other) {
if (this == other)
return true;
if (other instanceof X509Name) {
final X509Name that = (X509Name) other;
final X500Name thisName = this.getX500Name();
final X500Name thatName = that.getX500Name();
return thisName.equals(thatName);
}
return false;
}
Also used :
X500Name(org.bouncycastle.asn1.x500.X500Name)
Example 93 with X500Name
use of sun.security.x509.X500Name in project jruby-openssl by jruby.
the class OCSPRequest method verify.
@JRubyMethod(name = "verify", rest = true)
public IRubyObject verify(IRubyObject[] args) {
Ruby runtime = getRuntime();
ThreadContext context = runtime.getCurrentContext();
int flags = 0;
boolean ret = false;
if (Arity.checkArgumentCount(runtime, args, 2, 3) == 3) {
flags = RubyFixnum.fix2int((RubyFixnum) args[2]);
}
IRubyObject certificates = args[0];
IRubyObject store = args[1];
OCSPReq bcOCSPReq = getBCOCSPReq();
if (bcOCSPReq == null) {
throw newOCSPError(runtime, new NullPointerException("Missing BC asn1bcReq. Missing certIDs or signature?"));
}
if (!bcOCSPReq.isSigned()) {
return RubyBoolean.newBoolean(runtime, ret);
}
GeneralName genName = bcOCSPReq.getRequestorName();
if (genName.getTagNo() != 4) {
return RubyBoolean.newBoolean(runtime, ret);
}
X500Name genX500Name = X500Name.getInstance(genName.getName());
X509StoreContext storeContext = null;
JcaContentVerifierProviderBuilder jcacvpb = new JcaContentVerifierProviderBuilder();
jcacvpb.setProvider("BC");
try {
java.security.cert.Certificate signer = findCertByName(genX500Name, certificates, flags);
if (signer == null)
return RubyBoolean.newBoolean(runtime, ret);
if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOINTERN))) > 0 && ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_TRUSTOTHER))) > 0))
flags |= RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOVERIFY));
if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOSIGS))) == 0) {
PublicKey signerPubKey = signer.getPublicKey();
ContentVerifierProvider cvp = jcacvpb.build(signerPubKey);
ret = bcOCSPReq.isSignatureValid(cvp);
if (!ret) {
return RubyBoolean.newBoolean(runtime, ret);
}
}
if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOVERIFY))) == 0) {
if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOCHAIN))) > 0) {
storeContext = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), context.nil);
} else {
RubyArray certs = RubyArray.newEmptyArray(runtime);
ASN1Sequence bcCerts = asn1bcReq.getOptionalSignature().getCerts();
if (bcCerts != null) {
Iterator<ASN1Encodable> it = bcCerts.iterator();
while (it.hasNext()) {
Certificate cert = Certificate.getInstance(it.next());
certs.add(X509Cert.wrap(runtime, new X509AuxCertificate(cert)));
}
}
storeContext = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), certs);
}
storeContext.set_purpose(context, _X509(runtime).getConstant("PURPOSE_OCSP_HELPER"));
storeContext.set_trust(context, _X509(runtime).getConstant("TRUST_OCSP_REQUEST"));
ret = storeContext.verify(context).isTrue();
if (!ret)
return RubyBoolean.newBoolean(runtime, false);
}
} catch (Exception e) {
debugStackTrace(e);
throw newOCSPError(runtime, e);
}
return RubyBoolean.newBoolean(getRuntime(), ret);
}
Also used :
RubyArray(org.jruby.RubyArray)
X500Name(org.bouncycastle.asn1.x500.X500Name)
IRubyObject(org.jruby.runtime.builtin.IRubyObject)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Ruby(org.jruby.Ruby)
ContentVerifierProvider(org.bouncycastle.operator.ContentVerifierProvider)
PublicKey(java.security.PublicKey)
ThreadContext(org.jruby.runtime.ThreadContext)
RubyFixnum(org.jruby.RubyFixnum)
RaiseException(org.jruby.exceptions.RaiseException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
JcaContentVerifierProviderBuilder(org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
OCSPReq(org.bouncycastle.cert.ocsp.OCSPReq)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate)
JRubyMethod(org.jruby.anno.JRubyMethod)
Example 94 with X500Name
use of sun.security.x509.X500Name in project jruby-openssl by jruby.
the class RecipInfo method set.
/**
* c: PKCS7_RECIP_INFO_set
*/
public void set(X509AuxCertificate cert) throws PKCS7Exception {
version = 0;
X500Name issuer = X500Name.getInstance(cert.getIssuerX500Principal().getEncoded());
BigInteger serial = cert.getSerialNumber();
issuerAndSerial = new IssuerAndSerialNumber(issuer, serial);
String algo = addEncryptionIfNeeded(cert.getPublicKey().getAlgorithm());
keyEncAlgor = new AlgorithmIdentifier(ASN1Registry.sym2oid(algo));
this.cert = cert;
}
Also used :
IssuerAndSerialNumber(org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber)
BigInteger(java.math.BigInteger)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 95 with X500Name
use of sun.security.x509.X500Name in project jruby-openssl by jruby.
the class X509Utils method checkIfIssuedBy.
/**
* c: X509_check_issued
*/
public static int checkIfIssuedBy(final X509AuxCertificate issuer, final X509AuxCertificate subject) throws IOException {
if (!issuer.getSubjectX500Principal().equals(subject.getIssuerX500Principal())) {
return V_ERR_SUBJECT_ISSUER_MISMATCH;
}
if (subject.getExtensionValue("2.5.29.35") != null) {
// authorityKeyID
// I hate ASN1 and DER
Object key = get(subject.getExtensionValue("2.5.29.35"));
if (!(key instanceof ASN1Sequence))
key = get((DEROctetString) key);
final ASN1Sequence seq = (ASN1Sequence) key;
final AuthorityKeyIdentifier sakid;
if (seq.size() == 1 && (seq.getObjectAt(0) instanceof ASN1OctetString)) {
sakid = AuthorityKeyIdentifier.getInstance(new DLSequence(new DERTaggedObject(0, seq.getObjectAt(0))));
} else {
sakid = AuthorityKeyIdentifier.getInstance(seq);
}
if (sakid.getKeyIdentifier() != null) {
if (issuer.getExtensionValue("2.5.29.14") != null) {
DEROctetString der = (DEROctetString) get(issuer.getExtensionValue("2.5.29.14"));
SubjectKeyIdentifier iskid = SubjectKeyIdentifier.getInstance(get(der.getOctets()));
if (iskid.getKeyIdentifier() != null) {
if (!Arrays.equals(sakid.getKeyIdentifier(), iskid.getKeyIdentifier())) {
return V_ERR_AKID_SKID_MISMATCH;
}
}
}
}
final BigInteger serialNumber = sakid.getAuthorityCertSerialNumber();
if (serialNumber != null && !serialNumber.equals(issuer.getSerialNumber())) {
return V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
}
if (sakid.getAuthorityCertIssuer() != null) {
GeneralName[] gens = sakid.getAuthorityCertIssuer().getNames();
X500Name x500Name = null;
for (int i = 0; i < gens.length; i++) {
if (gens[i].getTagNo() == GeneralName.directoryName) {
ASN1Encodable name = gens[i].getName();
if (name instanceof X500Name) {
x500Name = (X500Name) name;
} else if (name instanceof ASN1Sequence) {
x500Name = X500Name.getInstance((ASN1Sequence) name);
} else {
throw new RuntimeException("unknown name type: " + name);
}
break;
}
}
if (x500Name != null) {
if (!new Name(x500Name).equalTo(issuer.getIssuerX500Principal())) {
return V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
}
}
}
}
final boolean[] keyUsage = issuer.getKeyUsage();
if (subject.getExtensionValue("1.3.6.1.5.5.7.1.14") != null) {
if (keyUsage != null && !keyUsage[0]) {
// KU_DIGITAL_SIGNATURE
return V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
}
} else if (keyUsage != null && !keyUsage[5]) {
// KU_KEY_CERT_SIGN
return V_ERR_KEYUSAGE_NO_CERTSIGN;
}
return V_OK;
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)
X500Name(org.bouncycastle.asn1.x500.X500Name)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DLSequence(org.bouncycastle.asn1.DLSequence)
BigInteger(java.math.BigInteger)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Aggregations
X500Name (org.bouncycastle.asn1.x500.X500Name)214
X509Certificate (java.security.cert.X509Certificate)94
BigInteger (java.math.BigInteger)69
Date (java.util.Date)69
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)59
X500Name (sun.security.x509.X500Name)55
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)54
ContentSigner (org.bouncycastle.operator.ContentSigner)53
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)51
IOException (java.io.IOException)50
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)48
KeyPair (java.security.KeyPair)42
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)37
PrivateKey (java.security.PrivateKey)36
RDN (org.bouncycastle.asn1.x500.RDN)35
GeneralName (org.bouncycastle.asn1.x509.GeneralName)34
KeyPairGenerator (java.security.KeyPairGenerator)32
JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)32
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)30
CertificateException (java.security.cert.CertificateException)29
