Java Examples for org.bouncycastle.asn1.ASN1TaggedObject
The following java examples will help you to understand the usage of org.bouncycastle.asn1.ASN1TaggedObject. These source code samples are taken from different open source projects.
Example 1
| Project: bc-java-master File: X509CertSelector.java View source code |
/**
* Decides whether a <code>Certificate</code> should be selected.<br />
* <br />
* <b>TODO: implement missing tests (name constraints and path to names)</b><br />
* <br />
* Uses {@link org.bouncycastle.asn1.ASN1InputStream ASN1InputStream},
* {@link org.bouncycastle.asn1.ASN1Sequence ASN1Sequence},
* {@link org.bouncycastle.asn1.ASN1ObjectIdentifier ASN1ObjectIdentifier},
* {@link org.bouncycastle.asn1.ASN1Object ASN1Object},
* {@link org.bouncycastle.asn1.DERGeneralizedTime DERGeneralizedTime},
* {@link org.bouncycastle.asn1.x509.X509Name X509Name},
* {@link org.bouncycastle.asn1.x509.X509Extensions X509Extensions},
* {@link org.bouncycastle.asn1.x509.ExtendedKeyUsage ExtendedKeyUsage},
* {@link org.bouncycastle.asn1.x509.KeyPurposeId KeyPurposeId},
* {@link org.bouncycastle.asn1.x509.SubjectPublicKeyInfo SubjectPublicKeyInfo},
* {@link org.bouncycastle.asn1.x509.AlgorithmIdentifier AlgorithmIdentifier}
* to access X509 extensions
*
* @param cert
* the <code>Certificate</code> to be checked
*
* @return <code>true</code> if the <code>Certificate</code> should be
* selected, <code>false</code> otherwise
*/
public boolean match(Certificate cert) {
boolean[] booleanArray;
List tempList;
Iterator tempIter;
if (!(cert instanceof X509Certificate)) {
return false;
}
X509Certificate certX509 = (X509Certificate) cert;
if (x509Cert != null && !x509Cert.equals(certX509)) {
return false;
}
if (serialNumber != null && !serialNumber.equals(certX509.getSerialNumber())) {
return false;
}
try {
if (issuerDNX509 != null) {
if (!issuerDNX509.equals(PrincipalUtil.getIssuerX509Principal(certX509), true)) {
return false;
}
}
if (subjectDNX509 != null) {
if (!subjectDNX509.equals(PrincipalUtil.getSubjectX509Principal(certX509), true)) {
return false;
}
}
} catch (Exception ex) {
return false;
}
if (subjectKeyID != null) {
byte[] data = certX509.getExtensionValue(X509Extensions.SubjectKeyIdentifier.getId());
if (data == null) {
return false;
}
try {
ByteArrayInputStream inStream = new ByteArrayInputStream(data);
ASN1InputStream derInputStream = new ASN1InputStream(inStream);
byte[] testData = ((ASN1OctetString) derInputStream.readObject()).getOctets();
if (!Arrays.equals(subjectKeyID, testData)) {
return false;
}
} catch (IOException ex) {
return false;
}
}
if (authorityKeyID != null) {
byte[] data = certX509.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
if (data == null) {
return false;
}
try {
ByteArrayInputStream inStream = new ByteArrayInputStream(data);
ASN1InputStream derInputStream = new ASN1InputStream(inStream);
byte[] testData = ((ASN1OctetString) derInputStream.readObject()).getOctets();
if (!Arrays.equals(authorityKeyID, testData)) {
return false;
}
} catch (IOException ex) {
return false;
}
}
if (certValid != null) {
if (certX509.getNotAfter() != null && certValid.after(certX509.getNotAfter())) {
return false;
}
if (certX509.getNotBefore() != null && certValid.before(certX509.getNotBefore())) {
return false;
}
}
if (privateKeyValid != null) {
try {
byte[] data = certX509.getExtensionValue(X509Extensions.PrivateKeyUsagePeriod.getId());
if (data != null) {
ByteArrayInputStream inStream = new ByteArrayInputStream(data);
ASN1InputStream derInputStream = new ASN1InputStream(inStream);
inStream = new ByteArrayInputStream(((ASN1OctetString) derInputStream.readObject()).getOctets());
derInputStream = new ASN1InputStream(inStream);
// TODO fix this, Sequence contains tagged objects
ASN1Sequence derObject = (ASN1Sequence) derInputStream.readObject();
ASN1GeneralizedTime derDate = ASN1GeneralizedTime.getInstance(derObject.getObjectAt(0));
SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmssZ");
if (privateKeyValid.before(dateF.parse(derDate.getTime()))) {
return false;
}
derDate = ASN1GeneralizedTime.getInstance(derObject.getObjectAt(1));
if (privateKeyValid.after(dateF.parse(derDate.getTime()))) {
return false;
}
}
} catch (Exception ex) {
return false;
}
}
if (subjectKeyAlgID != null) {
try {
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(certX509.getPublicKey().getEncoded());
AlgorithmIdentifier algInfo = publicKeyInfo.getAlgorithmId();
if (!algInfo.getAlgorithm().equals(subjectKeyAlgID)) {
return false;
}
} catch (Exception ex) {
return false;
}
}
if (subjectPublicKeyByte != null) {
if (!Arrays.equals(subjectPublicKeyByte, certX509.getPublicKey().getEncoded())) {
return false;
}
}
if (subjectPublicKey != null) {
if (!subjectPublicKey.equals(certX509.getPublicKey())) {
return false;
}
}
if (keyUsage != null) {
booleanArray = certX509.getKeyUsage();
if (booleanArray != null) {
for (int i = 0; i < keyUsage.length; i++) {
if (keyUsage[i] && (booleanArray.length <= i || !booleanArray[i])) {
return false;
}
}
}
}
if (keyPurposeSet != null && !keyPurposeSet.isEmpty()) {
try {
byte[] data = certX509.getExtensionValue(X509Extensions.ExtendedKeyUsage.getId());
if (data != null) {
ByteArrayInputStream inStream = new ByteArrayInputStream(data);
ASN1InputStream derInputStream = new ASN1InputStream(inStream);
ExtendedKeyUsage extendedKeyUsage = ExtendedKeyUsage.getInstance(derInputStream.readObject());
tempIter = keyPurposeSet.iterator();
while (tempIter.hasNext()) {
if (!extendedKeyUsage.hasKeyPurposeId((KeyPurposeId) tempIter.next())) {
return false;
}
}
}
} catch (Exception ex) {
return false;
}
}
if (minMaxPathLen != -1) {
if (minMaxPathLen == -2 && certX509.getBasicConstraints() != -1) {
return false;
}
if (minMaxPathLen >= 0 && certX509.getBasicConstraints() < minMaxPathLen) {
return false;
}
}
if (policyOID != null) {
try {
byte[] data = certX509.getExtensionValue(X509Extensions.CertificatePolicies.getId());
if (data == null) {
return false;
}
if (!policyOID.isEmpty()) {
ByteArrayInputStream inStream = new ByteArrayInputStream(data);
ASN1InputStream derInputStream = new ASN1InputStream(inStream);
inStream = new ByteArrayInputStream(((ASN1OctetString) derInputStream.readObject()).getOctets());
derInputStream = new ASN1InputStream(inStream);
Enumeration policySequence = ((ASN1Sequence) derInputStream.readObject()).getObjects();
ASN1Sequence policyObject;
boolean test = false;
while (policySequence.hasMoreElements() && !test) {
policyObject = (ASN1Sequence) policySequence.nextElement();
if (policyOID.contains(policyObject.getObjectAt(0))) {
test = true;
}
}
if (!test) {
return false;
}
}
} catch (Exception ex) {
ex.printStackTrace();
return false;
}
}
if (subjectAltNamesByte != null) {
try {
byte[] data = certX509.getExtensionValue(X509Extensions.SubjectAlternativeName.getId());
if (data == null) {
return false;
}
ByteArrayInputStream inStream = new ByteArrayInputStream(data);
ASN1InputStream derInputStream = new ASN1InputStream(inStream);
inStream = new ByteArrayInputStream(((ASN1OctetString) derInputStream.readObject()).getOctets());
derInputStream = new ASN1InputStream(inStream);
Enumeration altNamesSequence = ((ASN1Sequence) derInputStream.readObject()).getObjects();
ASN1TaggedObject altNameObject;
boolean test = false;
Set testSet = new HashSet(subjectAltNamesByte);
List testList;
ASN1Object derData;
ByteArrayOutputStream outStream;
DEROutputStream derOutStream;
while (altNamesSequence.hasMoreElements() && !test) {
altNameObject = (ASN1TaggedObject) altNamesSequence.nextElement();
testList = new ArrayList(2);
testList.add(Integers.valueOf(altNameObject.getTagNo()));
derData = altNameObject.getObject();
outStream = new ByteArrayOutputStream();
derOutStream = new DEROutputStream(outStream);
derOutStream.writeObject(derData);
derOutStream.close();
testList.add(outStream.toByteArray());
if (testSet.remove(testList)) {
test = true;
}
if (matchAllSubjectAltNames && !testSet.isEmpty()) {
test = false;
}
}
if (!test) {
return false;
}
} catch (Exception ex) {
ex.printStackTrace();
return false;
}
}
return true;
}Example 2
| Project: irma_future_id-master File: X509CertSelector.java View source code |
/**
* Decides whether a <code>Certificate</code> should be selected.<br />
* <br />
* <b>TODO: implement missing tests (name constraints and path to names)</b><br />
* <br />
* Uses {@link org.bouncycastle.asn1.ASN1InputStream ASN1InputStream},
* {@link org.bouncycastle.asn1.ASN1Sequence ASN1Sequence},
* {@link org.bouncycastle.asn1.ASN1ObjectIdentifier ASN1ObjectIdentifier},
* {@link org.bouncycastle.asn1.ASN1Object ASN1Object},
* {@link org.bouncycastle.asn1.DERGeneralizedTime DERGeneralizedTime},
* {@link org.bouncycastle.asn1.x509.X509Name X509Name},
* {@link org.bouncycastle.asn1.x509.X509Extensions X509Extensions},
* {@link org.bouncycastle.asn1.x509.ExtendedKeyUsage ExtendedKeyUsage},
* {@link org.bouncycastle.asn1.x509.KeyPurposeId KeyPurposeId},
* {@link org.bouncycastle.asn1.x509.SubjectPublicKeyInfo SubjectPublicKeyInfo},
* {@link org.bouncycastle.asn1.x509.AlgorithmIdentifier AlgorithmIdentifier}
* to access X509 extensions
*
* @param cert
* the <code>Certificate</code> to be checked
*
* @return <code>true</code> if the <code>Certificate</code> should be
* selected, <code>false</code> otherwise
*/
public boolean match(Certificate cert) {
boolean[] booleanArray;
List tempList;
Iterator tempIter;
if (!(cert instanceof X509Certificate)) {
return false;
}
X509Certificate certX509 = (X509Certificate) cert;
if (x509Cert != null && !x509Cert.equals(certX509)) {
return false;
}
if (serialNumber != null && !serialNumber.equals(certX509.getSerialNumber())) {
return false;
}
try {
if (issuerDNX509 != null) {
if (!issuerDNX509.equals(PrincipalUtil.getIssuerX509Principal(certX509), true)) {
return false;
}
}
if (subjectDNX509 != null) {
if (!subjectDNX509.equals(PrincipalUtil.getSubjectX509Principal(certX509), true)) {
return false;
}
}
} catch (Exception ex) {
return false;
}
if (subjectKeyID != null) {
byte[] data = certX509.getExtensionValue(X509Extensions.SubjectKeyIdentifier.getId());
if (data == null) {
return false;
}
try {
ByteArrayInputStream inStream = new ByteArrayInputStream(data);
ASN1InputStream derInputStream = new ASN1InputStream(inStream);
byte[] testData = ((ASN1OctetString) derInputStream.readObject()).getOctets();
if (!Arrays.equals(subjectKeyID, testData)) {
return false;
}
} catch (IOException ex) {
return false;
}
}
if (authorityKeyID != null) {
byte[] data = certX509.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
if (data == null) {
return false;
}
try {
ByteArrayInputStream inStream = new ByteArrayInputStream(data);
ASN1InputStream derInputStream = new ASN1InputStream(inStream);
byte[] testData = ((ASN1OctetString) derInputStream.readObject()).getOctets();
if (!Arrays.equals(authorityKeyID, testData)) {
return false;
}
} catch (IOException ex) {
return false;
}
}
if (certValid != null) {
if (certX509.getNotAfter() != null && certValid.after(certX509.getNotAfter())) {
return false;
}
if (certX509.getNotBefore() != null && certValid.before(certX509.getNotBefore())) {
return false;
}
}
if (privateKeyValid != null) {
try {
byte[] data = certX509.getExtensionValue(X509Extensions.PrivateKeyUsagePeriod.getId());
if (data != null) {
ByteArrayInputStream inStream = new ByteArrayInputStream(data);
ASN1InputStream derInputStream = new ASN1InputStream(inStream);
inStream = new ByteArrayInputStream(((ASN1OctetString) derInputStream.readObject()).getOctets());
derInputStream = new ASN1InputStream(inStream);
// TODO fix this, Sequence contains tagged objects
ASN1Sequence derObject = (ASN1Sequence) derInputStream.readObject();
DERGeneralizedTime derDate = DERGeneralizedTime.getInstance(derObject.getObjectAt(0));
SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmssZ");
if (privateKeyValid.before(dateF.parse(derDate.getTime()))) {
return false;
}
derDate = DERGeneralizedTime.getInstance(derObject.getObjectAt(1));
if (privateKeyValid.after(dateF.parse(derDate.getTime()))) {
return false;
}
}
} catch (Exception ex) {
return false;
}
}
if (subjectKeyAlgID != null) {
try {
ByteArrayInputStream inStream = new ByteArrayInputStream(certX509.getPublicKey().getEncoded());
ASN1InputStream derInputStream = new ASN1InputStream(inStream);
SubjectPublicKeyInfo publicKeyInfo = new SubjectPublicKeyInfo((ASN1Sequence) derInputStream.readObject());
AlgorithmIdentifier algInfo = publicKeyInfo.getAlgorithmId();
if (!algInfo.getObjectId().equals(subjectKeyAlgID)) {
return false;
}
} catch (Exception ex) {
return false;
}
}
if (subjectPublicKeyByte != null) {
if (!Arrays.equals(subjectPublicKeyByte, certX509.getPublicKey().getEncoded())) {
return false;
}
}
if (subjectPublicKey != null) {
if (!subjectPublicKey.equals(certX509.getPublicKey())) {
return false;
}
}
if (keyUsage != null) {
booleanArray = certX509.getKeyUsage();
if (booleanArray != null) {
for (int i = 0; i < keyUsage.length; i++) {
if (keyUsage[i] && (booleanArray.length <= i || !booleanArray[i])) {
return false;
}
}
}
}
if (keyPurposeSet != null && !keyPurposeSet.isEmpty()) {
try {
byte[] data = certX509.getExtensionValue(X509Extensions.ExtendedKeyUsage.getId());
if (data != null) {
ByteArrayInputStream inStream = new ByteArrayInputStream(data);
ASN1InputStream derInputStream = new ASN1InputStream(inStream);
ExtendedKeyUsage extendedKeyUsage = ExtendedKeyUsage.getInstance(derInputStream.readObject());
tempIter = keyPurposeSet.iterator();
while (tempIter.hasNext()) {
if (!extendedKeyUsage.hasKeyPurposeId((KeyPurposeId) tempIter.next())) {
return false;
}
}
}
} catch (Exception ex) {
return false;
}
}
if (minMaxPathLen != -1) {
if (minMaxPathLen == -2 && certX509.getBasicConstraints() != -1) {
return false;
}
if (minMaxPathLen >= 0 && certX509.getBasicConstraints() < minMaxPathLen) {
return false;
}
}
if (policyOID != null) {
try {
byte[] data = certX509.getExtensionValue(X509Extensions.CertificatePolicies.getId());
if (data == null) {
return false;
}
if (!policyOID.isEmpty()) {
ByteArrayInputStream inStream = new ByteArrayInputStream(data);
ASN1InputStream derInputStream = new ASN1InputStream(inStream);
inStream = new ByteArrayInputStream(((ASN1OctetString) derInputStream.readObject()).getOctets());
derInputStream = new ASN1InputStream(inStream);
Enumeration policySequence = ((ASN1Sequence) derInputStream.readObject()).getObjects();
ASN1Sequence policyObject;
boolean test = false;
while (policySequence.hasMoreElements() && !test) {
policyObject = (ASN1Sequence) policySequence.nextElement();
if (policyOID.contains(policyObject.getObjectAt(0))) {
test = true;
}
}
if (!test) {
return false;
}
}
} catch (Exception ex) {
ex.printStackTrace();
return false;
}
}
if (subjectAltNamesByte != null) {
try {
byte[] data = certX509.getExtensionValue(X509Extensions.SubjectAlternativeName.getId());
if (data == null) {
return false;
}
ByteArrayInputStream inStream = new ByteArrayInputStream(data);
ASN1InputStream derInputStream = new ASN1InputStream(inStream);
inStream = new ByteArrayInputStream(((ASN1OctetString) derInputStream.readObject()).getOctets());
derInputStream = new ASN1InputStream(inStream);
Enumeration altNamesSequence = ((ASN1Sequence) derInputStream.readObject()).getObjects();
ASN1TaggedObject altNameObject;
boolean test = false;
Set testSet = new HashSet(subjectAltNamesByte);
List testList;
ASN1Object derData;
ByteArrayOutputStream outStream;
DEROutputStream derOutStream;
while (altNamesSequence.hasMoreElements() && !test) {
altNameObject = (ASN1TaggedObject) altNamesSequence.nextElement();
testList = new ArrayList(2);
testList.add(Integers.valueOf(altNameObject.getTagNo()));
derData = altNameObject.getObject();
outStream = new ByteArrayOutputStream();
derOutStream = new DEROutputStream(outStream);
derOutStream.writeObject(derData);
derOutStream.close();
testList.add(outStream.toByteArray());
if (testSet.remove(testList)) {
test = true;
}
if (matchAllSubjectAltNames && !testSet.isEmpty()) {
test = false;
}
}
if (!test) {
return false;
}
} catch (Exception ex) {
ex.printStackTrace();
return false;
}
}
return true;
}Example 3
| Project: TinyTravelTracker-master File: X509Extensions.java View source code |
public static X509Extensions getInstance(Object obj) {
if (obj == null || obj instanceof X509Extensions) {
return (X509Extensions) obj;
}
if (obj instanceof ASN1Sequence) {
return new X509Extensions((ASN1Sequence) obj);
}
if (obj instanceof Extensions) {
return new X509Extensions((ASN1Sequence) ((Extensions) obj).toASN1Primitive());
}
if (obj instanceof ASN1TaggedObject) {
return getInstance(((ASN1TaggedObject) obj).getObject());
}
throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
}Example 4
| Project: AcademicTorrents-Downloader-master File: JDKX509CertificateFactory.java View source code |
private Certificate readDERCertificate(InputStream in) throws IOException {
DERInputStream dIn = new DERInputStream(in);
ASN1Sequence seq = (ASN1Sequence) dIn.readObject();
if (seq.size() > 1 && seq.getObjectAt(0) instanceof DERObjectIdentifier) {
if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData)) {
sData = new SignedData(ASN1Sequence.getInstance((ASN1TaggedObject) seq.getObjectAt(1), true));
return new X509CertificateObject(X509CertificateStructure.getInstance(sData.getCertificates().getObjectAt(sDataObjectCount++)));
}
}
return new X509CertificateObject(X509CertificateStructure.getInstance(seq));
}Example 5
| Project: android-rcs-ims-stack-master File: X509Extensions.java View source code |
public static X509Extensions getInstance(Object obj) {
if (obj == null || obj instanceof X509Extensions) {
return (X509Extensions) obj;
}
if (obj instanceof ASN1Sequence) {
return new X509Extensions((ASN1Sequence) obj);
}
if (obj instanceof Extensions) {
return new X509Extensions((ASN1Sequence) ((Extensions) obj).toASN1Primitive());
}
if (obj instanceof ASN1TaggedObject) {
return getInstance(((ASN1TaggedObject) obj).getObject());
}
throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
}Example 6
| Project: android_libcore-master File: PKIXCertPathReviewer.java View source code |
private void checkNameConstraints() {
X509Certificate cert = null;
//
// Setup
//
// (b)
Set permittedSubtreesDN = new HashSet();
Set permittedSubtreesEmail = new HashSet();
Set permittedSubtreesIP = new HashSet();
// (c)
Set excludedSubtreesDN = new HashSet();
Set excludedSubtreesEmail = new HashSet();
Set excludedSubtreesIP = new HashSet();
//
// process each certificate except the last in the path
//
int index;
int i;
try {
for (index = certs.size() - 1; index > 0; index--) {
i = n - index;
//
// certificate processing
//
cert = (X509Certificate) certs.get(index);
if (!isSelfIssued(cert)) {
X500Principal principal = getSubjectPrincipal(cert);
ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(principal.getEncoded()));
ASN1Sequence dns;
try {
dns = (ASN1Sequence) aIn.readObject();
} catch (IOException e) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.ncSubjectNameError", new Object[] { new UntrustedInput(principal) });
throw new CertPathReviewerException(msg, e, certPath, index);
}
try {
checkPermittedDN(permittedSubtreesDN, dns);
} catch (CertPathValidatorException cpve) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.notPermittedDN", new Object[] { new UntrustedInput(principal.getName()) });
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
try {
checkExcludedDN(excludedSubtreesDN, dns);
} catch (CertPathValidatorException cpve) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.excludedDN", new Object[] { new UntrustedInput(principal.getName()) });
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
ASN1Sequence altName;
try {
altName = (ASN1Sequence) getExtensionValue(cert, SUBJECT_ALTERNATIVE_NAME);
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.subjAltNameExtError");
throw new CertPathReviewerException(msg, ae, certPath, index);
}
if (altName != null) {
for (int j = 0; j < altName.size(); j++) {
ASN1TaggedObject o = (ASN1TaggedObject) altName.getObjectAt(j);
switch(o.getTagNo()) {
case 1:
String email = DERIA5String.getInstance(o, true).getString();
try {
checkPermittedEmail(permittedSubtreesEmail, email);
} catch (CertPathValidatorException cpve) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.notPermittedEmail", new Object[] { new UntrustedInput(email) });
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
try {
checkExcludedEmail(excludedSubtreesEmail, email);
} catch (CertPathValidatorException cpve) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.excludedEmail", new Object[] { new UntrustedInput(email) });
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
break;
case 4:
ASN1Sequence altDN = ASN1Sequence.getInstance(o, true);
try {
checkPermittedDN(permittedSubtreesDN, altDN);
} catch (CertPathValidatorException cpve) {
X509Name altDNName = new X509Name(altDN);
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.notPermittedDN", new Object[] { new UntrustedInput(altDNName) });
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
try {
checkExcludedDN(excludedSubtreesDN, altDN);
} catch (CertPathValidatorException cpve) {
X509Name altDNName = new X509Name(altDN);
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.excludedDN", new Object[] { new UntrustedInput(altDNName) });
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
break;
case 7:
byte[] ip = ASN1OctetString.getInstance(o, true).getOctets();
try {
checkPermittedIP(permittedSubtreesIP, ip);
} catch (CertPathValidatorException cpve) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.notPermittedIP", new Object[] { IPtoString(ip) });
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
try {
checkExcludedIP(excludedSubtreesIP, ip);
} catch (CertPathValidatorException cpve) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.excludedIP", new Object[] { IPtoString(ip) });
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
}
}
}
}
//
// prepare for next certificate
//
//
// (g) handle the name constraints extension
//
ASN1Sequence ncSeq;
try {
ncSeq = (ASN1Sequence) getExtensionValue(cert, NAME_CONSTRAINTS);
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.ncExtError");
throw new CertPathReviewerException(msg, ae, certPath, index);
}
if (ncSeq != null) {
NameConstraints nc = new NameConstraints(ncSeq);
//
// (g) (1) permitted subtrees
//
ASN1Sequence permitted = nc.getPermittedSubtrees();
if (permitted != null) {
Enumeration e = permitted.getObjects();
while (e.hasMoreElements()) {
GeneralSubtree subtree = GeneralSubtree.getInstance(e.nextElement());
GeneralName base = subtree.getBase();
switch(base.getTagNo()) {
case 1:
permittedSubtreesEmail = intersectEmail(permittedSubtreesEmail, DERIA5String.getInstance(base.getName()).getString());
break;
case 4:
permittedSubtreesDN = intersectDN(permittedSubtreesDN, (ASN1Sequence) base.getName());
break;
case 7:
permittedSubtreesIP = intersectIP(permittedSubtreesIP, ASN1OctetString.getInstance(base.getName()).getOctets());
break;
}
}
}
//
// (g) (2) excluded subtrees
//
ASN1Sequence excluded = nc.getExcludedSubtrees();
if (excluded != null) {
Enumeration e = excluded.getObjects();
while (e.hasMoreElements()) {
GeneralSubtree subtree = GeneralSubtree.getInstance(e.nextElement());
GeneralName base = subtree.getBase();
switch(base.getTagNo()) {
case 1:
excludedSubtreesEmail = unionEmail(excludedSubtreesEmail, DERIA5String.getInstance(base.getName()).getString());
break;
case 4:
excludedSubtreesDN = unionDN(excludedSubtreesDN, (ASN1Sequence) base.getName());
break;
case 7:
excludedSubtreesIP = unionIP(excludedSubtreesIP, ASN1OctetString.getInstance(base.getName()).getOctets());
break;
}
}
}
}
}
// for
} catch (CertPathReviewerException cpre) {
addError(cpre.getErrorMessage(), cpre.getIndex());
}
}Example 7
| Project: atlas-lb-master File: PKIXCertPathReviewer.java View source code |
private void checkPolicy() {
//
// 6.1.1 Inputs
//
// c) Initial Policy Set
Set userInitialPolicySet = pkixParams.getInitialPolicies();
// e) f) g) are part of pkixParams
//
// 6.1.2 Initialization
//
// a) valid policy tree
List[] policyNodes = new ArrayList[n + 1];
for (int j = 0; j < policyNodes.length; j++) {
policyNodes[j] = new ArrayList();
}
Set policySet = new HashSet();
policySet.add(ANY_POLICY);
PKIXPolicyNode validPolicyTree = new PKIXPolicyNode(new ArrayList(), 0, policySet, null, new HashSet(), ANY_POLICY, false);
policyNodes[0].add(validPolicyTree);
// d) explicit policy
int explicitPolicy;
if (pkixParams.isExplicitPolicyRequired()) {
explicitPolicy = 0;
} else {
explicitPolicy = n + 1;
}
// e) inhibit any policy
int inhibitAnyPolicy;
if (pkixParams.isAnyPolicyInhibited()) {
inhibitAnyPolicy = 0;
} else {
inhibitAnyPolicy = n + 1;
}
// f) policy mapping
int policyMapping;
if (pkixParams.isPolicyMappingInhibited()) {
policyMapping = 0;
} else {
policyMapping = n + 1;
}
Set acceptablePolicies = null;
//
// 6.1.3 Basic Certificate processing
//
X509Certificate cert = null;
int index;
int i;
try {
for (index = certs.size() - 1; index >= 0; index--) {
// i as defined in the algorithm description
i = n - index;
// set certificate to be checked in this round
cert = (X509Certificate) certs.get(index);
// d) process policy information
ASN1Sequence certPolicies;
try {
certPolicies = (ASN1Sequence) getExtensionValue(cert, CERTIFICATE_POLICIES);
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyExtError");
throw new CertPathReviewerException(msg, ae, certPath, index);
}
if (certPolicies != null && validPolicyTree != null) {
// d) 1)
Enumeration e = certPolicies.getObjects();
Set pols = new HashSet();
while (e.hasMoreElements()) {
PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement());
DERObjectIdentifier pOid = pInfo.getPolicyIdentifier();
pols.add(pOid.getId());
if (!ANY_POLICY.equals(pOid.getId())) {
Set pq;
try {
pq = getQualifierSet(pInfo.getPolicyQualifiers());
} catch (CertPathValidatorException cpve) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyQualifierError");
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
boolean match = processCertD1i(i, policyNodes, pOid, pq);
if (!match) {
processCertD1ii(i, policyNodes, pOid, pq);
}
}
}
if (acceptablePolicies == null || acceptablePolicies.contains(ANY_POLICY)) {
acceptablePolicies = pols;
} else {
Iterator it = acceptablePolicies.iterator();
Set t1 = new HashSet();
while (it.hasNext()) {
Object o = it.next();
if (pols.contains(o)) {
t1.add(o);
}
}
acceptablePolicies = t1;
}
if ((inhibitAnyPolicy > 0) || ((i < n) && isSelfIssued(cert))) {
e = certPolicies.getObjects();
while (e.hasMoreElements()) {
PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement());
if (ANY_POLICY.equals(pInfo.getPolicyIdentifier().getId())) {
Set _apq;
try {
_apq = getQualifierSet(pInfo.getPolicyQualifiers());
} catch (CertPathValidatorException cpve) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyQualifierError");
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
List _nodes = policyNodes[i - 1];
for (int k = 0; k < _nodes.size(); k++) {
PKIXPolicyNode _node = (PKIXPolicyNode) _nodes.get(k);
Iterator _policySetIter = _node.getExpectedPolicies().iterator();
while (_policySetIter.hasNext()) {
Object _tmp = _policySetIter.next();
String _policy;
if (_tmp instanceof String) {
_policy = (String) _tmp;
} else if (_tmp instanceof DERObjectIdentifier) {
_policy = ((DERObjectIdentifier) _tmp).getId();
} else {
continue;
}
boolean _found = false;
Iterator _childrenIter = _node.getChildren();
while (_childrenIter.hasNext()) {
PKIXPolicyNode _child = (PKIXPolicyNode) _childrenIter.next();
if (_policy.equals(_child.getValidPolicy())) {
_found = true;
}
}
if (!_found) {
Set _newChildExpectedPolicies = new HashSet();
_newChildExpectedPolicies.add(_policy);
PKIXPolicyNode _newChild = new PKIXPolicyNode(new ArrayList(), i, _newChildExpectedPolicies, _node, _apq, _policy, false);
_node.addChild(_newChild);
policyNodes[i].add(_newChild);
}
}
}
break;
}
}
}
//
for (int j = (i - 1); j >= 0; j--) {
List nodes = policyNodes[j];
for (int k = 0; k < nodes.size(); k++) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(k);
if (!node.hasChildren()) {
validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node);
if (validPolicyTree == null) {
break;
}
}
}
}
//
// d (4)
//
Set criticalExtensionOids = cert.getCriticalExtensionOIDs();
if (criticalExtensionOids != null) {
boolean critical = criticalExtensionOids.contains(CERTIFICATE_POLICIES);
List nodes = policyNodes[i];
for (int j = 0; j < nodes.size(); j++) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(j);
node.setCritical(critical);
}
}
}
if (certPolicies == null) {
validPolicyTree = null;
}
if (explicitPolicy <= 0 && validPolicyTree == null) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.noValidPolicyTree");
throw new CertPathReviewerException(msg);
}
if (i != n) {
// a)
DERObject pm;
try {
pm = getExtensionValue(cert, POLICY_MAPPINGS);
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyMapExtError");
throw new CertPathReviewerException(msg, ae, certPath, index);
}
if (pm != null) {
ASN1Sequence mappings = (ASN1Sequence) pm;
for (int j = 0; j < mappings.size(); j++) {
ASN1Sequence mapping = (ASN1Sequence) mappings.getObjectAt(j);
DERObjectIdentifier ip_id = (DERObjectIdentifier) mapping.getObjectAt(0);
DERObjectIdentifier sp_id = (DERObjectIdentifier) mapping.getObjectAt(1);
if (ANY_POLICY.equals(ip_id.getId())) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.invalidPolicyMapping");
throw new CertPathReviewerException(msg, certPath, index);
}
if (ANY_POLICY.equals(sp_id.getId())) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.invalidPolicyMapping");
throw new CertPathReviewerException(msg, certPath, index);
}
}
}
if (pm != null) {
ASN1Sequence mappings = (ASN1Sequence) pm;
Map m_idp = new HashMap();
Set s_idp = new HashSet();
for (int j = 0; j < mappings.size(); j++) {
ASN1Sequence mapping = (ASN1Sequence) mappings.getObjectAt(j);
String id_p = ((DERObjectIdentifier) mapping.getObjectAt(0)).getId();
String sd_p = ((DERObjectIdentifier) mapping.getObjectAt(1)).getId();
Set tmp;
if (!m_idp.containsKey(id_p)) {
tmp = new HashSet();
tmp.add(sd_p);
m_idp.put(id_p, tmp);
s_idp.add(id_p);
} else {
tmp = (Set) m_idp.get(id_p);
tmp.add(sd_p);
}
}
Iterator it_idp = s_idp.iterator();
while (it_idp.hasNext()) {
String id_p = (String) it_idp.next();
//
if (policyMapping > 0) {
try {
prepareNextCertB1(i, policyNodes, id_p, m_idp, cert);
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyExtError");
throw new CertPathReviewerException(msg, ae, certPath, index);
} catch (CertPathValidatorException cpve) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyQualifierError");
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
//
// (2)
//
} else if (policyMapping <= 0) {
validPolicyTree = prepareNextCertB2(i, policyNodes, id_p, validPolicyTree);
}
}
}
if (!isSelfIssued(cert)) {
// (1)
if (explicitPolicy != 0) {
explicitPolicy--;
}
// (2)
if (policyMapping != 0) {
policyMapping--;
}
// (3)
if (inhibitAnyPolicy != 0) {
inhibitAnyPolicy--;
}
}
try {
ASN1Sequence pc = (ASN1Sequence) getExtensionValue(cert, POLICY_CONSTRAINTS);
if (pc != null) {
Enumeration policyConstraints = pc.getObjects();
while (policyConstraints.hasMoreElements()) {
ASN1TaggedObject constraint = (ASN1TaggedObject) policyConstraints.nextElement();
int tmpInt;
switch(constraint.getTagNo()) {
case 0:
tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
if (tmpInt < explicitPolicy) {
explicitPolicy = tmpInt;
}
break;
case 1:
tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
if (tmpInt < policyMapping) {
policyMapping = tmpInt;
}
break;
}
}
}
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyConstExtError");
throw new CertPathReviewerException(msg, certPath, index);
}
try {
DERInteger iap = (DERInteger) getExtensionValue(cert, INHIBIT_ANY_POLICY);
if (iap != null) {
int _inhibitAnyPolicy = iap.getValue().intValue();
if (_inhibitAnyPolicy < inhibitAnyPolicy) {
inhibitAnyPolicy = _inhibitAnyPolicy;
}
}
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyInhibitExtError");
throw new CertPathReviewerException(msg, certPath, index);
}
}
}
if (!isSelfIssued(cert) && explicitPolicy > 0) {
explicitPolicy--;
}
try {
ASN1Sequence pc = (ASN1Sequence) getExtensionValue(cert, POLICY_CONSTRAINTS);
if (pc != null) {
Enumeration policyConstraints = pc.getObjects();
while (policyConstraints.hasMoreElements()) {
ASN1TaggedObject constraint = (ASN1TaggedObject) policyConstraints.nextElement();
switch(constraint.getTagNo()) {
case 0:
int tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
if (tmpInt == 0) {
explicitPolicy = 0;
}
break;
}
}
}
} catch (AnnotatedException e) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyConstExtError");
throw new CertPathReviewerException(msg, certPath, index);
}
//
// (g)
//
PKIXPolicyNode intersection;
//
if (validPolicyTree == null) {
if (pkixParams.isExplicitPolicyRequired()) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.explicitPolicy");
throw new CertPathReviewerException(msg, certPath, index);
}
intersection = null;
} else if (// (g) (ii)
isAnyPolicy(userInitialPolicySet)) {
if (pkixParams.isExplicitPolicyRequired()) {
if (acceptablePolicies.isEmpty()) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.explicitPolicy");
throw new CertPathReviewerException(msg, certPath, index);
} else {
Set _validPolicyNodeSet = new HashSet();
for (int j = 0; j < policyNodes.length; j++) {
List _nodeDepth = policyNodes[j];
for (int k = 0; k < _nodeDepth.size(); k++) {
PKIXPolicyNode _node = (PKIXPolicyNode) _nodeDepth.get(k);
if (ANY_POLICY.equals(_node.getValidPolicy())) {
Iterator _iter = _node.getChildren();
while (_iter.hasNext()) {
_validPolicyNodeSet.add(_iter.next());
}
}
}
}
Iterator _vpnsIter = _validPolicyNodeSet.iterator();
while (_vpnsIter.hasNext()) {
PKIXPolicyNode _node = (PKIXPolicyNode) _vpnsIter.next();
String _validPolicy = _node.getValidPolicy();
if (!acceptablePolicies.contains(_validPolicy)) {
//validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, _node);
}
}
if (validPolicyTree != null) {
for (int j = (n - 1); j >= 0; j--) {
List nodes = policyNodes[j];
for (int k = 0; k < nodes.size(); k++) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(k);
if (!node.hasChildren()) {
validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node);
}
}
}
}
}
}
intersection = validPolicyTree;
} else {
//
// (g) (iii)
//
// This implementation is not exactly same as the one described in RFC3280.
// However, as far as the validation result is concerned, both produce
// adequate result. The only difference is whether AnyPolicy is remain
// in the policy tree or not.
//
// (g) (iii) 1
//
Set _validPolicyNodeSet = new HashSet();
for (int j = 0; j < policyNodes.length; j++) {
List _nodeDepth = policyNodes[j];
for (int k = 0; k < _nodeDepth.size(); k++) {
PKIXPolicyNode _node = (PKIXPolicyNode) _nodeDepth.get(k);
if (ANY_POLICY.equals(_node.getValidPolicy())) {
Iterator _iter = _node.getChildren();
while (_iter.hasNext()) {
PKIXPolicyNode _c_node = (PKIXPolicyNode) _iter.next();
if (!ANY_POLICY.equals(_c_node.getValidPolicy())) {
_validPolicyNodeSet.add(_c_node);
}
}
}
}
}
//
// (g) (iii) 2
//
Iterator _vpnsIter = _validPolicyNodeSet.iterator();
while (_vpnsIter.hasNext()) {
PKIXPolicyNode _node = (PKIXPolicyNode) _vpnsIter.next();
String _validPolicy = _node.getValidPolicy();
if (!userInitialPolicySet.contains(_validPolicy)) {
validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, _node);
}
}
//
if (validPolicyTree != null) {
for (int j = (n - 1); j >= 0; j--) {
List nodes = policyNodes[j];
for (int k = 0; k < nodes.size(); k++) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(k);
if (!node.hasChildren()) {
validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node);
}
}
}
}
intersection = validPolicyTree;
}
if ((explicitPolicy <= 0) && (intersection == null)) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.invalidPolicy");
throw new CertPathReviewerException(msg);
}
validPolicyTree = intersection;
} catch (CertPathReviewerException cpre) {
addError(cpre.getErrorMessage(), cpre.getIndex());
validPolicyTree = null;
}
}Example 8
| Project: BitMate-master File: JDKX509CertificateFactory.java View source code |
private Certificate readDERCertificate(InputStream in) throws IOException {
DERInputStream dIn = new DERInputStream(in);
ASN1Sequence seq = (ASN1Sequence) dIn.readObject();
if (seq.size() > 1 && seq.getObjectAt(0) instanceof DERObjectIdentifier) {
if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData)) {
sData = new SignedData(ASN1Sequence.getInstance((ASN1TaggedObject) seq.getObjectAt(1), true));
return new X509CertificateObject(X509CertificateStructure.getInstance(sData.getCertificates().getObjectAt(sDataObjectCount++)));
}
}
return new X509CertificateObject(X509CertificateStructure.getInstance(seq));
}Example 9
| Project: dc---master File: X500NameTest.java View source code |
public void performTest() throws Exception {
testEncodingPrintableString(BCStyle.C, "AU");
testEncodingPrintableString(BCStyle.SERIALNUMBER, "123456");
testEncodingPrintableString(BCStyle.DN_QUALIFIER, "123456");
testEncodingIA5String(BCStyle.EmailAddress, "test@test.com");
testEncodingIA5String(BCStyle.DC, "test");
// correct encoding
testEncodingGeneralizedTime(BCStyle.DATE_OF_BIRTH, "#180F32303032303132323132323232305A");
// compatability encoding
testEncodingGeneralizedTime(BCStyle.DATE_OF_BIRTH, "20020122122220Z");
//
// composite
//
X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
builder.addRDN(BCStyle.C, "AU");
builder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
builder.addRDN(BCStyle.L, "Melbourne");
builder.addRDN(BCStyle.ST, "Victoria");
builder.addRDN(BCStyle.E, "feedback-crypto@bouncycastle.org");
X500Name name1 = builder.build();
if (!name1.equals(name1)) {
fail("Failed same object test");
}
// if (!name1.equals(name1, true))
// {
// fail("Failed same object test - in Order");
// }
builder = new X500NameBuilder(BCStyle.INSTANCE);
builder.addRDN(BCStyle.C, "AU");
builder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
builder.addRDN(BCStyle.L, "Melbourne");
builder.addRDN(BCStyle.ST, "Victoria");
builder.addRDN(BCStyle.E, "feedback-crypto@bouncycastle.org");
X500Name name2 = builder.build();
if (!name1.equals(name2)) {
fail("Failed same name test");
}
if (name1.hashCode() != name2.hashCode()) {
fail("Failed same name test - in Order");
}
X500NameBuilder builder1 = new X500NameBuilder(BCStyle.INSTANCE);
builder.addRDN(BCStyle.C, "AU");
builder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
builder.addRDN(BCStyle.L, "Melbourne");
builder.addRDN(BCStyle.ST, "Victoria");
builder.addRDN(BCStyle.E, "feedback-crypto@bouncycastle.org");
X500NameBuilder builder2 = new X500NameBuilder(BCStyle.INSTANCE);
builder.addRDN(BCStyle.E, "feedback-crypto@bouncycastle.org");
builder.addRDN(BCStyle.C, "AU");
builder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
builder.addRDN(BCStyle.L, "Melbourne");
builder.addRDN(BCStyle.ST, "Victoria");
name1 = builder1.build();
name2 = builder2.build();
if (!name1.equals(name2)) {
fail("Failed reverse name test");
}
if (name1.hashCode() != name2.hashCode()) {
fail("Failed reverse name test hashCode");
}
// if (name1.equals(name2, true))
// {
// fail("Failed reverse name test - in Order");
// }
//
// if (!name1.equals(name2, false))
// {
// fail("Failed reverse name test - in Order false");
// }
// Vector oids = name1.getOIDs();
// if (!compareVectors(oids, ord1))
// {
// fail("oid comparison test");
// }
/*
Vector val1 = new Vector();
val1.addElement("AU");
val1.addElement("The Legion of the Bouncy Castle");
val1.addElement("Melbourne");
val1.addElement("Victoria");
val1.addElement("feedback-crypto@bouncycastle.org");
name1 = new X500Name(ord1, val1);
Vector values = name1.getValues();
if (!compareVectors(values, val1))
{
fail("value comparison test");
}
ord2 = new Vector();
ord2.addElement(X500Name.ST);
ord2.addElement(X500Name.ST);
ord2.addElement(X500Name.L);
ord2.addElement(X500Name.O);
ord2.addElement(X500Name.C);
name1 = new X500Name(ord1, attrs);
name2 = new X500Name(ord2, attrs);
if (name1.equals(name2))
{
fail("Failed different name test");
}
ord2 = new Vector();
ord2.addElement(X500Name.ST);
ord2.addElement(X500Name.L);
ord2.addElement(X500Name.O);
ord2.addElement(X500Name.C);
name1 = new X500Name(ord1, attrs);
name2 = new X500Name(ord2, attrs);
if (name1.equals(name2))
{
fail("Failed subset name test");
}
compositeTest();
*/
ByteArrayOutputStream bOut;
ASN1OutputStream aOut;
ASN1InputStream aIn;
//
for (int i = 0; i != subjects.length; i++) {
X500Name name = new X500Name(subjects[i]);
bOut = new ByteArrayOutputStream();
aOut = new ASN1OutputStream(bOut);
aOut.writeObject(name);
aIn = new ASN1InputStream(new ByteArrayInputStream(bOut.toByteArray()));
name = X500Name.getInstance(aIn.readObject());
if (!name.toString().equals(subjects[i])) {
fail("failed regeneration test " + i);
}
}
//
// sort test
//
X500Name unsorted = new X500Name("SERIALNUMBER=BBB + CN=AA");
if (!fromBytes(unsorted.getEncoded()).toString().equals("CN=AA+SERIALNUMBER=BBB")) {
fail("failed sort test 1");
}
unsorted = new X500Name("CN=AA + SERIALNUMBER=BBB");
if (!fromBytes(unsorted.getEncoded()).toString().equals("CN=AA+SERIALNUMBER=BBB")) {
fail("failed sort test 2");
}
unsorted = new X500Name("SERIALNUMBER=B + CN=AA");
if (!fromBytes(unsorted.getEncoded()).toString().equals("SERIALNUMBER=B+CN=AA")) {
fail("failed sort test 3");
}
unsorted = new X500Name("CN=AA + SERIALNUMBER=B");
if (!fromBytes(unsorted.getEncoded()).toString().equals("SERIALNUMBER=B+CN=AA")) {
fail("failed sort test 4");
}
//
// equality tests
//
equalityTest(new X500Name("CN=The Legion"), new X500Name("CN=The Legion"));
equalityTest(new X500Name("CN= The Legion"), new X500Name("CN=The Legion"));
equalityTest(new X500Name("CN=The Legion "), new X500Name("CN=The Legion"));
equalityTest(new X500Name("CN= The Legion "), new X500Name("CN=The Legion"));
equalityTest(new X500Name("CN= the legion "), new X500Name("CN=The Legion"));
equalityTest(new X500Name("CN= the legion+C=AU, O=Legion "), new X500Name("CN=The Legion+C=AU, O=Legion"));
// # test
X500Name n1 = new X500Name("SERIALNUMBER=8,O=ABC,CN=ABC Class 3 CA,C=LT");
X500Name n2 = new X500Name("2.5.4.5=8,O=ABC,CN=ABC Class 3 CA,C=LT");
X500Name n3 = new X500Name("2.5.4.5=#130138,O=ABC,CN=ABC Class 3 CA,C=LT");
equalityTest(n1, n2);
equalityTest(n2, n3);
equalityTest(n3, n1);
n1 = new X500Name("2.5.4.5=#130138,CN=SSC Class 3 CA,O=UAB Skaitmeninio sertifikavimo centras,C=LT");
n2 = new X500Name("SERIALNUMBER=#130138,CN=SSC Class 3 CA,O=UAB Skaitmeninio sertifikavimo centras,C=LT");
n3 = X500Name.getInstance(ASN1Object.fromByteArray(Hex.decode("3063310b3009060355040613024c54312f302d060355040a1326" + "55414220536b6169746d656e696e696f20736572746966696b6176696d6f2063656e74726173311730150603550403130e53534320436c6173732033204341310a30080603550405130138")));
equalityTest(n1, n2);
equalityTest(n2, n3);
equalityTest(n3, n1);
n1 = new X500Name("SERIALNUMBER=8,O=XX,CN=ABC Class 3 CA,C=LT");
n2 = new X500Name("2.5.4.5=8,O=,CN=ABC Class 3 CA,C=LT");
// if (n1.equals(n2))
// {
// fail("empty inequality check failed");
// }
n1 = new X500Name("SERIALNUMBER=8,O=,CN=ABC Class 3 CA,C=LT");
n2 = new X500Name("2.5.4.5=8,O=,CN=ABC Class 3 CA,C=LT");
equalityTest(n1, n2);
//
// inequality to sequences
//
name1 = new X500Name("CN=The Legion");
if (name1.equals(new DERSequence())) {
fail("inequality test with sequence");
}
if (name1.equals(new DERSequence(new DERSet()))) {
fail("inequality test with sequence and set");
}
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new ASN1ObjectIdentifier("1.1"));
v.add(new ASN1ObjectIdentifier("1.1"));
if (name1.equals(new DERSequence(new DERSet(new DERSet(v))))) {
fail("inequality test with sequence and bad set");
}
if (name1.equals(new DERSequence(new DERSet(new DERSet(v))))) {
fail("inequality test with sequence and bad set");
}
if (name1.equals(new DERSequence(new DERSet(new DERSequence())))) {
fail("inequality test with sequence and short sequence");
}
if (name1.equals(new DERSequence(new DERSet(new DERSequence())))) {
fail("inequality test with sequence and short sequence");
}
v = new ASN1EncodableVector();
v.add(new ASN1ObjectIdentifier("1.1"));
v.add(new DERSequence());
if (name1.equals(new DERSequence(new DERSet(new DERSequence(v))))) {
fail("inequality test with sequence and bad sequence");
}
if (name1.equals(null)) {
fail("inequality test with null");
}
// if (name1.equals(null, true))
// {
// fail("inequality test with null");
// }
//
// this is contrived but it checks sorting of sets with equal elements
//
unsorted = new X500Name("CN=AA + CN=AA + CN=AA");
//
// tagging test - only works if CHOICE implemented
//
ASN1TaggedObject tag = new DERTaggedObject(false, 1, new X500Name("CN=AA"));
if (!tag.isExplicit()) {
fail("failed to explicitly tag CHOICE object");
}
X500Name name = X500Name.getInstance(tag, false);
if (!name.equals(new X500Name("CN=AA"))) {
fail("failed to recover tagged name");
}
DERUTF8String testString = new DERUTF8String("The Legion of the Bouncy Castle");
byte[] encodedBytes = testString.getEncoded();
byte[] hexEncodedBytes = Hex.encode(encodedBytes);
String hexEncodedString = "#" + new String(hexEncodedBytes);
DERUTF8String converted = (DERUTF8String) new X509DefaultEntryConverter().getConvertedValue(BCStyle.L, hexEncodedString);
if (!converted.equals(testString)) {
fail("failed X509DefaultEntryConverter test");
}
//
// try escaped.
//
converted = (DERUTF8String) new X509DefaultEntryConverter().getConvertedValue(BCStyle.L, "\\" + hexEncodedString);
if (!converted.equals(new DERUTF8String(hexEncodedString))) {
fail("failed X509DefaultEntryConverter test got " + converted + " expected: " + hexEncodedString);
}
//
// try a weird value
//
X500Name n = new X500Name("CN=\\#nothex#string");
if (!n.toString().equals("CN=\\#nothex#string")) {
fail("# string not properly escaped.");
}
RDN[] vls = n.getRDNs(BCStyle.CN);
if (vls.length != 1 || !getValue(vls[0]).equals("#nothex#string")) {
fail("escaped # not reduced properly");
}
n = new X500Name("CN=\"a+b\"");
vls = n.getRDNs(BCStyle.CN);
if (vls.length != 1 || !getValue(vls[0]).equals("a+b")) {
fail("escaped + not reduced properly");
}
n = new X500Name("CN=a\\+b");
vls = n.getRDNs(BCStyle.CN);
if (vls.length != 1 || !getValue(vls[0]).equals("a+b")) {
fail("escaped + not reduced properly");
}
if (!n.toString().equals("CN=a\\+b")) {
fail("+ in string not properly escaped.");
}
n = new X500Name("CN=a\\=b");
vls = n.getRDNs(BCStyle.CN);
if (vls.length != 1 || !getValue(vls[0]).equals("a=b")) {
fail("escaped = not reduced properly");
}
if (!n.toString().equals("CN=a\\=b")) {
fail("= in string not properly escaped.");
}
n = new X500Name("TELEPHONENUMBER=\"+61999999999\"");
vls = n.getRDNs(BCStyle.TELEPHONE_NUMBER);
if (vls.length != 1 || !getValue(vls[0]).equals("+61999999999")) {
fail("telephonenumber escaped + not reduced properly");
}
n = new X500Name("TELEPHONENUMBER=\\+61999999999");
vls = n.getRDNs(BCStyle.TELEPHONE_NUMBER);
if (vls.length != 1 || !getValue(vls[0]).equals("+61999999999")) {
fail("telephonenumber escaped + not reduced properly");
}
}Example 10
| Project: OneSwarm-master File: JDKX509CertificateFactory.java View source code |
private Certificate readDERCertificate(InputStream in) throws IOException {
DERInputStream dIn = new DERInputStream(in);
ASN1Sequence seq = (ASN1Sequence) dIn.readObject();
if (seq.size() > 1 && seq.getObjectAt(0) instanceof DERObjectIdentifier) {
if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData)) {
sData = new SignedData(ASN1Sequence.getInstance((ASN1TaggedObject) seq.getObjectAt(1), true));
return new X509CertificateObject(X509CertificateStructure.getInstance(sData.getCertificates().getObjectAt(sDataObjectCount++)));
}
}
return new X509CertificateObject(X509CertificateStructure.getInstance(seq));
}Example 11
| Project: open-mika-master File: PKIXCertPathReviewer.java View source code |
private void checkNameConstraints() {
X509Certificate cert = null;
//
// Setup
//
// (b)
Set permittedSubtreesDN = new HashSet();
Set permittedSubtreesEmail = new HashSet();
Set permittedSubtreesIP = new HashSet();
// (c)
Set excludedSubtreesDN = new HashSet();
Set excludedSubtreesEmail = new HashSet();
Set excludedSubtreesIP = new HashSet();
//
// process each certificate except the last in the path
//
int index;
int i;
try {
for (index = certs.size() - 1; index > 0; index--) {
i = n - index;
//
// certificate processing
//
cert = (X509Certificate) certs.get(index);
if (!isSelfIssued(cert)) {
X500Principal principal = getSubjectPrincipal(cert);
ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(principal.getEncoded()));
ASN1Sequence dns;
try {
dns = (ASN1Sequence) aIn.readObject();
} catch (IOException e) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.ncSubjectNameError", new Object[] { new UntrustedInput(principal) });
throw new CertPathReviewerException(msg, e, certPath, index);
}
try {
checkPermittedDN(permittedSubtreesDN, dns);
} catch (CertPathValidatorException cpve) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.notPermittedDN", new Object[] { new UntrustedInput(principal.getName()) });
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
try {
checkExcludedDN(excludedSubtreesDN, dns);
} catch (CertPathValidatorException cpve) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.excludedDN", new Object[] { new UntrustedInput(principal.getName()) });
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
ASN1Sequence altName;
try {
altName = (ASN1Sequence) getExtensionValue(cert, SUBJECT_ALTERNATIVE_NAME);
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.subjAltNameExtError");
throw new CertPathReviewerException(msg, ae, certPath, index);
}
if (altName != null) {
for (int j = 0; j < altName.size(); j++) {
ASN1TaggedObject o = (ASN1TaggedObject) altName.getObjectAt(j);
switch(o.getTagNo()) {
case 1:
String email = DERIA5String.getInstance(o, true).getString();
try {
checkPermittedEmail(permittedSubtreesEmail, email);
} catch (CertPathValidatorException cpve) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.notPermittedEmail", new Object[] { new UntrustedInput(email) });
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
try {
checkExcludedEmail(excludedSubtreesEmail, email);
} catch (CertPathValidatorException cpve) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.excludedEmail", new Object[] { new UntrustedInput(email) });
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
break;
case 4:
ASN1Sequence altDN = ASN1Sequence.getInstance(o, true);
try {
checkPermittedDN(permittedSubtreesDN, altDN);
} catch (CertPathValidatorException cpve) {
X509Name altDNName = new X509Name(altDN);
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.notPermittedDN", new Object[] { new UntrustedInput(altDNName) });
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
try {
checkExcludedDN(excludedSubtreesDN, altDN);
} catch (CertPathValidatorException cpve) {
X509Name altDNName = new X509Name(altDN);
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.excludedDN", new Object[] { new UntrustedInput(altDNName) });
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
break;
case 7:
byte[] ip = ASN1OctetString.getInstance(o, true).getOctets();
try {
checkPermittedIP(permittedSubtreesIP, ip);
} catch (CertPathValidatorException cpve) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.notPermittedIP", new Object[] { IPtoString(ip) });
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
try {
checkExcludedIP(excludedSubtreesIP, ip);
} catch (CertPathValidatorException cpve) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.excludedIP", new Object[] { IPtoString(ip) });
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
}
}
}
}
//
// prepare for next certificate
//
//
// (g) handle the name constraints extension
//
ASN1Sequence ncSeq;
try {
ncSeq = (ASN1Sequence) getExtensionValue(cert, NAME_CONSTRAINTS);
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.ncExtError");
throw new CertPathReviewerException(msg, ae, certPath, index);
}
if (ncSeq != null) {
NameConstraints nc = new NameConstraints(ncSeq);
//
// (g) (1) permitted subtrees
//
ASN1Sequence permitted = nc.getPermittedSubtrees();
if (permitted != null) {
Enumeration e = permitted.getObjects();
while (e.hasMoreElements()) {
GeneralSubtree subtree = GeneralSubtree.getInstance(e.nextElement());
GeneralName base = subtree.getBase();
switch(base.getTagNo()) {
case 1:
permittedSubtreesEmail = intersectEmail(permittedSubtreesEmail, DERIA5String.getInstance(base.getName()).getString());
break;
case 4:
permittedSubtreesDN = intersectDN(permittedSubtreesDN, (ASN1Sequence) base.getName());
break;
case 7:
permittedSubtreesIP = intersectIP(permittedSubtreesIP, ASN1OctetString.getInstance(base.getName()).getOctets());
break;
}
}
}
//
// (g) (2) excluded subtrees
//
ASN1Sequence excluded = nc.getExcludedSubtrees();
if (excluded != null) {
Enumeration e = excluded.getObjects();
while (e.hasMoreElements()) {
GeneralSubtree subtree = GeneralSubtree.getInstance(e.nextElement());
GeneralName base = subtree.getBase();
switch(base.getTagNo()) {
case 1:
excludedSubtreesEmail = unionEmail(excludedSubtreesEmail, DERIA5String.getInstance(base.getName()).getString());
break;
case 4:
excludedSubtreesDN = unionDN(excludedSubtreesDN, (ASN1Sequence) base.getName());
break;
case 7:
excludedSubtreesIP = unionIP(excludedSubtreesIP, ASN1OctetString.getInstance(base.getName()).getOctets());
break;
}
}
}
}
}
// for
} catch (CertPathReviewerException cpre) {
addError(cpre.getErrorMessage(), cpre.getIndex());
}
}Example 12
| Project: QRCode-APG-master File: RFC3280CertPathUtilities.java View source code |
protected static int prepareNextCertI1(CertPath certPath, int index, int explicitPolicy) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (i)
//
ASN1Sequence pc = null;
try {
pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_CONSTRAINTS));
} catch (Exception e) {
throw new ExtCertPathValidatorException("Policy constraints extension cannot be decoded.", e, certPath, index);
}
int tmpInt;
if (pc != null) {
Enumeration policyConstraints = pc.getObjects();
while (policyConstraints.hasMoreElements()) {
try {
ASN1TaggedObject constraint = ASN1TaggedObject.getInstance(policyConstraints.nextElement());
if (constraint.getTagNo() == 0) {
tmpInt = DERInteger.getInstance(constraint).getValue().intValue();
if (tmpInt < explicitPolicy) {
return tmpInt;
}
break;
}
} catch (IllegalArgumentException e) {
throw new ExtCertPathValidatorException("Policy constraints extension contents cannot be decoded.", e, certPath, index);
}
}
}
return explicitPolicy;
}Example 13
| Project: robovm-master File: RFC3280CertPathUtilities.java View source code |
protected static int prepareNextCertI1(CertPath certPath, int index, int explicitPolicy) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (i)
//
ASN1Sequence pc = null;
try {
pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_CONSTRAINTS));
} catch (Exception e) {
throw new ExtCertPathValidatorException("Policy constraints extension cannot be decoded.", e, certPath, index);
}
int tmpInt;
if (pc != null) {
Enumeration policyConstraints = pc.getObjects();
while (policyConstraints.hasMoreElements()) {
try {
ASN1TaggedObject constraint = ASN1TaggedObject.getInstance(policyConstraints.nextElement());
if (constraint.getTagNo() == 0) {
tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
if (tmpInt < explicitPolicy) {
return tmpInt;
}
break;
}
} catch (IllegalArgumentException e) {
throw new ExtCertPathValidatorException("Policy constraints extension contents cannot be decoded.", e, certPath, index);
}
}
}
return explicitPolicy;
}Example 14
| Project: XobotOS-master File: RFC3280CertPathUtilities.java View source code |
protected static int prepareNextCertI1(CertPath certPath, int index, int explicitPolicy) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (i)
//
ASN1Sequence pc = null;
try {
pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_CONSTRAINTS));
} catch (Exception e) {
throw new ExtCertPathValidatorException("Policy constraints extension cannot be decoded.", e, certPath, index);
}
int tmpInt;
if (pc != null) {
Enumeration policyConstraints = pc.getObjects();
while (policyConstraints.hasMoreElements()) {
try {
ASN1TaggedObject constraint = ASN1TaggedObject.getInstance(policyConstraints.nextElement());
if (constraint.getTagNo() == 0) {
tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
if (tmpInt < explicitPolicy) {
return tmpInt;
}
break;
}
} catch (IllegalArgumentException e) {
throw new ExtCertPathValidatorException("Policy constraints extension contents cannot be decoded.", e, certPath, index);
}
}
}
return explicitPolicy;
}Example 15
| Project: bugvm-master File: RFC3280CertPathUtilities.java View source code |
protected static int prepareNextCertI1(CertPath certPath, int index, int explicitPolicy) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (i)
//
ASN1Sequence pc = null;
try {
pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_CONSTRAINTS));
} catch (Exception e) {
throw new ExtCertPathValidatorException("Policy constraints extension cannot be decoded.", e, certPath, index);
}
int tmpInt;
if (pc != null) {
Enumeration policyConstraints = pc.getObjects();
while (policyConstraints.hasMoreElements()) {
try {
ASN1TaggedObject constraint = ASN1TaggedObject.getInstance(policyConstraints.nextElement());
if (constraint.getTagNo() == 0) {
tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
if (tmpInt < explicitPolicy) {
return tmpInt;
}
break;
}
} catch (IllegalArgumentException e) {
throw new ExtCertPathValidatorException("Policy constraints extension contents cannot be decoded.", e, certPath, index);
}
}
}
return explicitPolicy;
}Example 16
| Project: opensc-java-master File: TokenInfo.java View source code |
/**
* @param obj The ASN.1 object to decode.
* @return A TokenInfo instance.
*/
public static TokenInfo getInstance(Object obj) {
if (obj instanceof TokenInfo)
return (TokenInfo) obj;
if (obj instanceof ASN1Sequence) {
ASN1Sequence seq = (ASN1Sequence) obj;
Enumeration<Object> objs = seq.getObjects();
if (!objs.hasMoreElements())
throw new IllegalArgumentException("Missing version member in TokenInfo SEQUENCE.");
Object o = objs.nextElement();
int version = IntegerHelper.intValue(DERInteger.getInstance(o).getValue());
if (version != 0)
throw new IllegalArgumentException("Unsupported version [" + version + "] in TokenInfo SEQUENCE.");
if (!objs.hasMoreElements())
throw new IllegalArgumentException("Missing serialNumber member in TokenInfo SEQUENCE.");
TokenInfo ret = new TokenInfo();
o = objs.nextElement();
ret.setSerialNumber(ASN1OctetString.getInstance(o).getOctets());
if (!objs.hasMoreElements())
return ret;
o = objs.nextElement();
if (o instanceof DERUTF8String) {
ret.setManufacturerID(DERUTF8String.getInstance(o).getString());
if (!objs.hasMoreElements())
return ret;
o = objs.nextElement();
}
if (o instanceof ASN1TaggedObject && ((ASN1TaggedObject) o).getTagNo() == 0) {
ret.setLabel(DERUTF8String.getInstance(((ASN1TaggedObject) o).getObject()).getString());
if (!objs.hasMoreElements())
return ret;
o = objs.nextElement();
}
if (!(o instanceof DERBitString))
throw new IllegalArgumentException("Missing tokenFlags member in TokenInfo SEQUENCE.");
ret.setTokenflags(TokenFlags.getInstance(o));
if (!objs.hasMoreElements())
return ret;
o = objs.nextElement();
if (o instanceof ASN1Sequence) {
ASN1Sequence seseq = ASN1Sequence.getInstance(o);
Enumeration<Object> seobjs = seseq.getObjects();
while (seobjs.hasMoreElements()) {
ret.addSeInfo(SecurityEnvironmentInfo.getInstance(seobjs.nextElement()));
}
if (!objs.hasMoreElements())
return ret;
o = objs.nextElement();
}
if (o instanceof ASN1TaggedObject && ((ASN1TaggedObject) o).getTagNo() == 1) {
ret.setRecordInfo(RecordInfo.getInstance(((ASN1TaggedObject) o).getObject()));
if (!objs.hasMoreElements())
return ret;
o = objs.nextElement();
}
if (o instanceof ASN1TaggedObject && ((ASN1TaggedObject) o).getTagNo() == 2) {
ASN1Sequence aiseq = ASN1Sequence.getInstance(((ASN1TaggedObject) o).getObject());
Enumeration<Object> aiobjs = aiseq.getObjects();
while (aiobjs.hasMoreElements()) {
ret.addSupportedAlgorithm(AlgorithmInfo.getInstance(aiobjs.nextElement()));
}
if (!objs.hasMoreElements())
return ret;
o = objs.nextElement();
}
if (o instanceof ASN1TaggedObject && ((ASN1TaggedObject) o).getTagNo() == 3) {
ret.setIssuerId(DERUTF8String.getInstance(((ASN1TaggedObject) o).getObject()).getString());
if (!objs.hasMoreElements())
return ret;
o = objs.nextElement();
}
if (o instanceof ASN1TaggedObject && ((ASN1TaggedObject) o).getTagNo() == 4) {
ret.setHolderId(DERUTF8String.getInstance(((ASN1TaggedObject) o).getObject()).getString());
if (!objs.hasMoreElements())
return ret;
o = objs.nextElement();
}
if (o instanceof ASN1TaggedObject && ((ASN1TaggedObject) o).getTagNo() == 5) {
ret.setLastUpdate(GeneralizedTimeHolderImpl.getInstance(((ASN1TaggedObject) o).getObject()));
if (!objs.hasMoreElements())
return ret;
o = objs.nextElement();
}
ret.setPreferredLanguage(DERPrintableString.getInstance(o).getString());
return ret;
}
throw new IllegalArgumentException("AccessControlRule must be encoded as an ASN.1 SEQUENCE.");
}Example 17
| Project: dss-master File: CAdESLevelBTest.java View source code |
// Annotation for error_probe
@SuppressWarnings("InsecureCryptoUsage")
@Override
protected void onDocumentSigned(byte[] byteArray) {
try {
CAdESSignature signature = new CAdESSignature(byteArray);
assertNotNull(signature.getCmsSignedData());
ASN1InputStream asn1sInput = new ASN1InputStream(byteArray);
ASN1Sequence asn1Seq = (ASN1Sequence) asn1sInput.readObject();
logger.info("SEQ : " + asn1Seq.toString());
assertEquals(2, asn1Seq.size());
ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(asn1Seq.getObjectAt(0));
assertEquals(PKCSObjectIdentifiers.signedData, oid);
logger.info("OID : " + oid.toString());
ASN1TaggedObject taggedObj = DERTaggedObject.getInstance(asn1Seq.getObjectAt(1));
logger.info("TAGGED OBJ : " + taggedObj.toString());
ASN1Primitive object = taggedObj.getObject();
logger.info("OBJ : " + object.toString());
SignedData signedData = SignedData.getInstance(object);
logger.info("SIGNED DATA : " + signedData.toString());
ASN1Set digestAlgorithms = signedData.getDigestAlgorithms();
logger.info("DIGEST ALGOS : " + digestAlgorithms.toString());
ContentInfo encapContentInfo = signedData.getEncapContentInfo();
logger.info("ENCAPSULATED CONTENT INFO : " + encapContentInfo.getContentType() + " " + encapContentInfo.getContent());
ASN1Set certificates = signedData.getCertificates();
logger.info("CERTIFICATES (" + certificates.size() + ") : " + certificates);
List<X509Certificate> foundCertificates = new ArrayList<X509Certificate>();
for (int i = 0; i < certificates.size(); i++) {
ASN1Sequence seqCertif = ASN1Sequence.getInstance(certificates.getObjectAt(i));
logger.info("SEQ cert " + i + " : " + seqCertif);
X509CertificateHolder certificateHolder = new X509CertificateHolder(seqCertif.getEncoded());
CertificateToken certificate = DSSASN1Utils.getCertificate(certificateHolder);
X509Certificate x509Certificate = certificate.getCertificate();
x509Certificate.checkValidity();
logger.info("Cert " + i + " : " + certificate);
foundCertificates.add(x509Certificate);
}
ASN1Set crLs = signedData.getCRLs();
logger.info("CRLs : " + crLs);
ASN1Set signerInfosAsn1 = signedData.getSignerInfos();
logger.info("SIGNER INFO ASN1 : " + signerInfosAsn1.toString());
assertEquals(1, signerInfosAsn1.size());
ASN1Sequence seqSignedInfo = ASN1Sequence.getInstance(signerInfosAsn1.getObjectAt(0));
SignerInfo signedInfo = SignerInfo.getInstance(seqSignedInfo);
logger.info("SIGNER INFO : " + signedInfo.toString());
SignerIdentifier sid = signedInfo.getSID();
logger.info("SIGNER IDENTIFIER : " + sid.getId());
IssuerAndSerialNumber issuerAndSerialNumber = IssuerAndSerialNumber.getInstance(signedInfo.getSID());
logger.info("ISSUER AND SN : " + issuerAndSerialNumber.toString());
BigInteger serial = issuerAndSerialNumber.getSerialNumber().getValue();
X509Certificate signerCertificate = null;
for (X509Certificate x509Certificate : foundCertificates) {
// TODO check issuer name
if (serial.equals(x509Certificate.getSerialNumber())) {
signerCertificate = x509Certificate;
}
}
assertNotNull(signerCertificate);
ASN1OctetString encryptedDigest = signedInfo.getEncryptedDigest();
logger.info("ENCRYPT DIGEST : " + encryptedDigest.toString());
ASN1Sequence seq = ASN1Sequence.getInstance(object);
ASN1Integer version = ASN1Integer.getInstance(seq.getObjectAt(0));
logger.info("VERSION : " + version.toString());
ASN1Set digestManualSet = ASN1Set.getInstance(seq.getObjectAt(1));
logger.info("DIGEST SET : " + digestManualSet.toString());
assertEquals(digestAlgorithms, digestManualSet);
ASN1Sequence seqDigest = ASN1Sequence.getInstance(digestManualSet.getObjectAt(0));
// assertEquals(1, seqDigest.size());
ASN1ObjectIdentifier oidDigestAlgo = ASN1ObjectIdentifier.getInstance(seqDigest.getObjectAt(0));
assertEquals(new ASN1ObjectIdentifier(DigestAlgorithm.SHA256.getOid()), oidDigestAlgo);
ASN1Sequence seqEncapsulatedInfo = ASN1Sequence.getInstance(seq.getObjectAt(2));
logger.info("ENCAPSULATED INFO : " + seqEncapsulatedInfo.toString());
ASN1ObjectIdentifier oidContentType = ASN1ObjectIdentifier.getInstance(seqEncapsulatedInfo.getObjectAt(0));
logger.info("OID CONTENT TYPE : " + oidContentType.toString());
ASN1TaggedObject taggedContent = DERTaggedObject.getInstance(seqEncapsulatedInfo.getObjectAt(1));
ASN1OctetString contentOctetString = ASN1OctetString.getInstance(taggedContent.getObject());
String content = new String(contentOctetString.getOctets());
assertEquals(HELLO_WORLD, content);
logger.info("CONTENT : " + content);
byte[] digest = DSSUtils.digest(DigestAlgorithm.SHA256, HELLO_WORLD.getBytes());
String encodeHexDigest = Hex.toHexString(digest);
logger.info("CONTENT DIGEST COMPUTED : " + encodeHexDigest);
ASN1Set authenticatedAttributes = signedInfo.getAuthenticatedAttributes();
logger.info("AUTHENTICATED ATTRIBUTES : " + authenticatedAttributes.toString());
// ASN1Sequence seqAuthAttrib = ASN1Sequence.getInstance(authenticatedAttributes.getObjectAt(0));
logger.info("Nb Auth Attributes : " + authenticatedAttributes.size());
String embeddedDigest = "";
for (int i = 0; i < authenticatedAttributes.size(); i++) {
ASN1Sequence authAttrSeq = ASN1Sequence.getInstance(authenticatedAttributes.getObjectAt(i));
logger.info(authAttrSeq.toString());
ASN1ObjectIdentifier attrOid = ASN1ObjectIdentifier.getInstance(authAttrSeq.getObjectAt(0));
if (PKCSObjectIdentifiers.pkcs_9_at_messageDigest.equals(attrOid)) {
ASN1Set setMessageDigest = ASN1Set.getInstance(authAttrSeq.getObjectAt(1));
ASN1OctetString asn1ObjString = ASN1OctetString.getInstance(setMessageDigest.getObjectAt(0));
embeddedDigest = Hex.toHexString(asn1ObjString.getOctets());
}
}
assertEquals(encodeHexDigest, embeddedDigest);
ASN1OctetString encryptedInfoOctedString = signedInfo.getEncryptedDigest();
String signatureValue = Hex.toHexString(encryptedInfoOctedString.getOctets());
logger.info("SIGNATURE VALUE : " + signatureValue);
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, signerCertificate);
byte[] decrypted = cipher.doFinal(encryptedInfoOctedString.getOctets());
ASN1InputStream inputDecrypted = new ASN1InputStream(decrypted);
ASN1Sequence seqDecrypt = (ASN1Sequence) inputDecrypted.readObject();
logger.info("Decrypted : " + seqDecrypt);
DigestInfo digestInfo = new DigestInfo(seqDecrypt);
assertEquals(oidDigestAlgo, digestInfo.getAlgorithmId().getAlgorithm());
String decryptedDigestEncodeBase64 = Utils.toBase64(digestInfo.getDigest());
logger.info("Decrypted Base64 : " + decryptedDigestEncodeBase64);
byte[] encoded = signedInfo.getAuthenticatedAttributes().getEncoded();
MessageDigest messageDigest = MessageDigest.getInstance(DigestAlgorithm.SHA256.getName());
byte[] digestOfAuthenticatedAttributes = messageDigest.digest(encoded);
String computedDigestEncodeBase64 = Utils.toBase64(digestOfAuthenticatedAttributes);
logger.info("Computed Base64 : " + computedDigestEncodeBase64);
assertEquals(decryptedDigestEncodeBase64, computedDigestEncodeBase64);
Utils.closeQuietly(asn1sInput);
Utils.closeQuietly(inputDecrypted);
} catch (Exception e) {
logger.error(e.getMessage(), e);
fail(e.getMessage());
}
}Example 18
| Project: Grix-master File: Voms_Utils.java View source code |
/**
* Extracts the FQANs from an AttributeCertificate
*
* @param ac
* the AttributeCertificate
* @return all FQANs in this AttributeCertificate
*/
public static ArrayList<String> getFQANs(AttributeCertificate ac) {
ArrayList<String> theseFQANs = new ArrayList<String>();
try {
// could have more than one AC in here...
for (Enumeration a = ac.getAcinfo().getAttributes().getObjects(); a.hasMoreElements(); ) {
ASN1Sequence sequence = (ASN1Sequence) a.nextElement();
// sequence contains the OID [voms 4] (as a DERObjectIdentifier)
// at address 0 , and an SET at address 1
ASN1Set set = (ASN1Set) sequence.getObjectAt(1);
// set contains only a SEQUENCE at address 0
ASN1Sequence sequence2 = (ASN1Sequence) set.getObjectAt(0);
// sequence2 contains a TAGGED OBJECT ad address 0 and another
// SEQUENCE at address 1
ASN1TaggedObject taggedObject = (ASN1TaggedObject) sequence2.getObjectAt(0);
// dig down the tagged object... (undocumented?) - TagNumber
// value is 0
ASN1TaggedObject taggedObject2 = (ASN1TaggedObject) taggedObject.getObject();
// this tagged object has TagNumber value of 6 (?)
ASN1OctetString originOctetString = (ASN1OctetString) taggedObject2.getObject();
String origin = (new DERGeneralString(originOctetString.getOctets())).getString();
ASN1Sequence fqanSequence = (ASN1Sequence) sequence2.getObjectAt(1);
for (int fqan = 0; fqan < fqanSequence.size(); fqan++) {
ASN1OctetString fqanOctetString = (ASN1OctetString) fqanSequence.getObjectAt(fqan);
String FQAN_Value = (new DERGeneralString(fqanOctetString.getOctets())).getString();
theseFQANs.add(FQAN_Value);
}
}
} catch (Exception e) {
myLogger.error(e);
}
for (String fqan : theseFQANs) {
myLogger.debug("FQAN: " + fqan);
;
}
return theseFQANs;
}Example 19
| Project: cryptacular-master File: OpenSSLPrivateKeyDecoder.java View source code |
@Override
protected AsymmetricKeyParameter decodeASN1(final byte[] encoded) {
final ASN1Object o;
try {
o = new ASN1InputStream(encoded).readObject();
} catch (Exception e) {
throw new EncodingException("Invalid encoded key", e);
}
final AsymmetricKeyParameter key;
if (o instanceof ASN1ObjectIdentifier) {
// EC private key with named curve in the default OpenSSL format emitted
// by
//
// openssl ecparam -name xxxx -genkey
//
// which is the concatenation of the named curve OID and a sequence of 1
// containing the private point
final ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(o);
final int len = encoded[1];
final byte[] privatePart = new byte[encoded.length - len - 2];
System.arraycopy(encoded, len + 2, privatePart, 0, privatePart.length);
final ASN1Sequence seq = ASN1Sequence.getInstance(privatePart);
final X9ECParameters params = ECUtil.getNamedCurveByOid(oid);
key = new ECPrivateKeyParameters(ASN1Integer.getInstance(seq.getObjectAt(0)).getValue(), new ECDomainParameters(params.getCurve(), params.getG(), params.getN(), params.getH(), params.getSeed()));
} else {
// OpenSSL "traditional" format is an ASN.1 sequence of key parameters
// Detect key type based on number and types of parameters:
// RSA -> {version, mod, pubExp, privExp, prime1, prime2, exp1, exp2, c}
// DSA -> {version, p, q, g, pubExp, privExp}
// EC -> {version, privateKey, parameters, publicKey}
final ASN1Sequence sequence = ASN1Sequence.getInstance(o);
if (sequence.size() == 9) {
// RSA private certificate key
key = new RSAPrivateCrtKeyParameters(ASN1Integer.getInstance(sequence.getObjectAt(1)).getValue(), ASN1Integer.getInstance(sequence.getObjectAt(2)).getValue(), ASN1Integer.getInstance(sequence.getObjectAt(3)).getValue(), ASN1Integer.getInstance(sequence.getObjectAt(4)).getValue(), ASN1Integer.getInstance(sequence.getObjectAt(5)).getValue(), ASN1Integer.getInstance(sequence.getObjectAt(6)).getValue(), ASN1Integer.getInstance(sequence.getObjectAt(7)).getValue(), ASN1Integer.getInstance(sequence.getObjectAt(8)).getValue());
} else if (sequence.size() == 6) {
// DSA private key
key = new DSAPrivateKeyParameters(ASN1Integer.getInstance(sequence.getObjectAt(5)).getValue(), new DSAParameters(ASN1Integer.getInstance(sequence.getObjectAt(1)).getValue(), ASN1Integer.getInstance(sequence.getObjectAt(2)).getValue(), ASN1Integer.getInstance(sequence.getObjectAt(3)).getValue()));
} else if (sequence.size() == 4) {
// EC private key with explicit curve
final X9ECParameters params = X9ECParameters.getInstance(ASN1TaggedObject.getInstance(sequence.getObjectAt(2)).getObject());
key = new ECPrivateKeyParameters(new BigInteger(ASN1OctetString.getInstance(sequence.getObjectAt(1)).getOctets()), new ECDomainParameters(params.getCurve(), params.getG(), params.getN(), params.getH(), params.getSeed()));
} else {
throw new EncodingException("Invalid OpenSSL traditional private key format.");
}
}
return key;
}Example 20
| Project: cryptoapplet-master File: PdfPKCS7TSA.java View source code |
private void findOcsp(ASN1Sequence seq) throws IOException {
basicResp = null;
boolean ret = false;
while (true) {
if ((seq.getObjectAt(0) instanceof DERObjectIdentifier) && ((DERObjectIdentifier) seq.getObjectAt(0)).getId().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic.getId())) {
break;
}
ret = true;
for (int k = 0; k < seq.size(); ++k) {
if (seq.getObjectAt(k) instanceof ASN1Sequence) {
seq = (ASN1Sequence) seq.getObjectAt(0);
ret = false;
break;
}
if (seq.getObjectAt(k) instanceof ASN1TaggedObject) {
ASN1TaggedObject tag = (ASN1TaggedObject) seq.getObjectAt(k);
if (tag.getObject() instanceof ASN1Sequence) {
seq = (ASN1Sequence) tag.getObject();
ret = false;
break;
} else
return;
}
}
if (ret)
return;
}
DEROctetString os = (DEROctetString) seq.getObjectAt(1);
ASN1InputStream inp = new ASN1InputStream(os.getOctets());
BasicOCSPResponse resp = BasicOCSPResponse.getInstance(inp.readObject());
basicResp = new BasicOCSPResp(resp);
}Example 21
| Project: xipki-master File: ExtensionsChecker.java View source code |
private static GeneralName createGeneralName(final GeneralName reqName, final Set<GeneralNameMode> modes) throws BadCertTemplateException {
int tag = reqName.getTagNo();
GeneralNameMode mode = null;
if (modes != null) {
for (GeneralNameMode m : modes) {
if (m.getTag().getTag() == tag) {
mode = m;
break;
}
}
if (mode == null) {
throw new BadCertTemplateException("generalName tag " + tag + " is not allowed");
}
}
switch(tag) {
case GeneralName.rfc822Name:
case GeneralName.dNSName:
case GeneralName.uniformResourceIdentifier:
case GeneralName.iPAddress:
case GeneralName.registeredID:
case GeneralName.directoryName:
return new GeneralName(tag, reqName.getName());
case GeneralName.otherName:
ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName());
ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0));
if (mode != null && !mode.getAllowedTypes().contains(type)) {
throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed");
}
ASN1Encodable value = ASN1TaggedObject.getInstance(reqSeq.getObjectAt(1)).getObject();
String text;
if (!(value instanceof ASN1String)) {
throw new BadCertTemplateException("otherName.value is not a String");
} else {
text = ((ASN1String) value).getString();
}
ASN1EncodableVector vector = new ASN1EncodableVector();
vector.add(type);
vector.add(new DERTaggedObject(true, 0, new DERUTF8String(text)));
DERSequence seq = new DERSequence(vector);
return new GeneralName(GeneralName.otherName, seq);
case GeneralName.ediPartyName:
reqSeq = ASN1Sequence.getInstance(reqName.getName());
int size = reqSeq.size();
String nameAssigner = null;
int idx = 0;
if (size > 1) {
DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
nameAssigner = ds.getString();
}
DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
String partyName = ds.getString();
vector = new ASN1EncodableVector();
if (nameAssigner != null) {
vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner)));
}
vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName)));
seq = new DERSequence(vector);
return new GeneralName(GeneralName.ediPartyName, seq);
default:
throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
}
// end switch
}Example 22
| Project: cas-master File: X509SubjectAlternativeNameUPNPrincipalResolver.java View source code |
/**
* Get UPN String.
*
* @param seq ASN1Sequence abstraction representing subject alternative name.
* First element is the object identifier, second is the object itself.
* @return UPN string or null
*/
private static String getUPNStringFromSequence(final ASN1Sequence seq) {
if (seq != null) {
// First in sequence is the object identifier, that we must check
final ASN1ObjectIdentifier id = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0));
if (id != null && UPN_OBJECTID.equals(id.getId())) {
final ASN1TaggedObject obj = (ASN1TaggedObject) seq.getObjectAt(1);
ASN1Primitive prim = obj.getObject();
// Due to bug in java cert.getSubjectAltName, it can be tagged an extra time
if (prim instanceof ASN1TaggedObject) {
prim = ASN1TaggedObject.getInstance(prim).getObject();
}
if (prim instanceof ASN1OctetString) {
return new String(((ASN1OctetString) prim).getOctets(), StandardCharsets.UTF_8);
}
if (prim instanceof ASN1String) {
return ((ASN1String) prim).getString();
}
return null;
}
}
return null;
}Example 23
| Project: jruby-openssl-master File: ASN1.java View source code |
// ObjectId
static IRubyObject decodeObject(final ThreadContext context, final RubyModule ASN1, final org.bouncycastle.asn1.ASN1Encodable obj) throws IOException, IllegalArgumentException {
final Ruby runtime = context.runtime;
if (obj instanceof ASN1Integer) {
final BN val = BN.newBN(runtime, ((ASN1Integer) obj).getValue());
return ASN1.getClass("Integer").callMethod(context, "new", val);
}
if (obj instanceof DERInteger) {
final BN val = BN.newBN(runtime, ((DERInteger) obj).getValue());
return ASN1.getClass("Integer").callMethod(context, "new", val);
}
if (obj instanceof DERBitString) {
final DERBitString derObj = (DERBitString) obj;
RubyString str = runtime.newString(new ByteList(derObj.getBytes(), false));
IRubyObject bitString = ASN1.getClass("BitString").callMethod(context, "new", str);
bitString.callMethod(context, "unused_bits=", runtime.newFixnum(derObj.getPadBits()));
return bitString;
}
if (obj instanceof ASN1String) {
final Integer typeId = typeId(obj.getClass());
String type = typeId == null ? null : (String) (ASN1_INFO[typeId][2]);
final ByteList bytes;
if (obj instanceof DERUTF8String) {
if (type == null)
type = "UTF8String";
bytes = new ByteList(((DERUTF8String) obj).getString().getBytes("UTF-8"), false);
} else {
if (type == null) {
if (obj instanceof DERNumericString) {
type = "NumericString";
} else if (obj instanceof DERPrintableString) {
type = "PrintableString";
} else if (obj instanceof DERIA5String) {
type = "IA5String";
} else if (obj instanceof DERT61String) {
type = "T61String";
} else if (obj instanceof DERGeneralString) {
type = "GeneralString";
} else if (obj instanceof DERUniversalString) {
type = "UniversalString";
} else if (obj instanceof DERBMPString) {
type = "BMPString";
} else {
// NOTE "VideotexString", "GraphicString", "ISO64String" not-handled in BC !
throw new IllegalArgumentException("could not handle ASN1 string type: " + obj + " (" + obj.getClass().getName() + ")");
}
}
bytes = ByteList.create(((ASN1String) obj).getString());
}
return ASN1.getClass(type).callMethod(context, "new", runtime.newString(bytes));
}
if (obj instanceof ASN1OctetString) {
final ByteList octets = new ByteList(((ASN1OctetString) obj).getOctets(), false);
//final ByteList octets = new ByteList(((ASN1OctetString) obj).getEncoded(ASN1Encoding.DER), false);
return ASN1.getClass("OctetString").callMethod(context, "new", runtime.newString(octets));
}
if (obj instanceof ASN1Null) {
return ASN1.getClass("Null").callMethod(context, "new", runtime.getNil());
}
if (obj instanceof ASN1Boolean) {
final boolean val = ((ASN1Boolean) obj).isTrue();
return ASN1.getClass("Boolean").callMethod(context, "new", runtime.newBoolean(val));
}
// DERBoolean extends ASN1Boolean only since 1.51 (<= 1.50 the other way around)
if (obj instanceof DERBoolean) {
final boolean val = ((DERBoolean) obj).isTrue();
return ASN1.getClass("Boolean").callMethod(context, "new", runtime.newBoolean(val));
}
if (obj instanceof ASN1UTCTime) {
final Date adjustedTime;
try {
adjustedTime = ((ASN1UTCTime) obj).getAdjustedDate();
} catch (ParseException e) {
throw new IOException(e);
}
final RubyTime time = RubyTime.newTime(runtime, adjustedTime.getTime());
return ASN1.getClass("UTCTime").callMethod(context, "new", time);
}
// NOTE: keep for BC versions compatibility ... extends ASN1UTCTime (since BC 1.51)
if (obj instanceof DERUTCTime) {
final Date adjustedTime;
try {
adjustedTime = ((DERUTCTime) obj).getAdjustedDate();
} catch (ParseException e) {
throw new IOException(e);
}
final RubyTime time = RubyTime.newTime(runtime, adjustedTime.getTime());
return ASN1.getClass("UTCTime").callMethod(context, "new", time);
}
if (obj instanceof ASN1GeneralizedTime) {
final Date generalTime;
try {
generalTime = ((ASN1GeneralizedTime) obj).getDate();
} catch (ParseException e) {
throw new IOException(e);
}
final RubyTime time = RubyTime.newTime(runtime, generalTime.getTime());
return ASN1.getClass("GeneralizedTime").callMethod(context, "new", time);
}
// NOTE: keep for BC versions compatibility ... extends ASN1GeneralizedTime (since BC 1.51)
if (obj instanceof DERGeneralizedTime) {
final Date generalTime;
try {
generalTime = ((DERGeneralizedTime) obj).getDate();
} catch (ParseException e) {
throw new IOException(e);
}
final RubyTime time = RubyTime.newTime(runtime, generalTime.getTime());
return ASN1.getClass("GeneralizedTime").callMethod(context, "new", time);
}
if (obj instanceof ASN1ObjectIdentifier) {
final String objId = ((ASN1ObjectIdentifier) obj).getId();
return ASN1.getClass("ObjectId").callMethod(context, "new", runtime.newString(objId));
}
// DERObjectIdentifier extends ASN1ObjectIdentifier = 1.51
if (obj instanceof DERObjectIdentifier) {
final String objId = ((DERObjectIdentifier) obj).getId();
return ASN1.getClass("ObjectId").callMethod(context, "new", runtime.newString(objId));
}
if (obj instanceof ASN1TaggedObject) {
final ASN1TaggedObject taggedObj = (ASN1TaggedObject) obj;
IRubyObject val = decodeObject(context, ASN1, taggedObj.getObject());
IRubyObject tag = runtime.newFixnum(taggedObj.getTagNo());
IRubyObject tag_class = runtime.newSymbol("CONTEXT_SPECIFIC");
final RubyArray valArr = runtime.newArray(val);
return ASN1.getClass("ASN1Data").callMethod(context, "new", new IRubyObject[] { valArr, tag, tag_class });
}
if (obj instanceof DERApplicationSpecific) {
final DERApplicationSpecific appSpecific = (DERApplicationSpecific) obj;
IRubyObject tag = runtime.newFixnum(appSpecific.getApplicationTag());
IRubyObject tag_class = runtime.newSymbol("APPLICATION");
final ASN1Sequence sequence = (ASN1Sequence) appSpecific.getObject(SEQUENCE);
@SuppressWarnings("unchecked") final RubyArray valArr = decodeObjects(context, ASN1, sequence.getObjects());
return ASN1.getClass("ASN1Data").callMethod(context, "new", new IRubyObject[] { valArr, tag, tag_class });
}
if (obj instanceof ASN1Sequence) {
@SuppressWarnings("unchecked") RubyArray arr = decodeObjects(context, ASN1, ((ASN1Sequence) obj).getObjects());
return ASN1.getClass("Sequence").callMethod(context, "new", arr);
}
if (obj instanceof ASN1Set) {
@SuppressWarnings("unchecked") RubyArray arr = decodeObjects(context, ASN1, ((ASN1Set) obj).getObjects());
return ASN1.getClass("Set").callMethod(context, "new", arr);
}
if (obj instanceof ASN1Enumerated) {
final RubyInteger value = RubyBignum.bignorm(runtime, ((ASN1Enumerated) obj).getValue());
return ASN1.getClass("Enumerated").callMethod(context, "new", value);
}
throw new IllegalArgumentException("unable to decode object: " + obj + " (" + (obj == null ? "" : obj.getClass().getName()) + ")");
}Example 24
| Project: oxAuth-master File: CRLCertificateVerifier.java View source code |
public String getCrlUri(X509Certificate certificate) throws IOException {
ASN1Primitive obj;
try {
obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId());
} catch (IOException ex) {
log.error("Failed to get CRL URL", ex);
return null;
}
if (obj == null) {
return null;
}
CRLDistPoint distPoint = CRLDistPoint.getInstance(obj);
DistributionPoint[] distributionPoints = distPoint.getDistributionPoints();
for (DistributionPoint distributionPoint : distributionPoints) {
DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
if (DistributionPointName.FULL_NAME != distributionPointName.getType()) {
continue;
}
GeneralNames generalNames = (GeneralNames) distributionPointName.getName();
GeneralName[] names = generalNames.getNames();
for (GeneralName name : names) {
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
continue;
}
DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
return derStr.getString();
}
}
return null;
}Example 25
| Project: uma-master File: CRLCertificateVerifier.java View source code |
public String getCrlUri(X509Certificate certificate) throws IOException {
ASN1Primitive obj;
try {
obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId());
} catch (IOException ex) {
log.error("Failed to get CRL URL", ex);
return null;
}
if (obj == null) {
return null;
}
CRLDistPoint distPoint = CRLDistPoint.getInstance(obj);
DistributionPoint[] distributionPoints = distPoint.getDistributionPoints();
for (DistributionPoint distributionPoint : distributionPoints) {
DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
if (DistributionPointName.FULL_NAME != distributionPointName.getType()) {
continue;
}
GeneralNames generalNames = (GeneralNames) distributionPointName.getName();
GeneralName[] names = generalNames.getNames();
for (GeneralName name : names) {
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
continue;
}
DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
return derStr.getString();
}
}
return null;
}Example 26
| Project: Assignments-master File: PdfPKCS7.java View source code |
/**
* Helper method that creates the BasicOCSPResp object.
* @param seq
* @throws IOException
*/
private void findOcsp(ASN1Sequence seq) throws IOException {
basicResp = null;
boolean ret = false;
while (true) {
if (seq.getObjectAt(0) instanceof ASN1ObjectIdentifier && ((ASN1ObjectIdentifier) seq.getObjectAt(0)).getId().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic.getId())) {
break;
}
ret = true;
for (int k = 0; k < seq.size(); ++k) {
if (seq.getObjectAt(k) instanceof ASN1Sequence) {
seq = (ASN1Sequence) seq.getObjectAt(0);
ret = false;
break;
}
if (seq.getObjectAt(k) instanceof ASN1TaggedObject) {
ASN1TaggedObject tag = (ASN1TaggedObject) seq.getObjectAt(k);
if (tag.getObject() instanceof ASN1Sequence) {
seq = (ASN1Sequence) tag.getObject();
ret = false;
break;
} else
return;
}
}
if (ret)
return;
}
ASN1OctetString os = (ASN1OctetString) seq.getObjectAt(1);
ASN1InputStream inp = new ASN1InputStream(os.getOctets());
BasicOCSPResponse resp = BasicOCSPResponse.getInstance(inp.readObject());
basicResp = new BasicOCSPResp(resp);
}Example 27
| Project: cachewolf-master File: X509Extensions.java View source code |
public static X509Extensions getInstance(Object obj) {
if (obj == null || obj instanceof X509Extensions) {
return (X509Extensions) obj;
}
if (obj instanceof ASN1Sequence) {
return new X509Extensions((ASN1Sequence) obj);
}
if (obj instanceof ASN1TaggedObject) {
return getInstance(((ASN1TaggedObject) obj).getObject());
}
throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
}Example 28
| Project: ESign-master File: X509Extensions.java View source code |
public static X509Extensions getInstance(Object obj) {
if (obj == null || obj instanceof X509Extensions) {
return (X509Extensions) obj;
}
if (obj instanceof ASN1Sequence) {
return new X509Extensions((ASN1Sequence) obj);
}
if (obj instanceof ASN1TaggedObject) {
return getInstance(((ASN1TaggedObject) obj).getObject());
}
throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
}Example 29
| Project: itextpdf-master File: CertificateInfo.java View source code |
public static ASN1Primitive getIssuer(byte[] enc) {
try {
ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc));
ASN1Sequence seq = (ASN1Sequence) in.readObject();
return (ASN1Primitive) seq.getObjectAt(seq.getObjectAt(0) instanceof ASN1TaggedObject ? 3 : 2);
} catch (IOException e) {
throw new ExceptionConverter(e);
}
}Example 30
| Project: ExemplosDemoiselle-master File: CMSSignedHelper.java View source code |
/**
*
* @param type
* @param provider
* @param certSet -> conjunto/cadeia de cerficados
* @return X509Store
* @see org.bouncycastle.x509.X509Store
* @throws NoSuchStoreException
* @throws NoSuchProviderException
* @throws CMSException
*/
X509Store createAttributeStore(String type, String provider, ASN1Set certSet) throws NoSuchStoreException, NoSuchProviderException, CMSException {
List<Object> certs = new ArrayList<Object>();
if (certSet != null) {
Enumeration<?> e = certSet.getObjects();
while (e.hasMoreElements()) {
try {
DERObject obj = ((DEREncodable) e.nextElement()).getDERObject();
if (obj instanceof ASN1TaggedObject) {
ASN1TaggedObject tagged = (ASN1TaggedObject) obj;
if (tagged.getTagNo() == 2) {
certs.add(new X509V2AttributeCertificate(ASN1Sequence.getInstance(tagged, false).getEncoded()));
}
}
} catch (IOException ex) {
throw new CMSException("Nao e possivel recodificar o atributo do certificado: ", ex);
}
}
}
try {
return X509Store.getInstance("AttributeCertificate/" + type, new X509CollectionStoreParameters(certs), provider);
} catch (IllegalArgumentException e) {
throw new CMSException("Não é possivel setar/gerar o X509Store", e);
}
}Example 31
| Project: voms-api-java-master File: VOMSACUtils.java View source code |
@SuppressWarnings("rawtypes")
private static List<String> deserializeACTargets(X509AttributeCertificateHolder ac) {
List<String> targets = new ArrayList<String>();
X509Extension targetExtension = ac.getExtension(X509Extension.targetInformation);
if (targetExtension == null)
return targets;
TargetInformation ti = TargetInformation.getInstance((ASN1Sequence) targetExtension.getParsedValue());
// Only one Targets according to RFC 3281
Targets asn1TargetContainer = ti.getTargetsObjects()[0];
// The deserialization has to be done by hand since it seems VOMS
// does not correctly encode the ACTargets extension...
ASN1Sequence targetSequence = (ASN1Sequence) asn1TargetContainer.getDERObject();
Target[] asn1Targets = new Target[targetSequence.size()];
int count = 0;
for (Enumeration e = targetSequence.getObjects(); e.hasMoreElements(); ) {
// There's one sequence more than expected here that makes
// the bc constructor fail...
ASN1Sequence seq = (ASN1Sequence) e.nextElement();
ASN1TaggedObject val = (ASN1TaggedObject) seq.getObjectAt(0);
asn1Targets[count++] = Target.getInstance(val);
}
// Extract the actual string
for (Target t : asn1Targets) {
GeneralName targetURI = t.getTargetName();
if (targetURI.getTagNo() != GeneralName.uniformResourceIdentifier)
raiseACNonConformantError("wrong AC target extension encoding. Only URI targets are supported.");
String targetString = ((DERIA5String) targetURI.getName()).getString();
targets.add(targetString);
}
return targets;
}Example 32
| Project: jgrith-master File: VOMSAttributeCertificate.java View source code |
public ArrayList<String> getVOMSFQANs() {
ArrayList<String> theseFQANs = new ArrayList<String>();
// could have more than one AC in here...
for (Enumeration a = this.attributes.getObjects(); a.hasMoreElements(); ) {
ASN1Sequence sequence = (ASN1Sequence) a.nextElement();
// sequence contains the OID [voms 4] (as a DERObjectIdentifier)
// at address 0 , and an SET at address 1
ASN1Set set = (ASN1Set) sequence.getObjectAt(1);
// set contains only a SEQUENCE at address 0
ASN1Sequence sequence2 = (ASN1Sequence) set.getObjectAt(0);
// sequence2 contains a TAGGED OBJECT ad address 0 and another
// SEQUENCE at address 1
ASN1TaggedObject taggedObject = (ASN1TaggedObject) sequence2.getObjectAt(0);
// dig down the tagged object... (undocumented?) - TagNumber
// value is 0
ASN1TaggedObject taggedObject2 = (ASN1TaggedObject) taggedObject.getObject();
// this tagged object has TagNumber value of 6 (?)
ASN1OctetString originOctetString = (ASN1OctetString) taggedObject2.getObject();
String origin = (new DERGeneralString(originOctetString.getOctets())).getString();
ASN1Sequence fqanSequence = (ASN1Sequence) sequence2.getObjectAt(1);
for (int fqan = 0; fqan < fqanSequence.size(); fqan++) {
ASN1OctetString fqanOctetString = (ASN1OctetString) fqanSequence.getObjectAt(fqan);
String FQAN_Value = (new DERGeneralString(fqanOctetString.getOctets())).getString();
theseFQANs.add(FQAN_Value);
}
}
return theseFQANs;
}Example 33
| Project: SCVPAPI-master File: ExampleSCVPClient.java View source code |
public boolean validateSCVPResponse(byte[] resp) throws SCVPException {
boolean certificateValid = false;
/*
* Now that we ca create a successful DPV request and receive a response
* from the service, we had better get to cracking on parsing the
* response and validating the signature!
*/
ASN1SequenceParser cmsSeqPar = null;
ContentInfoParser contentInfoParser = null;
ASN1ObjectIdentifier contentType = null;
if (resp != null) {
ASN1StreamParser streamParser = new ASN1StreamParser(resp);
Object object;
try {
object = streamParser.readObject();
} catch (IOException e) {
throw new SCVPException("Problem parsing response from server", e);
}
if (object instanceof ASN1SequenceParser) {
cmsSeqPar = (ASN1SequenceParser) object;
try {
contentInfoParser = new ContentInfoParser(cmsSeqPar);
} catch (IOException e) {
throw new SCVPException("Problem parsing CMS ContentInfo", e);
}
contentType = contentInfoParser.getContentType();
if (CMSObjectIdentifiers.signedData.equals(contentType)) {
try {
object = streamParser.readObject();
} catch (IOException e) {
throw new SCVPException("Problem parsing response from server", e);
}
if (object instanceof ASN1SequenceParser) {
/*
* Now that we confirmed this is CMS Signed data we are
* going to start parsing what we know without checking
* (not a good long term solution)
*/
ASN1SequenceParser cmsSdPar = (ASN1SequenceParser) object;
/*
* The following is for logging, but we may switch to
* decoding the response directly using a primitive, vs
* trying to use the decoders. Not certain if there is
* a bug, but the decoders interpret some of the data
* as BER and not DER :/
*/
ASN1Sequence ppResp = null;
try {
ppResp = (ASN1Sequence) ASN1Sequence.fromByteArray(resp);
} catch (IOException e) {
throw new SCVPException("Problem parsing response from server", e);
}
log.log(Level.FINE, ASN1Dump.dumpAsString(ppResp, true));
/*
*
*/
// version CMSVersion
ASN1Integer sdv;
try {
sdv = (ASN1Integer) cmsSdPar.readObject();
} catch (IOException e) {
throw new SCVPException("Problem parsing CMS Version", e);
}
ASN1SetParser dASetPar;
AlgorithmIdentifier algId;
try {
dASetPar = (ASN1SetParser) cmsSdPar.readObject();
algId = AlgorithmIdentifier.getInstance(dASetPar.readObject());
} catch (IOException e) {
throw new SCVPException("Problem parsing digest algorithm identifier", e);
}
ASN1SequenceParser eCInfoPar;
ASN1ObjectIdentifier eContentType;
ASN1TaggedObjectParser eContent;
ASN1OctetString cVResponse;
try {
eCInfoPar = (ASN1SequenceParser) cmsSdPar.readObject();
eContentType = (ASN1ObjectIdentifier) eCInfoPar.readObject();
eContent = (ASN1TaggedObjectParser) eCInfoPar.readObject();
cVResponse = (ASN1OctetString) eContent.getObjectParser(0, true).toASN1Primitive();
} catch (IOException e) {
throw new SCVPException("Problem parsing EncapsulatedContentInfo", e);
}
/*
* Digest the object bytes for signature validation
*/
byte[] cVRespBytes = cVResponse.getOctets();
byte[] digest = null;
/*
* Only support SHA-1/SHA-256/SHA-384. Die on validation
* otherwise.
*/
if (algId.getAlgorithm().equals(CipherEngine.SHA384)) {
/*
* SHA-384
*/
digest = DigestEngine.sHA384Sum(cVRespBytes, jceProvider.getName());
} else if (algId.getAlgorithm().equals(CipherEngine.SHA256)) {
/*
* SHA-256
*/
digest = DigestEngine.sHA256Sum(cVRespBytes, jceProvider.getName());
} else if (algId.getAlgorithm().equals(CipherEngine.SHA1)) {
/*
* SHA-1
*/
digest = DigestEngine.sHA1Sum(cVRespBytes, jceProvider.getName());
} else {
throw new SCVPException("Unexpected Digest Algorithm: " + algId.getAlgorithm().getId());
}
ASN1TaggedObjectParser certSet;
Certificate cvSigner;
try {
certSet = (ASN1TaggedObjectParser) cmsSdPar.readObject();
cvSigner = Certificate.getInstance(certSet.getObjectParser(0, true).toASN1Primitive());
} catch (IOException e) {
throw new SCVPException("Error parsing SCVP Signer in CMS", e);
}
ASN1SetParser sInfosPar;
SignerInfo sInfo;
try {
sInfosPar = (ASN1SetParser) cmsSdPar.readObject();
sInfo = SignerInfo.getInstance(sInfosPar.readObject().toASN1Primitive());
} catch (IOException e) {
throw new SCVPException("Error parsing SignerInfo", e);
}
SignerIdentifier sID = sInfo.getSID();
IssuerAndSerialNumber iSn = IssuerAndSerialNumber.getInstance(sID);
if (iSn.equals(new IssuerAndSerialNumber(cvSigner))) {
/*
* To get here the signerInfo references the
* included signer and we will proceed to parse the
* SignerInfo, which includes the digest of (and
* reference to) a CVResponse, and the encrypted
* value (signature). Parse and validate the
* signature...
*/
AlgorithmIdentifier sIAlgId = sInfo.getDigestAlgorithm();
Attributes sIAA = Attributes.getInstance(sInfo.getAuthenticatedAttributes());
Attribute siContentType = null;
Attribute siSigningTime = null;
Attribute siMessageDigest = null;
for (Attribute a : sIAA.getAttributes()) {
if (a.getAttrType().equals(new ASN1ObjectIdentifier("1.2.840.113549.1.9.3"))) {
siContentType = a;
}
if (a.getAttrType().equals(new ASN1ObjectIdentifier("1.2.840.113549.1.9.5"))) {
siSigningTime = a;
}
if (a.getAttrType().equals(new ASN1ObjectIdentifier("1.2.840.113549.1.9.4"))) {
siMessageDigest = a;
}
}
/*
* Make sure the SignerInfo has all that we expect,
* and lets validate the data.
*
* -ContentType: Make sure it is an SCVP Response
* -SigningTime: We use a nonce, ensure it was
* signed within the past minute -MessageDigest:
* This must match the digest of the CVResponse
*/
if (siContentType != null && siSigningTime != null && siMessageDigest != null) {
ASN1ObjectIdentifier siCT = (ASN1ObjectIdentifier) siContentType.getAttrValues().getObjectAt(0);
if (siCT.equals(new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.1.11"))) {
} else {
throw new SCVPException("Unexpected Content Type: " + siCT.getId());
}
Calendar currentTime = Calendar.getInstance();
ASN1UTCTime claimSignTime = (ASN1UTCTime) siSigningTime.getAttrValues().getObjectAt(0);
Calendar signingTime = new GregorianCalendar();
try {
signingTime.setTime(claimSignTime.getAdjustedDate());
} catch (ParseException e) {
throw new SCVPException("Error parsing SigningTime", e);
}
Calendar minBefore = new GregorianCalendar();
Calendar minAfter = new GregorianCalendar();
minBefore.add(Calendar.MINUTE, -1);
minAfter.add(Calendar.MINUTE, 1);
if (!(currentTime.before(minBefore) || currentTime.after(minAfter))) {
} else {
throw new SCVPException("Unacceptable Signing Time: " + claimSignTime.getAdjustedTime());
}
ASN1OctetString claimDigestOS = (ASN1OctetString) siMessageDigest.getAttrValues().getObjectAt(0);
byte[] claimDigest = claimDigestOS.getOctets();
if (Arrays.areEqual(digest, claimDigest)) {
} else {
throw new SCVPException("SignerInfo Message Digest (" + DataUtil.byteArrayToString(claimDigest) + ") does is not equal to actual digest (" + DataUtil.byteArrayToString(digest) + ")");
}
} else {
throw new SCVPException("SignerInfo does not include requred Authenticated attributes");
}
AlgorithmIdentifier sigAlg = sInfo.getDigestEncryptionAlgorithm();
byte[] sigBits = sInfo.getEncryptedDigest().getOctets();
String sigAlgName = CipherEngine.getSigningAlgorithm(sIAlgId.getAlgorithm(), sigAlg.getAlgorithm());
Signature signature = null;
try {
signature = Signature.getInstance(sigAlgName, jceProvider.getName());
} catch (NoSuchAlgorithmExceptionNoSuchProviderException | e) {
throw new SCVPException("Problem verifing signature", e);
}
InputStream in;
try {
in = new ByteArrayInputStream(cvSigner.getEncoded());
} catch (IOException e) {
throw new SCVPException("Error parsing SCVP Signer Certificate", e);
}
CertificateFactory cf;
X509Certificate cvSignerCert;
try {
cf = CertificateFactory.getInstance("X.509", jceProvider.getName());
cvSignerCert = (X509Certificate) cf.generateCertificate(in);
signature.initVerify(cvSignerCert);
} catch (InvalidKeyException e) {
throw new SCVPException("Problem parsing SCVP Signer public key", e);
} catch (CertificateException e) {
throw new SCVPException("Problem parsing SCVP Signing certificate", e);
} catch (NoSuchProviderException e) {
throw new SCVPException("Problem with JCE Provider", e);
}
try {
signature.update(sIAA.getEncoded());
} catch (SignatureExceptionIOException | e) {
throw new SCVPException("Problem with SCVP Signature validation", e);
}
boolean sigMatch = false;
try {
sigMatch = signature.verify(sigBits);
} catch (SignatureException e) {
throw new SCVPException("Invalid SCVP Signature: Signature Validation Failed", e);
}
if (sigMatch) {
/*
* TODO: Validate that we trust the SCVP Signer
* certificate:
*
* To elaborate, while this code does validate the signature
* of the SCVP response, it does not verify the signer
* certificate is one that we "trust". Further, a large
* fault-tolerant SCVP service MAY have multiple SCVP signers.
* To specify explicit trust in those signers as a command
* line option, or as inputs to this code is counter-intuitive,
* as SCVP is intended to ease the burden of managing trust lists.
*
* So for this implementation, the SCVP signing certificate MUST chain
* to one specific trust anchor. There MUST be a policy on the SCVP
* service that supports validation of all SCVP signers encountered
* to that trust anchor. It is up to the implementor how often
* the SCVP signer is validated, vs. reliance on a cached CVResponse
* of the prior validation.
*
*/
/*
* Now we will process the CVResponse, verify
* the response from the request artifacts, and
* then return a result for human (or other IT
* Logic) consumption. We will render the
* CVResponse from the response bytes we
* digested (used for signature validation).
*/
ASN1StreamParser cvRespOs = new ASN1StreamParser(cVRespBytes);
ASN1SequenceParser cvResp;
ASN1Integer cvResponseVersion;
ASN1Integer serverConfigurationID;
ASN1GeneralizedTime producedAt;
ASN1Sequence responseStatus;
ASN1Sequence respValidationPolicy = null;
ASN1TaggedObject requestRef = null;
ASN1Sequence requestorRef = null;
ASN1Sequence requestorName = null;
ASN1Sequence replyObjects = null;
ASN1OctetString respNonce = null;
ASN1OctetString serverContextInfo = null;
ASN1Sequence cvResponseExtensions = null;
ASN1OctetString requestorText = null;
try {
cvResp = (ASN1SequenceParser) cvRespOs.readObject();
cvResponseVersion = ASN1Integer.getInstance(cvResp.readObject());
serverConfigurationID = ASN1Integer.getInstance(cvResp.readObject());
producedAt = ASN1GeneralizedTime.getInstance(cvResp.readObject());
responseStatus = ASN1Sequence.getInstance(cvResp.readObject());
ASN1Enumerated statusCode = ASN1Enumerated.getInstance(responseStatus.getObjectAt(0));
/*
* The remainder objects in this CVResponse
* are tagged and OPTIONAL.
*/
Object cvrObj;
while ((cvrObj = cvResp.readObject()) != null) {
ASN1TaggedObject atObjFp = (ASN1TaggedObject) ((ASN1TaggedObjectParser) cvrObj).toASN1Primitive();
switch(atObjFp.getTagNo()) {
case 0:
{
respValidationPolicy = (ASN1Sequence) atObjFp.getObject();
break;
}
case 1:
{
requestRef = (ASN1TaggedObject) atObjFp.getObject();
break;
}
case 2:
{
requestorRef = (ASN1Sequence) atObjFp.getObject();
break;
}
case 3:
{
requestorName = (ASN1Sequence) atObjFp.getObject();
break;
}
case 4:
{
replyObjects = (ASN1Sequence) atObjFp.getObject();
break;
}
case 5:
{
respNonce = (ASN1OctetString) atObjFp.getObject();
break;
}
case 6:
{
serverContextInfo = (ASN1OctetString) atObjFp.getObject();
break;
}
case 7:
{
cvResponseExtensions = (ASN1Sequence) atObjFp.getObject();
break;
}
case 8:
{
requestorText = (ASN1OctetString) atObjFp.getObject();
break;
}
default:
{
throw new SCVPException("Unknown object encountered in CVResponse");
}
}
}
} catch (IOException e) {
throw new SCVPException("Error parsing CVResponse", e);
}
/*
* TODO: Decode the other objects, and match up
* to the request response objects to validate
* the response. I.e., requestRef, respNonce,
* etc...
*
* For now, we are only interested in the
* replyObjects to give us the certificate
* status. There is only one, because we only
* asked for one.
*/
if (replyObjects != null) {
/*
* Technically we have the single
* replyObject, so the following is the
* results of our hard work....
*/
/*
* Get the certificate
*/
Certificate eCertInRO = Certificate.getInstance(((ASN1TaggedObject) replyObjects.getObjectAt(0)).getObject());
/*
* Get the statusCode
*/
ASN1Enumerated statusCode = ASN1Enumerated.getInstance(replyObjects.getObjectAt(1));
/*
* Get the time of validation
*/
ASN1GeneralizedTime replyValTime = ASN1GeneralizedTime.getInstance(replyObjects.getObjectAt(2));
/*
* Get the reply checks
*
* This code only asked for one check, so it currently
* assumes that there will only be one ReplyCheck.
*
* This is not the proper way to do things...
*/
ReplyChecks replyChecks;
try {
replyChecks = ReplyChecks.getInstance(replyObjects.getObjectAt(3));
} catch (IOException e) {
throw new SCVPException("Error decoding ReplyChecks: " + e.getLocalizedMessage(), e);
}
Enumeration<ReplyCheck> rcsEn = replyChecks.getValues();
while (rcsEn.hasMoreElements()) {
ReplyCheck replyCheck;
try {
replyCheck = ReplyCheck.getInstance(rcsEn.nextElement());
} catch (IOException e) {
throw new SCVPException("Error decoding ReplyCheck ", e);
}
if (replyCheck.getStatus().getValue().equals(BigInteger.ZERO)) {
certificateValid = true;
}
}
/*
* Get the reply wantBacks (although we
* asked for none)
*/
ASN1Sequence replyWantBacks = ASN1Sequence.getInstance(replyObjects.getObjectAt(4));
@SuppressWarnings("unchecked") Enumeration<ASN1Sequence> rcWB = replyWantBacks.getObjects();
int wbNum = 0;
while (rcWB.hasMoreElements()) {
ASN1Sequence replyWantBack = rcWB.nextElement();
ASN1ObjectIdentifier wb = (ASN1ObjectIdentifier) replyWantBack.getObjectAt(0);
/*
* TODO: Fix this bug
*
* Exception in thread "main" java.lang.ClassCastException: org.bouncycastle.asn1.DEROctetString cannot be cast to org.bouncycastle.asn1.ASN1Integer
* at org.keysupport.bc.scvp.ExampleSCVPClient.validateSCVPResponse(ExampleSCVPClient.java:766)
* at org.keysupport.bc.scvp.ExampleSCVPClient.validate(ExampleSCVPClient.java:244)
* at org.keysupport.bc.scvp.ExampleSCVPClient.main(ExampleSCVPClient.java:133)
*/
ASN1Integer check = (ASN1Integer) replyWantBack.getObjectAt(1);
wbNum++;
}
Object rcObj = replyObjects.getObjectAt(5);
/*
* Return our validation boolean
*/
} else {
throw new SCVPException("No ReplyObjects in CVResponse");
}
} else {
throw new SCVPException("Invalid SCVP Signature: Signature Validation Failed");
}
} else {
throw new SCVPException("The SignerIdentifier and Signing Certificate do not match");
}
} else {
throw new SCVPException("Response from the server is not a CMS message");
}
//TODO: We may receive an unsigned response.
} else if (new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.1.11").equals(contentType)) {
try {
object = streamParser.readObject();
} catch (IOException e) {
throw new SCVPException("Problem parsing response from server", e);
}
if (object instanceof ASN1SequenceParser) {
/*
* Now that we confirmed this is CMS Signed data we are
* going to start parsing what we know without checking
* (not a good long term solution)
*/
ASN1SequenceParser cmsSdPar = (ASN1SequenceParser) object;
/*
* The following is for logging, but we may switch to
* decoding the response directly using a primitive, vs
* trying to use the decoders. Not certain if there is
* a bug, but the decoders interpret some of the data
* as BER and not DER :/
*/
ASN1Sequence ppResp = null;
try {
ppResp = (ASN1Sequence) ASN1Sequence.fromByteArray(resp);
} catch (IOException e) {
throw new SCVPException("Problem parsing response from server", e);
}
log.log(Level.FINE, ASN1Dump.dumpAsString(ppResp, true));
}
} else {
log.log(Level.FINE, "Response:\n" + ASN1Dump.dumpAsString(contentType, true));
throw new SCVPException("Response from the server is not a CMS SignedData message or CMS ContentInfo");
}
} else {
throw new SCVPException("Response from the server is not a CMS SignedData message");
}
} else {
throw new SCVPException("Response from the server is not a CMS SignedData message");
}
return certificateValid;
}Example 34
| Project: canl-java-master File: RFC3280CertPathUtilities.java View source code |
protected static int prepareNextCertI1(CertPath certPath, int index, int explicitPolicy) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (i)
//
ASN1Sequence pc = null;
try {
pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_CONSTRAINTS));
} catch (Exception e) {
throw new ExtCertPathValidatorException("Policy constraints extension cannot be decoded.", e, certPath, index);
}
int tmpInt;
if (pc != null) {
Enumeration policyConstraints = pc.getObjects();
while (policyConstraints.hasMoreElements()) {
try {
ASN1TaggedObject constraint = ASN1TaggedObject.getInstance(policyConstraints.nextElement());
if (constraint.getTagNo() == 0) {
tmpInt = ASN1Integer.getInstance(constraint, false).getValue().intValue();
if (tmpInt < explicitPolicy) {
return tmpInt;
}
break;
}
} catch (IllegalArgumentException e) {
throw new ExtCertPathValidatorException("Policy constraints extension contents cannot be decoded.", e, certPath, index);
}
}
}
return explicitPolicy;
}Example 35
| Project: iText-4.2.0-master File: PdfPKCS7.java View source code |
private void findOcsp(ASN1Sequence seq) throws IOException {
basicResp = null;
boolean ret = false;
while (true) {
if ((seq.getObjectAt(0) instanceof DERObjectIdentifier) && ((DERObjectIdentifier) seq.getObjectAt(0)).getId().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic.getId())) {
break;
}
ret = true;
for (int k = 0; k < seq.size(); ++k) {
if (seq.getObjectAt(k) instanceof ASN1Sequence) {
seq = (ASN1Sequence) seq.getObjectAt(0);
ret = false;
break;
}
if (seq.getObjectAt(k) instanceof ASN1TaggedObject) {
ASN1TaggedObject tag = (ASN1TaggedObject) seq.getObjectAt(k);
if (tag.getObject() instanceof ASN1Sequence) {
seq = (ASN1Sequence) tag.getObject();
ret = false;
break;
} else
return;
}
}
if (ret)
return;
}
DEROctetString os = (DEROctetString) seq.getObjectAt(1);
ASN1InputStream inp = new ASN1InputStream(os.getOctets());
BasicOCSPResponse resp = BasicOCSPResponse.getInstance(inp.readObject());
basicResp = new BasicOCSPResp(resp);
}Example 36
| Project: itext-as-in-free-master File: PdfPKCS7.java View source code |
private void findOcsp(ASN1Sequence seq) throws IOException {
basicResp = null;
boolean ret = false;
while (true) {
if ((seq.getObjectAt(0) instanceof DERObjectIdentifier) && ((DERObjectIdentifier) seq.getObjectAt(0)).getId().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic.getId())) {
break;
}
ret = true;
for (int k = 0; k < seq.size(); ++k) {
if (seq.getObjectAt(k) instanceof ASN1Sequence) {
seq = (ASN1Sequence) seq.getObjectAt(0);
ret = false;
break;
}
if (seq.getObjectAt(k) instanceof ASN1TaggedObject) {
ASN1TaggedObject tag = (ASN1TaggedObject) seq.getObjectAt(k);
if (tag.getObject() instanceof ASN1Sequence) {
seq = (ASN1Sequence) tag.getObject();
ret = false;
break;
} else
return;
}
}
if (ret)
return;
}
DEROctetString os = (DEROctetString) seq.getObjectAt(1);
ASN1InputStream inp = new ASN1InputStream(os.getOctets());
BasicOCSPResponse resp = BasicOCSPResponse.getInstance(inp.readObject());
basicResp = new BasicOCSPResp(resp);
}Example 37
| Project: itext-forked-master File: PdfPKCS7.java View source code |
private void findOcsp(ASN1Sequence seq) throws IOException {
basicResp = null;
boolean ret = false;
while (true) {
if ((seq.getObjectAt(0) instanceof DERObjectIdentifier) && ((DERObjectIdentifier) seq.getObjectAt(0)).getId().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic.getId())) {
break;
}
ret = true;
for (int k = 0; k < seq.size(); ++k) {
if (seq.getObjectAt(k) instanceof ASN1Sequence) {
seq = (ASN1Sequence) seq.getObjectAt(0);
ret = false;
break;
}
if (seq.getObjectAt(k) instanceof ASN1TaggedObject) {
ASN1TaggedObject tag = (ASN1TaggedObject) seq.getObjectAt(k);
if (tag.getObject() instanceof ASN1Sequence) {
seq = (ASN1Sequence) tag.getObject();
ret = false;
break;
} else
return;
}
}
if (ret)
return;
}
DEROctetString os = (DEROctetString) seq.getObjectAt(1);
ASN1InputStream inp = new ASN1InputStream(os.getOctets());
BasicOCSPResponse resp = BasicOCSPResponse.getInstance(inp.readObject());
basicResp = new BasicOCSPResp(resp);
}Example 38
| Project: itext2-master File: PdfPKCS7.java View source code |
private void findOcsp(ASN1Sequence seq) throws IOException {
basicResp = null;
boolean ret = false;
while (true) {
if ((seq.getObjectAt(0) instanceof DERObjectIdentifier) && ((DERObjectIdentifier) seq.getObjectAt(0)).getId().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic.getId())) {
break;
}
ret = true;
for (int k = 0; k < seq.size(); ++k) {
if (seq.getObjectAt(k) instanceof ASN1Sequence) {
seq = (ASN1Sequence) seq.getObjectAt(0);
ret = false;
break;
}
if (seq.getObjectAt(k) instanceof ASN1TaggedObject) {
ASN1TaggedObject tag = (ASN1TaggedObject) seq.getObjectAt(k);
if (tag.getObject() instanceof ASN1Sequence) {
seq = (ASN1Sequence) tag.getObject();
ret = false;
break;
} else
return;
}
}
if (ret)
return;
}
DEROctetString os = (DEROctetString) seq.getObjectAt(1);
ASN1InputStream inp = new ASN1InputStream(os.getOctets());
BasicOCSPResponse resp = BasicOCSPResponse.getInstance(inp.readObject());
basicResp = new BasicOCSPResp(resp);
}Example 39
| Project: PDFAInspector-master File: PdfPKCS7.java View source code |
private void findOcsp(ASN1Sequence seq) throws IOException {
basicResp = null;
boolean ret = false;
while (true) {
if (seq.getObjectAt(0) instanceof DERObjectIdentifier && ((DERObjectIdentifier) seq.getObjectAt(0)).getId().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic.getId())) {
break;
}
ret = true;
for (int k = 0; k < seq.size(); ++k) {
if (seq.getObjectAt(k) instanceof ASN1Sequence) {
seq = (ASN1Sequence) seq.getObjectAt(0);
ret = false;
break;
}
if (seq.getObjectAt(k) instanceof ASN1TaggedObject) {
ASN1TaggedObject tag = (ASN1TaggedObject) seq.getObjectAt(k);
if (tag.getObject() instanceof ASN1Sequence) {
seq = (ASN1Sequence) tag.getObject();
ret = false;
break;
} else
return;
}
}
if (ret)
return;
}
DEROctetString os = (DEROctetString) seq.getObjectAt(1);
ASN1InputStream inp = new ASN1InputStream(os.getOctets());
BasicOCSPResponse resp = BasicOCSPResponse.getInstance(inp.readObject());
basicResp = new BasicOCSPResp(resp);
}Example 40
| Project: sysart-itext-master File: PdfPKCS7.java View source code |
private void findOcsp(ASN1Sequence seq) throws IOException {
basicResp = null;
boolean ret = false;
while (true) {
if ((seq.getObjectAt(0) instanceof DERObjectIdentifier) && ((DERObjectIdentifier) seq.getObjectAt(0)).getId().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic.getId())) {
break;
}
ret = true;
for (int k = 0; k < seq.size(); ++k) {
if (seq.getObjectAt(k) instanceof ASN1Sequence) {
seq = (ASN1Sequence) seq.getObjectAt(0);
ret = false;
break;
}
if (seq.getObjectAt(k) instanceof ASN1TaggedObject) {
ASN1TaggedObject tag = (ASN1TaggedObject) seq.getObjectAt(k);
if (tag.getObject() instanceof ASN1Sequence) {
seq = (ASN1Sequence) tag.getObject();
ret = false;
break;
} else
return;
}
}
if (ret)
return;
}
DEROctetString os = (DEROctetString) seq.getObjectAt(1);
ASN1InputStream inp = new ASN1InputStream(os.getOctets());
BasicOCSPResponse resp = BasicOCSPResponse.getInstance(inp.readObject());
basicResp = new BasicOCSPResp(resp);
}Example 41
| Project: wgen-iText-master File: PdfPKCS7.java View source code |
private void findOcsp(ASN1Sequence seq) throws IOException {
basicResp = null;
boolean ret = false;
while (true) {
if (seq.getObjectAt(0) instanceof DERObjectIdentifier && ((DERObjectIdentifier) seq.getObjectAt(0)).getId().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic.getId())) {
break;
}
ret = true;
for (int k = 0; k < seq.size(); ++k) {
if (seq.getObjectAt(k) instanceof ASN1Sequence) {
seq = (ASN1Sequence) seq.getObjectAt(0);
ret = false;
break;
}
if (seq.getObjectAt(k) instanceof ASN1TaggedObject) {
ASN1TaggedObject tag = (ASN1TaggedObject) seq.getObjectAt(k);
if (tag.getObject() instanceof ASN1Sequence) {
seq = (ASN1Sequence) tag.getObject();
ret = false;
break;
} else
return;
}
}
if (ret)
return;
}
DEROctetString os = (DEROctetString) seq.getObjectAt(1);
ASN1InputStream inp = new ASN1InputStream(os.getOctets());
BasicOCSPResponse resp = BasicOCSPResponse.getInstance(inp.readObject());
basicResp = new BasicOCSPResp(resp);
}Example 42
| Project: matos-profiles-master File: DistributionPointName.java View source code |
public static DistributionPointName getInstance(com.android.org.bouncycastle.asn1.ASN1TaggedObject arg1, boolean arg2) {
return (DistributionPointName) null;
}Example 43
| Project: alien-ofelia-conet-ccnx-master File: AuthorityKeyIdentifier.java View source code |
public static AuthorityKeyIdentifier getInstance(ASN1TaggedObject obj, boolean explicit) {
return getInstance(ASN1Sequence.getInstance(obj, explicit));
}Example 44
| Project: BitNomen-master File: AuthorityKeyIdentifier.java View source code |
public static AuthorityKeyIdentifier getInstance(ASN1TaggedObject obj, boolean explicit) {
return getInstance(ASN1Sequence.getInstance(obj, explicit));
}Example 45
| Project: ccnx-master File: AuthorityKeyIdentifier.java View source code |
public static AuthorityKeyIdentifier getInstance(ASN1TaggedObject obj, boolean explicit) {
return getInstance(ASN1Sequence.getInstance(obj, explicit));
}Example 46
| Project: UNH_NDN-master File: AuthorityKeyIdentifier.java View source code |
public static AuthorityKeyIdentifier getInstance(ASN1TaggedObject obj, boolean explicit) {
return getInstance(ASN1Sequence.getInstance(obj, explicit));
}