List of usage examples for org.bouncycastle.asn1 ASN1GeneralizedTime getDate
public Date getDate() throws ParseException
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
public static SignPolicyRef extractVerifyRefence(byte[] policy) throws IOException, ParseException { SignPolicyRef ret = new SignPolicyRef(); ASN1InputStream is = new ASN1InputStream(new ByteArrayInputStream(policy)); ASN1Primitive topLevel = is.readObject(); // SignaturePolicy ::= SEQUENCE { // signPolicyHashAlg AlgorithmIdentifier, // signPolicyInfo SignPolicyInfo, // signPolicyHash SignPolicyHash OPTIONAL } if (topLevel instanceof DLSequence) { DLSequence topLevelDLS = (DLSequence) topLevel; ASN1Encodable dseqL10 = topLevelDLS.getObjectAt(0); ASN1Encodable psHashAlg = null;/*w ww. j a v a 2s .com*/ if (dseqL10 instanceof DLSequence) { DLSequence dseqL10DLS = (DLSequence) dseqL10; psHashAlg = dseqL10DLS.getObjectAt(0); } else if (dseqL10 instanceof ASN1ObjectIdentifier) { psHashAlg = (ASN1ObjectIdentifier) dseqL10; } else return null; if (psHashAlg instanceof ASN1ObjectIdentifier) { ASN1ObjectIdentifier psHashAlgOid = (ASN1ObjectIdentifier) psHashAlg; ret.setPsHashAlg(psHashAlgOid.toString()); } ASN1Encodable dseqL11 = topLevelDLS.getObjectAt(1); if (dseqL11 instanceof DLSequence) { // SignPolicyInfo ::= SEQUENCE { DLSequence dseqL11DLS = (DLSequence) dseqL11; ASN1Encodable psOid = dseqL11DLS.getObjectAt(0); // signPolicyIdentifier SignPolicyId, // 2.16.76.1.7.1.6.2.1 if (psOid instanceof ASN1ObjectIdentifier) { ASN1ObjectIdentifier psOidOid = (ASN1ObjectIdentifier) psOid; ret.setPsOid(psOidOid.toString()); } ASN1Encodable dateOfIssue = dseqL11DLS.getObjectAt(1); // dateOfIssue GeneralizedTime, // 2012-03-22 if (dateOfIssue instanceof ASN1GeneralizedTime) { ASN1GeneralizedTime dateOfIssueGT = (ASN1GeneralizedTime) dateOfIssue; ret.setDateOfIssue(dateOfIssueGT.getDate()); } ASN1Encodable policyIssuerName = dseqL11DLS.getObjectAt(2); // policyIssuerName PolicyIssuerName, // C=BR, O=ICP-Brasil, OU=Instituto Nacional de Tecnologia da // Informacao // - ITI if (policyIssuerName instanceof DLSequence) { DLSequence policyIssuerNameDLSeq = (DLSequence) policyIssuerName; ASN1Encodable policyIssuerName2 = policyIssuerNameDLSeq.getObjectAt(0); if (policyIssuerName2 instanceof DERTaggedObject) { DERTaggedObject policyIssuerName2DTO = (DERTaggedObject) policyIssuerName2; ASN1Primitive polIssuerNameObj = policyIssuerName2DTO.getObject(); if (polIssuerNameObj instanceof DEROctetString) { String polIssuerNameStr = new String(((DEROctetString) polIssuerNameObj).getOctets()); ret.setPolIssuerName(polIssuerNameStr); } } } ASN1Encodable fieldOfApplication = dseqL11DLS.getObjectAt(3); // fieldOfApplication FieldOfApplication, // Este tipo de assinatura deve ser utilizado em aplicacoes ou // processos // de negocio nos quais a assinatura digital agrega seguranca a // autenticacao de entidades e verificacao de integridade, // permitindo // sua validacao durante o prazo de, validade dos certificados // dos // signatarios. Uma vez que nao sao usados carimbos do tempo, a // validacao posterior so sera possivel se existirem referencias // temporais que identifiquem o momento em que ocorreu a // assinatura // digital. Nessas situacoes, deve existir legislacao especifica // ou um // acordo previo entre as partes definindo as referencias a // serem // utilizadas. Segundo esta PA, e permitido o emprego de // multiplas // assinaturas. if (fieldOfApplication instanceof DEROctetString) { DERUTF8String fieldOfApplicationDUS = (DERUTF8String) fieldOfApplication; ret.setFieldOfApplication(fieldOfApplicationDUS.getString()); } // signatureValidationPolicy SignatureValidationPolicy, // signPolExtensions SignPolExtensions OPTIONAL // SignatureValidationPolicy ::= SEQUENCE { ASN1Encodable signatureValidationPolicy = dseqL11DLS.getObjectAt(4); if (signatureValidationPolicy instanceof DLSequence) { DLSequence signatureValidationPolicyDLS = (DLSequence) signatureValidationPolicy; // signingPeriod SigningPeriod, // NotBefore 2012-03-22 // NotAfter 2023-06-21 ASN1Encodable signingPeriod = signatureValidationPolicyDLS.getObjectAt(0); if (signingPeriod instanceof DLSequence) { DLSequence signingPeriodDLS = (DLSequence) signingPeriod; ASN1Encodable notBefore = signingPeriodDLS.getObjectAt(0); if (notBefore instanceof ASN1GeneralizedTime) { ASN1GeneralizedTime notBeforeAGT = (ASN1GeneralizedTime) notBefore; ret.setNotBefore(notBeforeAGT.getDate()); } ASN1Encodable notAfter = signingPeriodDLS.getObjectAt(1); if (notAfter instanceof ASN1GeneralizedTime) { ASN1GeneralizedTime notAfterAGT = (ASN1GeneralizedTime) notAfter; ret.setNotAfter(notAfterAGT.getDate()); } } // // commonRules CommonRules, ASN1Encodable commonRules = getAt(signatureValidationPolicyDLS, 1); if (commonRules instanceof DLSequence) { DLSequence commonRulesDLS = (DLSequence) commonRules; // CommonRules ::= SEQUENCE { // signerAndVeriferRules [0] SignerAndVerifierRules // OPTIONAL, // signingCertTrustCondition [1] // SigningCertTrustCondition OPTIONAL, // timeStampTrustCondition [2] TimestampTrustCondition // OPTIONAL, // attributeTrustCondition [3] AttributeTrustCondition // OPTIONAL, // algorithmConstraintSet [4] AlgorithmConstraintSet // OPTIONAL, // signPolExtensions [5] SignPolExtensions OPTIONAL // } ASN1Encodable signerAndVeriferRules = getAt(commonRulesDLS, 0); // SignerAndVerifierRules ::= SEQUENCE { // signerRules SignerRules, // verifierRules VerifierRules } if (signerAndVeriferRules instanceof DERTaggedObject) { DERTaggedObject signerAndVeriferRulesDTO = (DERTaggedObject) signerAndVeriferRules; ASN1Encodable signerAndVeriferRulesTmp = signerAndVeriferRulesDTO.getObject(); if (signerAndVeriferRulesTmp instanceof DERSequence) { DERSequence signerAndVeriferRulesDERSeq = (DERSequence) signerAndVeriferRulesTmp; ASN1Encodable signerRules = getAt(signerAndVeriferRulesDERSeq, 0); if (signerRules instanceof DERSequence) { DERSequence signerRulesDERSeq = (DERSequence) signerRules; // SignerRules ::= SEQUENCE { // externalSignedData BOOLEAN OPTIONAL, // -- True if signed data is external to CMS // structure // -- False if signed data part of CMS // structure // -- not present if either allowed // mandatedSignedAttr CMSAttrs, // -- Mandated CMS signed attributes // 1.2.840.113549.1.9.3 // 1.2.840.113549.1.9.4 // 1.2.840.113549.1.9.16.2.15 // 1.2.840.113549.1.9.16.2.47 // mandatedUnsignedAttr CMSAttrs, // <empty sequence> // -- Mandated CMS unsigned attributed // mandatedCertificateRef [0] CertRefReq // DEFAULT signerOnly, // (1) // -- Mandated Certificate Reference // mandatedCertificateInfo [1] CertInfoReq // DEFAULT none, // -- Mandated Certificate Info // signPolExtensions [2] SignPolExtensions // OPTIONAL} // CMSAttrs ::= SEQUENCE OF OBJECT // IDENTIFIER ASN1Encodable mandatedSignedAttr = getAt(signerRulesDERSeq, 0); if (mandatedSignedAttr instanceof DERSequence) { DERSequence mandatedSignedAttrDERSeq = (DERSequence) mandatedSignedAttr; for (int i = 0; i < mandatedSignedAttrDERSeq.size(); i++) { ASN1Encodable at = getAt(mandatedSignedAttrDERSeq, i); ret.addMandatedSignedAttr(at.toString()); } } ASN1Encodable mandatedUnsignedAttr = getAt(signerRulesDERSeq, 1); if (mandatedUnsignedAttr instanceof DERSequence) { DERSequence mandatedUnsignedAttrDERSeq = (DERSequence) mandatedUnsignedAttr; } ASN1Encodable mandatedCertificateRef = getAt(signerRulesDERSeq, 2); if (mandatedCertificateRef instanceof DERTaggedObject) { DERTaggedObject mandatedCertificateRefDERSeq = (DERTaggedObject) mandatedCertificateRef; // CertRefReq ::= ENUMERATED { // signerOnly (1), // -- Only reference to signer cert // mandated // fullpath (2) // // -- References for full cert path up // to a trust point required // } ASN1Encodable mandatedCertificateRefTmp = mandatedCertificateRefDERSeq .getObject(); ASN1Enumerated mandatedCertificateRefEnum = (ASN1Enumerated) mandatedCertificateRefTmp; BigInteger valEnum = mandatedCertificateRefEnum.getValue(); int mandatedCertificateRefInt = valEnum.intValue(); ret.setMandatedCertificateRef(mandatedCertificateRefInt); int x = 0; } } ASN1Encodable verifierRules = getAt(signerAndVeriferRulesDERSeq, 1); if (verifierRules instanceof DERSequence) { DERSequence verifierRulesDERSeq = (DERSequence) verifierRules; } } } ASN1Encodable signingCertTrustCondition = getAt(commonRulesDLS, 1); if (signingCertTrustCondition instanceof DERTaggedObject) { DERTaggedObject signingCertTrustConditionDTO = (DERTaggedObject) signingCertTrustCondition; ASN1Encodable signingCertTrustConditionTmp = signingCertTrustConditionDTO.getObject(); if (signingCertTrustConditionTmp instanceof DERSequence) { DERSequence signingCertTrustConditionDERSeq = (DERSequence) signingCertTrustConditionTmp; } } ASN1Encodable timeStampTrustCondition = getAt(commonRulesDLS, 2); if (timeStampTrustCondition instanceof DERTaggedObject) { DERTaggedObject timeStampTrustConditionDTO = (DERTaggedObject) timeStampTrustCondition; ASN1Encodable timeStampTrustConditionTmp = timeStampTrustConditionDTO.getObject(); if (timeStampTrustConditionTmp instanceof DERSequence) { DERSequence timeStampTrustConditionDERSeq = (DERSequence) timeStampTrustConditionTmp; } } ASN1Encodable attributeTrustCondition = getAt(commonRulesDLS, 3); if (attributeTrustCondition instanceof DERTaggedObject) { DERTaggedObject attributeTrustConditionDTO = (DERTaggedObject) attributeTrustCondition; ASN1Encodable attributeTrustConditionTmp = attributeTrustConditionDTO.getObject(); if (attributeTrustConditionTmp instanceof DERSequence) { DERSequence attributeTrustConditionDERSeq = (DERSequence) attributeTrustConditionTmp; } } // ***************************** ASN1Encodable algorithmConstraintSet = getAt(commonRulesDLS, 4); ASN1Encodable signPolExtensions = getAt(commonRulesDLS, 5); } // commitmentRules CommitmentRules, ASN1Encodable commitmentRules = getAt(signatureValidationPolicyDLS, 2); if (commitmentRules instanceof DLSequence) { } // signPolExtensions SignPolExtensions // OPTIONAL ASN1Encodable signPolExtensions = getAt(signatureValidationPolicyDLS, 3); if (signPolExtensions instanceof DLSequence) { } // } } } } // CertInfoReq ::= ENUMERATED { // none (0) , // -- No mandatory requirements // signerOnly (1) , // -- Only reference to signer cert mandated // fullpath (2) // -- References for full cert path up to a // -- trust point mandated // } is.close(); return ret; }
From source file:eu.europa.ec.markt.dss.DSSASN1Utils.java
License:Open Source License
public static Date toDate(final ASN1GeneralizedTime notBeforeTime) throws DSSException { try {//from ww w .j a v a2 s . co m return notBeforeTime.getDate(); } catch (ParseException e) { throw new DSSException(e); } }
From source file:eu.europa.esig.dss.DSSASN1Utils.java
License:Open Source License
public static Date toDate(final ASN1GeneralizedTime asn1Date) throws DSSException { try {//from ww w . ja v a 2s . com return asn1Date.getDate(); } catch (ParseException e) { throw new DSSException(e); } }
From source file:eu.europa.esig.dss.DSSASN1Utils.java
License:Open Source License
public static Date getExpiredCertsOnCRL(X509CRL x509crl) { Set<String> nonCriticalExtensionOIDs = x509crl.getNonCriticalExtensionOIDs(); if ((nonCriticalExtensionOIDs != null) && nonCriticalExtensionOIDs.contains(OID.id_ce_expiredCertsOnCRL.getId())) { byte[] extensionValue = x509crl.getExtensionValue(OID.id_ce_expiredCertsOnCRL.getId()); if (ArrayUtils.isNotEmpty(extensionValue)) { try { ASN1OctetString octetString = (ASN1OctetString) ASN1Primitive.fromByteArray(extensionValue); ASN1GeneralizedTime generalTime = (ASN1GeneralizedTime) ASN1Primitive .fromByteArray(octetString.getOctets()); return generalTime.getDate(); } catch (Exception e) { LOG.error("Unable to retrieve id_ce_expiredCertsOnCRL on CRL : " + e.getMessage(), e); }/*from ww w. j a v a 2s . c o m*/ } } return null; }
From source file:eu.europa.esig.dss.x509.ocsp.OCSPToken.java
License:Open Source License
private void extractArchiveCutOff() { Extension extension = basicOCSPResp.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_archive_cutoff); if (extension != null) { ASN1GeneralizedTime archiveCutOffAsn1 = (ASN1GeneralizedTime) extension.getParsedValue(); try {/*from w ww.jav a2 s.co m*/ archiveCutOff = archiveCutOffAsn1.getDate(); } catch (ParseException e) { logger.warn("Unable to extract id_pkix_ocsp_archive_cutoff : " + e.getMessage()); } } }
From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java
License:Open Source License
private String getGeneralizedTimeString(ASN1GeneralizedTime notBefore) { // Get generalized time as a date Date date;//from ww w .j a v a 2 s .co m try { date = notBefore.getDate(); } catch (ParseException e) { throw new IllegalArgumentException("Cannot parse date"); } return StringUtils.formatDate(date); }
From source file:net.sf.keystore_explorer.gui.dialogs.extensions.DPrivateKeyUsagePeriod.java
License:Open Source License
private void prepopulateWithValue(byte[] value) throws IOException { PrivateKeyUsagePeriod privateKeyUsagePeriod = PrivateKeyUsagePeriod.getInstance(value); ASN1GeneralizedTime notBefore = privateKeyUsagePeriod.getNotBefore(); if (notBefore != null) { try {//from w ww . j a v a 2 s .c o m jdtNotBefore.setDateTime(notBefore.getDate()); } catch (ParseException e) { throw new IOException(e); } } ASN1GeneralizedTime notAfter = privateKeyUsagePeriod.getNotAfter(); if (notAfter != null) { try { jdtNotAfter.setDateTime(notAfter.getDate()); } catch (ParseException e) { throw new IOException(e); } } }
From source file:net.sf.keystore_explorer.utilities.asn1.Asn1Dump.java
License:Open Source License
private String dumpGeneralizedTime(ASN1GeneralizedTime asn1Time) { StringBuilder sb = new StringBuilder(); sb.append(indentSequence.toString(indentLevel)); sb.append("GENERALIZED TIME="); Date date;//from w w w . j a v a 2s. c o m try { date = asn1Time.getDate(); } catch (ParseException e) { throw new RuntimeException("Cannot parse generalized time"); } String formattedDate = new SimpleDateFormat("dd/MMM/yyyy HH:mm:ss.SSS z").format(date); sb.append(formattedDate); sb.append(" ("); sb.append(asn1Time.getTime()); sb.append(")"); sb.append(NEWLINE); return sb.toString(); }
From source file:org.cesecore.certificates.ca.internal.CertificateValidity.java
License:Open Source License
/** * Checks that the PrivateKeyUsagePeriod of the certificate is valid at this time * @param cacert/*from www . j a va2s. c o m*/ * @throws CAOfflineException if PrivateKeyUsagePeriod either is not valid yet or has expired, exception message gives details */ public static void checkPrivateKeyUsagePeriod(final X509Certificate cert) throws CAOfflineException { if (cert != null) { final PrivateKeyUsagePeriod pku = CertTools.getPrivateKeyUsagePeriod(cert); if (pku != null) { final Date now = new Date(); final ASN1GeneralizedTime notBefore = pku.getNotBefore(); final Date pkuNotBefore; final Date pkuNotAfter; try { if (notBefore == null) { pkuNotBefore = null; } else { pkuNotBefore = notBefore.getDate(); } if (log.isDebugEnabled()) { log.debug("PrivateKeyUsagePeriod.notBefore is " + pkuNotBefore); } if (pkuNotBefore != null && now.before(pkuNotBefore)) { final String msg = intres.getLocalizedMessage("createcert.privatekeyusagenotvalid", pkuNotBefore.toString(), cert.getSubjectDN().toString()); if (log.isDebugEnabled()) { log.debug(msg); } throw new CAOfflineException(msg); } final ASN1GeneralizedTime notAfter = pku.getNotAfter(); if (notAfter == null) { pkuNotAfter = null; } else { pkuNotAfter = notAfter.getDate(); } } catch (ParseException e) { throw new IllegalStateException("Could not parse dates.", e); } if (log.isDebugEnabled()) { log.debug("PrivateKeyUsagePeriod.notAfter is " + pkuNotAfter); } if (pkuNotAfter != null && now.after(pkuNotAfter)) { final String msg = intres.getLocalizedMessage("createcert.privatekeyusageexpired", pkuNotAfter.toString(), cert.getSubjectDN().toString()); if (log.isDebugEnabled()) { log.debug(msg); } throw new CAOfflineException(msg); } } else if (log.isDebugEnabled()) { log.debug("No PrivateKeyUsagePeriod available in certificate."); } } else if (log.isDebugEnabled()) { log.debug("No CA certificate available, not checking PrivateKeyUsagePeriod."); } }
From source file:org.cesecore.certificates.util.cert.SubjectDirAttrExtension.java
License:Open Source License
/** * SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute * * Attribute ::= SEQUENCE {/* w ww . j a va2s. co m*/ * type AttributeType, * values SET OF AttributeValue } * -- at least one value is required * * AttributeType ::= OBJECT IDENTIFIER * AttributeValue ::= ANY * * SubjectDirectoryAttributes is of form * dateOfBirth=<19590927>, placeOfBirth=<string>, gender=<M/F>, countryOfCitizenship=<two letter ISO3166>, countryOfResidence=<two letter ISO3166> * * Supported subjectDirectoryAttributes are the ones above * * @param certificate containing subject directory attributes * @return String containing directoryAttributes of form the form specified above or null if no directoryAttributes exist. * Values in returned String is from CertTools constants. * DirectoryAttributes not supported are simply not shown in the resulting string. * @throws java.lang.Exception */ public static String getSubjectDirectoryAttributes(Certificate certificate) throws Exception { log.debug("Search for SubjectAltName"); String result = ""; if (certificate instanceof X509Certificate) { X509Certificate x509cert = (X509Certificate) certificate; ASN1Primitive obj = CertTools.getExtensionValue(x509cert, Extension.subjectDirectoryAttributes.getId()); if (obj == null) { return null; } ASN1Sequence seq = (ASN1Sequence) obj; String prefix = ""; SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMdd"); for (int i = 0; i < seq.size(); i++) { Attribute attr = Attribute.getInstance(seq.getObjectAt(i)); if (!StringUtils.isEmpty(result)) { prefix = ", "; } if (attr.getAttrType().getId().equals(id_pda_dateOfBirth)) { ASN1Set set = attr.getAttrValues(); // Come on, we'll only allow one dateOfBirth, we're not allowing such frauds with multiple birth dates ASN1GeneralizedTime time = ASN1GeneralizedTime.getInstance(set.getObjectAt(0)); Date date = time.getDate(); String dateStr = dateF.format(date); result += prefix + "dateOfBirth=" + dateStr; } if (attr.getAttrType().getId().equals(id_pda_placeOfBirth)) { ASN1Set set = attr.getAttrValues(); // same here only one placeOfBirth String pb = ((ASN1String) set.getObjectAt(0)).getString(); result += prefix + "placeOfBirth=" + pb; } if (attr.getAttrType().getId().equals(id_pda_gender)) { ASN1Set set = attr.getAttrValues(); // same here only one gender String g = ((ASN1String) set.getObjectAt(0)).getString(); result += prefix + "gender=" + g; } if (attr.getAttrType().getId().equals(id_pda_countryOfCitizenship)) { ASN1Set set = attr.getAttrValues(); // same here only one citizenship String g = ((ASN1String) set.getObjectAt(0)).getString(); result += prefix + "countryOfCitizenship=" + g; } if (attr.getAttrType().getId().equals(id_pda_countryOfResidence)) { ASN1Set set = attr.getAttrValues(); // same here only one residence String g = ((ASN1String) set.getObjectAt(0)).getString(); result += prefix + "countryOfResidence=" + g; } } } if (StringUtils.isEmpty(result)) { return null; } return result; }