List of usage examples for org.bouncycastle.asn1 ASN1Integer ASN1Integer
public ASN1Integer(byte[] bytes)
From source file:org.xipki.pki.ca.certprofile.XmlX509Certprofile.java
License:Open Source License
private void initQcStatements(ExtensionsType extensionsType) throws CertprofileException { ASN1ObjectIdentifier type = Extension.qCStatements; if (!extensionControls.containsKey(type)) { return;/* w w w .ja va 2 s . co m*/ } QcStatements extConf = (QcStatements) getExtensionValue(type, extensionsType, QcStatements.class); if (extConf == null) { return; } List<QcStatementType> qcStatementTypes = extConf.getQcStatement(); this.qcStatementsOption = new ArrayList<>(qcStatementTypes.size()); Set<String> currencyCodes = new HashSet<>(); boolean requireInfoFromReq = false; for (QcStatementType m : qcStatementTypes) { ASN1ObjectIdentifier qcStatementId = new ASN1ObjectIdentifier(m.getStatementId().getValue()); QcStatementOption qcStatementOption; QcStatementValueType statementValue = m.getStatementValue(); if (statementValue == null) { QCStatement qcStatment = new QCStatement(qcStatementId); qcStatementOption = new QcStatementOption(qcStatment); } else if (statementValue.getQcRetentionPeriod() != null) { QCStatement qcStatment = new QCStatement(qcStatementId, new ASN1Integer(statementValue.getQcRetentionPeriod())); qcStatementOption = new QcStatementOption(qcStatment); } else if (statementValue.getConstant() != null) { ASN1Encodable constantStatementValue; try { constantStatementValue = new ASN1StreamParser(statementValue.getConstant().getValue()) .readObject(); } catch (IOException ex) { throw new CertprofileException("can not parse the constant value of QcStatement"); } QCStatement qcStatment = new QCStatement(qcStatementId, constantStatementValue); qcStatementOption = new QcStatementOption(qcStatment); } else if (statementValue.getQcEuLimitValue() != null) { QcEuLimitValueType euLimitType = statementValue.getQcEuLimitValue(); String tmpCurrency = euLimitType.getCurrency().toUpperCase(); if (currencyCodes.contains(tmpCurrency)) { throw new CertprofileException("Duplicated definition of qcStatments with QCEuLimitValue for " + "the currency " + tmpCurrency); } Iso4217CurrencyCode currency = StringUtil.isNumber(tmpCurrency) ? new Iso4217CurrencyCode(Integer.parseInt(tmpCurrency)) : new Iso4217CurrencyCode(tmpCurrency); Range2Type r1 = euLimitType.getAmount(); Range2Type r2 = euLimitType.getExponent(); if (r1.getMin() == r1.getMax() && r2.getMin() == r2.getMax()) { MonetaryValue monetaryValue = new MonetaryValue(currency, r1.getMin(), r2.getMin()); QCStatement qcStatement = new QCStatement(qcStatementId, monetaryValue); qcStatementOption = new QcStatementOption(qcStatement); } else { MonetaryValueOption monetaryValueOption = new MonetaryValueOption(currency, r1, r2); qcStatementOption = new QcStatementOption(qcStatementId, monetaryValueOption); requireInfoFromReq = true; } currencyCodes.add(tmpCurrency); } else if (statementValue.getPdsLocations() != null) { ASN1EncodableVector vec = new ASN1EncodableVector(); for (PdsLocationType pl : statementValue.getPdsLocations().getPdsLocation()) { ASN1EncodableVector vec2 = new ASN1EncodableVector(); vec2.add(new DERIA5String(pl.getUrl())); String lang = pl.getLanguage(); if (lang.length() != 2) { throw new RuntimeException("invalid language '" + lang + "'"); } vec2.add(new DERPrintableString(lang)); DERSequence seq = new DERSequence(vec2); vec.add(seq); } QCStatement qcStatement = new QCStatement(qcStatementId, new DERSequence(vec)); qcStatementOption = new QcStatementOption(qcStatement); } else { throw new RuntimeException("unknown value of qcStatment"); } this.qcStatementsOption.add(qcStatementOption); } // end for if (requireInfoFromReq) { return; } ASN1EncodableVector vec = new ASN1EncodableVector(); for (QcStatementOption m : qcStatementsOption) { if (m.getStatement() == null) { throw new RuntimeException("should not reach here"); } vec.add(m.getStatement()); } ASN1Sequence seq = new DERSequence(vec); qcStatments = new ExtensionValue(extensionControls.get(type).isCritical(), seq); qcStatementsOption = null; }
From source file:org.xipki.pki.ca.certprofile.XmlX509Certprofile.java
License:Open Source License
private void initSmimeCapabilities(ExtensionsType extensionsType) throws CertprofileException { ASN1ObjectIdentifier type = ObjectIdentifiers.id_smimeCapabilities; if (!extensionControls.containsKey(type)) { return;/*ww w . j a va 2 s.c o m*/ } SMIMECapabilities extConf = (SMIMECapabilities) getExtensionValue(type, extensionsType, SMIMECapabilities.class); if (extConf == null) { return; } List<SMIMECapability> list = extConf.getSMIMECapability(); ASN1EncodableVector vec = new ASN1EncodableVector(); for (SMIMECapability m : list) { ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(m.getCapabilityID().getValue()); ASN1Encodable params = null; org.xipki.pki.ca.certprofile.x509.jaxb.SMIMECapability.Parameters capParams = m.getParameters(); if (capParams != null) { if (capParams.getInteger() != null) { params = new ASN1Integer(capParams.getInteger()); } else if (capParams.getBase64Binary() != null) { params = readAsn1Encodable(capParams.getBase64Binary().getValue()); } } org.bouncycastle.asn1.smime.SMIMECapability cap = new org.bouncycastle.asn1.smime.SMIMECapability(oid, params); vec.add(cap); } ASN1Encodable extValue = new DERSequence(vec); smimeCapabilities = new ExtensionValue(extensionControls.get(type).isCritical(), extValue); }
From source file:org.xipki.pki.ca.certprofile.XmlX509Certprofile.java
License:Open Source License
private void initTlsFeature(ExtensionsType extensionsType) throws CertprofileException { ASN1ObjectIdentifier type = ObjectIdentifiers.id_pe_tlsfeature; if (!extensionControls.containsKey(type)) { return;//from www . j ava 2 s. co m } TlsFeature extConf = (TlsFeature) getExtensionValue(type, extensionsType, TlsFeature.class); if (extConf == null) { return; } List<Integer> features = new ArrayList<>(extConf.getFeature().size()); for (IntWithDescType m : extConf.getFeature()) { int value = m.getValue(); if (value < 0 || value > 65535) { throw new CertprofileException("invalid TLS feature (extensionType) " + value); } features.add(value); } Collections.sort(features); ASN1EncodableVector vec = new ASN1EncodableVector(); for (Integer m : features) { vec.add(new ASN1Integer(m)); } ASN1Encodable extValue = new DERSequence(vec); tlsFeature = new ExtensionValue(extensionControls.get(type).isCritical(), extValue); }
From source file:org.xipki.pki.ca.certprofile.XmlX509CertprofileUtil.java
License:Open Source License
public static ASN1Sequence buildPolicyConstrains(final PolicyConstraints type) throws CertprofileException { ParamUtil.requireNonNull("type", type); Integer requireExplicitPolicy = type.getRequireExplicitPolicy(); if (requireExplicitPolicy != null && requireExplicitPolicy < 0) { throw new CertprofileException( "negative requireExplicitPolicy is not allowed: " + requireExplicitPolicy); }//from w w w. j a v a 2s .co m Integer inhibitPolicyMapping = type.getInhibitPolicyMapping(); if (inhibitPolicyMapping != null && inhibitPolicyMapping < 0) { throw new CertprofileException("negative inhibitPolicyMapping is not allowed: " + inhibitPolicyMapping); } if (requireExplicitPolicy == null && inhibitPolicyMapping == null) { return null; } final boolean explicit = false; ASN1EncodableVector vec = new ASN1EncodableVector(); if (requireExplicitPolicy != null) { vec.add(new DERTaggedObject(explicit, 0, new ASN1Integer(BigInteger.valueOf(requireExplicitPolicy)))); } if (inhibitPolicyMapping != null) { vec.add(new DERTaggedObject(explicit, 1, new ASN1Integer(BigInteger.valueOf(inhibitPolicyMapping)))); } return new DERSequence(vec); }
From source file:org.xipki.pki.ca.client.impl.CmpRequestor.java
License:Open Source License
protected PKIMessage buildMessageWithXipkAction(final int action, final ASN1Encodable value) throws CmpRequestorException { PKIHeader header = buildPkiHeader(null); ASN1EncodableVector vec = new ASN1EncodableVector(); vec.add(new ASN1Integer(action)); if (value != null) { vec.add(value);/*from ww w . jav a 2 s. com*/ } InfoTypeAndValue itv = new InfoTypeAndValue(ObjectIdentifiers.id_xipki_cmp_cmpGenmsg, new DERSequence(vec)); GenMsgContent genMsgContent = new GenMsgContent(itv); PKIBody body = new PKIBody(PKIBody.TYPE_GEN_MSG, genMsgContent); PKIMessage pkiMessage = new PKIMessage(header, body); return pkiMessage; }
From source file:org.xipki.pki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
public X509CRL downloadCrl(final BigInteger crlNumber, final RequestResponseDebug debug) throws CmpRequestorException, PkiErrorException { Integer action = null;//from w w w. j ava 2s .c o m PKIMessage request; if (crlNumber == null) { ASN1ObjectIdentifier type = CMPObjectIdentifiers.it_currentCRL; request = buildMessageWithGeneralMsgContent(type, null); } else { action = XiSecurityConstants.CMP_ACTION_GET_CRL_WITH_SN; request = buildMessageWithXipkAction(action, new ASN1Integer(crlNumber)); } PkiResponse response = signAndSend(request, debug); return evaluateCrlResponse(response, action); }
From source file:org.xipki.pki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private PKIMessage buildRevokeCertRequest(final RevokeCertRequest request) throws CmpRequestorException { PKIHeader header = buildPkiHeader(null); List<RevokeCertRequestEntry> requestEntries = request.getRequestEntries(); List<RevDetails> revDetailsArray = new ArrayList<>(requestEntries.size()); for (RevokeCertRequestEntry requestEntry : requestEntries) { CertTemplateBuilder certTempBuilder = new CertTemplateBuilder(); certTempBuilder.setIssuer(requestEntry.getIssuer()); certTempBuilder.setSerialNumber(new ASN1Integer(requestEntry.getSerialNumber())); byte[] aki = requestEntry.getAuthorityKeyIdentifier(); if (aki != null) { Extensions certTempExts = getCertTempExtensions(aki); certTempBuilder.setExtensions(certTempExts); }//from ww w .j a v a 2s . c o m Date invalidityDate = requestEntry.getInvalidityDate(); int idx = (invalidityDate == null) ? 1 : 2; Extension[] extensions = new Extension[idx]; try { ASN1Enumerated reason = new ASN1Enumerated(requestEntry.getReason()); extensions[0] = new Extension(Extension.reasonCode, true, new DEROctetString(reason.getEncoded())); if (invalidityDate != null) { ASN1GeneralizedTime time = new ASN1GeneralizedTime(invalidityDate); extensions[1] = new Extension(Extension.invalidityDate, true, new DEROctetString(time.getEncoded())); } } catch (IOException ex) { throw new CmpRequestorException(ex.getMessage(), ex); } Extensions exts = new Extensions(extensions); RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts); revDetailsArray.add(revDetails); } RevReqContent content = new RevReqContent(revDetailsArray.toArray(new RevDetails[0])); PKIBody body = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content); return new PKIMessage(header, body); }
From source file:org.xipki.pki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private PKIMessage buildUnrevokeOrRemoveCertRequest(final UnrevokeOrRemoveCertRequest request, final int reasonCode) throws CmpRequestorException { PKIHeader header = buildPkiHeader(null); List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries(); List<RevDetails> revDetailsArray = new ArrayList<>(requestEntries.size()); for (UnrevokeOrRemoveCertEntry requestEntry : requestEntries) { CertTemplateBuilder certTempBuilder = new CertTemplateBuilder(); certTempBuilder.setIssuer(requestEntry.getIssuer()); certTempBuilder.setSerialNumber(new ASN1Integer(requestEntry.getSerialNumber())); byte[] aki = requestEntry.getAuthorityKeyIdentifier(); if (aki != null) { Extensions certTempExts = getCertTempExtensions(aki); certTempBuilder.setExtensions(certTempExts); }//from w w w . j av a 2 s .c o m Extension[] extensions = new Extension[1]; try { ASN1Enumerated reason = new ASN1Enumerated(reasonCode); extensions[0] = new Extension(Extension.reasonCode, true, new DEROctetString(reason.getEncoded())); } catch (IOException ex) { throw new CmpRequestorException(ex.getMessage(), ex); } Extensions exts = new Extensions(extensions); RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts); revDetailsArray.add(revDetails); } RevReqContent content = new RevReqContent(revDetailsArray.toArray(new RevDetails[0])); PKIBody body = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content); return new PKIMessage(header, body); }
From source file:org.xipki.pki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
public CaInfo retrieveCaInfo(final String caName, final RequestResponseDebug debug) throws CmpRequestorException, PkiErrorException { ParamUtil.requireNonBlank("caName", caName); ASN1EncodableVector vec = new ASN1EncodableVector(); vec.add(new ASN1Integer(2)); ASN1Sequence acceptVersions = new DERSequence(vec); int action = XiSecurityConstants.CMP_ACTION_GET_CAINFO; PKIMessage request = buildMessageWithXipkAction(action, acceptVersions); PkiResponse response = signAndSend(request, debug); ASN1Encodable itvValue = extractXipkiActionRepContent(response, action); DERUTF8String utf8Str = DERUTF8String.getInstance(itvValue); String systemInfoStr = utf8Str.getString(); LOG.debug("CAInfo for CA {}: {}", caName, systemInfoStr); Document doc;//from ww w . ja v a 2s.c o m try { doc = xmlDocBuilder.parse(new ByteArrayInputStream(systemInfoStr.getBytes("UTF-8"))); } catch (SAXException | IOException ex) { throw new CmpRequestorException( "could not parse the returned systemInfo for CA " + caName + ": " + ex.getMessage(), ex); } final String namespace = null; Element root = doc.getDocumentElement(); String str = root.getAttribute("version"); if (StringUtil.isBlank(str)) { str = root.getAttributeNS(namespace, "version"); } int version = StringUtil.isBlank(str) ? 1 : Integer.parseInt(str); if (version == 2) { // CACert X509Certificate caCert; String b64CaCert = XmlUtil.getValueOfFirstElementChild(root, namespace, "CACert"); try { caCert = X509Util.parseBase64EncodedCert(b64CaCert); } catch (CertificateException ex) { throw new CmpRequestorException("could no parse the CA certificate", ex); } // CmpControl ClientCmpControl cmpControl = null; Element cmpCtrlElement = XmlUtil.getFirstElementChild(root, namespace, "cmpControl"); if (cmpCtrlElement != null) { String tmpStr = XmlUtil.getValueOfFirstElementChild(cmpCtrlElement, namespace, "rrAkiRequired"); boolean required = (tmpStr == null) ? false : Boolean.parseBoolean(tmpStr); cmpControl = new ClientCmpControl(required); } // certprofiles Set<String> profileNames = new HashSet<>(); Element profilesElement = XmlUtil.getFirstElementChild(root, namespace, "certprofiles"); Set<CertprofileInfo> profiles = new HashSet<>(); if (profilesElement != null) { List<Element> profileElements = XmlUtil.getElementChilden(profilesElement, namespace, "certprofile"); for (Element element : profileElements) { String name = XmlUtil.getValueOfFirstElementChild(element, namespace, "name"); String type = XmlUtil.getValueOfFirstElementChild(element, namespace, "type"); String conf = XmlUtil.getValueOfFirstElementChild(element, namespace, "conf"); CertprofileInfo profile = new CertprofileInfo(name, type, conf); profiles.add(profile); profileNames.add(name); if (LOG.isDebugEnabled()) { StringBuilder sb = new StringBuilder(); sb.append("configured for CA ").append(caName).append(" certprofile ("); sb.append("name=").append(name).append(", "); sb.append("type=").append(type).append(", "); sb.append("conf=").append(conf).append(")"); LOG.debug(sb.toString()); } } } LOG.info("CA {} supports profiles {}", caName, profileNames); return new CaInfo(caCert, cmpControl, profiles); } else { throw new CmpRequestorException("unknown CAInfo version " + version); } }
From source file:org.xipki.pki.ca.qa.ExtensionsChecker.java
License:Open Source License
public ExtensionsChecker(final X509ProfileType conf, final XmlX509Certprofile certProfile) throws CertprofileException { this.certProfile = ParamUtil.requireNonNull("certProfile", certProfile); ParamUtil.requireNonNull("conf", conf); // Extensions ExtensionsType extensionsType = conf.getExtensions(); // Extension controls Map<ASN1ObjectIdentifier, ExtensionControl> extensionControls = certProfile.getExtensionControls(); // Certificate Policies ASN1ObjectIdentifier type = Extension.certificatePolicies; if (extensionControls.containsKey(type)) { org.xipki.pki.ca.certprofile.x509.jaxb.CertificatePolicies extConf = (org.xipki.pki.ca.certprofile.x509.jaxb.CertificatePolicies) getExtensionValue( type, extensionsType, org.xipki.pki.ca.certprofile.x509.jaxb.CertificatePolicies.class); if (extConf != null) { this.certificatePolicies = new QaCertificatePolicies(extConf); }//from w w w . j ava 2 s. co m } // Policy Mappings type = Extension.policyMappings; if (extensionControls.containsKey(type)) { PolicyMappings extConf = (PolicyMappings) getExtensionValue(type, extensionsType, PolicyMappings.class); if (extConf != null) { this.policyMappings = new QaPolicyMappingsOption(extConf); } } // Name Constrains type = Extension.nameConstraints; if (extensionControls.containsKey(type)) { org.xipki.pki.ca.certprofile.x509.jaxb.NameConstraints extConf = (org.xipki.pki.ca.certprofile.x509.jaxb.NameConstraints) getExtensionValue( type, extensionsType, org.xipki.pki.ca.certprofile.x509.jaxb.NameConstraints.class); if (extConf != null) { this.nameConstraints = new QaNameConstraints(extConf); } } // Policy Constraints type = Extension.policyConstraints; if (extensionControls.containsKey(type)) { PolicyConstraints extConf = (PolicyConstraints) getExtensionValue(type, extensionsType, PolicyConstraints.class); if (extConf != null) { this.policyConstraints = new QaPolicyConstraints(extConf); } } // Inhibit anyPolicy type = Extension.inhibitAnyPolicy; if (extensionControls.containsKey(type)) { InhibitAnyPolicy extConf = (InhibitAnyPolicy) getExtensionValue(type, extensionsType, InhibitAnyPolicy.class); if (extConf != null) { this.inhibitAnyPolicy = new QaInhibitAnyPolicy(extConf); } } // restriction type = ObjectIdentifiers.id_extension_restriction; if (extensionControls.containsKey(type)) { Restriction extConf = (Restriction) getExtensionValue(type, extensionsType, Restriction.class); if (extConf != null) { restriction = new QaDirectoryString( XmlX509CertprofileUtil.convertDirectoryStringType(extConf.getType()), extConf.getText()); } } // additionalInformation type = ObjectIdentifiers.id_extension_additionalInformation; if (extensionControls.containsKey(type)) { AdditionalInformation extConf = (AdditionalInformation) getExtensionValue(type, extensionsType, AdditionalInformation.class); if (extConf != null) { additionalInformation = new QaDirectoryString( XmlX509CertprofileUtil.convertDirectoryStringType(extConf.getType()), extConf.getText()); } } // validityModel type = ObjectIdentifiers.id_extension_validityModel; if (extensionControls.containsKey(type)) { ValidityModel extConf = (ValidityModel) getExtensionValue(type, extensionsType, ValidityModel.class); if (extConf != null) { validityModelId = new ASN1ObjectIdentifier(extConf.getModelId().getValue()); } } // QCStatements type = Extension.qCStatements; if (extensionControls.containsKey(type)) { QcStatements extConf = (QcStatements) getExtensionValue(type, extensionsType, QcStatements.class); if (extConf != null) { qcStatements = extConf; } } // tlsFeature type = ObjectIdentifiers.id_pe_tlsfeature; if (extensionControls.containsKey(type)) { TlsFeature extConf = (TlsFeature) getExtensionValue(type, extensionsType, TlsFeature.class); if (extConf != null) { tlsFeature = new QaTlsFeature(extConf); } } // AuthorizationTemplate type = ObjectIdentifiers.id_xipki_ext_authorizationTemplate; if (extensionControls.containsKey(type)) { AuthorizationTemplate extConf = (AuthorizationTemplate) getExtensionValue(type, extensionsType, AuthorizationTemplate.class); if (extConf != null) { authorizationTemplate = new QaAuthorizationTemplate(extConf); } } // SMIMECapabilities type = ObjectIdentifiers.id_smimeCapabilities; if (extensionControls.containsKey(type)) { SMIMECapabilities extConf = (SMIMECapabilities) getExtensionValue(type, extensionsType, SMIMECapabilities.class); List<SMIMECapability> list = extConf.getSMIMECapability(); ASN1EncodableVector vec = new ASN1EncodableVector(); for (SMIMECapability m : list) { ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(m.getCapabilityID().getValue()); ASN1Encodable params = null; org.xipki.pki.ca.certprofile.x509.jaxb.SMIMECapability.Parameters capParams = m.getParameters(); if (capParams != null) { if (capParams.getInteger() != null) { params = new ASN1Integer(capParams.getInteger()); } else if (capParams.getBase64Binary() != null) { params = readAsn1Encodable(capParams.getBase64Binary().getValue()); } } org.bouncycastle.asn1.smime.SMIMECapability cap = new org.bouncycastle.asn1.smime.SMIMECapability( oid, params); vec.add(cap); } DERSequence extValue = new DERSequence(vec); try { smimeCapabilities = new QaExtensionValue(extensionControls.get(type).isCritical(), extValue.getEncoded()); } catch (IOException ex) { throw new CertprofileException("Cannot encode SMIMECapabilities: " + ex.getMessage()); } } // constant extensions this.constantExtensions = buildConstantExtesions(extensionsType); }