List of usage examples for org.bouncycastle.asn1.isismtt.x509 Admissions getProfessionInfos
public ProfessionInfo[] getProfessionInfos()
From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java
License:Open Source License
private String getAdmissionStringValue(byte[] octets) throws IOException { // @formatter:off /*// w ww .ja v a 2s .c o m AdmissionSyntax ::= SEQUENCE { admissionAuthority GeneralName OPTIONAL, contentsOfAdmissions SEQUENCE OF Admissions } Admissions ::= SEQUENCE { admissionAuthority [0] EXPLICIT GeneralName OPTIONAL namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL professionInfos SEQUENCE OF ProfessionInfo } NamingAuthority ::= SEQUENCE { namingAuthorityId OBJECT IDENTIFIER OPTIONAL, namingAuthorityUrl IA5String OPTIONAL, namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL } ProfessionInfo ::= SEQUENCE { namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL, professionItems SEQUENCE OF DirectoryString (SIZE(1..128)), professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL, registrationNumber PrintableString(SIZE(1..128)) OPTIONAL, addProfessionInfo OCTET STRING OPTIONAL } */ // @formatter:on StringBuilder sb = new StringBuilder(); int indentLevel = 1; AdmissionSyntax admissionSyntax = AdmissionSyntax.getInstance(ASN1Sequence.getInstance(octets)); GeneralName admissionAuthority = admissionSyntax.getAdmissionAuthority(); if (admissionAuthority != null) { sb.append(MessageFormat.format(res.getString("Admission.AdmissionAuthority"), GeneralNameUtil.toString(admissionAuthority))); sb.append(NEWLINE); } Admissions[] admissions = admissionSyntax.getContentsOfAdmissions(); int admissionNr = 0; for (Admissions admission : admissions) { sb.append(MessageFormat.format(res.getString("Admission.Admission"), ++admissionNr)); sb.append(NEWLINE); admissionAuthority = admission.getAdmissionAuthority(); NamingAuthority namingAuthority = admission.getNamingAuthority(); ProfessionInfo[] professionInfos = admission.getProfessionInfos(); if (admissionAuthority != null) { sb.append(INDENT.toString(indentLevel)); sb.append(MessageFormat.format(res.getString("Admission.AdmissionAuthority"), GeneralNameUtil.toString(admissionAuthority))); sb.append(NEWLINE); } if (namingAuthority != null) { sb.append(getNamingAuthorityStringValue(namingAuthority, indentLevel)); } for (ProfessionInfo professionInfo : professionInfos) { namingAuthority = professionInfo.getNamingAuthority(); ASN1ObjectIdentifier[] professionOIDs = professionInfo.getProfessionOIDs(); String registrationNumber = professionInfo.getRegistrationNumber(); ASN1OctetString addProfessionInfo = professionInfo.getAddProfessionInfo(); sb.append(INDENT.toString(indentLevel)); sb.append(res.getString("Admission.ProfessionInfo")); sb.append(NEWLINE); indentLevel++; if (namingAuthority != null) { sb.append(getNamingAuthorityStringValue(namingAuthority, indentLevel)); } DirectoryString[] professionItems = professionInfo.getProfessionItems(); for (DirectoryString professionItem : professionItems) { sb.append(INDENT.toString(indentLevel)); sb.append(MessageFormat.format(res.getString("Admission.ProfessionItem"), professionItem.toString())); sb.append(NEWLINE); } if (professionOIDs != null) { for (ASN1ObjectIdentifier professionOID : professionOIDs) { sb.append(INDENT.toString(indentLevel)); sb.append(MessageFormat.format(res.getString("Admission.ProfessionOID"), professionOID.getId())); sb.append(NEWLINE); } } if (registrationNumber != null) { sb.append(INDENT.toString(indentLevel)); sb.append(MessageFormat.format(res.getString("Admission.RegistrationNumber"), registrationNumber)); sb.append(NEWLINE); } if (addProfessionInfo != null) { sb.append(INDENT.toString(indentLevel)); sb.append(MessageFormat.format(res.getString("Admission.AddProfessionInfo"), HexUtil.getHexString(addProfessionInfo.getOctets()))); sb.append(NEWLINE); } indentLevel--; } } return sb.toString(); }
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private void checkExtensionAdmission(final StringBuilder failureMsg, final byte[] extensionValue, final Extensions requestExtensions, final ExtensionControl extControl) { QaAdmission conf = admission;//from www . j ava 2 s . c o m if (conf == null) { byte[] expected = getExpectedExtValue(ObjectIdentifiers.id_extension_admission, requestExtensions, extControl); if (Arrays.equals(expected, extensionValue) == false) { failureMsg.append("extension valus is '").append(hex(extensionValue)); failureMsg.append("' but expected '").append(expected == null ? "not present" : hex(expected)) .append("'"); failureMsg.append("; "); } return; } ASN1Sequence seq = ASN1Sequence.getInstance(extensionValue); AdmissionSyntax iAdmissionSyntax = AdmissionSyntax.getInstance(seq); Admissions[] iAdmissions = iAdmissionSyntax.getContentsOfAdmissions(); int n = iAdmissions == null ? 0 : iAdmissions.length; if (n != 1) { failureMsg.append("size of Admissions is '").append(n).append("' but expected is '1'"); failureMsg.append("; "); return; } Admissions iAdmission = iAdmissions[0]; ProfessionInfo[] iProfessionInfos = iAdmission.getProfessionInfos(); n = iProfessionInfos == null ? 0 : iProfessionInfos.length; if (n != 1) { failureMsg.append("size of ProfessionInfo is '").append(n).append("' but expected is '1'"); failureMsg.append("; "); return; } ProfessionInfo iProfessionInfo = iProfessionInfos[0]; String iRegistrationNumber = iProfessionInfo.getRegistrationNumber(); String eRegistrationNumber = conf.getRegistrationNumber(); if (eRegistrationNumber == null) { if (iRegistrationNumber != null) { failureMsg.append("RegistrationNumber is '").append(iRegistrationNumber); failureMsg.append("' but expected is 'null'"); failureMsg.append("; "); } } else if (eRegistrationNumber.equals(iRegistrationNumber) == false) { failureMsg.append("RegistrationNumber is '").append(iRegistrationNumber); failureMsg.append("' but expected is '").append(eRegistrationNumber).append("'"); failureMsg.append("; "); } byte[] iAddProfessionInfo = null; if (iProfessionInfo.getAddProfessionInfo() != null) { iAddProfessionInfo = iProfessionInfo.getAddProfessionInfo().getOctets(); } byte[] eAddProfessionInfo = conf.getAddProfessionInfo(); if (eAddProfessionInfo == null) { if (iAddProfessionInfo != null) { failureMsg.append("AddProfessionInfo is '").append(hex(iAddProfessionInfo)); failureMsg.append("' but expected is 'null'"); failureMsg.append("; "); } } else { if (iAddProfessionInfo == null) { failureMsg.append("AddProfessionInfo is 'null' but expected is '").append(hex(eAddProfessionInfo)); failureMsg.append("'"); failureMsg.append("; "); } else if (Arrays.equals(eAddProfessionInfo, iAddProfessionInfo) == false) { failureMsg.append("AddProfessionInfo is '").append(hex(iAddProfessionInfo)); failureMsg.append("' but expected is '").append(hex(eAddProfessionInfo)).append("'"); failureMsg.append("; "); } } List<String> eProfessionOids = conf.getProfessionOIDs(); ASN1ObjectIdentifier[] _iProfessionOids = iProfessionInfo.getProfessionOIDs(); List<String> iProfessionOids = new LinkedList<>(); if (_iProfessionOids != null) { for (ASN1ObjectIdentifier entry : _iProfessionOids) { iProfessionOids.add(entry.getId()); } } Set<String> diffs = str_in_b_not_in_a(eProfessionOids, iProfessionOids); if (CollectionUtil.isNotEmpty(diffs)) { failureMsg.append("ProfessionOIDs ").append(diffs.toString()).append(" are present but not expected"); failureMsg.append("; "); } diffs = str_in_b_not_in_a(iProfessionOids, eProfessionOids); if (CollectionUtil.isNotEmpty(diffs)) { failureMsg.append("ProfessionOIDs ").append(diffs.toString()).append(" are absent but are required"); failureMsg.append("; "); } List<String> eProfessionItems = conf.getProfessionItems(); DirectoryString[] items = iProfessionInfo.getProfessionItems(); List<String> iProfessionItems = new LinkedList<>(); if (items != null) { for (DirectoryString item : items) { iProfessionItems.add(item.getString()); } } diffs = str_in_b_not_in_a(eProfessionItems, iProfessionItems); if (CollectionUtil.isNotEmpty(diffs)) { failureMsg.append("ProfessionItems ").append(diffs.toString()).append(" are present but not expected"); failureMsg.append("; "); } diffs = str_in_b_not_in_a(iProfessionItems, eProfessionItems); if (CollectionUtil.isNotEmpty(diffs)) { failureMsg.append("ProfessionItems ").append(diffs.toString()).append(" are absent but are required"); failureMsg.append("; "); } }
From source file:org.xipki.pki.ca.certprofile.XmlX509Certprofile.java
License:Open Source License
@Override public ExtensionValues getExtensions(final Map<ASN1ObjectIdentifier, ExtensionControl> extensionOccurences, final X500Name requestedSubject, final X500Name grantedSubject, final Extensions requestedExtensions, final Date notBefore, final Date notAfter) throws CertprofileException, BadCertTemplateException { ExtensionValues values = new ExtensionValues(); if (CollectionUtil.isEmpty(extensionOccurences)) { return values; }//from w w w .j a v a 2s .com ParamUtil.requireNonNull("requestedSubject", requestedSubject); ParamUtil.requireNonNull("notBefore", notBefore); ParamUtil.requireNonNull("notAfter", notAfter); Set<ASN1ObjectIdentifier> occurences = new HashSet<>(extensionOccurences.keySet()); // AuthorityKeyIdentifier // processed by the CA // SubjectKeyIdentifier // processed by the CA // KeyUsage // processed by the CA // CertificatePolicies ASN1ObjectIdentifier type = Extension.certificatePolicies; if (certificatePolicies != null) { if (occurences.remove(type)) { values.addExtension(type, certificatePolicies); } } // Policy Mappings type = Extension.policyMappings; if (policyMappings != null) { if (occurences.remove(type)) { values.addExtension(type, policyMappings); } } // SubjectAltName type = Extension.subjectAlternativeName; if (occurences.contains(type)) { GeneralNames genNames = createRequestedSubjectAltNames(requestedSubject, grantedSubject, requestedExtensions); if (genNames != null) { ExtensionValue value = new ExtensionValue(extensionControls.get(type).isCritical(), genNames); values.addExtension(type, value); occurences.remove(type); } } // IssuerAltName // processed by the CA // Subject Directory Attributes type = Extension.subjectDirectoryAttributes; if (occurences.contains(type) && subjectDirAttrsControl != null) { Extension extension = (requestedExtensions == null) ? null : requestedExtensions.getExtension(type); if (extension == null) { throw new BadCertTemplateException( "no SubjectDirecotryAttributes extension is contained in the request"); } ASN1GeneralizedTime dateOfBirth = null; String placeOfBirth = null; String gender = null; List<String> countryOfCitizenshipList = new LinkedList<>(); List<String> countryOfResidenceList = new LinkedList<>(); Map<ASN1ObjectIdentifier, List<ASN1Encodable>> otherAttrs = new HashMap<>(); Vector<?> reqSubDirAttrs = SubjectDirectoryAttributes.getInstance(extension.getParsedValue()) .getAttributes(); final int n = reqSubDirAttrs.size(); for (int i = 0; i < n; i++) { Attribute attr = (Attribute) reqSubDirAttrs.get(i); ASN1ObjectIdentifier attrType = attr.getAttrType(); ASN1Encodable attrVal = attr.getAttributeValues()[0]; if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(attrType)) { dateOfBirth = ASN1GeneralizedTime.getInstance(attrVal); } else if (ObjectIdentifiers.DN_PLACE_OF_BIRTH.equals(attrType)) { placeOfBirth = DirectoryString.getInstance(attrVal).getString(); } else if (ObjectIdentifiers.DN_GENDER.equals(attrType)) { gender = DERPrintableString.getInstance(attrVal).getString(); } else if (ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP.equals(attrType)) { String country = DERPrintableString.getInstance(attrVal).getString(); countryOfCitizenshipList.add(country); } else if (ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE.equals(attrType)) { String country = DERPrintableString.getInstance(attrVal).getString(); countryOfResidenceList.add(country); } else { List<ASN1Encodable> otherAttrVals = otherAttrs.get(attrType); if (otherAttrVals == null) { otherAttrVals = new LinkedList<>(); otherAttrs.put(attrType, otherAttrVals); } otherAttrVals.add(attrVal); } } Vector<Attribute> attrs = new Vector<>(); for (ASN1ObjectIdentifier attrType : subjectDirAttrsControl.getTypes()) { if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(attrType)) { if (dateOfBirth != null) { String timeStirng = dateOfBirth.getTimeString(); if (!SubjectDnSpec.PATTERN_DATE_OF_BIRTH.matcher(timeStirng).matches()) { throw new BadCertTemplateException("invalid dateOfBirth " + timeStirng); } attrs.add(new Attribute(attrType, new DERSet(dateOfBirth))); continue; } } else if (ObjectIdentifiers.DN_PLACE_OF_BIRTH.equals(attrType)) { if (placeOfBirth != null) { ASN1Encodable attrVal = new DERUTF8String(placeOfBirth); attrs.add(new Attribute(attrType, new DERSet(attrVal))); continue; } } else if (ObjectIdentifiers.DN_GENDER.equals(attrType)) { if (gender != null && !gender.isEmpty()) { char ch = gender.charAt(0); if (!(gender.length() == 1 && (ch == 'f' || ch == 'F' || ch == 'm' || ch == 'M'))) { throw new BadCertTemplateException("invalid gender " + gender); } ASN1Encodable attrVal = new DERPrintableString(gender); attrs.add(new Attribute(attrType, new DERSet(attrVal))); continue; } } else if (ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP.equals(attrType)) { if (!countryOfCitizenshipList.isEmpty()) { for (String country : countryOfCitizenshipList) { if (!SubjectDnSpec.isValidCountryAreaCode(country)) { throw new BadCertTemplateException("invalid countryOfCitizenship code " + country); } ASN1Encodable attrVal = new DERPrintableString(country); attrs.add(new Attribute(attrType, new DERSet(attrVal))); } continue; } } else if (ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE.equals(attrType)) { if (!countryOfResidenceList.isEmpty()) { for (String country : countryOfResidenceList) { if (!SubjectDnSpec.isValidCountryAreaCode(country)) { throw new BadCertTemplateException("invalid countryOfResidence code " + country); } ASN1Encodable attrVal = new DERPrintableString(country); attrs.add(new Attribute(attrType, new DERSet(attrVal))); } continue; } } else if (otherAttrs.containsKey(attrType)) { for (ASN1Encodable attrVal : otherAttrs.get(attrType)) { attrs.add(new Attribute(attrType, new DERSet(attrVal))); } continue; } throw new BadCertTemplateException( "could not process type " + attrType.getId() + " in extension SubjectDirectoryAttributes"); } SubjectDirectoryAttributes subjDirAttrs = new SubjectDirectoryAttributes(attrs); ExtensionValue extValue = new ExtensionValue(extensionControls.get(type).isCritical(), subjDirAttrs); values.addExtension(type, extValue); occurences.remove(type); } // Basic Constraints // processed by the CA // Name Constraints type = Extension.nameConstraints; if (nameConstraints != null) { if (occurences.remove(type)) { values.addExtension(type, nameConstraints); } } // PolicyConstrains type = Extension.policyConstraints; if (policyConstraints != null) { if (occurences.remove(type)) { values.addExtension(type, policyConstraints); } } // ExtendedKeyUsage // processed by CA // CRL Distribution Points // processed by the CA // Inhibit anyPolicy type = Extension.inhibitAnyPolicy; if (inhibitAnyPolicy != null) { if (occurences.remove(type)) { values.addExtension(type, inhibitAnyPolicy); } } // Freshest CRL // processed by the CA // Authority Information Access // processed by the CA // Subject Information Access // processed by the CA // Admission type = ObjectIdentifiers.id_extension_admission; if (occurences.contains(type) && admission != null) { if (admission.isInputFromRequestRequired()) { Extension extension = (requestedExtensions == null) ? null : requestedExtensions.getExtension(type); if (extension == null) { throw new BadCertTemplateException("No Admission extension is contained in the request"); } Admissions[] reqAdmissions = org.bouncycastle.asn1.isismtt.x509.AdmissionSyntax .getInstance(extension.getParsedValue()).getContentsOfAdmissions(); final int n = reqAdmissions.length; List<List<String>> reqRegNumsList = new ArrayList<>(n); for (int i = 0; i < n; i++) { Admissions reqAdmission = reqAdmissions[i]; ProfessionInfo[] reqPis = reqAdmission.getProfessionInfos(); List<String> reqNums = new ArrayList<>(reqPis.length); reqRegNumsList.add(reqNums); for (ProfessionInfo reqPi : reqPis) { String reqNum = reqPi.getRegistrationNumber(); reqNums.add(reqNum); } } values.addExtension(type, admission.getExtensionValue(reqRegNumsList)); occurences.remove(type); } else { values.addExtension(type, admission.getExtensionValue(null)); occurences.remove(type); } } // OCSP Nocheck // processed by the CA // restriction type = ObjectIdentifiers.id_extension_restriction; if (restriction != null) { if (occurences.remove(type)) { values.addExtension(type, restriction); } } // AdditionalInformation type = ObjectIdentifiers.id_extension_additionalInformation; if (additionalInformation != null) { if (occurences.remove(type)) { values.addExtension(type, additionalInformation); } } // ValidityModel type = ObjectIdentifiers.id_extension_validityModel; if (validityModel != null) { if (occurences.remove(type)) { values.addExtension(type, validityModel); } } // PrivateKeyUsagePeriod type = Extension.privateKeyUsagePeriod; if (occurences.contains(type)) { Date tmpNotAfter; if (privateKeyUsagePeriod == null) { tmpNotAfter = notAfter; } else { tmpNotAfter = privateKeyUsagePeriod.add(notBefore); if (tmpNotAfter.after(notAfter)) { tmpNotAfter = notAfter; } } ASN1EncodableVector vec = new ASN1EncodableVector(); vec.add(new DERTaggedObject(false, 0, new DERGeneralizedTime(notBefore))); vec.add(new DERTaggedObject(false, 1, new DERGeneralizedTime(tmpNotAfter))); ExtensionValue extValue = new ExtensionValue(extensionControls.get(type).isCritical(), new DERSequence(vec)); values.addExtension(type, extValue); occurences.remove(type); } // QCStatements type = Extension.qCStatements; if (occurences.contains(type) && (qcStatments != null || qcStatementsOption != null)) { if (qcStatments != null) { values.addExtension(type, qcStatments); occurences.remove(type); } else if (requestedExtensions != null && qcStatementsOption != null) { // extract the euLimit data from request Extension extension = requestedExtensions.getExtension(type); if (extension == null) { throw new BadCertTemplateException("No QCStatement extension is contained in the request"); } ASN1Sequence seq = ASN1Sequence.getInstance(extension.getParsedValue()); Map<String, int[]> qcEuLimits = new HashMap<>(); final int n = seq.size(); for (int i = 0; i < n; i++) { QCStatement stmt = QCStatement.getInstance(seq.getObjectAt(i)); if (!ObjectIdentifiers.id_etsi_qcs_QcLimitValue.equals(stmt.getStatementId())) { continue; } MonetaryValue monetaryValue = MonetaryValue.getInstance(stmt.getStatementInfo()); int amount = monetaryValue.getAmount().intValue(); int exponent = monetaryValue.getExponent().intValue(); Iso4217CurrencyCode currency = monetaryValue.getCurrency(); String currencyS = currency.isAlphabetic() ? currency.getAlphabetic().toUpperCase() : Integer.toString(currency.getNumeric()); qcEuLimits.put(currencyS, new int[] { amount, exponent }); } ASN1EncodableVector vec = new ASN1EncodableVector(); for (QcStatementOption m : qcStatementsOption) { if (m.getStatement() != null) { vec.add(m.getStatement()); continue; } MonetaryValueOption monetaryOption = m.getMonetaryValueOption(); String currencyS = monetaryOption.getCurrencyString(); int[] limit = qcEuLimits.get(currencyS); if (limit == null) { throw new BadCertTemplateException( "no EuLimitValue is specified for currency '" + currencyS + "'"); } int amount = limit[0]; Range2Type range = monetaryOption.getAmountRange(); if (amount < range.getMin() || amount > range.getMax()) { throw new BadCertTemplateException("amount for currency '" + currencyS + "' is not within [" + range.getMin() + ", " + range.getMax() + "]"); } int exponent = limit[1]; range = monetaryOption.getExponentRange(); if (exponent < range.getMin() || exponent > range.getMax()) { throw new BadCertTemplateException("exponent for currency '" + currencyS + "' is not within [" + range.getMin() + ", " + range.getMax() + "]"); } MonetaryValue monetaryVale = new MonetaryValue(monetaryOption.getCurrency(), amount, exponent); QCStatement qcStatment = new QCStatement(m.getStatementId(), monetaryVale); vec.add(qcStatment); } ExtensionValue extValue = new ExtensionValue(extensionControls.get(type).isCritical(), new DERSequence(vec)); values.addExtension(type, extValue); occurences.remove(type); } else { throw new RuntimeException("should not reach here"); } } // BiometricData type = Extension.biometricInfo; if (occurences.contains(type) && biometricInfo != null) { Extension extension = (requestedExtensions == null) ? null : requestedExtensions.getExtension(type); if (extension == null) { throw new BadCertTemplateException("no biometricInfo extension is contained in the request"); } ASN1Sequence seq = ASN1Sequence.getInstance(extension.getParsedValue()); final int n = seq.size(); if (n < 1) { throw new BadCertTemplateException("biometricInfo extension in request contains empty sequence"); } ASN1EncodableVector vec = new ASN1EncodableVector(); for (int i = 0; i < n; i++) { BiometricData bd = BiometricData.getInstance(seq.getObjectAt(i)); TypeOfBiometricData bdType = bd.getTypeOfBiometricData(); if (!biometricInfo.isTypePermitted(bdType)) { throw new BadCertTemplateException( "biometricInfo[" + i + "].typeOfBiometricData is not permitted"); } ASN1ObjectIdentifier hashAlgo = bd.getHashAlgorithm().getAlgorithm(); if (!biometricInfo.isHashAlgorithmPermitted(hashAlgo)) { throw new BadCertTemplateException("biometricInfo[" + i + "].hashAlgorithm is not permitted"); } int expHashValueSize; try { expHashValueSize = AlgorithmUtil.getHashOutputSizeInOctets(hashAlgo); } catch (NoSuchAlgorithmException ex) { throw new CertprofileException("should not happen, unknown hash algorithm " + hashAlgo); } byte[] hashValue = bd.getBiometricDataHash().getOctets(); if (hashValue.length != expHashValueSize) { throw new BadCertTemplateException( "biometricInfo[" + i + "].biometricDataHash has incorrect length"); } DERIA5String sourceDataUri = bd.getSourceDataUri(); switch (biometricInfo.getSourceDataUriOccurrence()) { case FORBIDDEN: sourceDataUri = null; break; case REQUIRED: if (sourceDataUri == null) { throw new BadCertTemplateException("biometricInfo[" + i + "].sourceDataUri is not specified in request but is required"); } break; case OPTIONAL: break; default: throw new BadCertTemplateException("could not reach here, unknown tripleState"); } AlgorithmIdentifier newHashAlg = new AlgorithmIdentifier(hashAlgo, DERNull.INSTANCE); BiometricData newBiometricData = new BiometricData(bdType, newHashAlg, new DEROctetString(hashValue), sourceDataUri); vec.add(newBiometricData); } ExtensionValue extValue = new ExtensionValue(extensionControls.get(type).isCritical(), new DERSequence(vec)); values.addExtension(type, extValue); occurences.remove(type); } // TlsFeature type = ObjectIdentifiers.id_pe_tlsfeature; if (tlsFeature != null) { if (occurences.remove(type)) { values.addExtension(type, tlsFeature); } } // AuthorizationTemplate type = ObjectIdentifiers.id_xipki_ext_authorizationTemplate; if (authorizationTemplate != null) { if (occurences.remove(type)) { values.addExtension(type, authorizationTemplate); } } // SMIME type = ObjectIdentifiers.id_smimeCapabilities; if (smimeCapabilities != null) { if (occurences.remove(type)) { values.addExtension(type, smimeCapabilities); } } // constant extensions if (constantExtensions != null) { for (ASN1ObjectIdentifier m : constantExtensions.keySet()) { if (!occurences.remove(m)) { continue; } ExtensionValue extensionValue = constantExtensions.get(m); if (extensionValue != null) { values.addExtension(m, extensionValue); } } } return values; }
From source file:org.xipki.pki.ca.qa.ExtensionsChecker.java
License:Open Source License
private void checkExtensionAdmission(final StringBuilder failureMsg, final byte[] extensionValue, final Extensions requestedExtensions, final ExtensionControl extControl) { AdmissionSyntaxOption conf = certProfile.getAdmission(); ASN1ObjectIdentifier type = ObjectIdentifiers.id_extension_admission; if (conf == null) { byte[] expected = getExpectedExtValue(type, requestedExtensions, extControl); if (!Arrays.equals(expected, extensionValue)) { addViolation(failureMsg, "extension value", hex(extensionValue), (expected == null) ? "not present" : hex(expected)); }/*from ww w . ja v a2s .c o m*/ return; } List<List<String>> reqRegNumsList = null; if (requestedExtensions != null && conf.isInputFromRequestRequired()) { Extension extension = requestedExtensions.getExtension(type); if (extension == null) { failureMsg.append("no Admission extension is contained in the request;"); return; } Admissions[] reqAdmissions = org.bouncycastle.asn1.isismtt.x509.AdmissionSyntax .getInstance(extension.getParsedValue()).getContentsOfAdmissions(); final int n = reqAdmissions.length; reqRegNumsList = new ArrayList<>(n); for (int i = 0; i < n; i++) { Admissions reqAdmission = reqAdmissions[i]; ProfessionInfo[] reqPis = reqAdmission.getProfessionInfos(); List<String> reqNums = new ArrayList<>(reqPis.length); reqRegNumsList.add(reqNums); for (ProfessionInfo reqPi : reqPis) { String reqNum = reqPi.getRegistrationNumber(); reqNums.add(reqNum); } } } try { byte[] expected = conf.getExtensionValue(reqRegNumsList).getValue().toASN1Primitive().getEncoded(); if (!Arrays.equals(expected, extensionValue)) { addViolation(failureMsg, "extension valus", hex(extensionValue), hex(expected)); } } catch (IOException ex) { LogUtil.error(LOG, ex); failureMsg.append("IOException while computing the expected extension value;"); return; } catch (BadCertTemplateException ex) { LogUtil.error(LOG, ex); failureMsg.append("BadCertTemplateException while computing the expected extension value;"); } }