List of usage examples for org.bouncycastle.asn1.x500 DirectoryString DirectoryString
public DirectoryString(String string)
From source file:org.demoiselle.signer.policy.engine.asn1.icpb.PolicyInfo.java
License:Open Source License
@Override public void parse(ASN1Primitive derObject) { ASN1Sequence derSequence = ASN1Object.getDERSequence(derObject); ASN1Primitive firstObject = derSequence.getObjectAt(0).toASN1Primitive(); this.policyName = new DirectoryString(firstObject.toString()); ASN1Primitive secondObject = derSequence.getObjectAt(1).toASN1Primitive(); String fieldOfApplication = secondObject.toString(); this.fieldOfApplication = new DirectoryString(fieldOfApplication); this.signingPeriod = new SigningPeriod(); this.signingPeriod.parse(derSequence.getObjectAt(2).toASN1Primitive()); int indice = 3; ASN1Primitive revocationObject = derSequence.getObjectAt(indice).toASN1Primitive(); if (!(secondObject instanceof DERTaggedObject)) { indice = 4;//from w w w.j a va 2 s . c om } if (indice == 3) { this.revocationDate = new Time(); this.revocationDate.parse(revocationObject); } }
From source file:org.xipki.ca.certprofile.XmlX509Certprofile.java
License:Open Source License
private ExtensionValue createAdmission(final boolean critical, final List<ASN1ObjectIdentifier> professionOIDs, final List<String> professionItems, final String registrationNumber, final byte[] addProfessionInfo) throws CertprofileException { if (CollectionUtil.isEmpty(professionItems) && CollectionUtil.isEmpty(professionOIDs) && StringUtil.isBlank(registrationNumber) && (addProfessionInfo == null || addProfessionInfo.length == 0)) { return null; }/* w ww .j a va 2s . c om*/ DirectoryString[] _professionItems = null; if (professionItems != null && professionItems.size() > 0) { int n = professionItems.size(); _professionItems = new DirectoryString[n]; for (int i = 0; i < n; i++) { _professionItems[i] = new DirectoryString(professionItems.get(i)); } } ASN1ObjectIdentifier[] _professionOIDs = null; if (professionOIDs != null && professionOIDs.size() > 0) { _professionOIDs = professionOIDs.toArray(new ASN1ObjectIdentifier[0]); } ASN1OctetString _addProfessionInfo = null; if (addProfessionInfo != null && addProfessionInfo.length > 0) { _addProfessionInfo = new DEROctetString(addProfessionInfo); } ProfessionInfo professionInfo = new ProfessionInfo(null, _professionItems, _professionOIDs, registrationNumber, _addProfessionInfo); Admissions admissions = new Admissions(null, null, new ProfessionInfo[] { professionInfo }); ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(admissions); AdmissionSyntax value = new AdmissionSyntax(null, new DERSequence(vector)); return new ExtensionValue(critical, value); }
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private static GeneralName createGeneralName(final GeneralName reqName, final Set<GeneralNameMode> modes) throws BadCertTemplateException { int tag = reqName.getTagNo(); GeneralNameMode mode = null;/*from ww w .ja v a2 s. c o m*/ for (GeneralNameMode m : modes) { if (m.getTag().getTag() == tag) { mode = m; break; } } if (mode == null) { throw new BadCertTemplateException("generalName tag " + tag + " is not allowed"); } switch (tag) { case GeneralName.rfc822Name: case GeneralName.dNSName: case GeneralName.uniformResourceIdentifier: case GeneralName.iPAddress: case GeneralName.registeredID: case GeneralName.directoryName: { return new GeneralName(tag, reqName.getName()); } case GeneralName.otherName: { ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName()); ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0)); if (mode.getAllowedTypes().contains(type) == false) { throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed"); } ASN1Encodable value = ((ASN1TaggedObject) reqSeq.getObjectAt(1)).getObject(); String text; if (value instanceof ASN1String == false) { throw new BadCertTemplateException("otherName.value is not a String"); } else { text = ((ASN1String) value).getString(); } ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(type); vector.add(new DERTaggedObject(true, 0, new DERUTF8String(text))); DERSequence seq = new DERSequence(vector); return new GeneralName(GeneralName.otherName, seq); } case GeneralName.ediPartyName: { ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName()); int n = reqSeq.size(); String nameAssigner = null; int idx = 0; if (n > 1) { DirectoryString ds = DirectoryString .getInstance(((ASN1TaggedObject) reqSeq.getObjectAt(idx++)).getObject()); nameAssigner = ds.getString(); } DirectoryString ds = DirectoryString .getInstance(((ASN1TaggedObject) reqSeq.getObjectAt(idx++)).getObject()); String partyName = ds.getString(); ASN1EncodableVector vector = new ASN1EncodableVector(); if (nameAssigner != null) { vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner))); } vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName))); ASN1Sequence seq = new DERSequence(vector); return new GeneralName(GeneralName.ediPartyName, seq); } default: { throw new RuntimeException("should not reach here, unknwon GeneralName tag " + tag); } } // end switch }
From source file:org.xipki.ca.server.impl.IdentifiedX509Certprofile.java
License:Open Source License
private static GeneralName createGeneralName(final GeneralName reqName, final Set<GeneralNameMode> modes) throws BadCertTemplateException { int tag = reqName.getTagNo(); GeneralNameMode mode = null;/*from ww w . j a v a 2 s. c o m*/ for (GeneralNameMode m : modes) { if (m.getTag().getTag() == tag) { mode = m; break; } } if (mode == null) { throw new BadCertTemplateException("generalName tag " + tag + " is not allowed"); } switch (tag) { case GeneralName.rfc822Name: case GeneralName.dNSName: case GeneralName.uniformResourceIdentifier: case GeneralName.iPAddress: case GeneralName.registeredID: case GeneralName.directoryName: { return new GeneralName(tag, reqName.getName()); } case GeneralName.otherName: { ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName()); ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0)); if (mode.getAllowedTypes().contains(type) == false) { throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed"); } ASN1Encodable value = ((ASN1TaggedObject) reqSeq.getObjectAt(1)).getObject(); String text; if (value instanceof ASN1String == false) { throw new BadCertTemplateException("otherName.value is not a String"); } else { text = ((ASN1String) value).getString(); } ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(type); vector.add(new DERTaggedObject(true, 0, new DERUTF8String(text))); DERSequence seq = new DERSequence(vector); return new GeneralName(GeneralName.otherName, seq); } case GeneralName.ediPartyName: { ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName()); int n = reqSeq.size(); String nameAssigner = null; int idx = 0; if (n > 1) { DirectoryString ds = DirectoryString .getInstance(((ASN1TaggedObject) reqSeq.getObjectAt(idx++)).getObject()); nameAssigner = ds.getString(); } DirectoryString ds = DirectoryString .getInstance(((ASN1TaggedObject) reqSeq.getObjectAt(idx++)).getObject()); String partyName = ds.getString(); ASN1EncodableVector vector = new ASN1EncodableVector(); if (nameAssigner != null) { vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner))); } vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName))); ASN1Sequence seq = new DERSequence(vector); return new GeneralName(GeneralName.ediPartyName, seq); } default: { throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag); } }// end switch(tag) }
From source file:org.xipki.commons.security.shell.p12.P12ComplexCertRequestGenCmd.java
License:Open Source License
private static GeneralNames createComplexGeneralNames(String prefix) { List<GeneralName> list = new LinkedList<>(); // otherName// ww w . jav a 2 s . co m ASN1EncodableVector vec = new ASN1EncodableVector(); vec.add(new ASN1ObjectIdentifier("1.2.3.1")); vec.add(new DERTaggedObject(true, 0, new DERUTF8String(prefix + "I am otherName 1.2.3.1"))); list.add(new GeneralName(GeneralName.otherName, new DERSequence(vec))); vec = new ASN1EncodableVector(); vec.add(new ASN1ObjectIdentifier("1.2.3.2")); vec.add(new DERTaggedObject(true, 0, new DERUTF8String(prefix + "I am otherName 1.2.3.2"))); list.add(new GeneralName(GeneralName.otherName, new DERSequence(vec))); // rfc822Name list.add(new GeneralName(GeneralName.rfc822Name, prefix + "info@example.org")); // dNSName list.add(new GeneralName(GeneralName.dNSName, prefix + "dns.example.org")); // directoryName list.add(new GeneralName(GeneralName.directoryName, new X500Name("CN=demo,C=DE"))); // ediPartyName vec = new ASN1EncodableVector(); vec.add(new DERTaggedObject(false, 0, new DirectoryString(prefix + "assigner1"))); vec.add(new DERTaggedObject(false, 1, new DirectoryString(prefix + "party1"))); list.add(new GeneralName(GeneralName.ediPartyName, new DERSequence(vec))); // uniformResourceIdentifier list.add(new GeneralName(GeneralName.uniformResourceIdentifier, prefix + "uri.example.org")); // iPAddress list.add(new GeneralName(GeneralName.iPAddress, "69.1.2.190")); // registeredID list.add(new GeneralName(GeneralName.registeredID, "2.3.4.5")); return new GeneralNames(list.toArray(new GeneralName[0])); }
From source file:org.xipki.commons.security.shell.p12.P12ComplexCertRequestGenCmd.java
License:Open Source License
@Override protected List<Extension> getAdditionalExtensions() throws BadInputException { List<Extension> extensions = new LinkedList<>(); // extension admission (Germany standard commonpki) ASN1EncodableVector vec = new ASN1EncodableVector(); DirectoryString[] dummyItems = new DirectoryString[] { new DirectoryString("dummy") }; ProfessionInfo pi = new ProfessionInfo(null, dummyItems, null, "aaaab", null); Admissions admissions = new Admissions(null, null, new ProfessionInfo[] { pi }); vec.add(admissions);//from ww w. j a va 2 s. c o m AdmissionSyntax adSyn = new AdmissionSyntax(null, new DERSequence(vec)); try { extensions.add(new Extension(ObjectIdentifiers.id_extension_admission, false, adSyn.getEncoded())); } catch (IOException ex) { throw new BadInputException(ex.getMessage(), ex); } // extension subjectDirectoryAttributes (RFC 3739) Vector<Attribute> attrs = new Vector<>(); ASN1GeneralizedTime dateOfBirth = new ASN1GeneralizedTime("19800122120000Z"); attrs.add(new Attribute(ObjectIdentifiers.DN_DATE_OF_BIRTH, new DERSet(dateOfBirth))); DERPrintableString gender = new DERPrintableString("M"); attrs.add(new Attribute(ObjectIdentifiers.DN_GENDER, new DERSet(gender))); DERUTF8String placeOfBirth = new DERUTF8String("Berlin"); attrs.add(new Attribute(ObjectIdentifiers.DN_PLACE_OF_BIRTH, new DERSet(placeOfBirth))); String[] countryOfCitizenshipList = new String[] { "DE", "FR" }; for (String country : countryOfCitizenshipList) { DERPrintableString val = new DERPrintableString(country); attrs.add(new Attribute(ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP, new DERSet(val))); } String[] countryOfResidenceList = new String[] { "DE" }; for (String country : countryOfResidenceList) { DERPrintableString val = new DERPrintableString(country); attrs.add(new Attribute(ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE, new DERSet(val))); } SubjectDirectoryAttributes subjectDirAttrs = new SubjectDirectoryAttributes(attrs); try { extensions .add(new Extension(Extension.subjectDirectoryAttributes, false, subjectDirAttrs.getEncoded())); } catch (IOException ex) { throw new BadInputException(ex.getMessage(), ex); } return extensions; }
From source file:org.xipki.commons.security.util.X509Util.java
License:Open Source License
/** * * @param taggedValue [tag]value, and the value for tags otherName and ediPartyName is * type=value.//w ww . j a v a 2 s . c om */ public static GeneralName createGeneralName(final String taggedValue) throws BadInputException { ParamUtil.requireNonBlank("taggedValue", taggedValue); int tag = -1; String value = null; if (taggedValue.charAt(0) == '[') { int idx = taggedValue.indexOf(']', 1); if (idx > 1 && idx < taggedValue.length() - 1) { String tagS = taggedValue.substring(1, idx); try { tag = Integer.parseInt(tagS); value = taggedValue.substring(idx + 1); } catch (NumberFormatException ex) { throw new BadInputException("invalid tag '" + tagS + "'"); } } } if (tag == -1) { throw new BadInputException("invalid taggedValue " + taggedValue); } switch (tag) { case GeneralName.otherName: if (value == null) { throw new BadInputException("invalid otherName: no value specified"); } int idxSep = value.indexOf("="); if (idxSep == -1 || idxSep == 0 || idxSep == value.length() - 1) { throw new BadInputException("invalid otherName " + value); } String otherTypeOid = value.substring(0, idxSep); ASN1ObjectIdentifier type = new ASN1ObjectIdentifier(otherTypeOid); String otherValue = value.substring(idxSep + 1); ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(type); vector.add(new DERTaggedObject(true, 0, new DERUTF8String(otherValue))); DERSequence seq = new DERSequence(vector); return new GeneralName(GeneralName.otherName, seq); case GeneralName.rfc822Name: return new GeneralName(tag, value); case GeneralName.dNSName: return new GeneralName(tag, value); case GeneralName.directoryName: X500Name x500Name = reverse(new X500Name(value)); return new GeneralName(GeneralName.directoryName, x500Name); case GeneralName.ediPartyName: if (value == null) { throw new BadInputException("invalid ediPartyName: no value specified"); } idxSep = value.indexOf("="); if (idxSep == -1 || idxSep == value.length() - 1) { throw new BadInputException("invalid ediPartyName " + value); } String nameAssigner = (idxSep == 0) ? null : value.substring(0, idxSep); String partyName = value.substring(idxSep + 1); vector = new ASN1EncodableVector(); if (nameAssigner != null) { vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner))); } vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName))); seq = new DERSequence(vector); return new GeneralName(GeneralName.ediPartyName, seq); case GeneralName.uniformResourceIdentifier: return new GeneralName(tag, value); case GeneralName.iPAddress: return new GeneralName(tag, value); case GeneralName.registeredID: return new GeneralName(tag, value); default: throw new RuntimeException("unsupported tag " + tag); } // end switch (tag) }
From source file:org.xipki.pki.ca.api.profile.x509.X509CertprofileUtil.java
License:Open Source License
public static GeneralName createGeneralName(@NonNull final GeneralName requestedName, @NonNull final Set<GeneralNameMode> modes) throws BadCertTemplateException { ParamUtil.requireNonNull("requestedName", requestedName); int tag = requestedName.getTagNo(); GeneralNameMode mode = null;/*from w ww. j a v a2s . co m*/ if (modes != null) { for (GeneralNameMode m : modes) { if (m.getTag().getTag() == tag) { mode = m; break; } } if (mode == null) { throw new BadCertTemplateException("generalName tag " + tag + " is not allowed"); } } switch (tag) { case GeneralName.rfc822Name: case GeneralName.dNSName: case GeneralName.uniformResourceIdentifier: case GeneralName.iPAddress: case GeneralName.registeredID: case GeneralName.directoryName: return new GeneralName(tag, requestedName.getName()); case GeneralName.otherName: ASN1Sequence reqSeq = ASN1Sequence.getInstance(requestedName.getName()); int size = reqSeq.size(); if (size != 2) { throw new BadCertTemplateException("invalid otherName sequence: size is not 2: " + size); } ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0)); if (mode != null && !mode.getAllowedTypes().contains(type)) { throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed"); } ASN1Encodable asn1 = reqSeq.getObjectAt(1); if (!(asn1 instanceof ASN1TaggedObject)) { throw new BadCertTemplateException("otherName.value is not tagged Object"); } int tagNo = ASN1TaggedObject.getInstance(asn1).getTagNo(); if (tagNo != 0) { throw new BadCertTemplateException("otherName.value does not have tag 0: " + tagNo); } ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(type); vector.add(new DERTaggedObject(true, 0, ASN1TaggedObject.getInstance(asn1).getObject())); DERSequence seq = new DERSequence(vector); return new GeneralName(GeneralName.otherName, seq); case GeneralName.ediPartyName: reqSeq = ASN1Sequence.getInstance(requestedName.getName()); size = reqSeq.size(); String nameAssigner = null; int idx = 0; if (size > 1) { DirectoryString ds = DirectoryString .getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject()); nameAssigner = ds.getString(); } DirectoryString ds = DirectoryString .getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject()); String partyName = ds.getString(); vector = new ASN1EncodableVector(); if (nameAssigner != null) { vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner))); } vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName))); seq = new DERSequence(vector); return new GeneralName(GeneralName.ediPartyName, seq); default: throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag); } // end switch (tag) }
From source file:org.xipki.pki.ca.certprofile.commonpki.AdmissionSyntaxOption.java
License:Open Source License
public AdmissionSyntaxOption(final boolean critical, final GeneralName admissionAuthority, final List<AdmissionsOption> admissionsList) { this.critical = critical; this.admissionAuthority = admissionAuthority; this.admissionsList = ParamUtil.requireNonEmpty("admissionsList", admissionsList); boolean bo = false; for (AdmissionsOption ao : admissionsList) { for (ProfessionInfoOption pio : ao.getProfessionInfos()) { if (pio.getRegistrationNumberOption() != null && pio.getRegistrationNumberOption().getRegex() != null) { bo = true;/* w w w . j av a 2s .c o m*/ break; } } if (bo) { break; } } this.inputFromRequestRequired = bo; if (this.inputFromRequestRequired) { extensionValue = null; return; } ASN1EncodableVector vec = new ASN1EncodableVector(); for (AdmissionsOption ao : admissionsList) { List<ProfessionInfoOption> piList = ao.getProfessionInfos(); ProfessionInfo[] pis = new ProfessionInfo[piList.size()]; for (int i = 0; i < pis.length; i++) { ProfessionInfoOption pio = piList.get(i); DirectoryString[] professionItems = null; int size = pio.getProfessionItems().size(); professionItems = new DirectoryString[size]; for (int j = 0; j < size; j++) { professionItems[j] = new DirectoryString(pio.getProfessionItems().get(j)); } ASN1OctetString addProfessionInfo = null; if (pio.getAddProfessionalInfo() != null) { addProfessionInfo = new DEROctetString(pio.getAddProfessionalInfo()); } String registrationNumber = null; if (pio.getRegistrationNumberOption() != null) { registrationNumber = pio.getRegistrationNumberOption().getConstant(); } pis[i] = new ProfessionInfo(pio.getNamingAuthority(), professionItems, pio.getProfessionOids().toArray(new ASN1ObjectIdentifier[0]), registrationNumber, addProfessionInfo); } vec.add(new Admissions(ao.getAdmissionAuthority(), ao.getNamingAuthority(), pis)); } extensionValue = new ExtensionValue(critical, new AdmissionSyntax(admissionAuthority, new DERSequence(vec))); }
From source file:org.xipki.pki.ca.certprofile.commonpki.AdmissionSyntaxOption.java
License:Open Source License
public ExtensionValue getExtensionValue(final List<List<String>> registrationNumbersList) throws BadCertTemplateException { if (!this.inputFromRequestRequired) { return this.extensionValue; }/*from w w w . j a v a 2s.c om*/ if (CollectionUtil.isEmpty(registrationNumbersList)) { throw new BadCertTemplateException("registrationNumbersList must not be empty"); } final int n = registrationNumbersList.size(); if (n != this.admissionsList.size()) { throw new BadCertTemplateException("invalid size of Admissions in AdmissionSyntax: " + "is=" + n + ", expected=" + this.admissionsList.size()); } // check registrationNumbers List<List<String>> newRegNumbersList = new ArrayList<>(this.admissionsList.size()); for (int i = 0; i < n; i++) { AdmissionsOption ao = this.admissionsList.get(i); List<ProfessionInfoOption> pi = ao.getProfessionInfos(); List<String> registrationNumbers = registrationNumbersList.get(i); final int k = registrationNumbers.size(); if (k != pi.size()) { throw new BadCertTemplateException("invalid size of ProfessionInfo in Admissions[" + i + "], is=" + k + ", expected=" + pi.size()); } List<String> newRegNumbers = new ArrayList<>(k); newRegNumbersList.add(newRegNumbers); for (int j = 0; j < k; j++) { RegistrationNumberOption option = pi.get(j).getRegistrationNumberOption(); if (option == null || option.getConstant() != null) { continue; } Pattern regex = option.getRegex(); String regNum = registrationNumbers.get(j); if (regNum == null || !regex.matcher(regNum).matches()) { throw new BadCertTemplateException( "invalid registrationNumber[" + i + "][" + j + "]: '" + regNum + "'"); } newRegNumbers.add(regNum); } } ASN1EncodableVector vec = new ASN1EncodableVector(); for (int i = 0; i < this.admissionsList.size(); i++) { AdmissionsOption ao = this.admissionsList.get(i); List<ProfessionInfoOption> piList = ao.getProfessionInfos(); ProfessionInfo[] pis = new ProfessionInfo[piList.size()]; for (int j = 0; j < pis.length; j++) { ProfessionInfoOption pio = piList.get(j); DirectoryString[] professionItems = null; int size = pio.getProfessionItems().size(); professionItems = new DirectoryString[size]; for (int k = 0; k < size; k++) { professionItems[k] = new DirectoryString(pio.getProfessionItems().get(k)); } ASN1OctetString addProfessionInfo = null; if (pio.getAddProfessionalInfo() != null) { addProfessionInfo = new DEROctetString(pio.getAddProfessionalInfo()); } RegistrationNumberOption regNumOption = pio.getRegistrationNumberOption(); String registrationNumber = null; if (regNumOption != null) { if (regNumOption.getConstant() != null) { registrationNumber = regNumOption.getConstant(); } else { registrationNumber = newRegNumbersList.get(i).get(j); } } pis[i] = new ProfessionInfo(pio.getNamingAuthority(), professionItems, pio.getProfessionOids().toArray(new ASN1ObjectIdentifier[0]), registrationNumber, addProfessionInfo); } vec.add(new Admissions(ao.getAdmissionAuthority(), ao.getNamingAuthority(), pis)); } return new ExtensionValue(critical, new AdmissionSyntax(admissionAuthority, new DERSequence(vec))); }