List of usage examples for org.bouncycastle.asn1.x500 X500Name getInstance
public static X500Name getInstance(Object obj)
From source file:org.forgerock.openidm.security.impl.SecurityResourceProvider.java
License:Open Source License
/** * Returns a JsonValue map representing a certificate * //from w ww .j a v a 2s . c om * @param alias the certificate alias * @param cert The certificate * @return a JsonValue map representing the certificate * @throws Exception */ protected JsonValue returnCertificate(String alias, Certificate cert) throws Exception { JsonValue content = new JsonValue(new LinkedHashMap<String, Object>()); content.put(ResourceResponse.FIELD_CONTENT_ID, alias); content.put("type", cert.getType()); content.put("cert", getCertString(cert)); content.put("publicKey", getKeyMap(cert.getPublicKey())); if (cert instanceof X509Certificate) { Map<String, Object> issuer = new HashMap<>(); X500Name name = X500Name.getInstance(PrincipalUtil.getIssuerX509Principal((X509Certificate) cert)); addAttributeToIssuer(issuer, name, "C", BCStyle.C); addAttributeToIssuer(issuer, name, "ST", BCStyle.ST); addAttributeToIssuer(issuer, name, "L", BCStyle.L); addAttributeToIssuer(issuer, name, "OU", BCStyle.OU); addAttributeToIssuer(issuer, name, "O", BCStyle.O); addAttributeToIssuer(issuer, name, "CN", BCStyle.CN); content.put("issuer", issuer); content.put("notBefore", ((X509Certificate) cert).getNotBefore()); content.put("notAfter", ((X509Certificate) cert).getNotAfter()); } return content; }
From source file:org.jruby.ext.openssl.impl.RecipInfo.java
License:LGPL
/** c: PKCS7_RECIP_INFO_set * *//*from w w w . j a va2 s . c om*/ public void set(X509AuxCertificate cert) throws PKCS7Exception { version = 0; X500Name issuer = X500Name.getInstance(cert.getIssuerX500Principal().getEncoded()); BigInteger serial = cert.getSerialNumber(); issuerAndSerial = new IssuerAndSerialNumber(issuer, serial); String algo = addEncryptionIfNeeded(cert.getPublicKey().getAlgorithm()); keyEncAlgor = new AlgorithmIdentifier(ASN1Registry.sym2oid(algo)); this.cert = cert; }
From source file:org.jruby.ext.openssl.impl.SignerInfoWithPkey.java
License:LGPL
public void set(X509AuxCertificate x509, PrivateKey pkey, MessageDigest dgst) throws PKCS7Exception { boolean dsa = (pkey instanceof DSAPrivateKey) || (pkey instanceof ECPrivateKey); version = new ASN1Integer(1); X500Name issuer = X500Name.getInstance(x509.getIssuerX500Principal().getEncoded()); BigInteger serial = x509.getSerialNumber(); issuerAndSerialNumber = new IssuerAndSerialNumber(issuer, serial); this.pkey = pkey; if (dsa) {//from w ww.ja v a 2 s . c om digAlgorithm = new AlgorithmIdentifier(ASN1Registry.nid2obj(ASN1Registry.NID_sha1)); } else { digAlgorithm = new AlgorithmIdentifier(ASN1Registry.nid2obj(EVP.type(dgst))); } if (pkey instanceof RSAPrivateKey) { digEncryptionAlgorithm = new AlgorithmIdentifier(ASN1Registry.nid2obj(ASN1Registry.NID_rsaEncryption)); } else if (pkey instanceof DSAPrivateKey) { digEncryptionAlgorithm = new AlgorithmIdentifier(ASN1Registry.nid2obj(ASN1Registry.NID_dsa)); } else if (pkey instanceof ECPrivateKey) { digEncryptionAlgorithm = new AlgorithmIdentifier( ASN1Registry.nid2obj(ASN1Registry.NID_ecdsa_with_SHA1)); } }
From source file:org.jruby.ext.openssl.OCSPRequest.java
License:Common Public License
@JRubyMethod(name = "verify", rest = true) public IRubyObject verify(IRubyObject[] args) { Ruby runtime = getRuntime();//w w w .ja v a2 s. c o m ThreadContext context = runtime.getCurrentContext(); int flags = 0; boolean ret = false; if (Arity.checkArgumentCount(runtime, args, 2, 3) == 3) { flags = RubyFixnum.fix2int((RubyFixnum) args[2]); } IRubyObject certificates = args[0]; IRubyObject store = args[1]; OCSPReq bcOCSPReq = getBCOCSPReq(); if (bcOCSPReq == null) { throw newOCSPError(runtime, new NullPointerException("Missing BC asn1bcReq. Missing certIDs or signature?")); } if (!bcOCSPReq.isSigned()) { return RubyBoolean.newBoolean(runtime, ret); } GeneralName genName = bcOCSPReq.getRequestorName(); if (genName.getTagNo() != 4) { return RubyBoolean.newBoolean(runtime, ret); } X500Name genX500Name = X500Name.getInstance(genName.getName()); X509StoreContext storeContext = null; JcaContentVerifierProviderBuilder jcacvpb = new JcaContentVerifierProviderBuilder(); jcacvpb.setProvider("BC"); try { java.security.cert.Certificate signer = findCertByName(genX500Name, certificates, flags); if (signer == null) return RubyBoolean.newBoolean(runtime, ret); if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOINTERN))) > 0 && ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_TRUSTOTHER))) > 0)) flags |= RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOVERIFY)); if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOSIGS))) == 0) { PublicKey signerPubKey = signer.getPublicKey(); ContentVerifierProvider cvp = jcacvpb.build(signerPubKey); ret = bcOCSPReq.isSignatureValid(cvp); if (!ret) { return RubyBoolean.newBoolean(runtime, ret); } } if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOVERIFY))) == 0) { if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOCHAIN))) > 0) { storeContext = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), context.nil); } else { RubyArray certs = RubyArray.newEmptyArray(runtime); ASN1Sequence bcCerts = asn1bcReq.getOptionalSignature().getCerts(); if (bcCerts != null) { Iterator<ASN1Encodable> it = bcCerts.iterator(); while (it.hasNext()) { Certificate cert = Certificate.getInstance(it.next()); certs.add(X509Cert.wrap(runtime, new X509AuxCertificate(cert))); } } storeContext = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), certs); } storeContext.set_purpose(context, _X509(runtime).getConstant("PURPOSE_OCSP_HELPER")); storeContext.set_trust(context, _X509(runtime).getConstant("TRUST_OCSP_REQUEST")); ret = storeContext.verify(context).isTrue(); if (!ret) return RubyBoolean.newBoolean(runtime, false); } } catch (Exception e) { debugStackTrace(e); throw newOCSPError(runtime, e); } return RubyBoolean.newBoolean(getRuntime(), ret); }
From source file:org.jruby.ext.openssl.OCSPRequest.java
License:Common Public License
private java.security.cert.Certificate findCertByName(ASN1Encodable genX500Name, IRubyObject certificates, int flags) throws CertificateException, IOException { Ruby runtime = getRuntime();//from w w w . j a v a2s. c om if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOINTERN))) == 0) { ASN1Sequence certs = asn1bcReq.getOptionalSignature().getCerts(); if (certs != null) { Iterator<ASN1Encodable> it = certs.iterator(); while (it.hasNext()) { Certificate cert = Certificate.getInstance(it.next()); if (genX500Name.equals(cert.getSubject())) return new X509AuxCertificate(cert); } } } @SuppressWarnings("unchecked") List<X509Certificate> certList = (RubyArray) certificates; for (X509Certificate cert : certList) { if (genX500Name.equals(X500Name.getInstance(cert.getSubjectX500Principal().getEncoded()))) return new X509AuxCertificate(cert); } return null; }
From source file:org.jruby.ext.openssl.X509Extension.java
License:LGPL
@SuppressWarnings("unchecked") private static boolean formatGeneralName(final GeneralName name, final ByteList out, final boolean slashed) { final ASN1Encodable obj = name.getName(); String val; boolean tagged = false; switch (name.getTagNo()) { case GeneralName.rfc822Name: if (!tagged) out.append('e').append('m').append('a').append('i').append('l').append(':'); tagged = true;/* w ww. j a v a 2s. co m*/ case GeneralName.dNSName: if (!tagged) out.append('D').append('N').append('S').append(':'); tagged = true; case GeneralName.uniformResourceIdentifier: if (!tagged) out.append('U').append('R').append('I').append(':'); val = DERIA5String.getInstance(obj).getString(); out.append(ByteList.plain(val)); break; case GeneralName.directoryName: out.append('D').append('i').append('r').append('N').append('a').append('m').append('e').append(':'); final X500Name dirName = X500Name.getInstance(obj); if (slashed) { final RDN[] rdns = dirName.getRDNs(); final Hashtable defaultSymbols = getDefaultSymbols(); for (int i = 0; i < rdns.length; i++) { appendRDN(out.append('/'), rdns[i], defaultSymbols); } } else { out.append(ByteList.plain(dirName.toString())); } break; case GeneralName.iPAddress: out.append('I').append('P').append(':'); final byte[] ip = ((ASN1OctetString) name.getName()).getOctets(); int len = ip.length; boolean ip4 = len == 4; for (int i = 0; i < ip.length; i++) { out.append(ConvertBytes.intToCharBytes(((int) ip[i]) & 0xff)); if (i != len - 1) { if (ip4) out.append('.'); else out.append(':').append(':'); } } break; case GeneralName.otherName: out.append('o').append('t').append('h').append('e').append('r').append('N').append('a').append('m') .append('e').append(':'); out.append(ByteList.plain(obj.toString())); return true; //tagged = true; case GeneralName.registeredID: out.append('R').append('I').append('D').append(':'); //tagged = true; default: out.append(ByteList.plain(obj.toString())); } return false; }
From source file:org.jruby.ext.openssl.X509Name.java
License:LGPL
X500Name getX500Name() {
return X500Name.getInstance(getRealName().toASN1Primitive());
}
From source file:org.jruby.ext.openssl.x509store.Name.java
License:LGPL
public Name(X500Principal nm) { try {/* w w w . j av a 2 s .c o m*/ this.name = X500Name.getInstance(nm.getEncoded()); } catch (Exception e) { this.name = null; } }
From source file:org.jruby.ext.openssl.x509store.X509Utils.java
License:LGPL
/** * c: X509_check_issued//from w w w.j a v a2 s . c o m */ public static int checkIfIssuedBy(X509AuxCertificate issuer, X509AuxCertificate subject) throws Exception { if (!issuer.getSubjectX500Principal().equals(subject.getIssuerX500Principal())) { return V_ERR_SUBJECT_ISSUER_MISMATCH; } if (subject.getExtensionValue("2.5.29.35") != null) { //authorityKeyID // I hate ASN1 and DER Object key = get(subject.getExtensionValue("2.5.29.35")); if (!(key instanceof ASN1Sequence)) { key = get(key); } ASN1Sequence seq = (ASN1Sequence) key; AuthorityKeyIdentifier sakid = null; if (seq.size() == 1 && (seq.getObjectAt(0) instanceof ASN1OctetString)) { sakid = AuthorityKeyIdentifier .getInstance(new DLSequence(new DERTaggedObject(0, seq.getObjectAt(0)))); } else { sakid = AuthorityKeyIdentifier.getInstance(seq); } if (sakid.getKeyIdentifier() != null) { if (issuer.getExtensionValue("2.5.29.14") != null) { DEROctetString der = (DEROctetString) get(issuer.getExtensionValue("2.5.29.14")); if (der.getOctets().length > 20) { der = (DEROctetString) get(der.getOctets()); } SubjectKeyIdentifier iskid = SubjectKeyIdentifier.getInstance(der); if (iskid.getKeyIdentifier() != null) { if (!Arrays.equals(sakid.getKeyIdentifier(), iskid.getKeyIdentifier())) { return V_ERR_AKID_SKID_MISMATCH; } } } } if (sakid.getAuthorityCertSerialNumber() != null && !sakid.getAuthorityCertSerialNumber().equals(issuer.getSerialNumber())) { return V_ERR_AKID_ISSUER_SERIAL_MISMATCH; } if (sakid.getAuthorityCertIssuer() != null) { GeneralName[] gens = sakid.getAuthorityCertIssuer().getNames(); X500Name nm = null; for (int i = 0; i < gens.length; i++) { if (gens[i].getTagNo() == GeneralName.directoryName) { ASN1Encodable nameTmp = gens[i].getName(); if (nameTmp instanceof X500Name) { nm = (X500Name) nameTmp; } else if (nameTmp instanceof ASN1Sequence) { nm = X500Name.getInstance((ASN1Sequence) nameTmp); } else { throw new RuntimeException("unknown name type in X509Utils: " + nameTmp); } break; } } if (nm != null) { if (!(new Name(nm).isEqual(issuer.getIssuerX500Principal()))) { return V_ERR_AKID_ISSUER_SERIAL_MISMATCH; } } } } if (subject.getExtensionValue("1.3.6.1.5.5.7.1.14") != null) { if (issuer.getKeyUsage() != null && !issuer.getKeyUsage()[0]) { // KU_DIGITAL_SIGNATURE return V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; } } else if (issuer.getKeyUsage() != null && !issuer.getKeyUsage()[5]) { // KU_KEY_CERT_SIGN return V_ERR_KEYUSAGE_NO_CERTSIGN; } return V_OK; }
From source file:org.jscep.asn1.IssuerAndSubject.java
License:Open Source License
/** * Creates a new instance of this class from the given sequence. * * @param seq//ww w.j a va2s. co m * the sequence. */ public IssuerAndSubject(final ASN1Sequence seq) { issuer = X500Name.getInstance(seq.getObjectAt(0)); subject = X500Name.getInstance(seq.getObjectAt(1)); }