List of usage examples for org.bouncycastle.asn1.x509 CertificatePolicies getPolicyInformation
public PolicyInformation[] getPolicyInformation()
From source file:com.otterca.common.crypto.SimplePolicyGeneratorTest.java
License:Apache License
/** * Test behavior when CPS is set./*w w w. jav a2 s. com*/ * * @throws IOException */ @Test @edu.umd.cs.findbugs.annotations.SuppressWarnings("NP_NONNULL_PARAM_VIOLATION") public void testCpsPolicy() throws IOException { SimplePolicyGeneratorImpl generator = new SimplePolicyGeneratorImpl(CPS_URI, null, null, null); // get policy extensions byte[] policyBytes = generator.getExtension(SUBJECT, ISSUER); assertNotNull(policyBytes); X509Extensions exts = X509Extensions.getInstance(DLSequence.fromByteArray(policyBytes)); ASN1Encodable asn1 = exts.getExtension(X509Extensions.CertificatePolicies).getParsedValue(); CertificatePolicies policies = CertificatePolicies.getInstance(asn1); assertNotNull(policies, "unable to find CertificatePolicies extension"); for (PolicyInformation info : policies.getPolicyInformation()) { if (id_qt_cps.equals(info.getPolicyIdentifier())) { DLSequence dls = (DLSequence) info.getPolicyQualifiers(); for (int i = 0; i < dls.size(); i++) { DLSequence dls1 = (DLSequence) dls.getObjectAt(i); PolicyQualifierInfo pqInfo = new PolicyQualifierInfo((ASN1ObjectIdentifier) dls1.getObjectAt(0), dls1.getObjectAt(1)); // DLSequence dls1 = (DLSequence) dls.getObjectAt(i); if (id_qt_cps.equals(pqInfo.getPolicyQualifierId())) { assertEquals(pqInfo.getQualifier().toString(), CPS_URI); } else { fail("unknown policy qualifier id: " + pqInfo.getPolicyQualifierId()); } } } else { fail("unknown policy identifier: " + info.getPolicyIdentifier()); } } }
From source file:com.otterca.common.crypto.SimplePolicyGeneratorTest.java
License:Apache License
/** * Test behavior when user notice is set. * // www . ja v a 2 s . c om * @throws IOException */ @Test @edu.umd.cs.findbugs.annotations.SuppressWarnings("NP_NONNULL_PARAM_VIOLATION") public void testUserNoticePolicy() throws IOException { SimplePolicyGeneratorImpl generator = new SimplePolicyGeneratorImpl(null, ORGANIZATION, USER_NOTICE, Integer.valueOf(1)); // get policy extensions byte[] policyBytes = generator.getExtension(SUBJECT, ISSUER); assertNotNull(policyBytes); X509Extensions exts = X509Extensions.getInstance(DLSequence.fromByteArray(policyBytes)); ASN1Encodable asn1 = exts.getExtension(X509Extensions.CertificatePolicies).getParsedValue(); CertificatePolicies policies = CertificatePolicies.getInstance(asn1); assertNotNull(policies, "unable to find CertificatePolicies extension"); for (PolicyInformation info : policies.getPolicyInformation()) { if (id_qt_unotice.equals(info.getPolicyIdentifier())) { DLSequence dls = (DLSequence) info.getPolicyQualifiers(); for (int i = 0; i < dls.size(); i++) { UserNotice userNotice = UserNotice.getInstance((DLSequence) dls.getObjectAt(i)); assertEquals(userNotice.getNoticeRef().getOrganization().getString(), ORGANIZATION); assertEquals(userNotice.getNoticeRef().getNoticeNumbers()[0].getValue(), BigInteger.ONE); assertEquals(userNotice.getExplicitText().getString(), USER_NOTICE); } } else { fail("unknown policy identifier: " + info.getPolicyIdentifier()); } } }
From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java
License:Open Source License
private String getCertificatePoliciesStringValue(byte[] value) throws IOException { // @formatter:off /*/*from ww w .j a v a 2 s . c o m*/ * CertificatePolicies ::= ASN1Sequence SIZE (1..MAX) OF PolicyInformation * * PolicyInformation ::= ASN1Sequence * { * policyIdentifier CertPolicyId, * policyQualifiers ASN1Sequence SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL * } * * CertPolicyId ::= OBJECT IDENTIFIER * * PolicyQualifierInfo ::= ASN1Sequence * { * policyQualifierId PolicyQualifierId, * qualifier ANY DEFINED BY policyQualifierId * } * * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) * * Qualifier ::= CHOICE * { * cPSuri CPSuri, * userNotice UserNotice * } * * CPSuri ::= DERIA5String * * UserNotice ::= ASN1Sequence * { * noticeRef NoticeReference OPTIONAL, * explicitText DisplayText OPTIONAL * } * * NoticeReference ::= ASN1Sequence * { * organization DisplayText, * noticeNumbers ASN1Sequence OF ASN1Integer * } * * DisplayText ::= CHOICE * { * ia5String DERIA5String (SIZE (1..200)), * visibleString VisibleString (SIZE (1..200)), * bmpString BMPString (SIZE (1..200)), * utf8String UTF8String (SIZE (1..200)) * } */ // @formatter:on StringBuilder sb = new StringBuilder(); CertificatePolicies certificatePolicies = CertificatePolicies.getInstance(value); int certPolicy = 0; for (PolicyInformation policyInformation : certificatePolicies.getPolicyInformation()) { certPolicy++; sb.append(MessageFormat.format(res.getString("CertificatePolicy"), certPolicy)); sb.append(NEWLINE); ASN1ObjectIdentifier policyIdentifier = policyInformation.getPolicyIdentifier(); String policyIdentifierStr = ObjectIdUtil.toString(policyIdentifier); sb.append(INDENT); sb.append(MessageFormat.format(res.getString("PolicyIdentifier"), policyIdentifierStr)); sb.append(NEWLINE); ASN1Sequence policyQualifiers = policyInformation.getPolicyQualifiers(); if (policyQualifiers != null) { // Optional int policyQual = 0; for (ASN1Encodable policyQualifier : policyQualifiers.toArray()) { ASN1Sequence policyQualifierInfo = (ASN1Sequence) policyQualifier; sb.append(INDENT.toString(1)); sb.append(MessageFormat.format(res.getString("PolicyQualifierInformation"), certPolicy, ++policyQual)); sb.append(NEWLINE); ASN1ObjectIdentifier policyQualifierId = (ASN1ObjectIdentifier) policyQualifierInfo .getObjectAt(0); CertificatePolicyQualifierType certificatePolicyQualifierType = CertificatePolicyQualifierType .resolveOid(policyQualifierId.getId()); if (certificatePolicyQualifierType != null) { sb.append(INDENT.toString(2)); sb.append(certificatePolicyQualifierType.friendly()); sb.append(NEWLINE); if (certificatePolicyQualifierType == PKIX_CPS_POINTER_QUALIFIER) { DERIA5String cpsPointer = (DERIA5String) policyQualifierInfo.getObjectAt(1); sb.append(INDENT.toString(2)); sb.append(MessageFormat.format(res.getString("CpsPointer"), "<a href=\"" + cpsPointer + "\">" + cpsPointer + "</a>")); sb.append(NEWLINE); } else if (certificatePolicyQualifierType == PKIX_USER_NOTICE_QUALIFIER) { ASN1Encodable userNoticeObj = policyQualifierInfo.getObjectAt(1); UserNotice userNotice = UserNotice.getInstance(userNoticeObj); sb.append(INDENT.toString(2)); sb.append(res.getString("UserNotice")); sb.append(NEWLINE); NoticeReference noticeReference = userNotice.getNoticeRef(); DisplayText explicitText = userNotice.getExplicitText(); if (noticeReference != null) { // Optional sb.append(INDENT.toString(3)); sb.append(res.getString("NoticeReference")); sb.append(NEWLINE); DisplayText organization = noticeReference.getOrganization(); String organizationString = organization.getString(); sb.append(INDENT.toString(4)); sb.append(MessageFormat.format(res.getString("Organization"), organizationString)); sb.append(NEWLINE); ASN1Integer[] noticeNumbers = noticeReference.getNoticeNumbers(); StringBuilder sbNoticeNumbers = new StringBuilder(); for (ASN1Integer noticeNumber : noticeNumbers) { sbNoticeNumbers.append(noticeNumber.getValue().intValue()); sbNoticeNumbers.append(", "); } sbNoticeNumbers.setLength(sbNoticeNumbers.length() - 2); sb.append(INDENT.toString(4)); sb.append(MessageFormat.format(res.getString("NoticeNumbers"), sbNoticeNumbers.toString())); sb.append(NEWLINE); } if (explicitText != null) { // Optional String explicitTextString = explicitText.getString(); sb.append(INDENT.toString(3)); sb.append(MessageFormat.format(res.getString("ExplicitText"), explicitTextString)); sb.append(NEWLINE); } } } } } } return sb.toString(); }
From source file:net.sf.keystore_explorer.gui.dialogs.extensions.DCertificatePolicies.java
License:Open Source License
@SuppressWarnings("unchecked") private void prepopulateWithValue(byte[] value) throws IOException { CertificatePolicies certificatePolicies = CertificatePolicies.getInstance(value); List<PolicyInformation> accessDescriptionList = new ArrayList<PolicyInformation>( Arrays.asList(certificatePolicies.getPolicyInformation())); jpiCertificatePolicies.setPolicyInformation(accessDescriptionList); }
From source file:org.kse.gui.dialogs.extensions.DCertificatePolicies.java
License:Open Source License
private void prepopulateWithValue(byte[] value) throws IOException { CertificatePolicies certificatePolicies = CertificatePolicies.getInstance(value); List<PolicyInformation> accessDescriptionList = new ArrayList<PolicyInformation>( Arrays.asList(certificatePolicies.getPolicyInformation())); jpiCertificatePolicies.setPolicyInformation(accessDescriptionList); }
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private void checkExtensionCertificatePolicies(final StringBuilder failureMsg, final byte[] extensionValue, final Extensions requestExtensions, final ExtensionControl extControl) { QaCertificatePolicies conf = certificatePolicies; if (conf == null) { byte[] expected = getExpectedExtValue(Extension.certificatePolicies, requestExtensions, extControl); if (Arrays.equals(expected, extensionValue) == false) { failureMsg.append("extension valus is '" + hex(extensionValue) + "' but expected '" + (expected == null ? "not present" : hex(expected)) + "'"); failureMsg.append("; "); }/* ww w . j ava 2s.c o m*/ return; } org.bouncycastle.asn1.x509.CertificatePolicies asn1 = org.bouncycastle.asn1.x509.CertificatePolicies .getInstance(extensionValue); PolicyInformation[] iPolicyInformations = asn1.getPolicyInformation(); for (PolicyInformation iPolicyInformation : iPolicyInformations) { ASN1ObjectIdentifier iPolicyId = iPolicyInformation.getPolicyIdentifier(); QaCertificatePolicyInformation eCp = conf.getPolicyInformation(iPolicyId.getId()); if (eCp == null) { failureMsg.append("certificate policy '" + iPolicyId + "' is not expected"); failureMsg.append("; "); continue; } QaPolicyQualifiers eCpPq = eCp.getPolicyQualifiers(); if (eCpPq == null) { continue; } ASN1Sequence iPolicyQualifiers = iPolicyInformation.getPolicyQualifiers(); List<String> iCpsUris = new LinkedList<>(); List<String> iUserNotices = new LinkedList<>(); int n = iPolicyQualifiers.size(); for (int i = 0; i < n; i++) { PolicyQualifierInfo iPolicyQualifierInfo = (PolicyQualifierInfo) iPolicyQualifiers.getObjectAt(i); ASN1ObjectIdentifier iPolicyQualifierId = iPolicyQualifierInfo.getPolicyQualifierId(); ASN1Encodable iQualifier = iPolicyQualifierInfo.getQualifier(); if (PolicyQualifierId.id_qt_cps.equals(iPolicyQualifierId)) { String iCpsUri = ((DERIA5String) iQualifier).getString(); iCpsUris.add(iCpsUri); } else if (PolicyQualifierId.id_qt_unotice.equals(iPolicyQualifierId)) { UserNotice iUserNotice = UserNotice.getInstance(iQualifier); if (iUserNotice.getExplicitText() != null) { iUserNotices.add(iUserNotice.getExplicitText().getString()); } } } List<QaPolicyQualifierInfo> qualifierInfos = eCpPq.getPolicyQualifiers(); for (QaPolicyQualifierInfo qualifierInfo : qualifierInfos) { if (qualifierInfo instanceof QaCPSUriPolicyQualifier) { String value = ((QaCPSUriPolicyQualifier) qualifierInfo).getCPSUri(); if (iCpsUris.contains(value) == false) { failureMsg.append("CPSUri '" + value + "' is absent but is required"); failureMsg.append("; "); } } else if (qualifierInfo instanceof QaUserNoticePolicyQualifierInfo) { String value = ((QaUserNoticePolicyQualifierInfo) qualifierInfo).getUserNotice(); if (iUserNotices.contains(value) == false) { failureMsg.append("userNotice '" + value + "' is absent but is required"); failureMsg.append("; "); } } else { throw new RuntimeException("should not reach here"); } } } for (QaCertificatePolicyInformation cp : conf.getPolicyInformations()) { boolean present = false; for (PolicyInformation iPolicyInformation : iPolicyInformations) { if (iPolicyInformation.getPolicyIdentifier().getId().equals(cp.getPolicyId())) { present = true; break; } } if (present) { continue; } failureMsg.append("certificate policy '").append(cp.getPolicyId()) .append("' is absent but is required"); failureMsg.append("; "); } }
From source file:org.xipki.pki.ca.qa.ExtensionsChecker.java
License:Open Source License
private void checkExtensionCertificatePolicies(final StringBuilder failureMsg, final byte[] extensionValue, final Extensions requestedExtensions, final ExtensionControl extControl) { QaCertificatePolicies conf = certificatePolicies; if (conf == null) { byte[] expected = getExpectedExtValue(Extension.certificatePolicies, requestedExtensions, extControl); if (!Arrays.equals(expected, extensionValue)) { addViolation(failureMsg, "extension values", hex(extensionValue), (expected == null) ? "not present" : hex(expected)); }/*from ww w .jav a 2 s .c om*/ return; } org.bouncycastle.asn1.x509.CertificatePolicies asn1 = org.bouncycastle.asn1.x509.CertificatePolicies .getInstance(extensionValue); PolicyInformation[] isPolicyInformations = asn1.getPolicyInformation(); for (PolicyInformation isPolicyInformation : isPolicyInformations) { ASN1ObjectIdentifier isPolicyId = isPolicyInformation.getPolicyIdentifier(); QaCertificatePolicyInformation expCp = conf.getPolicyInformation(isPolicyId.getId()); if (expCp == null) { failureMsg.append("certificate policy '").append(isPolicyId); failureMsg.append("' is not expected; "); continue; } QaPolicyQualifiers expCpPq = expCp.getPolicyQualifiers(); if (expCpPq == null) { continue; } ASN1Sequence isPolicyQualifiers = isPolicyInformation.getPolicyQualifiers(); List<String> isCpsUris = new LinkedList<>(); List<String> isUserNotices = new LinkedList<>(); int size = isPolicyQualifiers.size(); for (int i = 0; i < size; i++) { PolicyQualifierInfo isPolicyQualifierInfo = (PolicyQualifierInfo) isPolicyQualifiers.getObjectAt(i); ASN1ObjectIdentifier isPolicyQualifierId = isPolicyQualifierInfo.getPolicyQualifierId(); ASN1Encodable isQualifier = isPolicyQualifierInfo.getQualifier(); if (PolicyQualifierId.id_qt_cps.equals(isPolicyQualifierId)) { String isCpsUri = ((DERIA5String) isQualifier).getString(); isCpsUris.add(isCpsUri); } else if (PolicyQualifierId.id_qt_unotice.equals(isPolicyQualifierId)) { UserNotice isUserNotice = UserNotice.getInstance(isQualifier); if (isUserNotice.getExplicitText() != null) { isUserNotices.add(isUserNotice.getExplicitText().getString()); } } } List<QaPolicyQualifierInfo> qualifierInfos = expCpPq.getPolicyQualifiers(); for (QaPolicyQualifierInfo qualifierInfo : qualifierInfos) { if (qualifierInfo instanceof QaCpsUriPolicyQualifier) { String value = ((QaCpsUriPolicyQualifier) qualifierInfo).getCpsUri(); if (!isCpsUris.contains(value)) { failureMsg.append("CPSUri '").append(value); failureMsg.append("' is absent but is required; "); } } else if (qualifierInfo instanceof QaUserNoticePolicyQualifierInfo) { String value = ((QaUserNoticePolicyQualifierInfo) qualifierInfo).getUserNotice(); if (!isUserNotices.contains(value)) { failureMsg.append("userNotice '").append(value); failureMsg.append("' is absent but is required; "); } } else { throw new RuntimeException("should not reach here"); } } } for (QaCertificatePolicyInformation cp : conf.getPolicyInformations()) { boolean present = false; for (PolicyInformation isPolicyInformation : isPolicyInformations) { if (isPolicyInformation.getPolicyIdentifier().getId().equals(cp.getPolicyId())) { present = true; break; } } if (present) { continue; } failureMsg.append("certificate policy '").append(cp.getPolicyId()); failureMsg.append("' is absent but is required; "); } }
From source file:se.tillvaxtverket.tsltrust.weblogic.content.CertificateInformation.java
License:Open Source License
private void addCertificateExtensionInfo(AaaCertificate cert, boolean unfold) { InfoTableSection section = certElements.addNewSection(tm, "Extensions", unfold); section.setSectionHeadingClasses(CERT_INFO); InfoTableElements extElements = section.getElements(); extFact.clear();/*w w w. j av a 2s . c o m*/ List<ExtensionInfo> extList = cert.getExtensionInfoList(); if (extList == null) { return; } section.setFoldedElement( "Extension summary (out of " + String.valueOf(extList.size()) + " total Extensions)"); section.setKeepFoldableElement(true); for (ExtensionInfo rawExt : extList) { //Basic Constraints if (rawExt.getExtensionType().equals(SupportedExtension.basicConstraints)) { BasicConstraints bc = BasicConstraints.getInstance(rawExt.getExtDataASN1()); extFact.add(getExtNameAndOID(rawExt), EXT_ATTR); // set property extFact.add("cA", String.valueOf(bc.isCA())); extFact.addExtension(extElements); } //Key Usage if (rawExt.getExtensionType().equals(SupportedExtension.keyUsage)) { KeyUsage ku = KeyUsage.getInstance(rawExt.getExtDataASN1()); extFact.add(getExtNameAndOID(rawExt), EXT_ATTR); extFact.add("Usage", DisplayCert.getKeyUsageText(ku)); extFact.addExtension(extElements); } //QcStatements if (rawExt.getExtensionType().equals(SupportedExtension.qCStatements)) { QCStatementsExt qc = QCStatementsExt.getInstance(rawExt.getExtDataASN1()); extFact.add(getExtNameAndOID(rawExt), EXT_ATTR); // set property if (qc.isQcCompliance()) { extFact.add("Qualified", "true"); } if (qc.isQcSscd()) { extFact.add("QSSCD", "true"); } extFact.addExtension(extElements); } // //EKU if (rawExt.getExtensionType().equals(SupportedExtension.extendedKeyUsage)) { ExtendedKeyUsage eku = ExtendedKeyUsage.getInstance(rawExt.getExtDataASN1()); extFact.add(getExtNameAndOID(rawExt), EXT_ATTR); // set property KeyPurposeId[] keyPurposeIDs = eku.getUsages(); for (KeyPurposeId oid : keyPurposeIDs) { extFact.add(OidName.getName(oid.getId()), oid.getId()); } extFact.addExtension(extElements); } // //CertificatePolicies if (rawExt.getExtensionType().equals(SupportedExtension.certificatePolicies)) { CertificatePolicies cp = CertificatePolicies.getInstance(rawExt.getExtDataASN1()); extFact.add(getExtNameAndOID(rawExt), EXT_ATTR); // set property PolicyInformation[] policyInformation = cp.getPolicyInformation(); for (PolicyInformation pi : policyInformation) { ASN1ObjectIdentifier oid = pi.getPolicyIdentifier(); extFact.add("Policy", OidName.getName(oid.getId())); } extFact.addExtension(extElements); } // //SubjectAlterantive Name // /** // * GeneralName ::= CHOICE { // * otherName [0] OtherName, // * rfc822Name [1] IA5String, // * dNSName [2] IA5String, // * x400Address [3] ORAddress, // * directoryName [4] Name, // * ediPartyName [5] EDIPartyName, // * uniformResourceIdentifier [6] IA5String, // * iPAddress [7] OCTET STRING, // * registeredID [8] OBJECT IDENTIFIER } // */ if (rawExt.getExtensionType().equals(SupportedExtension.subjectAlternativeName)) { GeneralNames san = GeneralNames.getInstance(rawExt.getExtDataASN1()); extFact.add(getExtNameAndOID(rawExt), EXT_ATTR); // set property String[] nameType = new String[] { "otherName", "rfc822Name", "dNSName", "x400Address", "directoryName", "ediPartyName", "uniformResourceIdentifier", "iPAddress", "registeredID" }; GeneralName[] generalNames = san.getNames(); for (GeneralName name : generalNames) { int type = name.getTagNo(); if (type == 1 || type == 2 || type == 6 || type == 7) { extFact.add(nameType[type], name.getName().toString()); } } extFact.addExtension(extElements); } } }