Example usage for org.bouncycastle.asn1.x509 CertificatePolicies getPolicyInformation

List of usage examples for org.bouncycastle.asn1.x509 CertificatePolicies getPolicyInformation

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.x509 CertificatePolicies getPolicyInformation.

Prototype

public PolicyInformation[] getPolicyInformation() 

Source Link

Usage

From source file:com.otterca.common.crypto.SimplePolicyGeneratorTest.java

License:Apache License

/**
 * Test behavior when CPS is set./*w  w w. jav  a2 s.  com*/
 * 
 * @throws IOException
 */
@Test
@edu.umd.cs.findbugs.annotations.SuppressWarnings("NP_NONNULL_PARAM_VIOLATION")
public void testCpsPolicy() throws IOException {
    SimplePolicyGeneratorImpl generator = new SimplePolicyGeneratorImpl(CPS_URI, null, null, null);

    // get policy extensions
    byte[] policyBytes = generator.getExtension(SUBJECT, ISSUER);
    assertNotNull(policyBytes);

    X509Extensions exts = X509Extensions.getInstance(DLSequence.fromByteArray(policyBytes));
    ASN1Encodable asn1 = exts.getExtension(X509Extensions.CertificatePolicies).getParsedValue();
    CertificatePolicies policies = CertificatePolicies.getInstance(asn1);
    assertNotNull(policies, "unable to find CertificatePolicies extension");

    for (PolicyInformation info : policies.getPolicyInformation()) {
        if (id_qt_cps.equals(info.getPolicyIdentifier())) {
            DLSequence dls = (DLSequence) info.getPolicyQualifiers();
            for (int i = 0; i < dls.size(); i++) {
                DLSequence dls1 = (DLSequence) dls.getObjectAt(i);
                PolicyQualifierInfo pqInfo = new PolicyQualifierInfo((ASN1ObjectIdentifier) dls1.getObjectAt(0),
                        dls1.getObjectAt(1));
                // DLSequence dls1 = (DLSequence) dls.getObjectAt(i);
                if (id_qt_cps.equals(pqInfo.getPolicyQualifierId())) {
                    assertEquals(pqInfo.getQualifier().toString(), CPS_URI);
                } else {
                    fail("unknown policy qualifier id: " + pqInfo.getPolicyQualifierId());
                }
            }
        } else {
            fail("unknown policy identifier: " + info.getPolicyIdentifier());
        }
    }
}

From source file:com.otterca.common.crypto.SimplePolicyGeneratorTest.java

License:Apache License

/**
 * Test behavior when user notice is set.
 * //  www .  ja v a 2 s .  c om
 * @throws IOException
 */
@Test
@edu.umd.cs.findbugs.annotations.SuppressWarnings("NP_NONNULL_PARAM_VIOLATION")
public void testUserNoticePolicy() throws IOException {
    SimplePolicyGeneratorImpl generator = new SimplePolicyGeneratorImpl(null, ORGANIZATION, USER_NOTICE,
            Integer.valueOf(1));

    // get policy extensions
    byte[] policyBytes = generator.getExtension(SUBJECT, ISSUER);
    assertNotNull(policyBytes);

    X509Extensions exts = X509Extensions.getInstance(DLSequence.fromByteArray(policyBytes));
    ASN1Encodable asn1 = exts.getExtension(X509Extensions.CertificatePolicies).getParsedValue();
    CertificatePolicies policies = CertificatePolicies.getInstance(asn1);
    assertNotNull(policies, "unable to find CertificatePolicies extension");

    for (PolicyInformation info : policies.getPolicyInformation()) {
        if (id_qt_unotice.equals(info.getPolicyIdentifier())) {
            DLSequence dls = (DLSequence) info.getPolicyQualifiers();
            for (int i = 0; i < dls.size(); i++) {
                UserNotice userNotice = UserNotice.getInstance((DLSequence) dls.getObjectAt(i));
                assertEquals(userNotice.getNoticeRef().getOrganization().getString(), ORGANIZATION);
                assertEquals(userNotice.getNoticeRef().getNoticeNumbers()[0].getValue(), BigInteger.ONE);
                assertEquals(userNotice.getExplicitText().getString(), USER_NOTICE);
            }
        } else {
            fail("unknown policy identifier: " + info.getPolicyIdentifier());
        }
    }
}

From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java

License:Open Source License

private String getCertificatePoliciesStringValue(byte[] value) throws IOException {
    // @formatter:off

    /*/*from ww  w .j a  v a 2  s  . c o  m*/
     * CertificatePolicies ::= ASN1Sequence SIZE (1..MAX) OF PolicyInformation
     *
     * PolicyInformation ::= ASN1Sequence
     * {
     *      policyIdentifier CertPolicyId,
     *      policyQualifiers ASN1Sequence SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL
     * }
     *
     * CertPolicyId ::= OBJECT IDENTIFIER
     *
     * PolicyQualifierInfo ::= ASN1Sequence
     * {
     *      policyQualifierId PolicyQualifierId,
     *      qualifier ANY DEFINED BY policyQualifierId
     * }
     *
     * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
     *
     * Qualifier ::= CHOICE
     * {
     *      cPSuri CPSuri,
     *      userNotice UserNotice
     * }
     *
     * CPSuri ::= DERIA5String
     *
     * UserNotice ::= ASN1Sequence
     * {
     *      noticeRef NoticeReference OPTIONAL,
     *      explicitText DisplayText OPTIONAL
     * }
     *
     * NoticeReference ::= ASN1Sequence
     * {
     *      organization DisplayText,
     *      noticeNumbers ASN1Sequence OF ASN1Integer
     * }
     *
     * DisplayText ::= CHOICE
     * {
     *      ia5String DERIA5String (SIZE (1..200)),
     *      visibleString VisibleString (SIZE (1..200)),
     *      bmpString BMPString (SIZE (1..200)),
     *      utf8String UTF8String (SIZE (1..200))
     * }
     */

    // @formatter:on

    StringBuilder sb = new StringBuilder();

    CertificatePolicies certificatePolicies = CertificatePolicies.getInstance(value);

    int certPolicy = 0;

    for (PolicyInformation policyInformation : certificatePolicies.getPolicyInformation()) {
        certPolicy++;

        sb.append(MessageFormat.format(res.getString("CertificatePolicy"), certPolicy));
        sb.append(NEWLINE);

        ASN1ObjectIdentifier policyIdentifier = policyInformation.getPolicyIdentifier();
        String policyIdentifierStr = ObjectIdUtil.toString(policyIdentifier);

        sb.append(INDENT);
        sb.append(MessageFormat.format(res.getString("PolicyIdentifier"), policyIdentifierStr));
        sb.append(NEWLINE);

        ASN1Sequence policyQualifiers = policyInformation.getPolicyQualifiers();

        if (policyQualifiers != null) { // Optional
            int policyQual = 0;

            for (ASN1Encodable policyQualifier : policyQualifiers.toArray()) {

                ASN1Sequence policyQualifierInfo = (ASN1Sequence) policyQualifier;

                sb.append(INDENT.toString(1));
                sb.append(MessageFormat.format(res.getString("PolicyQualifierInformation"), certPolicy,
                        ++policyQual));
                sb.append(NEWLINE);

                ASN1ObjectIdentifier policyQualifierId = (ASN1ObjectIdentifier) policyQualifierInfo
                        .getObjectAt(0);

                CertificatePolicyQualifierType certificatePolicyQualifierType = CertificatePolicyQualifierType
                        .resolveOid(policyQualifierId.getId());

                if (certificatePolicyQualifierType != null) {
                    sb.append(INDENT.toString(2));
                    sb.append(certificatePolicyQualifierType.friendly());
                    sb.append(NEWLINE);

                    if (certificatePolicyQualifierType == PKIX_CPS_POINTER_QUALIFIER) {
                        DERIA5String cpsPointer = (DERIA5String) policyQualifierInfo.getObjectAt(1);

                        sb.append(INDENT.toString(2));
                        sb.append(MessageFormat.format(res.getString("CpsPointer"),
                                "<a href=\"" + cpsPointer + "\">" + cpsPointer + "</a>"));
                        sb.append(NEWLINE);
                    } else if (certificatePolicyQualifierType == PKIX_USER_NOTICE_QUALIFIER) {
                        ASN1Encodable userNoticeObj = policyQualifierInfo.getObjectAt(1);

                        UserNotice userNotice = UserNotice.getInstance(userNoticeObj);

                        sb.append(INDENT.toString(2));
                        sb.append(res.getString("UserNotice"));
                        sb.append(NEWLINE);

                        NoticeReference noticeReference = userNotice.getNoticeRef();

                        DisplayText explicitText = userNotice.getExplicitText();

                        if (noticeReference != null) { // Optional
                            sb.append(INDENT.toString(3));
                            sb.append(res.getString("NoticeReference"));
                            sb.append(NEWLINE);

                            DisplayText organization = noticeReference.getOrganization();
                            String organizationString = organization.getString();

                            sb.append(INDENT.toString(4));
                            sb.append(MessageFormat.format(res.getString("Organization"), organizationString));
                            sb.append(NEWLINE);

                            ASN1Integer[] noticeNumbers = noticeReference.getNoticeNumbers();

                            StringBuilder sbNoticeNumbers = new StringBuilder();
                            for (ASN1Integer noticeNumber : noticeNumbers) {
                                sbNoticeNumbers.append(noticeNumber.getValue().intValue());
                                sbNoticeNumbers.append(", ");
                            }
                            sbNoticeNumbers.setLength(sbNoticeNumbers.length() - 2);

                            sb.append(INDENT.toString(4));
                            sb.append(MessageFormat.format(res.getString("NoticeNumbers"),
                                    sbNoticeNumbers.toString()));
                            sb.append(NEWLINE);
                        }

                        if (explicitText != null) { // Optional
                            String explicitTextString = explicitText.getString();

                            sb.append(INDENT.toString(3));
                            sb.append(MessageFormat.format(res.getString("ExplicitText"), explicitTextString));
                            sb.append(NEWLINE);
                        }
                    }
                }
            }
        }
    }

    return sb.toString();
}

From source file:net.sf.keystore_explorer.gui.dialogs.extensions.DCertificatePolicies.java

License:Open Source License

@SuppressWarnings("unchecked")
private void prepopulateWithValue(byte[] value) throws IOException {
    CertificatePolicies certificatePolicies = CertificatePolicies.getInstance(value);

    List<PolicyInformation> accessDescriptionList = new ArrayList<PolicyInformation>(
            Arrays.asList(certificatePolicies.getPolicyInformation()));

    jpiCertificatePolicies.setPolicyInformation(accessDescriptionList);
}

From source file:org.kse.gui.dialogs.extensions.DCertificatePolicies.java

License:Open Source License

private void prepopulateWithValue(byte[] value) throws IOException {
    CertificatePolicies certificatePolicies = CertificatePolicies.getInstance(value);

    List<PolicyInformation> accessDescriptionList = new ArrayList<PolicyInformation>(
            Arrays.asList(certificatePolicies.getPolicyInformation()));

    jpiCertificatePolicies.setPolicyInformation(accessDescriptionList);
}

From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java

License:Open Source License

private void checkExtensionCertificatePolicies(final StringBuilder failureMsg, final byte[] extensionValue,
        final Extensions requestExtensions, final ExtensionControl extControl) {
    QaCertificatePolicies conf = certificatePolicies;
    if (conf == null) {
        byte[] expected = getExpectedExtValue(Extension.certificatePolicies, requestExtensions, extControl);
        if (Arrays.equals(expected, extensionValue) == false) {
            failureMsg.append("extension valus is '" + hex(extensionValue) + "' but expected '"
                    + (expected == null ? "not present" : hex(expected)) + "'");
            failureMsg.append("; ");
        }/* ww  w . j  ava 2s.c o  m*/
        return;
    }

    org.bouncycastle.asn1.x509.CertificatePolicies asn1 = org.bouncycastle.asn1.x509.CertificatePolicies
            .getInstance(extensionValue);
    PolicyInformation[] iPolicyInformations = asn1.getPolicyInformation();

    for (PolicyInformation iPolicyInformation : iPolicyInformations) {
        ASN1ObjectIdentifier iPolicyId = iPolicyInformation.getPolicyIdentifier();
        QaCertificatePolicyInformation eCp = conf.getPolicyInformation(iPolicyId.getId());
        if (eCp == null) {
            failureMsg.append("certificate policy '" + iPolicyId + "' is not expected");
            failureMsg.append("; ");
            continue;
        }

        QaPolicyQualifiers eCpPq = eCp.getPolicyQualifiers();
        if (eCpPq == null) {
            continue;
        }

        ASN1Sequence iPolicyQualifiers = iPolicyInformation.getPolicyQualifiers();
        List<String> iCpsUris = new LinkedList<>();
        List<String> iUserNotices = new LinkedList<>();

        int n = iPolicyQualifiers.size();
        for (int i = 0; i < n; i++) {
            PolicyQualifierInfo iPolicyQualifierInfo = (PolicyQualifierInfo) iPolicyQualifiers.getObjectAt(i);
            ASN1ObjectIdentifier iPolicyQualifierId = iPolicyQualifierInfo.getPolicyQualifierId();
            ASN1Encodable iQualifier = iPolicyQualifierInfo.getQualifier();
            if (PolicyQualifierId.id_qt_cps.equals(iPolicyQualifierId)) {
                String iCpsUri = ((DERIA5String) iQualifier).getString();
                iCpsUris.add(iCpsUri);
            } else if (PolicyQualifierId.id_qt_unotice.equals(iPolicyQualifierId)) {
                UserNotice iUserNotice = UserNotice.getInstance(iQualifier);
                if (iUserNotice.getExplicitText() != null) {
                    iUserNotices.add(iUserNotice.getExplicitText().getString());
                }
            }
        }

        List<QaPolicyQualifierInfo> qualifierInfos = eCpPq.getPolicyQualifiers();
        for (QaPolicyQualifierInfo qualifierInfo : qualifierInfos) {
            if (qualifierInfo instanceof QaCPSUriPolicyQualifier) {
                String value = ((QaCPSUriPolicyQualifier) qualifierInfo).getCPSUri();
                if (iCpsUris.contains(value) == false) {
                    failureMsg.append("CPSUri '" + value + "' is absent but is required");
                    failureMsg.append("; ");
                }
            } else if (qualifierInfo instanceof QaUserNoticePolicyQualifierInfo) {
                String value = ((QaUserNoticePolicyQualifierInfo) qualifierInfo).getUserNotice();
                if (iUserNotices.contains(value) == false) {
                    failureMsg.append("userNotice '" + value + "' is absent but is required");
                    failureMsg.append("; ");
                }
            } else {
                throw new RuntimeException("should not reach here");
            }
        }
    }

    for (QaCertificatePolicyInformation cp : conf.getPolicyInformations()) {
        boolean present = false;
        for (PolicyInformation iPolicyInformation : iPolicyInformations) {
            if (iPolicyInformation.getPolicyIdentifier().getId().equals(cp.getPolicyId())) {
                present = true;
                break;
            }
        }

        if (present) {
            continue;
        }

        failureMsg.append("certificate policy '").append(cp.getPolicyId())
                .append("' is absent but is required");
        failureMsg.append("; ");
    }
}

From source file:org.xipki.pki.ca.qa.ExtensionsChecker.java

License:Open Source License

private void checkExtensionCertificatePolicies(final StringBuilder failureMsg, final byte[] extensionValue,
        final Extensions requestedExtensions, final ExtensionControl extControl) {
    QaCertificatePolicies conf = certificatePolicies;
    if (conf == null) {
        byte[] expected = getExpectedExtValue(Extension.certificatePolicies, requestedExtensions, extControl);
        if (!Arrays.equals(expected, extensionValue)) {
            addViolation(failureMsg, "extension values", hex(extensionValue),
                    (expected == null) ? "not present" : hex(expected));
        }/*from ww w .jav a 2 s .c om*/
        return;
    }

    org.bouncycastle.asn1.x509.CertificatePolicies asn1 = org.bouncycastle.asn1.x509.CertificatePolicies
            .getInstance(extensionValue);
    PolicyInformation[] isPolicyInformations = asn1.getPolicyInformation();

    for (PolicyInformation isPolicyInformation : isPolicyInformations) {
        ASN1ObjectIdentifier isPolicyId = isPolicyInformation.getPolicyIdentifier();
        QaCertificatePolicyInformation expCp = conf.getPolicyInformation(isPolicyId.getId());
        if (expCp == null) {
            failureMsg.append("certificate policy '").append(isPolicyId);
            failureMsg.append("' is not expected; ");
            continue;
        }

        QaPolicyQualifiers expCpPq = expCp.getPolicyQualifiers();
        if (expCpPq == null) {
            continue;
        }

        ASN1Sequence isPolicyQualifiers = isPolicyInformation.getPolicyQualifiers();
        List<String> isCpsUris = new LinkedList<>();
        List<String> isUserNotices = new LinkedList<>();

        int size = isPolicyQualifiers.size();
        for (int i = 0; i < size; i++) {
            PolicyQualifierInfo isPolicyQualifierInfo = (PolicyQualifierInfo) isPolicyQualifiers.getObjectAt(i);
            ASN1ObjectIdentifier isPolicyQualifierId = isPolicyQualifierInfo.getPolicyQualifierId();
            ASN1Encodable isQualifier = isPolicyQualifierInfo.getQualifier();
            if (PolicyQualifierId.id_qt_cps.equals(isPolicyQualifierId)) {
                String isCpsUri = ((DERIA5String) isQualifier).getString();
                isCpsUris.add(isCpsUri);
            } else if (PolicyQualifierId.id_qt_unotice.equals(isPolicyQualifierId)) {
                UserNotice isUserNotice = UserNotice.getInstance(isQualifier);
                if (isUserNotice.getExplicitText() != null) {
                    isUserNotices.add(isUserNotice.getExplicitText().getString());
                }
            }
        }

        List<QaPolicyQualifierInfo> qualifierInfos = expCpPq.getPolicyQualifiers();
        for (QaPolicyQualifierInfo qualifierInfo : qualifierInfos) {
            if (qualifierInfo instanceof QaCpsUriPolicyQualifier) {
                String value = ((QaCpsUriPolicyQualifier) qualifierInfo).getCpsUri();
                if (!isCpsUris.contains(value)) {
                    failureMsg.append("CPSUri '").append(value);
                    failureMsg.append("' is absent but is required; ");
                }
            } else if (qualifierInfo instanceof QaUserNoticePolicyQualifierInfo) {
                String value = ((QaUserNoticePolicyQualifierInfo) qualifierInfo).getUserNotice();
                if (!isUserNotices.contains(value)) {
                    failureMsg.append("userNotice '").append(value);
                    failureMsg.append("' is absent but is required; ");
                }
            } else {
                throw new RuntimeException("should not reach here");
            }
        }
    }

    for (QaCertificatePolicyInformation cp : conf.getPolicyInformations()) {
        boolean present = false;
        for (PolicyInformation isPolicyInformation : isPolicyInformations) {
            if (isPolicyInformation.getPolicyIdentifier().getId().equals(cp.getPolicyId())) {
                present = true;
                break;
            }
        }

        if (present) {
            continue;
        }

        failureMsg.append("certificate policy '").append(cp.getPolicyId());
        failureMsg.append("' is absent but is required; ");
    }
}

From source file:se.tillvaxtverket.tsltrust.weblogic.content.CertificateInformation.java

License:Open Source License

private void addCertificateExtensionInfo(AaaCertificate cert, boolean unfold) {
    InfoTableSection section = certElements.addNewSection(tm, "Extensions", unfold);
    section.setSectionHeadingClasses(CERT_INFO);
    InfoTableElements extElements = section.getElements();
    extFact.clear();/*w w  w. j  av  a 2s  .  c o  m*/

    List<ExtensionInfo> extList = cert.getExtensionInfoList();
    if (extList == null) {
        return;
    }

    section.setFoldedElement(
            "Extension summary (out of " + String.valueOf(extList.size()) + " total Extensions)");
    section.setKeepFoldableElement(true);

    for (ExtensionInfo rawExt : extList) {
        //Basic Constraints
        if (rawExt.getExtensionType().equals(SupportedExtension.basicConstraints)) {
            BasicConstraints bc = BasicConstraints.getInstance(rawExt.getExtDataASN1());
            extFact.add(getExtNameAndOID(rawExt), EXT_ATTR);
            // set property
            extFact.add("cA", String.valueOf(bc.isCA()));
            extFact.addExtension(extElements);
        }
        //Key Usage
        if (rawExt.getExtensionType().equals(SupportedExtension.keyUsage)) {
            KeyUsage ku = KeyUsage.getInstance(rawExt.getExtDataASN1());
            extFact.add(getExtNameAndOID(rawExt), EXT_ATTR);
            extFact.add("Usage", DisplayCert.getKeyUsageText(ku));
            extFact.addExtension(extElements);
        }

        //QcStatements
        if (rawExt.getExtensionType().equals(SupportedExtension.qCStatements)) {
            QCStatementsExt qc = QCStatementsExt.getInstance(rawExt.getExtDataASN1());
            extFact.add(getExtNameAndOID(rawExt), EXT_ATTR);
            // set property
            if (qc.isQcCompliance()) {
                extFact.add("Qualified", "true");
            }
            if (qc.isQcSscd()) {
                extFact.add("QSSCD", "true");
            }
            extFact.addExtension(extElements);
        }

        //            //EKU
        if (rawExt.getExtensionType().equals(SupportedExtension.extendedKeyUsage)) {
            ExtendedKeyUsage eku = ExtendedKeyUsage.getInstance(rawExt.getExtDataASN1());
            extFact.add(getExtNameAndOID(rawExt), EXT_ATTR);
            // set property
            KeyPurposeId[] keyPurposeIDs = eku.getUsages();
            for (KeyPurposeId oid : keyPurposeIDs) {
                extFact.add(OidName.getName(oid.getId()), oid.getId());
            }
            extFact.addExtension(extElements);
        }

        //            //CertificatePolicies
        if (rawExt.getExtensionType().equals(SupportedExtension.certificatePolicies)) {
            CertificatePolicies cp = CertificatePolicies.getInstance(rawExt.getExtDataASN1());
            extFact.add(getExtNameAndOID(rawExt), EXT_ATTR);
            // set property
            PolicyInformation[] policyInformation = cp.getPolicyInformation();
            for (PolicyInformation pi : policyInformation) {
                ASN1ObjectIdentifier oid = pi.getPolicyIdentifier();
                extFact.add("Policy", OidName.getName(oid.getId()));
            }
            extFact.addExtension(extElements);
        }

        //            //SubjectAlterantive Name
        //            /**
        //             *    GeneralName ::= CHOICE {
        //             *    otherName                       [0]     OtherName,
        //             *    rfc822Name                      [1]     IA5String,
        //             *    dNSName                         [2]     IA5String,
        //             *    x400Address                     [3]     ORAddress,
        //             *    directoryName                   [4]     Name,
        //             *    ediPartyName                    [5]     EDIPartyName,
        //             *    uniformResourceIdentifier       [6]     IA5String,
        //             *    iPAddress                       [7]     OCTET STRING,
        //             *    registeredID                    [8]     OBJECT IDENTIFIER }
        //             */
        if (rawExt.getExtensionType().equals(SupportedExtension.subjectAlternativeName)) {
            GeneralNames san = GeneralNames.getInstance(rawExt.getExtDataASN1());
            extFact.add(getExtNameAndOID(rawExt), EXT_ATTR);
            // set property
            String[] nameType = new String[] { "otherName", "rfc822Name", "dNSName", "x400Address",
                    "directoryName", "ediPartyName", "uniformResourceIdentifier", "iPAddress", "registeredID" };
            GeneralName[] generalNames = san.getNames();
            for (GeneralName name : generalNames) {
                int type = name.getTagNo();
                if (type == 1 || type == 2 || type == 6 || type == 7) {
                    extFact.add(nameType[type], name.getName().toString());
                }
            }
            extFact.addExtension(extElements);
        }
    }
}