List of usage examples for org.bouncycastle.asn1.x509.qualified QCStatement getInstance
public static QCStatement getInstance(Object obj)
From source file:be.fedict.trust.constraints.QCStatementsCertificateConstraint.java
License:Open Source License
@Override public void check(X509Certificate certificate) throws TrustLinkerResultException, Exception { byte[] extensionValue = certificate.getExtensionValue(Extension.qCStatements.getId()); if (null == extensionValue) { throw new TrustLinkerResultException(TrustLinkerResultReason.CONSTRAINT_VIOLATION, "missing QCStatements extension"); }//from w w w .j a v a 2 s . c o m DEROctetString oct = (DEROctetString) (new ASN1InputStream(new ByteArrayInputStream(extensionValue)) .readObject()); ASN1Sequence qcStatements = (ASN1Sequence) new ASN1InputStream(oct.getOctets()).readObject(); Enumeration<?> qcStatementEnum = qcStatements.getObjects(); boolean qcCompliance = false; boolean qcSSCD = false; while (qcStatementEnum.hasMoreElements()) { QCStatement qcStatement = QCStatement.getInstance(qcStatementEnum.nextElement()); ASN1ObjectIdentifier statementId = qcStatement.getStatementId(); LOG.debug("statement Id: " + statementId.getId()); if (QCStatement.id_etsi_qcs_QcCompliance.equals(statementId)) { qcCompliance = true; } if (QCStatement.id_etsi_qcs_QcSSCD.equals(statementId)) { qcSSCD = true; } } if (null != this.qcComplianceFilter) { if (qcCompliance != this.qcComplianceFilter) { LOG.error("qcCompliance QCStatements error"); throw new TrustLinkerResultException(TrustLinkerResultReason.CONSTRAINT_VIOLATION, "QCStatements not matching"); } } if (null != this.qcSSCDFilter) { if (qcSSCD != this.qcSSCDFilter) { LOG.error("qcSSCD QCStatements error"); throw new TrustLinkerResultException(TrustLinkerResultReason.CONSTRAINT_VIOLATION, "QCStatements not matching"); } } }
From source file:com.yacme.ext.oxsit.cust_it.comp.security.cert.CertificateComplianceCA_IT.java
License:Open Source License
/** * check if qcStatements are present as per ETSI * @param _TbsC /* www .j ava2 s . c om*/ * @return */ private boolean hasQcStatements(TBSCertificateStructure _TbsC) { //first check for CNIPA requirement //then check for ETSI 102 280 requirements //then check for ETSI 101 862 //qcstatements are defined in ETSI 101 862 X509Extensions xExt = _TbsC.getExtensions(); X509Extension qcStats = xExt.getExtension(X509Extensions.QCStatements); if (qcStats == null) { //no qcStatement setCertificateStateHelper(CertificateState.MISSING_EXTENSION); m_aLogger.log("missing qcStatements"); return false; } int numberOfChecksOk = 4; //if this drops to zero, //it's not marked critical if (!qcStats.isCritical()) numberOfChecksOk--; ASN1Sequence dns = (ASN1Sequence) X509Extension.convertValueToObject(qcStats); for (int i = 0; i < dns.size(); i++) { QCStatement qcs = QCStatement.getInstance(dns.getObjectAt(i)); if (QCStatement.id_etsi_qcs_QcCompliance.equals(qcs.getStatementId())) numberOfChecksOk--; if (QCStatement.id_etsi_qcs_QcSSCD.equals(qcs.getStatementId())) numberOfChecksOk--; if (QCStatement.id_etsi_qcs_RetentionPeriod.equals(qcs.getStatementId())) numberOfChecksOk--; } if (numberOfChecksOk != 0) { m_xQc.setCertificateElementErrorState(X509Extensions.QCStatements.getId(), CertificateElementState.INVALID_value); setCertificateStateHelper(CertificateState.ERROR_IN_EXTENSION); return false; } return true; }
From source file:com.yacme.ext.oxsit.cust_it.comp.security.cert.CertificateCompliance_IT.java
License:Open Source License
/** * check if qcStatements are present as per ETSI * @param _TbsC /*w w w . ja v a 2 s .com*/ * @return */ private boolean hasQcStatements(TBSCertificateStructure _TbsC) { //first check for CNIPA requirement //then check for ETSI 102 280 requirements //then check for ETSI 101 862 //qcstatements are defined in ETSI 101 862 X509Extensions xExt = _TbsC.getExtensions(); X509Extension qcStats = xExt.getExtension(X509Extensions.QCStatements); if (qcStats == null) { //no qcStatement setCertificateStateHelper(CertificateState.MISSING_EXTENSION); m_aLogger.log("missing qcStatements"); String s = m_xQc.getCertificateDisplayObj() .getCertificateElementCommentString(CertificateElementID.NOT_CRITICAL_EXTENSION); s = s + "\r"; m_xQc.getCertificateDisplayObj().setCertificateElementCommentString( CertificateElementID.NOT_CRITICAL_EXTENSION, s + "qcStatement missing"); return false; } int numberOfChecksOk = 4; //if this drops to zero, //it's not marked critical if (!qcStats.isCritical()) numberOfChecksOk--; ASN1Sequence dns = (ASN1Sequence) X509Extension.convertValueToObject(qcStats); for (int i = 0; i < dns.size(); i++) { QCStatement qcs = QCStatement.getInstance(dns.getObjectAt(i)); if (QCStatement.id_etsi_qcs_QcCompliance.equals(qcs.getStatementId())) numberOfChecksOk--; if (QCStatement.id_etsi_qcs_QcSSCD.equals(qcs.getStatementId())) numberOfChecksOk--; if (QCStatement.id_etsi_qcs_RetentionPeriod.equals(qcs.getStatementId())) numberOfChecksOk--; } if (numberOfChecksOk != 0) { m_xQc.setCertificateElementErrorState(X509Extensions.QCStatements.getId(), CertificateElementState.INVALID_value); setCertificateStateHelper(CertificateState.ERROR_IN_EXTENSION); m_xQc.getCertificateDisplayObj().setCertificateExtensionCommentString( X509Extensions.QCStatements.getId(), "some statement is wrong."); return false; } return true; }
From source file:eu.emi.security.authn.x509.helpers.pkipath.bc.FixedBCPKIXCertPathReviewer.java
License:Open Source License
private boolean processQcStatements(X509Certificate cert, int index) { try {/*w w w . j a va2 s .c o m*/ boolean unknownStatement = false; ASN1Sequence qcSt = (ASN1Sequence) getExtensionValue(cert, QC_STATEMENT); for (int j = 0; j < qcSt.size(); j++) { QCStatement stmt = QCStatement.getInstance(qcSt.getObjectAt(j)); if (QCStatement.id_etsi_qcs_QcCompliance.equals(stmt.getStatementId())) { // process statement - just write a notification that the certificate contains this statement ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcEuCompliance"); addNotification(msg, index); } else if (QCStatement.id_qcs_pkixQCSyntax_v1.equals(stmt.getStatementId())) { // process statement - just recognize the statement } else if (QCStatement.id_etsi_qcs_QcSSCD.equals(stmt.getStatementId())) { // process statement - just write a notification that the certificate contains this statement ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcSSCD"); addNotification(msg, index); } else if (QCStatement.id_etsi_qcs_LimiteValue.equals(stmt.getStatementId())) { // process statement - write a notification containing the limit value MonetaryValue limit = MonetaryValue.getInstance(stmt.getStatementInfo()); Iso4217CurrencyCode currency = limit.getCurrency(); double value = limit.getAmount().doubleValue() * Math.pow(10, limit.getExponent().doubleValue()); ErrorBundle msg; if (limit.getCurrency().isAlphabetic()) { msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcLimitValueAlpha", new Object[] { limit.getCurrency().getAlphabetic(), new TrustedInput(new Double(value)), limit }); } else { msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcLimitValueNum", new Object[] { new Integer(limit.getCurrency().getNumeric()), new TrustedInput(new Double(value)), limit }); } addNotification(msg, index); } else { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcUnknownStatement", new Object[] { stmt.getStatementId(), new UntrustedInput(stmt) }); addNotification(msg, index); unknownStatement = true; } } return !unknownStatement; } catch (AnnotatedException ae) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcStatementExtError"); addError(msg, index); } return false; }
From source file:eu.europa.ec.markt.dss.DSSUtils.java
License:Open Source License
public static List<String> getQCStatementsIdList(final X509Certificate x509Certificate) { final List<String> extensionIdList = new ArrayList<String>(); final byte[] qcStatement = x509Certificate.getExtensionValue(X509Extension.qCStatements.getId()); if (qcStatement != null) { ASN1InputStream input = null; try {/*from w w w . j a va 2s . c o m*/ input = new ASN1InputStream(qcStatement); final DEROctetString s = (DEROctetString) input.readObject(); final byte[] content = s.getOctets(); input.close(); input = new ASN1InputStream(content); final ASN1Sequence seq = (ASN1Sequence) input.readObject(); /* Sequence of QCStatement */ for (int ii = 0; ii < seq.size(); ii++) { final QCStatement statement = QCStatement.getInstance(seq.getObjectAt(ii)); extensionIdList.add(statement.getStatementId().getId()); } } catch (IOException e) { throw new DSSException(e); } finally { DSSUtils.closeQuietly(input); } } return extensionIdList; }
From source file:eu.europa.ec.markt.dss.validation.tsl.QcStatementCondition.java
License:Open Source License
@SuppressWarnings("deprecation") @Override/* w w w . j a v a2 s . co m*/ public boolean check(CertificateAndContext cert) { byte[] qcStatement = cert.getCertificate().getExtensionValue(X509Extensions.QCStatements.getId()); if (qcStatement != null) { try { ASN1InputStream input = new ASN1InputStream(qcStatement); DEROctetString s = (DEROctetString) input.readObject(); byte[] content = s.getOctets(); input = new ASN1InputStream(content); DERSequence seq = (DERSequence) input.readObject(); /* Sequence of QCStatment */ for (int i = 0; i < seq.size(); i++) { QCStatement statement = QCStatement.getInstance(seq.getObjectAt(i)); if (statement.getStatementId().getId().equals(qcStatementId)) { return true; } } return false; } catch (IOException e) { throw new RuntimeException(e); } } return false; }
From source file:eu.europa.esig.dss.DSSASN1Utils.java
License:Open Source License
/** * @param x509Certificate/*from w w w. j a v a2 s. c o m*/ * @return */ public static List<String> getQCStatementsIdList(final CertificateToken certToken) { final List<String> extensionIdList = new ArrayList<String>(); final byte[] qcStatement = certToken.getCertificate().getExtensionValue(Extension.qCStatements.getId()); if (qcStatement != null) { final ASN1Sequence seq = getAsn1SequenceFromDerOctetString(qcStatement); // Sequence of QCStatement for (int ii = 0; ii < seq.size(); ii++) { final QCStatement statement = QCStatement.getInstance(seq.getObjectAt(ii)); extensionIdList.add(statement.getStatementId().getId()); } } return extensionIdList; }
From source file:it.trento.comune.j4sign.verification.CertValidity.java
License:Open Source License
public boolean getHasQcStatements() { try {/*from w w w .j a va2s.co m*/ hasQCStatements = it.trento.comune.j4sign.verification.utils.CertUtils.QCStatements .hasQcStatement(cert); qcCompliance = false; qcStatementsStrings = null; if (hasQCStatements) { qcStatementsStrings = new ArrayList<String>(); ASN1Sequence qcStatements = CertUtils.QCStatements.getQcStatements(cert); Enumeration<?> qcStatementEnum = qcStatements.getObjects(); while (qcStatementEnum.hasMoreElements()) { QCStatement qc = QCStatement.getInstance(qcStatementEnum.nextElement()); DERObjectIdentifier statementId = qc.getStatementId(); if (ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance.getId().equals(statementId.getId())) { qcCompliance = true; qcStatementsStrings.add(statementId.getId() + " (etsi_qcs_QcCompliance)"); } else if (ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue.getId() .equals(statementId.getId())) { String qcLimit = CertUtils.QCStatements.getQcStatementValueLimit(cert); qcStatementsStrings.add(statementId.getId() + " (id_etsi_qcs_LimiteValue): " + qcLimit); } else if (ETSIQCObjectIdentifiers.id_etsi_qcs_RetentionPeriod.getId() .equals(statementId.getId())) { String qcRetentionPeriod = DERInteger.getInstance(qc.getStatementInfo()).toString(); qcStatementsStrings .add(statementId.getId() + " (etsi_qcs_RetentionPeriod): " + qcRetentionPeriod); } else if (ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD.getId().equals(statementId.getId())) { qcStatementsStrings.add(statementId.getId() + " (etsi_qcs_QcSSCD)"); } else qcStatementsStrings.add(statementId.getId() + " (Unknown)"); } } } catch (IOException e) { hasQCStatements = false; } return hasQCStatements; }
From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java
License:Open Source License
private String getQcStatementsStringValue(byte[] octets) throws IOException { // @formatter:off /*/* w w w . ja v a 2 s . c om*/ QCStatements ::= SEQUENCE OF QSStatement QSStatement ::= SEQUENCE { statementId OBJECT IDENTIFIER, statementInfo ANY DEFINED BY statementId OPTIONAL } QcEuLimitValue ::= MonetaryValue QcRetentionPeriod ::= INTEGER */ // @formatter:on StringBuilder sb = new StringBuilder(); int qcStatementNr = 0; ASN1Sequence qcStatements = ASN1Sequence.getInstance(octets); for (ASN1Encodable asn1Encodable : qcStatements.toArray()) { QCStatement qcStatement = QCStatement.getInstance(asn1Encodable); ASN1ObjectIdentifier statementId = qcStatement.getStatementId(); ASN1Encodable statementInfo = qcStatement.getStatementInfo(); int indentLevel = 1; sb.append(MessageFormat.format(res.getString("QCStatement.QCStatement"), ++qcStatementNr)); sb.append(NEWLINE); QcStatementType qcStatementType = QcStatementType.resolveOid(statementId.getId()); switch (qcStatementType) { case QC_SYNTAX_V1: case QC_SYNTAX_V2: SemanticsInformation semanticsInfo = SemanticsInformation.getInstance(statementInfo); sb.append(getSemanticInformationValueString(qcStatementType, semanticsInfo, indentLevel)); break; case QC_COMPLIANCE: // no statementInfo sb.append(INDENT.toString(indentLevel)); sb.append(res.getString(QcStatementType.QC_COMPLIANCE.getResKey())); sb.append(NEWLINE); break; case QC_EU_LIMIT_VALUE: sb.append(INDENT.toString(indentLevel)); sb.append(res.getString(QcStatementType.QC_EU_LIMIT_VALUE.getResKey())); sb.append(NEWLINE); sb.append(getMonetaryValueStringValue(statementInfo, indentLevel + 1)); break; case QC_RETENTION_PERIOD: ASN1Integer asn1Integer = ASN1Integer.getInstance(statementInfo); sb.append(INDENT.toString(indentLevel)); sb.append(MessageFormat.format(res.getString(QcStatementType.QC_RETENTION_PERIOD.getResKey()), asn1Integer.getValue().toString())); sb.append(NEWLINE); break; case QC_SSCD: // no statementInfo sb.append(INDENT.toString(indentLevel)); sb.append(res.getString(QcStatementType.QC_SSCD.getResKey())); sb.append(NEWLINE); break; } } return sb.toString(); }
From source file:org.cesecore.certificates.certificate.certextensions.QcStatementTest.java
License:Open Source License
@Test public void testQcStatement() throws CertificateExtensionException, IOException { CertificateProfile prof = new CertificateProfile(CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER); prof.setUseQCStatement(true);/*from w w w. j a v a2 s . co m*/ prof.setUseQCEtsiQCCompliance(true); prof.setUseQCEtsiSignatureDevice(true); prof.setQCEtsiType("0.4.0.1862.1.6.1"); prof.setQCEtsiPds(Arrays.asList(new PKIDisclosureStatement("http://qcs.localhost/QcPDS", "en"))); QcStatement statement = new QcStatement(); byte[] value = statement.getValueEncoded(null, null, prof, null, null, null); @SuppressWarnings("resource") final String dump = ASN1Dump.dumpAsString(new ASN1InputStream(value).readObject(), true); log.info(dump); // Hex dump can be used in Custom Certificate Extensions log.info(new String(Hex.encode(value))); // Dump included IDs final ASN1Sequence seq = (ASN1Sequence) ASN1Sequence.fromByteArray(value); // This is just a loop to get all the statement IDs in the QcStatements extension, so we can view them and count them ArrayList<String> oids = new ArrayList<>(); for (int i = 0; i < seq.size(); i++) { final QCStatement qc = QCStatement.getInstance(seq.getObjectAt(i)); final ASN1ObjectIdentifier oid = qc.getStatementId(); if (oid != null) { oids.add(oid.getId()); } else { fail("QC statements have empty statement"); } } log.info(oids); // Check that all OIDs we set exist assertEquals("Not all QC statement Ids were included", 4, oids.size()); assertTrue(oids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance.getId())); assertTrue(oids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD.getId())); assertTrue(oids.contains("0.4.0.1862.1.6")); // ETSIQCObjectIdentifiers.id_etsi_qcs_QcType assertTrue(oids.contains("0.4.0.1862.1.5")); // ETSIQCObjectIdentifiers.id_etsi_qcs_QcPds // Check the values we set assertEquals("0.4.0.1862.1.6.1", QCStatementExtension.getStatementStringValue(seq, "0.4.0.1862.1.6", 0)); assertEquals("[http://qcs.localhost/QcPDS, en]", QCStatementExtension.getStatementStringValue(seq, "0.4.0.1862.1.5", 0)); }