List of usage examples for org.bouncycastle.asn1.x509 X509Extension getParsedValue
public ASN1Encodable getParsedValue()
From source file:org.candlepin.util.X509CRLStreamWriter.java
License:Open Source License
protected void writeToEmptyCrl(OutputStream out) throws IOException { ASN1InputStream asn1in = null; try {/*ww w . j a v a 2 s .c o m*/ asn1in = new ASN1InputStream(crlIn); DERSequence certListSeq = (DERSequence) asn1in.readObject(); CertificateList certList = new CertificateList(certListSeq); X509CRLHolder oldCrl = new X509CRLHolder(certList); X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(oldCrl.getIssuer(), new Date()); crlBuilder.addCRL(oldCrl); Date now = new Date(); Date oldNextUpdate = certList.getNextUpdate().getDate(); Date oldThisUpdate = certList.getThisUpdate().getDate(); Date nextUpdate = new Date(now.getTime() + (oldNextUpdate.getTime() - oldThisUpdate.getTime())); crlBuilder.setNextUpdate(nextUpdate); for (Object o : oldCrl.getExtensionOIDs()) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) o; X509Extension ext = oldCrl.getExtension(oid); if (oid.equals(X509Extension.cRLNumber)) { DEROctetString octet = (DEROctetString) ext.getValue().getDERObject(); DERInteger currentNumber = (DERInteger) DERTaggedObject.fromByteArray(octet.getOctets()); DERInteger nextNumber = new DERInteger(currentNumber.getValue().add(BigInteger.ONE)); crlBuilder.addExtension(oid, ext.isCritical(), nextNumber); } else if (oid.equals(X509Extension.authorityKeyIdentifier)) { crlBuilder.addExtension(oid, ext.isCritical(), new AuthorityKeyIdentifierStructure(ext.getValue().getDEREncoded())); } } for (DERSequence entry : newEntries) { // XXX: This is all a bit messy considering the user already passed in the serial, date // and reason. BigInteger serial = ((DERInteger) entry.getObjectAt(0)).getValue(); Date revokeDate = ((Time) entry.getObjectAt(1)).getDate(); int reason = CRLReason.unspecified; if (entry.size() == 3) { X509Extensions extensions = (X509Extensions) entry.getObjectAt(2); X509Extension reasonExt = extensions.getExtension(X509Extension.reasonCode); if (reasonExt != null) { reason = ((DEREnumerated) reasonExt.getParsedValue()).getValue().intValue(); } } crlBuilder.addCRLEntry(serial, revokeDate, reason); } RSAKeyParameters keyParams = new RSAKeyParameters(true, key.getModulus(), key.getPrivateExponent()); signingAlg = oldCrl.toASN1Structure().getSignatureAlgorithm(); digestAlg = new DefaultDigestAlgorithmIdentifierFinder().find(signingAlg); ContentSigner s; try { s = new BcRSAContentSignerBuilder(signingAlg, digestAlg).build(keyParams); X509CRLHolder newCrl = crlBuilder.build(s); out.write(newCrl.getEncoded()); } catch (OperatorCreationException e) { throw new IOException("Could not sign CRL", e); } } finally { IOUtils.closeQuietly(asn1in); } }
From source file:org.italiangrid.voms.asn1.VOMSACUtils.java
License:Apache License
@SuppressWarnings("rawtypes") private static List<String> deserializeACTargets(X509AttributeCertificateHolder ac) { List<String> targets = new ArrayList<String>(); X509Extension targetExtension = ac.getExtension(X509Extension.targetInformation); if (targetExtension == null) return targets; TargetInformation ti = TargetInformation.getInstance((ASN1Sequence) targetExtension.getParsedValue()); // Only one Targets according to RFC 3281 Targets asn1TargetContainer = ti.getTargetsObjects()[0]; // The deserialization has to be done by hand since it seems VOMS // does not correctly encode the ACTargets extension... ASN1Sequence targetSequence = (ASN1Sequence) asn1TargetContainer.getDERObject(); Target[] asn1Targets = new Target[targetSequence.size()]; int count = 0; for (Enumeration e = targetSequence.getObjects(); e.hasMoreElements();) { // There's one sequence more than expected here that makes // the bc constructor fail... ASN1Sequence seq = (ASN1Sequence) e.nextElement(); ASN1TaggedObject val = (ASN1TaggedObject) seq.getObjectAt(0); asn1Targets[count++] = Target.getInstance(val); }//from www . j av a 2s.co m // Extract the actual string for (Target t : asn1Targets) { GeneralName targetURI = t.getTargetName(); if (targetURI.getTagNo() != GeneralName.uniformResourceIdentifier) raiseACNonConformantError("wrong AC target extension encoding. Only URI targets are supported."); String targetString = ((DERIA5String) targetURI.getName()).getString(); targets.add(targetString); } return targets; }
From source file:org.italiangrid.voms.asn1.VOMSACUtils.java
License:Apache License
/** * Deserializes the VOMS generic attributes * /*from w ww. j a v a 2 s.c om*/ * @param ac * the VOMS {@link X509AttributeCertificateHolder} * @return the {@link List} of {@link VOMSGenericAttribute} contained in the * ac */ private static List<VOMSGenericAttribute> deserializeGAs(X509AttributeCertificateHolder ac) { List<VOMSGenericAttribute> gas = new ArrayList<VOMSGenericAttribute>(); X509Extension gasExtension = ac.getExtension(VOMS_GENERIC_ATTRS_OID); if (gasExtension == null) return gas; // SEQUENCE of TagList - contains just one taglist element ASN1Sequence tagContainerSeq = (ASN1Sequence) gasExtension.getParsedValue(); if (tagContainerSeq.size() != 1) raiseACNonConformantError("unsupported generic attributes container format."); // TagList - this also should be a sigle element sequence ASN1Sequence tagListSeq = (ASN1Sequence) tagContainerSeq.getObjectAt(0); if (tagListSeq.size() > 1) raiseACNonConformantError("unsupported taglist format."); // This TagList sequence is empty, gLite 3.2 VOMS versions had a bug // that added the extension even there were no attributes encoded... if (tagListSeq.size() == 0) return gas; // Down one level tagListSeq = (ASN1Sequence) tagListSeq.getObjectAt(0); // TODO: check policyAuthority!! // GeneralNames policyAuthority = // GeneralNames.getInstance(tagListSeq.getObjectAt(0)); // tags SEQUENCE OF Tag ASN1Sequence tags = (ASN1Sequence) tagListSeq.getObjectAt(1); @SuppressWarnings("unchecked") Enumeration<ASN1Sequence> e = tags.getObjects(); while (e.hasMoreElements()) { ASN1Sequence theActualTag = e.nextElement(); if (theActualTag.size() != 3) raiseACNonConformantError("unsupported tag format."); VOMSGenericAttributeImpl attribute = new VOMSGenericAttributeImpl(); attribute.setName(new String(DEROctetString.getInstance(theActualTag.getObjectAt(0)).getOctets())); attribute.setValue(new String(DEROctetString.getInstance(theActualTag.getObjectAt(1)).getOctets())); attribute.setContext(new String(DEROctetString.getInstance(theActualTag.getObjectAt(2)).getOctets())); gas.add(attribute); } return gas; }
From source file:org.italiangrid.voms.asn1.VOMSACUtils.java
License:Apache License
/** * Deserializes the VOMS ACCerts extension * /* ww w . j ava 2s . co m*/ * @param ac * the VOMS {@link X509AttributeCertificateHolder} * @return the parsed array of {@link X509Certificate} */ private static X509Certificate[] deserializeACCerts(X509AttributeCertificateHolder ac) { List<X509Certificate> certs = new ArrayList<X509Certificate>(); X509Extension e = ac.getExtension(VOMS_CERTS_OID); if (e == null) return null; ASN1Sequence certSeq = (ASN1Sequence) e.getParsedValue(); if (certSeq.size() != 1) raiseACNonConformantError("unsupported accerts format."); // Down one level certSeq = (ASN1Sequence) certSeq.getObjectAt(0); @SuppressWarnings("unchecked") Enumeration<DERSequence> encodedCerts = certSeq.getObjects(); CertificateFactory cf = null; try { cf = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME); } catch (Exception ex) { throw new VOMSError("Certificate factory creation error: " + ex.getMessage(), ex); } while (encodedCerts.hasMoreElements()) { DERSequence s = encodedCerts.nextElement(); X509CertificateObject certObj = null; byte[] certData = null; X509Certificate theCert = null; try { certObj = new X509CertificateObject( X509CertificateStructure.getInstance(ASN1Sequence.getInstance(s))); certData = certObj.getEncoded(); theCert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(certData)); } catch (CertificateParsingException ex) { throw new VOMSError("Certificate parsing error: " + ex.getMessage(), ex); } catch (CertificateEncodingException ex) { throw new VOMSError("Certificate encoding error: " + ex.getMessage(), ex); } catch (CertificateException ex) { throw new VOMSError("Error generating certificate from parsed data: " + ex.getMessage(), ex); } certs.add(theCert); } return certs.toArray(new X509Certificate[certs.size()]); }