List of usage examples for org.bouncycastle.asn1 ASN1Sequence getObjectAt
public ASN1Encodable getObjectAt(int index)
From source file:org.glite.voms.contact.X509NameHelper.java
License:Apache License
private static String toString(ASN1Sequence seq) { if (seq == null) { return null; }/* w ww. j a va2 s. c o m*/ Enumeration e = seq.getObjects(); StringBuffer buf = new StringBuffer(); while (e.hasMoreElements()) { ASN1Set set = (ASN1Set) e.nextElement(); Enumeration ee = set.getObjects(); buf.append('/'); while (ee.hasMoreElements()) { ASN1Sequence s = (ASN1Sequence) ee.nextElement(); DERObjectIdentifier oid = (DERObjectIdentifier) s.getObjectAt(0); String sym = (String) X509Name.OIDLookUp.get(oid); if (sym == null) { buf.append(oid.getId()); } else { buf.append(sym); } buf.append('='); buf.append(((ASN1String) s.getObjectAt(1)).getString()); if (ee.hasMoreElements()) { buf.append('+'); } } } return buf.toString(); }
From source file:org.glite.voms.PKIUtils.java
License:Open Source License
static private BigInteger getAuthorityCertificateSerialNumber(AuthorityKeyIdentifier akid) { ASN1Primitive obj = akid.toASN1Primitive(); ASN1Sequence seq = ASN1Sequence.getInstance(obj); for (int i = 0; i < seq.size(); i++) { ASN1Primitive o = (ASN1Primitive) seq.getObjectAt(i); if ((o instanceof ASN1TaggedObject) && (((ASN1TaggedObject) o).getTagNo() == 2)) { ASN1Primitive realObject = ((ASN1TaggedObject) o).getObject(); if (realObject instanceof DERInteger) { return ((DERInteger) realObject).getValue(); }//from w w w .ja va 2s .c o m } } return null; }
From source file:org.glite.voms.PKIUtils.java
License:Open Source License
static private GeneralNames getAuthorityCertIssuer(AuthorityKeyIdentifier akid) { ASN1Primitive obj = akid.toASN1Primitive(); ASN1Sequence seq = ASN1Sequence.getInstance(obj); for (int i = 0; i < seq.size(); i++) { ASN1Primitive o = (ASN1Primitive) seq.getObjectAt(i); if ((o instanceof ASN1TaggedObject) && (((ASN1TaggedObject) o).getTagNo() == 1)) { return GeneralNames.getInstance(((DERTaggedObject) o), false); // DERObject realObject = ((ASN1TaggedObject)o).getObject(); // if (realObject instanceof GeneralNames) { // return ((GeneralNames)realObject); // } }/* w ww .j a v a 2s. c o m*/ } return null; }
From source file:org.glite.voms.PKIUtils.java
License:Open Source License
static private GeneralName[] getNames(GeneralNames gns) { ASN1Primitive obj = gns.toASN1Primitive(); Vector v = new Vector(); ASN1Sequence seq = (ASN1Sequence) obj; int size = seq.size(); // System.out.println("Size = " + size); for (int i = 0; i < size; i++) { // System.out.println("Adding element:"); // System.out.println("Class is: " + ((DERTaggedObject)seq.getObjectAt(i)).getObject().getClass()); // ASN1Sequence dseq = (ASN1Sequence)((DERTaggedObject)seq.getObjectAt(i)).getObject(); // int size2 = dseq.size(); // for (int j = 0; j < size; j++) { // System.out.println("2Adding element:"); // System.out.println("2Class is: " + dseq.getObjectAt(j)); // System.out.println("Class is: " + ((DERTaggedObject)dseq.getObjectAt(j)).getObject().getClass()); // // ASN1Sequence dseq = (ASN1Sequence)((DERTaggedObject)seq.getObjectAt(i)).getObject(); // // int size2 = dseq.size(); v.add(GeneralName.getInstance(seq.getObjectAt(i))); // } }/* w w w .j a v a 2 s.c o m*/ return (GeneralName[]) v.toArray(new GeneralName[0]); }
From source file:org.globus.gsi.bc.BouncyCastleUtil.java
License:Apache License
/** * Returns certificate type of the given TBS certificate. <BR> * The certificate type is {@link GSIConstants#CA GSIConstants.CA} * <B>only</B> if the certificate contains a * BasicConstraints extension and it is marked as CA.<BR> * A certificate is a GSI-2 proxy when the subject DN of the certificate * ends with <I>"CN=proxy"</I> (certificate type {@link * GSIConstants#GSI_2_PROXY GSIConstants.GSI_2_PROXY}) or * <I>"CN=limited proxy"</I> (certificate type {@link * GSIConstants#GSI_2_LIMITED_PROXY GSIConstants.LIMITED_PROXY}) component * and the issuer DN of the certificate matches the subject DN without * the last proxy <I>CN</I> component.<BR> * A certificate is a GSI-3 proxy when the subject DN of the certificate * ends with a <I>CN</I> component, the issuer DN of the certificate * matches the subject DN without the last <I>CN</I> component and * the certificate contains {@link ProxyCertInfo ProxyCertInfo} critical * extension.//from ww w .j av a 2s .c o m * The certificate type is {@link GSIConstants#GSI_3_IMPERSONATION_PROXY * GSIConstants.GSI_3_IMPERSONATION_PROXY} if the policy language of * the {@link ProxyCertInfo ProxyCertInfo} extension is set to * {@link ProxyPolicy#IMPERSONATION ProxyPolicy.IMPERSONATION} OID. * The certificate type is {@link GSIConstants#GSI_3_LIMITED_PROXY * GSIConstants.GSI_3_LIMITED_PROXY} if the policy language of * the {@link ProxyCertInfo ProxyCertInfo} extension is set to * {@link ProxyPolicy#LIMITED ProxyPolicy.LIMITED} OID. * The certificate type is {@link GSIConstants#GSI_3_INDEPENDENT_PROXY * GSIConstants.GSI_3_INDEPENDENT_PROXY} if the policy language of * the {@link ProxyCertInfo ProxyCertInfo} extension is set to * {@link ProxyPolicy#INDEPENDENT ProxyPolicy.INDEPENDENT} OID. * The certificate type is {@link GSIConstants#GSI_3_RESTRICTED_PROXY * GSIConstants.GSI_3_RESTRICTED_PROXY} if the policy language of * the {@link ProxyCertInfo ProxyCertInfo} extension is set to * any other OID then the above.<BR> * The certificate type is {@link GSIConstants#EEC GSIConstants.EEC} * if the certificate is not a CA certificate or a GSI-2 or GSI-3 proxy. * * @param crt the TBS certificate to get the type of. * @return the certificate type. The certificate type is determined * by rules described above. * @exception IOException if something goes wrong. * @exception CertificateException for proxy certificates, if * the issuer DN of the certificate does not match * the subject DN of the certificate without the * last <I>CN</I> component. Also, for GSI-3 proxies * when the <code>ProxyCertInfo</code> extension is * not marked as critical. */ private static GSIConstants.CertificateType getCertificateType(TBSCertificateStructure crt) throws CertificateException, IOException { X509Extensions extensions = crt.getExtensions(); X509Extension ext = null; if (extensions != null) { ext = extensions.getExtension(X509Extension.basicConstraints); if (ext != null) { BasicConstraints basicExt = BasicConstraints.getInstance(ext); if (basicExt.isCA()) { return GSIConstants.CertificateType.CA; } } } GSIConstants.CertificateType type = GSIConstants.CertificateType.EEC; // does not handle multiple AVAs X500Name subject = crt.getSubject(); ASN1Set entry = X509NameHelper.getLastNameEntry(subject); ASN1Sequence ava = (ASN1Sequence) entry.getObjectAt(0); if (BCStyle.CN.equals(ava.getObjectAt(0))) { String value = ((ASN1String) ava.getObjectAt(1)).getString(); if (value.equalsIgnoreCase("proxy")) { type = GSIConstants.CertificateType.GSI_2_PROXY; } else if (value.equalsIgnoreCase("limited proxy")) { type = GSIConstants.CertificateType.GSI_2_LIMITED_PROXY; } else if (extensions != null) { boolean gsi4 = true; // GSI_4 ext = extensions.getExtension(ProxyCertInfo.OID); if (ext == null) { // GSI_3 ext = extensions.getExtension(ProxyCertInfo.OLD_OID); gsi4 = false; } if (ext != null) { if (ext.isCritical()) { ProxyCertInfo proxyCertExt = getProxyCertInfo(ext); ProxyPolicy proxyPolicy = proxyCertExt.getProxyPolicy(); ASN1ObjectIdentifier oid = proxyPolicy.getPolicyLanguage(); if (ProxyPolicy.IMPERSONATION.equals(oid)) { if (gsi4) { type = GSIConstants.CertificateType.GSI_4_IMPERSONATION_PROXY; } else { type = GSIConstants.CertificateType.GSI_3_IMPERSONATION_PROXY; } } else if (ProxyPolicy.INDEPENDENT.equals(oid)) { if (gsi4) { type = GSIConstants.CertificateType.GSI_4_INDEPENDENT_PROXY; } else { type = GSIConstants.CertificateType.GSI_3_INDEPENDENT_PROXY; } } else if (ProxyPolicy.LIMITED.equals(oid)) { if (gsi4) { type = GSIConstants.CertificateType.GSI_4_LIMITED_PROXY; } else { type = GSIConstants.CertificateType.GSI_3_LIMITED_PROXY; } } else { if (gsi4) { type = GSIConstants.CertificateType.GSI_4_RESTRICTED_PROXY; } else { type = GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY; } } } else { String err = i18n.getMessage("proxyCertCritical"); throw new CertificateException(err); } } } if (ProxyCertificateUtil.isProxy(type)) { X509NameHelper iss = new X509NameHelper(crt.getIssuer()); iss.add((ASN1Set) BouncyCastleUtil.duplicate(entry)); X509Name issuer = iss.getAsName(); if (!issuer.equals(X509Name.getInstance(subject))) { String err = i18n.getMessage("proxyDNErr"); throw new CertificateException(err); } } } return type; }
From source file:org.globus.gsi.bc.X500NameHelper.java
License:Apache License
/** * Gets the last name component from the {@link X500Name X500Name} name. * * @return the last name component. Null if there is none. * @throws IOException /*from w ww. j a v a 2s. c o m*/ */ public static ASN1Set getLastNameEntry(X500Name name) throws IOException { ASN1Sequence seq = (ASN1Sequence) ASN1Sequence.fromByteArray(name.getEncoded()); int size = seq.size(); return (size > 0) ? (ASN1Set) seq.getObjectAt(size - 1) : null; }
From source file:org.globus.gsi.bc.X509NameHelper.java
License:Apache License
private static String toString(ASN1Sequence seq) { if (seq == null) { return null; }/*from ww w . jav a 2s . c om*/ Enumeration e = seq.getObjects(); StringBuffer buf = new StringBuffer(); while (e.hasMoreElements()) { ASN1Set set = (ASN1Set) e.nextElement(); Enumeration ee = set.getObjects(); buf.append('/'); while (ee.hasMoreElements()) { ASN1Sequence s = (ASN1Sequence) ee.nextElement(); ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) s.getObjectAt(0); String sym = (String) X509Name.DefaultSymbols.get(oid); if (sym == null) { buf.append(oid.getId()); } else { buf.append(sym); } buf.append('='); buf.append(((ASN1String) s.getObjectAt(1)).getString()); if (ee.hasMoreElements()) { buf.append('+'); } } } return buf.toString(); }
From source file:org.globus.gsi.proxy.ext.ProxyCertInfo.java
License:Apache License
/** * Creates a new instance of the ProxyCertInfo extension from given ASN1Sequence object. * * @param seq ASN1Sequence object to create the instance from. *///from ww w. j a v a 2 s . c o m public ProxyCertInfo(ASN1Sequence seq) { if (seq.size() < 1) { throw new IllegalArgumentException(); } int seqPos = 0; if (seq.getObjectAt(seqPos) instanceof DERInteger) { this.pathLenConstraint = (DERInteger) seq.getObjectAt(seqPos); seqPos++; } ASN1Sequence policy = (ASN1Sequence) seq.getObjectAt(seqPos); this.proxyPolicy = new ProxyPolicy(policy); }
From source file:org.globus.gsi.proxy.ext.ProxyPolicy.java
License:Apache License
/** * Creates a new instance of the ProxyPolicy object from given ASN1Sequence object. * * @param seq ASN1Sequence object to create the instance from. *///www . ja v a2s . co m public ProxyPolicy(ASN1Sequence seq) { if (seq.size() < 1) { throw new IllegalArgumentException(); } this.policyLanguage = (ASN1ObjectIdentifier) seq.getObjectAt(0); if (seq.size() > 1) { ASN1Encodable obj = seq.getObjectAt(1); if (obj instanceof DERTaggedObject) { obj = ((DERTaggedObject) obj).getObject(); } this.policy = (DEROctetString) obj; } checkConstraints(); }
From source file:org.globus.gsi.util.CertificateUtil.java
License:Apache License
/** * Returns certificate type of the given TBS certificate. <BR> The * certificate type is {@link org.globus.gsi.GSIConstants.CertificateType#CA * GSIConstants.CertificateType.CA} <B>only</B> if the certificate contains a * BasicConstraints extension and it is marked as CA.<BR> A certificate is a * GSI-2 proxy when the subject DN of the certificate ends with * <I>"CN=proxy"</I> (certificate type {@link org.globus.gsi.GSIConstants.CertificateType#GSI_2_PROXY * GSIConstants.CertificateType.GSI_2_PROXY}) or <I>"CN=limited proxy"</I> (certificate * type {@link org.globus.gsi.GSIConstants.CertificateType#GSI_2_LIMITED_PROXY * GSIConstants.CertificateType.LIMITED_PROXY}) component and the issuer DN of the * certificate matches the subject DN without the last proxy <I>CN</I> * component.<BR> A certificate is a GSI-3 proxy when the subject DN of the * certificate ends with a <I>CN</I> component, the issuer DN of the * certificate matches the subject DN without the last <I>CN</I> component * and the certificate contains {@link ProxyCertInfo * ProxyCertInfo} critical extension. The certificate type is {@link * org.globus.gsi.GSIConstants.CertificateType#GSI_3_IMPERSONATION_PROXY * GSIConstants.CertificateType.GSI_3_IMPERSONATION_PROXY} if the policy language of the * {@link ProxyCertInfo ProxyCertInfo}/*from w ww . j a v a 2 s .c o m*/ * extension is set to {@link ProxyPolicy#IMPERSONATION * ProxyPolicy.IMPERSONATION} OID. The certificate type is {@link * org.globus.gsi.GSIConstants.CertificateType#GSI_3_LIMITED_PROXY * GSIConstants.CertificateType.GSI_3_LIMITED_PROXY} if the policy language of the {@link * ProxyCertInfo ProxyCertInfo} extension * is set to {@link ProxyPolicy#LIMITED * ProxyPolicy.LIMITED} OID. The certificate type is {@link * org.globus.gsi.GSIConstants.CertificateType#GSI_3_INDEPENDENT_PROXY * GSIConstants.CertificateType.GSI_3_INDEPENDENT_PROXY} if the policy language of the * {@link ProxyCertInfo ProxyCertInfo} * extension is set to {@link ProxyPolicy#INDEPENDENT * ProxyPolicy.INDEPENDENT} OID. The certificate type is {@link * org.globus.gsi.GSIConstants.CertificateType#GSI_3_RESTRICTED_PROXY * GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY} if the policy language of the * {@link ProxyCertInfo ProxyCertInfo} * extension is set to any other OID then the above.<BR> The certificate * type is {@link org.globus.gsi.GSIConstants.CertificateType#EEC * GSIConstants.CertificateType.EEC} if the certificate is not a CA certificate or a * GSI-2 or GSI-3 proxy. * * @param crt the TBS certificate to get the type of. * @return the certificate type. The certificate type is determined by rules * described above. * @throws java.io.IOException if something goes wrong. * @throws java.security.cert.CertificateException * for proxy certificates, if the issuer DN of * the certificate does not match the subject DN * of the certificate without the last <I>CN</I> * component. Also, for GSI-3 proxies when the * <code>ProxyCertInfo</code> extension is not * marked as critical. */ public static GSIConstants.CertificateType getCertificateType(TBSCertificateStructure crt) throws CertificateException, IOException { X509Extensions extensions = crt.getExtensions(); X509Extension ext = null; if (extensions != null) { ext = extensions.getExtension(X509Extension.basicConstraints); if (ext != null) { BasicConstraints basicExt = getBasicConstraints(ext); if (basicExt.isCA()) { return GSIConstants.CertificateType.CA; } } } GSIConstants.CertificateType type = GSIConstants.CertificateType.EEC; // does not handle multiple AVAs X500Name subject = crt.getSubject(); ASN1Set entry = X509NameHelper.getLastNameEntry(subject); ASN1Sequence ava = (ASN1Sequence) entry.getObjectAt(0); if (BCStyle.CN.equals(ava.getObjectAt(0))) { type = processCN(extensions, type, ava); } return type; }