Java Code Examples for org.bouncycastle.asn1.ASN1ObjectIdentifier#equals()

private static ECPrivateKey toJcaPrivateKey(org.bouncycastle.asn1.sec.ECPrivateKey ecPrivateKey)
        throws GeneralSecurityException {
    String curveName = null;
    ASN1ObjectIdentifier curveId = (ASN1ObjectIdentifier) ecPrivateKey.getParameters();
    if (curveId.equals(secp224r1_OID)) {
        curveName = "secp224r1";
    } else if (curveId.equals(prime256v1_OID)) {
        curveName = "prime256v1";
    } else if (curveId.equals(secp384r1_OID)) {
        curveName = "secp384r1";
    } else if (curveId.equals(secp521r1_OID)) {
        curveName = "secp521r1";
    } else {
        throw new IllegalStateException("Unknown curve OID: " + curveId);
    }

    ECNamedCurveParameterSpec sp = ECNamedCurveTable.getParameterSpec(curveName);
    ECParameterSpec params = new ECNamedCurveSpec(sp.getName(), sp.getCurve(), sp.getG(),
            sp.getN(), sp.getH());

    ECPrivateKeySpec pkSpec = new ECPrivateKeySpec(ecPrivateKey.getKey(), params);
    KeyFactory kf = KeyFactory.getInstance("EC");
    ECPrivateKey privateKey = (ECPrivateKey) kf.generatePrivate(pkSpec);

    return privateKey;
}
 

private static void populateTextField(Attribute[] attrs, JTextField textField, ASN1ObjectIdentifier pkcs9Attr) {
	if (attrs != null) {
		for (Attribute attribute : attrs) {

			ASN1ObjectIdentifier attributeOid = attribute.getAttrType();

			if (attributeOid.equals(pkcs9Attr)) {
				ASN1Encodable challenge = attribute.getAttributeValues()[0];

				// data type can be one of IA5String or UTF8String
				if (challenge instanceof DERPrintableString) {
					textField.setText(((DERPrintableString) challenge).getString());
				} else if (challenge instanceof DERUTF8String) {
					textField.setText(((DERUTF8String) challenge).getString());
				}
				textField.setCaretPosition(0);
			}
		}
	}
}
 

private void populate(PolicyQualifierInfo policyQualifierInfo) throws IOException {
	if (policyQualifierInfo == null) {
		jrbCps.setSelected(true);
	} else {
		ASN1ObjectIdentifier policyQualifierId = policyQualifierInfo.getPolicyQualifierId();

		if (policyQualifierId.equals(new ASN1ObjectIdentifier(PKIX_CPS_POINTER_QUALIFIER.oid()))) {
			jrbCps.setSelected(true);
			jtfCps.setText(((DERIA5String) policyQualifierInfo.getQualifier()).getString());
			jtfCps.setCaretPosition(0);
		} else if (policyQualifierId.equals(new ASN1ObjectIdentifier(PKIX_USER_NOTICE_QUALIFIER.oid()))) {
			jrbUserNotice.setSelected(true);

			ASN1Encodable userNoticeObj = policyQualifierInfo.getQualifier();

			UserNotice userNotice = UserNotice.getInstance(userNoticeObj);

			junUserNotice.setUserNotice(userNotice);
		} else {
			jrbCps.setSelected(true);
		}
	}
}
 

/**
 * fix for certId.equals methods that doesn't work very well.
 *
 * @param certId
 *            {@code CertificateID}
 * @param singleResp
 *            {@code SingleResp}
 * @return true if the certificate matches this included in
 *         {@code SingleResp}
 */
public static boolean matches(final CertificateID certId, final SingleResp singleResp) {

	final CertificateID singleRespCertID = singleResp.getCertID();
	final ASN1ObjectIdentifier singleRespCertIDHashAlgOID = singleRespCertID.getHashAlgOID();
	final byte[] singleRespCertIDIssuerKeyHash = singleRespCertID.getIssuerKeyHash();
	final byte[] singleRespCertIDIssuerNameHash = singleRespCertID.getIssuerNameHash();
	final BigInteger singleRespCertIDSerialNumber = singleRespCertID.getSerialNumber();

	final ASN1ObjectIdentifier certIdHashAlgOID = certId.getHashAlgOID();
	final byte[] certIdIssuerKeyHash = certId.getIssuerKeyHash();
	final byte[] certIdIssuerNameHash = certId.getIssuerNameHash();
	final BigInteger certIdSerialNumber = certId.getSerialNumber();

	// certId.equals fails in comparing the algoIdentifier because
	// AlgoIdentifier params in null in one case and DERNull in another case
	return singleRespCertIDHashAlgOID.equals(certIdHashAlgOID) && Arrays.equals(singleRespCertIDIssuerKeyHash, certIdIssuerKeyHash)
			&& Arrays.equals(singleRespCertIDIssuerNameHash, certIdIssuerNameHash) && singleRespCertIDSerialNumber.equals(certIdSerialNumber);
}
 

public ConcurrentContentSigner createSigner(AlgorithmIdentifier signatureAlgId,
    int parallelism, SecureRandom random) throws XiSecurityException {
  Args.notNull(signatureAlgId, "signatureAlgId");
  Args.positive(parallelism, "parallelism");

  List<XiContentSigner> signers = new ArrayList<>(parallelism);

  boolean gmac = false;
  ASN1ObjectIdentifier oid = signatureAlgId.getAlgorithm();
  if (oid.equals(NISTObjectIdentifiers.id_aes128_GCM)
      || oid.equals(NISTObjectIdentifiers.id_aes192_GCM)
      || oid.equals(NISTObjectIdentifiers.id_aes256_GCM)) {
    gmac = true;
  }

  for (int i = 0; i < parallelism; i++) {
    XiContentSigner signer;
    if (gmac) {
      signer = new AESGmacContentSigner(oid, key);
    } else {
      signer = new HmacContentSigner(signatureAlgId, key);
    }
    signers.add(signer);
  }

  final boolean mac = true;
  DfltConcurrentContentSigner concurrentSigner;
  try {
    concurrentSigner = new DfltConcurrentContentSigner(mac, signers, key);
  } catch (NoSuchAlgorithmException ex) {
    throw new XiSecurityException(ex.getMessage(), ex);
  }
  concurrentSigner.setSha1DigestOfMacKey(HashAlgo.SHA1.hash(key.getEncoded()));

  return concurrentSigner;
}
 

public boolean isPbmMacPermitted(AlgorithmIdentifier pbmMac) {
  ASN1ObjectIdentifier macOid = pbmMac.getAlgorithm();
  for (ASN1ObjectIdentifier oid : macAlgos) {
    if (oid.equals(macOid)) {
      return true;
    }
  }
  return false;
}
 

public boolean isPbmOwfPermitted(AlgorithmIdentifier pbmOwf) {
  ASN1ObjectIdentifier owfOid = pbmOwf.getAlgorithm();
  for (ASN1ObjectIdentifier oid : owfAlgos) {
    if (oid.equals(owfOid)) {
      return true;
    }
  }
  return false;
}
 

private void checkExtnValidityModel(StringBuilder failureMsg, byte[] extensionValue,
    Extensions requestedExtns, ExtensionControl extControl) {
  ASN1ObjectIdentifier conf = validityModelId;
  if (conf == null) {
    checkConstantExtnValue(Extn.id_extension_validityModel,
        failureMsg, extensionValue, requestedExtns, extControl);
  } else {
    ASN1Sequence seq = ASN1Sequence.getInstance(extensionValue);
    ASN1ObjectIdentifier extValue = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0));
    if (!conf.equals(extValue)) {
      addViolation(failureMsg, "content", extValue, conf);
    }
  }
}
 

public boolean isRequestPbmMacPermitted(AlgorithmIdentifier pbmMac) {
  ASN1ObjectIdentifier macOid = pbmMac.getAlgorithm();
  for (ASN1ObjectIdentifier oid : requestPbmMacs) {
    if (oid.equals(macOid)) {
      return true;
    }
  }
  return false;
}
 

public boolean isRequestPbmOwfPermitted(AlgorithmIdentifier pbmOwf) {
  ASN1ObjectIdentifier owfOid = pbmOwf.getAlgorithm();
  for (ASN1ObjectIdentifier oid : requestPbmOwfs) {
    if (oid.equals(owfOid)) {
      return true;
    }
  }
  return false;
}
 

public static ASN1Set getPkcs9ExtRequest(PKCS10CertificationRequest csr)
    throws CertificateException {
  for (Attribute attr : csr.getAttributes()) {
    ASN1ObjectIdentifier oid = attr.getAttrType();
    if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
      return attr.getAttrValues();
    }
  }
  throw new CertificateException("No PKCS#9 extension found in CSR");
}
 

private int countInSet(ASN1ObjectIdentifier oid, ASN1Set set) {
	int counter = 0;
	if (set != null) {
		for (int i = 0; i < set.size(); i++) {
			ASN1Sequence attrSeq = ASN1Sequence.getInstance(set.getObjectAt(i));
			ASN1ObjectIdentifier attrOid = ASN1ObjectIdentifier.getInstance(attrSeq.getObjectAt(0));
			if (oid.equals(attrOid)) {
				counter++;
			}
		}
	}
	return counter;
}
 

private void selectCustomExtKeyUsageInTable(ASN1ObjectIdentifier objectId) {
	for (int i = 0; i < jtCustomExtKeyUsages.getRowCount(); i++) {
		if (objectId.equals(jtCustomExtKeyUsages.getValueAt(i, 0))) {
			jtCustomExtKeyUsages.changeSelection(i, 0, false, false);
			return;
		}
	}
}
 

public static PublicKey fromString(String keyString) {
    SubjectPublicKeyInfo pubKeyInfo;

    try {
        byte[] keyBytes = Hex.decode(keyString);

        // it could be a hex-encoded raw public key or a DER-encoded public key
        if (keyBytes.length == Ed25519.PUBLIC_KEY_SIZE) {
            return Ed25519PublicKey.fromBytes(keyBytes);
        }

        pubKeyInfo = SubjectPublicKeyInfo.getInstance(keyBytes);
    } catch (Exception e) {
        throw new IllegalArgumentException("Failed to parse public key", e);
    }

    ASN1ObjectIdentifier algId = pubKeyInfo.getAlgorithm()
        .getAlgorithm();

    if (algId.equals(EdECObjectIdentifiers.id_Ed25519)) {
        return Ed25519PublicKey.fromBytes(
            pubKeyInfo.getPublicKeyData()
                .getBytes());
    } else {
        throw new IllegalArgumentException("Unsupported public key type: " + algId.toString());
    }
}
 

private String certificateProperty(final ASN1ObjectIdentifier objectIdentifier) {

        try {
            final X509Certificate cert = (X509Certificate) certificate();

            //x500 name values may be here or in extension
            final String subjectProperty = subjectProperty(objectIdentifier, cert);

            if (subjectProperty != null) {
                return subjectProperty;
            }

            if (objectIdentifier.equals(BCStyle.SN)) {
                return cert.getSerialNumber().toString();
            }

            //x500 name values may be here or in subject
            final Extension extension = new JcaX509CertificateHolder(cert).getExtension(objectIdentifier);
            if (extension == null) {
                return null;
            }
            return extension.getParsedValue().toString();

        } catch (final Exception e) {
            throw new PropertyNotFoundException("Not able to get property from certificate", e);
        }
    }
 

private X509CRLHolder evaluateCrlResponse(VerifiedPkiMessage response, Integer xipkiAction)
    throws CmpClientException, PkiErrorException {
  checkProtection(Args.notNull(response, "response"));

  PKIBody respBody = response.getPkiMessage().getBody();
  int bodyType = respBody.getType();

  if (PKIBody.TYPE_ERROR == bodyType) {
    ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent());
    throw new PkiErrorException(content.getPKIStatusInfo());
  } else if (PKIBody.TYPE_GEN_REP != bodyType) {
    throw new CmpClientException(String.format(
        "unknown PKI body type %s instead the expected [%s, %s]",
        bodyType, PKIBody.TYPE_GEN_REP, PKIBody.TYPE_ERROR));
  }

  ASN1ObjectIdentifier expectedType = (xipkiAction == null)
      ? CMPObjectIdentifiers.it_currentCRL : ObjectIdentifiers.Xipki.id_xipki_cmp_cmpGenmsg;

  GenRepContent genRep = GenRepContent.getInstance(respBody.getContent());

  InfoTypeAndValue[] itvs = genRep.toInfoTypeAndValueArray();
  InfoTypeAndValue itv = null;
  if (itvs != null && itvs.length > 0) {
    for (InfoTypeAndValue m : itvs) {
      if (expectedType.equals(m.getInfoType())) {
        itv = m;
        break;
      }
    }
  }

  if (itv == null) {
    throw new CmpClientException("the response does not contain InfoTypeAndValue "
        + expectedType);
  }

  ASN1Encodable certListAsn1Object = (xipkiAction == null) ? itv.getInfoValue()
      : extractXiActionContent(itv.getInfoValue(), xipkiAction);

  CertificateList certList = CertificateList.getInstance(certListAsn1Object);
  return new X509CRLHolder(certList);
}
 

private ValidationIssue checkSubjectAttributeMultiValued(ASN1ObjectIdentifier type,
    X500Name subject, X500Name requestedSubject) throws BadCertTemplateException {
  ValidationIssue issue = createSubjectIssue(type);

  RDN[] rdns = subject.getRDNs(type);
  int rdnsSize = (rdns == null) ? 0 : rdns.length;

  RDN[] requestedRdns = requestedSubject.getRDNs(type);

  if (rdnsSize != 1) {
    if (rdnsSize == 0) {
      // check optional attribute but is present in requestedSubject
      if (requestedRdns != null && requestedRdns.length > 0) {
        issue.setFailureMessage("is absent but expected present");
      }
    } else {
      issue.setFailureMessage("number of RDNs '" + rdnsSize + "' is not 1");
    }
    return issue;
  }

  // control
  final RdnControl rdnControl = subjectControl.getControl(type);

  // check the encoding
  StringType stringType = null;
  if (rdnControl != null) {
    stringType = rdnControl.getStringType();
  }
  List<String> requestedCoreAtvTextValues = new LinkedList<>();
  if (requestedRdns != null) {
    for (RDN requestedRdn : requestedRdns) {
      String textValue = getRdnTextValueOfRequest(requestedRdn);
      requestedCoreAtvTextValues.add(textValue);
    }
  }

  if (rdns == null) { // return always false, only to make the null checker happy
    return issue;
  }

  StringBuilder failureMsg = new StringBuilder();

  AttributeTypeAndValue[] li = rdns[0].getTypesAndValues();
  List<AttributeTypeAndValue> atvs = new LinkedList<>();
  for (AttributeTypeAndValue m : li) {
    if (type.equals(m.getType())) {
      atvs.add(m);
    }
  }

  final int atvsSize = atvs.size();

  int minOccurs = (rdnControl == null) ? 0 : rdnControl.getMinOccurs();
  int maxOccurs = (rdnControl == null) ? 0 : rdnControl.getMaxOccurs();

  if (atvsSize < minOccurs || atvsSize > maxOccurs) {
    issue.setFailureMessage("number of AttributeTypeAndValuess '" + atvsSize
        + "' is not within [" + minOccurs + ", " + maxOccurs + "]");
    return issue;
  }

  for (int i = 0; i < atvsSize; i++) {
    AttributeTypeAndValue atv = atvs.get(i);
    String atvTextValue = getAtvValueString("AttributeTypeAndValue[" + i + "]", atv,
        stringType, failureMsg);
    if (atvTextValue == null) {
      continue;
    }

    checkAttributeTypeAndValue("AttributeTypeAndValue[" + i + "]", type, atvTextValue,
        rdnControl, requestedCoreAtvTextValues, i, failureMsg);
  }

  int len = failureMsg.length();
  if (len > 2) {
    failureMsg.delete(len - 2, len);
    issue.setFailureMessage(failureMsg.toString());
  }

  return issue;
}
 

private void checkAttributeTypeAndValue(String name, ASN1ObjectIdentifier type,
    String atvTextValue, RdnControl rdnControl, List<String> requestedCoreAtvTextValues,
    int index, StringBuilder failureMsg) throws BadCertTemplateException {
  if (atvTextValue != null && ObjectIdentifiers.DN.emailAddress.equals(type)) {
    atvTextValue = atvTextValue.toLowerCase();
  }

  if (ObjectIdentifiers.DN.dateOfBirth.equals(type)) {
    if (!TextVadidator.DATE_OF_BIRTH.isValid(atvTextValue)) {
      throw new BadCertTemplateException(
          "Value of RDN dateOfBirth does not have format YYYMMDD000000Z");
    }
  } else if (rdnControl != null) {
    String prefix = rdnControl.getPrefix();
    if (prefix != null) {
      if (!atvTextValue.startsWith(prefix)) {
        failureMsg.append(name).append(" '").append(atvTextValue)
          .append("' does not start with prefix '").append(prefix).append("'; ");
        return;
      } else {
        atvTextValue = atvTextValue.substring(prefix.length());
      }
    }

    String suffix = rdnControl.getSuffix();
    if (suffix != null) {
      if (!atvTextValue.endsWith(suffix)) {
        failureMsg.append(name).append(" '").append(atvTextValue)
          .append("' does not end with suffix '").append(suffix).append("'; ");
        return;
      } else {
        atvTextValue = atvTextValue.substring(0,
            atvTextValue.length() - suffix.length());
      }
    }

    TextVadidator pattern = rdnControl.getPattern();
    if (pattern != null) {
      boolean matches = pattern.isValid(atvTextValue);
      if (!matches) {
        failureMsg.append(name).append(" '").append(atvTextValue)
          .append("' is not valid against regex '").append(pattern.pattern()).append("'; ");
        return;
      }
    }
  }

  if (CollectionUtil.isEmpty(requestedCoreAtvTextValues)) {
    if (!type.equals(ObjectIdentifiers.DN.serialNumber)) {
      failureMsg.append("is present but not contained in the request; ");
    }
  } else {
    String requestedCoreAtvTextValue = requestedCoreAtvTextValues.get(index);
    if (!type.equals(ObjectIdentifiers.DN.serialNumber)) {
      if (requestedCoreAtvTextValue != null && type.equals(ObjectIdentifiers.DN.emailAddress)) {
        requestedCoreAtvTextValue = requestedCoreAtvTextValue.toLowerCase();
      }

      if (!atvTextValue.equals(requestedCoreAtvTextValue)) {
        failureMsg.append("content '").append(atvTextValue)
          .append("' but expected '").append(requestedCoreAtvTextValue).append("'; ");
      }
    }
  }
}
 

private void checkExtnSubjectInfoAccess(StringBuilder failureMsg, byte[] extensionValue,
    Extensions requestedExtns, ExtensionControl extControl) {
  Map<ASN1ObjectIdentifier, Set<GeneralNameMode>> conf =
      certprofile.getSubjectInfoAccessModes();
  if (conf == null) {
    failureMsg.append("extension is present but not expected; ");
    return;
  }

  ASN1Encodable requestExtValue = null;
  if (requestedExtns != null) {
    requestExtValue = requestedExtns.getExtensionParsedValue(Extension.subjectInfoAccess);
  }
  if (requestExtValue == null) {
    failureMsg.append("extension is present but not expected; ");
    return;
  }

  ASN1Sequence requestSeq = ASN1Sequence.getInstance(requestExtValue);
  ASN1Sequence certSeq = ASN1Sequence.getInstance(extensionValue);

  int size = requestSeq.size();

  if (certSeq.size() != size) {
    addViolation(failureMsg, "size of GeneralNames", certSeq.size(), size);
    return;
  }

  for (int i = 0; i < size; i++) {
    AccessDescription ad = AccessDescription.getInstance(requestSeq.getObjectAt(i));
    ASN1ObjectIdentifier accessMethod = ad.getAccessMethod();
    Set<GeneralNameMode> generalNameModes = conf.get(accessMethod);

    if (generalNameModes == null) {
      failureMsg.append("accessMethod in requestedExtension ")
        .append(accessMethod.getId()).append(" is not allowed; ");
      continue;
    }

    AccessDescription certAccessDesc = AccessDescription.getInstance(
        certSeq.getObjectAt(i));
    ASN1ObjectIdentifier certAccessMethod = certAccessDesc.getAccessMethod();

    boolean bo = (accessMethod == null) ? (certAccessMethod == null)
        : accessMethod.equals(certAccessMethod);

    if (!bo) {
      addViolation(failureMsg, "accessMethod",
          (certAccessMethod == null) ? "null" : certAccessMethod.getId(),
          (accessMethod == null) ? "null" : accessMethod.getId());
      continue;
    }

    GeneralName accessLocation;
    try {
      accessLocation = createGeneralName(ad.getAccessLocation(), generalNameModes);
    } catch (BadCertTemplateException ex) {
      failureMsg.append("invalid requestedExtension: ").append(ex.getMessage()).append("; ");
      continue;
    }

    GeneralName certAccessLocation = certAccessDesc.getAccessLocation();
    if (!certAccessLocation.equals(accessLocation)) {
      failureMsg.append("accessLocation does not match the requested one; ");
    }
  }
}
 

private static void checkAia(StringBuilder failureMsg, AuthorityInformationAccess aia,
    ASN1ObjectIdentifier accessMethod, Set<String> expectedUris) {
  String typeDesc;
  if (X509ObjectIdentifiers.id_ad_ocsp.equals(accessMethod)) {
    typeDesc = "OCSP";
  } else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(accessMethod)) {
    typeDesc = "caIssuer";
  } else {
    typeDesc = accessMethod.getId();
  }

  List<AccessDescription> isAccessDescriptions = new LinkedList<>();
  for (AccessDescription accessDescription : aia.getAccessDescriptions()) {
    if (accessMethod.equals(accessDescription.getAccessMethod())) {
      isAccessDescriptions.add(accessDescription);
    }
  }

  int size = isAccessDescriptions.size();
  if (size != expectedUris.size()) {
    addViolation(failureMsg, "number of AIA " + typeDesc + " URIs", size, expectedUris.size());
    return;
  }

  Set<String> isUris = new HashSet<>();
  for (int i = 0; i < size; i++) {
    GeneralName isAccessLocation = isAccessDescriptions.get(i).getAccessLocation();
    if (isAccessLocation.getTagNo() != GeneralName.uniformResourceIdentifier) {
      addViolation(failureMsg, "tag of accessLocation of AIA ",
          isAccessLocation.getTagNo(), GeneralName.uniformResourceIdentifier);
    } else {
      String isOcspUri = ((ASN1String) isAccessLocation.getName()).getString();
      isUris.add(isOcspUri);
    }
  }

  Set<String> diffs = strInBnotInA(expectedUris, isUris);
  if (CollectionUtil.isNotEmpty(diffs)) {
    failureMsg.append(typeDesc).append(" URIs ").append(diffs);
    failureMsg.append(" are present but not expected; ");
  }

  diffs = strInBnotInA(isUris, expectedUris);
  if (CollectionUtil.isNotEmpty(diffs)) {
    failureMsg.append(typeDesc).append(" URIs ").append(diffs);
    failureMsg.append(" are absent but are required; ");
  }
}