Package org.apache.geronimo.crypto.asn1

Examples of org.apache.geronimo.crypto.asn1.ASN1Sequence

                if (!isSelfIssued(cert))
                    X500Principal principal = getSubjectPrincipal(cert);
                    ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(principal.getEncoded()));
                    ASN1Sequence    dns;
                        dns = (ASN1Sequence)aIn.readObject();
                    catch (IOException e)
                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.ncSubjectNameError",
                                new Object[] {new UntrustedInput(principal)});
                        throw new CertPathReviewerException(msg,e,certPath,index);
                    catch (PKIXNameConstraintValidatorException cpve)
                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedDN",
                                new Object[] {new UntrustedInput(principal.getName())});
                        throw new CertPathReviewerException(msg,cpve,certPath,index);
                    catch (PKIXNameConstraintValidatorException cpve)
                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedDN",
                                new Object[] {new UntrustedInput(principal.getName())});
                        throw new CertPathReviewerException(msg,cpve,certPath,index);
                    ASN1Sequence altName;
                        altName = (ASN1Sequence)getExtensionValue(cert, SUBJECT_ALTERNATIVE_NAME);
                    catch (AnnotatedException ae)
                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.subjAltNameExtError");
                        throw new CertPathReviewerException(msg,ae,certPath,index);
                    if (altName != null)
                        for (int j = 0; j < altName.size(); j++)
                            GeneralName name = GeneralName.getInstance(altName.getObjectAt(j));

                            catch (PKIXNameConstraintValidatorException cpve)
                                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedEmail",
                                        new Object[] {new UntrustedInput(name)});
                                throw new CertPathReviewerException(msg,cpve,certPath,index);
//                            switch(o.getTagNo())            TODO - move resources to PKIXNameConstraints
//                            {
//                            case 1:
//                                String email = DERIA5String.getInstance(o, true).getString();
//                                try
//                                {
//                                    checkPermittedEmail(permittedSubtreesEmail, email);
//                                }
//                                catch (CertPathValidatorException cpve)
//                                {
//                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedEmail",
//                                            new Object[] {new UntrustedInput(email)});
//                                    throw new CertPathReviewerException(msg,cpve,certPath,index);
//                                }
//                                try
//                                {
//                                    checkExcludedEmail(excludedSubtreesEmail, email);
//                                }
//                                catch (CertPathValidatorException cpve)
//                                {
//                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedEmail",
//                                            new Object[] {new UntrustedInput(email)});
//                                    throw new CertPathReviewerException(msg,cpve,certPath,index);
//                                }
//                                break;
//                            case 4:
//                                ASN1Sequence altDN = ASN1Sequence.getInstance(o, true);
//                                try
//                                {
//                                    checkPermittedDN(permittedSubtreesDN, altDN);
//                                }
//                                catch (CertPathValidatorException cpve)
//                                {
//                                    X509Name altDNName = new X509Name(altDN);
//                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedDN",
//                                            new Object[] {new UntrustedInput(altDNName)});
//                                    throw new CertPathReviewerException(msg,cpve,certPath,index);
//                                }
//                                try
//                                {
//                                    checkExcludedDN(excludedSubtreesDN, altDN);
//                                }
//                                catch (CertPathValidatorException cpve)
//                                {
//                                    X509Name altDNName = new X509Name(altDN);
//                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedDN",
//                                            new Object[] {new UntrustedInput(altDNName)});
//                                    throw new CertPathReviewerException(msg,cpve,certPath,index);
//                                }
//                                break;
//                            case 7:
//                                byte[] ip = ASN1OctetString.getInstance(o, true).getOctets();
//                                try
//                                {
//                                    checkPermittedIP(permittedSubtreesIP, ip);
//                                }
//                                catch (CertPathValidatorException cpve)
//                                {
//                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedIP",
//                                            new Object[] {IPtoString(ip)});
//                                    throw new CertPathReviewerException(msg,cpve,certPath,index);
//                                }
//                                try
//                                {
//                                    checkExcludedIP(excludedSubtreesIP, ip);
//                                }
//                                catch (CertPathValidatorException cpve)
//                                {
//                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedIP",
//                                            new Object[] {IPtoString(ip)});
//                                    throw new CertPathReviewerException(msg,cpve,certPath,index);
//                                }
//                            }
                // prepare for next certificate
                // (g) handle the name constraints extension
                ASN1Sequence ncSeq;
                    ncSeq = (ASN1Sequence)getExtensionValue(cert, NAME_CONSTRAINTS);
                catch (AnnotatedException ae)
View Full Code Here

                // set certificate to be checked in this round
                cert = (X509Certificate) certs.get(index);
                // d) process policy information
                ASN1Sequence certPolicies;
                    certPolicies = (ASN1Sequence) getExtensionValue(
                        cert, CERTIFICATE_POLICIES);
                catch (AnnotatedException ae)
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyExtError");
                    throw new CertPathReviewerException(msg,ae,certPath,index);
                if (certPolicies != null && validPolicyTree != null)

                    // d) 1)

                    Enumeration e = certPolicies.getObjects();
                    Set pols = new HashSet();

                    while (e.hasMoreElements())
                        PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement());
                        DERObjectIdentifier pOid = pInfo.getPolicyIdentifier();


                        if (!ANY_POLICY.equals(pOid.getId()))
                            Set pq;
                                pq = getQualifierSet(pInfo.getPolicyQualifiers());
                            catch (CertPathValidatorException cpve)
                                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyQualifierError");
                                throw new CertPathReviewerException(msg,cpve,certPath,index);

                            boolean match = processCertD1i(i, policyNodes, pOid, pq);

                            if (!match)
                                processCertD1ii(i, policyNodes, pOid, pq);

                    if (acceptablePolicies == null || acceptablePolicies.contains(ANY_POLICY))
                        acceptablePolicies = pols;
                        Iterator it = acceptablePolicies.iterator();
                        Set t1 = new HashSet();

                        while (it.hasNext())
                            Object o =;

                            if (pols.contains(o))

                        acceptablePolicies = t1;

                    // d) 2)

                    if ((inhibitAnyPolicy > 0) || ((i < n) && isSelfIssued(cert)))
                        e = certPolicies.getObjects();

                        while (e.hasMoreElements())
                            PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement());

                            if (ANY_POLICY.equals(pInfo.getPolicyIdentifier().getId()))
                                Set _apq;
                                    _apq = getQualifierSet(pInfo.getPolicyQualifiers());
                                catch (CertPathValidatorException cpve)
                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyQualifierError");
                                    throw new CertPathReviewerException(msg,cpve,certPath,index);
                                List _nodes = policyNodes[i - 1];

                                for (int k = 0; k < _nodes.size(); k++)
                                    PKIXPolicyNode _node = (PKIXPolicyNode) _nodes.get(k);

                                    Iterator _policySetIter = _node.getExpectedPolicies().iterator();
                                    while (_policySetIter.hasNext())
                                        Object _tmp =;

                                        String _policy;
                                        if (_tmp instanceof String)
                                            _policy = (String) _tmp;
                                        else if (_tmp instanceof DERObjectIdentifier)
                                            _policy = ((DERObjectIdentifier) _tmp).getId();

                                        boolean _found = false;
                                        Iterator _childrenIter = _node

                                        while (_childrenIter.hasNext())
                                            PKIXPolicyNode _child = (PKIXPolicyNode);

                                            if (_policy.equals(_child.getValidPolicy()))
                                                _found = true;

                                        if (!_found)
                                            Set _newChildExpectedPolicies = new HashSet();

                                            PKIXPolicyNode _newChild = new PKIXPolicyNode(
                                                    new ArrayList(), i,
                                                    _node, _apq, _policy, false);

                    // (d) (3)
                    for (int j = (i - 1); j >= 0; j--)
                        List nodes = policyNodes[j];

                        for (int k = 0; k < nodes.size(); k++)
                            PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(k);
                            if (!node.hasChildren())
                                validPolicyTree = removePolicyNode(
                                        validPolicyTree, policyNodes, node);
                                if (validPolicyTree == null)

                    // d (4)
                    Set criticalExtensionOids = cert.getCriticalExtensionOIDs();

                    if (criticalExtensionOids != null)
                        boolean critical = criticalExtensionOids.contains(CERTIFICATE_POLICIES);

                        List nodes = policyNodes[i];
                        for (int j = 0; j < nodes.size(); j++)
                            PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(j);

                // e)
                if (certPolicies == null)
                    validPolicyTree = null;
                // f)
                if (explicitPolicy <= 0 && validPolicyTree == null)
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noValidPolicyTree");
                    throw new CertPathReviewerException(msg);
                // 6.1.4 preparation for next Certificate
                if (i != n)
                    // a)
                    ASN1Primitive pm;
                        pm = getExtensionValue(cert, POLICY_MAPPINGS);
                    catch (AnnotatedException ae)
                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyMapExtError");
                        throw new CertPathReviewerException(msg,ae,certPath,index);
                    if (pm != null)
                        ASN1Sequence mappings = (ASN1Sequence) pm;
                        for (int j = 0; j < mappings.size(); j++)
                            ASN1Sequence mapping = (ASN1Sequence) mappings.getObjectAt(j);
                            DERObjectIdentifier ip_id = (DERObjectIdentifier) mapping.getObjectAt(0);
                            DERObjectIdentifier sp_id = (DERObjectIdentifier) mapping.getObjectAt(1);
                            if (ANY_POLICY.equals(ip_id.getId()))
                                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.invalidPolicyMapping");
                                throw new CertPathReviewerException(msg,certPath,index);
                            if (ANY_POLICY.equals(sp_id.getId()))
                                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.invalidPolicyMapping");
                                throw new CertPathReviewerException(msg,certPath,index);
                    // b)
                    if (pm != null)
                        ASN1Sequence mappings = (ASN1Sequence)pm;
                        Map m_idp = new HashMap();
                        Set s_idp = new HashSet();
                        for (int j = 0; j < mappings.size(); j++)
                            ASN1Sequence mapping = (ASN1Sequence)mappings.getObjectAt(j);
                            String id_p = ((DERObjectIdentifier)mapping.getObjectAt(0)).getId();
                            String sd_p = ((DERObjectIdentifier)mapping.getObjectAt(1)).getId();
                            Set tmp;
                            if (!m_idp.containsKey(id_p))
                                tmp = new HashSet();
                                m_idp.put(id_p, tmp);
                                tmp = (Set)m_idp.get(id_p);
                        Iterator it_idp = s_idp.iterator();
                        while (it_idp.hasNext())
                            String id_p = (String);
                            // (1)
                            if (policyMapping > 0)
                                catch (AnnotatedException ae)
                                    // error processing certificate policies extension
                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyExtError");
                                    throw new CertPathReviewerException(msg,ae,certPath,index);
                                catch (CertPathValidatorException cpve)
                                    // error building qualifier set
                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyQualifierError");
                                    throw new CertPathReviewerException(msg,cpve,certPath,index);
                                // (2)
                            else if (policyMapping <= 0)
                                validPolicyTree = prepareNextCertB2(i,policyNodes,id_p,validPolicyTree);
                    // h)
                    if (!isSelfIssued(cert))
                        // (1)
                        if (explicitPolicy != 0)
                        // (2)
                        if (policyMapping != 0)
                        // (3)
                        if (inhibitAnyPolicy != 0)
                    // i)
                        ASN1Sequence pc = (ASN1Sequence) getExtensionValue(cert,POLICY_CONSTRAINTS);
                        if (pc != null)
                            Enumeration policyConstraints = pc.getObjects();
                            while (policyConstraints.hasMoreElements())
                                ASN1TaggedObject constraint = (ASN1TaggedObject) policyConstraints.nextElement();
                                int tmpInt;
                                switch (constraint.getTagNo())
                                case 0:
                                    tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
                                    if (tmpInt < explicitPolicy)
                                        explicitPolicy = tmpInt;
                                case 1:
                                    tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
                                    if (tmpInt < policyMapping)
                                        policyMapping = tmpInt;
                    catch (AnnotatedException ae)
                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyConstExtError");
                        throw new CertPathReviewerException(msg,certPath,index);
                    // j)
                        DERInteger iap = (DERInteger)getExtensionValue(cert, INHIBIT_ANY_POLICY);
                        if (iap != null)
                            int _inhibitAnyPolicy = iap.getValue().intValue();
                            if (_inhibitAnyPolicy < inhibitAnyPolicy)
                                inhibitAnyPolicy = _inhibitAnyPolicy;
                    catch (AnnotatedException ae)
                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyInhibitExtError");
                        throw new CertPathReviewerException(msg,certPath,index);
            // 6.1.5 Wrap up
            // a)
            if (!isSelfIssued(cert) && explicitPolicy > 0)
            // b)
                ASN1Sequence pc = (ASN1Sequence) getExtensionValue(cert, POLICY_CONSTRAINTS);
                if (pc != null)
                    Enumeration policyConstraints = pc.getObjects();
                    while (policyConstraints.hasMoreElements())
                        ASN1TaggedObject    constraint = (ASN1TaggedObject)policyConstraints.nextElement();
                        switch (constraint.getTagNo())
View Full Code Here

            boolean unknownStatement = false;
            ASN1Sequence qcSt = (ASN1Sequence) getExtensionValue(cert,QC_STATEMENT);
            for (int j = 0; j < qcSt.size(); j++)
                QCStatement stmt = QCStatement.getInstance(qcSt.getObjectAt(j));
                if (QCStatement.id_etsi_qcs_QcCompliance.equals(stmt.getStatementId()))
                    // process statement - just write a notification that the certificate contains this statement
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.QcEuCompliance");
View Full Code Here

        if (bytes != null)
                ASN1InputStream dIn = new ASN1InputStream(bytes);
                ASN1Sequence    seq = (ASN1Sequence)dIn.readObject();
                List            list = new ArrayList();

                for (int i = 0; i != seq.size(); i++)
                return Collections.unmodifiableList(list);
            catch (Exception e)
View Full Code Here

    private BigInteger[] derDecode(
        byte[] encoding)
        throws IOException
        ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(encoding);

        return new BigInteger[]
View Full Code Here

        byte[] params)
        throws IOException
            ASN1Sequence seq = (ASN1Sequence)ASN1Primitive.fromByteArray(params);

            this.currentSpec = GOST3410ParameterSpec.fromPublicKeyAlg(
                new GOST3410PublicKeyAlgParameters(seq));
        catch (ClassCastException e)
View Full Code Here

        byte[] params)
        throws IOException
            ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(params);

            this.currentSpec = new IESParameterSpec(
        catch (ClassCastException e)
            throw new IOException("Not a valid IES Parameter encoding.");
View Full Code Here

            // PublicKeyAndChallenge ::= SEQUENCE {
            //    spki            SubjectPublicKeyInfo,
            //    challenge        IA5STRING
            // }
            ASN1Sequence pkac = (ASN1Sequence)spkac.getObjectAt(0);

            if (pkac.size() != 2)
                throw new IllegalArgumentException("invalid PKAC (len): "
                        + pkac.size());

            challenge = ((DERIA5String)pkac.getObjectAt(1)).getString();

            //this could be dangerous, as ASN.1 decoding/encoding
            //could potentially alter the bytes
            content = new DERBitString(pkac);

            SubjectPublicKeyInfo pubkeyinfo = new SubjectPublicKeyInfo(

            X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString(

            keyAlg = pubkeyinfo.getAlgorithmId();
View Full Code Here

        public BigInteger[] decode(
            byte[] encoding)
            throws IOException
            ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(encoding);
            BigInteger[] sig = new BigInteger[2];

            sig[0] = ASN1Integer.getInstance(s.getObjectAt(0)).getValue();
            sig[1] = ASN1Integer.getInstance(s.getObjectAt(1)).getValue();

            return sig;
View Full Code Here

            curve = new ECCurve.Fp(p, x9A.getValue().toBigInteger(), x9B.getValue().toBigInteger());
        else if (fieldIdentifier.equals(characteristic_two_field))
            // Characteristic two field
            ASN1Sequence parameters = ASN1Sequence.getInstance(fieldID.getParameters());
            int m = ((ASN1Integer)parameters.getObjectAt(0)).getValue().
            ASN1ObjectIdentifier representation
                = (ASN1ObjectIdentifier)parameters.getObjectAt(1);

            int k1 = 0;
            int k2 = 0;
            int k3 = 0;

            if (representation.equals(tpBasis))
                // Trinomial basis representation
                k1 = ASN1Integer.getInstance(parameters.getObjectAt(2)).getValue().intValue();
            else if (representation.equals(ppBasis))
                // Pentanomial basis representation
                ASN1Sequence pentanomial = ASN1Sequence.getInstance(parameters.getObjectAt(2));
                k1 = ASN1Integer.getInstance(pentanomial.getObjectAt(0)).getValue().intValue();
                k2 = ASN1Integer.getInstance(pentanomial.getObjectAt(1)).getValue().intValue();
                k3 = ASN1Integer.getInstance(pentanomial.getObjectAt(2)).getValue().intValue();
                throw new IllegalArgumentException("This type of EC basis is not implemented");
View Full Code Here


Related Classes of org.apache.geronimo.crypto.asn1.ASN1Sequence

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact