Пример #1
0
 /**
  * @deprecated use method taking Extensions
  * @param responderID
  * @param producedAt
  * @param responses
  * @param responseExtensions
  */
 public ResponseData(
     ResponderID responderID,
     DERGeneralizedTime producedAt,
     ASN1Sequence responses,
     X509Extensions responseExtensions) {
   this(V1, responderID, producedAt, responses, Extensions.getInstance(responseExtensions));
 }
Пример #2
0
  private ResponseData(ASN1Sequence seq) {
    int index = 0;

    if (seq.getObjectAt(0) instanceof ASN1TaggedObject) {
      ASN1TaggedObject o = (ASN1TaggedObject) seq.getObjectAt(0);

      if (o.getTagNo() == 0) {
        this.versionPresent = true;
        this.version = ASN1Integer.getInstance((ASN1TaggedObject) seq.getObjectAt(0), true);
        index++;
      } else {
        this.version = V1;
      }
    } else {
      this.version = V1;
    }

    this.responderID = ResponderID.getInstance(seq.getObjectAt(index++));
    this.producedAt = (DERGeneralizedTime) seq.getObjectAt(index++);
    this.responses = (ASN1Sequence) seq.getObjectAt(index++);

    if (seq.size() > index) {
      this.responseExtensions =
          Extensions.getInstance((ASN1TaggedObject) seq.getObjectAt(index), true);
    }
  }
  /**
   * Look up the extension associated with the passed in OID.
   *
   * @param oid the OID of the extension of interest.
   * @return the extension if present, null otherwise.
   */
  public Extension getExtension(ASN1ObjectIdentifier oid) {
    if (extensions != null) {
      return extensions.getExtension(oid);
    }

    return null;
  }
Пример #4
0
  /**
   * Parse a {@link OCSPStatusRequest} from an {@link InputStream}.
   *
   * @param input the {@link InputStream} to parse from.
   * @return a {@link OCSPStatusRequest} object.
   * @throws IOException
   */
  public static OCSPStatusRequest parse(InputStream input) throws IOException {
    Vector responderIDList = new Vector();
    {
      int length = TlsUtils.readUint16(input);
      if (length > 0) {
        byte[] data = TlsUtils.readFully(length, input);
        ByteArrayInputStream buf = new ByteArrayInputStream(data);
        do {
          byte[] derEncoding = TlsUtils.readOpaque16(buf);
          ResponderID responderID = ResponderID.getInstance(TlsUtils.readDERObject(derEncoding));
          responderIDList.addElement(responderID);
        } while (buf.available() > 0);
      }
    }

    Extensions requestExtensions = null;
    {
      int length = TlsUtils.readUint16(input);
      if (length > 0) {
        byte[] derEncoding = TlsUtils.readFully(length, input);
        requestExtensions = Extensions.getInstance(TlsUtils.readDERObject(derEncoding));
      }
    }

    return new OCSPStatusRequest(responderIDList, requestExtensions);
  }
Пример #5
0
  public byte[] getExtensionValue(String oid) {
    Extensions exts = c.getTBSCertList().getExtensions();

    if (exts != null) {
      Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid));

      if (ext != null) {
        try {
          return ext.getExtnValue().getEncoded();
        } catch (Exception e) {
          throw new IllegalStateException("error parsing " + e.toString());
        }
      }
    }

    return null;
  }
Пример #6
0
  private Set getExtensionOIDs(boolean critical) {
    if (this.getVersion() == 2) {
      Extensions extensions = c.getTBSCertList().getExtensions();

      if (extensions != null) {
        Set set = new HashSet();
        Enumeration e = extensions.oids();

        while (e.hasMoreElements()) {
          ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
          Extension ext = extensions.getExtension(oid);

          if (critical == ext.isCritical()) {
            set.add(oid.getId());
          }
        }

        return set;
      }
    }

    return null;
  }
Пример #7
0
  /**
   * Encode this {@link OCSPStatusRequest} to an {@link OutputStream}.
   *
   * @param output the {@link OutputStream} to encode to.
   * @throws IOException
   */
  public void encode(OutputStream output) throws IOException {
    if (responderIDList == null || responderIDList.isEmpty()) {
      TlsUtils.writeUint16(0, output);
    } else {
      ByteArrayOutputStream buf = new ByteArrayOutputStream();
      for (int i = 0; i < responderIDList.size(); ++i) {
        ResponderID responderID = (ResponderID) responderIDList.elementAt(i);
        byte[] derEncoding = responderID.getEncoded(ASN1Encoding.DER);
        TlsUtils.writeOpaque16(derEncoding, buf);
      }
      TlsUtils.checkUint16(buf.size());
      TlsUtils.writeUint16(buf.size(), output);
      buf.writeTo(output);
    }

    if (requestExtensions == null) {
      TlsUtils.writeUint16(0, output);
    } else {
      byte[] derEncoding = requestExtensions.getEncoded(ASN1Encoding.DER);
      TlsUtils.checkUint16(derEncoding.length);
      TlsUtils.writeUint16(derEncoding.length, output);
      output.write(derEncoding);
    }
  }
Пример #8
0
  /**
   * Returns a string representation of this CRL.
   *
   * @return a string representation of this CRL.
   */
  public String toString() {
    StringBuffer buf = new StringBuffer();
    String nl = System.getProperty("line.separator");

    buf.append("              Version: ").append(this.getVersion()).append(nl);
    buf.append("             IssuerDN: ").append(this.getIssuerDN()).append(nl);
    buf.append("          This update: ").append(this.getThisUpdate()).append(nl);
    buf.append("          Next update: ").append(this.getNextUpdate()).append(nl);
    buf.append("  Signature Algorithm: ").append(this.getSigAlgName()).append(nl);

    byte[] sig = this.getSignature();

    buf.append("            Signature: ").append(new String(Hex.encode(sig, 0, 20))).append(nl);
    for (int i = 20; i < sig.length; i += 20) {
      if (i < sig.length - 20) {
        buf.append("                       ").append(new String(Hex.encode(sig, i, 20))).append(nl);
      } else {
        buf.append("                       ")
            .append(new String(Hex.encode(sig, i, sig.length - i)))
            .append(nl);
      }
    }

    Extensions extensions = c.getTBSCertList().getExtensions();

    if (extensions != null) {
      Enumeration e = extensions.oids();

      if (e.hasMoreElements()) {
        buf.append("           Extensions: ").append(nl);
      }

      while (e.hasMoreElements()) {
        ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
        Extension ext = extensions.getExtension(oid);

        if (ext.getExtnValue() != null) {
          byte[] octs = ext.getExtnValue().getOctets();
          ASN1InputStream dIn = new ASN1InputStream(octs);
          buf.append("                       critical(").append(ext.isCritical()).append(") ");
          try {
            if (oid.equals(Extension.cRLNumber)) {
              buf.append(
                      new CRLNumber(ASN1Integer.getInstance(dIn.readObject()).getPositiveValue()))
                  .append(nl);
            } else if (oid.equals(Extension.deltaCRLIndicator)) {
              buf.append(
                      "Base CRL: "
                          + new CRLNumber(
                              ASN1Integer.getInstance(dIn.readObject()).getPositiveValue()))
                  .append(nl);
            } else if (oid.equals(Extension.issuingDistributionPoint)) {
              buf.append(IssuingDistributionPoint.getInstance(dIn.readObject())).append(nl);
            } else if (oid.equals(Extension.cRLDistributionPoints)) {
              buf.append(CRLDistPoint.getInstance(dIn.readObject())).append(nl);
            } else if (oid.equals(Extension.freshestCRL)) {
              buf.append(CRLDistPoint.getInstance(dIn.readObject())).append(nl);
            } else {
              buf.append(oid.getId());
              buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
            }
          } catch (Exception ex) {
            buf.append(oid.getId());
            buf.append(" value = ").append("*****").append(nl);
          }
        } else {
          buf.append(nl);
        }
      }
    }
    Set set = getRevokedCertificates();
    if (set != null) {
      Iterator it = set.iterator();
      while (it.hasNext()) {
        buf.append(it.next());
        buf.append(nl);
      }
    }
    return buf.toString();
  }
Пример #9
0
  /**
   * Generate a TimeStampToken for the passed in request and serialNumber marking it with the passed
   * in genTime.
   *
   * @param request the originating request.
   * @param serialNumber serial number for the TimeStampToken
   * @param genTime token generation time.
   * @param additionalExtensions extra extensions to be added to the response token.
   * @return a TimeStampToken
   * @throws TSPException
   */
  public TimeStampToken generate(
      TimeStampRequest request,
      BigInteger serialNumber,
      Date genTime,
      Extensions additionalExtensions)
      throws TSPException {
    ASN1ObjectIdentifier digestAlgOID = request.getMessageImprintAlgOID();

    AlgorithmIdentifier algID = new AlgorithmIdentifier(digestAlgOID, DERNull.INSTANCE);
    MessageImprint messageImprint = new MessageImprint(algID, request.getMessageImprintDigest());

    Accuracy accuracy = null;
    if (accuracySeconds > 0 || accuracyMillis > 0 || accuracyMicros > 0) {
      ASN1Integer seconds = null;
      if (accuracySeconds > 0) {
        seconds = new ASN1Integer(accuracySeconds);
      }

      ASN1Integer millis = null;
      if (accuracyMillis > 0) {
        millis = new ASN1Integer(accuracyMillis);
      }

      ASN1Integer micros = null;
      if (accuracyMicros > 0) {
        micros = new ASN1Integer(accuracyMicros);
      }

      accuracy = new Accuracy(seconds, millis, micros);
    }

    ASN1Boolean derOrdering = null;
    if (ordering) {
      derOrdering = ASN1Boolean.getInstance(ordering);
    }

    ASN1Integer nonce = null;
    if (request.getNonce() != null) {
      nonce = new ASN1Integer(request.getNonce());
    }

    ASN1ObjectIdentifier tsaPolicy = tsaPolicyOID;
    if (request.getReqPolicy() != null) {
      tsaPolicy = request.getReqPolicy();
    }

    Extensions respExtensions = request.getExtensions();
    if (additionalExtensions != null) {
      ExtensionsGenerator extGen = new ExtensionsGenerator();

      if (respExtensions != null) {
        for (Enumeration en = respExtensions.oids(); en.hasMoreElements(); ) {
          extGen.addExtension(
              respExtensions.getExtension(ASN1ObjectIdentifier.getInstance(en.nextElement())));
        }
      }
      for (Enumeration en = additionalExtensions.oids(); en.hasMoreElements(); ) {
        extGen.addExtension(
            additionalExtensions.getExtension(ASN1ObjectIdentifier.getInstance(en.nextElement())));
      }

      respExtensions = extGen.generate();
    }

    TSTInfo tstInfo =
        new TSTInfo(
            tsaPolicy,
            messageImprint,
            new ASN1Integer(serialNumber),
            new ASN1GeneralizedTime(genTime),
            accuracy,
            derOrdering,
            nonce,
            tsa,
            respExtensions);

    try {
      CMSSignedDataGenerator signedDataGenerator = new CMSSignedDataGenerator();

      if (request.getCertReq()) {
        // TODO: do we need to check certs non-empty?
        signedDataGenerator.addCertificates(new CollectionStore(certs));
        signedDataGenerator.addAttributeCertificates(new CollectionStore(attrCerts));
      }

      signedDataGenerator.addCRLs(new CollectionStore(crls));

      if (!otherRevoc.isEmpty()) {
        for (Iterator it = otherRevoc.keySet().iterator(); it.hasNext(); ) {
          ASN1ObjectIdentifier format = (ASN1ObjectIdentifier) it.next();

          signedDataGenerator.addOtherRevocationInfo(
              format, new CollectionStore((Collection) otherRevoc.get(format)));
        }
      }

      signedDataGenerator.addSignerInfoGenerator(signerInfoGen);

      byte[] derEncodedTSTInfo = tstInfo.getEncoded(ASN1Encoding.DER);

      CMSSignedData signedData =
          signedDataGenerator.generate(
              new CMSProcessableByteArray(PKCSObjectIdentifiers.id_ct_TSTInfo, derEncodedTSTInfo),
              true);

      return new TimeStampToken(signedData);
    } catch (CMSException cmsEx) {
      throw new TSPException("Error generating time-stamp token", cmsEx);
    } catch (IOException e) {
      throw new TSPException("Exception encoding info", e);
    }
  }