Example 46 with ASN1Encodable
use of com.android.org.bouncycastle.asn1.ASN1Encodable in project xipki by xipki.
the class ExtensionsChecker method createGeneralName.
private static GeneralName createGeneralName(GeneralName reqName, Set<GeneralNameMode> modes) throws BadCertTemplateException {
int tag = reqName.getTagNo();
GeneralNameMode mode = null;
if (modes != null) {
for (GeneralNameMode m : modes) {
if (m.getTag().getTag() == tag) {
mode = m;
break;
}
}
if (mode == null) {
throw new BadCertTemplateException("generalName tag " + tag + " is not allowed");
}
}
switch(tag) {
case GeneralName.rfc822Name:
case GeneralName.dNSName:
case GeneralName.uniformResourceIdentifier:
case GeneralName.iPAddress:
case GeneralName.registeredID:
case GeneralName.directoryName:
return new GeneralName(tag, reqName.getName());
case GeneralName.otherName:
ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName());
ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0));
if (mode != null && !mode.getAllowedTypes().contains(type)) {
throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed");
}
ASN1Encodable value = ASN1TaggedObject.getInstance(reqSeq.getObjectAt(1)).getObject();
String text;
if (!(value instanceof ASN1String)) {
throw new BadCertTemplateException("otherName.value is not a String");
} else {
text = ((ASN1String) value).getString();
}
ASN1EncodableVector vector = new ASN1EncodableVector();
vector.add(type);
vector.add(new DERTaggedObject(true, 0, new DERUTF8String(text)));
DERSequence seq = new DERSequence(vector);
return new GeneralName(GeneralName.otherName, seq);
case GeneralName.ediPartyName:
reqSeq = ASN1Sequence.getInstance(reqName.getName());
int size = reqSeq.size();
String nameAssigner = null;
int idx = 0;
if (size > 1) {
DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
nameAssigner = ds.getString();
}
DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
String partyName = ds.getString();
vector = new ASN1EncodableVector();
if (nameAssigner != null) {
vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner)));
}
vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName)));
seq = new DERSequence(vector);
return new GeneralName(GeneralName.ediPartyName, seq);
default:
throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
}
// end switch
}
Also used :
GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
ASN1String(org.bouncycastle.asn1.ASN1String)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERT61String(org.bouncycastle.asn1.DERT61String)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DERSequence(org.bouncycastle.asn1.DERSequence)
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1String(org.bouncycastle.asn1.ASN1String)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 47 with ASN1Encodable
use of com.android.org.bouncycastle.asn1.ASN1Encodable in project xipki by xipki.
the class ScepUtil method generateRequest.
public static PKCS10CertificationRequest generateRequest(PrivateKey privatekey, SubjectPublicKeyInfo subjectPublicKeyInfo, X500Name subjectDn, String challengePassword, List<Extension> extensions) throws OperatorCreationException {
requireNonNull("privatekey", privatekey);
requireNonNull("subjectPublicKeyInfo", subjectPublicKeyInfo);
requireNonNull("subjectDn", subjectDn);
Map<ASN1ObjectIdentifier, ASN1Encodable> attributes = new HashMap<ASN1ObjectIdentifier, ASN1Encodable>();
if (challengePassword != null && !challengePassword.isEmpty()) {
DERPrintableString asn1Pwd = new DERPrintableString(challengePassword);
attributes.put(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, asn1Pwd);
}
if (extensions != null && !extensions.isEmpty()) {
Extensions asn1Extensions = new Extensions(extensions.toArray(new Extension[0]));
attributes.put(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, asn1Extensions);
}
return generateRequest(privatekey, subjectPublicKeyInfo, subjectDn, attributes);
}
Also used :
Extension(org.bouncycastle.asn1.x509.Extension)
HashMap(java.util.HashMap)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Extensions(org.bouncycastle.asn1.x509.Extensions)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 48 with ASN1Encodable
use of com.android.org.bouncycastle.asn1.ASN1Encodable in project xipki by xipki.
the class P12ComplexCsrGenCmd method getSubject.
@Override
protected X500Name getSubject(String subject) {
X500Name name = new X500Name(subject);
List<RDN> list = new LinkedList<>();
RDN[] rs = name.getRDNs();
for (RDN m : rs) {
list.add(m);
}
ASN1ObjectIdentifier id;
// dateOfBirth
if (complexSubject.booleanValue()) {
id = ObjectIdentifiers.DN_DATE_OF_BIRTH;
RDN[] rdns = name.getRDNs(id);
if (rdns == null || rdns.length == 0) {
ASN1Encodable atvValue = new DERGeneralizedTime("19950102120000Z");
RDN rdn = new RDN(id, atvValue);
list.add(rdn);
}
}
// postalAddress
if (complexSubject.booleanValue()) {
id = ObjectIdentifiers.DN_POSTAL_ADDRESS;
RDN[] rdns = name.getRDNs(id);
if (rdns == null || rdns.length == 0) {
ASN1EncodableVector vec = new ASN1EncodableVector();
vec.add(new DERUTF8String("my street 1"));
vec.add(new DERUTF8String("12345 Germany"));
ASN1Sequence atvValue = new DERSequence(vec);
RDN rdn = new RDN(id, atvValue);
list.add(rdn);
}
}
// DN_UNIQUE_IDENTIFIER
id = ObjectIdentifiers.DN_UNIQUE_IDENTIFIER;
RDN[] rdns = name.getRDNs(id);
if (rdns == null || rdns.length == 0) {
DERUTF8String atvValue = new DERUTF8String("abc-def-ghi");
RDN rdn = new RDN(id, atvValue);
list.add(rdn);
}
return new X500Name(list.toArray(new RDN[0]));
}
Also used :
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DERSequence(org.bouncycastle.asn1.DERSequence)
DERGeneralizedTime(org.bouncycastle.asn1.DERGeneralizedTime)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
RDN(org.bouncycastle.asn1.x500.RDN)
LinkedList(java.util.LinkedList)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 49 with ASN1Encodable
use of com.android.org.bouncycastle.asn1.ASN1Encodable in project xipki by xipki.
the class ExtractCertFromCrlCmd method execute0.
@Override
protected Object execute0() throws Exception {
X509CRL crl = X509Util.parseCrl(crlFile);
String oidExtnCerts = ObjectIdentifiers.id_xipki_ext_crlCertset.getId();
byte[] extnValue = crl.getExtensionValue(oidExtnCerts);
if (extnValue == null) {
throw new IllegalCmdParamException("no certificate is contained in " + crlFile);
}
extnValue = removingTagAndLenFromExtensionValue(extnValue);
ASN1Set asn1Set = DERSet.getInstance(extnValue);
final int n = asn1Set.size();
if (n == 0) {
throw new CmdFailure("no certificate is contained in " + crlFile);
}
ByteArrayOutputStream out = new ByteArrayOutputStream();
ZipOutputStream zip = new ZipOutputStream(out);
for (int i = 0; i < n; i++) {
ASN1Encodable asn1 = asn1Set.getObjectAt(i);
Certificate cert;
try {
ASN1Sequence seq = ASN1Sequence.getInstance(asn1);
cert = Certificate.getInstance(seq.getObjectAt(0));
} catch (IllegalArgumentException ex) {
// backwards compatibility
cert = Certificate.getInstance(asn1);
}
byte[] certBytes = cert.getEncoded();
String sha1FpCert = HashAlgo.SHA1.hexHash(certBytes);
ZipEntry certZipEntry = new ZipEntry(sha1FpCert + ".der");
zip.putNextEntry(certZipEntry);
try {
zip.write(certBytes);
} finally {
zip.closeEntry();
}
}
zip.flush();
zip.close();
saveVerbose("extracted " + n + " certificates to", new File(outFile), out.toByteArray());
return null;
}
Also used :
X509CRL(java.security.cert.X509CRL)
ZipEntry(java.util.zip.ZipEntry)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
CmdFailure(org.xipki.console.karaf.CmdFailure)
ZipOutputStream(java.util.zip.ZipOutputStream)
IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
File(java.io.File)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Example 50 with ASN1Encodable
use of com.android.org.bouncycastle.asn1.ASN1Encodable in project keystore-explorer by kaikramer.
the class DViewCsr method extensionsPressed.
private void extensionsPressed() {
// extract sequence with extensions from csr
Attribute[] attributes = pkcs10Csr.getAttributes(pkcs_9_at_extensionRequest);
X509ExtensionSet x509ExtensionSet = new X509ExtensionSet();
if ((attributes != null) && (attributes.length > 0)) {
ASN1Encodable[] attributeValues = attributes[0].getAttributeValues();
if (attributeValues.length > 0) {
ASN1Sequence asn1Sequence = ASN1Sequence.getInstance(attributeValues[0]);
x509ExtensionSet = new X509ExtensionSet(asn1Sequence);
}
}
DViewExtensions dViewExtensions = new DViewExtensions(this, res.getString("DViewCertificate.Extensions.Title"), x509ExtensionSet);
dViewExtensions.setLocationRelativeTo(this);
dViewExtensions.setVisible(true);
}
Also used :
X509ExtensionSet(org.kse.crypto.x509.X509ExtensionSet)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
Attribute(org.bouncycastle.asn1.pkcs.Attribute)
DViewExtensions(org.kse.gui.dialogs.extensions.DViewExtensions)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Aggregations
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)139
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)73
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)59
IOException (java.io.IOException)37
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)34
DEROctetString (org.bouncycastle.asn1.DEROctetString)32
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)29
DERIA5String (org.bouncycastle.asn1.DERIA5String)28
DERSequence (org.bouncycastle.asn1.DERSequence)25
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)21
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)21
ArrayList (java.util.ArrayList)20
GeneralName (org.bouncycastle.asn1.x509.GeneralName)19
X509Certificate (java.security.cert.X509Certificate)17
HashSet (java.util.HashSet)17
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)17
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)17
BigInteger (java.math.BigInteger)16
ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)16
DERBMPString (org.bouncycastle.asn1.DERBMPString)15
