Search in sources :

Example 76 with Attribute

use of com.android.org.bouncycastle.asn1.x509.Attribute in project xipki by xipki.

the class X509SelfSignedCertBuilder method generateCertificate.

// method generateSelfSigned
private static X509Certificate generateCertificate(ConcurrentContentSigner signer, IdentifiedX509Certprofile certprofile, CertificationRequest csr, BigInteger serialNumber, SubjectPublicKeyInfo publicKeyInfo, List<String> caCertUris, List<String> ocspUris, List<String> crlUris, List<String> deltaCrlUris, ConfPairs extraControl) throws OperationException {
    SubjectPublicKeyInfo tmpPublicKeyInfo;
    try {
        tmpPublicKeyInfo = X509Util.toRfc3279Style(publicKeyInfo);
    } catch (InvalidKeySpecException ex) {
        LOG.warn("SecurityUtil.toRfc3279Style", ex);
        throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, ex);
    }
    try {
        certprofile.checkPublicKey(tmpPublicKeyInfo);
    } catch (BadCertTemplateException ex) {
        LOG.warn("certprofile.checkPublicKey", ex);
        throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, ex);
    }
    X500Name requestedSubject = csr.getCertificationRequestInfo().getSubject();
    SubjectInfo subjectInfo;
    // subject
    try {
        subjectInfo = certprofile.getSubject(requestedSubject);
    } catch (CertprofileException ex) {
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, "exception in cert profile " + certprofile.getIdent());
    } catch (BadCertTemplateException ex) {
        LOG.warn("certprofile.getSubject", ex);
        throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, ex);
    }
    Date notBefore = certprofile.getNotBefore(null);
    if (notBefore == null) {
        notBefore = new Date();
    }
    CertValidity validity = certprofile.getValidity();
    if (validity == null) {
        throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, "no validity specified in the profile " + certprofile.getIdent());
    }
    Date notAfter = validity.add(notBefore);
    X500Name grantedSubject = subjectInfo.getGrantedSubject();
    X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(grantedSubject, serialNumber, notBefore, notAfter, grantedSubject, tmpPublicKeyInfo);
    PublicCaInfo publicCaInfo = new PublicCaInfo(grantedSubject, serialNumber, null, null, caCertUris, ocspUris, crlUris, deltaCrlUris, extraControl);
    Extensions extensions = null;
    ASN1Set attrs = csr.getCertificationRequestInfo().getAttributes();
    for (int i = 0; i < attrs.size(); i++) {
        Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
        if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
            extensions = Extensions.getInstance(attr.getAttributeValues()[0]);
        }
    }
    try {
        addExtensions(certBuilder, certprofile, requestedSubject, grantedSubject, extensions, tmpPublicKeyInfo, publicCaInfo, notBefore, notAfter);
        ConcurrentBagEntrySigner signer0 = signer.borrowSigner();
        X509CertificateHolder certHolder;
        try {
            certHolder = certBuilder.build(signer0.value());
        } finally {
            signer.requiteSigner(signer0);
        }
        Certificate bcCert = certHolder.toASN1Structure();
        return X509Util.parseCert(bcCert.getEncoded());
    } catch (BadCertTemplateException ex) {
        throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, ex);
    } catch (NoIdleSignerException | CertificateException | IOException | CertprofileException ex) {
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
    }
}
Also used : CertValidity(org.xipki.ca.api.profile.CertValidity) Attribute(org.bouncycastle.asn1.pkcs.Attribute) SubjectInfo(org.xipki.ca.api.profile.x509.SubjectInfo) CertificateException(java.security.cert.CertificateException) X500Name(org.bouncycastle.asn1.x500.X500Name) IOException(java.io.IOException) Extensions(org.bouncycastle.asn1.x509.Extensions) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) PublicCaInfo(org.xipki.ca.api.PublicCaInfo) ConcurrentBagEntrySigner(org.xipki.security.ConcurrentBagEntrySigner) Date(java.util.Date) ASN1Set(org.bouncycastle.asn1.ASN1Set) CertprofileException(org.xipki.ca.api.profile.CertprofileException) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) NoIdleSignerException(org.xipki.security.exception.NoIdleSignerException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) OperationException(org.xipki.ca.api.OperationException) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate)

Example 77 with Attribute

use of com.android.org.bouncycastle.asn1.x509.Attribute in project xipki by xipki.

the class X509CaCmpResponderImpl method processP10cr.

// method processCertReqMessages
/**
 * handle the PKI body with the choice {@code p10cr}<br/>
 * Since it is not possible to add attribute to the PKCS#10 request (CSR), the certificate
 * profile must be specified in the attribute regInfo-utf8Pairs (1.3.6.1.5.5.7.5.2.1) within
 * PKIHeader.generalInfo
 */
private PKIBody processP10cr(PKIMessage request, CmpRequestorInfo requestor, ASN1OctetString tid, PKIHeader reqHeader, CertificationRequest p10cr, CmpControl cmpControl, String msgId, AuditEvent event) {
    // verify the POP first
    CertResponse certResp;
    ASN1Integer certReqId = new ASN1Integer(-1);
    boolean certGenerated = false;
    X509Ca ca = getCa();
    if (!securityFactory.verifyPopo(p10cr, getCmpControl().getPopoAlgoValidator())) {
        LOG.warn("could not validate POP for the pkcs#10 requst");
        certResp = buildErrorCertResponse(certReqId, PKIFailureInfo.badPOP, "invalid POP");
    } else {
        CertificationRequestInfo certTemp = p10cr.getCertificationRequestInfo();
        Extensions extensions = CaUtil.getExtensions(certTemp);
        X500Name subject = certTemp.getSubject();
        SubjectPublicKeyInfo publicKeyInfo = certTemp.getSubjectPublicKeyInfo();
        CmpUtf8Pairs keyvalues = CmpUtil.extract(reqHeader.getGeneralInfo());
        String certprofileName = null;
        Date notBefore = null;
        Date notAfter = null;
        if (keyvalues != null) {
            certprofileName = keyvalues.value(CmpUtf8Pairs.KEY_CERTPROFILE);
            String str = keyvalues.value(CmpUtf8Pairs.KEY_NOTBEFORE);
            if (str != null) {
                notBefore = DateUtil.parseUtcTimeyyyyMMddhhmmss(str);
            }
            str = keyvalues.value(CmpUtf8Pairs.KEY_NOTAFTER);
            if (str != null) {
                notAfter = DateUtil.parseUtcTimeyyyyMMddhhmmss(str);
            }
        }
        if (certprofileName == null) {
            certResp = buildErrorCertResponse(certReqId, PKIFailureInfo.badCertTemplate, "badCertTemplate", null);
        } else {
            certprofileName = certprofileName.toLowerCase();
            if (!requestor.isCertProfilePermitted(certprofileName)) {
                String msg = "certprofile " + certprofileName + " is not allowed";
                certResp = buildErrorCertResponse(certReqId, PKIFailureInfo.notAuthorized, msg);
            } else {
                CertTemplateData certTemplateData = new CertTemplateData(subject, publicKeyInfo, notBefore, notAfter, extensions, certprofileName);
                certResp = generateCertificates(Arrays.asList(certTemplateData), Arrays.asList(certReqId), requestor, tid, false, request, cmpControl, msgId, event).get(0);
                certGenerated = true;
            }
        }
    }
    CMPCertificate[] caPubs = null;
    if (certGenerated && cmpControl.isSendCaCert()) {
        caPubs = new CMPCertificate[] { ca.getCaInfo().getCertInCmpFormat() };
    }
    CertRepMessage repMessage = new CertRepMessage(caPubs, new CertResponse[] { certResp });
    return new PKIBody(PKIBody.TYPE_CERT_REP, repMessage);
}
Also used : PKIBody(org.bouncycastle.asn1.cmp.PKIBody) CertificationRequestInfo(org.bouncycastle.asn1.pkcs.CertificationRequestInfo) CmpUtf8Pairs(org.xipki.cmp.CmpUtf8Pairs) CertResponse(org.bouncycastle.asn1.cmp.CertResponse) X509Ca(org.xipki.ca.server.impl.X509Ca) CertRepMessage(org.bouncycastle.asn1.cmp.CertRepMessage) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) X500Name(org.bouncycastle.asn1.x500.X500Name) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) Extensions(org.bouncycastle.asn1.x509.Extensions) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) CertTemplateData(org.xipki.ca.server.impl.CertTemplateData) CMPCertificate(org.bouncycastle.asn1.cmp.CMPCertificate)

Example 78 with Attribute

use of com.android.org.bouncycastle.asn1.x509.Attribute in project xipki by xipki.

the class CaUtil method getExtensions.

public static Extensions getExtensions(CertificationRequestInfo csr) {
    ParamUtil.requireNonNull("csr", csr);
    ASN1Set attrs = csr.getAttributes();
    for (int i = 0; i < attrs.size(); i++) {
        Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
        if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
            return Extensions.getInstance(attr.getAttributeValues()[0]);
        }
    }
    return null;
}
Also used : ASN1Set(org.bouncycastle.asn1.ASN1Set) Attribute(org.bouncycastle.asn1.pkcs.Attribute) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Example 79 with Attribute

use of com.android.org.bouncycastle.asn1.x509.Attribute in project jspwiki by apache.

the class XHtmlElementToWikiTranslator method printChildren.

private void printChildren(Element base) throws IOException, JDOMException {
    for (Iterator i = base.getContent().iterator(); i.hasNext(); ) {
        Object c = i.next();
        if (c instanceof Element) {
            Element e = (Element) c;
            String n = e.getName().toLowerCase();
            if (n.equals("h1")) {
                m_out.print("\n!!! ");
                print(e);
                m_out.println();
            } else if (n.equals("h2")) {
                m_out.print("\n!!! ");
                print(e);
                m_out.println();
            } else if (n.equals("h3")) {
                m_out.print("\n!! ");
                print(e);
                m_out.println();
            } else if (n.equals("h4")) {
                m_out.print("\n! ");
                print(e);
                m_out.println();
            } else if (n.equals("p")) {
                if (// we don't want to print empty elements: <p></p>
                e.getContentSize() != 0) {
                    m_out.println();
                    print(e);
                    m_out.println();
                }
            } else if (n.equals("br")) {
                if (m_preStack.isPreMode()) {
                    m_out.println();
                } else {
                    String parentElementName = base.getName().toLowerCase();
                    // 
                    if (parentElementName.matches("p|div") && !base.getText().matches("(?s).*\\[\\{.*\\}\\].*")) {
                        m_out.print(" \\\\\n");
                    } else {
                        m_out.print(" \\\\");
                    }
                }
                print(e);
            } else if (n.equals("hr")) {
                m_out.println();
                print("----");
                print(e);
                m_out.println();
            } else if (n.equals("table")) {
                if (!m_outTimmer.isCurrentlyOnLineBegin()) {
                    m_out.println();
                }
                print(e);
            } else if (n.equals("tr")) {
                print(e);
                m_out.println();
            } else if (n.equals("td")) {
                m_out.print("| ");
                print(e);
                if (!m_preStack.isPreMode()) {
                    print(" ");
                }
            } else if (n.equals("th")) {
                m_out.print("|| ");
                print(e);
                if (!m_preStack.isPreMode()) {
                    print(" ");
                }
            } else if (n.equals("a")) {
                if (!isIgnorableWikiMarkupLink(e)) {
                    if (e.getChild("IMG") != null) {
                        printImage(e);
                    } else {
                        String ref = e.getAttributeValue("href");
                        if (ref == null) {
                            if (isUndefinedPageLink(e)) {
                                m_out.print("[");
                                print(e);
                                m_out.print("]");
                            } else {
                                print(e);
                            }
                        } else {
                            ref = trimLink(ref);
                            if (ref != null) {
                                if (// This is a link to a footnote.
                                ref.startsWith("#")) {
                                    // convert "#ref-PageName-1" to just "1"
                                    String href = ref.replaceFirst("#ref-.+-(\\d+)", "$1");
                                    // remove the brackets around "[1]"
                                    String textValue = e.getValue().substring(1, (e.getValue().length() - 1));
                                    if (href.equals(textValue)) {
                                        // handles the simplest case. Example: [1]
                                        print(e);
                                    } else {
                                        // handles the case where the link text is different from the href. Example: [something|1]
                                        m_out.print("[" + textValue + "|" + href + "]");
                                    }
                                } else {
                                    Map augmentedWikiLinkAttributes = getAugmentedWikiLinkAttributes(e);
                                    m_out.print("[");
                                    print(e);
                                    if (!e.getTextTrim().equalsIgnoreCase(ref)) {
                                        m_out.print("|");
                                        print(ref);
                                        if (!augmentedWikiLinkAttributes.isEmpty()) {
                                            m_out.print("|");
                                            String augmentedWikiLink = augmentedWikiLinkMapToString(augmentedWikiLinkAttributes);
                                            m_out.print(augmentedWikiLink);
                                        }
                                    } else if (!augmentedWikiLinkAttributes.isEmpty()) {
                                        // If the ref has the same value as the text and also if there
                                        // are attributes, then just print: [ref|ref|attributes] .
                                        m_out.print("|" + ref + "|");
                                        String augmentedWikiLink = augmentedWikiLinkMapToString(augmentedWikiLinkAttributes);
                                        m_out.print(augmentedWikiLink);
                                    }
                                    m_out.print("]");
                                }
                            }
                        }
                    }
                }
            } else if (n.equals("b") || n.equals("strong")) {
                m_out.print("__");
                print(e);
                m_out.print("__");
            } else if (n.equals("i") || n.equals("em") || n.equals("address")) {
                m_out.print("''");
                print(e);
                m_out.print("''");
            } else if (n.equals("u")) {
                m_out.print("%%( text-decoration:underline; )");
                print(e);
                m_out.print("/%");
            } else if (n.equals("strike")) {
                m_out.print("%%strike ");
                print(e);
                m_out.print("/%");
            // NOTE: don't print a space before or after the double percents because that can break words into two.
            // For example: %%(color:red)ABC%%%%(color:green)DEF%% is different from %%(color:red)ABC%% %%(color:green)DEF%%
            } else if (n.equals("sup")) {
                m_out.print("%%sup ");
                print(e);
                m_out.print("/%");
            } else if (n.equals("sub")) {
                m_out.print("%%sub ");
                print(e);
                m_out.print("/%");
            } else if (n.equals("dl")) {
                m_out.print("\n");
                print(e);
                // print a newline after the definition list. If we don't,
                // it may cause problems for the subsequent element.
                m_out.print("\n");
            } else if (n.equals("dt")) {
                m_out.print(";");
                print(e);
            } else if (n.equals("dd")) {
                m_out.print(":");
                print(e);
            } else if (n.equals("ul")) {
                m_out.println();
                m_liStack.push("*");
                print(e);
                m_liStack.pop();
            } else if (n.equals("ol")) {
                m_out.println();
                m_liStack.push("#");
                print(e);
                m_liStack.pop();
            } else if (n.equals("li")) {
                m_out.print(m_liStack + " ");
                print(e);
                // The following line assumes that the XHTML has been "pretty-printed"
                // (newlines separate child elements from their parents).
                boolean lastListItem = base.indexOf(e) == (base.getContentSize() - 2);
                boolean sublistItem = m_liStack.toString().length() > 1;
                // only print a newline if this <li> element is not the last item within a sublist.
                if (!sublistItem || !lastListItem) {
                    m_out.println();
                }
            } else if (n.equals("pre")) {
                // start JSPWiki "code blocks" on its own line
                m_out.print("\n{{{");
                m_preStack.push();
                print(e);
                m_preStack.pop();
                // print a newline after the closing braces
                // to avoid breaking any subsequent wiki markup that follows.
                m_out.print("}}}\n");
            } else if (n.equals("code") || n.equals("tt")) {
                m_out.print("{{");
                m_preStack.push();
                print(e);
                m_preStack.pop();
                m_out.print("}}");
            // NOTE: don't print a newline after the closing brackets because if the Text is inside
            // a table or list, it would break it if there was a subsequent row or list item.
            } else if (n.equals("img")) {
                if (!isIgnorableWikiMarkupLink(e)) {
                    m_out.print("[");
                    print(trimLink(e.getAttributeValue("src")));
                    m_out.print("]");
                }
            } else if (n.equals("form")) {
                // remove the hidden input where name="formname" since a new one will be generated again when the xhtml is rendered.
                Element formName = (Element) XPath.selectSingleNode(e, "INPUT[@name='formname']");
                if (formName != null) {
                    formName.detach();
                }
                String name = e.getAttributeValue("name");
                m_out.print("\n[{FormOpen");
                if (name != null) {
                    m_out.print(" form='" + name + "'");
                }
                m_out.print("}]\n");
                print(e);
                m_out.print("\n[{FormClose}]\n");
            } else if (n.equals("input")) {
                String type = e.getAttributeValue("type");
                String name = e.getAttributeValue("name");
                String value = e.getAttributeValue("value");
                String checked = e.getAttributeValue("checked");
                m_out.print("[{FormInput");
                if (type != null) {
                    m_out.print(" type='" + type + "'");
                }
                if (name != null) {
                    // remove the "nbf_" that was prepended since new one will be generated again when the xhtml is rendered.
                    if (name.startsWith("nbf_")) {
                        name = name.substring(4, name.length());
                    }
                    m_out.print(" name='" + name + "'");
                }
                if (value != null && !value.equals("")) {
                    m_out.print(" value='" + value + "'");
                }
                if (checked != null) {
                    m_out.print(" checked='" + checked + "'");
                }
                m_out.print("}]");
                print(e);
            } else if (n.equals("textarea")) {
                String name = e.getAttributeValue("name");
                String rows = e.getAttributeValue("rows");
                String cols = e.getAttributeValue("cols");
                m_out.print("[{FormTextarea");
                if (name != null) {
                    if (name.startsWith("nbf_")) {
                        name = name.substring(4, name.length());
                    }
                    m_out.print(" name='" + name + "'");
                }
                if (rows != null) {
                    m_out.print(" rows='" + rows + "'");
                }
                if (cols != null) {
                    m_out.print(" cols='" + cols + "'");
                }
                m_out.print("}]");
                print(e);
            } else if (n.equals("select")) {
                String name = e.getAttributeValue("name");
                m_out.print("[{FormSelect");
                if (name != null) {
                    if (name.startsWith("nbf_")) {
                        name = name.substring(4, name.length());
                    }
                    m_out.print(" name='" + name + "'");
                }
                m_out.print(" value='");
                print(e);
                m_out.print("'}]");
            } else if (n.equals("option")) {
                // is expected to be a newline character which is at index of 0).
                if (base.indexOf(e) != 1) {
                    m_out.print(";");
                }
                Attribute selected = e.getAttribute("selected");
                if (selected != null) {
                    m_out.print("*");
                }
                String value = e.getAttributeValue("value");
                if (value != null) {
                    m_out.print(value);
                } else {
                    print(e);
                }
            } else {
                print(e);
            }
        } else {
            print(c);
        }
    }
}
Also used : Attribute(org.jdom2.Attribute) Element(org.jdom2.Element) Iterator(java.util.Iterator) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map)

Example 80 with Attribute

use of com.android.org.bouncycastle.asn1.x509.Attribute in project pwm by pwm-project.

the class StoredConfigurationImpl method writeConfigProperty.

@Override
public void writeConfigProperty(final ConfigurationProperty propertyName, final String value) {
    domModifyLock.writeLock().lock();
    try {
        final XPathExpression xp = XPathBuilder.xpathForConfigProperty(propertyName);
        final List<Element> propertyElements = xp.evaluate(document);
        for (final Element propertyElement : propertyElements) {
            propertyElement.detach();
        }
        final Element propertyElement = new Element(XML_ELEMENT_PROPERTY);
        propertyElement.setAttribute(new Attribute(XML_ATTRIBUTE_KEY, propertyName.getKey()));
        propertyElement.setContent(new Text(value));
        if (null == XPathBuilder.xpathForConfigProperties().evaluateFirst(document)) {
            final Element configProperties = new Element(XML_ELEMENT_PROPERTIES);
            configProperties.setAttribute(new Attribute(XML_ATTRIBUTE_TYPE, XML_ATTRIBUTE_VALUE_CONFIG));
            document.getRootElement().addContent(configProperties);
        }
        final XPathExpression xp2 = XPathBuilder.xpathForConfigProperties();
        final Element propertiesElement = (Element) xp2.evaluateFirst(document);
        propertyElement.setAttribute(XML_ATTRIBUTE_MODIFY_TIME, JavaHelper.toIsoDate(Instant.now()));
        propertiesElement.setAttribute(XML_ATTRIBUTE_MODIFY_TIME, JavaHelper.toIsoDate(Instant.now()));
        propertiesElement.addContent(propertyElement);
    } finally {
        domModifyLock.writeLock().unlock();
    }
}
Also used : XPathExpression(org.jdom2.xpath.XPathExpression) Attribute(org.jdom2.Attribute) Element(org.jdom2.Element) Text(org.jdom2.Text)

Aggregations

Attribute (org.jdom2.Attribute)149 Element (org.jdom2.Element)104 IOException (java.io.IOException)31 ArrayList (java.util.ArrayList)27 Document (org.jdom2.Document)18 DataConversionException (org.jdom2.DataConversionException)16 X509Certificate (java.security.cert.X509Certificate)15 Editor (jmri.jmrit.display.Editor)15 GeneralName (org.bouncycastle.asn1.x509.GeneralName)15 Test (org.junit.Test)14 List (java.util.List)13 NamedIcon (jmri.jmrit.catalog.NamedIcon)13 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)12 Attribute (org.bouncycastle.asn1.pkcs.Attribute)12 Extensions (org.bouncycastle.asn1.x509.Extensions)12 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)12 CertificateEncodingException (java.security.cert.CertificateEncodingException)11 Attribute (org.bouncycastle.asn1.x509.Attribute)11 HashMap (java.util.HashMap)10 HashSet (java.util.HashSet)9