use of com.android.org.bouncycastle.asn1.x509.Attribute in project xipki by xipki.
the class X509SelfSignedCertBuilder method generateCertificate.
// method generateSelfSigned
private static X509Certificate generateCertificate(ConcurrentContentSigner signer, IdentifiedX509Certprofile certprofile, CertificationRequest csr, BigInteger serialNumber, SubjectPublicKeyInfo publicKeyInfo, List<String> caCertUris, List<String> ocspUris, List<String> crlUris, List<String> deltaCrlUris, ConfPairs extraControl) throws OperationException {
SubjectPublicKeyInfo tmpPublicKeyInfo;
try {
tmpPublicKeyInfo = X509Util.toRfc3279Style(publicKeyInfo);
} catch (InvalidKeySpecException ex) {
LOG.warn("SecurityUtil.toRfc3279Style", ex);
throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, ex);
}
try {
certprofile.checkPublicKey(tmpPublicKeyInfo);
} catch (BadCertTemplateException ex) {
LOG.warn("certprofile.checkPublicKey", ex);
throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, ex);
}
X500Name requestedSubject = csr.getCertificationRequestInfo().getSubject();
SubjectInfo subjectInfo;
// subject
try {
subjectInfo = certprofile.getSubject(requestedSubject);
} catch (CertprofileException ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, "exception in cert profile " + certprofile.getIdent());
} catch (BadCertTemplateException ex) {
LOG.warn("certprofile.getSubject", ex);
throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, ex);
}
Date notBefore = certprofile.getNotBefore(null);
if (notBefore == null) {
notBefore = new Date();
}
CertValidity validity = certprofile.getValidity();
if (validity == null) {
throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, "no validity specified in the profile " + certprofile.getIdent());
}
Date notAfter = validity.add(notBefore);
X500Name grantedSubject = subjectInfo.getGrantedSubject();
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(grantedSubject, serialNumber, notBefore, notAfter, grantedSubject, tmpPublicKeyInfo);
PublicCaInfo publicCaInfo = new PublicCaInfo(grantedSubject, serialNumber, null, null, caCertUris, ocspUris, crlUris, deltaCrlUris, extraControl);
Extensions extensions = null;
ASN1Set attrs = csr.getCertificationRequestInfo().getAttributes();
for (int i = 0; i < attrs.size(); i++) {
Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
extensions = Extensions.getInstance(attr.getAttributeValues()[0]);
}
}
try {
addExtensions(certBuilder, certprofile, requestedSubject, grantedSubject, extensions, tmpPublicKeyInfo, publicCaInfo, notBefore, notAfter);
ConcurrentBagEntrySigner signer0 = signer.borrowSigner();
X509CertificateHolder certHolder;
try {
certHolder = certBuilder.build(signer0.value());
} finally {
signer.requiteSigner(signer0);
}
Certificate bcCert = certHolder.toASN1Structure();
return X509Util.parseCert(bcCert.getEncoded());
} catch (BadCertTemplateException ex) {
throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, ex);
} catch (NoIdleSignerException | CertificateException | IOException | CertprofileException ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
}
}
use of com.android.org.bouncycastle.asn1.x509.Attribute in project xipki by xipki.
the class X509CaCmpResponderImpl method processP10cr.
// method processCertReqMessages
/**
* handle the PKI body with the choice {@code p10cr}<br/>
* Since it is not possible to add attribute to the PKCS#10 request (CSR), the certificate
* profile must be specified in the attribute regInfo-utf8Pairs (1.3.6.1.5.5.7.5.2.1) within
* PKIHeader.generalInfo
*/
private PKIBody processP10cr(PKIMessage request, CmpRequestorInfo requestor, ASN1OctetString tid, PKIHeader reqHeader, CertificationRequest p10cr, CmpControl cmpControl, String msgId, AuditEvent event) {
// verify the POP first
CertResponse certResp;
ASN1Integer certReqId = new ASN1Integer(-1);
boolean certGenerated = false;
X509Ca ca = getCa();
if (!securityFactory.verifyPopo(p10cr, getCmpControl().getPopoAlgoValidator())) {
LOG.warn("could not validate POP for the pkcs#10 requst");
certResp = buildErrorCertResponse(certReqId, PKIFailureInfo.badPOP, "invalid POP");
} else {
CertificationRequestInfo certTemp = p10cr.getCertificationRequestInfo();
Extensions extensions = CaUtil.getExtensions(certTemp);
X500Name subject = certTemp.getSubject();
SubjectPublicKeyInfo publicKeyInfo = certTemp.getSubjectPublicKeyInfo();
CmpUtf8Pairs keyvalues = CmpUtil.extract(reqHeader.getGeneralInfo());
String certprofileName = null;
Date notBefore = null;
Date notAfter = null;
if (keyvalues != null) {
certprofileName = keyvalues.value(CmpUtf8Pairs.KEY_CERTPROFILE);
String str = keyvalues.value(CmpUtf8Pairs.KEY_NOTBEFORE);
if (str != null) {
notBefore = DateUtil.parseUtcTimeyyyyMMddhhmmss(str);
}
str = keyvalues.value(CmpUtf8Pairs.KEY_NOTAFTER);
if (str != null) {
notAfter = DateUtil.parseUtcTimeyyyyMMddhhmmss(str);
}
}
if (certprofileName == null) {
certResp = buildErrorCertResponse(certReqId, PKIFailureInfo.badCertTemplate, "badCertTemplate", null);
} else {
certprofileName = certprofileName.toLowerCase();
if (!requestor.isCertProfilePermitted(certprofileName)) {
String msg = "certprofile " + certprofileName + " is not allowed";
certResp = buildErrorCertResponse(certReqId, PKIFailureInfo.notAuthorized, msg);
} else {
CertTemplateData certTemplateData = new CertTemplateData(subject, publicKeyInfo, notBefore, notAfter, extensions, certprofileName);
certResp = generateCertificates(Arrays.asList(certTemplateData), Arrays.asList(certReqId), requestor, tid, false, request, cmpControl, msgId, event).get(0);
certGenerated = true;
}
}
}
CMPCertificate[] caPubs = null;
if (certGenerated && cmpControl.isSendCaCert()) {
caPubs = new CMPCertificate[] { ca.getCaInfo().getCertInCmpFormat() };
}
CertRepMessage repMessage = new CertRepMessage(caPubs, new CertResponse[] { certResp });
return new PKIBody(PKIBody.TYPE_CERT_REP, repMessage);
}
use of com.android.org.bouncycastle.asn1.x509.Attribute in project xipki by xipki.
the class CaUtil method getExtensions.
public static Extensions getExtensions(CertificationRequestInfo csr) {
ParamUtil.requireNonNull("csr", csr);
ASN1Set attrs = csr.getAttributes();
for (int i = 0; i < attrs.size(); i++) {
Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
return Extensions.getInstance(attr.getAttributeValues()[0]);
}
}
return null;
}
use of com.android.org.bouncycastle.asn1.x509.Attribute in project jspwiki by apache.
the class XHtmlElementToWikiTranslator method printChildren.
private void printChildren(Element base) throws IOException, JDOMException {
for (Iterator i = base.getContent().iterator(); i.hasNext(); ) {
Object c = i.next();
if (c instanceof Element) {
Element e = (Element) c;
String n = e.getName().toLowerCase();
if (n.equals("h1")) {
m_out.print("\n!!! ");
print(e);
m_out.println();
} else if (n.equals("h2")) {
m_out.print("\n!!! ");
print(e);
m_out.println();
} else if (n.equals("h3")) {
m_out.print("\n!! ");
print(e);
m_out.println();
} else if (n.equals("h4")) {
m_out.print("\n! ");
print(e);
m_out.println();
} else if (n.equals("p")) {
if (// we don't want to print empty elements: <p></p>
e.getContentSize() != 0) {
m_out.println();
print(e);
m_out.println();
}
} else if (n.equals("br")) {
if (m_preStack.isPreMode()) {
m_out.println();
} else {
String parentElementName = base.getName().toLowerCase();
//
if (parentElementName.matches("p|div") && !base.getText().matches("(?s).*\\[\\{.*\\}\\].*")) {
m_out.print(" \\\\\n");
} else {
m_out.print(" \\\\");
}
}
print(e);
} else if (n.equals("hr")) {
m_out.println();
print("----");
print(e);
m_out.println();
} else if (n.equals("table")) {
if (!m_outTimmer.isCurrentlyOnLineBegin()) {
m_out.println();
}
print(e);
} else if (n.equals("tr")) {
print(e);
m_out.println();
} else if (n.equals("td")) {
m_out.print("| ");
print(e);
if (!m_preStack.isPreMode()) {
print(" ");
}
} else if (n.equals("th")) {
m_out.print("|| ");
print(e);
if (!m_preStack.isPreMode()) {
print(" ");
}
} else if (n.equals("a")) {
if (!isIgnorableWikiMarkupLink(e)) {
if (e.getChild("IMG") != null) {
printImage(e);
} else {
String ref = e.getAttributeValue("href");
if (ref == null) {
if (isUndefinedPageLink(e)) {
m_out.print("[");
print(e);
m_out.print("]");
} else {
print(e);
}
} else {
ref = trimLink(ref);
if (ref != null) {
if (// This is a link to a footnote.
ref.startsWith("#")) {
// convert "#ref-PageName-1" to just "1"
String href = ref.replaceFirst("#ref-.+-(\\d+)", "$1");
// remove the brackets around "[1]"
String textValue = e.getValue().substring(1, (e.getValue().length() - 1));
if (href.equals(textValue)) {
// handles the simplest case. Example: [1]
print(e);
} else {
// handles the case where the link text is different from the href. Example: [something|1]
m_out.print("[" + textValue + "|" + href + "]");
}
} else {
Map augmentedWikiLinkAttributes = getAugmentedWikiLinkAttributes(e);
m_out.print("[");
print(e);
if (!e.getTextTrim().equalsIgnoreCase(ref)) {
m_out.print("|");
print(ref);
if (!augmentedWikiLinkAttributes.isEmpty()) {
m_out.print("|");
String augmentedWikiLink = augmentedWikiLinkMapToString(augmentedWikiLinkAttributes);
m_out.print(augmentedWikiLink);
}
} else if (!augmentedWikiLinkAttributes.isEmpty()) {
// If the ref has the same value as the text and also if there
// are attributes, then just print: [ref|ref|attributes] .
m_out.print("|" + ref + "|");
String augmentedWikiLink = augmentedWikiLinkMapToString(augmentedWikiLinkAttributes);
m_out.print(augmentedWikiLink);
}
m_out.print("]");
}
}
}
}
}
} else if (n.equals("b") || n.equals("strong")) {
m_out.print("__");
print(e);
m_out.print("__");
} else if (n.equals("i") || n.equals("em") || n.equals("address")) {
m_out.print("''");
print(e);
m_out.print("''");
} else if (n.equals("u")) {
m_out.print("%%( text-decoration:underline; )");
print(e);
m_out.print("/%");
} else if (n.equals("strike")) {
m_out.print("%%strike ");
print(e);
m_out.print("/%");
// NOTE: don't print a space before or after the double percents because that can break words into two.
// For example: %%(color:red)ABC%%%%(color:green)DEF%% is different from %%(color:red)ABC%% %%(color:green)DEF%%
} else if (n.equals("sup")) {
m_out.print("%%sup ");
print(e);
m_out.print("/%");
} else if (n.equals("sub")) {
m_out.print("%%sub ");
print(e);
m_out.print("/%");
} else if (n.equals("dl")) {
m_out.print("\n");
print(e);
// print a newline after the definition list. If we don't,
// it may cause problems for the subsequent element.
m_out.print("\n");
} else if (n.equals("dt")) {
m_out.print(";");
print(e);
} else if (n.equals("dd")) {
m_out.print(":");
print(e);
} else if (n.equals("ul")) {
m_out.println();
m_liStack.push("*");
print(e);
m_liStack.pop();
} else if (n.equals("ol")) {
m_out.println();
m_liStack.push("#");
print(e);
m_liStack.pop();
} else if (n.equals("li")) {
m_out.print(m_liStack + " ");
print(e);
// The following line assumes that the XHTML has been "pretty-printed"
// (newlines separate child elements from their parents).
boolean lastListItem = base.indexOf(e) == (base.getContentSize() - 2);
boolean sublistItem = m_liStack.toString().length() > 1;
// only print a newline if this <li> element is not the last item within a sublist.
if (!sublistItem || !lastListItem) {
m_out.println();
}
} else if (n.equals("pre")) {
// start JSPWiki "code blocks" on its own line
m_out.print("\n{{{");
m_preStack.push();
print(e);
m_preStack.pop();
// print a newline after the closing braces
// to avoid breaking any subsequent wiki markup that follows.
m_out.print("}}}\n");
} else if (n.equals("code") || n.equals("tt")) {
m_out.print("{{");
m_preStack.push();
print(e);
m_preStack.pop();
m_out.print("}}");
// NOTE: don't print a newline after the closing brackets because if the Text is inside
// a table or list, it would break it if there was a subsequent row or list item.
} else if (n.equals("img")) {
if (!isIgnorableWikiMarkupLink(e)) {
m_out.print("[");
print(trimLink(e.getAttributeValue("src")));
m_out.print("]");
}
} else if (n.equals("form")) {
// remove the hidden input where name="formname" since a new one will be generated again when the xhtml is rendered.
Element formName = (Element) XPath.selectSingleNode(e, "INPUT[@name='formname']");
if (formName != null) {
formName.detach();
}
String name = e.getAttributeValue("name");
m_out.print("\n[{FormOpen");
if (name != null) {
m_out.print(" form='" + name + "'");
}
m_out.print("}]\n");
print(e);
m_out.print("\n[{FormClose}]\n");
} else if (n.equals("input")) {
String type = e.getAttributeValue("type");
String name = e.getAttributeValue("name");
String value = e.getAttributeValue("value");
String checked = e.getAttributeValue("checked");
m_out.print("[{FormInput");
if (type != null) {
m_out.print(" type='" + type + "'");
}
if (name != null) {
// remove the "nbf_" that was prepended since new one will be generated again when the xhtml is rendered.
if (name.startsWith("nbf_")) {
name = name.substring(4, name.length());
}
m_out.print(" name='" + name + "'");
}
if (value != null && !value.equals("")) {
m_out.print(" value='" + value + "'");
}
if (checked != null) {
m_out.print(" checked='" + checked + "'");
}
m_out.print("}]");
print(e);
} else if (n.equals("textarea")) {
String name = e.getAttributeValue("name");
String rows = e.getAttributeValue("rows");
String cols = e.getAttributeValue("cols");
m_out.print("[{FormTextarea");
if (name != null) {
if (name.startsWith("nbf_")) {
name = name.substring(4, name.length());
}
m_out.print(" name='" + name + "'");
}
if (rows != null) {
m_out.print(" rows='" + rows + "'");
}
if (cols != null) {
m_out.print(" cols='" + cols + "'");
}
m_out.print("}]");
print(e);
} else if (n.equals("select")) {
String name = e.getAttributeValue("name");
m_out.print("[{FormSelect");
if (name != null) {
if (name.startsWith("nbf_")) {
name = name.substring(4, name.length());
}
m_out.print(" name='" + name + "'");
}
m_out.print(" value='");
print(e);
m_out.print("'}]");
} else if (n.equals("option")) {
// is expected to be a newline character which is at index of 0).
if (base.indexOf(e) != 1) {
m_out.print(";");
}
Attribute selected = e.getAttribute("selected");
if (selected != null) {
m_out.print("*");
}
String value = e.getAttributeValue("value");
if (value != null) {
m_out.print(value);
} else {
print(e);
}
} else {
print(e);
}
} else {
print(c);
}
}
}
use of com.android.org.bouncycastle.asn1.x509.Attribute in project pwm by pwm-project.
the class StoredConfigurationImpl method writeConfigProperty.
@Override
public void writeConfigProperty(final ConfigurationProperty propertyName, final String value) {
domModifyLock.writeLock().lock();
try {
final XPathExpression xp = XPathBuilder.xpathForConfigProperty(propertyName);
final List<Element> propertyElements = xp.evaluate(document);
for (final Element propertyElement : propertyElements) {
propertyElement.detach();
}
final Element propertyElement = new Element(XML_ELEMENT_PROPERTY);
propertyElement.setAttribute(new Attribute(XML_ATTRIBUTE_KEY, propertyName.getKey()));
propertyElement.setContent(new Text(value));
if (null == XPathBuilder.xpathForConfigProperties().evaluateFirst(document)) {
final Element configProperties = new Element(XML_ELEMENT_PROPERTIES);
configProperties.setAttribute(new Attribute(XML_ATTRIBUTE_TYPE, XML_ATTRIBUTE_VALUE_CONFIG));
document.getRootElement().addContent(configProperties);
}
final XPathExpression xp2 = XPathBuilder.xpathForConfigProperties();
final Element propertiesElement = (Element) xp2.evaluateFirst(document);
propertyElement.setAttribute(XML_ATTRIBUTE_MODIFY_TIME, JavaHelper.toIsoDate(Instant.now()));
propertiesElement.setAttribute(XML_ATTRIBUTE_MODIFY_TIME, JavaHelper.toIsoDate(Instant.now()));
propertiesElement.addContent(propertyElement);
} finally {
domModifyLock.writeLock().unlock();
}
}
Aggregations