Search in sources :

Example 11 with ASN1IA5String

use of com.github.zhenwei.core.asn1.ASN1IA5String in project openkeystore by cyberphone.

the class RelativeDistinguishedName method add.

private void add(String nameOrOID, String value) throws IOException {
    if (nameOrOID.indexOf('.') < 0) {
        String t = name2OID(nameOrOID);
        if (t == null) {
            StringBuilder s = new StringBuilder();
            s.append("Unknown attribute '").append(nameOrOID).append("', select among the following:");
            Enumeration<String> e = name2OID.keys();
            while (e.hasMoreElements()) {
                String key = e.nextElement();
                s.append("\n  ").append(key).append("   [").append(name2OID.get(key)).append("]");
            }
            throw new IOException(s.toString());
        }
        nameOrOID = t;
    }
    // e-mail and dc as IA5String, all others as Printable or UTF-8
    // (if contatining non-printable characters).
    add(nameOrOID, (nameOrOID.equals("1.2.840.113549.1.9.1") || nameOrOID.equals("0.9.2342.19200300.100.1.25")) ? (ASN1String) new ASN1IA5String(value) : ASN1PrintableString.isPrintableString(value) ? (ASN1String) new ASN1PrintableString(value) : (ASN1String) new ASN1UTF8String(value));
}
Also used : ASN1UTF8String(org.webpki.asn1.ASN1UTF8String) ASN1IA5String(org.webpki.asn1.ASN1IA5String) ASN1PrintableString(org.webpki.asn1.ASN1PrintableString) ASN1IA5String(org.webpki.asn1.ASN1IA5String) ASN1PrintableString(org.webpki.asn1.ASN1PrintableString) ASN1UTF8String(org.webpki.asn1.ASN1UTF8String) ASN1String(org.webpki.asn1.ASN1String) IOException(java.io.IOException) ASN1String(org.webpki.asn1.ASN1String)

Example 12 with ASN1IA5String

use of com.github.zhenwei.core.asn1.ASN1IA5String in project openkeystore by cyberphone.

the class CA method createCert.

public X509Certificate createCert(CertSpec certSpec, DistinguishedName issuerName, BigInteger serialNumber, Date startDate, Date endDate, AsymKeySignerInterface signer, PublicKey issuerPublicKey, PublicKey subjectPublicKey) throws IOException, GeneralSecurityException {
    Extensions extensions = new Extensions();
    BaseASN1Object version = new CompositeContextSpecific(0, new ASN1Integer(2));
    DistinguishedName subjectName = certSpec.getSubjectDistinguishedName();
    BaseASN1Object validity = new ASN1Sequence(new BaseASN1Object[] { getASN1Time(startDate), getASN1Time(endDate) });
    AsymSignatureAlgorithms certSignAlg = signer.getAlgorithm();
    BaseASN1Object signatureAlgorithm = new ASN1Sequence(certSignAlg.getKeyType() == KeyTypes.RSA ? new BaseASN1Object[] { new ASN1ObjectID(certSignAlg.getOid()), // Relic from the RSA hey-days...
    new ASN1Null() } : new BaseASN1Object[] { new ASN1ObjectID(certSignAlg.getOid()) });
    BaseASN1Object subjectPublicKeyInfo = DerDecoder.decode(subjectPublicKey.getEncoded());
    // ////////////////////////////////////////////////////
    if (certSpec.endEntity) {
        extensions.add(CertificateExtensions.BASIC_CONSTRAINTS, false, new ASN1Sequence(new BaseASN1Object[] {}));
    }
    // ////////////////////////////////////////////////////
    if (certSpec.caCert) {
        extensions.add(CertificateExtensions.BASIC_CONSTRAINTS, true, new ASN1Sequence(new ASN1Boolean(true)));
    }
    // ////////////////////////////////////////////////////
    if (!certSpec.keyUsageSet.isEmpty()) {
        int i = 0;
        for (KeyUsageBits kubit : certSpec.keyUsageSet) {
            i |= 1 << kubit.ordinal();
        }
        byte[] keyUsage = new byte[i > 255 ? 2 : 1];
        keyUsage[0] = reverseBits(i);
        if (i > 255) {
            keyUsage[1] = reverseBits(i >> 8);
        }
        extensions.add(CertificateExtensions.KEY_USAGE, true, new ASN1BitString(keyUsage));
    }
    // ////////////////////////////////////////////////////
    if (!certSpec.extendedKeyUsageSet.isEmpty()) {
        int i = 0;
        BaseASN1Object[] ekus = new BaseASN1Object[certSpec.extendedKeyUsageSet.size()];
        for (ExtendedKeyUsages eku : certSpec.extendedKeyUsageSet.toArray(new ExtendedKeyUsages[0])) {
            ekus[i++] = new ASN1ObjectID(eku.getOID());
        }
        extensions.add(CertificateExtensions.EXTENDED_KEY_USAGE, false, new ASN1Sequence(ekus));
    }
    // ////////////////////////////////////////////////////
    if (certSpec.skiExtension) {
        extensions.add(CertificateExtensions.SUBJECT_KEY_IDENTIFIER, createKeyID(subjectPublicKey));
    }
    // ////////////////////////////////////////////////////
    if (certSpec.akiExtension) {
        extensions.add(CertificateExtensions.AUTHORITY_KEY_IDENTIFIER, new ASN1Sequence(new SimpleContextSpecific(0, createKeyID(issuerPublicKey))));
    }
    // ////////////////////////////////////////////////////
    if (!certSpec.subjectAltName.isEmpty()) {
        int i = 0;
        BaseASN1Object[] san = new BaseASN1Object[certSpec.subjectAltName.size()];
        for (CertSpec.NameValue nameValue : certSpec.subjectAltName) {
            int type = nameValue.name;
            // We currently only handle simple IA5String types.
            if (type == SubjectAltNameTypes.RFC822_NAME || type == SubjectAltNameTypes.DNS_NAME || type == SubjectAltNameTypes.UNIFORM_RESOURCE_IDENTIFIER) {
                if (!(nameValue.value instanceof ASN1IA5String)) {
                    throw new IOException("Wrong argument type to SubjectAltNames of type " + type);
                }
            } else // Or IP addresses.
            if (type == SubjectAltNameTypes.IP_ADDRESS) {
                if (!(nameValue.value instanceof ASN1OctetString)) {
                    throw new IOException("Wrong argument type to SubjectAltNames of type IP address");
                }
            } else {
                throw new IOException("SubjectAltNames of type " + type + " are not handled.");
            }
            san[i++] = new SimpleContextSpecific(type, nameValue.value);
        }
        extensions.add(CertificateExtensions.SUBJECT_ALT_NAME, new ASN1Sequence(san));
    }
    // ////////////////////////////////////////////////////
    if (!certSpec.certPolicyOids.isEmpty()) {
        int i = 0;
        BaseASN1Object[] policies = new BaseASN1Object[certSpec.certPolicyOids.size()];
        for (String oid : certSpec.certPolicyOids) {
            policies[i++] = new ASN1Sequence(new ASN1ObjectID(oid));
        }
        extensions.add(CertificateExtensions.CERTIFICATE_POLICIES, new ASN1Sequence(policies));
    }
    // ////////////////////////////////////////////////////
    if (!certSpec.aiaLocators.isEmpty()) {
        int i = 0;
        BaseASN1Object[] locators = new BaseASN1Object[certSpec.aiaLocators.size()];
        for (String[] loc_info : certSpec.aiaLocators) {
            locators[i++] = new ASN1Sequence(new BaseASN1Object[] { new ASN1ObjectID(loc_info[0]), new SimpleContextSpecific(6, new ASN1IA5String(loc_info[1])) });
        }
        extensions.add(CertificateExtensions.AUTHORITY_INFO_ACCESS, new ASN1Sequence(locators));
    }
    // ////////////////////////////////////////////////////
    if (!certSpec.crlDistPoints.isEmpty()) {
        int i = 0;
        BaseASN1Object[] cdps = new BaseASN1Object[certSpec.crlDistPoints.size()];
        for (String uri : certSpec.crlDistPoints) {
            cdps[i++] = new ASN1Sequence(new CompositeContextSpecific(0, new CompositeContextSpecific(0, new SimpleContextSpecific(6, new ASN1IA5String(uri)))));
        }
        extensions.add(CertificateExtensions.CRL_DISTRIBUTION_POINTS, new ASN1Sequence(cdps));
    }
    // ////////////////////////////////////////////////////
    // Certificate Creation!
    // ////////////////////////////////////////////////////
    BaseASN1Object[] inner = new BaseASN1Object[extensions.isEmpty() ? 7 : 8];
    inner[0] = version;
    inner[1] = new ASN1Integer(serialNumber);
    inner[2] = signatureAlgorithm;
    inner[3] = issuerName.toASN1();
    inner[4] = validity;
    inner[5] = subjectName.toASN1();
    inner[6] = subjectPublicKeyInfo;
    if (!extensions.isEmpty()) {
        inner[7] = new CompositeContextSpecific(3, extensions.getExtensionData());
    }
    BaseASN1Object tbsCertificate = new ASN1Sequence(inner);
    BaseASN1Object signature = new ASN1BitString(signer.signData(tbsCertificate.encode()));
    byte[] certificate = new ASN1Sequence(new BaseASN1Object[] { tbsCertificate, signatureAlgorithm, signature }).encode();
    return CertificateUtil.getCertificateFromBlob(certificate);
}
Also used : ASN1OctetString(org.webpki.asn1.ASN1OctetString) KeyUsageBits(org.webpki.crypto.KeyUsageBits) DistinguishedName(org.webpki.asn1.cert.DistinguishedName) BaseASN1Object(org.webpki.asn1.BaseASN1Object) CompositeContextSpecific(org.webpki.asn1.CompositeContextSpecific) ASN1Integer(org.webpki.asn1.ASN1Integer) IOException(java.io.IOException) ASN1IA5String(org.webpki.asn1.ASN1IA5String) ASN1OctetString(org.webpki.asn1.ASN1OctetString) ASN1BitString(org.webpki.asn1.ASN1BitString) CertificateExtensions(org.webpki.crypto.CertificateExtensions) ExtendedKeyUsages(org.webpki.crypto.ExtendedKeyUsages) ASN1BitString(org.webpki.asn1.ASN1BitString) ASN1Sequence(org.webpki.asn1.ASN1Sequence) ASN1ObjectID(org.webpki.asn1.ASN1ObjectID) ASN1IA5String(org.webpki.asn1.ASN1IA5String) ASN1Boolean(org.webpki.asn1.ASN1Boolean) AsymSignatureAlgorithms(org.webpki.crypto.AsymSignatureAlgorithms) SimpleContextSpecific(org.webpki.asn1.SimpleContextSpecific) ASN1Null(org.webpki.asn1.ASN1Null)

Example 13 with ASN1IA5String

use of com.github.zhenwei.core.asn1.ASN1IA5String in project keystore-explorer by kaikramer.

the class X509Ext method getNetscapeRevocationUrlStringValue.

private static String getNetscapeRevocationUrlStringValue(byte[] value) throws IOException {
    // @formatter:off
    /* NetscapeRevocationUrl ::= DERIA5String */
    // @formatter:on
    StringBuilder sb = new StringBuilder();
    ASN1IA5String netscapeRevocationUrl = ASN1IA5String.getInstance(value);
    sb.append(netscapeRevocationUrl.getString());
    sb.append(NEWLINE);
    return sb.toString();
}
Also used : ASN1IA5String(org.bouncycastle.asn1.ASN1IA5String)

Example 14 with ASN1IA5String

use of com.github.zhenwei.core.asn1.ASN1IA5String in project keystore-explorer by kaikramer.

the class X509Ext method getNetscapeSslServerNameStringValue.

private static String getNetscapeSslServerNameStringValue(byte[] value) throws IOException {
    // @formatter:off
    /* NetscapeSslServerName ::= DERIA5String */
    // @formatter:on
    StringBuilder sb = new StringBuilder();
    ASN1IA5String netscapeSslServerName = ASN1IA5String.getInstance(value);
    sb.append(netscapeSslServerName.getString());
    sb.append(NEWLINE);
    return sb.toString();
}
Also used : ASN1IA5String(org.bouncycastle.asn1.ASN1IA5String)

Example 15 with ASN1IA5String

use of com.github.zhenwei.core.asn1.ASN1IA5String in project keystore-explorer by kaikramer.

the class X509Ext method getBiometricInfoStringValue.

private static String getBiometricInfoStringValue(byte[] octets) {
    // @formatter:off
    /*
			BiometricSyntax ::= SEQUENCE OF BiometricData
			BiometricData ::= SEQUENCE
			{
				typeOfBiometricData TypeOfBiometricData,
				hashAlgorithm AlgorithmIdentifier,
				biometricDataHash OCTET STRING,
				sourceDataUri IA5String OPTIONAL
			}
			TypeOfBiometricData ::= CHOICE
			{
				predefinedBiometricType PredefinedBiometricType,
				biometricDataId OBJECT IDENTIIFER
			}
			PredefinedBiometricType ::= INTEGER
			{
				picture(0),
				handwritten-signature(1)
			}
		 */
    // @formatter:on
    StringBuilder sb = new StringBuilder();
    int biometricDataNr = 0;
    ASN1Sequence asn1Sequence = ASN1Sequence.getInstance(octets);
    for (ASN1Encodable asn1Encodable : asn1Sequence.toArray()) {
        BiometricData biometricData = BiometricData.getInstance(asn1Encodable);
        TypeOfBiometricData typeOfBiometricData = biometricData.getTypeOfBiometricData();
        AlgorithmIdentifier hashAlgorithm = biometricData.getHashAlgorithm();
        ASN1OctetString biometricDataHash = biometricData.getBiometricDataHash();
        ASN1IA5String sourceDataUri = biometricData.getSourceDataUriIA5();
        sb.append(MessageFormat.format(res.getString("BiometricInfo.BiometricData"), biometricDataNr));
        sb.append(NEWLINE);
        sb.append(INDENT);
        if (typeOfBiometricData.isPredefined()) {
            int type = typeOfBiometricData.getPredefinedBiometricType();
            sb.append(MessageFormat.format(res.getString("BiometricInfo.TypeOfBiometricData"), type));
        } else {
            String biometricDataOid = typeOfBiometricData.getBiometricDataOid().getId();
            sb.append(MessageFormat.format(res.getString("BiometricInfo.TypeOfBiometricData"), biometricDataOid));
        }
        sb.append(NEWLINE);
        sb.append(INDENT);
        sb.append(MessageFormat.format(res.getString("BiometricInfo.HashAlgorithm"), hashAlgorithm.getAlgorithm().getId()));
        sb.append(NEWLINE);
        sb.append(INDENT);
        sb.append(MessageFormat.format(res.getString("BiometricInfo.BiometricDataHash"), HexUtil.getHexString(biometricDataHash.getOctets())));
        sb.append(NEWLINE);
        if (sourceDataUri != null) {
            // optional
            sb.append(INDENT);
            sb.append(MessageFormat.format(res.getString("BiometricInfo.SourceDataUri"), sourceDataUri.toString()));
            sb.append(NEWLINE);
        }
    }
    return sb.toString();
}
Also used : TypeOfBiometricData(org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData) BiometricData(org.bouncycastle.asn1.x509.qualified.BiometricData) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1IA5String(org.bouncycastle.asn1.ASN1IA5String) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERGeneralString(org.bouncycastle.asn1.DERGeneralString) ASN1IA5String(org.bouncycastle.asn1.ASN1IA5String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) ASN1BitString(org.bouncycastle.asn1.ASN1BitString) DEROctetString(org.bouncycastle.asn1.DEROctetString) ASN1BMPString(org.bouncycastle.asn1.ASN1BMPString) DERIA5String(org.bouncycastle.asn1.DERIA5String) ASN1PrintableString(org.bouncycastle.asn1.ASN1PrintableString) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) TypeOfBiometricData(org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Aggregations

ASN1IA5String (org.bouncycastle.asn1.ASN1IA5String)8 ASN1IA5String (com.github.zhenwei.core.asn1.ASN1IA5String)6 ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)4 IOException (java.io.IOException)4 DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)3 ASN1BitString (com.github.zhenwei.core.asn1.ASN1BitString)2 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)2 ASN1UTF8String (com.github.zhenwei.core.asn1.ASN1UTF8String)2 BEROctetString (com.github.zhenwei.core.asn1.BEROctetString)2 DERBitString (com.github.zhenwei.core.asn1.DERBitString)2 CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)2 DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)2 GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)2 IssuingDistributionPoint (com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)2 LocaleString (com.github.zhenwei.core.i18n.LocaleString)2 Vector (java.util.Vector)2 ASN1IA5String (org.webpki.asn1.ASN1IA5String)2 ASN1ApplicationSpecific (com.github.zhenwei.core.asn1.ASN1ApplicationSpecific)1 ASN1BMPString (com.github.zhenwei.core.asn1.ASN1BMPString)1 ASN1Boolean (com.github.zhenwei.core.asn1.ASN1Boolean)1