use of com.github.zhenwei.core.asn1.DERIA5String in project athenz by AthenZ.
the class CryptoTest method testX509CSRrequestWithPrivateKeyOnly.
@Test(dataProvider = "x500Principal")
public void testX509CSRrequestWithPrivateKeyOnly(String x500Principal, boolean badRequest) {
PrivateKey privateKey = Crypto.loadPrivateKey(rsaPrivateKey);
String certRequest = null;
GeneralName otherName1 = new GeneralName(GeneralName.otherName, new DERIA5String("role1"));
GeneralName otherName2 = new GeneralName(GeneralName.otherName, new DERIA5String("role2"));
GeneralName[] sanArray = new GeneralName[] { otherName1, otherName2 };
try {
certRequest = Crypto.generateX509CSR(privateKey, x500Principal, sanArray);
} catch (Exception e) {
if (!badRequest) {
fail("Should not have failed to create csr");
}
}
if (!badRequest) {
// Now validate the csr
Crypto.getPKCS10CertRequest(certRequest);
}
}
use of com.github.zhenwei.core.asn1.DERIA5String in project jans by JanssenProject.
the class CRLCertificateVerifier method getCrlUri.
public String getCrlUri(X509Certificate certificate) throws IOException {
ASN1Primitive obj;
try {
obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId());
} catch (IOException ex) {
log.error("Failed to get CRL URL", ex);
return null;
}
if (obj == null) {
return null;
}
CRLDistPoint distPoint = CRLDistPoint.getInstance(obj);
DistributionPoint[] distributionPoints = distPoint.getDistributionPoints();
for (DistributionPoint distributionPoint : distributionPoints) {
DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
if (DistributionPointName.FULL_NAME != distributionPointName.getType()) {
continue;
}
GeneralNames generalNames = (GeneralNames) distributionPointName.getName();
GeneralName[] names = generalNames.getNames();
for (GeneralName name : names) {
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
continue;
}
DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
return derStr.getString();
}
}
return null;
}
use of com.github.zhenwei.core.asn1.DERIA5String in project LinLong-Java by zhenwei1108.
the class CMSTimeStampedDataGenerator method generate.
public CMSTimeStampedData generate(TimeStampToken timeStamp, InputStream content) throws CMSException {
ByteArrayOutputStream contentOut = new ByteArrayOutputStream();
if (content != null) {
try {
Streams.pipeAll(content, contentOut);
} catch (IOException e) {
throw new CMSException("exception encapsulating content: " + e.getMessage(), e);
}
}
ASN1OctetString encContent = null;
if (contentOut.size() != 0) {
encContent = new BEROctetString(contentOut.toByteArray());
}
TimeStampAndCRL stamp = new TimeStampAndCRL(timeStamp.toCMSSignedData().toASN1Structure());
ASN1IA5String asn1DataUri = null;
if (dataUri != null) {
asn1DataUri = new DERIA5String(dataUri.toString());
}
return new CMSTimeStampedData(new ContentInfo(CMSObjectIdentifiers.timestampedData, new TimeStampedData(asn1DataUri, metaData, encContent, new Evidence(new TimeStampTokenEvidence(stamp)))));
}
use of com.github.zhenwei.core.asn1.DERIA5String in project LinLong-Java by zhenwei1108.
the class NetscapeCertRequest method toASN1Primitive.
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector spkac = new ASN1EncodableVector();
ASN1EncodableVector pkac = new ASN1EncodableVector();
try {
pkac.add(getKeySpec());
} catch (Exception e) {
// ignore
}
pkac.add(new DERIA5String(challenge));
spkac.add(new DERSequence(pkac));
spkac.add(sigAlg);
spkac.add(new DERBitString(sigBits));
return new DERSequence(spkac);
}
use of com.github.zhenwei.core.asn1.DERIA5String in project module-ballerina-http by ballerina-platform.
the class CRLVerifier method getCrlDistributionPoints.
/**
* Extracts all CRL distribution point URLs from the "CRL Distribution Point"
* extension in a X.509 certificate. If CRL distribution point extension is
* unavailable, returns an empty list.
*/
private List<String> getCrlDistributionPoints(X509Certificate cert) throws CertificateVerificationException {
// Gets the DER-encoded OCTET string for the extension value for CRLDistributionPoints.
byte[] crlDPExtensionValue = cert.getExtensionValue(Extension.cRLDistributionPoints.getId());
if (crlDPExtensionValue == null) {
throw new CertificateVerificationException("Certificate doesn't have CRL distribution points");
}
// crlDPExtensionValue is encoded in ASN.1 format.
ASN1InputStream asn1In = new ASN1InputStream(crlDPExtensionValue);
// DER (Distinguished Encoding Rules) is one of ASN.1 encoding rules defined in ITU-T X.690, 2002, specification.
// ASN.1 encoding rules can be used to encode any data object into a binary file. Read the object in octets.
CRLDistPoint distPoint;
try {
DEROctetString crlDEROctetString = (DEROctetString) asn1In.readObject();
// Get Input stream in octets.
distPoint = getOctetInputStream(crlDEROctetString);
} catch (IOException e) {
throw new CertificateVerificationException("Cannot read certificate to get CRL URLs", e);
} finally {
try {
asn1In.close();
} catch (IOException e) {
LOG.error("Cannot close input stream", e);
}
}
List<String> crlUrls = new ArrayList<>();
// Loop through ASN1Encodable DistributionPoints.
for (DistributionPoint dp : distPoint.getDistributionPoints()) {
// get ASN1Encodable DistributionPointName.
DistributionPointName dpn = dp.getDistributionPoint();
if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) {
// Create ASN1Encodable General Names.
GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
// Look for a URI
for (GeneralName genName : genNames) {
if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) {
// DERIA5String contains an ascii string.
// A IA5String is a restricted character string type in the ASN.1 notation.
String url = DERIA5String.getInstance(genName.getName()).getString().trim();
crlUrls.add(url);
}
}
}
}
if (crlUrls.isEmpty()) {
throw new CertificateVerificationException("Cant get CRL urls from certificate");
}
return crlUrls;
}
Aggregations