use of com.github.zhenwei.core.asn1.DEROctetString in project keystore-explorer by kaikramer.
the class DAddExtensions method addPressed.
private void addPressed() {
DAddExtensionType dAddExtensionType = new DAddExtensionType(this, extensions);
dAddExtensionType.setLocationRelativeTo(this);
dAddExtensionType.setVisible(true);
X509ExtensionType extensionTypeToAdd = dAddExtensionType.getExtensionType();
if (extensionTypeToAdd == null) {
return;
}
boolean isCritical = dAddExtensionType.isExtensionCritical();
DExtension dExtension = determineExtensionDialog(extensionTypeToAdd);
if (dExtension == null) {
return;
}
dExtension.setLocationRelativeTo(this);
dExtension.setVisible(true);
byte[] extensionValue = dExtension.getValue();
String oid = dExtension.getOid();
if (extensionValue == null || oid == null) {
return;
}
// value has to be wrapped in a DER-encoded OCTET STRING
byte[] extensionValueOctet = null;
try {
extensionValueOctet = new DEROctetString(extensionValue).getEncoded(ASN1Encoding.DER);
} catch (IOException e) {
return;
}
extensions.addExtension(oid, isCritical, extensionValueOctet);
reloadExtensionsTable();
selectExtensionInTable(oid);
updateButtonControls();
}
use of com.github.zhenwei.core.asn1.DEROctetString in project xipki by xipki.
the class ProxyP11Identity method sign0.
@Override
protected byte[] sign0(long mechanism, P11Params parameters, byte[] content) throws P11TokenException {
org.xipki.security.pkcs11.proxy.asn1.P11Params p11Param = null;
if (parameters != null) {
if (parameters instanceof P11RSAPkcsPssParams) {
p11Param = new org.xipki.security.pkcs11.proxy.asn1.P11Params(org.xipki.security.pkcs11.proxy.asn1.P11Params.TAG_RSA_PKCS_PSS, new RSAPkcsPssParams((P11RSAPkcsPssParams) parameters));
} else if (parameters instanceof P11ByteArrayParams) {
byte[] bytes = ((P11ByteArrayParams) parameters).getBytes();
p11Param = new org.xipki.security.pkcs11.proxy.asn1.P11Params(org.xipki.security.pkcs11.proxy.asn1.P11Params.TAG_OPAQUE, new DEROctetString(bytes));
} else if (parameters instanceof P11IVParams) {
p11Param = new org.xipki.security.pkcs11.proxy.asn1.P11Params(org.xipki.security.pkcs11.proxy.asn1.P11Params.TAG_IV, new DEROctetString(((P11IVParams) parameters).getIV()));
} else {
throw new IllegalArgumentException("unkown parameter 'parameters'");
}
}
SignTemplate signTemplate = new SignTemplate(((ProxyP11Slot) slot).getAsn1SlotId(), asn1KeyId, mechanism, p11Param, content);
byte[] result = ((ProxyP11Slot) slot).getModule().send(P11ProxyConstants.ACTION_SIGN, signTemplate);
ASN1OctetString octetString;
try {
octetString = DEROctetString.getInstance(result);
} catch (IllegalArgumentException ex) {
throw new P11TokenException("the returned result is not OCTET STRING");
}
return (octetString == null) ? null : octetString.getOctets();
}
use of com.github.zhenwei.core.asn1.DEROctetString in project xipki by xipki.
the class X509Ca method generateCert0.
private CertificateInfo generateCert0(GrantedCertTemplate gct, RequestorInfo requestor, RequestType reqType, byte[] transactionId, AuditEvent event) throws OperationException {
notNull(gct, "gct");
event.addEventData(CaAuditConstants.NAME_req_subject, X509Util.getRfc4519Name(gct.requestedSubject));
event.addEventData(CaAuditConstants.NAME_certprofile, gct.certprofile.getIdent().getName());
event.addEventData(CaAuditConstants.NAME_not_before, DateUtil.toUtcTimeyyyyMMddhhmmss(gct.grantedNotBefore));
event.addEventData(CaAuditConstants.NAME_not_after, DateUtil.toUtcTimeyyyyMMddhhmmss(gct.grantedNotAfter));
IdentifiedCertprofile certprofile = gct.certprofile;
ExtensionControl extnSctCtrl = certprofile.getExtensionControls().get(Extn.id_SCTs);
boolean ctlogEnabled = caInfo.getCtlogControl() != null && caInfo.getCtlogControl().isEnabled();
if (!ctlogEnabled) {
if (extnSctCtrl != null && extnSctCtrl.isRequired()) {
throw new OperationException(SYSTEM_FAILURE, "extension " + ObjectIdentifiers.getName(Extn.id_SCTs) + " is required but CTLog of the CA is not activated");
}
}
String serialNumberMode = certprofile.getSerialNumberMode();
BigInteger serialNumber = null;
while (true) {
if (StringUtil.isBlank(serialNumberMode) || "CA".equalsIgnoreCase(serialNumberMode)) {
serialNumber = caInfo.nextSerial();
} else if ("PROFILE".equalsIgnoreCase(serialNumberMode)) {
try {
BigInteger previousSerialNumber = serialNumber;
ConfPairs extraControl = caInfo.getExtraControl();
serialNumber = certprofile.generateSerialNumber(caInfo.getCert().getSubject(), caInfo.getCert().getSubjectPublicKeyInfo(), gct.requestedSubject, gct.grantedPublicKey, extraControl == null ? null : extraControl.unmodifiable());
// do not repeat this process.
if (serialNumber.equals(previousSerialNumber)) {
break;
}
} catch (CertprofileException ex) {
LogUtil.error(LOG, ex, "error generateSerialNumber");
throw new OperationException(SYSTEM_FAILURE, "unknown SerialNumberMode '" + serialNumberMode + "'");
}
} else {
throw new OperationException(BAD_CERT_TEMPLATE, "unknown SerialNumberMode '" + serialNumberMode + "'");
}
if (certstore.getCertId(caIdent, serialNumber) == 0) {
break;
}
}
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(caInfo.getPublicCaInfo().getSubject(), serialNumber, gct.grantedNotBefore, gct.grantedNotAfter, gct.grantedSubject, gct.grantedPublicKey);
CertificateInfo ret;
try {
SignerEntryWrapper crlSigner = crlModule.getCrlSigner();
X509Cert crlSignerCert = (crlSigner == null) ? null : crlSigner.getSigner().getCertificate();
ExtensionValues extensionTuples = certprofile.getExtensions(gct.requestedSubject, gct.grantedSubject, gct.extensions, gct.grantedPublicKey, caInfo.getPublicCaInfo(), crlSignerCert, gct.grantedNotBefore, gct.grantedNotAfter);
if (extensionTuples != null) {
for (ASN1ObjectIdentifier extensionType : extensionTuples.getExtensionTypes()) {
ExtensionValue extValue = extensionTuples.getExtensionValue(extensionType);
certBuilder.addExtension(extensionType, extValue.isCritical(), extValue.getValue());
}
}
boolean addCtlog = ctlogEnabled && extnSctCtrl != null;
if (addCtlog) {
certBuilder.addExtension(Extn.id_precertificate, true, DERNull.INSTANCE);
ConcurrentBagEntrySigner signer0;
try {
signer0 = gct.signer.borrowSigner();
} catch (NoIdleSignerException ex) {
throw new OperationException(SYSTEM_FAILURE, ex);
}
X509CertificateHolder precert;
try {
precert = certBuilder.build(signer0.value());
} finally {
// returns the signer after the signing so that it can be used by others
gct.signer.requiteSigner(signer0);
}
CtLogPublicKeyFinder finder = caManager.getCtLogPublicKeyFinder();
if (finder == null) {
throw new OperationException(SYSTEM_FAILURE, "ctLog not configured for CA " + caInfo.getIdent().getName());
}
SignedCertificateTimestampList scts = ctlogClient.getCtLogScts(precert, caCert, caInfo.getCertchain(), finder);
// remove the precertificate extension
certBuilder.removeExtension(Extn.id_precertificate);
// add the SCTs extension
DEROctetString extnValue;
try {
extnValue = new DEROctetString(new DEROctetString(scts.getEncoded()).getEncoded());
} catch (IOException ex) {
throw new CertIOException("could not encode SCT extension", ex);
}
certBuilder.addExtension(new Extension(Extn.id_SCTs, extnSctCtrl.isCritical(), extnValue));
}
ConcurrentBagEntrySigner signer0;
try {
signer0 = gct.signer.borrowSigner();
} catch (NoIdleSignerException ex) {
throw new OperationException(SYSTEM_FAILURE, ex);
}
X509CertificateHolder bcCert;
try {
bcCert = certBuilder.build(signer0.value());
} finally {
gct.signer.requiteSigner(signer0);
}
byte[] encodedCert = bcCert.getEncoded();
int maxCertSize = gct.certprofile.getMaxCertSize();
if (maxCertSize > 0) {
int certSize = encodedCert.length;
if (certSize > maxCertSize) {
throw new OperationException(NOT_PERMITTED, String.format("certificate exceeds the maximal allowed size: %d > %d", certSize, maxCertSize));
}
}
X509Cert cert = new X509Cert(bcCert, encodedCert);
if (!verifySignature(cert)) {
throw new OperationException(SYSTEM_FAILURE, "could not verify the signature of generated certificate");
}
CertWithDbId certWithMeta = new CertWithDbId(cert);
ret = new CertificateInfo(certWithMeta, gct.privateKey, caIdent, caCert, gct.certprofile.getIdent(), requestor.getIdent());
if (requestor instanceof RequestorInfo.ByUserRequestorInfo) {
ret.setUser((((RequestorInfo.ByUserRequestorInfo) requestor).getUserId()));
}
ret.setReqType(reqType);
ret.setTransactionId(transactionId);
ret.setRequestedSubject(gct.requestedSubject);
if (saveCert && publisherModule.publishCert(ret) == 1) {
throw new OperationException(SYSTEM_FAILURE, "could not save certificate");
}
} catch (BadCertTemplateException ex) {
throw new OperationException(BAD_CERT_TEMPLATE, ex);
} catch (OperationException ex) {
throw ex;
} catch (Throwable th) {
LogUtil.error(LOG, th, "could not generate certificate");
throw new OperationException(SYSTEM_FAILURE, th);
}
if (gct.warning != null) {
ret.setWarningMessage(gct.warning);
}
return ret;
}
use of com.github.zhenwei.core.asn1.DEROctetString in project certmgr by hdecarne.
the class ASN1DataTest method testGeneralNames.
/**
* Test encoding & decoding of {@link GeneralNames} object.
*/
@Test
public void testGeneralNames() {
try {
GeneralNames in = new GeneralNames();
DirectoryName inNameA = new DirectoryName(new X500Principal("CN=localhost"));
GenericName inNameB = new GenericName(GeneralNameType.X400_ADDRESS, new DEROctetString("test".getBytes()).getEncoded());
IPAddressName inNameC = new IPAddressName(InetAddress.getByName("127.0.0.1"), null);
IPAddressName inNameD = new IPAddressName(InetAddress.getByName("127.0.0.1"), InetAddress.getByName("255.255.255.255"));
IPAddressName inNameE = new IPAddressName(InetAddress.getByName("::1"), null);
IPAddressName inNameF = new IPAddressName(InetAddress.getByName("::1"), InetAddress.getByName("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"));
OtherName inNameG = new OtherName("1.2.3.4", new DEROctetString("test".getBytes()).getEncoded());
RegisteredIDName inNameH = new RegisteredIDName("1.2.3.4");
StringName inNameI = new StringName(GeneralNameType.UNIFORM_RESOURCE_IDENTIFIER, "https://localhost/test.crl");
in.addName(inNameA);
in.addName(inNameB);
in.addName(inNameC);
in.addName(inNameD);
in.addName(inNameE);
in.addName(inNameF);
in.addName(inNameG);
in.addName(inNameH);
in.addName(inNameI);
byte[] inEncoded = in.getEncoded();
GeneralNames out = GeneralNames.decode(decodeBytes(inEncoded));
byte[] outEncoded = out.getEncoded();
Assert.assertArrayEquals(inEncoded, outEncoded);
} catch (IOException e) {
e.printStackTrace();
Assert.fail(e.getLocalizedMessage());
}
}
use of com.github.zhenwei.core.asn1.DEROctetString in project certmgr by hdecarne.
the class IPAddressName method encode.
@Override
public ASN1Encodable encode() throws IOException {
byte[] addressBytes = this.address.getAddress();
byte[] netmaskBytes = (this.netmask != null ? this.netmask.getAddress() : new byte[0]);
byte[] encodedBytes = new byte[addressBytes.length + netmaskBytes.length];
System.arraycopy(addressBytes, 0, encodedBytes, 0, addressBytes.length);
System.arraycopy(netmaskBytes, 0, encodedBytes, addressBytes.length, netmaskBytes.length);
return new DERTaggedObject(false, getType().value(), new DEROctetString(encodedBytes));
}
Aggregations