Search in sources :

Example 36 with DERUTF8String

use of com.github.zhenwei.core.asn1.DERUTF8String in project xipki by xipki.

the class Asn1P11ObjectIdentifier method toASN1Primitive.

@Override
public ASN1Primitive toASN1Primitive() {
    ASN1EncodableVector vec = new ASN1EncodableVector();
    vec.add(new DEROctetString(objectId.getId()));
    vec.add(new DERUTF8String(objectId.getLabel()));
    return new DERSequence(vec);
}
Also used : DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERSequence(org.bouncycastle.asn1.DERSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 37 with DERUTF8String

use of com.github.zhenwei.core.asn1.DERUTF8String in project xipki by xipki.

the class P12ComplexCsrGenCmd method createComplexGeneralNames.

private static GeneralNames createComplexGeneralNames(String prefix) {
    List<GeneralName> list = new LinkedList<>();
    // otherName
    ASN1EncodableVector vec = new ASN1EncodableVector();
    vec.add(new ASN1ObjectIdentifier("1.2.3.1"));
    vec.add(new DERTaggedObject(true, 0, new DERUTF8String(prefix + "I am otherName 1.2.3.1")));
    list.add(new GeneralName(GeneralName.otherName, new DERSequence(vec)));
    vec = new ASN1EncodableVector();
    vec.add(new ASN1ObjectIdentifier("1.2.3.2"));
    vec.add(new DERTaggedObject(true, 0, new DERUTF8String(prefix + "I am otherName 1.2.3.2")));
    list.add(new GeneralName(GeneralName.otherName, new DERSequence(vec)));
    // rfc822Name
    list.add(new GeneralName(GeneralName.rfc822Name, prefix + "info@example.org"));
    // dNSName
    list.add(new GeneralName(GeneralName.dNSName, prefix + "dns.example.org"));
    // directoryName
    list.add(new GeneralName(GeneralName.directoryName, new X500Name("CN=demo,C=DE")));
    // ediPartyName
    vec = new ASN1EncodableVector();
    vec.add(new DERTaggedObject(false, 0, new DirectoryString(prefix + "assigner1")));
    vec.add(new DERTaggedObject(false, 1, new DirectoryString(prefix + "party1")));
    list.add(new GeneralName(GeneralName.ediPartyName, new DERSequence(vec)));
    // uniformResourceIdentifier
    list.add(new GeneralName(GeneralName.uniformResourceIdentifier, prefix + "uri.example.org"));
    // iPAddress
    list.add(new GeneralName(GeneralName.iPAddress, "69.1.2.190"));
    // registeredID
    list.add(new GeneralName(GeneralName.registeredID, "2.3.4.5"));
    return new GeneralNames(list.toArray(new GeneralName[0]));
}
Also used : DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERSequence(org.bouncycastle.asn1.DERSequence) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) GeneralName(org.bouncycastle.asn1.x509.GeneralName) X500Name(org.bouncycastle.asn1.x500.X500Name) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) LinkedList(java.util.LinkedList) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 38 with DERUTF8String

use of com.github.zhenwei.core.asn1.DERUTF8String in project xipki by xipki.

the class P12ComplexCsrGenCmd method getAdditionalExtensions.

@Override
protected List<Extension> getAdditionalExtensions() throws BadInputException {
    List<Extension> extensions = new LinkedList<>();
    // extension admission (Germany standard commonpki)
    ASN1EncodableVector vec = new ASN1EncodableVector();
    DirectoryString[] dummyItems = new DirectoryString[] { new DirectoryString("dummy") };
    ProfessionInfo pi = new ProfessionInfo(null, dummyItems, null, "aaaab", null);
    Admissions admissions = new Admissions(null, null, new ProfessionInfo[] { pi });
    vec.add(admissions);
    AdmissionSyntax adSyn = new AdmissionSyntax(null, new DERSequence(vec));
    try {
        extensions.add(new Extension(ObjectIdentifiers.id_extension_admission, false, adSyn.getEncoded()));
    } catch (IOException ex) {
        throw new BadInputException(ex.getMessage(), ex);
    }
    // extension subjectDirectoryAttributes (RFC 3739)
    Vector<Attribute> attrs = new Vector<>();
    ASN1GeneralizedTime dateOfBirth = new ASN1GeneralizedTime("19800122120000Z");
    attrs.add(new Attribute(ObjectIdentifiers.DN_DATE_OF_BIRTH, new DERSet(dateOfBirth)));
    DERPrintableString gender = new DERPrintableString("M");
    attrs.add(new Attribute(ObjectIdentifiers.DN_GENDER, new DERSet(gender)));
    DERUTF8String placeOfBirth = new DERUTF8String("Berlin");
    attrs.add(new Attribute(ObjectIdentifiers.DN_PLACE_OF_BIRTH, new DERSet(placeOfBirth)));
    String[] countryOfCitizenshipList = { "DE", "FR" };
    for (String country : countryOfCitizenshipList) {
        DERPrintableString val = new DERPrintableString(country);
        attrs.add(new Attribute(ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP, new DERSet(val)));
    }
    String[] countryOfResidenceList = { "DE" };
    for (String country : countryOfResidenceList) {
        DERPrintableString val = new DERPrintableString(country);
        attrs.add(new Attribute(ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE, new DERSet(val)));
    }
    SubjectDirectoryAttributes subjectDirAttrs = new SubjectDirectoryAttributes(attrs);
    try {
        extensions.add(new Extension(Extension.subjectDirectoryAttributes, false, subjectDirAttrs.getEncoded()));
    } catch (IOException ex) {
        throw new BadInputException(ex.getMessage(), ex);
    }
    return extensions;
}
Also used : DERUTF8String(org.bouncycastle.asn1.DERUTF8String) Attribute(org.bouncycastle.asn1.x509.Attribute) SubjectDirectoryAttributes(org.bouncycastle.asn1.x509.SubjectDirectoryAttributes) ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) IOException(java.io.IOException) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERSet(org.bouncycastle.asn1.DERSet) LinkedList(java.util.LinkedList) Extension(org.bouncycastle.asn1.x509.Extension) BadInputException(org.xipki.security.exception.BadInputException) DERSequence(org.bouncycastle.asn1.DERSequence) AdmissionSyntax(org.bouncycastle.asn1.isismtt.x509.AdmissionSyntax) Admissions(org.bouncycastle.asn1.isismtt.x509.Admissions) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) Vector(java.util.Vector) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ProfessionInfo(org.bouncycastle.asn1.isismtt.x509.ProfessionInfo)

Example 39 with DERUTF8String

use of com.github.zhenwei.core.asn1.DERUTF8String in project xipki by xipki.

the class X509Ca method addXipkiCertset.

// method generateCrl
/**
 * Add XiPKI extension CrlCertSet.
 *
 * <pre>
 * Xipki-CrlCertSet ::= SET OF Xipki-CrlCert
 *
 * Xipki-CrlCert ::= SEQUENCE {
 *         serial            INTEGER
 *         cert        [0] EXPLICIT    Certificate OPTIONAL
 *         profileName [1] EXPLICIT    UTF8String    OPTIONAL
 *         }
 * </pre>
 */
private void addXipkiCertset(X509v2CRLBuilder crlBuilder, boolean deltaCrl, CrlControl control, Date notExpireAt, boolean onlyCaCerts, boolean onlyUserCerts) throws OperationException {
    if (deltaCrl || !control.isXipkiCertsetIncluded()) {
        return;
    }
    ASN1EncodableVector vector = new ASN1EncodableVector();
    final int numEntries = 100;
    long startId = 1;
    List<SerialWithId> serials;
    do {
        serials = certstore.getCertSerials(caIdent, notExpireAt, startId, numEntries, false, onlyCaCerts, onlyUserCerts);
        long maxId = 1;
        for (SerialWithId sid : serials) {
            if (sid.getId() > maxId) {
                maxId = sid.getId();
            }
            ASN1EncodableVector vec = new ASN1EncodableVector();
            vec.add(new ASN1Integer(sid.getSerial()));
            Integer profileId = null;
            if (control.isXipkiCertsetCertIncluded()) {
                X509CertificateInfo certInfo;
                try {
                    certInfo = certstore.getCertificateInfoForId(caIdent, caCert, sid.getId(), caIdNameMap);
                } catch (CertificateException ex) {
                    throw new OperationException(ErrorCode.SYSTEM_FAILURE, "CertificateException: " + ex.getMessage());
                }
                Certificate cert = Certificate.getInstance(certInfo.getCert().getEncodedCert());
                vec.add(new DERTaggedObject(true, 0, cert));
                if (control.isXipkiCertsetProfilenameIncluded()) {
                    profileId = certInfo.getProfile().getId();
                }
            } else if (control.isXipkiCertsetProfilenameIncluded()) {
                profileId = certstore.getCertProfileForId(caIdent, sid.getId());
            }
            if (profileId != null) {
                String profileName = caIdNameMap.getCertprofileName(profileId);
                vec.add(new DERTaggedObject(true, 1, new DERUTF8String(profileName)));
            }
            vector.add(new DERSequence(vec));
        }
        // end for
        startId = maxId + 1;
    } while (serials.size() >= numEntries);
    try {
        crlBuilder.addExtension(ObjectIdentifiers.id_xipki_ext_crlCertset, false, new DERSet(vector));
    } catch (CertIOException ex) {
        throw new OperationException(ErrorCode.INVALID_EXTENSION, "CertIOException: " + ex.getMessage());
    }
}
Also used : DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) X509CertificateInfo(org.xipki.ca.api.publisher.x509.X509CertificateInfo) CertificateException(java.security.cert.CertificateException) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERSet(org.bouncycastle.asn1.DERSet) CertIOException(org.bouncycastle.cert.CertIOException) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) BigInteger(java.math.BigInteger) DERSequence(org.bouncycastle.asn1.DERSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) OperationException(org.xipki.ca.api.OperationException) Certificate(org.bouncycastle.asn1.x509.Certificate) X509Certificate(java.security.cert.X509Certificate)

Example 40 with DERUTF8String

use of com.github.zhenwei.core.asn1.DERUTF8String in project xipki by xipki.

the class CmpCaClient method requestCertViaCrmf.

public X509Certificate requestCertViaCrmf(String certProfile, PrivateKey privateKey, SubjectPublicKeyInfo publicKeyInfo, String subject) throws Exception {
    CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
    certTemplateBuilder.setSubject(new X500Name(subject));
    certTemplateBuilder.setPublicKey(publicKeyInfo);
    CertRequest certReq = new CertRequest(1, certTemplateBuilder.build(), null);
    ProofOfPossessionSigningKeyBuilder popoBuilder = new ProofOfPossessionSigningKeyBuilder(certReq);
    ContentSigner popoSigner = buildSigner(privateKey);
    POPOSigningKey popoSk = popoBuilder.build(popoSigner);
    ProofOfPossession popo = new ProofOfPossession(popoSk);
    AttributeTypeAndValue certprofileInfo = new AttributeTypeAndValue(CMPObjectIdentifiers.regInfo_utf8Pairs, new DERUTF8String("CERT-PROFILE?" + certProfile + "%"));
    AttributeTypeAndValue[] atvs = { certprofileInfo };
    CertReqMsg certReqMsg = new CertReqMsg(certReq, popo, atvs);
    PKIBody body = new PKIBody(PKIBody.TYPE_CERT_REQ, new CertReqMessages(certReqMsg));
    ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(PKIHeader.CMP_2000, requestorSubject, responderSubject);
    builder.setMessageTime(new Date());
    builder.setTransactionID(randomTransactionId());
    builder.setSenderNonce(randomSenderNonce());
    builder.addGeneralInfo(new InfoTypeAndValue(CMPObjectIdentifiers.it_implicitConfirm, DERNull.INSTANCE));
    builder.setBody(body);
    ProtectedPKIMessage request = builder.build(requestorSigner);
    PKIMessage response = transmit(request);
    return parseEnrollCertResult(response);
}
Also used : ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) CertReqMessages(org.bouncycastle.asn1.crmf.CertReqMessages) CertReqMsg(org.bouncycastle.asn1.crmf.CertReqMsg) ContentSigner(org.bouncycastle.operator.ContentSigner) ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) ProofOfPossession(org.bouncycastle.asn1.crmf.ProofOfPossession) X500Name(org.bouncycastle.asn1.x500.X500Name) AttributeTypeAndValue(org.bouncycastle.asn1.crmf.AttributeTypeAndValue) Date(java.util.Date) CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder) CertRequest(org.bouncycastle.asn1.crmf.CertRequest) InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue) ProofOfPossessionSigningKeyBuilder(org.bouncycastle.cert.crmf.ProofOfPossessionSigningKeyBuilder) ProtectedPKIMessageBuilder(org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder) POPOSigningKey(org.bouncycastle.asn1.crmf.POPOSigningKey)

Aggregations

DERUTF8String (org.bouncycastle.asn1.DERUTF8String)52 DERSequence (org.bouncycastle.asn1.DERSequence)28 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)20 DEROctetString (org.bouncycastle.asn1.DEROctetString)19 IOException (java.io.IOException)17 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)17 DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)17 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)15 DERIA5String (org.bouncycastle.asn1.DERIA5String)15 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)12 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)11 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)10 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)10 DLSequence (org.bouncycastle.asn1.DLSequence)9 X500Name (org.bouncycastle.asn1.x500.X500Name)8 X509Certificate (java.security.cert.X509Certificate)7 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)7 Pair (android.util.Pair)5 Date (java.util.Date)5