Example 51 with Attribute
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project xipki by xipki.
the class CaManagerImpl method generateCertificate.
// method removeCertificate
@Override
public X509Certificate generateCertificate(String caName, String profileName, byte[] encodedCsr, Date notBefore, Date notAfter) throws CaMgmtException {
caName = ParamUtil.requireNonBlank("caName", caName).toLowerCase();
profileName = ParamUtil.requireNonBlank("profileName", profileName).toLowerCase();
ParamUtil.requireNonNull("encodedCsr", encodedCsr);
AuditEvent event = new AuditEvent(new Date());
event.setApplicationName(CaAuditConstants.APPNAME);
event.setName(CaAuditConstants.NAME_PERF);
event.addEventType("CAMGMT_CRL_GEN_ONDEMAND");
X509Ca ca = getX509Ca(caName);
CertificationRequest csr;
try {
csr = CertificationRequest.getInstance(encodedCsr);
} catch (Exception ex) {
throw new CaMgmtException(concat("invalid CSR request. ERROR: ", ex.getMessage()));
}
CmpControl cmpControl = getCmpControlObject(ca.getCaInfo().getCmpControlName());
if (!securityFactory.verifyPopo(csr, cmpControl.getPopoAlgoValidator())) {
throw new CaMgmtException("could not validate POP for the CSR");
}
CertificationRequestInfo certTemp = csr.getCertificationRequestInfo();
Extensions extensions = null;
ASN1Set attrs = certTemp.getAttributes();
for (int i = 0; i < attrs.size(); i++) {
Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
extensions = Extensions.getInstance(attr.getAttributeValues()[0]);
}
}
X500Name subject = certTemp.getSubject();
SubjectPublicKeyInfo publicKeyInfo = certTemp.getSubjectPublicKeyInfo();
CertTemplateData certTemplateData = new CertTemplateData(subject, publicKeyInfo, notBefore, notAfter, extensions, profileName);
X509CertificateInfo certInfo;
try {
certInfo = ca.generateCertificate(certTemplateData, byCaRequestor, RequestType.CA, (byte[]) null, CaAuditConstants.MSGID_ca_mgmt);
} catch (OperationException ex) {
throw new CaMgmtException(ex.getMessage(), ex);
}
if (ca.getCaInfo().isSaveRequest()) {
try {
long dbId = ca.addRequest(encodedCsr);
ca.addRequestCert(dbId, certInfo.getCert().getCertId());
} catch (OperationException ex) {
LogUtil.warn(LOG, ex, "could not save request");
}
}
return certInfo.getCert().getCert();
}
Also used :
CertificationRequestInfo(org.bouncycastle.asn1.pkcs.CertificationRequestInfo)
Attribute(org.bouncycastle.asn1.pkcs.Attribute)
X509CertificateInfo(org.xipki.ca.api.publisher.x509.X509CertificateInfo)
X500Name(org.bouncycastle.asn1.x500.X500Name)
Extensions(org.bouncycastle.asn1.x509.Extensions)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Date(java.util.Date)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
KeyStoreException(java.security.KeyStoreException)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
InvalidConfException(org.xipki.common.InvalidConfException)
SocketException(java.net.SocketException)
IOException(java.io.IOException)
CertPublisherException(org.xipki.ca.api.publisher.CertPublisherException)
OperationException(org.xipki.ca.api.OperationException)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
ObjectCreationException(org.xipki.common.ObjectCreationException)
DataAccessException(org.xipki.datasource.DataAccessException)
JAXBException(javax.xml.bind.JAXBException)
FileNotFoundException(java.io.FileNotFoundException)
SAXException(org.xml.sax.SAXException)
CertificateException(java.security.cert.CertificateException)
PasswordResolverException(org.xipki.password.PasswordResolverException)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
CmpControl(org.xipki.ca.server.mgmt.api.CmpControl)
PciAuditEvent(org.xipki.audit.PciAuditEvent)
AuditEvent(org.xipki.audit.AuditEvent)
CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest)
OperationException(org.xipki.ca.api.OperationException)
Example 52 with Attribute
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project xipki by xipki.
the class CaUtil method getChallengePassword.
public static String getChallengePassword(CertificationRequestInfo csr) {
ParamUtil.requireNonNull("csr", csr);
ASN1Set attrs = csr.getAttributes();
for (int i = 0; i < attrs.size(); i++) {
Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
if (PKCSObjectIdentifiers.pkcs_9_at_challengePassword.equals(attr.getAttrType())) {
ASN1String str = (ASN1String) attr.getAttributeValues()[0];
return str.getString();
}
}
return null;
}
Also used :
ASN1Set(org.bouncycastle.asn1.ASN1Set)
Attribute(org.bouncycastle.asn1.pkcs.Attribute)
ASN1String(org.bouncycastle.asn1.ASN1String)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
Example 53 with Attribute
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project keystore-explorer by kaikramer.
the class DSignCsr method populatePkcs10CsrDetails.
private void populatePkcs10CsrDetails() throws CryptoException {
jtfCsrFormat.setText(res.getString("DSignCsr.jtfCsrFormat.Pkcs10.text"));
jtfCsrFormat.setCaretPosition(0);
jdnCsrSubject.setDistinguishedName(pkcs10Csr.getSubject());
try {
csrPublicKey = new JcaPKCS10CertificationRequest(pkcs10Csr).getPublicKey();
} catch (GeneralSecurityException ex) {
throw new CryptoException(res.getString("DSignCsr.NoGetCsrPublicKey.message"), ex);
}
populatePublicKey();
String sigAlgId = pkcs10Csr.getSignatureAlgorithm().getAlgorithm().getId();
byte[] sigAlgParams = extractSigAlgParams();
SignatureType sigAlg = SignatureType.resolveOid(sigAlgId, sigAlgParams);
if (sigAlg != null) {
jtfCsrSignatureAlgorithm.setText(sigAlg.friendly());
} else {
jtfCsrSignatureAlgorithm.setText(sigAlgId);
}
jtfCsrSignatureAlgorithm.setCaretPosition(0);
DialogHelper.populatePkcs10Challenge(pkcs10Csr.getAttributes(), jtfCsrChallenge);
Attribute[] extReqAttr = pkcs10Csr.getAttributes(pkcs_9_at_extensionRequest);
if (extReqAttr != null && extReqAttr.length > 0) {
jbCsrExtensions.setEnabled(true);
jbTransferExtensions.setEnabled(true);
} else {
jbCsrExtensions.setEnabled(false);
jbTransferExtensions.setEnabled(false);
}
}
Also used :
JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest)
Attribute(org.bouncycastle.asn1.pkcs.Attribute)
GeneralSecurityException(java.security.GeneralSecurityException)
SignatureType(org.kse.crypto.signing.SignatureType)
CryptoException(org.kse.crypto.CryptoException)
Example 54 with Attribute
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project keystore-explorer by kaikramer.
the class DialogHelper method populateTextField.
private static void populateTextField(Attribute[] attrs, JTextField textField, ASN1ObjectIdentifier pkcs9Attr) {
if (attrs != null) {
for (Attribute attribute : attrs) {
ASN1ObjectIdentifier attributeOid = attribute.getAttrType();
if (attributeOid.equals(pkcs9Attr)) {
ASN1Encodable challenge = attribute.getAttributeValues()[0];
// data type can be one of IA5String or UTF8String
if (challenge instanceof DERPrintableString) {
textField.setText(((DERPrintableString) challenge).getString());
} else if (challenge instanceof DERUTF8String) {
textField.setText(((DERUTF8String) challenge).getString());
}
textField.setCaretPosition(0);
}
}
}
}
Also used :
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
Attribute(org.bouncycastle.asn1.pkcs.Attribute)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 55 with Attribute
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project xipki by xipki.
the class Ca2Manager method generateCertificate.
// method generateRootCa
X509Cert generateCertificate(String caName, String profileName, byte[] encodedCsr, Date notBefore, Date notAfter) throws CaMgmtException {
caName = toNonBlankLower(caName, "caName");
profileName = toNonBlankLower(profileName, "profileName");
notNull(encodedCsr, "encodedCsr");
AuditEvent event = new AuditEvent(new Date());
event.setApplicationName(APPNAME);
event.setName(NAME_perf);
event.addEventType("CAMGMT_CRL_GEN_ONDEMAND");
X509Ca ca = getX509Ca(caName);
CertificationRequest csr;
try {
csr = X509Util.parseCsr(encodedCsr);
} catch (Exception ex) {
throw new CaMgmtException(concat("invalid CSR request. ERROR: ", ex.getMessage()));
}
if (!ca.verifyCsr(csr)) {
throw new CaMgmtException("could not validate POP for the CSR");
}
CertificationRequestInfo certTemp = csr.getCertificationRequestInfo();
Extensions extensions = null;
ASN1Set attrs = certTemp.getAttributes();
for (int i = 0; i < attrs.size(); i++) {
Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
extensions = Extensions.getInstance(attr.getAttributeValues()[0]);
}
}
X500Name subject = certTemp.getSubject();
SubjectPublicKeyInfo publicKeyInfo = certTemp.getSubjectPublicKeyInfo();
CertTemplateData certTemplateData = new CertTemplateData(subject, publicKeyInfo, notBefore, notAfter, extensions, profileName);
CertificateInfo certInfo;
try {
certInfo = ca.generateCert(certTemplateData, manager.byCaRequestor, RequestType.CA, null, MSGID_ca_mgmt);
} catch (OperationException ex) {
throw new CaMgmtException(ex.getMessage(), ex);
}
if (ca.getCaInfo().isSaveRequest()) {
try {
long dbId = ca.addRequest(encodedCsr);
ca.addRequestCert(dbId, certInfo.getCert().getCertId());
} catch (OperationException ex) {
LogUtil.warn(LOG, ex, "could not save request");
}
}
return certInfo.getCert().getCert();
}
Also used :
CertificationRequestInfo(org.bouncycastle.asn1.pkcs.CertificationRequestInfo)
Attribute(org.bouncycastle.asn1.pkcs.Attribute)
X500Name(org.bouncycastle.asn1.x500.X500Name)
Extensions(org.bouncycastle.asn1.x509.Extensions)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
DataAccessException(org.xipki.datasource.DataAccessException)
CertificateException(java.security.cert.CertificateException)
OperationException(org.xipki.ca.api.OperationException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
CertificateInfo(org.xipki.ca.api.CertificateInfo)
AuditEvent(org.xipki.audit.AuditEvent)
CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest)
OperationException(org.xipki.ca.api.OperationException)
Aggregations
Attribute (org.bouncycastle.asn1.pkcs.Attribute)36
IOException (java.io.IOException)25
Extensions (org.bouncycastle.asn1.x509.Extensions)18
ArrayList (java.util.ArrayList)17
ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)15
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)13
List (java.util.List)12
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)12
GeneralName (org.bouncycastle.asn1.x509.GeneralName)12
ASN1Set (org.bouncycastle.asn1.ASN1Set)10
ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)9
Iterator (java.util.Iterator)9
CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)8
DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)8
AttributeTable (com.github.zhenwei.pkix.util.asn1.cms.AttributeTable)8
Enumeration (java.util.Enumeration)8
X500Name (org.bouncycastle.asn1.x500.X500Name)8
Attribute (com.github.zhenwei.pkix.util.asn1.cms.Attribute)7
GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)6
GeneralSecurityException (java.security.GeneralSecurityException)6
