Search in sources :

Example 51 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project xipki by xipki.

the class CaManagerImpl method generateCertificate.

// method removeCertificate
@Override
public X509Certificate generateCertificate(String caName, String profileName, byte[] encodedCsr, Date notBefore, Date notAfter) throws CaMgmtException {
    caName = ParamUtil.requireNonBlank("caName", caName).toLowerCase();
    profileName = ParamUtil.requireNonBlank("profileName", profileName).toLowerCase();
    ParamUtil.requireNonNull("encodedCsr", encodedCsr);
    AuditEvent event = new AuditEvent(new Date());
    event.setApplicationName(CaAuditConstants.APPNAME);
    event.setName(CaAuditConstants.NAME_PERF);
    event.addEventType("CAMGMT_CRL_GEN_ONDEMAND");
    X509Ca ca = getX509Ca(caName);
    CertificationRequest csr;
    try {
        csr = CertificationRequest.getInstance(encodedCsr);
    } catch (Exception ex) {
        throw new CaMgmtException(concat("invalid CSR request. ERROR: ", ex.getMessage()));
    }
    CmpControl cmpControl = getCmpControlObject(ca.getCaInfo().getCmpControlName());
    if (!securityFactory.verifyPopo(csr, cmpControl.getPopoAlgoValidator())) {
        throw new CaMgmtException("could not validate POP for the CSR");
    }
    CertificationRequestInfo certTemp = csr.getCertificationRequestInfo();
    Extensions extensions = null;
    ASN1Set attrs = certTemp.getAttributes();
    for (int i = 0; i < attrs.size(); i++) {
        Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
        if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
            extensions = Extensions.getInstance(attr.getAttributeValues()[0]);
        }
    }
    X500Name subject = certTemp.getSubject();
    SubjectPublicKeyInfo publicKeyInfo = certTemp.getSubjectPublicKeyInfo();
    CertTemplateData certTemplateData = new CertTemplateData(subject, publicKeyInfo, notBefore, notAfter, extensions, profileName);
    X509CertificateInfo certInfo;
    try {
        certInfo = ca.generateCertificate(certTemplateData, byCaRequestor, RequestType.CA, (byte[]) null, CaAuditConstants.MSGID_ca_mgmt);
    } catch (OperationException ex) {
        throw new CaMgmtException(ex.getMessage(), ex);
    }
    if (ca.getCaInfo().isSaveRequest()) {
        try {
            long dbId = ca.addRequest(encodedCsr);
            ca.addRequestCert(dbId, certInfo.getCert().getCertId());
        } catch (OperationException ex) {
            LogUtil.warn(LOG, ex, "could not save request");
        }
    }
    return certInfo.getCert().getCert();
}
Also used : CertificationRequestInfo(org.bouncycastle.asn1.pkcs.CertificationRequestInfo) Attribute(org.bouncycastle.asn1.pkcs.Attribute) X509CertificateInfo(org.xipki.ca.api.publisher.x509.X509CertificateInfo) X500Name(org.bouncycastle.asn1.x500.X500Name) Extensions(org.bouncycastle.asn1.x509.Extensions) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) CertprofileException(org.xipki.ca.api.profile.CertprofileException) KeyStoreException(java.security.KeyStoreException) XiSecurityException(org.xipki.security.exception.XiSecurityException) CertificateEncodingException(java.security.cert.CertificateEncodingException) InvalidConfException(org.xipki.common.InvalidConfException) SocketException(java.net.SocketException) IOException(java.io.IOException) CertPublisherException(org.xipki.ca.api.publisher.CertPublisherException) OperationException(org.xipki.ca.api.OperationException) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) ObjectCreationException(org.xipki.common.ObjectCreationException) DataAccessException(org.xipki.datasource.DataAccessException) JAXBException(javax.xml.bind.JAXBException) FileNotFoundException(java.io.FileNotFoundException) SAXException(org.xml.sax.SAXException) CertificateException(java.security.cert.CertificateException) PasswordResolverException(org.xipki.password.PasswordResolverException) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) ASN1Set(org.bouncycastle.asn1.ASN1Set) CmpControl(org.xipki.ca.server.mgmt.api.CmpControl) PciAuditEvent(org.xipki.audit.PciAuditEvent) AuditEvent(org.xipki.audit.AuditEvent) CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest) OperationException(org.xipki.ca.api.OperationException)

Example 52 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project xipki by xipki.

the class CaUtil method getChallengePassword.

public static String getChallengePassword(CertificationRequestInfo csr) {
    ParamUtil.requireNonNull("csr", csr);
    ASN1Set attrs = csr.getAttributes();
    for (int i = 0; i < attrs.size(); i++) {
        Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
        if (PKCSObjectIdentifiers.pkcs_9_at_challengePassword.equals(attr.getAttrType())) {
            ASN1String str = (ASN1String) attr.getAttributeValues()[0];
            return str.getString();
        }
    }
    return null;
}
Also used : ASN1Set(org.bouncycastle.asn1.ASN1Set) Attribute(org.bouncycastle.asn1.pkcs.Attribute) ASN1String(org.bouncycastle.asn1.ASN1String) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Example 53 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project keystore-explorer by kaikramer.

the class DSignCsr method populatePkcs10CsrDetails.

private void populatePkcs10CsrDetails() throws CryptoException {
    jtfCsrFormat.setText(res.getString("DSignCsr.jtfCsrFormat.Pkcs10.text"));
    jtfCsrFormat.setCaretPosition(0);
    jdnCsrSubject.setDistinguishedName(pkcs10Csr.getSubject());
    try {
        csrPublicKey = new JcaPKCS10CertificationRequest(pkcs10Csr).getPublicKey();
    } catch (GeneralSecurityException ex) {
        throw new CryptoException(res.getString("DSignCsr.NoGetCsrPublicKey.message"), ex);
    }
    populatePublicKey();
    String sigAlgId = pkcs10Csr.getSignatureAlgorithm().getAlgorithm().getId();
    byte[] sigAlgParams = extractSigAlgParams();
    SignatureType sigAlg = SignatureType.resolveOid(sigAlgId, sigAlgParams);
    if (sigAlg != null) {
        jtfCsrSignatureAlgorithm.setText(sigAlg.friendly());
    } else {
        jtfCsrSignatureAlgorithm.setText(sigAlgId);
    }
    jtfCsrSignatureAlgorithm.setCaretPosition(0);
    DialogHelper.populatePkcs10Challenge(pkcs10Csr.getAttributes(), jtfCsrChallenge);
    Attribute[] extReqAttr = pkcs10Csr.getAttributes(pkcs_9_at_extensionRequest);
    if (extReqAttr != null && extReqAttr.length > 0) {
        jbCsrExtensions.setEnabled(true);
        jbTransferExtensions.setEnabled(true);
    } else {
        jbCsrExtensions.setEnabled(false);
        jbTransferExtensions.setEnabled(false);
    }
}
Also used : JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest) Attribute(org.bouncycastle.asn1.pkcs.Attribute) GeneralSecurityException(java.security.GeneralSecurityException) SignatureType(org.kse.crypto.signing.SignatureType) CryptoException(org.kse.crypto.CryptoException)

Example 54 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project keystore-explorer by kaikramer.

the class DialogHelper method populateTextField.

private static void populateTextField(Attribute[] attrs, JTextField textField, ASN1ObjectIdentifier pkcs9Attr) {
    if (attrs != null) {
        for (Attribute attribute : attrs) {
            ASN1ObjectIdentifier attributeOid = attribute.getAttrType();
            if (attributeOid.equals(pkcs9Attr)) {
                ASN1Encodable challenge = attribute.getAttributeValues()[0];
                // data type can be one of IA5String or UTF8String
                if (challenge instanceof DERPrintableString) {
                    textField.setText(((DERPrintableString) challenge).getString());
                } else if (challenge instanceof DERUTF8String) {
                    textField.setText(((DERUTF8String) challenge).getString());
                }
                textField.setCaretPosition(0);
            }
        }
    }
}
Also used : DERUTF8String(org.bouncycastle.asn1.DERUTF8String) Attribute(org.bouncycastle.asn1.pkcs.Attribute) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 55 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project xipki by xipki.

the class Ca2Manager method generateCertificate.

// method generateRootCa
X509Cert generateCertificate(String caName, String profileName, byte[] encodedCsr, Date notBefore, Date notAfter) throws CaMgmtException {
    caName = toNonBlankLower(caName, "caName");
    profileName = toNonBlankLower(profileName, "profileName");
    notNull(encodedCsr, "encodedCsr");
    AuditEvent event = new AuditEvent(new Date());
    event.setApplicationName(APPNAME);
    event.setName(NAME_perf);
    event.addEventType("CAMGMT_CRL_GEN_ONDEMAND");
    X509Ca ca = getX509Ca(caName);
    CertificationRequest csr;
    try {
        csr = X509Util.parseCsr(encodedCsr);
    } catch (Exception ex) {
        throw new CaMgmtException(concat("invalid CSR request. ERROR: ", ex.getMessage()));
    }
    if (!ca.verifyCsr(csr)) {
        throw new CaMgmtException("could not validate POP for the CSR");
    }
    CertificationRequestInfo certTemp = csr.getCertificationRequestInfo();
    Extensions extensions = null;
    ASN1Set attrs = certTemp.getAttributes();
    for (int i = 0; i < attrs.size(); i++) {
        Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
        if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
            extensions = Extensions.getInstance(attr.getAttributeValues()[0]);
        }
    }
    X500Name subject = certTemp.getSubject();
    SubjectPublicKeyInfo publicKeyInfo = certTemp.getSubjectPublicKeyInfo();
    CertTemplateData certTemplateData = new CertTemplateData(subject, publicKeyInfo, notBefore, notAfter, extensions, profileName);
    CertificateInfo certInfo;
    try {
        certInfo = ca.generateCert(certTemplateData, manager.byCaRequestor, RequestType.CA, null, MSGID_ca_mgmt);
    } catch (OperationException ex) {
        throw new CaMgmtException(ex.getMessage(), ex);
    }
    if (ca.getCaInfo().isSaveRequest()) {
        try {
            long dbId = ca.addRequest(encodedCsr);
            ca.addRequestCert(dbId, certInfo.getCert().getCertId());
        } catch (OperationException ex) {
            LogUtil.warn(LOG, ex, "could not save request");
        }
    }
    return certInfo.getCert().getCert();
}
Also used : CertificationRequestInfo(org.bouncycastle.asn1.pkcs.CertificationRequestInfo) Attribute(org.bouncycastle.asn1.pkcs.Attribute) X500Name(org.bouncycastle.asn1.x500.X500Name) Extensions(org.bouncycastle.asn1.x509.Extensions) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) DataAccessException(org.xipki.datasource.DataAccessException) CertificateException(java.security.cert.CertificateException) OperationException(org.xipki.ca.api.OperationException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ASN1Set(org.bouncycastle.asn1.ASN1Set) CertificateInfo(org.xipki.ca.api.CertificateInfo) AuditEvent(org.xipki.audit.AuditEvent) CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest) OperationException(org.xipki.ca.api.OperationException)

Aggregations

Attribute (org.bouncycastle.asn1.pkcs.Attribute)36 IOException (java.io.IOException)25 Extensions (org.bouncycastle.asn1.x509.Extensions)18 ArrayList (java.util.ArrayList)17 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)15 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)13 List (java.util.List)12 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)12 GeneralName (org.bouncycastle.asn1.x509.GeneralName)12 ASN1Set (org.bouncycastle.asn1.ASN1Set)10 ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)9 Iterator (java.util.Iterator)9 CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)8 DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)8 AttributeTable (com.github.zhenwei.pkix.util.asn1.cms.AttributeTable)8 Enumeration (java.util.Enumeration)8 X500Name (org.bouncycastle.asn1.x500.X500Name)8 Attribute (com.github.zhenwei.pkix.util.asn1.cms.Attribute)7 GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)6 GeneralSecurityException (java.security.GeneralSecurityException)6