Search in sources :

Example 76 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project ca3sCore by kuehne-trustable-de.

the class CaCmpConnector method buildCertRequest.

/**
 * @param certReqId
 * @param p10Req
 * @param hmacSecret
 * @return
 * @throws GeneralSecurityException
 */
PKIMessage buildCertRequest(long certReqId, final PKCS10CertificationRequest p10Req, final String hmacSecret) throws GeneralSecurityException {
    X500Name subjectDN = p10Req.getSubject();
    Collection<Extension> certExtList = new ArrayList<>();
    Attribute[] attrs = p10Req.getAttributes();
    for (Attribute attr : attrs) {
        for (ASN1Encodable asn1Enc : attr.getAttributeValues()) {
            boolean critical = false;
            Extension ext;
            try {
                ext = new Extension(attr.getAttrType(), critical, asn1Enc.toASN1Primitive().getEncoded());
                LOGGER.debug("Csr Extension from PKCS10Attr : " + ext.getExtnId().getId() + " -> " + ext.getParsedValue().toString());
                certExtList.add(ext);
            } catch (IOException e) {
                LOGGER.error("reading attribute", e);
                throw new GeneralSecurityException(e.getMessage());
            }
        }
    }
    return cryptoUtil.buildCertRequest(certReqId, subjectDN, certExtList, p10Req.getSubjectPublicKeyInfo(), hmacSecret);
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) RDNAttribute(de.trustable.ca3s.core.domain.RDNAttribute) CsrAttribute(de.trustable.ca3s.core.domain.CsrAttribute) Attribute(org.bouncycastle.asn1.pkcs.Attribute) GeneralSecurityException(java.security.GeneralSecurityException) ArrayList(java.util.ArrayList) X500Name(org.bouncycastle.asn1.x500.X500Name) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) IOException(java.io.IOException)

Example 77 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project acme4j by shred.

the class CertificateUtils method createTestCertificate.

/**
 * Creates a signed end entity certificate from the given CSR.
 * <p>
 * This method is only meant for testing purposes! Do not use it in a real-world CA
 * implementation.
 * <p>
 * Do not assume that real-world certificates have a similar structure. It's up to the
 * discretion of the CA which distinguished names, validity dates, extensions and
 * other parameters are transferred from the CSR to the generated certificate.
 *
 * @param csr
 *         CSR to create the certificate from
 * @param notBefore
 *         {@link Instant} before which the certificate is not valid.
 * @param notAfter
 *         {@link Instant} after which the certificate is not valid.
 * @param issuer
 *         The issuer's {@link X509Certificate}.
 * @param issuerPrivateKey
 *         {@link PrivateKey} of the issuer. This is not the private key the CSR was
 *         signed with.
 * @return Generated {@link X509Certificate}
 * @since 2.8
 */
public static X509Certificate createTestCertificate(PKCS10CertificationRequest csr, Instant notBefore, Instant notAfter, X509Certificate issuer, PrivateKey issuerPrivateKey) {
    Objects.requireNonNull(csr, "csr");
    Objects.requireNonNull(notBefore, "notBefore");
    Objects.requireNonNull(notAfter, "notAfter");
    Objects.requireNonNull(issuer, "issuer");
    Objects.requireNonNull(issuerPrivateKey, "issuerPrivateKey");
    try {
        JcaPKCS10CertificationRequest jcaCsr = new JcaPKCS10CertificationRequest(csr);
        JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(new X500Name(issuer.getIssuerX500Principal().getName()), BigInteger.valueOf(System.currentTimeMillis()), Date.from(notBefore), Date.from(notAfter), csr.getSubject(), jcaCsr.getPublicKey());
        Attribute[] attr = csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
        if (attr.length > 0) {
            ASN1Encodable[] extensions = attr[0].getAttrValues().toArray();
            if (extensions.length > 0 && extensions[0] instanceof Extensions) {
                GeneralNames san = GeneralNames.fromExtensions((Extensions) extensions[0], Extension.subjectAlternativeName);
                certBuilder.addExtension(Extension.subjectAlternativeName, false, san);
            }
        }
        return buildCertificate(certBuilder::build, issuerPrivateKey);
    } catch (NoSuchAlgorithmException | InvalidKeyException | CertIOException ex) {
        throw new IllegalArgumentException("Invalid CSR", ex);
    }
}
Also used : JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest) Attribute(org.bouncycastle.asn1.pkcs.Attribute) X500Name(org.bouncycastle.asn1.x500.X500Name) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) Extensions(org.bouncycastle.asn1.x509.Extensions) InvalidKeyException(java.security.InvalidKeyException) CertIOException(org.bouncycastle.cert.CertIOException) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)

Example 78 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.

the class Attribute method toASN1Primitive.

/**
 * Produce an object suitable for an ASN1OutputStream.
 * <pre>
 * Attribute ::= SEQUENCE {
 *     attrType OBJECT IDENTIFIER,
 *     attrValues SET OF AttributeValue
 * }
 * </pre>
 */
public ASN1Primitive toASN1Primitive() {
    ASN1EncodableVector v = new ASN1EncodableVector(2);
    v.add(attrType);
    v.add(attrValues);
    return new DERSequence(v);
}
Also used : DERSequence(com.github.zhenwei.core.asn1.DERSequence) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)

Aggregations

Attribute (org.bouncycastle.asn1.pkcs.Attribute)36 IOException (java.io.IOException)25 Extensions (org.bouncycastle.asn1.x509.Extensions)18 ArrayList (java.util.ArrayList)17 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)15 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)13 List (java.util.List)12 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)12 GeneralName (org.bouncycastle.asn1.x509.GeneralName)12 ASN1Set (org.bouncycastle.asn1.ASN1Set)10 ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)9 Iterator (java.util.Iterator)9 CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)8 DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)8 AttributeTable (com.github.zhenwei.pkix.util.asn1.cms.AttributeTable)8 Enumeration (java.util.Enumeration)8 X500Name (org.bouncycastle.asn1.x500.X500Name)8 Attribute (com.github.zhenwei.pkix.util.asn1.cms.Attribute)7 GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)6 GeneralSecurityException (java.security.GeneralSecurityException)6