Examples with Attribute com.github.zhenwei.core.asn1.pkcs.Attribute used on opensource projects

Search in sources :

Example 6 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project acme4j by shred.

the class SMIMECSRBuilderTest method smimeCsrTest.

/**
 * Checks if the S/MIME CSR contains the right parameters.
 * <p>
 * This is not supposed to be a Bouncy Castle test. If the
 * {@link PKCS10CertificationRequest} contains the right parameters, we assume that
 * Bouncy Castle encodes it properly.
 */
private void smimeCsrTest(PKCS10CertificationRequest csr) {
    X500Name name = csr.getSubject();
    try (AutoCloseableSoftAssertions softly = new AutoCloseableSoftAssertions()) {
        softly.assertThat(name.getRDNs(BCStyle.CN)).as("CN").extracting(rdn -> rdn.getFirst().getValue().toString()).contains("mail@example.com");
        softly.assertThat(name.getRDNs(BCStyle.C)).as("C").extracting(rdn -> rdn.getFirst().getValue().toString()).contains("XX");
        softly.assertThat(name.getRDNs(BCStyle.L)).as("L").extracting(rdn -> rdn.getFirst().getValue().toString()).contains("Testville");
        softly.assertThat(name.getRDNs(BCStyle.O)).as("O").extracting(rdn -> rdn.getFirst().getValue().toString()).contains("Testing Co");
        softly.assertThat(name.getRDNs(BCStyle.OU)).as("OU").extracting(rdn -> rdn.getFirst().getValue().toString()).contains("Testunit");
        softly.assertThat(name.getRDNs(BCStyle.ST)).as("ST").extracting(rdn -> rdn.getFirst().getValue().toString()).contains("ABC");
    }
    Attribute[] attr = csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
    assertThat(attr).hasSize(1);
    ASN1Encodable[] extensions = attr[0].getAttrValues().toArray();
    assertThat(extensions).hasSize(1);
    GeneralNames names = GeneralNames.fromExtensions((Extensions) extensions[0], Extension.subjectAlternativeName);
    assertThat(names.getNames()).filteredOn(gn -> gn.getTagNo() == GeneralName.rfc822Name).extracting(gn -> DERIA5String.getInstance(gn.getName()).getString()).containsExactlyInAnyOrder("mail@example.com", "info@example.com", "sales@example.com", "shop@example.com", "support@example.com", "help@example.com");
}
Also used : Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) KeyPair(java.security.KeyPair) Arrays(java.util.Arrays) PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) ByteArrayOutputStream(java.io.ByteArrayOutputStream) PKCSObjectIdentifiers(org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers) Extension(org.bouncycastle.asn1.x509.Extension) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Security(java.security.Security) DERBitString(org.bouncycastle.asn1.DERBitString) AddressException(jakarta.mail.internet.AddressException) BCStyle(org.bouncycastle.asn1.x500.style.BCStyle) InternetAddress(jakarta.mail.internet.InternetAddress) X500Name(org.bouncycastle.asn1.x500.X500Name) BeforeAll(org.junit.jupiter.api.BeforeAll) AutoCloseableSoftAssertions(org.assertj.core.api.AutoCloseableSoftAssertions) DERIA5String(org.bouncycastle.asn1.DERIA5String) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) UTF_8(java.nio.charset.StandardCharsets.UTF_8) PEMParser(org.bouncycastle.openssl.PEMParser) StringWriter(java.io.StringWriter) IOException(java.io.IOException) Extensions(org.bouncycastle.asn1.x509.Extensions) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) Test(org.junit.jupiter.api.Test) GeneralName(org.bouncycastle.asn1.x509.GeneralName) StringReader(java.io.StringReader) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) Attribute(org.bouncycastle.asn1.pkcs.Attribute) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) KeyPairUtils(org.shredzone.acme4j.util.KeyPairUtils) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) Attribute(org.bouncycastle.asn1.pkcs.Attribute) X500Name(org.bouncycastle.asn1.x500.X500Name) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) AutoCloseableSoftAssertions(org.assertj.core.api.AutoCloseableSoftAssertions)

Example 7 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project athenz by yahoo.

the class Crypto method extractX509CSREmail.

public static String extractX509CSREmail(PKCS10CertificationRequest certReq) {
    String rfc822 = null;
    Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
    for (Attribute attribute : attributes) {
        for (ASN1Encodable value : attribute.getAttributeValues()) {
            Extensions extensions = Extensions.getInstance(value);
            GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
            for (GeneralName name : gns.getNames()) {
                if (name.getTagNo() == GeneralName.rfc822Name) {
                    rfc822 = (((DERIA5String) name.getName()).getString());
                    break;
                }
            }
        }
    }
    return rfc822;
}
Also used : DERIA5String(org.bouncycastle.asn1.DERIA5String) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) Attribute(org.bouncycastle.asn1.pkcs.Attribute) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) GeneralName(org.bouncycastle.asn1.x509.GeneralName) Extensions(org.bouncycastle.asn1.x509.Extensions)

Example 8 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project athenz by yahoo.

the class Crypto method extractX509CSRDnsNames.

public static List<String> extractX509CSRDnsNames(PKCS10CertificationRequest certReq) {
    List<String> dnsNames = new ArrayList<>();
    Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
    for (Attribute attribute : attributes) {
        for (ASN1Encodable value : attribute.getAttributeValues()) {
            Extensions extensions = Extensions.getInstance(value);
            GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
            for (GeneralName name : gns.getNames()) {
                if (name.getTagNo() == GeneralName.dNSName) {
                    dnsNames.add(((DERIA5String) name.getName()).getString());
                }
            }
        }
    }
    return dnsNames;
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) Attribute(org.bouncycastle.asn1.pkcs.Attribute) ArrayList(java.util.ArrayList) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) GeneralName(org.bouncycastle.asn1.x509.GeneralName) Extensions(org.bouncycastle.asn1.x509.Extensions)

Example 9 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project athenz by yahoo.

the class Crypto method extractX509CSRSANField.

private static List<String> extractX509CSRSANField(PKCS10CertificationRequest certReq, int tagNo) {
    List<String> values = new ArrayList<>();
    Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
    for (Attribute attribute : attributes) {
        for (ASN1Encodable value : attribute.getAttributeValues()) {
            Extensions extensions = Extensions.getInstance(value);
            GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
            // /CLOVER:OFF
            if (gns == null) {
                continue;
            }
            // /CLOVER:ON
            for (GeneralName name : gns.getNames()) {
                if (name.getTagNo() == tagNo) {
                    values.add(((DERIA5String) name.getName()).getString());
                }
            }
        }
    }
    return values;
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) Attribute(org.bouncycastle.asn1.pkcs.Attribute) GeneralName(org.bouncycastle.asn1.x509.GeneralName) Extensions(org.bouncycastle.asn1.x509.Extensions)

Example 10 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project xipki by xipki.

the class X509SelfSignedCertBuilder method generateCertificate.

// method generateSelfSigned
private static X509Certificate generateCertificate(ConcurrentContentSigner signer, IdentifiedX509Certprofile certprofile, CertificationRequest csr, BigInteger serialNumber, SubjectPublicKeyInfo publicKeyInfo, List<String> caCertUris, List<String> ocspUris, List<String> crlUris, List<String> deltaCrlUris, ConfPairs extraControl) throws OperationException {
    SubjectPublicKeyInfo tmpPublicKeyInfo;
    try {
        tmpPublicKeyInfo = X509Util.toRfc3279Style(publicKeyInfo);
    } catch (InvalidKeySpecException ex) {
        LOG.warn("SecurityUtil.toRfc3279Style", ex);
        throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, ex);
    }
    try {
        certprofile.checkPublicKey(tmpPublicKeyInfo);
    } catch (BadCertTemplateException ex) {
        LOG.warn("certprofile.checkPublicKey", ex);
        throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, ex);
    }
    X500Name requestedSubject = csr.getCertificationRequestInfo().getSubject();
    SubjectInfo subjectInfo;
    // subject
    try {
        subjectInfo = certprofile.getSubject(requestedSubject);
    } catch (CertprofileException ex) {
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, "exception in cert profile " + certprofile.getIdent());
    } catch (BadCertTemplateException ex) {
        LOG.warn("certprofile.getSubject", ex);
        throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, ex);
    }
    Date notBefore = certprofile.getNotBefore(null);
    if (notBefore == null) {
        notBefore = new Date();
    }
    CertValidity validity = certprofile.getValidity();
    if (validity == null) {
        throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, "no validity specified in the profile " + certprofile.getIdent());
    }
    Date notAfter = validity.add(notBefore);
    X500Name grantedSubject = subjectInfo.getGrantedSubject();
    X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(grantedSubject, serialNumber, notBefore, notAfter, grantedSubject, tmpPublicKeyInfo);
    PublicCaInfo publicCaInfo = new PublicCaInfo(grantedSubject, serialNumber, null, null, caCertUris, ocspUris, crlUris, deltaCrlUris, extraControl);
    Extensions extensions = null;
    ASN1Set attrs = csr.getCertificationRequestInfo().getAttributes();
    for (int i = 0; i < attrs.size(); i++) {
        Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
        if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
            extensions = Extensions.getInstance(attr.getAttributeValues()[0]);
        }
    }
    try {
        addExtensions(certBuilder, certprofile, requestedSubject, grantedSubject, extensions, tmpPublicKeyInfo, publicCaInfo, notBefore, notAfter);
        ConcurrentBagEntrySigner signer0 = signer.borrowSigner();
        X509CertificateHolder certHolder;
        try {
            certHolder = certBuilder.build(signer0.value());
        } finally {
            signer.requiteSigner(signer0);
        }
        Certificate bcCert = certHolder.toASN1Structure();
        return X509Util.parseCert(bcCert.getEncoded());
    } catch (BadCertTemplateException ex) {
        throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, ex);
    } catch (NoIdleSignerException | CertificateException | IOException | CertprofileException ex) {
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
    }
}
Also used : CertValidity(org.xipki.ca.api.profile.CertValidity) Attribute(org.bouncycastle.asn1.pkcs.Attribute) SubjectInfo(org.xipki.ca.api.profile.x509.SubjectInfo) CertificateException(java.security.cert.CertificateException) X500Name(org.bouncycastle.asn1.x500.X500Name) IOException(java.io.IOException) Extensions(org.bouncycastle.asn1.x509.Extensions) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) PublicCaInfo(org.xipki.ca.api.PublicCaInfo) ConcurrentBagEntrySigner(org.xipki.security.ConcurrentBagEntrySigner) Date(java.util.Date) ASN1Set(org.bouncycastle.asn1.ASN1Set) CertprofileException(org.xipki.ca.api.profile.CertprofileException) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) NoIdleSignerException(org.xipki.security.exception.NoIdleSignerException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) OperationException(org.xipki.ca.api.OperationException) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate)

Aggregations

Attribute (org.bouncycastle.asn1.pkcs.Attribute)36 IOException (java.io.IOException)25 Extensions (org.bouncycastle.asn1.x509.Extensions)18 ArrayList (java.util.ArrayList)17 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)15 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)13 List (java.util.List)12 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)12 GeneralName (org.bouncycastle.asn1.x509.GeneralName)12 ASN1Set (org.bouncycastle.asn1.ASN1Set)10 ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)9 Iterator (java.util.Iterator)9 CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)8 DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)8 AttributeTable (com.github.zhenwei.pkix.util.asn1.cms.AttributeTable)8 Enumeration (java.util.Enumeration)8 X500Name (org.bouncycastle.asn1.x500.X500Name)8 Attribute (com.github.zhenwei.pkix.util.asn1.cms.Attribute)7 GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)6 GeneralSecurityException (java.security.GeneralSecurityException)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial