Example 11 with Attribute
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project xipki by xipki.
the class CaUtil method getExtensions.
public static Extensions getExtensions(CertificationRequestInfo csr) {
ParamUtil.requireNonNull("csr", csr);
ASN1Set attrs = csr.getAttributes();
for (int i = 0; i < attrs.size(); i++) {
Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
return Extensions.getInstance(attr.getAttributeValues()[0]);
}
}
return null;
}
Also used :
ASN1Set(org.bouncycastle.asn1.ASN1Set)
Attribute(org.bouncycastle.asn1.pkcs.Attribute)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
Example 12 with Attribute
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project xipki by xipki.
the class CheckCertCmd method execute0.
@Override
protected Object execute0() throws Exception {
Set<String> issuerNames = qaSystemManager.getIssuerNames();
if (isEmpty(issuerNames)) {
throw new IllegalCmdParamException("no issuer is configured");
}
if (issuerName == null) {
if (issuerNames.size() != 1) {
throw new IllegalCmdParamException("no issuer is specified");
}
issuerName = issuerNames.iterator().next();
}
if (!issuerNames.contains(issuerName)) {
throw new IllegalCmdParamException("issuer " + issuerName + " is not within the configured issuers " + issuerNames);
}
X509IssuerInfo issuerInfo = qaSystemManager.getIssuer(issuerName);
X509CertprofileQa qa = qaSystemManager.getCertprofile(profileName);
if (qa == null) {
throw new IllegalCmdParamException("found no certificate profile named '" + profileName + "'");
}
CertificationRequest csr = CertificationRequest.getInstance(IoUtil.read(csrFile));
Extensions extensions = null;
CertificationRequestInfo reqInfo = csr.getCertificationRequestInfo();
ASN1Set attrs = reqInfo.getAttributes();
for (int i = 0; i < attrs.size(); i++) {
Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
extensions = Extensions.getInstance(attr.getAttributeValues()[0]);
}
}
byte[] certBytes = IoUtil.read(certFile);
ValidationResult result = qa.checkCert(certBytes, issuerInfo, reqInfo.getSubject(), reqInfo.getSubjectPublicKeyInfo(), extensions);
StringBuilder sb = new StringBuilder();
sb.append(certFile).append(" (certprofile ").append(profileName).append(")\n");
sb.append("\tcertificate is ");
sb.append(result.isAllSuccessful() ? "valid" : "invalid");
if (verbose.booleanValue()) {
for (ValidationIssue issue : result.getValidationIssues()) {
sb.append("\n");
format(issue, " ", sb);
}
}
println(sb.toString());
if (!result.isAllSuccessful()) {
throw new CmdFailure("certificate is invalid");
}
return null;
}
Also used :
X509CertprofileQa(org.xipki.ca.qa.X509CertprofileQa)
CertificationRequestInfo(org.bouncycastle.asn1.pkcs.CertificationRequestInfo)
Attribute(org.bouncycastle.asn1.pkcs.Attribute)
X509IssuerInfo(org.xipki.ca.qa.X509IssuerInfo)
Extensions(org.bouncycastle.asn1.x509.Extensions)
ValidationResult(org.xipki.common.qa.ValidationResult)
ValidationIssue(org.xipki.common.qa.ValidationIssue)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
CmdFailure(org.xipki.console.karaf.CmdFailure)
IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)
CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest)
Example 13 with Attribute
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project certmgr by hdecarne.
the class PKCS10CertificateRequest method fromPKCS10.
/**
* Construct {@code PKCS10CertificateRequest} from a PKCS#10 object.
*
* @param pkcs10 The PCKS#10 object.
* @return The constructed {@code PKCS10CertificateRequest}.
* @throws IOException if an I/O error occurs while accessing the PKCS#10 object.
*/
public static PKCS10CertificateRequest fromPKCS10(PKCS10CertificationRequest pkcs10) throws IOException {
JcaPKCS10CertificationRequest csr;
X500Principal subject;
PublicKey publicKey;
Map<String, byte[]> criticalExtensions = new HashMap<>();
Map<String, byte[]> nonCriticalExtensions = new HashMap<>();
try {
if (pkcs10 instanceof JcaPKCS10CertificationRequest) {
csr = (JcaPKCS10CertificationRequest) pkcs10;
} else {
csr = new JcaPKCS10CertificationRequest(pkcs10);
}
subject = new X500Principal(csr.getSubject().getEncoded());
publicKey = csr.getPublicKey();
Attribute[] extensionAttributes = csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
if (extensionAttributes != null) {
for (Attribute extensionAttribute : extensionAttributes) {
ASN1Encodable[] values = extensionAttribute.getAttributeValues();
if (values != null) {
for (ASN1Encodable value : values) {
ASN1Primitive[] extensionPrimitives = decodeSequence(value.toASN1Primitive(), 0, Integer.MAX_VALUE);
for (ASN1Primitive extensionPrimitive : extensionPrimitives) {
ASN1Primitive[] sequence = decodeSequence(extensionPrimitive, 2, 3);
String extensionOID = decodePrimitive(sequence[0], ASN1ObjectIdentifier.class).getId();
boolean criticalFlag = true;
byte[] extensionData;
if (sequence.length == 3) {
criticalFlag = decodePrimitive(sequence[1], ASN1Boolean.class).isTrue();
extensionData = sequence[2].getEncoded();
} else {
extensionData = sequence[1].getEncoded();
}
if (criticalFlag) {
criticalExtensions.put(extensionOID, extensionData);
} else {
nonCriticalExtensions.put(extensionOID, extensionData);
}
}
}
}
}
}
} catch (GeneralSecurityException e) {
throw new CertProviderException(e);
}
return new PKCS10CertificateRequest(csr, subject, publicKey, criticalExtensions, nonCriticalExtensions);
}
Also used :
JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest)
HashMap(java.util.HashMap)
Attribute(org.bouncycastle.asn1.pkcs.Attribute)
PublicKey(java.security.PublicKey)
GeneralSecurityException(java.security.GeneralSecurityException)
CertProviderException(de.carne.certmgr.certs.CertProviderException)
X500Principal(javax.security.auth.x500.X500Principal)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 14 with Attribute
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project keystore-explorer by kaikramer.
the class Pkcs10Util method getExtensions.
/**
* Extract sequence with extensions from CSR
*
* @param pkcs10Csr The CSR
* @return Extensions from that CSR (if any)
*/
public static X509ExtensionSet getExtensions(PKCS10CertificationRequest pkcs10Csr) {
Attribute[] attributes = pkcs10Csr.getAttributes(pkcs_9_at_extensionRequest);
X509ExtensionSet x509ExtensionSet = new X509ExtensionSet();
if ((attributes != null) && (attributes.length > 0)) {
ASN1Encodable[] attributeValues = attributes[0].getAttributeValues();
if (attributeValues.length > 0) {
ASN1Sequence asn1Sequence = ASN1Sequence.getInstance(attributeValues[0]);
x509ExtensionSet = new X509ExtensionSet(asn1Sequence);
}
}
return x509ExtensionSet;
}
Also used :
X509ExtensionSet(org.kse.crypto.x509.X509ExtensionSet)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
Attribute(org.bouncycastle.asn1.pkcs.Attribute)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Example 15 with Attribute
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project keystore-explorer by kaikramer.
the class DViewCsr method populatePkcs10CsrDetails.
private void populatePkcs10CsrDetails() throws CryptoException {
jtfFormat.setText(res.getString("DViewCsr.jtfFormat.Pkcs10.text"));
jtfFormat.setCaretPosition(0);
jdnSubject.setDistinguishedName(pkcs10Csr.getSubject());
jbPem.setEnabled(true);
jbAsn1.setEnabled(true);
Attribute[] extReqAttr = pkcs10Csr.getAttributes(pkcs_9_at_extensionRequest);
if (extReqAttr != null && extReqAttr.length > 0) {
jbExtensions.setEnabled(true);
} else {
jbExtensions.setEnabled(false);
}
DialogHelper.populatePkcs10Challenge(pkcs10Csr.getAttributes(), jtfChallenge);
DialogHelper.populatePkcs10UnstructuredName(pkcs10Csr.getAttributes(), jtfUnstructuredName);
populatePublicKey(getPkcs10PublicKey());
String sigAlgId = pkcs10Csr.getSignatureAlgorithm().getAlgorithm().getId();
byte[] sigAlgParamsEncoded = extractSigAlgParams();
SignatureType sigAlg = SignatureType.resolveOid(sigAlgId, sigAlgParamsEncoded);
if (sigAlg != null) {
jtfSignatureAlgorithm.setText(sigAlg.friendly());
} else {
jtfSignatureAlgorithm.setText(sigAlgId);
}
jtfSignatureAlgorithm.setCaretPosition(0);
}
Also used :
Attribute(org.bouncycastle.asn1.pkcs.Attribute)
SignatureType(org.kse.crypto.signing.SignatureType)
Aggregations
Attribute (org.bouncycastle.asn1.pkcs.Attribute)36
IOException (java.io.IOException)25
Extensions (org.bouncycastle.asn1.x509.Extensions)18
ArrayList (java.util.ArrayList)17
ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)15
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)13
List (java.util.List)12
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)12
GeneralName (org.bouncycastle.asn1.x509.GeneralName)12
ASN1Set (org.bouncycastle.asn1.ASN1Set)10
ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)9
Iterator (java.util.Iterator)9
CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)8
DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)8
AttributeTable (com.github.zhenwei.pkix.util.asn1.cms.AttributeTable)8
Enumeration (java.util.Enumeration)8
X500Name (org.bouncycastle.asn1.x500.X500Name)8
Attribute (com.github.zhenwei.pkix.util.asn1.cms.Attribute)7
GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)6
GeneralSecurityException (java.security.GeneralSecurityException)6
