Search in sources :

Example 11 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project xipki by xipki.

the class CaUtil method getExtensions.

public static Extensions getExtensions(CertificationRequestInfo csr) {
    ParamUtil.requireNonNull("csr", csr);
    ASN1Set attrs = csr.getAttributes();
    for (int i = 0; i < attrs.size(); i++) {
        Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
        if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
            return Extensions.getInstance(attr.getAttributeValues()[0]);
        }
    }
    return null;
}
Also used : ASN1Set(org.bouncycastle.asn1.ASN1Set) Attribute(org.bouncycastle.asn1.pkcs.Attribute) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Example 12 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project xipki by xipki.

the class CheckCertCmd method execute0.

@Override
protected Object execute0() throws Exception {
    Set<String> issuerNames = qaSystemManager.getIssuerNames();
    if (isEmpty(issuerNames)) {
        throw new IllegalCmdParamException("no issuer is configured");
    }
    if (issuerName == null) {
        if (issuerNames.size() != 1) {
            throw new IllegalCmdParamException("no issuer is specified");
        }
        issuerName = issuerNames.iterator().next();
    }
    if (!issuerNames.contains(issuerName)) {
        throw new IllegalCmdParamException("issuer " + issuerName + " is not within the configured issuers " + issuerNames);
    }
    X509IssuerInfo issuerInfo = qaSystemManager.getIssuer(issuerName);
    X509CertprofileQa qa = qaSystemManager.getCertprofile(profileName);
    if (qa == null) {
        throw new IllegalCmdParamException("found no certificate profile named '" + profileName + "'");
    }
    CertificationRequest csr = CertificationRequest.getInstance(IoUtil.read(csrFile));
    Extensions extensions = null;
    CertificationRequestInfo reqInfo = csr.getCertificationRequestInfo();
    ASN1Set attrs = reqInfo.getAttributes();
    for (int i = 0; i < attrs.size(); i++) {
        Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
        if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
            extensions = Extensions.getInstance(attr.getAttributeValues()[0]);
        }
    }
    byte[] certBytes = IoUtil.read(certFile);
    ValidationResult result = qa.checkCert(certBytes, issuerInfo, reqInfo.getSubject(), reqInfo.getSubjectPublicKeyInfo(), extensions);
    StringBuilder sb = new StringBuilder();
    sb.append(certFile).append(" (certprofile ").append(profileName).append(")\n");
    sb.append("\tcertificate is ");
    sb.append(result.isAllSuccessful() ? "valid" : "invalid");
    if (verbose.booleanValue()) {
        for (ValidationIssue issue : result.getValidationIssues()) {
            sb.append("\n");
            format(issue, "    ", sb);
        }
    }
    println(sb.toString());
    if (!result.isAllSuccessful()) {
        throw new CmdFailure("certificate is invalid");
    }
    return null;
}
Also used : X509CertprofileQa(org.xipki.ca.qa.X509CertprofileQa) CertificationRequestInfo(org.bouncycastle.asn1.pkcs.CertificationRequestInfo) Attribute(org.bouncycastle.asn1.pkcs.Attribute) X509IssuerInfo(org.xipki.ca.qa.X509IssuerInfo) Extensions(org.bouncycastle.asn1.x509.Extensions) ValidationResult(org.xipki.common.qa.ValidationResult) ValidationIssue(org.xipki.common.qa.ValidationIssue) ASN1Set(org.bouncycastle.asn1.ASN1Set) CmdFailure(org.xipki.console.karaf.CmdFailure) IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException) CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest)

Example 13 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project certmgr by hdecarne.

the class PKCS10CertificateRequest method fromPKCS10.

/**
 * Construct {@code PKCS10CertificateRequest} from a PKCS#10 object.
 *
 * @param pkcs10 The PCKS#10 object.
 * @return The constructed {@code PKCS10CertificateRequest}.
 * @throws IOException if an I/O error occurs while accessing the PKCS#10 object.
 */
public static PKCS10CertificateRequest fromPKCS10(PKCS10CertificationRequest pkcs10) throws IOException {
    JcaPKCS10CertificationRequest csr;
    X500Principal subject;
    PublicKey publicKey;
    Map<String, byte[]> criticalExtensions = new HashMap<>();
    Map<String, byte[]> nonCriticalExtensions = new HashMap<>();
    try {
        if (pkcs10 instanceof JcaPKCS10CertificationRequest) {
            csr = (JcaPKCS10CertificationRequest) pkcs10;
        } else {
            csr = new JcaPKCS10CertificationRequest(pkcs10);
        }
        subject = new X500Principal(csr.getSubject().getEncoded());
        publicKey = csr.getPublicKey();
        Attribute[] extensionAttributes = csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
        if (extensionAttributes != null) {
            for (Attribute extensionAttribute : extensionAttributes) {
                ASN1Encodable[] values = extensionAttribute.getAttributeValues();
                if (values != null) {
                    for (ASN1Encodable value : values) {
                        ASN1Primitive[] extensionPrimitives = decodeSequence(value.toASN1Primitive(), 0, Integer.MAX_VALUE);
                        for (ASN1Primitive extensionPrimitive : extensionPrimitives) {
                            ASN1Primitive[] sequence = decodeSequence(extensionPrimitive, 2, 3);
                            String extensionOID = decodePrimitive(sequence[0], ASN1ObjectIdentifier.class).getId();
                            boolean criticalFlag = true;
                            byte[] extensionData;
                            if (sequence.length == 3) {
                                criticalFlag = decodePrimitive(sequence[1], ASN1Boolean.class).isTrue();
                                extensionData = sequence[2].getEncoded();
                            } else {
                                extensionData = sequence[1].getEncoded();
                            }
                            if (criticalFlag) {
                                criticalExtensions.put(extensionOID, extensionData);
                            } else {
                                nonCriticalExtensions.put(extensionOID, extensionData);
                            }
                        }
                    }
                }
            }
        }
    } catch (GeneralSecurityException e) {
        throw new CertProviderException(e);
    }
    return new PKCS10CertificateRequest(csr, subject, publicKey, criticalExtensions, nonCriticalExtensions);
}
Also used : JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest) HashMap(java.util.HashMap) Attribute(org.bouncycastle.asn1.pkcs.Attribute) PublicKey(java.security.PublicKey) GeneralSecurityException(java.security.GeneralSecurityException) CertProviderException(de.carne.certmgr.certs.CertProviderException) X500Principal(javax.security.auth.x500.X500Principal) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 14 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project keystore-explorer by kaikramer.

the class Pkcs10Util method getExtensions.

/**
 * Extract sequence with extensions from CSR
 *
 * @param pkcs10Csr The CSR
 * @return Extensions from that CSR (if any)
 */
public static X509ExtensionSet getExtensions(PKCS10CertificationRequest pkcs10Csr) {
    Attribute[] attributes = pkcs10Csr.getAttributes(pkcs_9_at_extensionRequest);
    X509ExtensionSet x509ExtensionSet = new X509ExtensionSet();
    if ((attributes != null) && (attributes.length > 0)) {
        ASN1Encodable[] attributeValues = attributes[0].getAttributeValues();
        if (attributeValues.length > 0) {
            ASN1Sequence asn1Sequence = ASN1Sequence.getInstance(attributeValues[0]);
            x509ExtensionSet = new X509ExtensionSet(asn1Sequence);
        }
    }
    return x509ExtensionSet;
}
Also used : X509ExtensionSet(org.kse.crypto.x509.X509ExtensionSet) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) Attribute(org.bouncycastle.asn1.pkcs.Attribute) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)

Example 15 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project keystore-explorer by kaikramer.

the class DViewCsr method populatePkcs10CsrDetails.

private void populatePkcs10CsrDetails() throws CryptoException {
    jtfFormat.setText(res.getString("DViewCsr.jtfFormat.Pkcs10.text"));
    jtfFormat.setCaretPosition(0);
    jdnSubject.setDistinguishedName(pkcs10Csr.getSubject());
    jbPem.setEnabled(true);
    jbAsn1.setEnabled(true);
    Attribute[] extReqAttr = pkcs10Csr.getAttributes(pkcs_9_at_extensionRequest);
    if (extReqAttr != null && extReqAttr.length > 0) {
        jbExtensions.setEnabled(true);
    } else {
        jbExtensions.setEnabled(false);
    }
    DialogHelper.populatePkcs10Challenge(pkcs10Csr.getAttributes(), jtfChallenge);
    DialogHelper.populatePkcs10UnstructuredName(pkcs10Csr.getAttributes(), jtfUnstructuredName);
    populatePublicKey(getPkcs10PublicKey());
    String sigAlgId = pkcs10Csr.getSignatureAlgorithm().getAlgorithm().getId();
    byte[] sigAlgParamsEncoded = extractSigAlgParams();
    SignatureType sigAlg = SignatureType.resolveOid(sigAlgId, sigAlgParamsEncoded);
    if (sigAlg != null) {
        jtfSignatureAlgorithm.setText(sigAlg.friendly());
    } else {
        jtfSignatureAlgorithm.setText(sigAlgId);
    }
    jtfSignatureAlgorithm.setCaretPosition(0);
}
Also used : Attribute(org.bouncycastle.asn1.pkcs.Attribute) SignatureType(org.kse.crypto.signing.SignatureType)

Aggregations

Attribute (org.bouncycastle.asn1.pkcs.Attribute)36 IOException (java.io.IOException)25 Extensions (org.bouncycastle.asn1.x509.Extensions)18 ArrayList (java.util.ArrayList)17 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)15 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)13 List (java.util.List)12 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)12 GeneralName (org.bouncycastle.asn1.x509.GeneralName)12 ASN1Set (org.bouncycastle.asn1.ASN1Set)10 ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)9 Iterator (java.util.Iterator)9 CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)8 DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)8 AttributeTable (com.github.zhenwei.pkix.util.asn1.cms.AttributeTable)8 Enumeration (java.util.Enumeration)8 X500Name (org.bouncycastle.asn1.x500.X500Name)8 Attribute (com.github.zhenwei.pkix.util.asn1.cms.Attribute)7 GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)6 GeneralSecurityException (java.security.GeneralSecurityException)6