Example 26 with AuthorityKeyIdentifier
use of com.github.zhenwei.core.asn1.x509.AuthorityKeyIdentifier in project jruby-openssl by jruby.
the class X509Utils method checkIfIssuedBy.
/*
* c: X509_check_issued + x509_likely_issued + x509_signing_allowed
*/
static int checkIfIssuedBy(final X509AuxCertificate issuer, final X509AuxCertificate subject) throws IOException {
if (!issuer.getSubjectX500Principal().equals(subject.getIssuerX500Principal())) {
return V_ERR_SUBJECT_ISSUER_MISMATCH;
}
if (subject.getExtensionValue("2.5.29.35") != null) {
// authorityKeyID
// I hate ASN1 and DER
Object key = get(subject.getExtensionValue("2.5.29.35"));
if (!(key instanceof ASN1Sequence))
key = get((DEROctetString) key);
final ASN1Sequence seq = (ASN1Sequence) key;
final AuthorityKeyIdentifier sakid;
if (seq.size() == 1 && (seq.getObjectAt(0) instanceof ASN1OctetString)) {
sakid = AuthorityKeyIdentifier.getInstance(new DLSequence(new DERTaggedObject(0, seq.getObjectAt(0))));
} else {
sakid = AuthorityKeyIdentifier.getInstance(seq);
}
if (sakid.getKeyIdentifier() != null) {
if (issuer.getExtensionValue("2.5.29.14") != null) {
DEROctetString der = (DEROctetString) get(issuer.getExtensionValue("2.5.29.14"));
SubjectKeyIdentifier iskid = SubjectKeyIdentifier.getInstance(get(der.getOctets()));
if (iskid.getKeyIdentifier() != null) {
if (!Arrays.equals(sakid.getKeyIdentifier(), iskid.getKeyIdentifier())) {
return V_ERR_AKID_SKID_MISMATCH;
}
}
}
}
final BigInteger serialNumber = sakid.getAuthorityCertSerialNumber();
if (serialNumber != null && !serialNumber.equals(issuer.getSerialNumber())) {
return V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
}
if (sakid.getAuthorityCertIssuer() != null) {
GeneralName[] gens = sakid.getAuthorityCertIssuer().getNames();
X500Name x500Name = null;
for (int i = 0; i < gens.length; i++) {
if (gens[i].getTagNo() == GeneralName.directoryName) {
ASN1Encodable name = gens[i].getName();
if (name instanceof X500Name) {
x500Name = (X500Name) name;
} else if (name instanceof ASN1Sequence) {
x500Name = X500Name.getInstance((ASN1Sequence) name);
} else {
throw new RuntimeException("unknown name type: " + name);
}
break;
}
}
if (x500Name != null) {
if (!new Name(x500Name).equalTo(issuer.getIssuerX500Principal())) {
return V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
}
}
}
}
final boolean[] keyUsage = issuer.getKeyUsage();
if (subject.getExtensionValue("1.3.6.1.5.5.7.1.14") != null) {
if (keyUsage != null && !keyUsage[0]) {
// KU_DIGITAL_SIGNATURE
return V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
}
} else if (keyUsage != null && !keyUsage[5]) {
// KU_KEY_CERT_SIGN
return V_ERR_KEYUSAGE_NO_CERTSIGN;
}
return V_OK;
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)
X500Name(org.bouncycastle.asn1.x500.X500Name)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DLSequence(org.bouncycastle.asn1.DLSequence)
BigInteger(java.math.BigInteger)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Example 27 with AuthorityKeyIdentifier
use of com.github.zhenwei.core.asn1.x509.AuthorityKeyIdentifier in project candlepin by candlepin.
the class JSSPKIUtilityTest method testCalculateAuthorityKeyIdentifier.
@Test
public void testCalculateAuthorityKeyIdentifier() throws Exception {
KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
RSAPublicKey key = (RSAPublicKey) gen.generateKeyPair().getPublic();
AuthorityKeyIdentifier expectedAki = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(key);
AuthorityKeyIdentifierExtension actualAki = JSSPKIUtility.buildAuthorityKeyIdentifier(key);
byte[] expectedKeyIdentifier = expectedAki.getKeyIdentifier();
byte[] actualKeyIdentifier = ((KeyIdentifier) actualAki.get(AuthorityKeyIdentifierExtension.KEY_ID)).getIdentifier();
assertArrayEquals(expectedKeyIdentifier, actualKeyIdentifier);
}
Also used :
JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
KeyIdentifier(org.mozilla.jss.netscape.security.x509.KeyIdentifier)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)
AuthorityKeyIdentifierExtension(org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
KeyPairGenerator(java.security.KeyPairGenerator)
Test(org.junit.jupiter.api.Test)
Example 28 with AuthorityKeyIdentifier
use of com.github.zhenwei.core.asn1.x509.AuthorityKeyIdentifier in project xipki by xipki.
the class ClrTestVectorGenerateMain method getBuilder.
private static X509v2CRLBuilder getBuilder(X509Cert caCert, boolean addCrlNumber, boolean addAki) throws Exception {
Date thisUpdate = new Date();
X509v2CRLBuilder builder = new X509v2CRLBuilder(caCert.getSubject(), thisUpdate);
builder.setNextUpdate(new Date(thisUpdate.getTime() + 50L * 365 * 24 * 60 * 60 * 1000));
if (addCrlNumber) {
builder.addExtension(Extension.cRLNumber, false, new ASN1Integer(BigInteger.ONE));
}
if (addAki) {
builder.addExtension(Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifier(caCert.getSubjectKeyId()));
}
return builder;
}
Also used :
X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
Date(java.util.Date)
Example 29 with AuthorityKeyIdentifier
use of com.github.zhenwei.core.asn1.x509.AuthorityKeyIdentifier in project LinLong-Java by zhenwei1108.
the class PKIXCertPathReviewer method getTrustAnchors.
protected Collection getTrustAnchors(X509Certificate cert, Set trustanchors) throws CertPathReviewerException {
Collection trustColl = new ArrayList();
Iterator it = trustanchors.iterator();
X509CertSelector certSelectX509 = new X509CertSelector();
try {
certSelectX509.setSubject(getEncodedIssuerPrincipal(cert).getEncoded());
byte[] ext = cert.getExtensionValue(Extension.authorityKeyIdentifier.getId());
if (ext != null) {
ASN1OctetString oct = (ASN1OctetString) ASN1Primitive.fromByteArray(ext);
AuthorityKeyIdentifier authID = AuthorityKeyIdentifier.getInstance(ASN1Primitive.fromByteArray(oct.getOctets()));
// we ignore key identifier as if set, selector expects parent to have subjectKeyID
BigInteger serial = authID.getAuthorityCertSerialNumber();
if (serial != null) {
certSelectX509.setSerialNumber(authID.getAuthorityCertSerialNumber());
}
}
} catch (IOException ex) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.trustAnchorIssuerError");
throw new CertPathReviewerException(msg);
}
while (it.hasNext()) {
TrustAnchor trust = (TrustAnchor) it.next();
if (trust.getTrustedCert() != null) {
if (certSelectX509.match(trust.getTrustedCert())) {
trustColl.add(trust);
}
} else if (trust.getCAName() != null && trust.getCAPublicKey() != null) {
X500Principal certIssuer = getEncodedIssuerPrincipal(cert);
X500Principal caName = new X500Principal(trust.getCAName());
if (certIssuer.equals(caName)) {
trustColl.add(trust);
}
}
}
return trustColl;
}
Also used :
ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString)
ArrayList(java.util.ArrayList)
X509CertSelector(java.security.cert.X509CertSelector)
AuthorityKeyIdentifier(com.github.zhenwei.core.asn1.x509.AuthorityKeyIdentifier)
TrustAnchor(java.security.cert.TrustAnchor)
IOException(java.io.IOException)
ErrorBundle(com.github.zhenwei.core.i18n.ErrorBundle)
Iterator(java.util.Iterator)
Collection(java.util.Collection)
BigInteger(java.math.BigInteger)
X500Principal(javax.security.auth.x500.X500Principal)
Example 30 with AuthorityKeyIdentifier
use of com.github.zhenwei.core.asn1.x509.AuthorityKeyIdentifier in project LinLong-Java by zhenwei1108.
the class PKIXCertPathReviewer method checkSignatures.
/*
* checks: - signatures - name chaining - validity of certificates - todo:
* if certificate revoked (if specified in the parameters)
*/
private void checkSignatures() {
// 1.6.1 - Inputs
// d)
TrustAnchor trust = null;
X500Principal trustPrincipal = null;
// validation date
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.certPathValidDate", new Object[] { new TrustedInput(validDate), new TrustedInput(currentDate) });
addNotification(msg);
}
// find trust anchors
try {
X509Certificate cert = (X509Certificate) certs.get(certs.size() - 1);
Collection trustColl = getTrustAnchors(cert, pkixParams.getTrustAnchors());
if (trustColl.size() > 1) {
// conflicting trust anchors
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.conflictingTrustAnchors", new Object[] { Integers.valueOf(trustColl.size()), new UntrustedInput(cert.getIssuerX500Principal()) });
addError(msg);
} else if (trustColl.isEmpty()) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.noTrustAnchorFound", new Object[] { new UntrustedInput(cert.getIssuerX500Principal()), Integers.valueOf(pkixParams.getTrustAnchors().size()) });
addError(msg);
} else {
PublicKey trustPublicKey;
trust = (TrustAnchor) trustColl.iterator().next();
if (trust.getTrustedCert() != null) {
trustPublicKey = trust.getTrustedCert().getPublicKey();
} else {
trustPublicKey = trust.getCAPublicKey();
}
try {
CertPathValidatorUtilities.verifyX509Certificate(cert, trustPublicKey, pkixParams.getSigProvider());
} catch (SignatureException e) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.trustButInvalidCert");
addError(msg);
} catch (Exception e) {
// do nothing, error occurs again later
}
}
} catch (CertPathReviewerException cpre) {
addError(cpre.getErrorMessage());
} catch (Throwable t) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.unknown", new Object[] { new UntrustedInput(t.getMessage()), new UntrustedInput(t) });
addError(msg);
}
if (trust != null) {
// get the name of the trustAnchor
X509Certificate sign = trust.getTrustedCert();
try {
if (sign != null) {
trustPrincipal = getSubjectPrincipal(sign);
} else {
trustPrincipal = new X500Principal(trust.getCAName());
}
} catch (IllegalArgumentException ex) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.trustDNInvalid", new Object[] { new UntrustedInput(trust.getCAName()) });
addError(msg);
}
// test key usages of the trust anchor
if (sign != null) {
boolean[] ku = sign.getKeyUsage();
if (ku != null && (ku.length <= 5 || !ku[5])) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.trustKeyUsage");
addNotification(msg);
}
}
}
// 1.6.2 - Initialization
PublicKey workingPublicKey = null;
X500Principal workingIssuerName = trustPrincipal;
X509Certificate sign = null;
AlgorithmIdentifier workingAlgId = null;
ASN1ObjectIdentifier workingPublicKeyAlgorithm = null;
ASN1Encodable workingPublicKeyParameters = null;
if (trust != null) {
sign = trust.getTrustedCert();
if (sign != null) {
workingPublicKey = sign.getPublicKey();
} else {
workingPublicKey = trust.getCAPublicKey();
}
try {
workingAlgId = getAlgorithmIdentifier(workingPublicKey);
workingPublicKeyAlgorithm = workingAlgId.getAlgorithm();
workingPublicKeyParameters = workingAlgId.getParameters();
} catch (CertPathValidatorException ex) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.trustPubKeyError");
addError(msg);
workingAlgId = null;
}
}
// Basic cert checks
X509Certificate cert = null;
int i;
for (int index = certs.size() - 1; index >= 0; index--) {
//
// i as defined in the algorithm description
//
i = n - index;
//
// set certificate to be checked in this round
// sign and workingPublicKey and workingIssuerName are set
// at the end of the for loop and initialied the
// first time from the TrustAnchor
//
cert = (X509Certificate) certs.get(index);
// verify signature
if (workingPublicKey != null) {
try {
CertPathValidatorUtilities.verifyX509Certificate(cert, workingPublicKey, pkixParams.getSigProvider());
} catch (GeneralSecurityException ex) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.signatureNotVerified", new Object[] { ex.getMessage(), ex, ex.getClass().getName() });
addError(msg, index);
}
} else if (isSelfIssued(cert)) {
try {
CertPathValidatorUtilities.verifyX509Certificate(cert, cert.getPublicKey(), pkixParams.getSigProvider());
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.rootKeyIsValidButNotATrustAnchor");
addError(msg, index);
} catch (GeneralSecurityException ex) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.signatureNotVerified", new Object[] { ex.getMessage(), ex, ex.getClass().getName() });
addError(msg, index);
}
} else {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.NoIssuerPublicKey");
// if there is an authority key extension add the serial and issuer of the missing certificate
byte[] akiBytes = cert.getExtensionValue(Extension.authorityKeyIdentifier.getId());
if (akiBytes != null) {
AuthorityKeyIdentifier aki = AuthorityKeyIdentifier.getInstance(DEROctetString.getInstance(akiBytes).getOctets());
GeneralNames issuerNames = aki.getAuthorityCertIssuer();
if (issuerNames != null) {
GeneralName name = issuerNames.getNames()[0];
BigInteger serial = aki.getAuthorityCertSerialNumber();
if (serial != null) {
Object[] extraArgs = { new LocaleString(RESOURCE_NAME, "missingIssuer"), " \"", name, "\" ", new LocaleString(RESOURCE_NAME, "missingSerial"), " ", serial };
msg.setExtraArguments(extraArgs);
}
}
}
addError(msg, index);
}
// certificate valid?
try {
cert.checkValidity(validDate);
} catch (CertificateNotYetValidException cnve) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.certificateNotYetValid", new Object[] { new TrustedInput(cert.getNotBefore()) });
addError(msg, index);
} catch (CertificateExpiredException cee) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.certificateExpired", new Object[] { new TrustedInput(cert.getNotAfter()) });
addError(msg, index);
}
// certificate revoked?
if (pkixParams.isRevocationEnabled()) {
// read crl distribution points extension
CRLDistPoint crlDistPoints = null;
try {
ASN1Primitive crl_dp = getExtensionValue(cert, CRL_DIST_POINTS);
if (crl_dp != null) {
crlDistPoints = CRLDistPoint.getInstance(crl_dp);
}
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlDistPtExtError");
addError(msg, index);
}
// read authority information access extension
AuthorityInformationAccess authInfoAcc = null;
try {
ASN1Primitive auth_info_acc = getExtensionValue(cert, AUTH_INFO_ACCESS);
if (auth_info_acc != null) {
authInfoAcc = AuthorityInformationAccess.getInstance(auth_info_acc);
}
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlAuthInfoAccError");
addError(msg, index);
}
Vector crlDistPointUrls = getCRLDistUrls(crlDistPoints);
Vector ocspUrls = getOCSPUrls(authInfoAcc);
// add notifications with the crl distribution points
// output crl distribution points
Iterator urlIt = crlDistPointUrls.iterator();
while (urlIt.hasNext()) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlDistPoint", new Object[] { new UntrustedUrlInput(urlIt.next()) });
addNotification(msg, index);
}
// output ocsp urls
urlIt = ocspUrls.iterator();
while (urlIt.hasNext()) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.ocspLocation", new Object[] { new UntrustedUrlInput(urlIt.next()) });
addNotification(msg, index);
}
// check CRLs
try {
checkRevocation(pkixParams, cert, validDate, sign, workingPublicKey, crlDistPointUrls, ocspUrls, index);
} catch (CertPathReviewerException cpre) {
addError(cpre.getErrorMessage(), index);
}
}
// certificate issuer correct
if (workingIssuerName != null && !cert.getIssuerX500Principal().equals(workingIssuerName)) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.certWrongIssuer", new Object[] { workingIssuerName.getName(), cert.getIssuerX500Principal().getName() });
addError(msg, index);
}
//
if (i != n) {
if (cert != null && cert.getVersion() == 1) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.noCACert");
addError(msg, index);
}
// k)
BasicConstraints bc;
try {
bc = BasicConstraints.getInstance(getExtensionValue(cert, BASIC_CONSTRAINTS));
if (bc != null) {
if (!bc.isCA()) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.noCACert");
addError(msg, index);
}
} else {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.noBasicConstraints");
addError(msg, index);
}
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.errorProcesingBC");
addError(msg, index);
}
// n)
boolean[] keyUsage = cert.getKeyUsage();
if (keyUsage != null && (keyUsage.length <= KEY_CERT_SIGN || !keyUsage[KEY_CERT_SIGN])) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.noCertSign");
addError(msg, index);
}
}
// if
// set signing certificate for next round
sign = cert;
// c)
workingIssuerName = cert.getSubjectX500Principal();
try {
workingPublicKey = getNextWorkingKey(certs, index);
workingAlgId = getAlgorithmIdentifier(workingPublicKey);
workingPublicKeyAlgorithm = workingAlgId.getAlgorithm();
workingPublicKeyParameters = workingAlgId.getParameters();
} catch (CertPathValidatorException ex) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.pubKeyError");
addError(msg, index);
workingAlgId = null;
workingPublicKeyAlgorithm = null;
workingPublicKeyParameters = null;
}
}
// for
trustAnchor = trust;
subjectPublicKey = workingPublicKey;
}
Also used :
AuthorityInformationAccess(com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
AuthorityKeyIdentifier(com.github.zhenwei.core.asn1.x509.AuthorityKeyIdentifier)
SignatureException(java.security.SignatureException)
UntrustedUrlInput(com.github.zhenwei.core.i18n.filter.UntrustedUrlInput)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
TrustedInput(com.github.zhenwei.core.i18n.filter.TrustedInput)
Iterator(java.util.Iterator)
ASN1Encodable(com.github.zhenwei.core.asn1.ASN1Encodable)
UntrustedInput(com.github.zhenwei.core.i18n.filter.UntrustedInput)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
Vector(java.util.Vector)
AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)
LocaleString(com.github.zhenwei.core.i18n.LocaleString)
PublicKey(java.security.PublicKey)
GeneralSecurityException(java.security.GeneralSecurityException)
TrustAnchor(java.security.cert.TrustAnchor)
X509Certificate(java.security.cert.X509Certificate)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)
SignatureException(java.security.SignatureException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
PKIXNameConstraintValidatorException(com.github.zhenwei.provider.jce.provider.PKIXNameConstraintValidatorException)
IOException(java.io.IOException)
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ErrorBundle(com.github.zhenwei.core.i18n.ErrorBundle)
GeneralNames(com.github.zhenwei.core.asn1.x509.GeneralNames)
X500Principal(javax.security.auth.x500.X500Principal)
Collection(java.util.Collection)
BigInteger(java.math.BigInteger)
ASN1TaggedObject(com.github.zhenwei.core.asn1.ASN1TaggedObject)
GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName)
ASN1Primitive(com.github.zhenwei.core.asn1.ASN1Primitive)
BasicConstraints(com.github.zhenwei.core.asn1.x509.BasicConstraints)
ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)
Aggregations
AuthorityKeyIdentifier (org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)49
BigInteger (java.math.BigInteger)24
X509Certificate (java.security.cert.X509Certificate)21
IOException (java.io.IOException)17
GeneralName (org.bouncycastle.asn1.x509.GeneralName)16
Test (org.junit.Test)16
SubjectKeyIdentifier (org.bouncycastle.asn1.x509.SubjectKeyIdentifier)15
Date (java.util.Date)14
X500Name (org.bouncycastle.asn1.x500.X500Name)13
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)13
JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)13
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)10
DEROctetString (org.bouncycastle.asn1.DEROctetString)9
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)9
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)8
X509v2CRLBuilder (org.bouncycastle.cert.X509v2CRLBuilder)8
ContentSigner (org.bouncycastle.operator.ContentSigner)8
HashSet (java.util.HashSet)7
Extension (org.bouncycastle.asn1.x509.Extension)7
