Example 16 with Certificate
use of com.github.zhenwei.core.asn1.x509.Certificate in project supply-chain-tools by secure-device-onboard.
the class OnDieCertPath method getIssuingCertificate.
private String getIssuingCertificate(Certificate cert) throws IllegalArgumentException, CertificateEncodingException, IOException {
X509CertificateHolder certholder = new X509CertificateHolder(cert.getEncoded());
AuthorityInformationAccess aia = AuthorityInformationAccess.fromExtensions(certholder.getExtensions());
if (aia == null) {
throw new IllegalArgumentException("AuthorityInformationAccess Extension missing from device certificate.");
}
AccessDescription[] descs = aia.getAccessDescriptions();
if (descs.length != 1) {
throw new IllegalArgumentException("Too many descriptions in AIA certificate extension: " + descs.length);
}
return descs[0].getAccessLocation().getName().toString();
}
Also used :
AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess)
AccessDescription(org.bouncycastle.asn1.x509.AccessDescription)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
Example 17 with Certificate
use of com.github.zhenwei.core.asn1.x509.Certificate in project supply-chain-tools by secure-device-onboard.
the class OnDieSignatureValidator method checkRevocations.
private boolean checkRevocations(List<Certificate> certificateList) {
// Check revocations first.
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
for (Certificate cert : certificateList) {
X509Certificate x509cert = (X509Certificate) cert;
X509CertificateHolder certHolder = new X509CertificateHolder(x509cert.getEncoded());
CRLDistPoint cdp = CRLDistPoint.fromExtensions(certHolder.getExtensions());
if (cdp != null) {
DistributionPoint[] distPoints = cdp.getDistributionPoints();
for (DistributionPoint dp : distPoints) {
GeneralName[] generalNames = GeneralNames.getInstance(dp.getDistributionPoint().getName()).getNames();
for (GeneralName generalName : generalNames) {
byte[] crlBytes = onDieCache.getCertOrCrl(generalName.toString());
if (crlBytes == null) {
LoggerFactory.getLogger(getClass()).error("CRL ({}) not found in cache for cert: {}", generalName.getName().toString(), x509cert.getIssuerX500Principal().getName());
return false;
} else {
CRL crl = certificateFactory.generateCRL(new ByteArrayInputStream(crlBytes));
if (crl.isRevoked(cert)) {
return false;
}
}
}
}
}
}
} catch (IOException | CertificateException | CRLException ex) {
return false;
}
return true;
}
Also used :
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
ByteArrayInputStream(java.io.ByteArrayInputStream)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
CRL(java.security.cert.CRL)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
CRLException(java.security.cert.CRLException)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 18 with Certificate
use of com.github.zhenwei.core.asn1.x509.Certificate in project ca3sCore by kuehne-trustable-de.
the class CertificateUtil method getCertificatePolicies.
public List<String> getCertificatePolicies(X509Certificate x509Cert) {
ArrayList<String> certificatePolicyIds = new ArrayList<>();
byte[] extVal = x509Cert.getExtensionValue(Extension.certificatePolicies.getId());
if (extVal == null) {
return certificatePolicyIds;
}
try {
org.bouncycastle.asn1.x509.CertificatePolicies cf = org.bouncycastle.asn1.x509.CertificatePolicies.getInstance(X509ExtensionUtil.fromExtensionValue(extVal));
PolicyInformation[] information = cf.getPolicyInformation();
for (PolicyInformation p : information) {
ASN1ObjectIdentifier aIdentifier = p.getPolicyIdentifier();
certificatePolicyIds.add(aIdentifier.getId());
}
} catch (IOException ex) {
LOG.error("Failed to get OCSP URL for certificate '" + x509Cert.getSubjectX500Principal().getName() + "'", ex);
}
return certificatePolicyIds;
}
Also used :
org.bouncycastle.asn1.x509(org.bouncycastle.asn1.x509)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
IOException(java.io.IOException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 19 with Certificate
use of com.github.zhenwei.core.asn1.x509.Certificate in project ca3sCore by kuehne-trustable-de.
the class CaInternalConnector method signCertificateRequest.
public Certificate signCertificateRequest(CSR csr, CAConnectorConfig caConfig) throws GeneralSecurityException {
try {
csrUtil.setCsrAttribute(csr, CsrAttribute.ATTRIBUTE_CA_PROCESSING_STARTED_TIMESTAMP, "" + System.currentTimeMillis(), false);
csr.setStatus(CsrStatus.PROCESSING);
Certificate intermediate = getIntermediate();
PrivateKey privKeyIntermediate = certUtil.getPrivateKey(intermediate);
KeyPair kpIntermediate = new KeyPair(certUtil.convertPemToCertificate(intermediate.getContent()).getPublicKey(), privKeyIntermediate);
PKCS10CertificationRequest p10 = cryptoUtil.convertPemToPKCS10CertificationRequest(csr.getCsrBase64());
GeneralNames gns = null;
org.bouncycastle.asn1.pkcs.Attribute[] certAttributes = p10.getAttributes();
for (org.bouncycastle.asn1.pkcs.Attribute attribute : certAttributes) {
if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0));
gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
}
}
X509Certificate x509Cert = cryptoUtil.issueCertificate(new X500Name(intermediate.getSubject()), kpIntermediate, p10.getSubject(), p10.getSubjectPublicKeyInfo(), Calendar.YEAR, 1, gns, null, PKILevel.END_ENTITY);
Certificate cert = certUtil.createCertificate(x509Cert.getEncoded(), csr, "", false);
cert.setRevocationCA(caConfig);
certRepository.save(cert);
csrUtil.setCsrAttribute(csr, CsrAttribute.ATTRIBUTE_CA_PROCESSING_FINISHED_TIMESTAMP, "" + System.currentTimeMillis(), true);
csr.setStatus(CsrStatus.ISSUED);
csrRepository.save(csr);
return cert;
} catch (IOException e) {
LOG.info("Problem signing certificate request", e);
throw new GeneralSecurityException(e);
}
/*
RDN[] rdnArr = new RDN[csr.getRdns().size()];
int i = 0;
for(de.trustable.ca3s.core.domain.RDN rdn:csr.getRdns()) {
LOG.debug("RDN contains #{}", rdn.getRdnAttributes().size());
int attLen = rdn.getRdnAttributes().size();
AttributeTypeAndValue[] atavArr = new AttributeTypeAndValue[attLen];
int j = 0;
for(RDNAttribute rdnAtt: rdn.getRdnAttributes()) {
AttributeTypeAndValue atav = new AttributeTypeAndValue( rdnAtt.getAttributeType(), new DEROctetString(rdnAtt.getAttributeValue().getBytes()));
}
rdnArr[i++] = new RDN(atav);
}
X500Name subject = new X500Name(csr.getRdns());
*/
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
KeyPair(java.security.KeyPair)
PrivateKey(java.security.PrivateKey)
CertificateAttribute(de.trustable.ca3s.core.domain.CertificateAttribute)
CsrAttribute(de.trustable.ca3s.core.domain.CsrAttribute)
GeneralSecurityException(java.security.GeneralSecurityException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
IOException(java.io.IOException)
Extensions(org.bouncycastle.asn1.x509.Extensions)
X509Certificate(java.security.cert.X509Certificate)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
X509Certificate(java.security.cert.X509Certificate)
Certificate(de.trustable.ca3s.core.domain.Certificate)
Example 20 with Certificate
use of com.github.zhenwei.core.asn1.x509.Certificate in project modules by assimbly.
the class CertificatesUtil method createAuthorityKeyId.
/**
* Creates the hash value of the authority public key.
*
* @param publicKey of the authority certificate
*
* @return AuthorityKeyIdentifier hash
*
* @throws OperatorCreationException
*/
private static AuthorityKeyIdentifier createAuthorityKeyId(final PublicKey publicKey) throws OperatorCreationException {
final SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
final DigestCalculator digCalc = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
return new X509ExtensionUtils(digCalc).createAuthorityKeyIdentifier(publicKeyInfo);
}
Also used :
BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider)
DigestCalculator(org.bouncycastle.operator.DigestCalculator)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
X509ExtensionUtils(org.bouncycastle.cert.X509ExtensionUtils)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Aggregations
IOException (java.io.IOException)242
X509Certificate (java.security.cert.X509Certificate)216
Date (java.util.Date)133
X500Name (org.bouncycastle.asn1.x500.X500Name)133
BigInteger (java.math.BigInteger)120
ContentSigner (org.bouncycastle.operator.ContentSigner)102
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)101
GeneralName (org.bouncycastle.asn1.x509.GeneralName)100
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)96
CertificateException (java.security.cert.CertificateException)95
ArrayList (java.util.ArrayList)90
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)85
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)82
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)78
GeneralSecurityException (java.security.GeneralSecurityException)69
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)62
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)62
Extension (org.bouncycastle.asn1.x509.Extension)61
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)60
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)59
