Search in sources :

Example 86 with Extension

use of com.github.zhenwei.core.asn1.x509.Extension in project ddf by codice.

the class CertificateSigningRequestTest method testNewCertificateBuilderWithoutSan.

@Test
public void testNewCertificateBuilderWithoutSan() throws Exception {
    final DateTime start = DateTime.now().minusDays(1);
    final DateTime end = start.plusYears(100);
    final KeyPair kp = makeKeyPair();
    csr.setSerialNumber(1);
    csr.setNotBefore(start);
    csr.setNotAfter(end);
    csr.setCommonName("A");
    csr.setSubjectKeyPair(kp);
    final X509Certificate issuerCert = mock(X509Certificate.class);
    doReturn(new X500Principal("CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US")).when(issuerCert).getSubjectX500Principal();
    final JcaX509v3CertificateBuilder builder = csr.newCertificateBuilder(issuerCert);
    final X509CertificateHolder holder = builder.build(new DemoCertificateAuthority().getContentSigner());
    assertThat(holder.getSerialNumber(), equalTo(BigInteger.ONE));
    assertThat(holder.getNotBefore(), equalTo(new Time(start.toDate()).getDate()));
    assertThat(holder.getNotAfter(), equalTo(new Time(end.toDate()).getDate()));
    assertThat(holder.getSubject().toString(), equalTo("cn=A"));
    assertThat("Unable to validate public key", holder.getSubjectPublicKeyInfo(), equalTo(SubjectPublicKeyInfo.getInstance(kp.getPublic().getEncoded())));
    assertThat("There should be no subject alternative name extension", holder.getExtension(org.bouncycastle.asn1.x509.Extension.subjectAlternativeName), nullValue(org.bouncycastle.asn1.x509.Extension.class));
}
Also used : KeyPair(java.security.KeyPair) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) X500Principal(javax.security.auth.x500.X500Principal) Time(org.bouncycastle.asn1.x509.Time) DateTime(org.joda.time.DateTime) DateTime(org.joda.time.DateTime) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Example 87 with Extension

use of com.github.zhenwei.core.asn1.x509.Extension in project OpenPDF by LibrePDF.

the class OcspClientBouncyCastle method generateOCSPRequest.

/**
 * Generates an OCSP request using BouncyCastle.
 *
 * @param issuerCert
 *          certificate of the issues
 * @param serialNumber
 *          serial number
 * @return an OCSP request
 * @throws OCSPException
 * @throws IOException
 */
private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException, OperatorCreationException, CertificateEncodingException {
    // Add provider BC
    Provider prov = new org.bouncycastle.jce.provider.BouncyCastleProvider();
    Security.addProvider(prov);
    // Generate the id for the certificate we are looking for
    // OJO... Modificacion de
    // Felix--------------------------------------------------
    // CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert,
    // serialNumber);
    // Example from
    // http://grepcode.com/file/repo1.maven.org/maven2/org.bouncycastle/bcmail-jdk16/1.46/org/bouncycastle/cert/ocsp/test/OCSPTest.java
    DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().setProvider(prov).build();
    CertificateID id = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(issuerCert), serialNumber);
    // basic request generation with nonce
    OCSPReqBuilder gen = new OCSPReqBuilder();
    gen.addRequest(id);
    // create details for nonce extension
    // Vector oids = new Vector();
    // Vector values = new Vector();
    // oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
    // values.add(new X509Extension(false, new DEROctetString(new
    // DEROctetString(PdfEncryption.createDocumentId()).getEncoded())));
    // gen.setRequestExtensions(new X509Extensions(oids, values));
    // Add nonce extension
    ExtensionsGenerator extGen = new ExtensionsGenerator();
    byte[] nonce = new byte[16];
    Random rand = new Random();
    rand.nextBytes(nonce);
    extGen.addExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonce));
    gen.setRequestExtensions(extGen.generate());
    // Build request
    return gen.build();
// ******************************************************************************
}
Also used : CertificateID(org.bouncycastle.cert.ocsp.CertificateID) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) DEROctetString(org.bouncycastle.asn1.DEROctetString) Provider(java.security.Provider) DigestCalculatorProvider(org.bouncycastle.operator.DigestCalculatorProvider) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator) DigestCalculatorProvider(org.bouncycastle.operator.DigestCalculatorProvider) Random(java.util.Random) JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder) OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder)

Example 88 with Extension

use of com.github.zhenwei.core.asn1.x509.Extension in project jmulticard by ctt-gob-es.

the class CertUtils method doReplaceExtension.

static ExtensionsGenerator doReplaceExtension(ExtensionsGenerator extGenerator, Extension ext) {
    boolean isReplaced = false;
    Extensions exts = extGenerator.generate();
    extGenerator = new ExtensionsGenerator();
    for (Enumeration en = exts.oids(); en.hasMoreElements(); ) {
        ASN1ObjectIdentifier extOid = (ASN1ObjectIdentifier) en.nextElement();
        if (extOid.equals(ext.getExtnId())) {
            isReplaced = true;
            extGenerator.addExtension(ext);
        } else {
            extGenerator.addExtension(exts.getExtension(extOid));
        }
    }
    if (!isReplaced) {
        throw new IllegalArgumentException("replace - original extension (OID = " + ext.getExtnId() + ") not found");
    }
    return extGenerator;
}
Also used : Enumeration(java.util.Enumeration) Extensions(org.bouncycastle.asn1.x509.Extensions) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)

Example 89 with Extension

use of com.github.zhenwei.core.asn1.x509.Extension in project jmulticard by ctt-gob-es.

the class BCMcElieceCCA2PrivateKey method getEncoded.

/**
 * Return the keyData to encode in the SubjectPublicKeyInfo structure.
 * <p>
 * The ASN.1 definition of the key structure is
 * <pre>
 *   McEliecePrivateKey ::= SEQUENCE {
 *     m             INTEGER                  -- extension degree of the field
 *     k             INTEGER                  -- dimension of the code
 *     field         OCTET STRING             -- field polynomial
 *     goppaPoly     OCTET STRING             -- irreducible Goppa polynomial
 *     p             OCTET STRING             -- permutation vector
 *     matrixH       OCTET STRING             -- canonical check matrix
 *     sqRootMatrix  SEQUENCE OF OCTET STRING -- square root matrix
 *   }
 * </pre>
 * @return the keyData to encode in the SubjectPublicKeyInfo structure
 */
public byte[] getEncoded() {
    PrivateKeyInfo pki;
    try {
        McElieceCCA2PrivateKey privateKey = new McElieceCCA2PrivateKey(getN(), getK(), getField(), getGoppaPoly(), getP(), MessageDigestUtils.getDigestAlgID(params.getDigest()));
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PQCObjectIdentifiers.mcElieceCca2);
        pki = new PrivateKeyInfo(algorithmIdentifier, privateKey);
        return pki.getEncoded();
    } catch (IOException e) {
        return null;
    }
}
Also used : McElieceCCA2PrivateKey(org.bouncycastle.pqc.asn1.McElieceCCA2PrivateKey) IOException(java.io.IOException) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 90 with Extension

use of com.github.zhenwei.core.asn1.x509.Extension in project keycloak by keycloak.

the class CertificateValidatorTest method testCertificatePolicyValidation.

// Helper to test various certificate policy validation combinations
private void testCertificatePolicyValidation(String expectedPolicy, String mode, String... certificatePolicyOid) throws GeneralSecurityException {
    List<Extension> certificatePolicies = null;
    if (certificatePolicyOid != null && certificatePolicyOid.length > 0) {
        certificatePolicies = new LinkedList<>();
        List<PolicyInformation> policyInfoList = new LinkedList<>();
        for (String oid : certificatePolicyOid) {
            policyInfoList.add(new PolicyInformation(new ASN1ObjectIdentifier(oid)));
        }
        CertificatePolicies policies = new CertificatePolicies(policyInfoList.toArray(new PolicyInformation[0]));
        try {
            boolean isCritical = false;
            Extension extension = new Extension(Extension.certificatePolicies, isCritical, policies.getEncoded());
            certificatePolicies.add(extension);
        } catch (IOException e) {
            throw new IllegalStateException(e);
        }
    }
    KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
    kpg.initialize(512);
    KeyPair keyPair = kpg.generateKeyPair();
    X509Certificate certificate = createCertificate("CN=keycloak-test", new Date(System.currentTimeMillis() - 1000L * 60 * 2), new Date(System.currentTimeMillis() - 1000L * 60), keyPair, certificatePolicies);
    CertificateValidator.CertificateValidatorBuilder builder = new CertificateValidator.CertificateValidatorBuilder();
    CertificateValidator validator = builder.certificatePolicy().mode(mode).parse(expectedPolicy).build(new X509Certificate[] { certificate });
    validator.validatePolicy();
}
Also used : KeyPair(java.security.KeyPair) PolicyInformation(org.bouncycastle.asn1.x509.PolicyInformation) IOException(java.io.IOException) CertIOException(org.bouncycastle.cert.CertIOException) KeyPairGenerator(java.security.KeyPairGenerator) LinkedList(java.util.LinkedList) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) Extension(org.bouncycastle.asn1.x509.Extension) CertificatePolicies(org.bouncycastle.asn1.x509.CertificatePolicies) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

IOException (java.io.IOException)133 Extension (org.bouncycastle.asn1.x509.Extension)131 X509Certificate (java.security.cert.X509Certificate)80 ArrayList (java.util.ArrayList)78 Enumeration (java.util.Enumeration)75 Extensions (org.bouncycastle.asn1.x509.Extensions)70 BigInteger (java.math.BigInteger)62 CertPathValidatorException (java.security.cert.CertPathValidatorException)60 DEROctetString (org.bouncycastle.asn1.DEROctetString)59 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)58 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)57 GeneralSecurityException (java.security.GeneralSecurityException)55 List (java.util.List)55 HashSet (java.util.HashSet)54 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)51 CertificateExpiredException (java.security.cert.CertificateExpiredException)47 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)47 CertPathBuilderException (java.security.cert.CertPathBuilderException)45 Set (java.util.Set)45 GeneralName (org.bouncycastle.asn1.x509.GeneralName)44