use of com.github.zhenwei.core.asn1.x509.Extension in project ddf by codice.
the class CertificateSigningRequestTest method testNewCertificateBuilderWithoutSan.
@Test
public void testNewCertificateBuilderWithoutSan() throws Exception {
final DateTime start = DateTime.now().minusDays(1);
final DateTime end = start.plusYears(100);
final KeyPair kp = makeKeyPair();
csr.setSerialNumber(1);
csr.setNotBefore(start);
csr.setNotAfter(end);
csr.setCommonName("A");
csr.setSubjectKeyPair(kp);
final X509Certificate issuerCert = mock(X509Certificate.class);
doReturn(new X500Principal("CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US")).when(issuerCert).getSubjectX500Principal();
final JcaX509v3CertificateBuilder builder = csr.newCertificateBuilder(issuerCert);
final X509CertificateHolder holder = builder.build(new DemoCertificateAuthority().getContentSigner());
assertThat(holder.getSerialNumber(), equalTo(BigInteger.ONE));
assertThat(holder.getNotBefore(), equalTo(new Time(start.toDate()).getDate()));
assertThat(holder.getNotAfter(), equalTo(new Time(end.toDate()).getDate()));
assertThat(holder.getSubject().toString(), equalTo("cn=A"));
assertThat("Unable to validate public key", holder.getSubjectPublicKeyInfo(), equalTo(SubjectPublicKeyInfo.getInstance(kp.getPublic().getEncoded())));
assertThat("There should be no subject alternative name extension", holder.getExtension(org.bouncycastle.asn1.x509.Extension.subjectAlternativeName), nullValue(org.bouncycastle.asn1.x509.Extension.class));
}
use of com.github.zhenwei.core.asn1.x509.Extension in project OpenPDF by LibrePDF.
the class OcspClientBouncyCastle method generateOCSPRequest.
/**
* Generates an OCSP request using BouncyCastle.
*
* @param issuerCert
* certificate of the issues
* @param serialNumber
* serial number
* @return an OCSP request
* @throws OCSPException
* @throws IOException
*/
private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException, OperatorCreationException, CertificateEncodingException {
// Add provider BC
Provider prov = new org.bouncycastle.jce.provider.BouncyCastleProvider();
Security.addProvider(prov);
// Generate the id for the certificate we are looking for
// OJO... Modificacion de
// Felix--------------------------------------------------
// CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert,
// serialNumber);
// Example from
// http://grepcode.com/file/repo1.maven.org/maven2/org.bouncycastle/bcmail-jdk16/1.46/org/bouncycastle/cert/ocsp/test/OCSPTest.java
DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().setProvider(prov).build();
CertificateID id = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(issuerCert), serialNumber);
// basic request generation with nonce
OCSPReqBuilder gen = new OCSPReqBuilder();
gen.addRequest(id);
// create details for nonce extension
// Vector oids = new Vector();
// Vector values = new Vector();
// oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
// values.add(new X509Extension(false, new DEROctetString(new
// DEROctetString(PdfEncryption.createDocumentId()).getEncoded())));
// gen.setRequestExtensions(new X509Extensions(oids, values));
// Add nonce extension
ExtensionsGenerator extGen = new ExtensionsGenerator();
byte[] nonce = new byte[16];
Random rand = new Random();
rand.nextBytes(nonce);
extGen.addExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonce));
gen.setRequestExtensions(extGen.generate());
// Build request
return gen.build();
// ******************************************************************************
}
use of com.github.zhenwei.core.asn1.x509.Extension in project jmulticard by ctt-gob-es.
the class CertUtils method doReplaceExtension.
static ExtensionsGenerator doReplaceExtension(ExtensionsGenerator extGenerator, Extension ext) {
boolean isReplaced = false;
Extensions exts = extGenerator.generate();
extGenerator = new ExtensionsGenerator();
for (Enumeration en = exts.oids(); en.hasMoreElements(); ) {
ASN1ObjectIdentifier extOid = (ASN1ObjectIdentifier) en.nextElement();
if (extOid.equals(ext.getExtnId())) {
isReplaced = true;
extGenerator.addExtension(ext);
} else {
extGenerator.addExtension(exts.getExtension(extOid));
}
}
if (!isReplaced) {
throw new IllegalArgumentException("replace - original extension (OID = " + ext.getExtnId() + ") not found");
}
return extGenerator;
}
use of com.github.zhenwei.core.asn1.x509.Extension in project jmulticard by ctt-gob-es.
the class BCMcElieceCCA2PrivateKey method getEncoded.
/**
* Return the keyData to encode in the SubjectPublicKeyInfo structure.
* <p>
* The ASN.1 definition of the key structure is
* <pre>
* McEliecePrivateKey ::= SEQUENCE {
* m INTEGER -- extension degree of the field
* k INTEGER -- dimension of the code
* field OCTET STRING -- field polynomial
* goppaPoly OCTET STRING -- irreducible Goppa polynomial
* p OCTET STRING -- permutation vector
* matrixH OCTET STRING -- canonical check matrix
* sqRootMatrix SEQUENCE OF OCTET STRING -- square root matrix
* }
* </pre>
* @return the keyData to encode in the SubjectPublicKeyInfo structure
*/
public byte[] getEncoded() {
PrivateKeyInfo pki;
try {
McElieceCCA2PrivateKey privateKey = new McElieceCCA2PrivateKey(getN(), getK(), getField(), getGoppaPoly(), getP(), MessageDigestUtils.getDigestAlgID(params.getDigest()));
AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PQCObjectIdentifiers.mcElieceCca2);
pki = new PrivateKeyInfo(algorithmIdentifier, privateKey);
return pki.getEncoded();
} catch (IOException e) {
return null;
}
}
use of com.github.zhenwei.core.asn1.x509.Extension in project keycloak by keycloak.
the class CertificateValidatorTest method testCertificatePolicyValidation.
// Helper to test various certificate policy validation combinations
private void testCertificatePolicyValidation(String expectedPolicy, String mode, String... certificatePolicyOid) throws GeneralSecurityException {
List<Extension> certificatePolicies = null;
if (certificatePolicyOid != null && certificatePolicyOid.length > 0) {
certificatePolicies = new LinkedList<>();
List<PolicyInformation> policyInfoList = new LinkedList<>();
for (String oid : certificatePolicyOid) {
policyInfoList.add(new PolicyInformation(new ASN1ObjectIdentifier(oid)));
}
CertificatePolicies policies = new CertificatePolicies(policyInfoList.toArray(new PolicyInformation[0]));
try {
boolean isCritical = false;
Extension extension = new Extension(Extension.certificatePolicies, isCritical, policies.getEncoded());
certificatePolicies.add(extension);
} catch (IOException e) {
throw new IllegalStateException(e);
}
}
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(512);
KeyPair keyPair = kpg.generateKeyPair();
X509Certificate certificate = createCertificate("CN=keycloak-test", new Date(System.currentTimeMillis() - 1000L * 60 * 2), new Date(System.currentTimeMillis() - 1000L * 60), keyPair, certificatePolicies);
CertificateValidator.CertificateValidatorBuilder builder = new CertificateValidator.CertificateValidatorBuilder();
CertificateValidator validator = builder.certificatePolicy().mode(mode).parse(expectedPolicy).build(new X509Certificate[] { certificate });
validator.validatePolicy();
}
Aggregations