Example 66 with ASN1Integer
use of org.bouncycastle.asn1.ASN1Integer in project xipki by xipki.
the class XmlX509Certprofile method initTlsFeature.
private void initTlsFeature(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
ASN1ObjectIdentifier type = ObjectIdentifiers.id_pe_tlsfeature;
if (!extensionControls.containsKey(type)) {
return;
}
extnIds.remove(type);
TlsFeature extConf = (TlsFeature) getExtensionValue(type, extensionsType, TlsFeature.class);
if (extConf == null) {
return;
}
List<Integer> features = new ArrayList<>(extConf.getFeature().size());
for (IntWithDescType m : extConf.getFeature()) {
int value = m.getValue();
if (value < 0 || value > 65535) {
throw new CertprofileException("invalid TLS feature (extensionType) " + value);
}
features.add(value);
}
Collections.sort(features);
ASN1EncodableVector vec = new ASN1EncodableVector();
for (Integer m : features) {
vec.add(new ASN1Integer(m));
}
ASN1Encodable extValue = new DERSequence(vec);
tlsFeature = new ExtensionValue(extensionControls.get(type).isCritical(), extValue);
}
Also used :
TlsFeature(org.xipki.ca.certprofile.x509.jaxb.TlsFeature)
ArrayList(java.util.ArrayList)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
BigInteger(java.math.BigInteger)
DERSequence(org.bouncycastle.asn1.DERSequence)
ExtensionValue(org.xipki.ca.api.profile.ExtensionValue)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
IntWithDescType(org.xipki.ca.certprofile.x509.jaxb.IntWithDescType)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 67 with ASN1Integer
use of org.bouncycastle.asn1.ASN1Integer in project xipki by xipki.
the class XmlX509Certprofile method initSmimeCapabilities.
private void initSmimeCapabilities(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
ASN1ObjectIdentifier type = ObjectIdentifiers.id_smimeCapabilities;
if (!extensionControls.containsKey(type)) {
return;
}
extnIds.remove(type);
SMIMECapabilities extConf = (SMIMECapabilities) getExtensionValue(type, extensionsType, SMIMECapabilities.class);
if (extConf == null) {
return;
}
List<SMIMECapability> list = extConf.getSMIMECapability();
ASN1EncodableVector vec = new ASN1EncodableVector();
for (SMIMECapability m : list) {
ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(m.getCapabilityID().getValue());
ASN1Encodable params = null;
org.xipki.ca.certprofile.x509.jaxb.SMIMECapability.Parameters capParams = m.getParameters();
if (capParams != null) {
if (capParams.getInteger() != null) {
params = new ASN1Integer(capParams.getInteger());
} else if (capParams.getBase64Binary() != null) {
params = readAsn1Encodable(capParams.getBase64Binary().getValue());
}
}
org.bouncycastle.asn1.smime.SMIMECapability cap = new org.bouncycastle.asn1.smime.SMIMECapability(oid, params);
vec.add(cap);
}
ASN1Encodable extValue = new DERSequence(vec);
smimeCapabilities = new ExtensionValue(extensionControls.get(type).isCritical(), extValue);
}
Also used :
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
DERSequence(org.bouncycastle.asn1.DERSequence)
ExtensionValue(org.xipki.ca.api.profile.ExtensionValue)
SMIMECapabilities(org.xipki.ca.certprofile.x509.jaxb.SMIMECapabilities)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
SMIMECapability(org.xipki.ca.certprofile.x509.jaxb.SMIMECapability)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 68 with ASN1Integer
use of org.bouncycastle.asn1.ASN1Integer in project xipki by xipki.
the class X509CmpRequestor method retrieveCaInfo.
public CaInfo retrieveCaInfo(String caName, RequestResponseDebug debug) throws CmpRequestorException, PkiErrorException {
ParamUtil.requireNonBlank("caName", caName);
ASN1EncodableVector vec = new ASN1EncodableVector();
vec.add(new ASN1Integer(2));
ASN1Sequence acceptVersions = new DERSequence(vec);
int action = XiSecurityConstants.CMP_ACTION_GET_CAINFO;
PKIMessage request = buildMessageWithXipkAction(action, acceptVersions);
PkiResponse response = signAndSend(request, debug);
ASN1Encodable itvValue = extractXipkiActionRepContent(response, action);
DERUTF8String utf8Str = DERUTF8String.getInstance(itvValue);
String systemInfoStr = utf8Str.getString();
LOG.debug("CAInfo for CA {}: {}", caName, systemInfoStr);
Document doc;
try {
doc = xmlDocBuilder.parse(new ByteArrayInputStream(systemInfoStr.getBytes("UTF-8")));
} catch (SAXException | IOException ex) {
throw new CmpRequestorException("could not parse the returned systemInfo for CA " + caName + ": " + ex.getMessage(), ex);
}
final String namespace = null;
Element root = doc.getDocumentElement();
String str = root.getAttribute("version");
if (StringUtil.isBlank(str)) {
str = root.getAttributeNS(namespace, "version");
}
int version = StringUtil.isBlank(str) ? 1 : Integer.parseInt(str);
if (version == 2) {
// CACert
X509Certificate caCert;
String b64CaCert = XmlUtil.getValueOfFirstElementChild(root, namespace, "CACert");
try {
caCert = X509Util.parseBase64EncodedCert(b64CaCert);
} catch (CertificateException ex) {
throw new CmpRequestorException("could no parse the CA certificate", ex);
}
// CmpControl
ClientCmpControl cmpControl = null;
Element cmpCtrlElement = XmlUtil.getFirstElementChild(root, namespace, "cmpControl");
if (cmpCtrlElement != null) {
String tmpStr = XmlUtil.getValueOfFirstElementChild(cmpCtrlElement, namespace, "rrAkiRequired");
boolean required = (tmpStr == null) ? false : Boolean.parseBoolean(tmpStr);
cmpControl = new ClientCmpControl(required);
}
// certprofiles
Set<String> profileNames = new HashSet<>();
Element profilesElement = XmlUtil.getFirstElementChild(root, namespace, "certprofiles");
Set<CertprofileInfo> profiles = new HashSet<>();
if (profilesElement != null) {
List<Element> profileElements = XmlUtil.getElementChilden(profilesElement, namespace, "certprofile");
for (Element element : profileElements) {
String name = XmlUtil.getValueOfFirstElementChild(element, namespace, "name");
String type = XmlUtil.getValueOfFirstElementChild(element, namespace, "type");
String conf = XmlUtil.getValueOfFirstElementChild(element, namespace, "conf");
CertprofileInfo profile = new CertprofileInfo(name, type, conf);
profiles.add(profile);
profileNames.add(name);
LOG.debug("configured for CA {} certprofile (name={}, type={}, conf={})", caName, name, type, conf);
}
}
LOG.info("CA {} supports profiles {}", caName, profileNames);
return new CaInfo(caCert, cmpControl, profiles);
} else {
throw new CmpRequestorException("unknown CAInfo version " + version);
}
}
Also used :
PkiResponse(org.xipki.cmp.PkiResponse)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
Element(org.w3c.dom.Element)
CertificateException(java.security.cert.CertificateException)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Document(org.w3c.dom.Document)
SAXException(org.xml.sax.SAXException)
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
HashSet(java.util.HashSet)
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
CertprofileInfo(org.xipki.ca.client.api.CertprofileInfo)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Example 69 with ASN1Integer
use of org.bouncycastle.asn1.ASN1Integer in project xipki by xipki.
the class X509CmpRequestor method buildUnrevokeOrRemoveCertRequest.
// method buildRevokeCertRequest
private PKIMessage buildUnrevokeOrRemoveCertRequest(UnrevokeOrRemoveCertRequest request, int reasonCode) throws CmpRequestorException {
PKIHeader header = buildPkiHeader(null);
List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries();
List<RevDetails> revDetailsArray = new ArrayList<>(requestEntries.size());
for (UnrevokeOrRemoveCertEntry requestEntry : requestEntries) {
CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
certTempBuilder.setIssuer(requestEntry.getIssuer());
certTempBuilder.setSerialNumber(new ASN1Integer(requestEntry.getSerialNumber()));
byte[] aki = requestEntry.getAuthorityKeyIdentifier();
if (aki != null) {
Extensions certTempExts = getCertTempExtensions(aki);
certTempBuilder.setExtensions(certTempExts);
}
Extension[] extensions = new Extension[1];
try {
ASN1Enumerated reason = new ASN1Enumerated(reasonCode);
extensions[0] = new Extension(Extension.reasonCode, true, new DEROctetString(reason.getEncoded()));
} catch (IOException ex) {
throw new CmpRequestorException(ex.getMessage(), ex);
}
Extensions exts = new Extensions(extensions);
RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts);
revDetailsArray.add(revDetails);
}
RevReqContent content = new RevReqContent(revDetailsArray.toArray(new RevDetails[0]));
PKIBody body = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content);
return new PKIMessage(header, body);
}
Also used :
PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader)
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
ArrayList(java.util.ArrayList)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
Extensions(org.bouncycastle.asn1.x509.Extensions)
RevReqContent(org.bouncycastle.asn1.cmp.RevReqContent)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Extension(org.bouncycastle.asn1.x509.Extension)
CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder)
ASN1Enumerated(org.bouncycastle.asn1.ASN1Enumerated)
UnrevokeOrRemoveCertEntry(org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry)
RevDetails(org.bouncycastle.asn1.cmp.RevDetails)
Example 70 with ASN1Integer
use of org.bouncycastle.asn1.ASN1Integer in project xipki by xipki.
the class Asn1GenRSAKeypairParams method toASN1Primitive.
@Override
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector vector = new ASN1EncodableVector();
vector.add(new Asn1P11SlotIdentifier(slotId));
vector.add(new DERUTF8String(label));
vector.add(new Asn1NewKeyControl(control));
vector.add(new ASN1Integer(keysize));
if (publicExponent != null) {
vector.add(new ASN1Integer(publicExponent));
}
return new DERSequence(vector);
}
Also used :
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
Aggregations
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)127
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)56
BigInteger (java.math.BigInteger)54
DERSequence (org.bouncycastle.asn1.DERSequence)51
IOException (java.io.IOException)44
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)43
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)29
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)21
DEROctetString (org.bouncycastle.asn1.DEROctetString)21
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)20
ArrayList (java.util.ArrayList)18
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)17
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)16
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)15
X509Certificate (java.security.cert.X509Certificate)14
Date (java.util.Date)12
DLSequence (org.bouncycastle.asn1.DLSequence)12
ByteArrayInputStream (java.io.ByteArrayInputStream)11
KeyPair (java.security.KeyPair)11
HashMap (java.util.HashMap)11
