use of org.bouncycastle.asn1.cms.Attributes in project robovm by robovm.
the class CertificationRequestInfo method toASN1Primitive.
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(version);
v.add(subject);
v.add(subjectPKInfo);
if (attributes != null) {
v.add(new DERTaggedObject(false, 0, attributes));
}
return new DERSequence(v);
}
use of org.bouncycastle.asn1.cms.Attributes in project athenz by yahoo.
the class Crypto method extractX509CSREmail.
public static String extractX509CSREmail(PKCS10CertificationRequest certReq) {
String rfc822 = null;
Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
for (Attribute attribute : attributes) {
for (ASN1Encodable value : attribute.getAttributeValues()) {
Extensions extensions = Extensions.getInstance(value);
GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
for (GeneralName name : gns.getNames()) {
if (name.getTagNo() == GeneralName.rfc822Name) {
rfc822 = (((DERIA5String) name.getName()).getString());
break;
}
}
}
}
return rfc822;
}
use of org.bouncycastle.asn1.cms.Attributes in project athenz by yahoo.
the class Crypto method extractX509CSRDnsNames.
public static List<String> extractX509CSRDnsNames(PKCS10CertificationRequest certReq) {
List<String> dnsNames = new ArrayList<>();
Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
for (Attribute attribute : attributes) {
for (ASN1Encodable value : attribute.getAttributeValues()) {
Extensions extensions = Extensions.getInstance(value);
GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
for (GeneralName name : gns.getNames()) {
if (name.getTagNo() == GeneralName.dNSName) {
dnsNames.add(((DERIA5String) name.getName()).getString());
}
}
}
}
return dnsNames;
}
use of org.bouncycastle.asn1.cms.Attributes in project athenz by yahoo.
the class InstanceClientRegister method main.
public static void main(String[] args) throws MalformedURLException, IOException {
// parse our command line to retrieve required input
CommandLine cmd = parseCommandLine(args);
String domainName = cmd.getOptionValue("domain").toLowerCase();
String serviceName = cmd.getOptionValue("service").toLowerCase();
String provider = cmd.getOptionValue("provider").toLowerCase();
String instance = cmd.getOptionValue("instance");
String dnsSuffix = cmd.getOptionValue("dnssuffix");
String providerKeyPath = cmd.getOptionValue("providerkey");
String providerKeyId = cmd.getOptionValue("providerkeyid");
String instanceKeyPath = cmd.getOptionValue("instancekey");
String ztsUrl = cmd.getOptionValue("ztsurl");
// get our configured private key
PrivateKey providerKey = Crypto.loadPrivateKey(new File(providerKeyPath));
// first we are going to generate our attestation data
// which we are going to use jwt. ZTS Server will send
// this object to the specified provider for validation
String compactJws = Jwts.builder().setSubject(domainName + "." + serviceName).setIssuer(provider).setAudience("zts").setId(instance).setExpiration(new Date(System.currentTimeMillis() + TimeUnit.MILLISECONDS.convert(5, TimeUnit.MINUTES))).setHeaderParam("keyId", providerKeyId).signWith(SignatureAlgorithm.RS256, providerKey).compact();
System.out.println("JWS: \n" + compactJws + "\n");
// now we need to generate our CSR so we can get
// a TLS certificate for our instance
PrivateKey instanceKey = Crypto.loadPrivateKey(new File(instanceKeyPath));
String csr = generateCSR(domainName, serviceName, instance, dnsSuffix, instanceKey);
if (csr == null) {
System.err.println("Unable to generate CSR for instance");
System.exit(1);
}
System.out.println("CSR: \n" + csr + "\n");
// now let's generate our instance register object that will be sent
// to the ZTS Server
InstanceRegisterInformation info = new InstanceRegisterInformation().setAttestationData(compactJws).setDomain(domainName).setService(serviceName).setProvider(provider).setToken(true).setCsr(csr);
// now contact zts server to request identity for instance
InstanceIdentity identity = null;
Map<String, List<String>> responseHeaders = new HashMap<>();
try (ZTSClient ztsClient = new ZTSClient(ztsUrl)) {
identity = ztsClient.postInstanceRegisterInformation(info, responseHeaders);
} catch (ZTSClientException ex) {
System.out.println("Unable to register instance: " + ex.getMessage());
System.exit(2);
}
System.out.println("Identity TLS Certificate: \n" + identity.getX509Certificate());
Map<String, String> attrs = identity.getAttributes();
if (attrs != null) {
System.out.println("Provider Attributes:");
for (String key : attrs.keySet()) {
System.out.println("\t" + key + ": " + attrs.get(key));
}
}
}
use of org.bouncycastle.asn1.cms.Attributes in project keystore-explorer by kaikramer.
the class OpenSslPvkUtil method getEncrypted.
/**
* OpenSSL encode and encrypt a private key. Encrypted OpenSSL private keys
* must always by PEM'd.
*
* @return The encrypted, PEM'd encoding
* @param privateKey
* The private key
* @param pbeType
* PBE algorithm to use for encryption
* @param password
* Encryption password
* @throws CryptoException
* Problem encountered while getting the encoded private key
*/
public static String getEncrypted(PrivateKey privateKey, OpenSslPbeType pbeType, Password password) throws CryptoException {
byte[] openSsl = get(privateKey);
String pemType = null;
if (privateKey instanceof RSAPrivateCrtKey) {
pemType = OPENSSL_RSA_PVK_PEM_TYPE;
} else if (privateKey instanceof ECPrivateKey) {
pemType = OPENSSL_EC_PVK_PEM_TYPE;
} else {
pemType = OPENSSL_DSA_PVK_PEM_TYPE;
}
byte[] salt = generateSalt(pbeType.saltSize() / 8);
String saltHex = bytesToHex(salt);
byte[] encOpenSsl = null;
try {
byte[] encryptKey = deriveKeyFromPassword(password, salt, pbeType.keySize());
// Create cipher - use all of the salt as the IV
Cipher cipher = createCipher(pbeType.jceCipher(), encryptKey, salt, ENCRYPT_MODE);
encOpenSsl = cipher.doFinal(openSsl);
} catch (GeneralSecurityException ex) {
throw new CryptoException(MessageFormat.format("OpenSslEncryptionFailed.exception.message", pbeType.friendly()), ex);
}
PemAttributes attributes = new PemAttributes();
attributes.add(new PemAttribute(PROC_TYPE_ATTR_NAME, PROC_TYPE_ATTR_VALUE));
String dekInfoAttrValue = MessageFormat.format(DEK_INFO_ATTR_VALUE_TEMPLATE, pbeType.dekInfo(), saltHex);
attributes.add(new PemAttribute(DEK_INFO_ATTR_NAME, dekInfoAttrValue));
PemInfo pemInfo = new PemInfo(pemType, attributes, encOpenSsl);
return PemUtil.encode(pemInfo);
}
Aggregations