Example 1 with Attribute
use of org.bouncycastle.asn1.pkcs.Attribute in project XobotOS by xamarin.
the class MiscPEMGenerator method createPemObject.
private PemObject createPemObject(Object o) throws IOException {
String type;
byte[] encoding;
if (o instanceof PemObject) {
return (PemObject) o;
}
if (o instanceof PemObjectGenerator) {
return ((PemObjectGenerator) o).generate();
}
if (o instanceof X509Certificate) {
type = "CERTIFICATE";
try {
encoding = ((X509Certificate) o).getEncoded();
} catch (CertificateEncodingException e) {
throw new PemGenerationException("Cannot encode object: " + e.toString());
}
} else if (o instanceof X509CRL) {
type = "X509 CRL";
try {
encoding = ((X509CRL) o).getEncoded();
} catch (CRLException e) {
throw new PemGenerationException("Cannot encode object: " + e.toString());
}
} else if (o instanceof KeyPair) {
return createPemObject(((KeyPair) o).getPrivate());
} else if (o instanceof PrivateKey) {
PrivateKeyInfo info = new PrivateKeyInfo((ASN1Sequence) ASN1Object.fromByteArray(((Key) o).getEncoded()));
if (o instanceof RSAPrivateKey) {
type = "RSA PRIVATE KEY";
encoding = info.getPrivateKey().getEncoded();
} else if (o instanceof DSAPrivateKey) {
type = "DSA PRIVATE KEY";
DSAParameter p = DSAParameter.getInstance(info.getAlgorithmId().getParameters());
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new DERInteger(0));
v.add(new DERInteger(p.getP()));
v.add(new DERInteger(p.getQ()));
v.add(new DERInteger(p.getG()));
BigInteger x = ((DSAPrivateKey) o).getX();
BigInteger y = p.getG().modPow(x, p.getP());
v.add(new DERInteger(y));
v.add(new DERInteger(x));
encoding = new DERSequence(v).getEncoded();
} else if (((PrivateKey) o).getAlgorithm().equals("ECDSA")) {
type = "EC PRIVATE KEY";
encoding = info.getPrivateKey().getEncoded();
} else {
throw new IOException("Cannot identify private key");
}
} else if (o instanceof PublicKey) {
type = "PUBLIC KEY";
encoding = ((PublicKey) o).getEncoded();
} else if (o instanceof X509AttributeCertificate) {
type = "ATTRIBUTE CERTIFICATE";
encoding = ((X509V2AttributeCertificate) o).getEncoded();
} else if (o instanceof PKCS10CertificationRequest) {
type = "CERTIFICATE REQUEST";
encoding = ((PKCS10CertificationRequest) o).getEncoded();
} else if (o instanceof ContentInfo) {
type = "PKCS7";
encoding = ((ContentInfo) o).getEncoded();
} else {
throw new PemGenerationException("unknown object passed - can't encode.");
}
return new PemObject(type, encoding);
}
Also used :
X509CRL(java.security.cert.X509CRL)
DSAPrivateKey(java.security.interfaces.DSAPrivateKey)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
PrivateKey(java.security.PrivateKey)
X509AttributeCertificate(org.bouncycastle.x509.X509AttributeCertificate)
DERInteger(org.bouncycastle.asn1.DERInteger)
PemObjectGenerator(org.bouncycastle.util.io.pem.PemObjectGenerator)
DERSequence(org.bouncycastle.asn1.DERSequence)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
DSAParameter(org.bouncycastle.asn1.x509.DSAParameter)
CRLException(java.security.cert.CRLException)
PKCS10CertificationRequest(org.bouncycastle.jce.PKCS10CertificationRequest)
KeyPair(java.security.KeyPair)
PemGenerationException(org.bouncycastle.util.io.pem.PemGenerationException)
PublicKey(java.security.PublicKey)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
X509V2AttributeCertificate(org.bouncycastle.x509.X509V2AttributeCertificate)
X509Certificate(java.security.cert.X509Certificate)
PemObject(org.bouncycastle.util.io.pem.PemObject)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DSAPrivateKey(java.security.interfaces.DSAPrivateKey)
BigInteger(java.math.BigInteger)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
DSAPrivateKey(java.security.interfaces.DSAPrivateKey)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
PublicKey(java.security.PublicKey)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
RSAPrivateCrtKey(java.security.interfaces.RSAPrivateCrtKey)
Example 2 with Attribute
use of org.bouncycastle.asn1.pkcs.Attribute in project XobotOS by xamarin.
the class Attribute method toASN1Object.
/**
* Produce an object suitable for an ASN1OutputStream.
* <pre>
* Attribute ::= SEQUENCE {
* attrType OBJECT IDENTIFIER,
* attrValues SET OF AttributeValue
* }
* </pre>
*/
public DERObject toASN1Object() {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(attrType);
v.add(attrValues);
return new DERSequence(v);
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
Example 3 with Attribute
use of org.bouncycastle.asn1.pkcs.Attribute in project robovm by robovm.
the class CertPathValidatorUtilities method getCRLIssuersFromDistributionPoint.
/**
* Add the CRL issuers from the cRLIssuer field of the distribution point or
* from the certificate if not given to the issuer criterion of the
* <code>selector</code>.
* <p/>
* The <code>issuerPrincipals</code> are a collection with a single
* <code>X500Principal</code> for <code>X509Certificate</code>s. For
* {@link X509AttributeCertificate}s the issuer may contain more than one
* <code>X500Principal</code>.
*
* @param dp The distribution point.
* @param issuerPrincipals The issuers of the certificate or attribute
* certificate which contains the distribution point.
* @param selector The CRL selector.
* @param pkixParams The PKIX parameters containing the cert stores.
* @throws AnnotatedException if an exception occurs while processing.
* @throws ClassCastException if <code>issuerPrincipals</code> does not
* contain only <code>X500Principal</code>s.
*/
protected static void getCRLIssuersFromDistributionPoint(DistributionPoint dp, Collection issuerPrincipals, X509CRLSelector selector, ExtendedPKIXParameters pkixParams) throws AnnotatedException {
List issuers = new ArrayList();
// indirect CRL
if (dp.getCRLIssuer() != null) {
GeneralName[] genNames = dp.getCRLIssuer().getNames();
// look for a DN
for (int j = 0; j < genNames.length; j++) {
if (genNames[j].getTagNo() == GeneralName.directoryName) {
try {
issuers.add(new X500Principal(genNames[j].getName().toASN1Primitive().getEncoded()));
} catch (IOException e) {
throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e);
}
}
}
} else {
/*
* certificate issuer is CRL issuer, distributionPoint field MUST be
* present.
*/
if (dp.getDistributionPoint() == null) {
throw new AnnotatedException("CRL issuer is omitted from distribution point but no distributionPoint field present.");
}
// add and check issuer principals
for (Iterator it = issuerPrincipals.iterator(); it.hasNext(); ) {
issuers.add((X500Principal) it.next());
}
}
// TODO: is not found although this should correctly add the rel name. selector of Sun is buggy here or PKI test case is invalid
// distributionPoint
// if (dp.getDistributionPoint() != null)
// {
// // look for nameRelativeToCRLIssuer
// if (dp.getDistributionPoint().getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER)
// {
// // append fragment to issuer, only one
// // issuer can be there, if this is given
// if (issuers.size() != 1)
// {
// throw new AnnotatedException(
// "nameRelativeToCRLIssuer field is given but more than one CRL issuer is given.");
// }
// ASN1Encodable relName = dp.getDistributionPoint().getName();
// Iterator it = issuers.iterator();
// List issuersTemp = new ArrayList(issuers.size());
// while (it.hasNext())
// {
// Enumeration e = null;
// try
// {
// e = ASN1Sequence.getInstance(
// new ASN1InputStream(((X500Principal) it.next())
// .getEncoded()).readObject()).getObjects();
// }
// catch (IOException ex)
// {
// throw new AnnotatedException(
// "Cannot decode CRL issuer information.", ex);
// }
// ASN1EncodableVector v = new ASN1EncodableVector();
// while (e.hasMoreElements())
// {
// v.add((ASN1Encodable) e.nextElement());
// }
// v.add(relName);
// issuersTemp.add(new X500Principal(new DERSequence(v)
// .getDEREncoded()));
// }
// issuers.clear();
// issuers.addAll(issuersTemp);
// }
// }
Iterator it = issuers.iterator();
while (it.hasNext()) {
try {
selector.addIssuerName(((X500Principal) it.next()).getEncoded());
} catch (IOException ex) {
throw new AnnotatedException("Cannot decode CRL issuer information.", ex);
}
}
}
Also used :
ArrayList(java.util.ArrayList)
Iterator(java.util.Iterator)
X500Principal(javax.security.auth.x500.X500Principal)
List(java.util.List)
ArrayList(java.util.ArrayList)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
IOException(java.io.IOException)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
Example 4 with Attribute
use of org.bouncycastle.asn1.pkcs.Attribute in project OpenAttestation by OpenAttestation.
the class X509AttributeCertificate method valueOf.
/**
*
* @param encodedCertificate
* @return
*/
@JsonCreator
public static X509AttributeCertificate valueOf(@JsonProperty("encoded") byte[] encodedCertificate) {
X509AttributeCertificate result = new X509AttributeCertificate(encodedCertificate);
X509AttributeCertificateHolder cert;
try {
cert = new X509AttributeCertificateHolder(encodedCertificate);
} catch (IOException e) {
throw new IllegalArgumentException(e);
}
// calls toString() on each X500Name so we get the default representation; we can do it ourselves for custom display; output example: CN=Attr CA,OU=CPG,OU=DCSG,O=Intel,ST=CA,C=US
log.debug("issuer: {}", StringUtils.join(cert.getIssuer().getNames(), "; "));
// but expected to be only one
result.issuer = StringUtils.join(cert.getIssuer().getNames(), "; ");
// output example: 1
log.debug("serial number: {}", cert.getSerialNumber().toString());
result.serialNumber = cert.getSerialNumber();
// output example: 2.25=#041092a71a228c174522a18bfd3ed3d00b39
log.debug("holder: {}", StringUtils.join(cert.getHolder().getEntityNames(), ", "));
// now let's get the UUID specifically out of this
log.debug("holder has {} entity names", cert.getHolder().getEntityNames().length);
for (X500Name entityName : cert.getHolder().getEntityNames()) {
log.debug("holder entity name has {} rdns", entityName.getRDNs().length);
for (RDN rdn : entityName.getRDNs()) {
log.debug("entity rdn is multivalued? {}", rdn.isMultiValued());
AttributeTypeAndValue attr = rdn.getFirst();
if (attr.getType().toString().equals(OID.HOST_UUID)) {
UUID uuid = UUID.valueOf(DEROctetString.getInstance(attr.getValue()).getOctets());
log.debug("holder uuid: {}", uuid);
// example: 33766a63-5c55-4461-8a84-5936577df450
result.subject = uuid.toString();
}
}
}
// if we ddin't identify the UUID, just display the subject same way we did the issuer... concat all the entity names. example: 2.25=#041033766a635c5544618a845936577df450 (notice that in the value, there's a #0410 prepended to the uuid 33766a635c5544618a845936577df450)
if (result.subject == null) {
result.subject = StringUtils.join(cert.getHolder().getEntityNames(), "; ");
}
// output example: Thu Aug 08 15:21:13 PDT 2013
log.debug("not before: {}", cert.getNotBefore());
// output example: Sun Sep 08 15:21:13 PDT 2013
log.debug("not after: {}", cert.getNotAfter());
result.notBefore = cert.getNotBefore();
result.notAfter = cert.getNotAfter();
Attribute[] attributes = cert.getAttributes();
result.tags1 = new ArrayList<UTF8NameValueMicroformat>();
result.tags2 = new ArrayList<UTF8NameValueSequence>();
result.tagsOther = new ArrayList<ASN1Encodable>();
for (Attribute attr : attributes) {
log.debug("attr {} is {}", attr.hashCode(), attr.toString());
result.attributes.add(attr);
for (ASN1Encodable value : attr.getAttributeValues()) {
// result.tags.add(new AttributeOidAndValue(attr.getAttrType().toString(), DERUTF8String.getInstance(value).getString()));
if (attr.getAttrType().toString().equals(UTF8NameValueMicroformat.OID)) {
// our values are just UTF-8 strings but if you use new String(value.getEncoded()) you will get two extra spaces at the beginning of the string
log.debug("name-value microformat attribute: {}", DERUTF8String.getInstance(value).getString());
UTF8NameValueMicroformat microformat = new UTF8NameValueMicroformat(DERUTF8String.getInstance(value));
log.debug("name-value microformat attribute (2) name {} value {}", microformat.getName(), microformat.getValue());
result.tags1.add(microformat);
} else if (attr.getAttrType().toString().equals(UTF8NameValueSequence.OID)) {
UTF8NameValueSequence sequence = new UTF8NameValueSequence(ASN1Sequence.getInstance(value));
String name = sequence.getName();
List<String> values = sequence.getValues();
log.debug("name-values asn.1 attribute {} values {}", name, values);
result.tags2.add(sequence);
} else {
log.debug("unrecognzied attribute type {}", attr.getAttrType().toString());
result.tagsOther.add(value);
}
/*
* output examples:
* attribute: 1.3.6.1.4.1.99999.1.1.1.1 is US
* attribute: 1.3.6.1.4.1.99999.2.2.2.2 is CA
* attribute: 1.3.6.1.4.1.99999.3.3.3.3 is Folsom
*/
}
}
log.debug("valueOf ok");
return result;
}
Also used :
Attribute(org.bouncycastle.asn1.x509.Attribute)
X509AttributeCertificateHolder(org.bouncycastle.cert.X509AttributeCertificateHolder)
IOException(java.io.IOException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
ArrayList(java.util.ArrayList)
List(java.util.List)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
UUID(com.intel.mtwilson.util.io.UUID)
RDN(org.bouncycastle.asn1.x500.RDN)
JsonCreator(org.codehaus.jackson.annotate.JsonCreator)
Example 5 with Attribute
use of org.bouncycastle.asn1.pkcs.Attribute in project OpenAttestation by OpenAttestation.
the class CertificateRepository method create.
@Override
public // @RequiresPermissions("tag_certificates:create")
void create(Certificate item) {
log.debug("Certificate:Create - Got request to create a new Certificate {}.", item.getId().toString());
CertificateLocator locator = new CertificateLocator();
locator.id = item.getId();
try (CertificateDAO dao = TagJdbi.certificateDao()) {
Certificate newCert = dao.findById(item.getId());
if (newCert == null) {
newCert = Certificate.valueOf(item.getCertificate());
dao.insert(item.getId(), newCert.getCertificate(), newCert.getSha1().toHexString(), newCert.getSha256().toHexString(), newCert.getSubject(), newCert.getIssuer(), newCert.getNotBefore(), newCert.getNotAfter());
log.debug("Certificate:Create - Created the Certificate {} successfully.", item.getId().toString());
} else {
log.error("Certificate:Create - Certificate {} will not be created since a duplicate Certificate already exists.", item.getId().toString());
throw new RepositoryCreateConflictException(locator);
}
} catch (RepositoryException re) {
throw re;
} catch (Exception ex) {
log.error("Certificate:Create - Error during certificate creation.", ex);
throw new RepositoryCreateException(ex, locator);
}
//Store tag values from Certificate
try {
log.info("Tags from certificate will now be stored");
KvAttributeRepository repository = new KvAttributeRepository();
KvAttribute kvAttrib = new KvAttribute();
if (kvAttrib == null || repository == null)
log.debug("kvAttrib or repository Obj is null, unable to store certificate tags");
else {
List<Attribute> certAttributes = X509AttributeCertificate.valueOf(item.getCertificate()).getAttribute();
for (Attribute attr : certAttributes) {
for (ASN1Encodable value : attr.getAttributeValues()) {
if (attr.getAttrType().toString().equals(UTF8NameValueMicroformat.OID)) {
UTF8NameValueMicroformat microformat = new UTF8NameValueMicroformat(DERUTF8String.getInstance(value));
// Check if that tag with same value already exists
KvAttributeFilterCriteria criteria = new KvAttributeFilterCriteria();
criteria.nameEqualTo = microformat.getName();
criteria.valueEqualTo = microformat.getValue();
KvAttributeCollection results = repository.search(criteria);
if (results.getDocuments().isEmpty()) {
kvAttrib.setId(new UUID());
kvAttrib.setName(microformat.getName());
kvAttrib.setValue(microformat.getValue());
repository.create(kvAttrib);
} else
log.debug("Tag with Name:{} & Value:{} is already stored.", microformat.getName(), microformat.getValue());
}
}
}
}
} catch (Exception e) {
log.error("Certificate:Create - Error during attribute scan", e);
}
}
Also used :
CertificateLocator(com.intel.mtwilson.datatypes.CertificateLocator)
CertificateDAO(com.intel.mtwilson.tag.dao.jdbi.CertificateDAO)
KvAttribute(com.intel.mtwilson.datatypes.KvAttribute)
Attribute(org.bouncycastle.asn1.x509.Attribute)
KvAttribute(com.intel.mtwilson.datatypes.KvAttribute)
RepositoryException(com.intel.mtwilson.tag.repository.RepositoryException)
RepositoryCreateConflictException(com.intel.mtwilson.tag.repository.RepositoryCreateConflictException)
RepositoryCreateException(com.intel.mtwilson.tag.repository.RepositoryCreateException)
RepositoryDeleteException(com.intel.mtwilson.tag.repository.RepositoryDeleteException)
RepositoryStoreException(com.intel.mtwilson.tag.repository.RepositoryStoreException)
RepositoryStoreConflictException(com.intel.mtwilson.tag.repository.RepositoryStoreConflictException)
RepositoryRetrieveException(com.intel.mtwilson.tag.repository.RepositoryRetrieveException)
RepositoryException(com.intel.mtwilson.tag.repository.RepositoryException)
RepositorySearchException(com.intel.mtwilson.tag.repository.RepositorySearchException)
RepositoryCreateConflictException(com.intel.mtwilson.tag.repository.RepositoryCreateConflictException)
KvAttributeCollection(com.intel.mtwilson.datatypes.KvAttributeCollection)
KvAttributeRepository(com.intel.mtwilson.tag.repository.KvAttributeRepository)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
KvAttributeFilterCriteria(com.intel.mtwilson.datatypes.KvAttributeFilterCriteria)
UUID(com.intel.mtwilson.util.io.UUID)
UTF8NameValueMicroformat(com.intel.mtwilson.datatypes.UTF8NameValueMicroformat)
Certificate(com.intel.mtwilson.datatypes.Certificate)
X509AttributeCertificate(com.intel.mtwilson.datatypes.X509AttributeCertificate)
RepositoryCreateException(com.intel.mtwilson.tag.repository.RepositoryCreateException)
Aggregations
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)18
IOException (java.io.IOException)16
ArrayList (java.util.ArrayList)13
List (java.util.List)11
Attribute (org.bouncycastle.asn1.cms.Attribute)10
X509Certificate (java.security.cert.X509Certificate)9
DEROctetString (org.bouncycastle.asn1.DEROctetString)9
DERSequence (org.bouncycastle.asn1.DERSequence)9
GeneralName (org.bouncycastle.asn1.x509.GeneralName)9
Iterator (java.util.Iterator)8
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)8
DERObject (org.bouncycastle.asn1.DERObject)8
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)6
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)6
ASN1Set (org.bouncycastle.asn1.ASN1Set)6
AttributeTable (org.bouncycastle.asn1.cms.AttributeTable)6
Enumeration (java.util.Enumeration)5
X500Principal (javax.security.auth.x500.X500Principal)5
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4
Vector (java.util.Vector)4
