Search in sources :

Example 76 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project robovm by robovm.

the class X509CRLObject method getRevokedCertificate.

public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) {
    Enumeration certs = c.getRevokedCertificateEnumeration();
    // the issuer
    X500Name previousCertificateIssuer = null;
    while (certs.hasMoreElements()) {
        TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry) certs.nextElement();
        if (serialNumber.equals(entry.getUserCertificate().getValue())) {
            return new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer);
        }
        if (isIndirect && entry.hasExtensions()) {
            Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer);
            if (currentCaName != null) {
                previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName());
            }
        }
    }
    return null;
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) Enumeration(java.util.Enumeration) TBSCertList(org.bouncycastle.asn1.x509.TBSCertList) X500Name(org.bouncycastle.asn1.x500.X500Name) X509CRLEntry(java.security.cert.X509CRLEntry)

Example 77 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project robovm by robovm.

the class X509CRLObject method loadCRLEntries.

private Set loadCRLEntries() {
    Set entrySet = new HashSet();
    Enumeration certs = c.getRevokedCertificateEnumeration();
    // the issuer
    X500Name previousCertificateIssuer = null;
    while (certs.hasMoreElements()) {
        TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry) certs.nextElement();
        X509CRLEntryObject crlEntry = new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer);
        entrySet.add(crlEntry);
        if (isIndirect && entry.hasExtensions()) {
            Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer);
            if (currentCaName != null) {
                previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName());
            }
        }
    }
    return entrySet;
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) HashSet(java.util.HashSet) Set(java.util.Set) Enumeration(java.util.Enumeration) TBSCertList(org.bouncycastle.asn1.x509.TBSCertList) X500Name(org.bouncycastle.asn1.x500.X500Name) X509CRLEntry(java.security.cert.X509CRLEntry) HashSet(java.util.HashSet)

Example 78 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project jdk8u_jdk by JetBrains.

the class X509CertSelectorTest method testPathToName.

/*
     * Tests matching on the name constraints extension contained in the
     * certificate.
     */
private void testPathToName() throws IOException {
    System.out.println("X.509 Certificate Match on pathToName");
    X509CertSelector selector = null;
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.30"));
    byte[] encoded = in.getOctetString();
    NameConstraintsExtension ext = new NameConstraintsExtension(false, encoded);
    GeneralSubtrees permitted = (GeneralSubtrees) ext.get(PERMITTED_SUBTREES);
    GeneralSubtrees excluded = (GeneralSubtrees) ext.get(EXCLUDED_SUBTREES);
    // bad matches on pathToName within excluded subtrees
    if (excluded != null) {
        Iterator<GeneralSubtree> e = excluded.iterator();
        while (e.hasNext()) {
            GeneralSubtree tree = e.next();
            if (tree.getName().getType() == NAME_DIRECTORY) {
                X500Name excludedDN1 = new X500Name(tree.getName().toString());
                X500Name excludedDN2 = new X500Name("CN=Bogus, " + tree.getName().toString());
                DerOutputStream derDN1 = new DerOutputStream();
                DerOutputStream derDN2 = new DerOutputStream();
                excludedDN1.encode(derDN1);
                excludedDN2.encode(derDN2);
                selector = new X509CertSelector();
                selector.addPathToName(NAME_DIRECTORY, derDN1.toByteArray());
                checkMatch(selector, cert, false);
                selector.setPathToNames(null);
                selector.addPathToName(NAME_DIRECTORY, derDN2.toByteArray());
                checkMatch(selector, cert, false);
            }
        }
    }
    // good matches on pathToName within permitted subtrees
    if (permitted != null) {
        Iterator<GeneralSubtree> e = permitted.iterator();
        while (e.hasNext()) {
            GeneralSubtree tree = e.next();
            if (tree.getName().getType() == NAME_DIRECTORY) {
                X500Name permittedDN1 = new X500Name(tree.getName().toString());
                X500Name permittedDN2 = new X500Name("CN=good, " + tree.getName().toString());
                DerOutputStream derDN1 = new DerOutputStream();
                DerOutputStream derDN2 = new DerOutputStream();
                permittedDN1.encode(derDN1);
                permittedDN2.encode(derDN2);
                selector = new X509CertSelector();
                selector.addPathToName(NAME_DIRECTORY, derDN1.toByteArray());
                checkMatch(selector, cert, true);
                selector.setPathToNames(null);
                selector.addPathToName(NAME_DIRECTORY, derDN2.toByteArray());
                checkMatch(selector, cert, true);
            }
        }
    }
}
Also used : DerOutputStream(sun.security.util.DerOutputStream) GeneralSubtrees(sun.security.x509.GeneralSubtrees) X509CertSelector(java.security.cert.X509CertSelector) DerInputStream(sun.security.util.DerInputStream) NameConstraintsExtension(sun.security.x509.NameConstraintsExtension) GeneralSubtree(sun.security.x509.GeneralSubtree) X500Name(sun.security.x509.X500Name)

Example 79 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project jdk8u_jdk by JetBrains.

the class SmallPrimeExponentP method main.

public static void main(String[] argv) throws Exception {
    String osName = System.getProperty("os.name");
    if (!osName.startsWith("Windows")) {
        System.out.println("Not windows");
        return;
    }
    KeyStore ks = KeyStore.getInstance("Windows-MY");
    ks.load(null, null);
    CertAndKeyGen ckg = new CertAndKeyGen("RSA", "SHA1withRSA");
    ckg.setRandom(new SecureRandom());
    boolean see63 = false, see65 = false;
    while (!see63 || !see65) {
        ckg.generate(1024);
        RSAPrivateCrtKey k = (RSAPrivateCrtKey) ckg.getPrivateKey();
        int len = k.getPrimeExponentP().toByteArray().length;
        if (len == 63 || len == 65) {
            if (len == 63) {
                if (see63)
                    continue;
                else
                    see63 = true;
            }
            if (len == 65) {
                if (see65)
                    continue;
                else
                    see65 = true;
            }
            System.err.print(len);
            ks.setKeyEntry("anything", k, null, new X509Certificate[] { ckg.getSelfCertificate(new X500Name("CN=Me"), 1000) });
        }
        System.err.print('.');
    }
    ks.store(null, null);
}
Also used : RSAPrivateCrtKey(java.security.interfaces.RSAPrivateCrtKey) CertAndKeyGen(sun.security.tools.keytool.CertAndKeyGen) SecureRandom(java.security.SecureRandom) X500Name(sun.security.x509.X500Name) KeyStore(java.security.KeyStore)

Example 80 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project jdk8u_jdk by JetBrains.

the class PKCS10AttrEncoding method main.

public static void main(String[] args) throws Exception {
    // initializations
    int len = ids.length;
    Object[] values = { new ObjectIdentifier("1.2.3.4"), new GregorianCalendar(1970, 1, 25, 8, 56, 7).getTime(), "challenging" };
    for (int j = 0; j < len; j++) {
        constructedMap.put(ids[j], values[j]);
    }
    X500Name subject = new X500Name("cn=Test");
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
    String sigAlg = "DSA";
    keyGen.initialize(512);
    KeyPair pair = keyGen.generateKeyPair();
    X509Key publicKey = (X509Key) pair.getPublic();
    PrivateKey privateKey = pair.getPrivate();
    Signature signature = Signature.getInstance(sigAlg);
    signature.initSign(privateKey);
    // Create the PKCS10 request
    PKCS10Attribute[] attrs = new PKCS10Attribute[len];
    for (int j = 0; j < len; j++) {
        attrs[j] = new PKCS10Attribute(ids[j], values[j]);
    }
    PKCS10 req = new PKCS10(publicKey, new PKCS10Attributes(attrs));
    System.out.println("List of attributes in constructed PKCS10 " + "request: ");
    checkAttributes(req.getAttributes().getElements());
    // Encode the PKCS10 request and generate another PKCS10 request from
    // the encoded byte array
    req.encodeAndSign(subject, signature);
    PKCS10 resp = new PKCS10(req.getEncoded());
    System.out.println("List of attributes in DER encoded PKCS10 Request:");
    checkAttributes(resp.getAttributes().getElements());
    if (failedCount > 0) {
        throw new RuntimeException("Attributes Compared : Failed");
    }
    System.out.println("Attributes Compared : Pass");
}
Also used : PKCS10Attribute(sun.security.pkcs10.PKCS10Attribute) KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) PKCS10Attributes(sun.security.pkcs10.PKCS10Attributes) GregorianCalendar(java.util.GregorianCalendar) X500Name(sun.security.x509.X500Name) KeyPairGenerator(java.security.KeyPairGenerator) X509Key(sun.security.x509.X509Key) PKCS10(sun.security.pkcs10.PKCS10) Signature(java.security.Signature) ObjectIdentifier(sun.security.util.ObjectIdentifier)

Aggregations

X500Name (org.bouncycastle.asn1.x500.X500Name)58 X509Certificate (java.security.cert.X509Certificate)45 X500Name (sun.security.x509.X500Name)39 IOException (java.io.IOException)25 Date (java.util.Date)25 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)23 BigInteger (java.math.BigInteger)20 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)20 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)19 SecureRandom (java.security.SecureRandom)18 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)18 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)17 PrivateKey (java.security.PrivateKey)14 CertificateEncodingException (java.security.cert.CertificateEncodingException)14 KeyPair (java.security.KeyPair)13 KeyStore (java.security.KeyStore)13 RDN (org.bouncycastle.asn1.x500.RDN)13 ContentSigner (org.bouncycastle.operator.ContentSigner)13 ArrayList (java.util.ArrayList)11 GeneralName (org.bouncycastle.asn1.x509.GeneralName)10