Examples with org.bouncycastle.asn1.x509 org.bouncycastle.asn1.x509 used on opensource projects

Example 1 with org.bouncycastle.asn1.x509

use of org.bouncycastle.asn1.x509 in project dcache by dCache.

the class LoginResultPrinter method print.

private String print(X509Certificate[] certificates) {
    StringBuilder sb = new StringBuilder();
    sb.append("X509 Certificate chain:\n");
    int i = 1;
    for (X509Certificate certificate : certificates) {
        boolean isLastCertificate = i == certificates.length;
        sb.append("  |\n");
        String certDetails = print(certificate);
        boolean isFirstLine = true;
        for (String line : Splitter.on('\n').omitEmptyStrings().split(certDetails)) {
            if (isFirstLine) {
                sb.append("  +--");
            } else if (!isLastCertificate) {
                sb.append("  |  ");
            } else {
                sb.append("     ");
            }
            sb.append(line).append('\n');
            isFirstLine = false;
        }
        i++;
    }
    return sb.toString();
}

Example 2 with org.bouncycastle.asn1.x509

use of org.bouncycastle.asn1.x509 in project OpenUnison by TremoloSecurity.

the class X509ExtensionParsingUtil method extractExtensionValue.

/**
 * Extract a {@link ASN1OctetString} that represents the value of a given extension
 *
 * @param cert is X509 certificate out of which an extension should be extracted
 * @param Oid is the Object IDentifier for the extension
 * @return a {@link ASN1OctetString} that represents an extension or {@code null} if no such
 * extension is found.
 * @throws CertificateParsingException if a parsing error occurs
 */
public static ASN1OctetString extractExtensionValue(X509Certificate cert, String Oid) throws CertificateParsingException {
    byte[] extensionValue = cert.getExtensionValue(Oid);
    if (extensionValue == null || extensionValue.length == 0) {
        // Did not find extension
        return null;
    }
    ASN1Object asn1Object = getAsn1Object(extensionValue);
    if (asn1Object == null || !(asn1Object instanceof ASN1OctetString)) {
        throw new CertificateParsingException("Expected ASN1OctetString.");
    }
    return (ASN1OctetString) asn1Object;
}

Example 3 with org.bouncycastle.asn1.x509

use of org.bouncycastle.asn1.x509 in project gdmatrix by gdmatrix.

the class CMSUtils method createTimeStampRequest.

public static TimeStampReq createTimeStampRequest(byte[] message, String nonce, boolean requireCert, Extensions extensions, String digestAlgorithm, String timestampPolicy) throws NoSuchAlgorithmException {
    MessageDigest md = MessageDigest.getInstance("SHA1");
    byte[] hashedMsg = md.digest(message);
    ASN1ObjectIdentifier identifier = new ASN1ObjectIdentifier(digestAlgorithm);
    org.bouncycastle.asn1.tsp.MessageImprint imprint = new org.bouncycastle.asn1.tsp.MessageImprint(new AlgorithmIdentifier(identifier), hashedMsg);
    TimeStampReq request = new TimeStampReq(imprint, timestampPolicy != null ? new ASN1ObjectIdentifier(timestampPolicy) : null, nonce != null ? new ASN1Integer(nonce.getBytes()) : null, ASN1Boolean.getInstance(requireCert), extensions);
    return request;
}

Example 4 with org.bouncycastle.asn1.x509

use of org.bouncycastle.asn1.x509 in project laverca by laverca.

the class CmsSignature method getSignerCerts.

/**
 * Read the certificates used to sign a PKCS7 SignedData.
 *
 * @param sd PKCS7 SignedData
 * @return List of X509 certificates
 * @throws MssException if no certificate or signer info is found from the data
 */
public static List<X509Certificate> getSignerCerts(final SignedData sd) throws MssException {
    // 0. Setup.
    if (sd == null) {
        throw new IllegalArgumentException("null input");
    }
    List<X509Certificate> signerCerts = new ArrayList<X509Certificate>();
    // 1. Read PKCS7.Certificates to get all possible certs.
    log.debug("Read all certs");
    List<X509Certificate> certs = readCerts(sd);
    if (certs.isEmpty()) {
        throw new MssException("PKCS7 SignedData certificates not found");
    }
    // 2. Read PKCS7.SignerInfo to get all signers.
    log.debug("Read SignerInfo");
    List<SignerInfo> signerInfos = readSignerInfos(sd);
    if (signerInfos.isEmpty()) {
        throw new MssException("PKCS7 SignedData signerInfo not found");
    }
    // 3. Verify that signerInfo cert details match the cert on hand
    log.debug("Matching cert and SignerInfo details");
    for (SignerInfo si : signerInfos) {
        for (X509Certificate c : certs) {
            String siIssuer = readIssuer(si);
            String siSerial = readSerial(si);
            String cIssuer = c.getIssuerDN().toString();
            String cSerial = c.getSerialNumber().toString();
            if (dnsEqual(siIssuer, cIssuer) && siSerial.equals(cSerial)) {
                signerCerts.add(c);
                log.debug("Cert does match signerInfo");
                log.debug("SignerInfo   issuer:serial = " + siIssuer + ":" + siSerial);
                log.debug("Certificates issuer:serial = " + cIssuer + ":" + cSerial);
            } else {
                log.debug("Cert does not match signerInfo");
                log.debug("SignerInfo   issuer:serial = " + siIssuer + ":" + siSerial);
                log.debug("Certificates issuer:serial = " + cIssuer + ":" + cSerial);
            }
        }
    }
    // 4. Return the list.
    log.debug("Returning " + signerCerts.size() + " certs");
    return signerCerts;
}

Example 5 with org.bouncycastle.asn1.x509

use of org.bouncycastle.asn1.x509 in project Gene by Nervousync.

the class CertificateUtils method x509.

/**
 * Convert public key instance to X.509 certificate
 *
 * @param publicKey     Public key
 * @param serialNumber  Certificate serial number
 * @param beginDate     Certificate begin date
 * @param endDate       Certificate end date
 * @param certName      Certificate name
 * @param signKey       Certificate signer private key
 * @param signAlgorithm Signature algorithm
 * @return Generated X.509 certificate
 */
public static X509Certificate x509(PublicKey publicKey, long serialNumber, Date beginDate, Date endDate, String certName, PrivateKey signKey, String signAlgorithm) {
    if (publicKey == null || signKey == null || StringUtils.isEmpty(signAlgorithm)) {
        return null;
    }
    X500Name subjectDN = new X500Name("CN=" + certName);
    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
    X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(subjectDN, BigInteger.valueOf(serialNumber), beginDate, endDate, subjectDN, publicKeyInfo);
    try {
        x509v3CertificateBuilder.addExtension(Extension.basicConstraints, Boolean.FALSE, new BasicConstraints(Boolean.FALSE));
        ContentSigner contentSigner = new JcaContentSignerBuilder(signAlgorithm).setProvider("BC").build(signKey);
        X509CertificateHolder certificateHolder = x509v3CertificateBuilder.build(contentSigner);
        return new JcaX509CertificateConverter().getCertificate(certificateHolder);
    } catch (OperatorCreationException | GeneralSecurityException | IOException e) {
        LOGGER.error("Generate PKCS12 Certificate Failed! ");
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Stack message: ", e);
        }
    }
    return null;
}