use of org.bouncycastle.asn1.x509 in project dcache by dCache.
the class LoginResultPrinter method print.
private String print(X509Certificate[] certificates) {
StringBuilder sb = new StringBuilder();
sb.append("X509 Certificate chain:\n");
int i = 1;
for (X509Certificate certificate : certificates) {
boolean isLastCertificate = i == certificates.length;
sb.append(" |\n");
String certDetails = print(certificate);
boolean isFirstLine = true;
for (String line : Splitter.on('\n').omitEmptyStrings().split(certDetails)) {
if (isFirstLine) {
sb.append(" +--");
} else if (!isLastCertificate) {
sb.append(" | ");
} else {
sb.append(" ");
}
sb.append(line).append('\n');
isFirstLine = false;
}
i++;
}
return sb.toString();
}
use of org.bouncycastle.asn1.x509 in project OpenUnison by TremoloSecurity.
the class X509ExtensionParsingUtil method extractExtensionValue.
/**
* Extract a {@link ASN1OctetString} that represents the value of a given extension
*
* @param cert is X509 certificate out of which an extension should be extracted
* @param Oid is the Object IDentifier for the extension
* @return a {@link ASN1OctetString} that represents an extension or {@code null} if no such
* extension is found.
* @throws CertificateParsingException if a parsing error occurs
*/
public static ASN1OctetString extractExtensionValue(X509Certificate cert, String Oid) throws CertificateParsingException {
byte[] extensionValue = cert.getExtensionValue(Oid);
if (extensionValue == null || extensionValue.length == 0) {
// Did not find extension
return null;
}
ASN1Object asn1Object = getAsn1Object(extensionValue);
if (asn1Object == null || !(asn1Object instanceof ASN1OctetString)) {
throw new CertificateParsingException("Expected ASN1OctetString.");
}
return (ASN1OctetString) asn1Object;
}
use of org.bouncycastle.asn1.x509 in project gdmatrix by gdmatrix.
the class CMSUtils method createTimeStampRequest.
public static TimeStampReq createTimeStampRequest(byte[] message, String nonce, boolean requireCert, Extensions extensions, String digestAlgorithm, String timestampPolicy) throws NoSuchAlgorithmException {
MessageDigest md = MessageDigest.getInstance("SHA1");
byte[] hashedMsg = md.digest(message);
ASN1ObjectIdentifier identifier = new ASN1ObjectIdentifier(digestAlgorithm);
org.bouncycastle.asn1.tsp.MessageImprint imprint = new org.bouncycastle.asn1.tsp.MessageImprint(new AlgorithmIdentifier(identifier), hashedMsg);
TimeStampReq request = new TimeStampReq(imprint, timestampPolicy != null ? new ASN1ObjectIdentifier(timestampPolicy) : null, nonce != null ? new ASN1Integer(nonce.getBytes()) : null, ASN1Boolean.getInstance(requireCert), extensions);
return request;
}
use of org.bouncycastle.asn1.x509 in project laverca by laverca.
the class CmsSignature method getSignerCerts.
/**
* Read the certificates used to sign a PKCS7 SignedData.
*
* @param sd PKCS7 SignedData
* @return List of X509 certificates
* @throws MssException if no certificate or signer info is found from the data
*/
public static List<X509Certificate> getSignerCerts(final SignedData sd) throws MssException {
// 0. Setup.
if (sd == null) {
throw new IllegalArgumentException("null input");
}
List<X509Certificate> signerCerts = new ArrayList<X509Certificate>();
// 1. Read PKCS7.Certificates to get all possible certs.
log.debug("Read all certs");
List<X509Certificate> certs = readCerts(sd);
if (certs.isEmpty()) {
throw new MssException("PKCS7 SignedData certificates not found");
}
// 2. Read PKCS7.SignerInfo to get all signers.
log.debug("Read SignerInfo");
List<SignerInfo> signerInfos = readSignerInfos(sd);
if (signerInfos.isEmpty()) {
throw new MssException("PKCS7 SignedData signerInfo not found");
}
// 3. Verify that signerInfo cert details match the cert on hand
log.debug("Matching cert and SignerInfo details");
for (SignerInfo si : signerInfos) {
for (X509Certificate c : certs) {
String siIssuer = readIssuer(si);
String siSerial = readSerial(si);
String cIssuer = c.getIssuerDN().toString();
String cSerial = c.getSerialNumber().toString();
if (dnsEqual(siIssuer, cIssuer) && siSerial.equals(cSerial)) {
signerCerts.add(c);
log.debug("Cert does match signerInfo");
log.debug("SignerInfo issuer:serial = " + siIssuer + ":" + siSerial);
log.debug("Certificates issuer:serial = " + cIssuer + ":" + cSerial);
} else {
log.debug("Cert does not match signerInfo");
log.debug("SignerInfo issuer:serial = " + siIssuer + ":" + siSerial);
log.debug("Certificates issuer:serial = " + cIssuer + ":" + cSerial);
}
}
}
// 4. Return the list.
log.debug("Returning " + signerCerts.size() + " certs");
return signerCerts;
}
use of org.bouncycastle.asn1.x509 in project Gene by Nervousync.
the class CertificateUtils method x509.
/**
* Convert public key instance to X.509 certificate
*
* @param publicKey Public key
* @param serialNumber Certificate serial number
* @param beginDate Certificate begin date
* @param endDate Certificate end date
* @param certName Certificate name
* @param signKey Certificate signer private key
* @param signAlgorithm Signature algorithm
* @return Generated X.509 certificate
*/
public static X509Certificate x509(PublicKey publicKey, long serialNumber, Date beginDate, Date endDate, String certName, PrivateKey signKey, String signAlgorithm) {
if (publicKey == null || signKey == null || StringUtils.isEmpty(signAlgorithm)) {
return null;
}
X500Name subjectDN = new X500Name("CN=" + certName);
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(subjectDN, BigInteger.valueOf(serialNumber), beginDate, endDate, subjectDN, publicKeyInfo);
try {
x509v3CertificateBuilder.addExtension(Extension.basicConstraints, Boolean.FALSE, new BasicConstraints(Boolean.FALSE));
ContentSigner contentSigner = new JcaContentSignerBuilder(signAlgorithm).setProvider("BC").build(signKey);
X509CertificateHolder certificateHolder = x509v3CertificateBuilder.build(contentSigner);
return new JcaX509CertificateConverter().getCertificate(certificateHolder);
} catch (OperatorCreationException | GeneralSecurityException | IOException e) {
LOGGER.error("Generate PKCS12 Certificate Failed! ");
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Stack message: ", e);
}
}
return null;
}
Aggregations