Search in sources :

Example 26 with Certificate

use of org.bouncycastle.asn1.x509.Certificate in project poi by apache.

the class TestSignatureInfo method initKeyPair.

private void initKeyPair(String alias, String subjectDN) throws Exception {
    final char[] password = "test".toCharArray();
    File file = new File("build/test.pfx");
    KeyStore keystore = KeyStore.getInstance("PKCS12");
    if (file.exists()) {
        FileInputStream fis = new FileInputStream(file);
        keystore.load(fis, password);
        fis.close();
    } else {
        keystore.load(null, password);
    }
    if (keystore.isKeyEntry(alias)) {
        Key key = keystore.getKey(alias, password);
        x509 = (X509Certificate) keystore.getCertificate(alias);
        keyPair = new KeyPair(x509.getPublicKey(), (PrivateKey) key);
    } else {
        keyPair = PkiTestUtils.generateKeyPair();
        Date notBefore = cal.getTime();
        Calendar cal2 = (Calendar) cal.clone();
        cal2.add(Calendar.YEAR, 1);
        Date notAfter = cal2.getTime();
        KeyUsage keyUsage = new KeyUsage(KeyUsage.digitalSignature);
        x509 = PkiTestUtils.generateCertificate(keyPair.getPublic(), subjectDN, notBefore, notAfter, null, keyPair.getPrivate(), true, 0, null, null, keyUsage);
        keystore.setKeyEntry(alias, keyPair.getPrivate(), password, new Certificate[] { x509 });
        FileOutputStream fos = new FileOutputStream(file);
        keystore.store(fos, password);
        fos.close();
    }
}
Also used : KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) Calendar(java.util.Calendar) FileOutputStream(java.io.FileOutputStream) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) File(java.io.File) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) Key(java.security.Key) PrivateKey(java.security.PrivateKey) Date(java.util.Date)

Example 27 with Certificate

use of org.bouncycastle.asn1.x509.Certificate in project robovm by robovm.

the class CertificateFactory method engineGenerateCertificate.

/**
     * Generates a certificate object and initializes it with the data
     * read from the input stream inStream.
     */
public java.security.cert.Certificate engineGenerateCertificate(InputStream in) throws CertificateException {
    if (currentStream == null) {
        currentStream = in;
        sData = null;
        sDataObjectCount = 0;
    } else if (// reset if input stream has changed
    currentStream != in) {
        currentStream = in;
        sData = null;
        sDataObjectCount = 0;
    }
    try {
        if (sData != null) {
            if (sDataObjectCount != sData.size()) {
                return getCertificate();
            } else {
                sData = null;
                sDataObjectCount = 0;
                return null;
            }
        }
        PushbackInputStream pis = new PushbackInputStream(in);
        int tag = pis.read();
        if (tag == -1) {
            return null;
        }
        pis.unread(tag);
        if (// assume ascii PEM encoded.
        tag != 0x30) {
            return readPEMCertificate(pis);
        } else {
            return readDERCertificate(new ASN1InputStream(pis));
        }
    } catch (Exception e) {
        throw new ExCertificateException(e);
    }
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) PushbackInputStream(java.io.PushbackInputStream) CertificateParsingException(java.security.cert.CertificateParsingException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) CRLException(java.security.cert.CRLException)

Example 28 with Certificate

use of org.bouncycastle.asn1.x509.Certificate in project robovm by robovm.

the class CertificateFactory method engineGenerateCRL.

/**
     * Generates a certificate revocation list (CRL) object and initializes
     * it with the data read from the input stream inStream.
     */
public CRL engineGenerateCRL(InputStream inStream) throws CRLException {
    if (currentCrlStream == null) {
        currentCrlStream = inStream;
        sCrlData = null;
        sCrlDataObjectCount = 0;
    } else if (// reset if input stream has changed
    currentCrlStream != inStream) {
        currentCrlStream = inStream;
        sCrlData = null;
        sCrlDataObjectCount = 0;
    }
    try {
        if (sCrlData != null) {
            if (sCrlDataObjectCount != sCrlData.size()) {
                return getCRL();
            } else {
                sCrlData = null;
                sCrlDataObjectCount = 0;
                return null;
            }
        }
        PushbackInputStream pis = new PushbackInputStream(inStream);
        int tag = pis.read();
        if (tag == -1) {
            return null;
        }
        pis.unread(tag);
        if (// assume ascii PEM encoded.
        tag != 0x30) {
            return readPEMCRL(pis);
        } else {
            // lazy evaluate to help processing of large CRLs
            return readDERCRL(new ASN1InputStream(pis, true));
        }
    } catch (CRLException e) {
        throw e;
    } catch (Exception e) {
        throw new CRLException(e.toString());
    }
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) PushbackInputStream(java.io.PushbackInputStream) CRLException(java.security.cert.CRLException) CertificateParsingException(java.security.cert.CertificateParsingException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) CRLException(java.security.cert.CRLException)

Example 29 with Certificate

use of org.bouncycastle.asn1.x509.Certificate in project robovm by robovm.

the class X509CRLEntryObject method toString.

public String toString() {
    StringBuffer buf = new StringBuffer();
    String nl = System.getProperty("line.separator");
    buf.append("      userCertificate: ").append(this.getSerialNumber()).append(nl);
    buf.append("       revocationDate: ").append(this.getRevocationDate()).append(nl);
    buf.append("       certificateIssuer: ").append(this.getCertificateIssuer()).append(nl);
    Extensions extensions = c.getExtensions();
    if (extensions != null) {
        Enumeration e = extensions.oids();
        if (e.hasMoreElements()) {
            buf.append("   crlEntryExtensions:").append(nl);
            while (e.hasMoreElements()) {
                ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
                Extension ext = extensions.getExtension(oid);
                if (ext.getExtnValue() != null) {
                    byte[] octs = ext.getExtnValue().getOctets();
                    ASN1InputStream dIn = new ASN1InputStream(octs);
                    buf.append("                       critical(").append(ext.isCritical()).append(") ");
                    try {
                        if (oid.equals(X509Extension.reasonCode)) {
                            buf.append(CRLReason.getInstance(ASN1Enumerated.getInstance(dIn.readObject()))).append(nl);
                        } else if (oid.equals(X509Extension.certificateIssuer)) {
                            buf.append("Certificate issuer: ").append(GeneralNames.getInstance(dIn.readObject())).append(nl);
                        } else {
                            buf.append(oid.getId());
                            buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
                        }
                    } catch (Exception ex) {
                        buf.append(oid.getId());
                        buf.append(" value = ").append("*****").append(nl);
                    }
                } else {
                    buf.append(nl);
                }
            }
        }
    }
    return buf.toString();
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) X509Extension(org.bouncycastle.asn1.x509.X509Extension) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) Enumeration(java.util.Enumeration) Extensions(org.bouncycastle.asn1.x509.Extensions) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) IOException(java.io.IOException) CRLException(java.security.cert.CRLException)

Example 30 with Certificate

use of org.bouncycastle.asn1.x509.Certificate in project robovm by robovm.

the class SignerInfoGeneratorBuilder method build.

/**
     * Build a generator with the passed in certHolder issuer and serial number as the signerIdentifier.
     *
     * @param contentSigner  operator for generating the final signature in the SignerInfo with.
     * @param certHolder  carrier for the X.509 certificate related to the contentSigner.
     * @return  a SignerInfoGenerator
     * @throws OperatorCreationException   if the generator cannot be built.
     */
public SignerInfoGenerator build(ContentSigner contentSigner, X509CertificateHolder certHolder) throws OperatorCreationException {
    SignerIdentifier sigId = new SignerIdentifier(new IssuerAndSerialNumber(certHolder.toASN1Structure()));
    SignerInfoGenerator sigInfoGen = createGenerator(contentSigner, sigId);
    sigInfoGen.setAssociatedCertificate(certHolder);
    return sigInfoGen;
}
Also used : IssuerAndSerialNumber(org.bouncycastle.asn1.cms.IssuerAndSerialNumber) SignerIdentifier(org.bouncycastle.asn1.cms.SignerIdentifier)

Aggregations

X509Certificate (java.security.cert.X509Certificate)204 IOException (java.io.IOException)149 X500Name (org.bouncycastle.asn1.x500.X500Name)111 Date (java.util.Date)95 BigInteger (java.math.BigInteger)88 CertificateException (java.security.cert.CertificateException)77 ArrayList (java.util.ArrayList)68 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)64 DEROctetString (org.bouncycastle.asn1.DEROctetString)63 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)62 ContentSigner (org.bouncycastle.operator.ContentSigner)61 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)60 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)56 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)55 GeneralName (org.bouncycastle.asn1.x509.GeneralName)51 DERIA5String (org.bouncycastle.asn1.DERIA5String)46 CertificateEncodingException (java.security.cert.CertificateEncodingException)44 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)41 KeyPair (java.security.KeyPair)40 PrivateKey (java.security.PrivateKey)40