Example 61 with Extensions
use of org.bouncycastle.asn1.x509.Extensions in project BiglyBT by BiglySoftware.
the class X509CRLEntryObject method toString.
public String toString() {
StringBuilder buf = new StringBuilder();
String nl = System.getProperty("line.separator");
buf.append(" userCertificate: ").append(this.getSerialNumber()).append(nl);
buf.append(" revocationDate: ").append(this.getRevocationDate()).append(nl);
X509Extensions extensions = c.getExtensions();
if (extensions != null) {
Enumeration e = extensions.oids();
if (e.hasMoreElements()) {
buf.append(" crlEntryExtensions:").append(nl);
while (e.hasMoreElements()) {
DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
X509Extension ext = extensions.getExtension(oid);
buf.append(ext);
}
}
}
return buf.toString();
}
Also used :
Enumeration(java.util.Enumeration)
X509Extension(org.gudy.bouncycastle.asn1.x509.X509Extension)
X509Extensions(org.gudy.bouncycastle.asn1.x509.X509Extensions)
DERObjectIdentifier(org.gudy.bouncycastle.asn1.DERObjectIdentifier)
Example 62 with Extensions
use of org.bouncycastle.asn1.x509.Extensions in project BiglyBT by BiglySoftware.
the class X509CRLObject method getExtensionOIDs.
private Set getExtensionOIDs(boolean critical) {
if (this.getVersion() == 2) {
HashSet set = new HashSet();
X509Extensions extensions = c.getTBSCertList().getExtensions();
Enumeration e = extensions.oids();
while (e.hasMoreElements()) {
DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
X509Extension ext = extensions.getExtension(oid);
if (critical == ext.isCritical()) {
set.add(oid.getId());
}
}
return set;
}
return null;
}
Also used :
Enumeration(java.util.Enumeration)
X509Extension(org.gudy.bouncycastle.asn1.x509.X509Extension)
X509Extensions(org.gudy.bouncycastle.asn1.x509.X509Extensions)
DERObjectIdentifier(org.gudy.bouncycastle.asn1.DERObjectIdentifier)
HashSet(java.util.HashSet)
Example 63 with Extensions
use of org.bouncycastle.asn1.x509.Extensions in project BiglyBT by BiglySoftware.
the class X509CertificateObject method getNonCriticalExtensionOIDs.
@Override
public Set getNonCriticalExtensionOIDs() {
if (this.getVersion() == 3) {
HashSet set = new HashSet();
X509Extensions extensions = c.getTBSCertificate().getExtensions();
if (extensions != null) {
Enumeration e = extensions.oids();
while (e.hasMoreElements()) {
DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
X509Extension ext = extensions.getExtension(oid);
if (!ext.isCritical()) {
set.add(oid.getId());
}
}
return set;
}
}
return null;
}
Also used :
X509Extension(org.gudy.bouncycastle.asn1.x509.X509Extension)
Example 64 with Extensions
use of org.bouncycastle.asn1.x509.Extensions in project BiglyBT by BiglySoftware.
the class X509V2AttributeCertificate method getExtensionValue.
@Override
public byte[] getExtensionValue(String oid) {
X509Extensions extensions = cert.getAcinfo().getExtensions();
if (extensions != null) {
X509Extension ext = extensions.getExtension(new DERObjectIdentifier(oid));
if (ext != null) {
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
DEROutputStream dOut = new DEROutputStream(bOut);
try {
dOut.writeObject(ext.getValue());
return bOut.toByteArray();
} catch (Exception e) {
throw new RuntimeException("error encoding " + e.toString());
}
}
}
return null;
}
Also used :
X509Extension(org.gudy.bouncycastle.asn1.x509.X509Extension)
X509Extensions(org.gudy.bouncycastle.asn1.x509.X509Extensions)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
ParseException(java.text.ParseException)
Example 65 with Extensions
use of org.bouncycastle.asn1.x509.Extensions in project certmgr by hdecarne.
the class X509CertificateHelper method generateCRT.
/**
* Generate a CRT object.
*
* @param dn The CRT's Distinguished Name (DN).
* @param key The CRT's key pair
* @param serial The CRT's serial.
* @param notBefore The CRT's validity start.
* @param notAfter The CRT's validity end.
* @param extensions The CRT's extension objects.
* @param issuerDN The issuer's Distinguished Name (DN).
* @param issuerKey The issuer's key pair.
* @param signatureAlgorithm The signature algorithm to use.
* @return The generated CRT object.
* @throws IOException if an error occurs during generation.
*/
public static X509Certificate generateCRT(X500Principal dn, KeyPair key, BigInteger serial, Date notBefore, Date notAfter, List<X509ExtensionData> extensions, X500Principal issuerDN, KeyPair issuerKey, SignatureAlgorithm signatureAlgorithm) throws IOException {
LOG.info("CRT generation ''{0}'' started...", dn);
// Initialize CRT builder
X509v3CertificateBuilder crtBuilder = new JcaX509v3CertificateBuilder(issuerDN, serial, notBefore, notAfter, dn, key.getPublic());
// Add custom extension objects
for (X509ExtensionData extensionData : extensions) {
String oid = extensionData.oid();
if (!oid.equals(Extension.subjectKeyIdentifier) && !oid.equals(Extension.authorityKeyIdentifier)) {
boolean critical = extensionData.getCritical();
crtBuilder.addExtension(new ASN1ObjectIdentifier(oid), critical, extensionData.encode());
} else {
LOG.warning("Ignoring key identifier extension");
}
}
X509Certificate crt;
try {
// Add standard extensions based upon the CRT's purpose
JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
for (X509ExtensionData extensionData : extensions) {
if (extensionData instanceof BasicConstraintsExtensionData) {
BasicConstraintsExtensionData basicConstraintsExtension = (BasicConstraintsExtensionData) extensionData;
if (basicConstraintsExtension.getCA()) {
// CRT is CA --> record it's key's identifier
crtBuilder.addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(key.getPublic()));
}
}
}
if (!key.equals(issuerKey)) {
// CRT is not self-signed --> record issuer key's identifier
crtBuilder.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(issuerKey.getPublic()));
}
// Sign CRT
ContentSigner crtSigner = new JcaContentSignerBuilder(signatureAlgorithm.algorithm()).build(issuerKey.getPrivate());
crt = new JcaX509CertificateConverter().getCertificate(crtBuilder.build(crtSigner));
} catch (OperatorCreationException | GeneralSecurityException e) {
throw new CertProviderException(e);
}
LOG.info("CRT generation ''{0}'' done", dn);
return crt;
}
Also used :
JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
GeneralSecurityException(java.security.GeneralSecurityException)
ContentSigner(org.bouncycastle.operator.ContentSigner)
CertProviderException(de.carne.certmgr.certs.CertProviderException)
X509Certificate(java.security.cert.X509Certificate)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)67
Extensions (org.bouncycastle.asn1.x509.Extensions)62
Extension (org.bouncycastle.asn1.x509.Extension)58
IOException (java.io.IOException)45
DEROctetString (org.bouncycastle.asn1.DEROctetString)39
HashSet (java.util.HashSet)35
Enumeration (java.util.Enumeration)34
X500Name (org.bouncycastle.asn1.x500.X500Name)32
BigInteger (java.math.BigInteger)30
Date (java.util.Date)30
DERIA5String (org.bouncycastle.asn1.DERIA5String)26
X509Certificate (java.security.cert.X509Certificate)25
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)25
ContentSigner (org.bouncycastle.operator.ContentSigner)24
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)23
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)23
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)23
GeneralName (org.bouncycastle.asn1.x509.GeneralName)23
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)22
ArrayList (java.util.ArrayList)21
