Search in sources :

Example 96 with GeneralNames

use of org.bouncycastle.asn1.x509.GeneralNames in project certmgr by hdecarne.

the class DistributionPointName method decode.

/**
 * Decode {@code DistributionPointName} object from an ASN.1 data object.
 *
 * @param primitive The ASN.1 data object to decode.
 * @return The decoded distribution point name object.
 * @throws IOException if an I/O error occurs during decoding.
 */
public static DistributionPointName decode(ASN1Primitive primitive) throws IOException {
    ASN1TaggedObject taggedObject = decodePrimitive(primitive, ASN1TaggedObject.class);
    int taggedObjectTag = taggedObject.getTagNo();
    GeneralNames fullName = null;
    X500Principal nameRelativeToCRLIssuer = null;
    switch(taggedObjectTag) {
        case 0:
            fullName = GeneralNames.decode(taggedObject.getObject());
            break;
        case 1:
            nameRelativeToCRLIssuer = new X500Principal(taggedObject.getObject().getEncoded());
            break;
        default:
            throw new IOException("Unsupported tag: " + taggedObjectTag);
    }
    return new DistributionPointName(fullName, nameRelativeToCRLIssuer);
}
Also used : ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) X500Principal(javax.security.auth.x500.X500Principal) IOException(java.io.IOException)

Example 97 with GeneralNames

use of org.bouncycastle.asn1.x509.GeneralNames in project certmgr by hdecarne.

the class GeneralNames method decode.

/**
 * Decode {@code GeneralNames} object from an ASN.1 data object.
 *
 * @param primitive The ASN.1 data object to decode.
 * @return The decoded object.
 * @throws IOException if an I/O error occurs during decoding.
 */
public static GeneralNames decode(ASN1Primitive primitive) throws IOException {
    ASN1Primitive[] sequence = decodeSequence(primitive, 0, Integer.MAX_VALUE);
    GeneralNames generalNames = new GeneralNames();
    for (ASN1Primitive sequenceEntry : sequence) {
        generalNames.addName(GeneralName.decode(sequenceEntry));
    }
    return generalNames;
}
Also used : ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)

Example 98 with GeneralNames

use of org.bouncycastle.asn1.x509.GeneralNames in project vespa by vespa-engine.

the class Pkcs10CsrBuilder method build.

public Pkcs10Csr build() {
    try {
        PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic());
        ExtensionsGenerator extGen = new ExtensionsGenerator();
        if (basicConstraintsExtension != null) {
            extGen.addExtension(Extension.basicConstraints, basicConstraintsExtension.isCritical, new BasicConstraints(basicConstraintsExtension.isCertAuthorityCertificate));
        }
        if (!subjectAlternativeNames.isEmpty()) {
            GeneralNames generalNames = new GeneralNames(subjectAlternativeNames.stream().map(san -> new GeneralName(GeneralName.dNSName, san)).toArray(GeneralName[]::new));
            extGen.addExtension(Extension.subjectAlternativeName, false, generalNames);
        }
        requestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
        ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm.getAlgorithmName()).setProvider(BouncyCastleProviderHolder.getInstance()).build(keyPair.getPrivate());
        return new Pkcs10Csr(requestBuilder.build(contentSigner));
    } catch (OperatorCreationException e) {
        throw new RuntimeException(e);
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    }
}
Also used : JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder) UncheckedIOException(java.io.UncheckedIOException) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) GeneralName(org.bouncycastle.asn1.x509.GeneralName) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Example 99 with GeneralNames

use of org.bouncycastle.asn1.x509.GeneralNames in project signer by demoiselle.

the class SigningCertificateV2 method getValue.

@Override
public Attribute getValue() throws SignerException {
    try {
        X509Certificate cert = (X509Certificate) certificates[0];
        X509Certificate issuerCert = (X509Certificate) certificates[1];
        Digest digest = DigestFactory.getInstance().factoryDefault();
        digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
        byte[] certHash = digest.digest(cert.getEncoded());
        X500Name dirName = new X500Name(issuerCert.getSubjectX500Principal().getName());
        GeneralName name = new GeneralName(dirName);
        GeneralNames issuer = new GeneralNames(name);
        ASN1Integer serialNumber = new ASN1Integer(cert.getSerialNumber());
        IssuerSerial issuerSerial = new IssuerSerial(issuer, serialNumber);
        // SHA-256
        AlgorithmIdentifier algId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256);
        ESSCertIDv2 essCertIDv2 = new ESSCertIDv2(algId, certHash, issuerSerial);
        // return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(essCertIDv2)));
        return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(new ASN1Encodable[] { new DERSequence(essCertIDv2) })));
    } catch (CertificateEncodingException ex) {
        throw new SignerException(ex.getMessage());
    }
}
Also used : IssuerSerial(org.bouncycastle.asn1.x509.IssuerSerial) Digest(org.demoiselle.signer.cryptography.Digest) SignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.SignedAttribute) Attribute(org.bouncycastle.asn1.cms.Attribute) CertificateEncodingException(java.security.cert.CertificateEncodingException) X500Name(org.bouncycastle.asn1.x500.X500Name) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) DERSet(org.bouncycastle.asn1.DERSet) X509Certificate(java.security.cert.X509Certificate) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) DERSequence(org.bouncycastle.asn1.DERSequence) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) ESSCertIDv2(org.bouncycastle.asn1.ess.ESSCertIDv2) GeneralName(org.bouncycastle.asn1.x509.GeneralName) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 100 with GeneralNames

use of org.bouncycastle.asn1.x509.GeneralNames in project keystore-explorer by kaikramer.

the class X509Ext method getAuthorityKeyIdentifierStringValue.

private String getAuthorityKeyIdentifierStringValue(byte[] value) throws IOException {
    // @formatter:off
    /*
		 * AuthorityKeyIdentifier ::= ASN1Sequence { keyIdentifier [0]
		 * KeyIdentifier OPTIONAL, authorityCertIssuer [1] GeneralNames
		 * OPTIONAL, authorityCertSerialNumber [2] CertificateSerialNumber
		 * OPTIONAL }
		 *
		 * KeyIdentifier ::= OCTET STRING
		 *
		 * GeneralNames ::= ASN1Sequence SIZE (1..MAX) OF GeneralName
		 *
		 * CertificateSerialNumber ::= ASN1Integer
		 */
    // @formatter:on
    StringBuilder sb = new StringBuilder();
    AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(value);
    byte[] keyIdentifier = authorityKeyIdentifier.getKeyIdentifier();
    GeneralNames authorityCertIssuer = authorityKeyIdentifier.getAuthorityCertIssuer();
    BigInteger certificateSerialNumber = authorityKeyIdentifier.getAuthorityCertSerialNumber();
    if (keyIdentifier != null) {
        // Optional
        // Output as a hex string
        sb.append(MessageFormat.format(res.getString("AuthorityKeyIdentifier"), HexUtil.getHexString(keyIdentifier)));
        sb.append(NEWLINE);
    }
    if (authorityCertIssuer != null) {
        // Optional
        sb.append(res.getString("CertificateIssuer"));
        sb.append(NEWLINE);
        for (GeneralName generalName : authorityCertIssuer.getNames()) {
            sb.append(INDENT);
            sb.append(GeneralNameUtil.toString(generalName));
            sb.append(NEWLINE);
        }
    }
    if (certificateSerialNumber != null) {
        // Optional
        // Output as an integer
        sb.append(MessageFormat.format(res.getString("CertificateSerialNumber"), HexUtil.getHexString(certificateSerialNumber)));
        sb.append(NEWLINE);
    }
    return sb.toString();
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) BigInteger(java.math.BigInteger) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) GeneralName(org.bouncycastle.asn1.x509.GeneralName)

Aggregations

GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)87 GeneralName (org.bouncycastle.asn1.x509.GeneralName)75 IOException (java.io.IOException)40 X509Certificate (java.security.cert.X509Certificate)27 X500Name (org.bouncycastle.asn1.x500.X500Name)26 BigInteger (java.math.BigInteger)21 ArrayList (java.util.ArrayList)21 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)21 ContentSigner (org.bouncycastle.operator.ContentSigner)21 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)20 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)18 DERIA5String (org.bouncycastle.asn1.DERIA5String)17 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)17 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)17 DEROctetString (org.bouncycastle.asn1.DEROctetString)16 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)16 List (java.util.List)15 X500Principal (javax.security.auth.x500.X500Principal)15 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)15 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)15