use of org.bouncycastle.asn1.x509 in project xipki by xipki.
the class XmlX509CertprofileUtil method createCertificatePolicies.
public static org.bouncycastle.asn1.x509.CertificatePolicies createCertificatePolicies(List<CertificatePolicyInformation> policyInfos) throws CertprofileException {
ParamUtil.requireNonEmpty("policyInfos", policyInfos);
int size = policyInfos.size();
PolicyInformation[] infos = new PolicyInformation[size];
int idx = 0;
for (CertificatePolicyInformation policyInfo : policyInfos) {
String policyId = policyInfo.getCertPolicyId();
List<CertificatePolicyQualifier> qualifiers = policyInfo.getQualifiers();
ASN1Sequence policyQualifiers = null;
if (CollectionUtil.isNonEmpty(qualifiers)) {
policyQualifiers = createPolicyQualifiers(qualifiers);
}
ASN1ObjectIdentifier policyOid = new ASN1ObjectIdentifier(policyId);
infos[idx++] = (policyQualifiers == null) ? new PolicyInformation(policyOid) : new PolicyInformation(policyOid, policyQualifiers);
}
return new org.bouncycastle.asn1.x509.CertificatePolicies(infos);
}
use of org.bouncycastle.asn1.x509 in project xipki by xipki.
the class X509Util method extractSki.
public static byte[] extractSki(org.bouncycastle.asn1.x509.Certificate cert) throws CertificateEncodingException {
ParamUtil.requireNonNull("cert", cert);
Extension encodedSkiValue = cert.getTBSCertificate().getExtensions().getExtension(Extension.subjectKeyIdentifier);
if (encodedSkiValue == null) {
return null;
}
try {
return ASN1OctetString.getInstance(encodedSkiValue.getParsedValue()).getOctets();
} catch (IllegalArgumentException ex) {
throw new CertificateEncodingException("invalid extension SubjectKeyIdentifier: " + ex.getMessage());
}
}
use of org.bouncycastle.asn1.x509 in project xipki by xipki.
the class ExtensionsChecker method createExtensionIssue.
// method getExensionTypes
private ValidationIssue createExtensionIssue(ASN1ObjectIdentifier extId) {
ValidationIssue issue;
String extName = ObjectIdentifiers.getName(extId);
if (extName == null) {
extName = extId.getId().replace('.', '_');
issue = new ValidationIssue("X509.EXT." + extName, "extension " + extId.getId());
} else {
issue = new ValidationIssue("X509.EXT." + extName, "extension " + extName + " (" + extId.getId() + ")");
}
return issue;
}
use of org.bouncycastle.asn1.x509 in project xipki by xipki.
the class ExtensionsChecker method getKeyUsage.
// method createGeneralName
private static Set<String> getKeyUsage(byte[] extensionValue) {
Set<String> usages = new HashSet<>();
org.bouncycastle.asn1.x509.KeyUsage reqKeyUsage = org.bouncycastle.asn1.x509.KeyUsage.getInstance(extensionValue);
for (KeyUsage k : KeyUsage.values()) {
if (reqKeyUsage.hasUsages(k.getBcUsage())) {
usages.add(k.getName());
}
}
return usages;
}
use of org.bouncycastle.asn1.x509 in project xipki by xipki.
the class ExtensionsChecker method checkExtensionPrivateKeyUsagePeriod.
// method checkExtensionValidityModel
private void checkExtensionPrivateKeyUsagePeriod(StringBuilder failureMsg, byte[] extensionValue, Date certNotBefore, Date certNotAfter) {
ASN1GeneralizedTime notBefore = new ASN1GeneralizedTime(certNotBefore);
Date dateNotAfter;
CertValidity privateKeyUsagePeriod = certProfile.getPrivateKeyUsagePeriod();
if (privateKeyUsagePeriod == null) {
dateNotAfter = certNotAfter;
} else {
dateNotAfter = privateKeyUsagePeriod.add(certNotBefore);
if (dateNotAfter.after(certNotAfter)) {
dateNotAfter = certNotAfter;
}
}
ASN1GeneralizedTime notAfter = new ASN1GeneralizedTime(dateNotAfter);
org.bouncycastle.asn1.x509.PrivateKeyUsagePeriod extValue = org.bouncycastle.asn1.x509.PrivateKeyUsagePeriod.getInstance(extensionValue);
ASN1GeneralizedTime time = extValue.getNotBefore();
if (time == null) {
failureMsg.append("notBefore is absent but expected present; ");
} else if (!time.equals(notBefore)) {
addViolation(failureMsg, "notBefore", time.getTimeString(), notBefore.getTimeString());
}
time = extValue.getNotAfter();
if (time == null) {
failureMsg.append("notAfter is absent but expected present; ");
} else if (!time.equals(notAfter)) {
addViolation(failureMsg, "notAfter", time.getTimeString(), notAfter.getTimeString());
}
}
Aggregations