Examples with org.bouncycastle.asn1.x509 org.bouncycastle.asn1.x509 used on opensource projects

Search in sources :

Example 41 with org.bouncycastle.asn1.x509

use of org.bouncycastle.asn1.x509 in project xipki by xipki.

the class XmlX509CertprofileUtil method createCertificatePolicies.

public static org.bouncycastle.asn1.x509.CertificatePolicies createCertificatePolicies(List<CertificatePolicyInformation> policyInfos) throws CertprofileException {
    ParamUtil.requireNonEmpty("policyInfos", policyInfos);
    int size = policyInfos.size();
    PolicyInformation[] infos = new PolicyInformation[size];
    int idx = 0;
    for (CertificatePolicyInformation policyInfo : policyInfos) {
        String policyId = policyInfo.getCertPolicyId();
        List<CertificatePolicyQualifier> qualifiers = policyInfo.getQualifiers();
        ASN1Sequence policyQualifiers = null;
        if (CollectionUtil.isNonEmpty(qualifiers)) {
            policyQualifiers = createPolicyQualifiers(qualifiers);
        }
        ASN1ObjectIdentifier policyOid = new ASN1ObjectIdentifier(policyId);
        infos[idx++] = (policyQualifiers == null) ? new PolicyInformation(policyOid) : new PolicyInformation(policyOid, policyQualifiers);
    }
    return new org.bouncycastle.asn1.x509.CertificatePolicies(infos);
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) PolicyInformation(org.bouncycastle.asn1.x509.PolicyInformation) CertificatePolicyInformation(org.xipki.ca.api.profile.x509.CertificatePolicyInformation) CertificatePolicyInformation(org.xipki.ca.api.profile.x509.CertificatePolicyInformation) CertificatePolicies(org.xipki.ca.certprofile.x509.jaxb.CertificatePolicies) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) CertificatePolicyQualifier(org.xipki.ca.api.profile.x509.CertificatePolicyQualifier) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 42 with org.bouncycastle.asn1.x509

use of org.bouncycastle.asn1.x509 in project xipki by xipki.

the class X509Util method extractSki.

public static byte[] extractSki(org.bouncycastle.asn1.x509.Certificate cert) throws CertificateEncodingException {
    ParamUtil.requireNonNull("cert", cert);
    Extension encodedSkiValue = cert.getTBSCertificate().getExtensions().getExtension(Extension.subjectKeyIdentifier);
    if (encodedSkiValue == null) {
        return null;
    }
    try {
        return ASN1OctetString.getInstance(encodedSkiValue.getParsedValue()).getOctets();
    } catch (IllegalArgumentException ex) {
        throw new CertificateEncodingException("invalid extension SubjectKeyIdentifier: " + ex.getMessage());
    }
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) CertificateEncodingException(java.security.cert.CertificateEncodingException)

Example 43 with org.bouncycastle.asn1.x509

use of org.bouncycastle.asn1.x509 in project xipki by xipki.

the class ExtensionsChecker method createExtensionIssue.

// method getExensionTypes
private ValidationIssue createExtensionIssue(ASN1ObjectIdentifier extId) {
    ValidationIssue issue;
    String extName = ObjectIdentifiers.getName(extId);
    if (extName == null) {
        extName = extId.getId().replace('.', '_');
        issue = new ValidationIssue("X509.EXT." + extName, "extension " + extId.getId());
    } else {
        issue = new ValidationIssue("X509.EXT." + extName, "extension " + extName + " (" + extId.getId() + ")");
    }
    return issue;
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERT61String(org.bouncycastle.asn1.DERT61String) ValidationIssue(org.xipki.common.qa.ValidationIssue)

Example 44 with org.bouncycastle.asn1.x509

use of org.bouncycastle.asn1.x509 in project xipki by xipki.

the class ExtensionsChecker method getKeyUsage.

// method createGeneralName
private static Set<String> getKeyUsage(byte[] extensionValue) {
    Set<String> usages = new HashSet<>();
    org.bouncycastle.asn1.x509.KeyUsage reqKeyUsage = org.bouncycastle.asn1.x509.KeyUsage.getInstance(extensionValue);
    for (KeyUsage k : KeyUsage.values()) {
        if (reqKeyUsage.hasUsages(k.getBcUsage())) {
            usages.add(k.getName());
        }
    }
    return usages;
}
Also used : KeyUsage(org.xipki.security.KeyUsage) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERT61String(org.bouncycastle.asn1.DERT61String) HashSet(java.util.HashSet)

Example 45 with org.bouncycastle.asn1.x509

use of org.bouncycastle.asn1.x509 in project xipki by xipki.

the class ExtensionsChecker method checkExtensionPrivateKeyUsagePeriod.

// method checkExtensionValidityModel
private void checkExtensionPrivateKeyUsagePeriod(StringBuilder failureMsg, byte[] extensionValue, Date certNotBefore, Date certNotAfter) {
    ASN1GeneralizedTime notBefore = new ASN1GeneralizedTime(certNotBefore);
    Date dateNotAfter;
    CertValidity privateKeyUsagePeriod = certProfile.getPrivateKeyUsagePeriod();
    if (privateKeyUsagePeriod == null) {
        dateNotAfter = certNotAfter;
    } else {
        dateNotAfter = privateKeyUsagePeriod.add(certNotBefore);
        if (dateNotAfter.after(certNotAfter)) {
            dateNotAfter = certNotAfter;
        }
    }
    ASN1GeneralizedTime notAfter = new ASN1GeneralizedTime(dateNotAfter);
    org.bouncycastle.asn1.x509.PrivateKeyUsagePeriod extValue = org.bouncycastle.asn1.x509.PrivateKeyUsagePeriod.getInstance(extensionValue);
    ASN1GeneralizedTime time = extValue.getNotBefore();
    if (time == null) {
        failureMsg.append("notBefore is absent but expected present; ");
    } else if (!time.equals(notBefore)) {
        addViolation(failureMsg, "notBefore", time.getTimeString(), notBefore.getTimeString());
    }
    time = extValue.getNotAfter();
    if (time == null) {
        failureMsg.append("notAfter is absent but expected present; ");
    } else if (!time.equals(notAfter)) {
        addViolation(failureMsg, "notAfter", time.getTimeString(), notAfter.getTimeString());
    }
}
Also used : CertValidity(org.xipki.ca.api.profile.CertValidity) ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) Date(java.util.Date)

Aggregations

IOException (java.io.IOException)81 X509Certificate (java.security.cert.X509Certificate)61 X500Name (org.bouncycastle.asn1.x500.X500Name)43 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)39 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)36 BigInteger (java.math.BigInteger)34 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)33 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)31 DEROctetString (org.bouncycastle.asn1.DEROctetString)31 DERIA5String (org.bouncycastle.asn1.DERIA5String)28 Date (java.util.Date)27 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)26 ArrayList (java.util.ArrayList)25 CertificateEncodingException (java.security.cert.CertificateEncodingException)24 CertificateException (java.security.cert.CertificateException)24 GeneralName (org.bouncycastle.asn1.x509.GeneralName)24 ByteArrayInputStream (java.io.ByteArrayInputStream)23 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)23 PrivateKey (java.security.PrivateKey)21 GeneralSecurityException (java.security.GeneralSecurityException)20
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial