Example 1 with X509AttributeCertificateHolder
use of org.bouncycastle.cert.X509AttributeCertificateHolder in project OpenAttestation by OpenAttestation.
the class X509AttributeCertificate method valueOf.
/**
*
* @param encodedCertificate
* @return
*/
@JsonCreator
public static X509AttributeCertificate valueOf(@JsonProperty("encoded") byte[] encodedCertificate) {
X509AttributeCertificate result = new X509AttributeCertificate(encodedCertificate);
X509AttributeCertificateHolder cert;
try {
cert = new X509AttributeCertificateHolder(encodedCertificate);
} catch (IOException e) {
throw new IllegalArgumentException(e);
}
// calls toString() on each X500Name so we get the default representation; we can do it ourselves for custom display; output example: CN=Attr CA,OU=CPG,OU=DCSG,O=Intel,ST=CA,C=US
log.debug("issuer: {}", StringUtils.join(cert.getIssuer().getNames(), "; "));
// but expected to be only one
result.issuer = StringUtils.join(cert.getIssuer().getNames(), "; ");
// output example: 1
log.debug("serial number: {}", cert.getSerialNumber().toString());
result.serialNumber = cert.getSerialNumber();
// output example: 2.25=#041092a71a228c174522a18bfd3ed3d00b39
log.debug("holder: {}", StringUtils.join(cert.getHolder().getEntityNames(), ", "));
// now let's get the UUID specifically out of this
log.debug("holder has {} entity names", cert.getHolder().getEntityNames().length);
for (X500Name entityName : cert.getHolder().getEntityNames()) {
log.debug("holder entity name has {} rdns", entityName.getRDNs().length);
for (RDN rdn : entityName.getRDNs()) {
log.debug("entity rdn is multivalued? {}", rdn.isMultiValued());
AttributeTypeAndValue attr = rdn.getFirst();
if (attr.getType().toString().equals(OID.HOST_UUID)) {
UUID uuid = UUID.valueOf(DEROctetString.getInstance(attr.getValue()).getOctets());
log.debug("holder uuid: {}", uuid);
// example: 33766a63-5c55-4461-8a84-5936577df450
result.subject = uuid.toString();
}
}
}
// if we ddin't identify the UUID, just display the subject same way we did the issuer... concat all the entity names. example: 2.25=#041033766a635c5544618a845936577df450 (notice that in the value, there's a #0410 prepended to the uuid 33766a635c5544618a845936577df450)
if (result.subject == null) {
result.subject = StringUtils.join(cert.getHolder().getEntityNames(), "; ");
}
// output example: Thu Aug 08 15:21:13 PDT 2013
log.debug("not before: {}", cert.getNotBefore());
// output example: Sun Sep 08 15:21:13 PDT 2013
log.debug("not after: {}", cert.getNotAfter());
result.notBefore = cert.getNotBefore();
result.notAfter = cert.getNotAfter();
Attribute[] attributes = cert.getAttributes();
result.tags1 = new ArrayList<UTF8NameValueMicroformat>();
result.tags2 = new ArrayList<UTF8NameValueSequence>();
result.tagsOther = new ArrayList<ASN1Encodable>();
for (Attribute attr : attributes) {
log.debug("attr {} is {}", attr.hashCode(), attr.toString());
result.attributes.add(attr);
for (ASN1Encodable value : attr.getAttributeValues()) {
// result.tags.add(new AttributeOidAndValue(attr.getAttrType().toString(), DERUTF8String.getInstance(value).getString()));
if (attr.getAttrType().toString().equals(UTF8NameValueMicroformat.OID)) {
// our values are just UTF-8 strings but if you use new String(value.getEncoded()) you will get two extra spaces at the beginning of the string
log.debug("name-value microformat attribute: {}", DERUTF8String.getInstance(value).getString());
UTF8NameValueMicroformat microformat = new UTF8NameValueMicroformat(DERUTF8String.getInstance(value));
log.debug("name-value microformat attribute (2) name {} value {}", microformat.getName(), microformat.getValue());
result.tags1.add(microformat);
} else if (attr.getAttrType().toString().equals(UTF8NameValueSequence.OID)) {
UTF8NameValueSequence sequence = new UTF8NameValueSequence(ASN1Sequence.getInstance(value));
String name = sequence.getName();
List<String> values = sequence.getValues();
log.debug("name-values asn.1 attribute {} values {}", name, values);
result.tags2.add(sequence);
} else {
log.debug("unrecognzied attribute type {}", attr.getAttrType().toString());
result.tagsOther.add(value);
}
/*
* output examples:
* attribute: 1.3.6.1.4.1.99999.1.1.1.1 is US
* attribute: 1.3.6.1.4.1.99999.2.2.2.2 is CA
* attribute: 1.3.6.1.4.1.99999.3.3.3.3 is Folsom
*/
}
}
log.debug("valueOf ok");
return result;
}
Also used :
Attribute(org.bouncycastle.asn1.x509.Attribute)
X509AttributeCertificateHolder(org.bouncycastle.cert.X509AttributeCertificateHolder)
IOException(java.io.IOException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
ArrayList(java.util.ArrayList)
List(java.util.List)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
UUID(com.intel.mtwilson.util.io.UUID)
RDN(org.bouncycastle.asn1.x500.RDN)
JsonCreator(org.codehaus.jackson.annotate.JsonCreator)
Example 2 with X509AttributeCertificateHolder
use of org.bouncycastle.cert.X509AttributeCertificateHolder in project robovm by robovm.
the class CMSSignedHelper method createAttributeStore.
X509Store createAttributeStore(String type, Provider provider, Store certStore) throws NoSuchStoreException, CMSException {
try {
Collection certHldrs = certStore.getMatches(null);
List certs = new ArrayList(certHldrs.size());
for (Iterator it = certHldrs.iterator(); it.hasNext(); ) {
certs.add(new X509V2AttributeCertificate(((X509AttributeCertificateHolder) it.next()).getEncoded()));
}
return X509Store.getInstance("AttributeCertificate/" + type, new X509CollectionStoreParameters(certs), provider);
} catch (IllegalArgumentException e) {
throw new CMSException("can't setup the X509Store", e);
} catch (IOException e) {
throw new CMSException("can't setup the X509Store", e);
}
}
Also used :
ArrayList(java.util.ArrayList)
Iterator(java.util.Iterator)
Collection(java.util.Collection)
ArrayList(java.util.ArrayList)
CertificateList(org.bouncycastle.asn1.x509.CertificateList)
List(java.util.List)
X509AttributeCertificateHolder(org.bouncycastle.cert.X509AttributeCertificateHolder)
X509CollectionStoreParameters(org.bouncycastle.x509.X509CollectionStoreParameters)
IOException(java.io.IOException)
X509V2AttributeCertificate(org.bouncycastle.x509.X509V2AttributeCertificate)
Example 3 with X509AttributeCertificateHolder
use of org.bouncycastle.cert.X509AttributeCertificateHolder in project robovm by robovm.
the class CMSUtils method getAttributeCertificatesFromStore.
static List getAttributeCertificatesFromStore(Store attrStore) throws CMSException {
List certs = new ArrayList();
try {
for (Iterator it = attrStore.getMatches(null).iterator(); it.hasNext(); ) {
X509AttributeCertificateHolder attrCert = (X509AttributeCertificateHolder) it.next();
certs.add(new DERTaggedObject(false, 2, attrCert.toASN1Structure()));
}
return certs;
} catch (ClassCastException e) {
throw new CMSException("error processing certs", e);
}
}
Also used :
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
ArrayList(java.util.ArrayList)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
CertificateList(org.bouncycastle.asn1.x509.CertificateList)
List(java.util.List)
X509AttributeCertificateHolder(org.bouncycastle.cert.X509AttributeCertificateHolder)
Example 4 with X509AttributeCertificateHolder
use of org.bouncycastle.cert.X509AttributeCertificateHolder in project OpenAttestation by OpenAttestation.
the class X509AttributeCertificate method isValid.
/**
* This checks the certificate's notBefore and notAfter dates against the current time.
* This does NOT check the signature. Do that separately with isTrusted().
*
* @param date to check against the certificate's validity period
* @return true if the certificate is valid on the given date
*/
public boolean isValid(X509Certificate issuer, Date date) {
try {
X509AttributeCertificateHolder holder = new X509AttributeCertificateHolder(encoded);
ContentVerifierProvider verifierProvider = new BcRSAContentVerifierProviderBuilder(new DefaultDigestAlgorithmIdentifierFinder()).build(new X509CertificateHolder(issuer.getEncoded()));
if (!holder.isSignatureValid(verifierProvider)) {
log.debug("Certificate signature cannot be validated with certificate: {}", issuer.getIssuerX500Principal().getName());
return false;
}
return date.compareTo(notBefore) > -1 && date.compareTo(notAfter) < 1;
} catch (Exception e) {
log.error("Cannot initialize certificate verifier", e);
return false;
}
}
Also used :
BcRSAContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
X509AttributeCertificateHolder(org.bouncycastle.cert.X509AttributeCertificateHolder)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
IOException(java.io.IOException)
ContentVerifierProvider(org.bouncycastle.operator.ContentVerifierProvider)
Example 5 with X509AttributeCertificateHolder
use of org.bouncycastle.cert.X509AttributeCertificateHolder in project OpenAttestation by OpenAttestation.
the class ProvisionTagCertificate method storeTagCertificate.
// protected void storeAsyncRequest(String subject, SelectionsType selections, HttpServletResponse response) throws IOException {
// String xml = Util.toXml(selections);
// byte[] plaintext = xml.getBytes(Charset.forName("UTF-8"));
// CertificateRequest certificateRequest = new CertificateRequest();
// certificateRequest.setId(new UUID());
// certificateRequest.setStatus("New");
// certificateRequest.setSubject(subject);
// certificateRequest.setContent(plaintext);
// certificateRequest.setContentType("application/xml");
// getRepository().create(certificateRequest);
// response.addHeader("Asynchronous", "true");
// response.addHeader("Link", String.format("</tag-certificate-requests/%s>; rel=status", certificateRequest.getId().toString()));
//// response.addHeader("Link", String.format("</tag-certificates?certificateRequestIdEqualTo=%s>; rel=certificate", certificateRequest.getId().toString()));
// response.setStatus(Response.Status.ACCEPTED.getStatusCode());
// }
//
protected Certificate storeTagCertificate(String subject, byte[] attributeCertificateBytes) throws IOException {
X509AttributeCertificateHolder certificateHolder = new X509AttributeCertificateHolder(attributeCertificateBytes);
Certificate certificate = Certificate.valueOf(certificateHolder.getEncoded());
certificate.setId(new UUID());
// Call into the certificate repository to create the new certificate entry in the database.
certificateRepository.create(certificate);
return certificate;
}
Also used :
X509AttributeCertificateHolder(org.bouncycastle.cert.X509AttributeCertificateHolder)
UUID(com.intel.mtwilson.util.io.UUID)
Certificate(com.intel.mtwilson.datatypes.Certificate)
X509AttributeCertificate(com.intel.mtwilson.datatypes.X509AttributeCertificate)
Aggregations
X509AttributeCertificateHolder (org.bouncycastle.cert.X509AttributeCertificateHolder)6
IOException (java.io.IOException)4
ArrayList (java.util.ArrayList)3
List (java.util.List)3
UUID (com.intel.mtwilson.util.io.UUID)2
Iterator (java.util.Iterator)2
CertificateList (org.bouncycastle.asn1.x509.CertificateList)2
DefaultDigestAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)2
Certificate (com.intel.mtwilson.datatypes.Certificate)1
X509AttributeCertificate (com.intel.mtwilson.datatypes.X509AttributeCertificate)1
Collection (java.util.Collection)1
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)1
DEROctetString (org.bouncycastle.asn1.DEROctetString)1
DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)1
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)1
AttributeTypeAndValue (org.bouncycastle.asn1.x500.AttributeTypeAndValue)1
RDN (org.bouncycastle.asn1.x500.RDN)1
X500Name (org.bouncycastle.asn1.x500.X500Name)1
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)1
Attribute (org.bouncycastle.asn1.x509.Attribute)1
