Example 6 with X509AttributeCertificateHolder
use of org.bouncycastle.cert.X509AttributeCertificateHolder in project OpenAttestation by OpenAttestation.
the class X509AttrBuilder method build.
public byte[] build() {
if (notBefore == null || notAfter == null) {
// 1 day default
expires(1, TimeUnit.DAYS);
}
if (serialNumber == null) {
dateSerial();
}
if (subjectName == null) {
fault("Subject name is missing");
}
if (issuerName == null) {
fault("Issuer name is missing");
}
if (issuerPrivateKey == null) {
fault("Issuer private key is missing");
}
if (attributes.isEmpty()) {
fault("No attributes selected");
}
try {
if (getFaults().isEmpty()) {
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
ContentSigner authority = null;
if (issuerPrivateKey != null)
// create a bouncy castle content signer convert using our existing private key
authority = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(PrivateKeyFactory.createKey(issuerPrivateKey.getEncoded()));
// second, prepare the attribute certificate
// which is expected to be a UUID like this: 33766a63-5c55-4461-8a84-5936577df450
AttributeCertificateHolder holder = new AttributeCertificateHolder(subjectName);
AttributeCertificateIssuer issuer = new AttributeCertificateIssuer(issuerName);
X509v2AttributeCertificateBuilder builder = new X509v2AttributeCertificateBuilder(holder, issuer, serialNumber, notBefore, notAfter);
for (Attribute attribute : attributes) {
builder.addAttribute(attribute.oid, attribute.value);
}
// fourth, sign the attribute certificate
if (authority != null) {
X509AttributeCertificateHolder cert;
cert = builder.build(authority);
//X509AttributeCertificate.valueOf(cert.getEncoded());
return cert.getEncoded();
}
}
return null;
} catch (IOException | OperatorCreationException e) {
fault(e, "cannot sign certificate");
return null;
} finally {
done();
}
}
Also used :
X509v2AttributeCertificateBuilder(org.bouncycastle.cert.X509v2AttributeCertificateBuilder)
AttributeCertificateIssuer(org.bouncycastle.cert.AttributeCertificateIssuer)
X509AttributeCertificateHolder(org.bouncycastle.cert.X509AttributeCertificateHolder)
AttributeCertificateHolder(org.bouncycastle.cert.AttributeCertificateHolder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
X509AttributeCertificateHolder(org.bouncycastle.cert.X509AttributeCertificateHolder)
IOException(java.io.IOException)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
Aggregations
X509AttributeCertificateHolder (org.bouncycastle.cert.X509AttributeCertificateHolder)6
IOException (java.io.IOException)4
ArrayList (java.util.ArrayList)3
List (java.util.List)3
UUID (com.intel.mtwilson.util.io.UUID)2
Iterator (java.util.Iterator)2
CertificateList (org.bouncycastle.asn1.x509.CertificateList)2
DefaultDigestAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)2
Certificate (com.intel.mtwilson.datatypes.Certificate)1
X509AttributeCertificate (com.intel.mtwilson.datatypes.X509AttributeCertificate)1
Collection (java.util.Collection)1
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)1
DEROctetString (org.bouncycastle.asn1.DEROctetString)1
DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)1
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)1
AttributeTypeAndValue (org.bouncycastle.asn1.x500.AttributeTypeAndValue)1
RDN (org.bouncycastle.asn1.x500.RDN)1
X500Name (org.bouncycastle.asn1.x500.X500Name)1
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)1
Attribute (org.bouncycastle.asn1.x509.Attribute)1
