Examples with Extension org.gluu.oxtrust.model.scim2.Extension used on opensource projects

Search in sources :

Example 86 with Extension

use of org.gluu.oxtrust.model.scim2.Extension in project xipki by xipki.

the class CmpCaClient method revokeCert.

// method requestCerts
public boolean revokeCert(BigInteger serialNumber, CRLReason reason) throws Exception {
    ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(PKIHeader.CMP_2000, requestorSubject, responderSubject);
    builder.setMessageTime(new Date());
    builder.setTransactionID(randomTransactionId());
    builder.setSenderNonce(randomSenderNonce());
    CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
    certTempBuilder.setIssuer(caSubject);
    certTempBuilder.setSerialNumber(new ASN1Integer(serialNumber));
    AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(caSubjectKeyIdentifier);
    byte[] encodedAki = aki.getEncoded();
    Extension extAki = new Extension(Extension.authorityKeyIdentifier, false, encodedAki);
    Extensions certTempExts = new Extensions(extAki);
    certTempBuilder.setExtensions(certTempExts);
    ASN1Enumerated asn1Reason = new ASN1Enumerated(reason.getValue().intValue());
    Extensions exts = new Extensions(new Extension(Extension.reasonCode, true, new DEROctetString(asn1Reason.getEncoded())));
    RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts);
    RevReqContent content = new RevReqContent(revDetails);
    builder.setBody(new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content));
    ProtectedPKIMessage request = builder.build(requestorSigner);
    PKIMessage response = transmit(request);
    return parseRevocationResult(response, serialNumber);
}
Also used : ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) Extensions(org.bouncycastle.asn1.x509.Extensions) RevReqContent(org.bouncycastle.asn1.cmp.RevReqContent) Date(java.util.Date) DEROctetString(org.bouncycastle.asn1.DEROctetString) Extension(org.bouncycastle.asn1.x509.Extension) CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder) ASN1Enumerated(org.bouncycastle.asn1.ASN1Enumerated) ProtectedPKIMessageBuilder(org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder) RevDetails(org.bouncycastle.asn1.cmp.RevDetails)

Example 87 with Extension

use of org.gluu.oxtrust.model.scim2.Extension in project xipki by xipki.

the class EnrollCertAction method execute0.

@Override
protected Object execute0() throws Exception {
    if (caName != null) {
        caName = caName.toLowerCase();
    }
    CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
    ConcurrentContentSigner signer = getSigner(new SignatureAlgoControl(rsaMgf1, dsaPlain, gm));
    X509CertificateHolder ssCert = signer.getBcCertificate();
    X500Name x500Subject = new X500Name(subject);
    certTemplateBuilder.setSubject(x500Subject);
    certTemplateBuilder.setPublicKey(ssCert.getSubjectPublicKeyInfo());
    if (StringUtil.isNotBlank(notBeforeS) || StringUtil.isNotBlank(notAfterS)) {
        Time notBefore = StringUtil.isNotBlank(notBeforeS) ? new Time(DateUtil.parseUtcTimeyyyyMMddhhmmss(notBeforeS)) : null;
        Time notAfter = StringUtil.isNotBlank(notAfterS) ? new Time(DateUtil.parseUtcTimeyyyyMMddhhmmss(notAfterS)) : null;
        OptionalValidity validity = new OptionalValidity(notBefore, notAfter);
        certTemplateBuilder.setValidity(validity);
    }
    if (needExtensionTypes == null) {
        needExtensionTypes = new LinkedList<>();
    }
    // SubjectAltNames
    List<Extension> extensions = new LinkedList<>();
    if (isNotEmpty(subjectAltNames)) {
        extensions.add(X509Util.createExtnSubjectAltName(subjectAltNames, false));
        needExtensionTypes.add(Extension.subjectAlternativeName.getId());
    }
    // SubjectInfoAccess
    if (isNotEmpty(subjectInfoAccesses)) {
        extensions.add(X509Util.createExtnSubjectInfoAccess(subjectInfoAccesses, false));
        needExtensionTypes.add(Extension.subjectInfoAccess.getId());
    }
    // Keyusage
    if (isNotEmpty(keyusages)) {
        Set<KeyUsage> usages = new HashSet<>();
        for (String usage : keyusages) {
            usages.add(KeyUsage.getKeyUsage(usage));
        }
        org.bouncycastle.asn1.x509.KeyUsage extValue = X509Util.createKeyUsage(usages);
        ASN1ObjectIdentifier extType = Extension.keyUsage;
        extensions.add(new Extension(extType, false, extValue.getEncoded()));
        needExtensionTypes.add(extType.getId());
    }
    // ExtendedKeyusage
    if (isNotEmpty(extkeyusages)) {
        ExtendedKeyUsage extValue = X509Util.createExtendedUsage(textToAsn1ObjectIdentifers(extkeyusages));
        ASN1ObjectIdentifier extType = Extension.extendedKeyUsage;
        extensions.add(new Extension(extType, false, extValue.getEncoded()));
        needExtensionTypes.add(extType.getId());
    }
    // QcEuLimitValue
    if (isNotEmpty(qcEuLimits)) {
        ASN1EncodableVector vec = new ASN1EncodableVector();
        for (String m : qcEuLimits) {
            StringTokenizer st = new StringTokenizer(m, ":");
            try {
                String currencyS = st.nextToken();
                String amountS = st.nextToken();
                String exponentS = st.nextToken();
                Iso4217CurrencyCode currency;
                try {
                    int intValue = Integer.parseInt(currencyS);
                    currency = new Iso4217CurrencyCode(intValue);
                } catch (NumberFormatException ex) {
                    currency = new Iso4217CurrencyCode(currencyS);
                }
                int amount = Integer.parseInt(amountS);
                int exponent = Integer.parseInt(exponentS);
                MonetaryValue monterayValue = new MonetaryValue(currency, amount, exponent);
                QCStatement statment = new QCStatement(ObjectIdentifiers.id_etsi_qcs_QcLimitValue, monterayValue);
                vec.add(statment);
            } catch (Exception ex) {
                throw new Exception("invalid qc-eu-limit '" + m + "'");
            }
        }
        ASN1ObjectIdentifier extType = Extension.qCStatements;
        ASN1Sequence extValue = new DERSequence(vec);
        extensions.add(new Extension(extType, false, extValue.getEncoded()));
        needExtensionTypes.add(extType.getId());
    }
    // biometricInfo
    if (biometricType != null && biometricHashAlgo != null && biometricFile != null) {
        TypeOfBiometricData objBiometricType = StringUtil.isNumber(biometricType) ? new TypeOfBiometricData(Integer.parseInt(biometricType)) : new TypeOfBiometricData(new ASN1ObjectIdentifier(biometricType));
        ASN1ObjectIdentifier objBiometricHashAlgo = AlgorithmUtil.getHashAlg(biometricHashAlgo);
        byte[] biometricBytes = IoUtil.read(biometricFile);
        MessageDigest md = MessageDigest.getInstance(objBiometricHashAlgo.getId());
        md.reset();
        byte[] biometricDataHash = md.digest(biometricBytes);
        DERIA5String sourceDataUri = null;
        if (biometricUri != null) {
            sourceDataUri = new DERIA5String(biometricUri);
        }
        BiometricData biometricData = new BiometricData(objBiometricType, new AlgorithmIdentifier(objBiometricHashAlgo), new DEROctetString(biometricDataHash), sourceDataUri);
        ASN1EncodableVector vec = new ASN1EncodableVector();
        vec.add(biometricData);
        ASN1ObjectIdentifier extType = Extension.biometricInfo;
        ASN1Sequence extValue = new DERSequence(vec);
        extensions.add(new Extension(extType, false, extValue.getEncoded()));
        needExtensionTypes.add(extType.getId());
    } else if (biometricType == null && biometricHashAlgo == null && biometricFile == null) {
    // Do nothing
    } else {
        throw new Exception("either all of biometric triples (type, hash algo, file)" + " must be set or none of them should be set");
    }
    if (isNotEmpty(needExtensionTypes) || isNotEmpty(wantExtensionTypes)) {
        ExtensionExistence ee = new ExtensionExistence(textToAsn1ObjectIdentifers(needExtensionTypes), textToAsn1ObjectIdentifers(wantExtensionTypes));
        extensions.add(new Extension(ObjectIdentifiers.id_xipki_ext_cmpRequestExtensions, false, ee.toASN1Primitive().getEncoded()));
    }
    if (isNotEmpty(extensions)) {
        Extensions asn1Extensions = new Extensions(extensions.toArray(new Extension[0]));
        certTemplateBuilder.setExtensions(asn1Extensions);
    }
    CertRequest certReq = new CertRequest(1, certTemplateBuilder.build(), null);
    ProofOfPossessionSigningKeyBuilder popoBuilder = new ProofOfPossessionSigningKeyBuilder(certReq);
    ConcurrentBagEntrySigner signer0 = signer.borrowSigner();
    POPOSigningKey popoSk;
    try {
        popoSk = popoBuilder.build(signer0.value());
    } finally {
        signer.requiteSigner(signer0);
    }
    ProofOfPossession popo = new ProofOfPossession(popoSk);
    EnrollCertRequestEntry reqEntry = new EnrollCertRequestEntry("id-1", profile, certReq, popo);
    EnrollCertRequest request = new EnrollCertRequest(EnrollCertRequest.Type.CERT_REQ);
    request.addRequestEntry(reqEntry);
    RequestResponseDebug debug = getRequestResponseDebug();
    EnrollCertResult result;
    try {
        result = caClient.requestCerts(caName, request, debug);
    } finally {
        saveRequestResponse(debug);
    }
    X509Certificate cert = null;
    if (result != null) {
        String id = result.getAllIds().iterator().next();
        CertOrError certOrError = result.getCertOrError(id);
        cert = (X509Certificate) certOrError.getCertificate();
    }
    if (cert == null) {
        throw new CmdFailure("no certificate received from the server");
    }
    File certFile = new File(outputFile);
    saveVerbose("saved certificate to file", certFile, cert.getEncoded());
    return null;
}
Also used : TypeOfBiometricData(org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData) BiometricData(org.bouncycastle.asn1.x509.qualified.BiometricData) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) KeyUsage(org.xipki.security.KeyUsage) X500Name(org.bouncycastle.asn1.x500.X500Name) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DEROctetString(org.bouncycastle.asn1.DEROctetString) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) DERSequence(org.bouncycastle.asn1.DERSequence) EnrollCertRequestEntry(org.xipki.ca.client.api.dto.EnrollCertRequestEntry) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) MessageDigest(java.security.MessageDigest) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) TypeOfBiometricData(org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData) HashSet(java.util.HashSet) RequestResponseDebug(org.xipki.common.RequestResponseDebug) ProofOfPossession(org.bouncycastle.asn1.crmf.ProofOfPossession) LinkedList(java.util.LinkedList) X509Certificate(java.security.cert.X509Certificate) OptionalValidity(org.bouncycastle.asn1.crmf.OptionalValidity) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ProofOfPossessionSigningKeyBuilder(org.bouncycastle.cert.crmf.ProofOfPossessionSigningKeyBuilder) File(java.io.File) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) QCStatement(org.bouncycastle.asn1.x509.qualified.QCStatement) EnrollCertRequest(org.xipki.ca.client.api.dto.EnrollCertRequest) Time(org.bouncycastle.asn1.x509.Time) Extensions(org.bouncycastle.asn1.x509.Extensions) Iso4217CurrencyCode(org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode) DERIA5String(org.bouncycastle.asn1.DERIA5String) CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder) CmdFailure(org.xipki.console.karaf.CmdFailure) EnrollCertResult(org.xipki.ca.client.api.EnrollCertResult) POPOSigningKey(org.bouncycastle.asn1.crmf.POPOSigningKey) MonetaryValue(org.bouncycastle.asn1.x509.qualified.MonetaryValue) ConcurrentBagEntrySigner(org.xipki.security.ConcurrentBagEntrySigner) CertOrError(org.xipki.ca.client.api.CertOrError) ObjectCreationException(org.xipki.common.ObjectCreationException) InvalidOidOrNameException(org.xipki.security.exception.InvalidOidOrNameException) Extension(org.bouncycastle.asn1.x509.Extension) StringTokenizer(java.util.StringTokenizer) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) ExtensionExistence(org.xipki.security.ExtensionExistence) EnrollCertRequest(org.xipki.ca.client.api.dto.EnrollCertRequest) CertRequest(org.bouncycastle.asn1.crmf.CertRequest) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) SignatureAlgoControl(org.xipki.security.SignatureAlgoControl)

Example 88 with Extension

use of org.gluu.oxtrust.model.scim2.Extension in project xipki by xipki.

the class X509Util method createExtnSubjectInfoAccess.

public static Extension createExtnSubjectInfoAccess(List<String> accessMethodAndLocations, boolean critical) throws BadInputException {
    if (CollectionUtil.isEmpty(accessMethodAndLocations)) {
        return null;
    }
    ASN1EncodableVector vector = new ASN1EncodableVector();
    for (String accessMethodAndLocation : accessMethodAndLocations) {
        vector.add(createAccessDescription(accessMethodAndLocation));
    }
    ASN1Sequence seq = new DERSequence(vector);
    try {
        return new Extension(Extension.subjectInfoAccess, critical, seq.getEncoded());
    } catch (IOException ex) {
        throw new RuntimeException(ex.getMessage(), ex);
    }
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERSequence(org.bouncycastle.asn1.DERSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DERUniversalString(org.bouncycastle.asn1.DERUniversalString) IOException(java.io.IOException)

Example 89 with Extension

use of org.gluu.oxtrust.model.scim2.Extension in project xipki by xipki.

the class X509Util method getCoreExtValue.

public static byte[] getCoreExtValue(X509AttributeCertificateHolder cert, ASN1ObjectIdentifier type) throws CertificateEncodingException {
    ParamUtil.requireNonNull("cert", cert);
    ParamUtil.requireNonNull("type", type);
    Extension ext = cert.getExtension(type);
    if (ext == null) {
        return null;
    }
    return ext.getExtnValue().getOctets();
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension)

Example 90 with Extension

use of org.gluu.oxtrust.model.scim2.Extension in project xipki by xipki.

the class ExtensionsChecker method checkExtensionKeyUsage.

// method checkExtensionPolicyConstraints
private void checkExtensionKeyUsage(StringBuilder failureMsg, byte[] extensionValue, boolean[] usages, Extensions requestedExtensions, ExtensionControl extControl) {
    int len = usages.length;
    if (len > 9) {
        failureMsg.append("invalid syntax: size of valid bits is larger than 9: ").append(len);
        failureMsg.append("; ");
    }
    Set<String> isUsages = new HashSet<>();
    for (int i = 0; i < len; i++) {
        if (usages[i]) {
            isUsages.add(ALL_USAGES.get(i));
        }
    }
    Set<String> expectedUsages = new HashSet<>();
    Set<KeyUsageControl> requiredKeyusage = getKeyusage(true);
    for (KeyUsageControl usage : requiredKeyusage) {
        expectedUsages.add(usage.getKeyUsage().getName());
    }
    Set<KeyUsageControl> optionalKeyusage = getKeyusage(false);
    if (requestedExtensions != null && extControl.isRequest() && CollectionUtil.isNonEmpty(optionalKeyusage)) {
        Extension extension = requestedExtensions.getExtension(Extension.keyUsage);
        if (extension != null) {
            org.bouncycastle.asn1.x509.KeyUsage reqKeyUsage = org.bouncycastle.asn1.x509.KeyUsage.getInstance(extension.getParsedValue());
            for (KeyUsageControl k : optionalKeyusage) {
                if (reqKeyUsage.hasUsages(k.getKeyUsage().getBcUsage())) {
                    expectedUsages.add(k.getKeyUsage().getName());
                }
            }
        }
    }
    if (CollectionUtil.isEmpty(expectedUsages)) {
        byte[] constantExtValue = getConstantExtensionValue(Extension.keyUsage);
        if (constantExtValue != null) {
            expectedUsages = getKeyUsage(constantExtValue);
        }
    }
    Set<String> diffs = strInBnotInA(expectedUsages, isUsages);
    if (CollectionUtil.isNonEmpty(diffs)) {
        failureMsg.append("usages ").append(diffs.toString()).append(" are present but not expected; ");
    }
    diffs = strInBnotInA(isUsages, expectedUsages);
    if (CollectionUtil.isNonEmpty(diffs)) {
        failureMsg.append("usages ").append(diffs.toString()).append(" are absent but are required; ");
    }
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) KeyUsageControl(org.xipki.ca.api.profile.x509.KeyUsageControl) ExtKeyUsageControl(org.xipki.ca.api.profile.x509.ExtKeyUsageControl) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERT61String(org.bouncycastle.asn1.DERT61String) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) HashSet(java.util.HashSet)

Aggregations

Extension (org.bouncycastle.asn1.x509.Extension)83 Extensions (org.bouncycastle.asn1.x509.Extensions)42 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)35 IOException (java.io.IOException)30 DEROctetString (org.bouncycastle.asn1.DEROctetString)30 Enumeration (java.util.Enumeration)22 Date (java.util.Date)21 HashSet (java.util.HashSet)21 X500Name (org.bouncycastle.asn1.x500.X500Name)19 BigInteger (java.math.BigInteger)18 ArrayList (java.util.ArrayList)15 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)14 Extension (org.gluu.oxtrust.model.scim2.extensions.Extension)14 X509Certificate (java.security.cert.X509Certificate)13 Set (java.util.Set)13 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)13 LinkedList (java.util.LinkedList)12 DERIA5String (org.bouncycastle.asn1.DERIA5String)12 DERSequence (org.bouncycastle.asn1.DERSequence)11 CertificateEncodingException (java.security.cert.CertificateEncodingException)10
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial