Examples with Extension org.mozilla.jss.netscape.security.x509.Extension used on opensource projects
Example 1 with Extension
use of org.mozilla.jss.netscape.security.x509.Extension in project jss by dogtagpki.
the class EnumerationZeroTest method outputExtension.
/**
* Output the DER encoding of a CRLExtension for examination
*/
public static void outputExtension(CRLReasonExtension ext) throws Exception {
ByteArrayOutputStream resultBytesOut = new ByteArrayOutputStream();
ext.encode(resultBytesOut);
byte[] encodedBytes = resultBytesOut.toByteArray();
System.out.print("Full encoded extension: " + toHex(encodedBytes));
Extension reasonExt = new Extension(new DerValue(encodedBytes));
System.out.print("\tEncoded CRL Reason: " + toHex(reasonExt.getExtensionValue()));
DerValue reasonValue = new DerValue(reasonExt.getExtensionValue());
System.out.println("\tReason value: " + reasonValue.getEnumerated());
}
Also used :
AuthorityKeyIdentifierExtension(org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension)
CRLNumberExtension(org.mozilla.jss.netscape.security.x509.CRLNumberExtension)
CRLReasonExtension(org.mozilla.jss.netscape.security.x509.CRLReasonExtension)
Extension(org.mozilla.jss.netscape.security.x509.Extension)
DerValue(org.mozilla.jss.netscape.security.util.DerValue)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
Example 2 with Extension
use of org.mozilla.jss.netscape.security.x509.Extension in project jss by dogtagpki.
the class PKCS9Attribute method derEncode.
/**
* Write the DER encoding of this attribute to an output stream.
*
* <P>
* N.B.: This method always encodes values of ChallengePassword and UnstructuredAddress attributes as ASN.1
* <code>PrintableString</code>s, without checking whether they should be encoded as <code>T61String</code>s.
*/
@Override
public void derEncode(OutputStream out) throws IOException {
try (DerOutputStream temp = new DerOutputStream();
DerOutputStream temp2 = new DerOutputStream();
DerOutputStream derOut = new DerOutputStream()) {
temp.putOID(getOID());
switch(index) {
// email address
case 1:
case // unstructured name
2:
{
// open scope
String[] values = (String[]) value;
DerOutputStream[] temps = new DerOutputStream[values.length];
for (int i = 0; i < values.length; i++) {
temps[i] = new DerOutputStream();
temps[i].putIA5String(values[i]);
}
temp.putOrderedSetOf(DerValue.tag_Set, temps);
}
// close scope
break;
case // content type
3:
{
temp2.putOID((ObjectIdentifier) value);
temp.write(DerValue.tag_Set, temp2.toByteArray());
}
break;
case // message digest
4:
{
temp2.putOctetString((byte[]) value);
temp.write(DerValue.tag_Set, temp2.toByteArray());
}
break;
case // signing time
5:
{
temp2.putUTCTime((Date) value);
temp.write(DerValue.tag_Set, temp2.toByteArray());
}
break;
case // countersignature
6:
temp.putOrderedSetOf(DerValue.tag_Set, (DerEncoder[]) value);
break;
case // challenge password
7:
{
temp2.putPrintableString((String) value);
temp.write(DerValue.tag_Set, temp2.toByteArray());
}
break;
case // unstructured address
8:
{
// open scope
String[] values = (String[]) value;
DerOutputStream[] temps = new DerOutputStream[values.length];
for (int i = 0; i < values.length; i++) {
temps[i] = new DerOutputStream();
temps[i].putPrintableString(values[i]);
}
temp.putOrderedSetOf(DerValue.tag_Set, temps);
}
// close scope
break;
case // extended-certificate attribute -- not
9:
// supported
throw new IOException("PKCS9 extended-certificate " + "attribute not supported.");
case // IssuerAndSerialNumber attribute -- not
10:
// supported
throw new IOException("PKCS9 IssuerAndSerialNumber " + "attribute not supported.");
case // passwordCheck attribute -- not
11:
// supported
throw new IOException("PKCS9 passwordCheck " + "attribute not supported.");
case // PublicKey attribute -- not
12:
// supported
throw new IOException("PKCS9 PublicKey " + "attribute not supported.");
case // SigningDescription attribute -- not
13:
// supported
throw new IOException("PKCS9 SigningDescription " + "attribute not supported.");
case // ExtensionRequest attribute
14:
try {
// temp2.putSequence((CertificateExtensions) value);
((CertificateExtensions) value).encode(temp2);
temp.write(DerValue.tag_Sequence, temp2.toByteArray());
} catch (CertificateException e) {
throw new IOException("PKCS9 extension attributes not encoded");
}
// can't happen
default:
}
derOut.write(DerValue.tag_Sequence, temp.toByteArray());
out.write(derOut.toByteArray());
}
}
Also used :
DerOutputStream(org.mozilla.jss.netscape.security.util.DerOutputStream)
DerEncoder(org.mozilla.jss.netscape.security.util.DerEncoder)
CertificateExtensions(org.mozilla.jss.netscape.security.x509.CertificateExtensions)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
Date(java.util.Date)
ObjectIdentifier(org.mozilla.jss.netscape.security.util.ObjectIdentifier)
Example 3 with Extension
use of org.mozilla.jss.netscape.security.x509.Extension in project jss by dogtagpki.
the class CrlPrettyPrint method toString.
public String toString(Locale clientLocale, long crlSize, long pageStart, long pageSize) {
// get I18N resources
ResourceBundle resource = ResourceBundle.getBundle(PrettyPrintResources.class.getName());
DateFormat dateFormater = DateFormat.getDateTimeInstance(DateFormat.FULL, DateFormat.FULL, clientLocale);
// get timezone and timezone ID
String tz = " ";
String tzid = " ";
StringBuffer sb = new StringBuffer();
try {
sb.append(pp.indent(4) + resource.getString(PrettyPrintResources.TOKEN_CRL) + "\n");
sb.append(pp.indent(8) + resource.getString(PrettyPrintResources.TOKEN_DATA) + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_VERSION) + " v");
sb.append((mCRL.getVersion() + 1) + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_SIGALG) + mCRL.getSigAlgName() + " - " + mCRL.getSigAlgOID() + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_ISSUER) + mCRL.getIssuerDN().toString() + "\n");
// Format thisUpdate
String thisUpdate = dateFormater.format(mCRL.getThisUpdate());
// get timezone and timezone ID
if (TimeZone.getDefault() != null) {
tz = TimeZone.getDefault().getDisplayName(TimeZone.getDefault().inDaylightTime(mCRL.getThisUpdate()), TimeZone.SHORT, clientLocale);
tzid = TimeZone.getDefault().getID();
}
// Specify ThisUpdate
if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) {
// Do NOT append timezone ID
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_THIS_UPDATE) + thisUpdate + "\n");
} else {
// Append timezone ID
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_THIS_UPDATE) + thisUpdate + " " + tzid + "\n");
}
// Check for presence of NextUpdate
if (mCRL.getNextUpdate() != null) {
// Format nextUpdate
String nextUpdate = dateFormater.format(mCRL.getNextUpdate());
// re-get timezone (just in case it is different . . .)
if (TimeZone.getDefault() != null) {
tz = TimeZone.getDefault().getDisplayName(TimeZone.getDefault().inDaylightTime(mCRL.getNextUpdate()), TimeZone.SHORT, clientLocale);
}
// Specify NextUpdate
if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) {
// Do NOT append timezone ID
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_NEXT_UPDATE) + nextUpdate + "\n");
} else {
// Append timezone ID
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_NEXT_UPDATE) + nextUpdate + " " + tzid + "\n");
}
}
if (crlSize > 0 && pageStart == 0 && pageSize == 0) {
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_REVOKED_CERTIFICATES) + crlSize + "\n");
} else if ((crlSize == 0 && pageStart == 0 && pageSize == 0) || (crlSize > 0 && pageStart > 0 && pageSize > 0)) {
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_REVOKED_CERTIFICATES));
if (crlSize > 0 && pageStart > 0 && pageSize > 0) {
long upperLimit = (pageStart + pageSize - 1 > crlSize) ? crlSize : pageStart + pageSize - 1;
sb.append("" + pageStart + "-" + upperLimit + " of " + crlSize);
}
sb.append("\n");
Set<RevokedCertificate> revokedCerts = mCRL.getRevokedCertificates();
if (revokedCerts != null) {
Iterator<RevokedCertificate> i = revokedCerts.iterator();
long l = 1;
while ((i.hasNext()) && ((crlSize == 0) || (pageStart + pageSize > l))) {
RevokedCertificate revokedCert = i.next();
if ((crlSize == 0) || ((pageStart <= l) && (pageStart + pageSize > l))) {
sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_SERIAL) + "0x" + revokedCert.getSerialNumber().toString(16).toUpperCase() + "\n");
String revocationDate = dateFormater.format(revokedCert.getRevocationDate());
// (just in case it is different . . .)
if (TimeZone.getDefault() != null) {
tz = TimeZone.getDefault().getDisplayName(TimeZone.getDefault().inDaylightTime(revokedCert.getRevocationDate()), TimeZone.SHORT, clientLocale);
}
// Specify revocationDate
if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) {
// Do NOT append timezone ID
sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_REVOCATION_DATE) + revocationDate + "\n");
} else {
// Append timezone ID
sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_REVOCATION_DATE) + revocationDate + " " + tzid + "\n");
}
if (revokedCert.hasExtensions()) {
sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_EXTENSIONS) + "\n");
CRLExtensions crlExtensions = revokedCert.getExtensions();
if (crlExtensions != null) {
for (int k = 0; k < crlExtensions.size(); k++) {
Extension ext = crlExtensions.elementAt(k);
ExtPrettyPrint extpp = new ExtPrettyPrint(ext, 20);
sb.append(extpp.toString());
}
}
}
}
l++;
}
}
}
CRLExtensions crlExtensions = mCRL.getExtensions();
if (crlExtensions != null) {
sb.append(pp.indent(8) + resource.getString(PrettyPrintResources.TOKEN_EXTENSIONS) + "\n");
for (int k = 0; k < crlExtensions.size(); k++) {
Extension ext = crlExtensions.elementAt(k);
ExtPrettyPrint extpp = new ExtPrettyPrint(ext, 12);
sb.append(extpp.toString());
}
}
// take care of signature
sb.append(pp.indent(8) + resource.getString(PrettyPrintResources.TOKEN_SIGNATURE) + "\n");
// XXX I18N Algorithm Name ?
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_ALGORITHM) + mCRL.getSigAlgName() + " - " + mCRL.getSigAlgOID() + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_SIGNATURE) + "\n");
sb.append(pp.toHexString(mCRL.getSignature(), 16, 16));
} catch (Exception e) {
sb.append("\n\n" + pp.indent(4) + resource.getString(PrettyPrintResources.TOKEN_DECODING_ERROR) + "\n\n");
e.printStackTrace();
}
return sb.toString();
}
Also used :
Set(java.util.Set)
RevokedCertificate(org.mozilla.jss.netscape.security.x509.RevokedCertificate)
Extension(org.mozilla.jss.netscape.security.x509.Extension)
DateFormat(java.text.DateFormat)
Iterator(java.util.Iterator)
ResourceBundle(java.util.ResourceBundle)
CRLExtensions(org.mozilla.jss.netscape.security.x509.CRLExtensions)
Example 4 with Extension
use of org.mozilla.jss.netscape.security.x509.Extension in project jss by dogtagpki.
the class ExtPrettyPrint method getIssuingDistributionPointExtension.
/**
* String Representation of IssuerAlternativeName Extension
*/
private String getIssuingDistributionPointExtension() {
StringBuffer sb = new StringBuffer();
sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER));
sb.append(mResource.getString(PrettyPrintResources.TOKEN_ISSUING_DIST_POINT) + "- " + mExt.getExtensionId().toString() + "\n");
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL));
if (mExt.isCritical()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
IssuingDistributionPointExtension ext = (IssuingDistributionPointExtension) mExt;
IssuingDistributionPoint issuingDistributionPoint = ext.getIssuingDistributionPoint();
if (issuingDistributionPoint != null) {
GeneralNames fullNames = issuingDistributionPoint.getFullName();
RDN relativeName = issuingDistributionPoint.getRelativeName();
if (fullNames != null || relativeName != null) {
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_DIST_POINT_NAME) + "\n");
if (fullNames != null) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(PrettyPrintResources.TOKEN_FULL_NAME) + "\n");
for (int i = 0; i < fullNames.size(); i++) {
GeneralName fullName = (GeneralName) fullNames.elementAt(i);
if (fullName != null) {
sb.append(pp.indent(mIndentSize + 12) + fullName.toString() + "\n");
}
}
}
if (relativeName != null) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(PrettyPrintResources.TOKEN_RELATIVE_NAME) + relativeName.toString() + "\n");
}
}
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ONLY_USER_CERTS));
if (issuingDistributionPoint.getOnlyContainsUserCerts()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ONLY_CA_CERTS));
if (issuingDistributionPoint.getOnlyContainsCACerts()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
BitArray onlySomeReasons = issuingDistributionPoint.getOnlySomeReasons();
if (onlySomeReasons != null) {
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ONLY_SOME_REASONS));
sb.append("0x" + pp.toHexString(onlySomeReasons.toByteArray()));
}
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_INDIRECT_CRL));
if (issuingDistributionPoint.getIndirectCRL()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
}
return sb.toString();
}
Also used :
IssuingDistributionPointExtension(org.mozilla.jss.netscape.security.x509.IssuingDistributionPointExtension)
IssuingDistributionPoint(org.mozilla.jss.netscape.security.x509.IssuingDistributionPoint)
GeneralNames(org.mozilla.jss.netscape.security.x509.GeneralNames)
GeneralName(org.mozilla.jss.netscape.security.x509.GeneralName)
RDN(org.mozilla.jss.netscape.security.x509.RDN)
CRLDistributionPoint(org.mozilla.jss.netscape.security.x509.CRLDistributionPoint)
IssuingDistributionPoint(org.mozilla.jss.netscape.security.x509.IssuingDistributionPoint)
Example 5 with Extension
use of org.mozilla.jss.netscape.security.x509.Extension in project ca3sCore by kuehne-trustable-de.
the class CaCmpConnector method buildCertRequest.
/**
* @param certReqId
* @param csr
* @param hmacSecret
* @return PKIMessage
* @throws GeneralSecurityException
*/
public PKIMessage buildCertRequest(long certReqId, final CSR csr, final String hmacSecret) throws GeneralSecurityException {
// read the pem csr and verify the signature
PKCS10CertificationRequest p10Req;
try {
p10Req = cryptoUtil.parseCertificateRequest(csr.getCsrBase64()).getP10Req();
} catch (IOException e) {
LOGGER.error("parsing csr", e);
throw new GeneralSecurityException(e.getMessage());
}
List<RDN> rdnList = new ArrayList<>();
for (de.trustable.ca3s.core.domain.RDN rdnDao : csr.getRdns()) {
LOGGER.debug("rdnDao : " + rdnDao.getRdnAttributes());
List<AttributeTypeAndValue> attrTVList = new ArrayList<AttributeTypeAndValue>();
if (rdnDao != null && rdnDao.getRdnAttributes() != null) {
for (RDNAttribute rdnAttr : rdnDao.getRdnAttributes()) {
ASN1ObjectIdentifier aoi = new ASN1ObjectIdentifier(rdnAttr.getAttributeType());
ASN1Encodable ae = new DERUTF8String(rdnAttr.getAttributeValue());
AttributeTypeAndValue attrTV = new AttributeTypeAndValue(aoi, ae);
attrTVList.add(attrTV);
}
}
RDN rdn = new RDN(attrTVList.toArray(new AttributeTypeAndValue[attrTVList.size()]));
LOGGER.debug("rdn : " + rdn.size() + " elements");
rdnList.add(rdn);
}
X500Name subjectDN = new X500Name(rdnList.toArray(new RDN[rdnList.size()]));
LOGGER.debug("subjectDN : " + subjectDN);
Collection<Extension> certExtList = new ArrayList<>();
// copy CSR attributes to Extension list
for (Attribute attribute : p10Req.getAttributes()) {
for (ASN1Encodable asn1Encodable : attribute.getAttributeValues()) {
if (asn1Encodable != null) {
try {
Extensions extensions = Extensions.getInstance(asn1Encodable);
for (ASN1ObjectIdentifier oid : extensions.getExtensionOIDs()) {
LOGGER.debug("copying oid '" + oid.toString() + "' from csr to PKIMessage");
certExtList.add(extensions.getExtension(oid));
}
} catch (IllegalArgumentException iae) {
LOGGER.debug("processing asn1 value '" + asn1Encodable + "' caused exception", iae);
}
}
}
}
final SubjectPublicKeyInfo keyInfo = p10Req.getSubjectPublicKeyInfo();
return cryptoUtil.buildCertRequest(certReqId, subjectDN, certExtList, keyInfo, hmacSecret);
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
RDNAttribute(de.trustable.ca3s.core.domain.RDNAttribute)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
RDNAttribute(de.trustable.ca3s.core.domain.RDNAttribute)
CsrAttribute(de.trustable.ca3s.core.domain.CsrAttribute)
Attribute(org.bouncycastle.asn1.pkcs.Attribute)
GeneralSecurityException(java.security.GeneralSecurityException)
ArrayList(java.util.ArrayList)
IOException(java.io.IOException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
Extensions(org.bouncycastle.asn1.x509.Extensions)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
Extension(org.bouncycastle.asn1.x509.Extension)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
RDN(org.bouncycastle.asn1.x500.RDN)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
Extension (org.bouncycastle.asn1.x509.Extension)131
Extensions (org.bouncycastle.asn1.x509.Extensions)66
IOException (java.io.IOException)61
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)46
Enumeration (java.util.Enumeration)45
DEROctetString (org.bouncycastle.asn1.DEROctetString)44
BigInteger (java.math.BigInteger)37
HashSet (java.util.HashSet)35
Extension (com.github.zhenwei.core.asn1.x509.Extension)27
Date (java.util.Date)27
Set (java.util.Set)27
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)26
X500Name (org.bouncycastle.asn1.x500.X500Name)25
ArrayList (java.util.ArrayList)23
CertificateEncodingException (java.security.cert.CertificateEncodingException)22
CertificateID (org.bouncycastle.cert.ocsp.CertificateID)22
X509Certificate (java.security.cert.X509Certificate)21
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)18
CertificateException (java.security.cert.CertificateException)18
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)17
