Example 16 with ASN1Integer
use of org.openecard.bouncycastle.asn1.ASN1Integer in project pac4j by pac4j.
the class SAML2ClientConfiguration method createSelfSignedCert.
/**
* Generate a self-signed certificate for dn using the provided signature algorithm and key pair.
*
* @param dn X.500 name to associate with certificate issuer/subject.
* @param sigName name of the signature algorithm to use.
* @param sigAlgID algorithm ID associated with the signature algorithm name.
* @param keyPair the key pair to associate with the certificate.
* @return an X509Certificate containing the public key in keyPair.
* @throws Exception
*/
private X509Certificate createSelfSignedCert(X500Name dn, String sigName, AlgorithmIdentifier sigAlgID, KeyPair keyPair) throws Exception {
V3TBSCertificateGenerator certGen = new V3TBSCertificateGenerator();
certGen.setSerialNumber(new ASN1Integer(BigInteger.valueOf(1)));
certGen.setIssuer(dn);
certGen.setSubject(dn);
certGen.setStartDate(new Time(new Date(System.currentTimeMillis() - 1000L)));
final Calendar c = Calendar.getInstance();
c.setTime(new Date());
c.add(Calendar.YEAR, 1);
certGen.setEndDate(new Time(c.getTime()));
certGen.setSignature(sigAlgID);
certGen.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
Signature sig = Signature.getInstance(sigName);
sig.initSign(keyPair.getPrivate());
sig.update(certGen.generateTBSCertificate().getEncoded(ASN1Encoding.DER));
TBSCertificate tbsCert = certGen.generateTBSCertificate();
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(tbsCert);
v.add(sigAlgID);
v.add(new DERBitString(sig.sign()));
X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(new DERSequence(v).getEncoded(ASN1Encoding.DER)));
// check the certificate - this will confirm the encoded sig algorithm ID is correct.
cert.verify(keyPair.getPublic());
return cert;
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Calendar(java.util.Calendar)
Signature(java.security.Signature)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
V3TBSCertificateGenerator(org.bouncycastle.asn1.x509.V3TBSCertificateGenerator)
Time(org.bouncycastle.asn1.x509.Time)
DERBitString(org.bouncycastle.asn1.DERBitString)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
Example 17 with ASN1Integer
use of org.openecard.bouncycastle.asn1.ASN1Integer in project keystore-explorer by kaikramer.
the class X509Ext method getMsCertificateTemplateStringValue.
private String getMsCertificateTemplateStringValue(byte[] octets) {
// @formatter:off
/*
CertificateTemplate ::= SEQUENCE
{
templateID EncodedObjectID,
templateMajorVersion TemplateVersion,
templateMinorVersion TemplateVersion OPTIONAL
}
TemplateVersion ::= INTEGER (0..4294967295)
*/
// @formatter:on
ASN1Sequence asn1Sequence = ASN1Sequence.getInstance(octets);
ASN1ObjectIdentifier templateID = (ASN1ObjectIdentifier) asn1Sequence.getObjectAt(0);
ASN1Integer majorVersion = (ASN1Integer) asn1Sequence.getObjectAt(1);
ASN1Integer minorVersion = (ASN1Integer) asn1Sequence.getObjectAt(2);
StringBuilder sb = new StringBuilder();
sb.append(MessageFormat.format(res.getString("MSCertificateTemplate.ID"), templateID.getId()));
sb.append(NEWLINE);
sb.append(MessageFormat.format(res.getString("MSCertificateTemplate.MajorVersion"), majorVersion));
sb.append(NEWLINE);
if (minorVersion != null) {
sb.append(MessageFormat.format(res.getString("MSCertificateTemplate.MinorVersion"), minorVersion));
sb.append(NEWLINE);
}
return sb.toString();
}
Also used :
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 18 with ASN1Integer
use of org.openecard.bouncycastle.asn1.ASN1Integer in project keystore-explorer by kaikramer.
the class X509Ext method getQcStatementsStringValue.
private String getQcStatementsStringValue(byte[] octets) throws IOException {
// @formatter:off
/*
QCStatements ::= SEQUENCE OF QSStatement
QSStatement ::= SEQUENCE
{
statementId OBJECT IDENTIFIER,
statementInfo ANY DEFINED BY statementId OPTIONAL
}
QcEuLimitValue ::= MonetaryValue
QcRetentionPeriod ::= INTEGER
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
int qcStatementNr = 0;
ASN1Sequence qcStatements = ASN1Sequence.getInstance(octets);
for (ASN1Encodable asn1Encodable : qcStatements.toArray()) {
QCStatement qcStatement = QCStatement.getInstance(asn1Encodable);
ASN1ObjectIdentifier statementId = qcStatement.getStatementId();
ASN1Encodable statementInfo = qcStatement.getStatementInfo();
int indentLevel = 1;
sb.append(MessageFormat.format(res.getString("QCStatement.QCStatement"), ++qcStatementNr));
sb.append(NEWLINE);
QcStatementType qcStatementType = QcStatementType.resolveOid(statementId.getId());
if (qcStatementType != null) {
switch(qcStatementType) {
case QC_SYNTAX_V1:
case QC_SYNTAX_V2:
SemanticsInformation semanticsInfo = SemanticsInformation.getInstance(statementInfo);
sb.append(getSemanticInformationValueString(qcStatementType, semanticsInfo, indentLevel));
break;
case QC_COMPLIANCE:
// no statementInfo
sb.append(INDENT.toString(indentLevel));
sb.append(res.getString(QcStatementType.QC_COMPLIANCE.getResKey()));
sb.append(NEWLINE);
break;
case QC_EU_LIMIT_VALUE:
sb.append(INDENT.toString(indentLevel));
sb.append(res.getString(QcStatementType.QC_EU_LIMIT_VALUE.getResKey()));
sb.append(NEWLINE);
sb.append(getMonetaryValueStringValue(statementInfo, indentLevel + 1));
break;
case QC_RETENTION_PERIOD:
ASN1Integer asn1Integer = ASN1Integer.getInstance(statementInfo);
sb.append(INDENT.toString(indentLevel));
sb.append(MessageFormat.format(res.getString(QcStatementType.QC_RETENTION_PERIOD.getResKey()), asn1Integer.getValue().toString()));
sb.append(NEWLINE);
break;
case QC_SSCD:
// no statementInfo
sb.append(INDENT.toString(indentLevel));
sb.append(res.getString(QcStatementType.QC_SSCD.getResKey()));
sb.append(NEWLINE);
break;
case QC_PDS:
ASN1Sequence pdsLocations = ASN1Sequence.getInstance(statementInfo);
sb.append(INDENT.toString(indentLevel));
sb.append(res.getString(QcStatementType.QC_PDS.getResKey()));
for (ASN1Encodable pdsLoc : pdsLocations) {
sb.append(NEWLINE);
sb.append(INDENT.toString(indentLevel + 1));
DLSequence pds = (DLSequence) pdsLoc;
sb.append(MessageFormat.format(res.getString("QCPDS.locations"), pds.getObjectAt(1), pds.getObjectAt(0)));
}
sb.append(NEWLINE);
break;
case QC_TYPE:
sb.append(INDENT.toString(indentLevel));
sb.append(res.getString(QcStatementType.QC_TYPE.getResKey()));
ASN1Sequence qcTypes = ASN1Sequence.getInstance(statementInfo);
for (ASN1Encodable type : qcTypes) {
sb.append(NEWLINE);
sb.append(INDENT.toString(indentLevel + 1));
sb.append(ObjectIdUtil.toString((ASN1ObjectIdentifier) type));
}
sb.append(NEWLINE);
}
} else {
// unknown statement type
sb.append(INDENT.toString(indentLevel));
sb.append(ObjectIdUtil.toString(statementId));
if (statementInfo != null) {
sb.append(statementInfo.toString());
}
sb.append(NEWLINE);
}
}
return sb.toString();
}
Also used :
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
QCStatement(org.bouncycastle.asn1.x509.qualified.QCStatement)
DLSequence(org.bouncycastle.asn1.DLSequence)
SemanticsInformation(org.bouncycastle.asn1.x509.qualified.SemanticsInformation)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 19 with ASN1Integer
use of org.openecard.bouncycastle.asn1.ASN1Integer in project keystore-explorer by kaikramer.
the class X509Ext method getCertificatePoliciesStringValue.
private String getCertificatePoliciesStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* CertificatePolicies ::= ASN1Sequence SIZE (1..MAX) OF PolicyInformation
*
* PolicyInformation ::= ASN1Sequence
* {
* policyIdentifier CertPolicyId,
* policyQualifiers ASN1Sequence SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL
* }
*
* CertPolicyId ::= OBJECT IDENTIFIER
*
* PolicyQualifierInfo ::= ASN1Sequence
* {
* policyQualifierId PolicyQualifierId,
* qualifier ANY DEFINED BY policyQualifierId
* }
*
* PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
*
* Qualifier ::= CHOICE
* {
* cPSuri CPSuri,
* userNotice UserNotice
* }
*
* CPSuri ::= DERIA5String
*
* UserNotice ::= ASN1Sequence
* {
* noticeRef NoticeReference OPTIONAL,
* explicitText DisplayText OPTIONAL
* }
*
* NoticeReference ::= ASN1Sequence
* {
* organization DisplayText,
* noticeNumbers ASN1Sequence OF ASN1Integer
* }
*
* DisplayText ::= CHOICE
* {
* ia5String DERIA5String (SIZE (1..200)),
* visibleString VisibleString (SIZE (1..200)),
* bmpString BMPString (SIZE (1..200)),
* utf8String UTF8String (SIZE (1..200))
* }
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
CertificatePolicies certificatePolicies = CertificatePolicies.getInstance(value);
int certPolicy = 0;
for (PolicyInformation policyInformation : certificatePolicies.getPolicyInformation()) {
certPolicy++;
sb.append(MessageFormat.format(res.getString("CertificatePolicy"), certPolicy));
sb.append(NEWLINE);
ASN1ObjectIdentifier policyIdentifier = policyInformation.getPolicyIdentifier();
String policyIdentifierStr = ObjectIdUtil.toString(policyIdentifier);
sb.append(INDENT);
sb.append(MessageFormat.format(res.getString("PolicyIdentifier"), policyIdentifierStr));
sb.append(NEWLINE);
ASN1Sequence policyQualifiers = policyInformation.getPolicyQualifiers();
if (policyQualifiers != null) {
// Optional
int policyQual = 0;
for (ASN1Encodable policyQualifier : policyQualifiers.toArray()) {
ASN1Sequence policyQualifierInfo = (ASN1Sequence) policyQualifier;
sb.append(INDENT.toString(1));
sb.append(MessageFormat.format(res.getString("PolicyQualifierInformation"), certPolicy, ++policyQual));
sb.append(NEWLINE);
ASN1ObjectIdentifier policyQualifierId = (ASN1ObjectIdentifier) policyQualifierInfo.getObjectAt(0);
CertificatePolicyQualifierType certificatePolicyQualifierType = CertificatePolicyQualifierType.resolveOid(policyQualifierId.getId());
if (certificatePolicyQualifierType != null) {
sb.append(INDENT.toString(2));
sb.append(certificatePolicyQualifierType.friendly());
sb.append(NEWLINE);
if (certificatePolicyQualifierType == PKIX_CPS_POINTER_QUALIFIER) {
DERIA5String cpsPointer = (DERIA5String) policyQualifierInfo.getObjectAt(1);
sb.append(INDENT.toString(2));
sb.append(MessageFormat.format(res.getString("CpsPointer"), "<a href=\"" + cpsPointer + "\">" + cpsPointer + "</a>"));
sb.append(NEWLINE);
} else if (certificatePolicyQualifierType == PKIX_USER_NOTICE_QUALIFIER) {
ASN1Encodable userNoticeObj = policyQualifierInfo.getObjectAt(1);
UserNotice userNotice = UserNotice.getInstance(userNoticeObj);
sb.append(INDENT.toString(2));
sb.append(res.getString("UserNotice"));
sb.append(NEWLINE);
NoticeReference noticeReference = userNotice.getNoticeRef();
DisplayText explicitText = userNotice.getExplicitText();
if (noticeReference != null) {
// Optional
sb.append(INDENT.toString(3));
sb.append(res.getString("NoticeReference"));
sb.append(NEWLINE);
DisplayText organization = noticeReference.getOrganization();
String organizationString = organization.getString();
sb.append(INDENT.toString(4));
sb.append(MessageFormat.format(res.getString("Organization"), organizationString));
sb.append(NEWLINE);
ASN1Integer[] noticeNumbers = noticeReference.getNoticeNumbers();
StringBuilder sbNoticeNumbers = new StringBuilder();
for (ASN1Integer noticeNumber : noticeNumbers) {
sbNoticeNumbers.append(noticeNumber.getValue().intValue());
sbNoticeNumbers.append(", ");
}
sbNoticeNumbers.setLength(sbNoticeNumbers.length() - 2);
sb.append(INDENT.toString(4));
sb.append(MessageFormat.format(res.getString("NoticeNumbers"), sbNoticeNumbers.toString()));
sb.append(NEWLINE);
}
if (explicitText != null) {
// Optional
String explicitTextString = explicitText.getString();
sb.append(INDENT.toString(3));
sb.append(MessageFormat.format(res.getString("ExplicitText"), explicitTextString));
sb.append(NEWLINE);
}
}
}
}
}
}
return sb.toString();
}
Also used :
PolicyInformation(org.bouncycastle.asn1.x509.PolicyInformation)
UserNotice(org.bouncycastle.asn1.x509.UserNotice)
DERBitString(org.bouncycastle.asn1.DERBitString)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERGeneralString(org.bouncycastle.asn1.DERGeneralString)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
NoticeReference(org.bouncycastle.asn1.x509.NoticeReference)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
CertificatePolicies(org.bouncycastle.asn1.x509.CertificatePolicies)
DisplayText(org.bouncycastle.asn1.x509.DisplayText)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 20 with ASN1Integer
use of org.openecard.bouncycastle.asn1.ASN1Integer in project keystore-explorer by kaikramer.
the class X509Ext method getMsCaVersionStringValue.
private String getMsCaVersionStringValue(byte[] octets) {
/*
"The extension data is a DWORD value (encoded as X509_INTEGER in the extension);
the low 16 bits are the certificate index, and the high 16 bits are the key index."
*/
ASN1Integer asn1Integer = ASN1Integer.getInstance(octets);
int version = asn1Integer.getValue().intValue();
String certIndex = String.valueOf(version & 0xffff);
String keyIndex = String.valueOf(version >> 16);
StringBuilder sb = new StringBuilder();
sb.append(MessageFormat.format(res.getString("MSCaVersion.CertIndex"), certIndex));
sb.append(NEWLINE);
sb.append(MessageFormat.format(res.getString("MSCaVersion.KeyIndex"), keyIndex));
sb.append(NEWLINE);
return sb.toString();
}
Also used :
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
DERBitString(org.bouncycastle.asn1.DERBitString)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERGeneralString(org.bouncycastle.asn1.DERGeneralString)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
Aggregations
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)120
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)54
DERSequence (org.bouncycastle.asn1.DERSequence)48
IOException (java.io.IOException)43
BigInteger (java.math.BigInteger)43
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)39
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)28
DEROctetString (org.bouncycastle.asn1.DEROctetString)21
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)20
ArrayList (java.util.ArrayList)18
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)18
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)15
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)15
X509Certificate (java.security.cert.X509Certificate)14
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)14
Date (java.util.Date)12
DLSequence (org.bouncycastle.asn1.DLSequence)12
KeyPair (java.security.KeyPair)11
HashMap (java.util.HashMap)11
HashSet (java.util.HashSet)11
