Search in sources :

Example 11 with ASN1Set

use of org.openecard.bouncycastle.asn1.ASN1Set in project ddf by codice.

the class KeystoreEditor method addToStore.

private synchronized void addToStore(String alias, String keyPassword, String storePassword, String data, String type, String fileName, String path, String storepass, KeyStore store) throws KeystoreEditorException {
    OutputStream fos = null;
    try (InputStream inputStream = new ByteArrayInputStream(Base64.getDecoder().decode(data))) {
        if (StringUtils.isBlank(alias)) {
            throw new IllegalArgumentException("Alias cannot be null.");
        }
        Path storeFile = Paths.get(path);
        //check the two most common key/cert stores first (pkcs12 and jks)
        if (PKCS12_TYPE.equals(type) || StringUtils.endsWithIgnoreCase(fileName, ".p12")) {
            //priv key + cert chain
            KeyStore pkcs12Store = KeyStore.getInstance("PKCS12");
            pkcs12Store.load(inputStream, storePassword.toCharArray());
            Certificate[] chain = pkcs12Store.getCertificateChain(alias);
            Key key = pkcs12Store.getKey(alias, keyPassword.toCharArray());
            if (key != null) {
                store.setKeyEntry(alias, key, keyPassword.toCharArray(), chain);
                fos = Files.newOutputStream(storeFile);
                store.store(fos, storepass.toCharArray());
            }
        } else if (JKS_TYPE.equals(type) || StringUtils.endsWithIgnoreCase(fileName, ".jks")) {
            //java keystore file
            KeyStore jks = KeyStore.getInstance("jks");
            jks.load(inputStream, storePassword.toCharArray());
            Enumeration<String> aliases = jks.aliases();
            //we are going to store all entries from the jks regardless of the passed in alias
            while (aliases.hasMoreElements()) {
                String jksAlias = aliases.nextElement();
                if (jks.isKeyEntry(jksAlias)) {
                    Key key = jks.getKey(jksAlias, keyPassword.toCharArray());
                    Certificate[] certificateChain = jks.getCertificateChain(jksAlias);
                    store.setKeyEntry(jksAlias, key, keyPassword.toCharArray(), certificateChain);
                } else {
                    Certificate certificate = jks.getCertificate(jksAlias);
                    store.setCertificateEntry(jksAlias, certificate);
                }
            }
            fos = Files.newOutputStream(storeFile);
            store.store(fos, storepass.toCharArray());
        //need to parse der separately from pem, der has the same mime type but is binary hence checking both
        } else if (DER_TYPE.equals(type) && StringUtils.endsWithIgnoreCase(fileName, ".der")) {
            ASN1InputStream asn1InputStream = new ASN1InputStream(inputStream);
            ASN1Primitive asn1Primitive = asn1InputStream.readObject();
            X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(asn1Primitive.getEncoded());
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
            Certificate certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded()));
            X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject();
            RDN cn = x500name.getRDNs(BCStyle.CN)[0];
            String cnStr = IETFUtils.valueToString(cn.getFirst().getValue());
            if (!store.isCertificateEntry(cnStr) && !store.isKeyEntry(cnStr)) {
                store.setCertificateEntry(cnStr, certificate);
            }
            store.setCertificateEntry(alias, certificate);
            fos = Files.newOutputStream(storeFile);
            store.store(fos, storepass.toCharArray());
        //if it isn't one of the stores we support, it might be a key or cert by itself
        } else if (isPemParsable(type, fileName)) {
            //This is the catch all case for PEM, P7B, etc. with common file extensions if the mime type isn't read correctly in the browser
            Reader reader = new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8));
            PEMParser pemParser = new PEMParser(reader);
            Object object;
            boolean setEntry = false;
            while ((object = pemParser.readObject()) != null) {
                if (object instanceof PEMEncryptedKeyPair || object instanceof PEMKeyPair) {
                    PEMKeyPair pemKeyPair;
                    if (object instanceof PEMEncryptedKeyPair) {
                        PEMEncryptedKeyPair pemEncryptedKeyPairKeyPair = (PEMEncryptedKeyPair) object;
                        JcePEMDecryptorProviderBuilder jcePEMDecryptorProviderBuilder = new JcePEMDecryptorProviderBuilder();
                        pemKeyPair = pemEncryptedKeyPairKeyPair.decryptKeyPair(jcePEMDecryptorProviderBuilder.build(keyPassword.toCharArray()));
                    } else {
                        pemKeyPair = (PEMKeyPair) object;
                    }
                    KeyPair keyPair = new JcaPEMKeyConverter().setProvider("BC").getKeyPair(pemKeyPair);
                    PrivateKey privateKey = keyPair.getPrivate();
                    Certificate[] chain = store.getCertificateChain(alias);
                    if (chain == null) {
                        chain = buildCertChain(alias, store);
                    }
                    store.setKeyEntry(alias, privateKey, keyPassword.toCharArray(), chain);
                    setEntry = true;
                } else if (object instanceof X509CertificateHolder) {
                    X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) object;
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
                    Certificate certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded()));
                    X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject();
                    RDN cn = x500name.getRDNs(BCStyle.CN)[0];
                    String cnStr = IETFUtils.valueToString(cn.getFirst().getValue());
                    if (!store.isCertificateEntry(cnStr) && !store.isKeyEntry(cnStr)) {
                        store.setCertificateEntry(cnStr, certificate);
                    }
                    store.setCertificateEntry(alias, certificate);
                    setEntry = true;
                } else if (object instanceof ContentInfo) {
                    ContentInfo contentInfo = (ContentInfo) object;
                    if (contentInfo.getContentType().equals(CMSObjectIdentifiers.envelopedData)) {
                        CMSEnvelopedData cmsEnvelopedData = new CMSEnvelopedData(contentInfo);
                        OriginatorInfo originatorInfo = cmsEnvelopedData.getOriginatorInfo().toASN1Structure();
                        ASN1Set certificates = originatorInfo.getCertificates();
                        setEntry = importASN1CertificatesToStore(store, setEntry, certificates);
                    } else if (contentInfo.getContentType().equals(CMSObjectIdentifiers.signedData)) {
                        SignedData signedData = SignedData.getInstance(contentInfo.getContent());
                        ASN1Set certificates = signedData.getCertificates();
                        setEntry = importASN1CertificatesToStore(store, setEntry, certificates);
                    }
                } else if (object instanceof PKCS8EncryptedPrivateKeyInfo) {
                    PKCS8EncryptedPrivateKeyInfo pkcs8EncryptedPrivateKeyInfo = (PKCS8EncryptedPrivateKeyInfo) object;
                    Certificate[] chain = store.getCertificateChain(alias);
                    if (chain == null) {
                        chain = buildCertChain(alias, store);
                    }
                    try {
                        store.setKeyEntry(alias, pkcs8EncryptedPrivateKeyInfo.getEncoded(), chain);
                        setEntry = true;
                    } catch (KeyStoreException keyEx) {
                        try {
                            PKCS8Key pkcs8Key = new PKCS8Key(pkcs8EncryptedPrivateKeyInfo.getEncoded(), keyPassword.toCharArray());
                            store.setKeyEntry(alias, pkcs8Key.getPrivateKey(), keyPassword.toCharArray(), chain);
                            setEntry = true;
                        } catch (GeneralSecurityException e) {
                            LOGGER.info("Unable to add PKCS8 key to keystore with secondary method. Throwing original exception.", e);
                            throw keyEx;
                        }
                    }
                }
            }
            if (setEntry) {
                fos = Files.newOutputStream(storeFile);
                store.store(fos, storepass.toCharArray());
            }
        }
    } catch (Exception e) {
        LOGGER.info("Unable to add entry {} to store", alias, e);
        throw new KeystoreEditorException("Unable to add entry " + alias + " to store", e);
    } finally {
        if (fos != null) {
            try {
                fos.close();
            } catch (IOException ignore) {
            }
        }
    }
    init();
}
Also used : OriginatorInfo(org.bouncycastle.asn1.cms.OriginatorInfo) PrivateKey(java.security.PrivateKey) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) Reader(java.io.Reader) InputStreamReader(java.io.InputStreamReader) BufferedReader(java.io.BufferedReader) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) X500Name(org.bouncycastle.asn1.x500.X500Name) JcePEMDecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder) CertificateFactory(java.security.cert.CertificateFactory) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) PEMParser(org.bouncycastle.openssl.PEMParser) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) RDN(org.bouncycastle.asn1.x500.RDN) Path(java.nio.file.Path) PKCS8Key(org.apache.commons.ssl.PKCS8Key) CMSEnvelopedData(org.bouncycastle.cms.CMSEnvelopedData) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) KeyPair(java.security.KeyPair) PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) Enumeration(java.util.Enumeration) InputStreamReader(java.io.InputStreamReader) SignedData(org.bouncycastle.asn1.cms.SignedData) ByteArrayInputStream(java.io.ByteArrayInputStream) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) InputStream(java.io.InputStream) GeneralSecurityException(java.security.GeneralSecurityException) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) KeyStoreException(java.security.KeyStoreException) IOException(java.io.IOException) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) KeyStoreException(java.security.KeyStoreException) GeneralSecurityException(java.security.GeneralSecurityException) InstanceAlreadyExistsException(javax.management.InstanceAlreadyExistsException) KeyManagementException(java.security.KeyManagementException) MalformedObjectNameException(javax.management.MalformedObjectNameException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CertificateEncodingException(java.security.cert.CertificateEncodingException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchProviderException(java.security.NoSuchProviderException) PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair) ASN1Set(org.bouncycastle.asn1.ASN1Set) ByteArrayInputStream(java.io.ByteArrayInputStream) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BufferedReader(java.io.BufferedReader) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) Key(java.security.Key) PrivateKey(java.security.PrivateKey) PKCS8Key(org.apache.commons.ssl.PKCS8Key) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 12 with ASN1Set

use of org.openecard.bouncycastle.asn1.ASN1Set in project xipki by xipki.

the class ImportCrl method importEntries.

private void importEntries(Connection conn, int caId) throws DataAccessException, ImportCrlException {
    AtomicLong maxId = new AtomicLong(datasource.getMax(conn, "CERT", "ID"));
    // import the revoked information
    Set<? extends X509CRLEntry> revokedCertList = crl.getRevokedCertificates();
    if (revokedCertList != null) {
        for (X509CRLEntry c : revokedCertList) {
            X500Principal issuer = c.getCertificateIssuer();
            BigInteger serial = c.getSerialNumber();
            if (issuer != null) {
                if (!x500PrincipalCaSubject.equals(issuer)) {
                    throw new ImportCrlException("invalid CRLEntry for certificate number " + serial);
                }
            }
            Date rt = c.getRevocationDate();
            Date rit = null;
            byte[] extnValue = c.getExtensionValue(Extension.invalidityDate.getId());
            if (extnValue != null) {
                extnValue = extractCoreValue(extnValue);
                ASN1GeneralizedTime genTime = DERGeneralizedTime.getInstance(extnValue);
                try {
                    rit = genTime.getDate();
                } catch (ParseException ex) {
                    throw new ImportCrlException(ex.getMessage(), ex);
                }
                if (rt.equals(rit)) {
                    rit = null;
                }
            }
            CrlReason reason = CrlReason.fromReason(c.getRevocationReason());
            String sql = null;
            try {
                if (reason == CrlReason.REMOVE_FROM_CRL) {
                    if (!isDeltaCrl) {
                        LOG.warn("ignore CRL entry with reason removeFromCRL in non-Delta CRL");
                    }
                    // delete the entry
                    sql = SQL_DELETE_CERT;
                    psDeleteCert.setInt(1, caId);
                    psDeleteCert.setString(2, serial.toString(16));
                    psDeleteCert.executeUpdate();
                    continue;
                }
                Long id = getId(caId, serial);
                PreparedStatement ps;
                int offset = 1;
                if (id == null) {
                    sql = SQL_INSERT_CERT_REV;
                    id = maxId.incrementAndGet();
                    ps = psInsertCertRev;
                    ps.setLong(offset++, id);
                    ps.setInt(offset++, caId);
                    ps.setString(offset++, serial.toString(16));
                } else {
                    sql = SQL_UPDATE_CERT_REV;
                    ps = psUpdateCertRev;
                }
                ps.setInt(offset++, 1);
                ps.setInt(offset++, reason.getCode());
                ps.setLong(offset++, rt.getTime() / 1000);
                if (rit != null) {
                    ps.setLong(offset++, rit.getTime() / 1000);
                } else {
                    ps.setNull(offset++, Types.BIGINT);
                }
                ps.setLong(offset++, System.currentTimeMillis() / 1000);
                if (ps == psUpdateCertRev) {
                    ps.setLong(offset++, id);
                }
                ps.executeUpdate();
            } catch (SQLException ex) {
                throw datasource.translate(sql, ex);
            }
        }
    }
    // import the certificates
    // extract the certificate
    byte[] extnValue = crl.getExtensionValue(ObjectIdentifiers.id_xipki_ext_crlCertset.getId());
    if (extnValue != null) {
        extnValue = extractCoreValue(extnValue);
        ASN1Set asn1Set = DERSet.getInstance(extnValue);
        final int n = asn1Set.size();
        for (int i = 0; i < n; i++) {
            ASN1Encodable asn1 = asn1Set.getObjectAt(i);
            ASN1Sequence seq = ASN1Sequence.getInstance(asn1);
            BigInteger serialNumber = ASN1Integer.getInstance(seq.getObjectAt(0)).getValue();
            Certificate cert = null;
            String profileName = null;
            final int size = seq.size();
            for (int j = 1; j < size; j++) {
                ASN1TaggedObject taggedObj = DERTaggedObject.getInstance(seq.getObjectAt(j));
                int tagNo = taggedObj.getTagNo();
                switch(tagNo) {
                    case 0:
                        cert = Certificate.getInstance(taggedObj.getObject());
                        break;
                    case 1:
                        profileName = DERUTF8String.getInstance(taggedObj.getObject()).getString();
                        break;
                    default:
                        break;
                }
            }
            if (cert == null) {
                continue;
            }
            if (!caSubject.equals(cert.getIssuer())) {
                LOG.warn("issuer not match (serial={}) in CRL Extension Xipki-CertSet, ignore it", LogUtil.formatCsn(serialNumber));
                continue;
            }
            if (!serialNumber.equals(cert.getSerialNumber().getValue())) {
                LOG.warn("serialNumber not match (serial={}) in CRL Extension Xipki-CertSet, ignore it", LogUtil.formatCsn(serialNumber));
                continue;
            }
            String certLogId = "(issuer='" + cert.getIssuer() + "', serialNumber=" + cert.getSerialNumber() + ")";
            addCertificate(maxId, caId, cert, profileName, certLogId);
        }
    } else {
        // cert dirs
        File certsDir = new File(certsDirName);
        if (!certsDir.exists()) {
            LOG.warn("the folder {} does not exist, ignore it", certsDirName);
            return;
        }
        if (!certsDir.isDirectory()) {
            LOG.warn("the path {} does not point to a folder, ignore it", certsDirName);
            return;
        }
        if (!certsDir.canRead()) {
            LOG.warn("the folder {} must not be read, ignore it", certsDirName);
            return;
        }
        File[] certFiles = certsDir.listFiles(new FilenameFilter() {

            @Override
            public boolean accept(File dir, String name) {
                return name.endsWith(".der") || name.endsWith(".crt");
            }
        });
        if (certFiles == null || certFiles.length == 0) {
            return;
        }
        for (File certFile : certFiles) {
            Certificate cert;
            try {
                byte[] encoded = IoUtil.read(certFile);
                cert = Certificate.getInstance(encoded);
            } catch (IllegalArgumentException | IOException ex) {
                LOG.warn("could not parse certificate {}, ignore it", certFile.getPath());
                continue;
            }
            String certLogId = "(file " + certFile.getName() + ")";
            addCertificate(maxId, caId, cert, null, certLogId);
        }
    }
}
Also used : SQLException(java.sql.SQLException) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) FilenameFilter(java.io.FilenameFilter) X509CRLEntry(java.security.cert.X509CRLEntry) CrlReason(org.xipki.security.CrlReason) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) PreparedStatement(java.sql.PreparedStatement) IOException(java.io.IOException) Date(java.util.Date) AtomicLong(java.util.concurrent.atomic.AtomicLong) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1Set(org.bouncycastle.asn1.ASN1Set) AtomicLong(java.util.concurrent.atomic.AtomicLong) X500Principal(javax.security.auth.x500.X500Principal) BigInteger(java.math.BigInteger) ParseException(java.text.ParseException) File(java.io.File) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate) TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)

Example 13 with ASN1Set

use of org.openecard.bouncycastle.asn1.ASN1Set in project xipki by xipki.

the class X509SelfSignedCertBuilder method generateCertificate.

// method generateSelfSigned
private static X509Certificate generateCertificate(ConcurrentContentSigner signer, IdentifiedX509Certprofile certprofile, CertificationRequest csr, BigInteger serialNumber, SubjectPublicKeyInfo publicKeyInfo, List<String> caCertUris, List<String> ocspUris, List<String> crlUris, List<String> deltaCrlUris, ConfPairs extraControl) throws OperationException {
    SubjectPublicKeyInfo tmpPublicKeyInfo;
    try {
        tmpPublicKeyInfo = X509Util.toRfc3279Style(publicKeyInfo);
    } catch (InvalidKeySpecException ex) {
        LOG.warn("SecurityUtil.toRfc3279Style", ex);
        throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, ex);
    }
    try {
        certprofile.checkPublicKey(tmpPublicKeyInfo);
    } catch (BadCertTemplateException ex) {
        LOG.warn("certprofile.checkPublicKey", ex);
        throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, ex);
    }
    X500Name requestedSubject = csr.getCertificationRequestInfo().getSubject();
    SubjectInfo subjectInfo;
    // subject
    try {
        subjectInfo = certprofile.getSubject(requestedSubject);
    } catch (CertprofileException ex) {
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, "exception in cert profile " + certprofile.getIdent());
    } catch (BadCertTemplateException ex) {
        LOG.warn("certprofile.getSubject", ex);
        throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, ex);
    }
    Date notBefore = certprofile.getNotBefore(null);
    if (notBefore == null) {
        notBefore = new Date();
    }
    CertValidity validity = certprofile.getValidity();
    if (validity == null) {
        throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, "no validity specified in the profile " + certprofile.getIdent());
    }
    Date notAfter = validity.add(notBefore);
    X500Name grantedSubject = subjectInfo.getGrantedSubject();
    X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(grantedSubject, serialNumber, notBefore, notAfter, grantedSubject, tmpPublicKeyInfo);
    PublicCaInfo publicCaInfo = new PublicCaInfo(grantedSubject, serialNumber, null, null, caCertUris, ocspUris, crlUris, deltaCrlUris, extraControl);
    Extensions extensions = null;
    ASN1Set attrs = csr.getCertificationRequestInfo().getAttributes();
    for (int i = 0; i < attrs.size(); i++) {
        Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
        if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
            extensions = Extensions.getInstance(attr.getAttributeValues()[0]);
        }
    }
    try {
        addExtensions(certBuilder, certprofile, requestedSubject, grantedSubject, extensions, tmpPublicKeyInfo, publicCaInfo, notBefore, notAfter);
        ConcurrentBagEntrySigner signer0 = signer.borrowSigner();
        X509CertificateHolder certHolder;
        try {
            certHolder = certBuilder.build(signer0.value());
        } finally {
            signer.requiteSigner(signer0);
        }
        Certificate bcCert = certHolder.toASN1Structure();
        return X509Util.parseCert(bcCert.getEncoded());
    } catch (BadCertTemplateException ex) {
        throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, ex);
    } catch (NoIdleSignerException | CertificateException | IOException | CertprofileException ex) {
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
    }
}
Also used : CertValidity(org.xipki.ca.api.profile.CertValidity) Attribute(org.bouncycastle.asn1.pkcs.Attribute) SubjectInfo(org.xipki.ca.api.profile.x509.SubjectInfo) CertificateException(java.security.cert.CertificateException) X500Name(org.bouncycastle.asn1.x500.X500Name) IOException(java.io.IOException) Extensions(org.bouncycastle.asn1.x509.Extensions) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) PublicCaInfo(org.xipki.ca.api.PublicCaInfo) ConcurrentBagEntrySigner(org.xipki.security.ConcurrentBagEntrySigner) Date(java.util.Date) ASN1Set(org.bouncycastle.asn1.ASN1Set) CertprofileException(org.xipki.ca.api.profile.CertprofileException) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) NoIdleSignerException(org.xipki.security.exception.NoIdleSignerException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) OperationException(org.xipki.ca.api.OperationException) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate)

Example 14 with ASN1Set

use of org.openecard.bouncycastle.asn1.ASN1Set in project xipki by xipki.

the class CaUtil method getExtensions.

public static Extensions getExtensions(CertificationRequestInfo csr) {
    ParamUtil.requireNonNull("csr", csr);
    ASN1Set attrs = csr.getAttributes();
    for (int i = 0; i < attrs.size(); i++) {
        Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
        if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
            return Extensions.getInstance(attr.getAttributeValues()[0]);
        }
    }
    return null;
}
Also used : ASN1Set(org.bouncycastle.asn1.ASN1Set) Attribute(org.bouncycastle.asn1.pkcs.Attribute) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Example 15 with ASN1Set

use of org.openecard.bouncycastle.asn1.ASN1Set in project xipki by xipki.

the class ScepUtil method getCrlFromPkiMessage.

// method getCertsFromSignedData
public static X509CRL getCrlFromPkiMessage(SignedData signedData) throws CRLException {
    requireNonNull("signedData", signedData);
    ASN1Set set = signedData.getCRLs();
    if (set == null || set.size() == 0) {
        return null;
    }
    try {
        CertificateList cl = CertificateList.getInstance(set.getObjectAt(0));
        return ScepUtil.toX509Crl(cl);
    } catch (IllegalArgumentException | CertificateException | CRLException ex) {
        throw new CRLException(ex);
    }
}
Also used : ASN1Set(org.bouncycastle.asn1.ASN1Set) CertificateList(org.bouncycastle.asn1.x509.CertificateList) CertificateException(java.security.cert.CertificateException) CRLException(java.security.cert.CRLException)

Aggregations

ASN1Set (org.bouncycastle.asn1.ASN1Set)41 IOException (java.io.IOException)18 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)14 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)13 ArrayList (java.util.ArrayList)11 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)11 DEROctetString (org.bouncycastle.asn1.DEROctetString)9 Enumeration (java.util.Enumeration)8 List (java.util.List)8 CertificateException (java.security.cert.CertificateException)7 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)7 KeyPair (java.security.KeyPair)6 X509Certificate (java.security.cert.X509Certificate)6 Asn1Integer (com.android.hotspot2.asn1.Asn1Integer)5 Asn1Object (com.android.hotspot2.asn1.Asn1Object)5 Asn1Oid (com.android.hotspot2.asn1.Asn1Oid)5 OidMappings (com.android.hotspot2.asn1.OidMappings)5 ASN1Encodable (com.android.org.bouncycastle.asn1.ASN1Encodable)5 ASN1EncodableVector (com.android.org.bouncycastle.asn1.ASN1EncodableVector)5 ASN1Set (com.android.org.bouncycastle.asn1.ASN1Set)5