use of org.openecard.bouncycastle.asn1.ASN1Set in project xipki by xipki.
the class CaManagerImpl method generateCertificate.
// method removeCertificate
@Override
public X509Certificate generateCertificate(String caName, String profileName, byte[] encodedCsr, Date notBefore, Date notAfter) throws CaMgmtException {
caName = ParamUtil.requireNonBlank("caName", caName).toLowerCase();
profileName = ParamUtil.requireNonBlank("profileName", profileName).toLowerCase();
ParamUtil.requireNonNull("encodedCsr", encodedCsr);
AuditEvent event = new AuditEvent(new Date());
event.setApplicationName(CaAuditConstants.APPNAME);
event.setName(CaAuditConstants.NAME_PERF);
event.addEventType("CAMGMT_CRL_GEN_ONDEMAND");
X509Ca ca = getX509Ca(caName);
CertificationRequest csr;
try {
csr = CertificationRequest.getInstance(encodedCsr);
} catch (Exception ex) {
throw new CaMgmtException(concat("invalid CSR request. ERROR: ", ex.getMessage()));
}
CmpControl cmpControl = getCmpControlObject(ca.getCaInfo().getCmpControlName());
if (!securityFactory.verifyPopo(csr, cmpControl.getPopoAlgoValidator())) {
throw new CaMgmtException("could not validate POP for the CSR");
}
CertificationRequestInfo certTemp = csr.getCertificationRequestInfo();
Extensions extensions = null;
ASN1Set attrs = certTemp.getAttributes();
for (int i = 0; i < attrs.size(); i++) {
Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
extensions = Extensions.getInstance(attr.getAttributeValues()[0]);
}
}
X500Name subject = certTemp.getSubject();
SubjectPublicKeyInfo publicKeyInfo = certTemp.getSubjectPublicKeyInfo();
CertTemplateData certTemplateData = new CertTemplateData(subject, publicKeyInfo, notBefore, notAfter, extensions, profileName);
X509CertificateInfo certInfo;
try {
certInfo = ca.generateCertificate(certTemplateData, byCaRequestor, RequestType.CA, (byte[]) null, CaAuditConstants.MSGID_ca_mgmt);
} catch (OperationException ex) {
throw new CaMgmtException(ex.getMessage(), ex);
}
if (ca.getCaInfo().isSaveRequest()) {
try {
long dbId = ca.addRequest(encodedCsr);
ca.addRequestCert(dbId, certInfo.getCert().getCertId());
} catch (OperationException ex) {
LogUtil.warn(LOG, ex, "could not save request");
}
}
return certInfo.getCert().getCert();
}
use of org.openecard.bouncycastle.asn1.ASN1Set in project xipki by xipki.
the class CaUtil method getChallengePassword.
public static String getChallengePassword(CertificationRequestInfo csr) {
ParamUtil.requireNonNull("csr", csr);
ASN1Set attrs = csr.getAttributes();
for (int i = 0; i < attrs.size(); i++) {
Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
if (PKCSObjectIdentifiers.pkcs_9_at_challengePassword.equals(attr.getAttrType())) {
ASN1String str = (ASN1String) attr.getAttributeValues()[0];
return str.getString();
}
}
return null;
}
use of org.openecard.bouncycastle.asn1.ASN1Set in project xipki by xipki.
the class ScepUtil method getCertsFromSignedData.
// method generateSelfsignedCert
/**
* The first one is a non-CA certificate if there exists one non-CA certificate.
*/
public static List<X509Certificate> getCertsFromSignedData(SignedData signedData) throws CertificateException {
requireNonNull("signedData", signedData);
ASN1Set set = signedData.getCertificates();
if (set == null) {
return Collections.emptyList();
}
final int n = set.size();
if (n == 0) {
return Collections.emptyList();
}
List<X509Certificate> certs = new LinkedList<X509Certificate>();
X509Certificate eeCert = null;
for (int i = 0; i < n; i++) {
X509Certificate cert;
try {
cert = toX509Cert(Certificate.getInstance(set.getObjectAt(i)));
} catch (IllegalArgumentException ex) {
throw new CertificateException(ex);
}
if (eeCert == null && cert.getBasicConstraints() == -1) {
eeCert = cert;
} else {
certs.add(cert);
}
}
if (eeCert != null) {
certs.add(0, eeCert);
}
return certs;
}
use of org.openecard.bouncycastle.asn1.ASN1Set in project xipki by xipki.
the class ScepUtil method getFirstAttrValue.
public static ASN1Encodable getFirstAttrValue(AttributeTable attrs, ASN1ObjectIdentifier type) {
requireNonNull("attrs", attrs);
requireNonNull("type", type);
Attribute attr = attrs.get(type);
if (attr == null) {
return null;
}
ASN1Set set = attr.getAttrValues();
return (set.size() == 0) ? null : set.getObjectAt(0);
}
use of org.openecard.bouncycastle.asn1.ASN1Set in project keystore-explorer by kaikramer.
the class X509Ext method getVeriSignNonVerified.
private String getVeriSignNonVerified(byte[] octets) throws IOException {
/*
NonVerified ::= SET OF ATTRIBUTE
*/
StringBuilder sb = new StringBuilder();
ASN1Set asn1Set = ASN1Set.getInstance(octets);
for (ASN1Encodable attribute : asn1Set.toArray()) {
ASN1ObjectIdentifier attributeId = ((Attribute) attribute).getAttrType();
ASN1Set attributeValues = ((Attribute) attribute).getAttrValues();
for (ASN1Encodable attributeValue : attributeValues.toArray()) {
String attributeValueStr = getAttributeValueString(attributeId, attributeValue);
sb.append(MessageFormat.format("{0}={1}", attributeId.getId(), attributeValueStr));
sb.append(NEWLINE);
}
}
return sb.toString();
}
Aggregations