Search in sources :

Example 36 with ASN1Set

use of org.openecard.bouncycastle.asn1.ASN1Set in project xipki by xipki.

the class CaManagerImpl method generateCertificate.

// method removeCertificate
@Override
public X509Certificate generateCertificate(String caName, String profileName, byte[] encodedCsr, Date notBefore, Date notAfter) throws CaMgmtException {
    caName = ParamUtil.requireNonBlank("caName", caName).toLowerCase();
    profileName = ParamUtil.requireNonBlank("profileName", profileName).toLowerCase();
    ParamUtil.requireNonNull("encodedCsr", encodedCsr);
    AuditEvent event = new AuditEvent(new Date());
    event.setApplicationName(CaAuditConstants.APPNAME);
    event.setName(CaAuditConstants.NAME_PERF);
    event.addEventType("CAMGMT_CRL_GEN_ONDEMAND");
    X509Ca ca = getX509Ca(caName);
    CertificationRequest csr;
    try {
        csr = CertificationRequest.getInstance(encodedCsr);
    } catch (Exception ex) {
        throw new CaMgmtException(concat("invalid CSR request. ERROR: ", ex.getMessage()));
    }
    CmpControl cmpControl = getCmpControlObject(ca.getCaInfo().getCmpControlName());
    if (!securityFactory.verifyPopo(csr, cmpControl.getPopoAlgoValidator())) {
        throw new CaMgmtException("could not validate POP for the CSR");
    }
    CertificationRequestInfo certTemp = csr.getCertificationRequestInfo();
    Extensions extensions = null;
    ASN1Set attrs = certTemp.getAttributes();
    for (int i = 0; i < attrs.size(); i++) {
        Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
        if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
            extensions = Extensions.getInstance(attr.getAttributeValues()[0]);
        }
    }
    X500Name subject = certTemp.getSubject();
    SubjectPublicKeyInfo publicKeyInfo = certTemp.getSubjectPublicKeyInfo();
    CertTemplateData certTemplateData = new CertTemplateData(subject, publicKeyInfo, notBefore, notAfter, extensions, profileName);
    X509CertificateInfo certInfo;
    try {
        certInfo = ca.generateCertificate(certTemplateData, byCaRequestor, RequestType.CA, (byte[]) null, CaAuditConstants.MSGID_ca_mgmt);
    } catch (OperationException ex) {
        throw new CaMgmtException(ex.getMessage(), ex);
    }
    if (ca.getCaInfo().isSaveRequest()) {
        try {
            long dbId = ca.addRequest(encodedCsr);
            ca.addRequestCert(dbId, certInfo.getCert().getCertId());
        } catch (OperationException ex) {
            LogUtil.warn(LOG, ex, "could not save request");
        }
    }
    return certInfo.getCert().getCert();
}
Also used : CertificationRequestInfo(org.bouncycastle.asn1.pkcs.CertificationRequestInfo) Attribute(org.bouncycastle.asn1.pkcs.Attribute) X509CertificateInfo(org.xipki.ca.api.publisher.x509.X509CertificateInfo) X500Name(org.bouncycastle.asn1.x500.X500Name) Extensions(org.bouncycastle.asn1.x509.Extensions) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) CertprofileException(org.xipki.ca.api.profile.CertprofileException) KeyStoreException(java.security.KeyStoreException) XiSecurityException(org.xipki.security.exception.XiSecurityException) CertificateEncodingException(java.security.cert.CertificateEncodingException) InvalidConfException(org.xipki.common.InvalidConfException) SocketException(java.net.SocketException) IOException(java.io.IOException) CertPublisherException(org.xipki.ca.api.publisher.CertPublisherException) OperationException(org.xipki.ca.api.OperationException) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) ObjectCreationException(org.xipki.common.ObjectCreationException) DataAccessException(org.xipki.datasource.DataAccessException) JAXBException(javax.xml.bind.JAXBException) FileNotFoundException(java.io.FileNotFoundException) SAXException(org.xml.sax.SAXException) CertificateException(java.security.cert.CertificateException) PasswordResolverException(org.xipki.password.PasswordResolverException) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) ASN1Set(org.bouncycastle.asn1.ASN1Set) CmpControl(org.xipki.ca.server.mgmt.api.CmpControl) PciAuditEvent(org.xipki.audit.PciAuditEvent) AuditEvent(org.xipki.audit.AuditEvent) CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest) OperationException(org.xipki.ca.api.OperationException)

Example 37 with ASN1Set

use of org.openecard.bouncycastle.asn1.ASN1Set in project xipki by xipki.

the class CaUtil method getChallengePassword.

public static String getChallengePassword(CertificationRequestInfo csr) {
    ParamUtil.requireNonNull("csr", csr);
    ASN1Set attrs = csr.getAttributes();
    for (int i = 0; i < attrs.size(); i++) {
        Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
        if (PKCSObjectIdentifiers.pkcs_9_at_challengePassword.equals(attr.getAttrType())) {
            ASN1String str = (ASN1String) attr.getAttributeValues()[0];
            return str.getString();
        }
    }
    return null;
}
Also used : ASN1Set(org.bouncycastle.asn1.ASN1Set) Attribute(org.bouncycastle.asn1.pkcs.Attribute) ASN1String(org.bouncycastle.asn1.ASN1String) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Example 38 with ASN1Set

use of org.openecard.bouncycastle.asn1.ASN1Set in project xipki by xipki.

the class ScepUtil method getCertsFromSignedData.

// method generateSelfsignedCert
/**
 * The first one is a non-CA certificate if there exists one non-CA certificate.
 */
public static List<X509Certificate> getCertsFromSignedData(SignedData signedData) throws CertificateException {
    requireNonNull("signedData", signedData);
    ASN1Set set = signedData.getCertificates();
    if (set == null) {
        return Collections.emptyList();
    }
    final int n = set.size();
    if (n == 0) {
        return Collections.emptyList();
    }
    List<X509Certificate> certs = new LinkedList<X509Certificate>();
    X509Certificate eeCert = null;
    for (int i = 0; i < n; i++) {
        X509Certificate cert;
        try {
            cert = toX509Cert(Certificate.getInstance(set.getObjectAt(i)));
        } catch (IllegalArgumentException ex) {
            throw new CertificateException(ex);
        }
        if (eeCert == null && cert.getBasicConstraints() == -1) {
            eeCert = cert;
        } else {
            certs.add(cert);
        }
    }
    if (eeCert != null) {
        certs.add(0, eeCert);
    }
    return certs;
}
Also used : ASN1Set(org.bouncycastle.asn1.ASN1Set) CertificateException(java.security.cert.CertificateException) X509Certificate(java.security.cert.X509Certificate) LinkedList(java.util.LinkedList)

Example 39 with ASN1Set

use of org.openecard.bouncycastle.asn1.ASN1Set in project xipki by xipki.

the class ScepUtil method getFirstAttrValue.

public static ASN1Encodable getFirstAttrValue(AttributeTable attrs, ASN1ObjectIdentifier type) {
    requireNonNull("attrs", attrs);
    requireNonNull("type", type);
    Attribute attr = attrs.get(type);
    if (attr == null) {
        return null;
    }
    ASN1Set set = attr.getAttrValues();
    return (set.size() == 0) ? null : set.getObjectAt(0);
}
Also used : ASN1Set(org.bouncycastle.asn1.ASN1Set) Attribute(org.bouncycastle.asn1.cms.Attribute)

Example 40 with ASN1Set

use of org.openecard.bouncycastle.asn1.ASN1Set in project keystore-explorer by kaikramer.

the class X509Ext method getVeriSignNonVerified.

private String getVeriSignNonVerified(byte[] octets) throws IOException {
    /*
		    NonVerified ::= SET OF ATTRIBUTE
		 */
    StringBuilder sb = new StringBuilder();
    ASN1Set asn1Set = ASN1Set.getInstance(octets);
    for (ASN1Encodable attribute : asn1Set.toArray()) {
        ASN1ObjectIdentifier attributeId = ((Attribute) attribute).getAttrType();
        ASN1Set attributeValues = ((Attribute) attribute).getAttrValues();
        for (ASN1Encodable attributeValue : attributeValues.toArray()) {
            String attributeValueStr = getAttributeValueString(attributeId, attributeValue);
            sb.append(MessageFormat.format("{0}={1}", attributeId.getId(), attributeValueStr));
            sb.append(NEWLINE);
        }
    }
    return sb.toString();
}
Also used : ASN1Set(org.bouncycastle.asn1.ASN1Set) Attribute(org.bouncycastle.asn1.x509.Attribute) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERGeneralString(org.bouncycastle.asn1.DERGeneralString) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERIA5String(org.bouncycastle.asn1.DERIA5String) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

ASN1Set (org.bouncycastle.asn1.ASN1Set)41 IOException (java.io.IOException)18 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)14 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)13 ArrayList (java.util.ArrayList)11 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)11 DEROctetString (org.bouncycastle.asn1.DEROctetString)9 Enumeration (java.util.Enumeration)8 List (java.util.List)8 CertificateException (java.security.cert.CertificateException)7 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)7 KeyPair (java.security.KeyPair)6 X509Certificate (java.security.cert.X509Certificate)6 Asn1Integer (com.android.hotspot2.asn1.Asn1Integer)5 Asn1Object (com.android.hotspot2.asn1.Asn1Object)5 Asn1Oid (com.android.hotspot2.asn1.Asn1Oid)5 OidMappings (com.android.hotspot2.asn1.OidMappings)5 ASN1Encodable (com.android.org.bouncycastle.asn1.ASN1Encodable)5 ASN1EncodableVector (com.android.org.bouncycastle.asn1.ASN1EncodableVector)5 ASN1Set (com.android.org.bouncycastle.asn1.ASN1Set)5