use of org.openecard.bouncycastle.asn1.x509.Extensions in project BiglyBT by BiglySoftware.
the class X509CertificateObject method toString.
public String toString() {
StringBuilder buf = new StringBuilder();
String nl = System.getProperty("line.separator");
buf.append(" [0] Version: ").append(this.getVersion()).append(nl);
buf.append(" SerialNumber: ").append(this.getSerialNumber()).append(nl);
buf.append(" IssuerDN: ").append(this.getIssuerDN()).append(nl);
buf.append(" Start Date: ").append(this.getNotBefore()).append(nl);
buf.append(" Final Date: ").append(this.getNotAfter()).append(nl);
buf.append(" SubjectDN: ").append(this.getSubjectDN()).append(nl);
buf.append(" Public Key: ").append(this.getPublicKey()).append(nl);
buf.append(" Signature Algorithm: ").append(this.getSigAlgName()).append(nl);
byte[] sig = this.getSignature();
buf.append(" Signature: ").append(new String(Hex.encode(sig, 0, 20))).append(nl);
for (int i = 20; i < sig.length; i += 20) {
if (i < sig.length - 20) {
buf.append(" ").append(new String(Hex.encode(sig, i, 20))).append(nl);
} else {
buf.append(" ").append(new String(Hex.encode(sig, i, sig.length - i))).append(nl);
}
}
X509Extensions extensions = c.getTBSCertificate().getExtensions();
if (extensions != null) {
Enumeration e = extensions.oids();
if (e.hasMoreElements()) {
buf.append(" Extensions: \n");
}
while (e.hasMoreElements()) {
DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
X509Extension ext = extensions.getExtension(oid);
if (ext.getValue() != null) {
byte[] octs = ext.getValue().getOctets();
ByteArrayInputStream bIn = new ByteArrayInputStream(octs);
DERInputStream dIn = new DERInputStream(bIn);
buf.append(" critical(").append(ext.isCritical()).append(") ");
try {
if (oid.equals(X509Extensions.BasicConstraints)) {
buf.append(new BasicConstraints((ASN1Sequence) dIn.readObject())).append(nl);
} else if (oid.equals(X509Extensions.KeyUsage)) {
buf.append(new KeyUsage((DERBitString) dIn.readObject())).append(nl);
} else if (oid.equals(MiscObjectIdentifiers.netscapeCertType)) {
buf.append(new NetscapeCertType((DERBitString) dIn.readObject())).append(nl);
} else if (oid.equals(MiscObjectIdentifiers.netscapeRevocationURL)) {
buf.append(new NetscapeRevocationURL((DERIA5String) dIn.readObject())).append(nl);
} else if (oid.equals(MiscObjectIdentifiers.verisignCzagExtension)) {
buf.append(new VerisignCzagExtension((DERIA5String) dIn.readObject())).append(nl);
} else {
buf.append(oid.getId());
buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
// buf.append(" value = " + "*****" + nl);
}
} catch (Exception ex) {
buf.append(oid.getId());
// buf.append(" value = " + new String(Hex.encode(ext.getValue().getOctets())) + nl);
buf.append(" value = " + "*****").append(nl);
}
} else {
buf.append(nl);
}
}
}
return buf.toString();
}
use of org.openecard.bouncycastle.asn1.x509.Extensions in project BiglyBT by BiglySoftware.
the class X509CertificateObject method getCriticalExtensionOIDs.
@Override
public Set getCriticalExtensionOIDs() {
if (this.getVersion() == 3) {
HashSet set = new HashSet();
X509Extensions extensions = c.getTBSCertificate().getExtensions();
if (extensions != null) {
Enumeration e = extensions.oids();
while (e.hasMoreElements()) {
DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
X509Extension ext = extensions.getExtension(oid);
if (ext.isCritical()) {
set.add(oid.getId());
}
}
return set;
}
}
return null;
}
use of org.openecard.bouncycastle.asn1.x509.Extensions in project BiglyBT by BiglySoftware.
the class X509V2AttributeCertificate method getExtensionOIDs.
private Set getExtensionOIDs(boolean critical) {
X509Extensions extensions = cert.getAcinfo().getExtensions();
if (extensions != null) {
Set set = new HashSet();
Enumeration e = extensions.oids();
while (e.hasMoreElements()) {
DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
X509Extension ext = extensions.getExtension(oid);
if (ext.isCritical() == critical) {
set.add(oid.getId());
}
}
return set;
}
return null;
}
use of org.openecard.bouncycastle.asn1.x509.Extensions in project xipki by xipki.
the class CaManagerImpl method generateCertificate.
// method removeCertificate
@Override
public X509Certificate generateCertificate(String caName, String profileName, byte[] encodedCsr, Date notBefore, Date notAfter) throws CaMgmtException {
caName = ParamUtil.requireNonBlank("caName", caName).toLowerCase();
profileName = ParamUtil.requireNonBlank("profileName", profileName).toLowerCase();
ParamUtil.requireNonNull("encodedCsr", encodedCsr);
AuditEvent event = new AuditEvent(new Date());
event.setApplicationName(CaAuditConstants.APPNAME);
event.setName(CaAuditConstants.NAME_PERF);
event.addEventType("CAMGMT_CRL_GEN_ONDEMAND");
X509Ca ca = getX509Ca(caName);
CertificationRequest csr;
try {
csr = CertificationRequest.getInstance(encodedCsr);
} catch (Exception ex) {
throw new CaMgmtException(concat("invalid CSR request. ERROR: ", ex.getMessage()));
}
CmpControl cmpControl = getCmpControlObject(ca.getCaInfo().getCmpControlName());
if (!securityFactory.verifyPopo(csr, cmpControl.getPopoAlgoValidator())) {
throw new CaMgmtException("could not validate POP for the CSR");
}
CertificationRequestInfo certTemp = csr.getCertificationRequestInfo();
Extensions extensions = null;
ASN1Set attrs = certTemp.getAttributes();
for (int i = 0; i < attrs.size(); i++) {
Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
extensions = Extensions.getInstance(attr.getAttributeValues()[0]);
}
}
X500Name subject = certTemp.getSubject();
SubjectPublicKeyInfo publicKeyInfo = certTemp.getSubjectPublicKeyInfo();
CertTemplateData certTemplateData = new CertTemplateData(subject, publicKeyInfo, notBefore, notAfter, extensions, profileName);
X509CertificateInfo certInfo;
try {
certInfo = ca.generateCertificate(certTemplateData, byCaRequestor, RequestType.CA, (byte[]) null, CaAuditConstants.MSGID_ca_mgmt);
} catch (OperationException ex) {
throw new CaMgmtException(ex.getMessage(), ex);
}
if (ca.getCaInfo().isSaveRequest()) {
try {
long dbId = ca.addRequest(encodedCsr);
ca.addRequestCert(dbId, certInfo.getCert().getCertId());
} catch (OperationException ex) {
LogUtil.warn(LOG, ex, "could not save request");
}
}
return certInfo.getCert().getCert();
}
use of org.openecard.bouncycastle.asn1.x509.Extensions in project xipki by xipki.
the class OcspBenchRequestor method buildRequest.
// method ask
private byte[] buildRequest(BigInteger[] serialNumbers) throws OcspRequestorException {
boolean canCache = (serialNumbers.length == 1) && !requestOptions.isUseNonce();
if (canCache) {
byte[] request = requests.get(serialNumbers[0]);
if (request != null) {
return request;
}
}
OCSPReqBuilder reqBuilder = new OCSPReqBuilder();
if (requestOptions.isUseNonce() || extensions != null) {
List<Extension> extns = new ArrayList<>(2);
if (requestOptions.isUseNonce()) {
Extension extn = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nextNonce(requestOptions.getNonceLen())));
extns.add(extn);
}
if (extensions != null) {
for (Extension extn : extensions) {
extns.add(extn);
}
}
reqBuilder.setRequestExtensions(new Extensions(extns.toArray(extnType)));
}
try {
for (BigInteger serialNumber : serialNumbers) {
CertID certId = new CertID(issuerhashAlg, issuerNameHash, issuerKeyHash, new ASN1Integer(serialNumber));
reqBuilder.addRequest(new CertificateID(certId));
}
byte[] request = reqBuilder.build().getEncoded();
if (canCache) {
requests.put(serialNumbers[0], request);
}
return request;
} catch (OCSPException | IOException ex) {
throw new OcspRequestorException(ex.getMessage(), ex);
}
}
Aggregations