use of org.spongycastle.asn1.ASN1Integer in project pac4j by pac4j.
the class SAML2ClientConfiguration method createSelfSignedCert.
/**
* Generate a self-signed certificate for dn using the provided signature algorithm and key pair.
*
* @param dn X.500 name to associate with certificate issuer/subject.
* @param sigName name of the signature algorithm to use.
* @param sigAlgID algorithm ID associated with the signature algorithm name.
* @param keyPair the key pair to associate with the certificate.
* @return an X509Certificate containing the public key in keyPair.
* @throws Exception
*/
private X509Certificate createSelfSignedCert(X500Name dn, String sigName, AlgorithmIdentifier sigAlgID, KeyPair keyPair) throws Exception {
V3TBSCertificateGenerator certGen = new V3TBSCertificateGenerator();
certGen.setSerialNumber(new ASN1Integer(BigInteger.valueOf(1)));
certGen.setIssuer(dn);
certGen.setSubject(dn);
certGen.setStartDate(new Time(new Date(System.currentTimeMillis() - 1000L)));
final Calendar c = Calendar.getInstance();
c.setTime(new Date());
c.add(Calendar.YEAR, 1);
certGen.setEndDate(new Time(c.getTime()));
certGen.setSignature(sigAlgID);
certGen.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
Signature sig = Signature.getInstance(sigName);
sig.initSign(keyPair.getPrivate());
sig.update(certGen.generateTBSCertificate().getEncoded(ASN1Encoding.DER));
TBSCertificate tbsCert = certGen.generateTBSCertificate();
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(tbsCert);
v.add(sigAlgID);
v.add(new DERBitString(sig.sign()));
X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(new DERSequence(v).getEncoded(ASN1Encoding.DER)));
// check the certificate - this will confirm the encoded sig algorithm ID is correct.
cert.verify(keyPair.getPublic());
return cert;
}
use of org.spongycastle.asn1.ASN1Integer in project keystore-explorer by kaikramer.
the class X509Ext method getMsCertificateTemplateStringValue.
private String getMsCertificateTemplateStringValue(byte[] octets) {
// @formatter:off
/*
CertificateTemplate ::= SEQUENCE
{
templateID EncodedObjectID,
templateMajorVersion TemplateVersion,
templateMinorVersion TemplateVersion OPTIONAL
}
TemplateVersion ::= INTEGER (0..4294967295)
*/
// @formatter:on
ASN1Sequence asn1Sequence = ASN1Sequence.getInstance(octets);
ASN1ObjectIdentifier templateID = (ASN1ObjectIdentifier) asn1Sequence.getObjectAt(0);
ASN1Integer majorVersion = (ASN1Integer) asn1Sequence.getObjectAt(1);
ASN1Integer minorVersion = (ASN1Integer) asn1Sequence.getObjectAt(2);
StringBuilder sb = new StringBuilder();
sb.append(MessageFormat.format(res.getString("MSCertificateTemplate.ID"), templateID.getId()));
sb.append(NEWLINE);
sb.append(MessageFormat.format(res.getString("MSCertificateTemplate.MajorVersion"), majorVersion));
sb.append(NEWLINE);
if (minorVersion != null) {
sb.append(MessageFormat.format(res.getString("MSCertificateTemplate.MinorVersion"), minorVersion));
sb.append(NEWLINE);
}
return sb.toString();
}
use of org.spongycastle.asn1.ASN1Integer in project keystore-explorer by kaikramer.
the class X509Ext method getQcStatementsStringValue.
private String getQcStatementsStringValue(byte[] octets) throws IOException {
// @formatter:off
/*
QCStatements ::= SEQUENCE OF QSStatement
QSStatement ::= SEQUENCE
{
statementId OBJECT IDENTIFIER,
statementInfo ANY DEFINED BY statementId OPTIONAL
}
QcEuLimitValue ::= MonetaryValue
QcRetentionPeriod ::= INTEGER
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
int qcStatementNr = 0;
ASN1Sequence qcStatements = ASN1Sequence.getInstance(octets);
for (ASN1Encodable asn1Encodable : qcStatements.toArray()) {
QCStatement qcStatement = QCStatement.getInstance(asn1Encodable);
ASN1ObjectIdentifier statementId = qcStatement.getStatementId();
ASN1Encodable statementInfo = qcStatement.getStatementInfo();
int indentLevel = 1;
sb.append(MessageFormat.format(res.getString("QCStatement.QCStatement"), ++qcStatementNr));
sb.append(NEWLINE);
QcStatementType qcStatementType = QcStatementType.resolveOid(statementId.getId());
if (qcStatementType != null) {
switch(qcStatementType) {
case QC_SYNTAX_V1:
case QC_SYNTAX_V2:
SemanticsInformation semanticsInfo = SemanticsInformation.getInstance(statementInfo);
sb.append(getSemanticInformationValueString(qcStatementType, semanticsInfo, indentLevel));
break;
case QC_COMPLIANCE:
// no statementInfo
sb.append(INDENT.toString(indentLevel));
sb.append(res.getString(QcStatementType.QC_COMPLIANCE.getResKey()));
sb.append(NEWLINE);
break;
case QC_EU_LIMIT_VALUE:
sb.append(INDENT.toString(indentLevel));
sb.append(res.getString(QcStatementType.QC_EU_LIMIT_VALUE.getResKey()));
sb.append(NEWLINE);
sb.append(getMonetaryValueStringValue(statementInfo, indentLevel + 1));
break;
case QC_RETENTION_PERIOD:
ASN1Integer asn1Integer = ASN1Integer.getInstance(statementInfo);
sb.append(INDENT.toString(indentLevel));
sb.append(MessageFormat.format(res.getString(QcStatementType.QC_RETENTION_PERIOD.getResKey()), asn1Integer.getValue().toString()));
sb.append(NEWLINE);
break;
case QC_SSCD:
// no statementInfo
sb.append(INDENT.toString(indentLevel));
sb.append(res.getString(QcStatementType.QC_SSCD.getResKey()));
sb.append(NEWLINE);
break;
case QC_PDS:
ASN1Sequence pdsLocations = ASN1Sequence.getInstance(statementInfo);
sb.append(INDENT.toString(indentLevel));
sb.append(res.getString(QcStatementType.QC_PDS.getResKey()));
for (ASN1Encodable pdsLoc : pdsLocations) {
sb.append(NEWLINE);
sb.append(INDENT.toString(indentLevel + 1));
DLSequence pds = (DLSequence) pdsLoc;
sb.append(MessageFormat.format(res.getString("QCPDS.locations"), pds.getObjectAt(1), pds.getObjectAt(0)));
}
sb.append(NEWLINE);
break;
case QC_TYPE:
sb.append(INDENT.toString(indentLevel));
sb.append(res.getString(QcStatementType.QC_TYPE.getResKey()));
ASN1Sequence qcTypes = ASN1Sequence.getInstance(statementInfo);
for (ASN1Encodable type : qcTypes) {
sb.append(NEWLINE);
sb.append(INDENT.toString(indentLevel + 1));
sb.append(ObjectIdUtil.toString((ASN1ObjectIdentifier) type));
}
sb.append(NEWLINE);
}
} else {
// unknown statement type
sb.append(INDENT.toString(indentLevel));
sb.append(ObjectIdUtil.toString(statementId));
if (statementInfo != null) {
sb.append(statementInfo.toString());
}
sb.append(NEWLINE);
}
}
return sb.toString();
}
use of org.spongycastle.asn1.ASN1Integer in project keystore-explorer by kaikramer.
the class X509Ext method getCertificatePoliciesStringValue.
private String getCertificatePoliciesStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* CertificatePolicies ::= ASN1Sequence SIZE (1..MAX) OF PolicyInformation
*
* PolicyInformation ::= ASN1Sequence
* {
* policyIdentifier CertPolicyId,
* policyQualifiers ASN1Sequence SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL
* }
*
* CertPolicyId ::= OBJECT IDENTIFIER
*
* PolicyQualifierInfo ::= ASN1Sequence
* {
* policyQualifierId PolicyQualifierId,
* qualifier ANY DEFINED BY policyQualifierId
* }
*
* PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
*
* Qualifier ::= CHOICE
* {
* cPSuri CPSuri,
* userNotice UserNotice
* }
*
* CPSuri ::= DERIA5String
*
* UserNotice ::= ASN1Sequence
* {
* noticeRef NoticeReference OPTIONAL,
* explicitText DisplayText OPTIONAL
* }
*
* NoticeReference ::= ASN1Sequence
* {
* organization DisplayText,
* noticeNumbers ASN1Sequence OF ASN1Integer
* }
*
* DisplayText ::= CHOICE
* {
* ia5String DERIA5String (SIZE (1..200)),
* visibleString VisibleString (SIZE (1..200)),
* bmpString BMPString (SIZE (1..200)),
* utf8String UTF8String (SIZE (1..200))
* }
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
CertificatePolicies certificatePolicies = CertificatePolicies.getInstance(value);
int certPolicy = 0;
for (PolicyInformation policyInformation : certificatePolicies.getPolicyInformation()) {
certPolicy++;
sb.append(MessageFormat.format(res.getString("CertificatePolicy"), certPolicy));
sb.append(NEWLINE);
ASN1ObjectIdentifier policyIdentifier = policyInformation.getPolicyIdentifier();
String policyIdentifierStr = ObjectIdUtil.toString(policyIdentifier);
sb.append(INDENT);
sb.append(MessageFormat.format(res.getString("PolicyIdentifier"), policyIdentifierStr));
sb.append(NEWLINE);
ASN1Sequence policyQualifiers = policyInformation.getPolicyQualifiers();
if (policyQualifiers != null) {
// Optional
int policyQual = 0;
for (ASN1Encodable policyQualifier : policyQualifiers.toArray()) {
ASN1Sequence policyQualifierInfo = (ASN1Sequence) policyQualifier;
sb.append(INDENT.toString(1));
sb.append(MessageFormat.format(res.getString("PolicyQualifierInformation"), certPolicy, ++policyQual));
sb.append(NEWLINE);
ASN1ObjectIdentifier policyQualifierId = (ASN1ObjectIdentifier) policyQualifierInfo.getObjectAt(0);
CertificatePolicyQualifierType certificatePolicyQualifierType = CertificatePolicyQualifierType.resolveOid(policyQualifierId.getId());
if (certificatePolicyQualifierType != null) {
sb.append(INDENT.toString(2));
sb.append(certificatePolicyQualifierType.friendly());
sb.append(NEWLINE);
if (certificatePolicyQualifierType == PKIX_CPS_POINTER_QUALIFIER) {
DERIA5String cpsPointer = (DERIA5String) policyQualifierInfo.getObjectAt(1);
sb.append(INDENT.toString(2));
sb.append(MessageFormat.format(res.getString("CpsPointer"), "<a href=\"" + cpsPointer + "\">" + cpsPointer + "</a>"));
sb.append(NEWLINE);
} else if (certificatePolicyQualifierType == PKIX_USER_NOTICE_QUALIFIER) {
ASN1Encodable userNoticeObj = policyQualifierInfo.getObjectAt(1);
UserNotice userNotice = UserNotice.getInstance(userNoticeObj);
sb.append(INDENT.toString(2));
sb.append(res.getString("UserNotice"));
sb.append(NEWLINE);
NoticeReference noticeReference = userNotice.getNoticeRef();
DisplayText explicitText = userNotice.getExplicitText();
if (noticeReference != null) {
// Optional
sb.append(INDENT.toString(3));
sb.append(res.getString("NoticeReference"));
sb.append(NEWLINE);
DisplayText organization = noticeReference.getOrganization();
String organizationString = organization.getString();
sb.append(INDENT.toString(4));
sb.append(MessageFormat.format(res.getString("Organization"), organizationString));
sb.append(NEWLINE);
ASN1Integer[] noticeNumbers = noticeReference.getNoticeNumbers();
StringBuilder sbNoticeNumbers = new StringBuilder();
for (ASN1Integer noticeNumber : noticeNumbers) {
sbNoticeNumbers.append(noticeNumber.getValue().intValue());
sbNoticeNumbers.append(", ");
}
sbNoticeNumbers.setLength(sbNoticeNumbers.length() - 2);
sb.append(INDENT.toString(4));
sb.append(MessageFormat.format(res.getString("NoticeNumbers"), sbNoticeNumbers.toString()));
sb.append(NEWLINE);
}
if (explicitText != null) {
// Optional
String explicitTextString = explicitText.getString();
sb.append(INDENT.toString(3));
sb.append(MessageFormat.format(res.getString("ExplicitText"), explicitTextString));
sb.append(NEWLINE);
}
}
}
}
}
}
return sb.toString();
}
use of org.spongycastle.asn1.ASN1Integer in project keystore-explorer by kaikramer.
the class X509Ext method getMsCaVersionStringValue.
private String getMsCaVersionStringValue(byte[] octets) {
/*
"The extension data is a DWORD value (encoded as X509_INTEGER in the extension);
the low 16 bits are the certificate index, and the high 16 bits are the key index."
*/
ASN1Integer asn1Integer = ASN1Integer.getInstance(octets);
int version = asn1Integer.getValue().intValue();
String certIndex = String.valueOf(version & 0xffff);
String keyIndex = String.valueOf(version >> 16);
StringBuilder sb = new StringBuilder();
sb.append(MessageFormat.format(res.getString("MSCaVersion.CertIndex"), certIndex));
sb.append(NEWLINE);
sb.append(MessageFormat.format(res.getString("MSCaVersion.KeyIndex"), keyIndex));
sb.append(NEWLINE);
return sb.toString();
}
Aggregations