Example 1 with PublicCaInfo
use of org.xipki.ca.api.PublicCaInfo in project xipki by xipki.
the class X509SelfSignedCertBuilder method generateCertificate.
// method generateSelfSigned
private static X509Certificate generateCertificate(ConcurrentContentSigner signer, IdentifiedX509Certprofile certprofile, CertificationRequest csr, BigInteger serialNumber, SubjectPublicKeyInfo publicKeyInfo, List<String> caCertUris, List<String> ocspUris, List<String> crlUris, List<String> deltaCrlUris, ConfPairs extraControl) throws OperationException {
SubjectPublicKeyInfo tmpPublicKeyInfo;
try {
tmpPublicKeyInfo = X509Util.toRfc3279Style(publicKeyInfo);
} catch (InvalidKeySpecException ex) {
LOG.warn("SecurityUtil.toRfc3279Style", ex);
throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, ex);
}
try {
certprofile.checkPublicKey(tmpPublicKeyInfo);
} catch (BadCertTemplateException ex) {
LOG.warn("certprofile.checkPublicKey", ex);
throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, ex);
}
X500Name requestedSubject = csr.getCertificationRequestInfo().getSubject();
SubjectInfo subjectInfo;
// subject
try {
subjectInfo = certprofile.getSubject(requestedSubject);
} catch (CertprofileException ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, "exception in cert profile " + certprofile.getIdent());
} catch (BadCertTemplateException ex) {
LOG.warn("certprofile.getSubject", ex);
throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, ex);
}
Date notBefore = certprofile.getNotBefore(null);
if (notBefore == null) {
notBefore = new Date();
}
CertValidity validity = certprofile.getValidity();
if (validity == null) {
throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, "no validity specified in the profile " + certprofile.getIdent());
}
Date notAfter = validity.add(notBefore);
X500Name grantedSubject = subjectInfo.getGrantedSubject();
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(grantedSubject, serialNumber, notBefore, notAfter, grantedSubject, tmpPublicKeyInfo);
PublicCaInfo publicCaInfo = new PublicCaInfo(grantedSubject, serialNumber, null, null, caCertUris, ocspUris, crlUris, deltaCrlUris, extraControl);
Extensions extensions = null;
ASN1Set attrs = csr.getCertificationRequestInfo().getAttributes();
for (int i = 0; i < attrs.size(); i++) {
Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
extensions = Extensions.getInstance(attr.getAttributeValues()[0]);
}
}
try {
addExtensions(certBuilder, certprofile, requestedSubject, grantedSubject, extensions, tmpPublicKeyInfo, publicCaInfo, notBefore, notAfter);
ConcurrentBagEntrySigner signer0 = signer.borrowSigner();
X509CertificateHolder certHolder;
try {
certHolder = certBuilder.build(signer0.value());
} finally {
signer.requiteSigner(signer0);
}
Certificate bcCert = certHolder.toASN1Structure();
return X509Util.parseCert(bcCert.getEncoded());
} catch (BadCertTemplateException ex) {
throw new OperationException(ErrorCode.BAD_CERT_TEMPLATE, ex);
} catch (NoIdleSignerException | CertificateException | IOException | CertprofileException ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
}
}
Also used :
CertValidity(org.xipki.ca.api.profile.CertValidity)
Attribute(org.bouncycastle.asn1.pkcs.Attribute)
SubjectInfo(org.xipki.ca.api.profile.x509.SubjectInfo)
CertificateException(java.security.cert.CertificateException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
IOException(java.io.IOException)
Extensions(org.bouncycastle.asn1.x509.Extensions)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
PublicCaInfo(org.xipki.ca.api.PublicCaInfo)
ConcurrentBagEntrySigner(org.xipki.security.ConcurrentBagEntrySigner)
Date(java.util.Date)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
NoIdleSignerException(org.xipki.security.exception.NoIdleSignerException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
OperationException(org.xipki.ca.api.OperationException)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Aggregations
IOException (java.io.IOException)1
CertificateException (java.security.cert.CertificateException)1
X509Certificate (java.security.cert.X509Certificate)1
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)1
Date (java.util.Date)1
ASN1Set (org.bouncycastle.asn1.ASN1Set)1
Attribute (org.bouncycastle.asn1.pkcs.Attribute)1
X500Name (org.bouncycastle.asn1.x500.X500Name)1
Certificate (org.bouncycastle.asn1.x509.Certificate)1
Extensions (org.bouncycastle.asn1.x509.Extensions)1
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)1
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)1
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)1
BadCertTemplateException (org.xipki.ca.api.BadCertTemplateException)1
OperationException (org.xipki.ca.api.OperationException)1
PublicCaInfo (org.xipki.ca.api.PublicCaInfo)1
CertValidity (org.xipki.ca.api.profile.CertValidity)1
CertprofileException (org.xipki.ca.api.profile.CertprofileException)1
SubjectInfo (org.xipki.ca.api.profile.x509.SubjectInfo)1
ConcurrentBagEntrySigner (org.xipki.security.ConcurrentBagEntrySigner)1
