Search in sources :

Example 1 with ConfPairs

use of org.xipki.common.ConfPairs in project xipki by xipki.

the class X509Util method createAccessDescription.

public static AccessDescription createAccessDescription(String accessMethodAndLocation) throws BadInputException {
    ParamUtil.requireNonNull("accessMethodAndLocation", accessMethodAndLocation);
    ConfPairs pairs;
    try {
        pairs = new ConfPairs(accessMethodAndLocation);
    } catch (IllegalArgumentException ex) {
        throw new BadInputException("invalid accessMethodAndLocation " + accessMethodAndLocation);
    }
    Set<String> oids = pairs.names();
    if (oids == null || oids.size() != 1) {
        throw new BadInputException("invalid accessMethodAndLocation " + accessMethodAndLocation);
    }
    String accessMethodS = oids.iterator().next();
    String taggedValue = pairs.value(accessMethodS);
    ASN1ObjectIdentifier accessMethod = new ASN1ObjectIdentifier(accessMethodS);
    GeneralName location = createGeneralName(taggedValue);
    return new AccessDescription(accessMethod, location);
}
Also used : BadInputException(org.xipki.security.exception.BadInputException) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) ConfPairs(org.xipki.common.ConfPairs) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DERUniversalString(org.bouncycastle.asn1.DERUniversalString) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 2 with ConfPairs

use of org.xipki.common.ConfPairs in project xipki by xipki.

the class CrlInfo method getEncoded.

public String getEncoded() throws IOException {
    ConfPairs pairs = new ConfPairs();
    pairs.putPair(CRL_NUMBER, crlNumber.toString(16));
    if (baseCrlNumber != null) {
        pairs.putPair(BASE_CRL_NUMBER, baseCrlNumber.toString(16));
    }
    pairs.putPair(USE_CRL_UPDATES, Boolean.toString(useCrlUpdates));
    pairs.putPair(THIS_UPDATE, DateUtil.toUtcTimeyyyyMMddhhmmss(thisUpdate));
    pairs.putPair(NEXT_UPDATE, DateUtil.toUtcTimeyyyyMMddhhmmss(nextUpdate));
    pairs.putPair(CRL_ID, Base64.encodeToString(crlId.getEncoded()));
    return pairs.getEncoded();
}
Also used : ConfPairs(org.xipki.common.ConfPairs)

Example 3 with ConfPairs

use of org.xipki.common.ConfPairs in project xipki by xipki.

the class X509SelfSignedCertBuilder method generateSelfSigned.

public static GenerateSelfSignedResult generateSelfSigned(SecurityFactory securityFactory, String signerType, String signerConf, IdentifiedX509Certprofile certprofile, CertificationRequest csr, BigInteger serialNumber, List<String> caCertUris, List<String> ocspUris, List<String> crlUris, List<String> deltaCrlUris, ConfPairs extraControl) throws OperationException, InvalidConfException {
    ParamUtil.requireNonNull("securityFactory", securityFactory);
    ParamUtil.requireNonBlank("signerType", signerType);
    ParamUtil.requireNonNull("certprofile", certprofile);
    ParamUtil.requireNonNull("csr", csr);
    ParamUtil.requireNonNull("serialNumber", serialNumber);
    if (serialNumber.compareTo(BigInteger.ZERO) != 1) {
        throw new IllegalArgumentException("serialNumber must not be non-positive: " + serialNumber);
    }
    X509CertLevel level = certprofile.getCertLevel();
    if (X509CertLevel.RootCA != level) {
        throw new IllegalArgumentException("certprofile is not of level " + X509CertLevel.RootCA);
    }
    if (!securityFactory.verifyPopo(csr, null)) {
        throw new InvalidConfException("could not validate POP for the CSR");
    }
    if ("pkcs12".equalsIgnoreCase(signerType) || "jks".equalsIgnoreCase(signerType)) {
        ConfPairs keyValues = new ConfPairs(signerConf);
        String keystoreConf = keyValues.value("keystore");
        if (keystoreConf == null) {
            throw new InvalidConfException("required parameter 'keystore' for types PKCS12 and JKS, is not specified");
        }
    }
    ConcurrentContentSigner signer;
    try {
        List<String[]> signerConfs = CaEntry.splitCaSignerConfs(signerConf);
        List<String> restrictedSigAlgos = certprofile.getSignatureAlgorithms();
        String thisSignerConf = null;
        if (CollectionUtil.isEmpty(restrictedSigAlgos)) {
            thisSignerConf = signerConfs.get(0)[1];
        } else {
            for (String algo : restrictedSigAlgos) {
                for (String[] m : signerConfs) {
                    if (m[0].equals(algo)) {
                        thisSignerConf = m[1];
                        break;
                    }
                }
                if (thisSignerConf != null) {
                    break;
                }
            }
        }
        if (thisSignerConf == null) {
            throw new OperationException(ErrorCode.SYSTEM_FAILURE, "CA does not support any signature algorithm restricted by the cert profile");
        }
        signer = securityFactory.createSigner(signerType, new SignerConf(thisSignerConf), (X509Certificate[]) null);
    } catch (XiSecurityException | ObjectCreationException ex) {
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
    }
    SubjectPublicKeyInfo publicKeyInfo;
    if (signer.getCertificate() != null) {
        // this cert is the dummy one which can be considered only as public key container
        Certificate bcCert;
        try {
            bcCert = Certificate.getInstance(signer.getCertificate().getEncoded());
        } catch (Exception ex) {
            throw new OperationException(ErrorCode.SYSTEM_FAILURE, "could not reparse certificate: " + ex.getMessage());
        }
        publicKeyInfo = bcCert.getSubjectPublicKeyInfo();
    } else {
        PublicKey signerPublicKey = signer.getPublicKey();
        try {
            publicKeyInfo = KeyUtil.createSubjectPublicKeyInfo(signerPublicKey);
        } catch (InvalidKeyException ex) {
            throw new OperationException(ErrorCode.SYSTEM_FAILURE, "cannot generate SubjectPublicKeyInfo from publicKey: " + ex.getMessage());
        }
    }
    X509Certificate newCert = generateCertificate(signer, certprofile, csr, serialNumber, publicKeyInfo, caCertUris, ocspUris, crlUris, deltaCrlUris, extraControl);
    return new GenerateSelfSignedResult(signerConf, newCert);
}
Also used : RSAPublicKey(java.security.interfaces.RSAPublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) PublicKey(java.security.PublicKey) DSAPublicKey(java.security.interfaces.DSAPublicKey) InvalidConfException(org.xipki.common.InvalidConfException) ConfPairs(org.xipki.common.ConfPairs) SignerConf(org.xipki.security.SignerConf) InvalidKeyException(java.security.InvalidKeyException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) CertprofileException(org.xipki.ca.api.profile.CertprofileException) ObjectCreationException(org.xipki.common.ObjectCreationException) InvalidKeyException(java.security.InvalidKeyException) XiSecurityException(org.xipki.security.exception.XiSecurityException) NoIdleSignerException(org.xipki.security.exception.NoIdleSignerException) InvalidConfException(org.xipki.common.InvalidConfException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) OperationException(org.xipki.ca.api.OperationException) X509Certificate(java.security.cert.X509Certificate) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) XiSecurityException(org.xipki.security.exception.XiSecurityException) ObjectCreationException(org.xipki.common.ObjectCreationException) X509CertLevel(org.xipki.ca.api.profile.x509.X509CertLevel) OperationException(org.xipki.ca.api.OperationException) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate)

Example 4 with ConfPairs

use of org.xipki.common.ConfPairs in project xipki by xipki.

the class ScepControl method getConf.

public String getConf() {
    ConfPairs pairs = new ConfPairs();
    pairs.putPair(KEY_CACERT_INCLUDED, Boolean.toString(includeCaCert));
    pairs.putPair(KEY_SIGNERCERT_INCLUDED, Boolean.toString(includeSignerCert));
    return pairs.getEncoded();
}
Also used : ConfPairs(org.xipki.common.ConfPairs)

Example 5 with ConfPairs

use of org.xipki.common.ConfPairs in project xipki by xipki.

the class SignerConf method getPkcs11SignerConf.

public static SignerConf getPkcs11SignerConf(String pkcs11ModuleName, Integer slotIndex, Long slotId, String keyLabel, byte[] keyId, int parallelism, HashAlgo hashAlgo, SignatureAlgoControl signatureAlgoControl) {
    ParamUtil.requireMin("parallelism", parallelism, 1);
    ParamUtil.requireNonNull("hashAlgo", hashAlgo);
    if (slotIndex == null && slotId == null) {
        throw new IllegalArgumentException("at least one of slotIndex and slotId must not be null");
    }
    if (keyId == null && keyLabel == null) {
        throw new IllegalArgumentException("at least one of keyId and keyLabel must not be null");
    }
    ConfPairs conf = new ConfPairs();
    conf.putPair("parallelism", Integer.toString(parallelism));
    if (pkcs11ModuleName != null && pkcs11ModuleName.length() > 0) {
        conf.putPair("module", pkcs11ModuleName);
    }
    if (slotId != null) {
        conf.putPair("slot-id", slotId.toString());
    }
    if (slotIndex != null) {
        conf.putPair("slot", slotIndex.toString());
    }
    if (keyId != null) {
        conf.putPair("key-id", Hex.encode(keyId));
    }
    if (keyLabel != null) {
        conf.putPair("key-label", keyLabel);
    }
    return new SignerConf(conf.getEncoded(), hashAlgo, signatureAlgoControl);
}
Also used : ConfPairs(org.xipki.common.ConfPairs)

Aggregations

ConfPairs (org.xipki.common.ConfPairs)38 HashMap (java.util.HashMap)8 Test (org.junit.Test)7 X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)5 IOException (java.io.IOException)4 CertificateException (java.security.cert.CertificateException)4 X509Certificate (java.security.cert.X509Certificate)4 SQLException (java.sql.SQLException)4 NameId (org.xipki.ca.api.NameId)4 CertValidity (org.xipki.ca.api.profile.CertValidity)4 CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)4 ValidityMode (org.xipki.ca.server.mgmt.api.ValidityMode)4 DataAccessException (org.xipki.datasource.DataAccessException)4 SignerConf (org.xipki.security.SignerConf)4 XiSecurityException (org.xipki.security.exception.XiSecurityException)4 PreparedStatement (java.sql.PreparedStatement)3 OperationException (org.xipki.ca.api.OperationException)3 CaStatus (org.xipki.ca.server.mgmt.api.CaStatus)3 X509CaUris (org.xipki.ca.server.mgmt.api.x509.X509CaUris)3 X509ChangeCaEntry (org.xipki.ca.server.mgmt.api.x509.X509ChangeCaEntry)3