use of org.xipki.common.ConfPairs in project xipki by xipki.
the class X509Util method createAccessDescription.
public static AccessDescription createAccessDescription(String accessMethodAndLocation) throws BadInputException {
ParamUtil.requireNonNull("accessMethodAndLocation", accessMethodAndLocation);
ConfPairs pairs;
try {
pairs = new ConfPairs(accessMethodAndLocation);
} catch (IllegalArgumentException ex) {
throw new BadInputException("invalid accessMethodAndLocation " + accessMethodAndLocation);
}
Set<String> oids = pairs.names();
if (oids == null || oids.size() != 1) {
throw new BadInputException("invalid accessMethodAndLocation " + accessMethodAndLocation);
}
String accessMethodS = oids.iterator().next();
String taggedValue = pairs.value(accessMethodS);
ASN1ObjectIdentifier accessMethod = new ASN1ObjectIdentifier(accessMethodS);
GeneralName location = createGeneralName(taggedValue);
return new AccessDescription(accessMethod, location);
}
use of org.xipki.common.ConfPairs in project xipki by xipki.
the class CrlInfo method getEncoded.
public String getEncoded() throws IOException {
ConfPairs pairs = new ConfPairs();
pairs.putPair(CRL_NUMBER, crlNumber.toString(16));
if (baseCrlNumber != null) {
pairs.putPair(BASE_CRL_NUMBER, baseCrlNumber.toString(16));
}
pairs.putPair(USE_CRL_UPDATES, Boolean.toString(useCrlUpdates));
pairs.putPair(THIS_UPDATE, DateUtil.toUtcTimeyyyyMMddhhmmss(thisUpdate));
pairs.putPair(NEXT_UPDATE, DateUtil.toUtcTimeyyyyMMddhhmmss(nextUpdate));
pairs.putPair(CRL_ID, Base64.encodeToString(crlId.getEncoded()));
return pairs.getEncoded();
}
use of org.xipki.common.ConfPairs in project xipki by xipki.
the class X509SelfSignedCertBuilder method generateSelfSigned.
public static GenerateSelfSignedResult generateSelfSigned(SecurityFactory securityFactory, String signerType, String signerConf, IdentifiedX509Certprofile certprofile, CertificationRequest csr, BigInteger serialNumber, List<String> caCertUris, List<String> ocspUris, List<String> crlUris, List<String> deltaCrlUris, ConfPairs extraControl) throws OperationException, InvalidConfException {
ParamUtil.requireNonNull("securityFactory", securityFactory);
ParamUtil.requireNonBlank("signerType", signerType);
ParamUtil.requireNonNull("certprofile", certprofile);
ParamUtil.requireNonNull("csr", csr);
ParamUtil.requireNonNull("serialNumber", serialNumber);
if (serialNumber.compareTo(BigInteger.ZERO) != 1) {
throw new IllegalArgumentException("serialNumber must not be non-positive: " + serialNumber);
}
X509CertLevel level = certprofile.getCertLevel();
if (X509CertLevel.RootCA != level) {
throw new IllegalArgumentException("certprofile is not of level " + X509CertLevel.RootCA);
}
if (!securityFactory.verifyPopo(csr, null)) {
throw new InvalidConfException("could not validate POP for the CSR");
}
if ("pkcs12".equalsIgnoreCase(signerType) || "jks".equalsIgnoreCase(signerType)) {
ConfPairs keyValues = new ConfPairs(signerConf);
String keystoreConf = keyValues.value("keystore");
if (keystoreConf == null) {
throw new InvalidConfException("required parameter 'keystore' for types PKCS12 and JKS, is not specified");
}
}
ConcurrentContentSigner signer;
try {
List<String[]> signerConfs = CaEntry.splitCaSignerConfs(signerConf);
List<String> restrictedSigAlgos = certprofile.getSignatureAlgorithms();
String thisSignerConf = null;
if (CollectionUtil.isEmpty(restrictedSigAlgos)) {
thisSignerConf = signerConfs.get(0)[1];
} else {
for (String algo : restrictedSigAlgos) {
for (String[] m : signerConfs) {
if (m[0].equals(algo)) {
thisSignerConf = m[1];
break;
}
}
if (thisSignerConf != null) {
break;
}
}
}
if (thisSignerConf == null) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, "CA does not support any signature algorithm restricted by the cert profile");
}
signer = securityFactory.createSigner(signerType, new SignerConf(thisSignerConf), (X509Certificate[]) null);
} catch (XiSecurityException | ObjectCreationException ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
}
SubjectPublicKeyInfo publicKeyInfo;
if (signer.getCertificate() != null) {
// this cert is the dummy one which can be considered only as public key container
Certificate bcCert;
try {
bcCert = Certificate.getInstance(signer.getCertificate().getEncoded());
} catch (Exception ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, "could not reparse certificate: " + ex.getMessage());
}
publicKeyInfo = bcCert.getSubjectPublicKeyInfo();
} else {
PublicKey signerPublicKey = signer.getPublicKey();
try {
publicKeyInfo = KeyUtil.createSubjectPublicKeyInfo(signerPublicKey);
} catch (InvalidKeyException ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, "cannot generate SubjectPublicKeyInfo from publicKey: " + ex.getMessage());
}
}
X509Certificate newCert = generateCertificate(signer, certprofile, csr, serialNumber, publicKeyInfo, caCertUris, ocspUris, crlUris, deltaCrlUris, extraControl);
return new GenerateSelfSignedResult(signerConf, newCert);
}
use of org.xipki.common.ConfPairs in project xipki by xipki.
the class ScepControl method getConf.
public String getConf() {
ConfPairs pairs = new ConfPairs();
pairs.putPair(KEY_CACERT_INCLUDED, Boolean.toString(includeCaCert));
pairs.putPair(KEY_SIGNERCERT_INCLUDED, Boolean.toString(includeSignerCert));
return pairs.getEncoded();
}
use of org.xipki.common.ConfPairs in project xipki by xipki.
the class SignerConf method getPkcs11SignerConf.
public static SignerConf getPkcs11SignerConf(String pkcs11ModuleName, Integer slotIndex, Long slotId, String keyLabel, byte[] keyId, int parallelism, HashAlgo hashAlgo, SignatureAlgoControl signatureAlgoControl) {
ParamUtil.requireMin("parallelism", parallelism, 1);
ParamUtil.requireNonNull("hashAlgo", hashAlgo);
if (slotIndex == null && slotId == null) {
throw new IllegalArgumentException("at least one of slotIndex and slotId must not be null");
}
if (keyId == null && keyLabel == null) {
throw new IllegalArgumentException("at least one of keyId and keyLabel must not be null");
}
ConfPairs conf = new ConfPairs();
conf.putPair("parallelism", Integer.toString(parallelism));
if (pkcs11ModuleName != null && pkcs11ModuleName.length() > 0) {
conf.putPair("module", pkcs11ModuleName);
}
if (slotId != null) {
conf.putPair("slot-id", slotId.toString());
}
if (slotIndex != null) {
conf.putPair("slot", slotIndex.toString());
}
if (keyId != null) {
conf.putPair("key-id", Hex.encode(keyId));
}
if (keyLabel != null) {
conf.putPair("key-label", keyLabel);
}
return new SignerConf(conf.getEncoded(), hashAlgo, signatureAlgoControl);
}
Aggregations