Example usage for org.bouncycastle.asn1 DERBitString DERBitString

List of usage examples for org.bouncycastle.asn1 DERBitString DERBitString

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.*
  5. DERBitString
  6. DERBitString

Introduction

In this page you can find the example usage for org.bouncycastle.asn1 DERBitString DERBitString.

Prototype

public DERBitString(ASN1Encodable obj) throws IOException

Source Link

Usage

From source file:ch.bfh.unicert.certimport.CertificateIssuer.java

License:GNU General Public License

public Certificate createClientCertificate(IdentityData id, String keyStorePath, PublicKey pk, int validity,
        String applicationIdentifier, String[] roles, String uniBoardWsdlURL, String uniBoardServiceURL,
        String section) throws CertificateCreationException {

    X509Certificate caCert;/*from w  ww  .j  av  a 2  s  .com*/
    RSAPrivateCrtKey privKey;
    try {
        caCert = this.readIssuerCertificate(this.issuerId);
        privKey = this.readPrivateKey(this.issuerId, this.privKeyPass);
    } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException ex) {
        logger.log(Level.SEVERE, null, ex);
        throw new CertificateCreationException("230 Could not create client certificate. Key error");
    }

    RSAPrivateCrtKeyParameters cipherParams = this.createIssuerCipherParams(privKey);

    X509Certificate clientCert;

    Hashtable extension = new Hashtable();

    extension.put(new DERObjectIdentifier(ExtensionOID.APPLICATION_IDENTIFIER.getOID()),
            new X509Extension(DERBoolean.FALSE, CertificateHelper.stringToDER(applicationIdentifier)));

    String completeRole = "";
    for (String role : roles) {
        completeRole += role + ", ";
    }
    completeRole = completeRole.substring(0, completeRole.length() - 2);
    extension.put(new DERObjectIdentifier(ExtensionOID.ROLE.getOID()),
            new X509Extension(DERBoolean.FALSE, CertificateHelper.stringToDER(completeRole)));

    extension.put(new DERObjectIdentifier(ExtensionOID.IDENTITY_PROVIDER.getOID()),
            new X509Extension(DERBoolean.FALSE, CertificateHelper.stringToDER(id.getIdentityProvider())));

    Map<String, String> extensionMap = new HashMap();
    if (id.getOtherValues() != null) {
        for (Entry<ExtensionOID, String> entry : id.getOtherValues().entrySet()) {
            extension.put(new DERObjectIdentifier(entry.getKey().getOID()),
                    new X509Extension(DERBoolean.FALSE, CertificateHelper.stringToDER(entry.getValue())));
            extensionMap.put(entry.getKey().getName(), entry.getValue());
        }
    }

    try {

        String x509NameString = "";
        x509NameString += "CN=" + id.getCommonName();

        if (id.getSurname() != null && !id.getSurname().equals("")) {
            x509NameString += ", SURNAME=" + id.getSurname();
        }
        if (id.getGivenName() != null && !id.getGivenName().equals("")) {
            x509NameString += ", GIVENNAME=" + id.getGivenName();
        }
        if (id.getUniqueIdentifier() != null && !id.getUniqueIdentifier().equals("")) {
            x509NameString += ", UID=" + id.getUniqueIdentifier();
        }
        if (id.getOrganisation() != null && !id.getOrganisation().equals("")) {
            x509NameString += ", O=" + id.getOrganisation();
        }
        if (id.getOrganisationUnit() != null && !id.getOrganisationUnit().equals("")) {
            x509NameString += ", OU=" + id.getOrganisationUnit();
        }
        if (id.getCountryName() != null && !id.getCountryName().equals("")) {
            x509NameString += ", C=" + id.getCountryName();
        }
        if (id.getState() != null && !id.getState().equals("")) {
            x509NameString += ", ST=" + id.getState();
        }
        if (id.getLocality() != null && !id.getLocality().equals("")) {
            x509NameString += ", L=" + id.getLocality();
        }

        X509Name x509Name = new X509Name(x509NameString);

        V3TBSCertificateGenerator certGen = new V3TBSCertificateGenerator();
        certGen.setSerialNumber(new DERInteger(BigInteger.valueOf(System.currentTimeMillis())));
        certGen.setIssuer(PrincipalUtil.getSubjectX509Principal(caCert));
        certGen.setSubject(x509Name);
        certGen.setExtensions(new X509Extensions(extension));
        DERObjectIdentifier sigOID = new DERObjectIdentifier("1.2.840.113549.1.1.5");
        AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(sigOID, new DERNull());
        certGen.setSignature(sigAlgId);
        certGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo(
                (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(pk.getEncoded())).readObject()));
        certGen.setStartDate(new Time(new Date(System.currentTimeMillis())));
        certGen.setEndDate(new Time(getExpiryDate(validity).getTime()));
        TBSCertificateStructure tbsCert = certGen.generateTBSCertificate();

        //Sign certificate
        SHA1Digest digester = new SHA1Digest();
        AsymmetricBlockCipher rsa = new PKCS1Encoding(new RSAEngine());
        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
        DEROutputStream dOut = new DEROutputStream(bOut);
        dOut.writeObject(tbsCert);
        byte[] signature;
        byte[] certBlock = bOut.toByteArray();
        // first create digest
        digester.update(certBlock, 0, certBlock.length);
        byte[] hash = new byte[digester.getDigestSize()];
        digester.doFinal(hash, 0);
        // then sign it
        rsa.init(true, cipherParams);
        DigestInfo dInfo = new DigestInfo(new AlgorithmIdentifier(X509ObjectIdentifiers.id_SHA1, null), hash);
        byte[] digest = dInfo.getEncoded(ASN1Encodable.DER);
        signature = rsa.processBlock(digest, 0, digest.length);

        ASN1EncodableVector v = new ASN1EncodableVector();
        v.add(tbsCert);
        v.add(sigAlgId);
        v.add(new DERBitString(signature));

        // Create CRT data structure
        clientCert = new X509CertificateObject(new X509CertificateStructure(new DERSequence(v)));
        clientCert.verify(caCert.getPublicKey());
    } catch (IOException | InvalidCipherTextException | CertificateException | NoSuchAlgorithmException
            | InvalidKeyException | NoSuchProviderException | SignatureException e) {
        logger.log(Level.SEVERE, "Could not create client certificate: {0}", new Object[] { e.getMessage() });
        throw new CertificateCreationException("230 Could not create client certificate");
    }

    Certificate cert = new Certificate(clientCert, id.getCommonName(), id.getUniqueIdentifier(),
            id.getOrganisation(), id.getOrganisationUnit(), id.getCountryName(), id.getState(),
            id.getLocality(), id.getSurname(), id.getGivenName(), applicationIdentifier, roles,
            id.getIdentityProvider(), extensionMap);

    //post message on UniBoard if corresponding JNDI parameter is defined
    postOnUniBoard(cert, uniBoardWsdlURL, uniBoardServiceURL, section, (RSAPublicKey) caCert.getPublicKey(),
            privKey);

    return cert;

}

From source file:ch.bfh.unicert.issuer.CertificateIssuerBean.java

License:GNU General Public License

/**
 * Actually creates the requestor certificate.
 *
 * @param id requestor identity data/*from w  ww.  ja v  a  2 s . c o  m*/
 * @param caCert certificate of the certification authority
 * @param cipherParams issuer private key parameters used for signing
 * @param pk public key of the requestor to certify
 * @param expiry the expiry date
 * @param applicationIdentifier the application identifier for which te certificate is issued
 * @param role role for which the certificate is issued
 * @return the certificate object containing the X509 certificate
 * @throws CertificateCreationException if an error occurs
 */
private Certificate createClientCertificate(IdentityData id, X509Certificate caCert,
        CipherParameters cipherParams, PublicKey pk, Calendar expiry, String applicationIdentifier,
        String[] roles) throws CertificateCreationException {

    X509Certificate clientCert;

    Hashtable extension = new Hashtable();

    extension.put(new DERObjectIdentifier(ExtensionOID.APPLICATION_IDENTIFIER.getOID()),
            new X509Extension(DERBoolean.FALSE, CertificateHelper.stringToDER(applicationIdentifier)));

    String completeRole = "";
    for (String role : roles) {
        completeRole += role + ", ";
    }
    completeRole = completeRole.substring(0, completeRole.length() - 2);
    extension.put(new DERObjectIdentifier(ExtensionOID.ROLE.getOID()),
            new X509Extension(DERBoolean.FALSE, CertificateHelper.stringToDER(completeRole)));

    extension.put(new DERObjectIdentifier(ExtensionOID.IDENTITY_PROVIDER.getOID()),
            new X509Extension(DERBoolean.FALSE, CertificateHelper.stringToDER(id.getIdentityProvider())));

    Map<String, String> extensionMap = new HashMap();
    if (id.getOtherValues() != null) {
        for (Entry<ExtensionOID, String> entry : id.getOtherValues().entrySet()) {
            extension.put(new DERObjectIdentifier(entry.getKey().getOID()),
                    new X509Extension(DERBoolean.FALSE, CertificateHelper.stringToDER(entry.getValue())));
            extensionMap.put(entry.getKey().getName(), entry.getValue());
        }
    }

    try {

        String x509NameString = "";
        x509NameString += "CN=" + id.getCommonName();

        if (id.getSurname() != null && !id.getSurname().equals("")) {
            x509NameString += ", SURNAME=" + id.getSurname();
        }
        if (id.getGivenName() != null && !id.getGivenName().equals("")) {
            x509NameString += ", GIVENNAME=" + id.getGivenName();
        }
        if (id.getUniqueIdentifier() != null && !id.getUniqueIdentifier().equals("")) {
            x509NameString += ", UID=" + id.getUniqueIdentifier();
        }
        if (id.getOrganisation() != null && !id.getOrganisation().equals("")) {
            x509NameString += ", O=" + id.getOrganisation();
        }
        if (id.getOrganisationUnit() != null && !id.getOrganisationUnit().equals("")) {
            x509NameString += ", OU=" + id.getOrganisationUnit();
        }
        if (id.getCountryName() != null && !id.getCountryName().equals("")) {
            x509NameString += ", C=" + id.getCountryName();
        }
        if (id.getState() != null && !id.getState().equals("")) {
            x509NameString += ", ST=" + id.getState();
        }
        if (id.getLocality() != null && !id.getLocality().equals("")) {
            x509NameString += ", L=" + id.getLocality();
        }

        X509Name x509Name = new X509Name(x509NameString);

        V3TBSCertificateGenerator certGen = new V3TBSCertificateGenerator();
        certGen.setSerialNumber(new DERInteger(BigInteger.valueOf(System.currentTimeMillis())));
        certGen.setIssuer(PrincipalUtil.getSubjectX509Principal(caCert));
        certGen.setSubject(x509Name);
        certGen.setExtensions(new X509Extensions(extension));
        DERObjectIdentifier sigOID = new DERObjectIdentifier("1.2.840.113549.1.1.5");
        AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(sigOID, new DERNull());
        certGen.setSignature(sigAlgId);
        certGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo(
                (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(pk.getEncoded())).readObject()));
        certGen.setStartDate(new Time(new Date(System.currentTimeMillis())));
        certGen.setEndDate(new Time(expiry.getTime()));
        TBSCertificateStructure tbsCert = certGen.generateTBSCertificate();

        //Sign certificate
        SHA1Digest digester = new SHA1Digest();
        AsymmetricBlockCipher rsa = new PKCS1Encoding(new RSAEngine());
        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
        DEROutputStream dOut = new DEROutputStream(bOut);
        dOut.writeObject(tbsCert);
        byte[] signature;
        byte[] certBlock = bOut.toByteArray();
        // first create digest
        digester.update(certBlock, 0, certBlock.length);
        byte[] hash = new byte[digester.getDigestSize()];
        digester.doFinal(hash, 0);
        // then sign it
        rsa.init(true, cipherParams);
        DigestInfo dInfo = new DigestInfo(new AlgorithmIdentifier(X509ObjectIdentifiers.id_SHA1, null), hash);
        byte[] digest = dInfo.getEncoded(ASN1Encodable.DER);
        signature = rsa.processBlock(digest, 0, digest.length);

        ASN1EncodableVector v = new ASN1EncodableVector();
        v.add(tbsCert);
        v.add(sigAlgId);
        v.add(new DERBitString(signature));

        // Create CRT data structure
        clientCert = new X509CertificateObject(new X509CertificateStructure(new DERSequence(v)));
        clientCert.verify(caCert.getPublicKey());
    } catch (IOException | CertificateException | NoSuchAlgorithmException | InvalidKeyException
            | NoSuchProviderException | InvalidCipherTextException | SignatureException e) {
        logger.log(Level.SEVERE, "Could not create client certificate: {0}", new Object[] { e.getMessage() });
        throw new CertificateCreationException("230 Could not create client certificate");
    }

    return new Certificate(clientCert, id.getCommonName(), id.getUniqueIdentifier(), id.getOrganisation(),
            id.getOrganisationUnit(), id.getCountryName(), id.getState(), id.getLocality(), id.getSurname(),
            id.getGivenName(), applicationIdentifier, roles, id.getIdentityProvider(), extensionMap);

}

From source file:com.google.bitcoin.core.ECKey.java

License:Apache License

/**
 * Output this ECKey as an ASN.1 encoded private key, as understood by OpenSSL or used by the BitCoin reference
 * implementation in its wallet storage format.
 *//*from  w w  w. j a  v a  2s . c o m*/
public byte[] toASN1() {
    try {
        ByteArrayOutputStream baos = new ByteArrayOutputStream(400);

        // ASN1_SEQUENCE(EC_PRIVATEKEY) = {
        //   ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG),
        //   ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
        //   ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0),
        //   ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
        // } ASN1_SEQUENCE_END(EC_PRIVATEKEY)
        DERSequenceGenerator seq = new DERSequenceGenerator(baos);
        seq.addObject(new ASN1Integer(1)); // version
        seq.addObject(new DEROctetString(priv.toByteArray()));
        seq.addObject(new DERTaggedObject(0, SECNamedCurves.getByName("secp256k1").toASN1Primitive()));
        seq.addObject(new DERTaggedObject(1, new DERBitString(getPubKey())));
        seq.close();
        return baos.toByteArray();
    } catch (IOException e) {
        throw new RuntimeException(e); // Cannot happen, writing to memory stream.
    }
}

From source file:com.peterphi.std.crypto.keygen.CaHelper.java

License:Open Source License

static private X509V3CertificateGenerator addCaExtensions(X509V3CertificateGenerator gen, PublicKey pubKey)
        throws Exception {
    gen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
    gen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature
            | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyCertSign | KeyUsage.cRLSign));

    gen.addExtension(X509Extensions.ExtendedKeyUsage, getExtendedKeyUsageCriticality(),
            new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));
    // gen.addExtension(X509Extensions.SubjectAlternativeName, false,
    // new GeneralNames(new GeneralName(GeneralName.rfc822Name,
    // "test@test.test")));

    // netscape-cert-type "2.16.840.1.113730.1.1"
    // * bit-0 SSL client - 128
    // * bit-1 SSL server - 64
    // * bit-2 S/MIME - 32
    // * bit-3 Object Signing - 16
    // * bit-4 Reserved - 8
    // * bit-5 SSL CA - 4
    // * bit-6 S/MIME CA - 2
    // * bit-7 Object Signing CA - 1
    gen.addExtension(netscapeCertType, false, new DERBitString(new byte[] { Byte.MAX_VALUE })); // was 4

    addSubjectKeyIdentifier(gen, pubKey);
    addAuthorityKeyIdentifier(gen, pubKey);
    return gen;/*www  . j av  a  2s. c  o m*/
}

From source file:com.peterphi.std.crypto.keygen.CaHelper.java

License:Open Source License

@SuppressWarnings("unused")
static private X509V3CertificateGenerator addServerExtensions(X509V3CertificateGenerator gen, PublicKey pubKey)
        throws Exception {
    gen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
    gen.addExtension(X509Extensions.KeyUsage, true,
            new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment));

    gen.addExtension(X509Extensions.ExtendedKeyUsage, getExtendedKeyUsageCriticality(),
            new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));
    // gen.addExtension(X509Extensions.SubjectAlternativeName, false,
    // new GeneralNames(new GeneralName(GeneralName.rfc822Name,
    // "test@test.test")));

    // netscape-cert-type "2.16.840.1.113730.1.1"
    // * bit-0 SSL client - 128
    // * bit-1 SSL server - 64
    // * bit-2 S/MIME - 32
    // * bit-3 Object Signing - 16
    // * bit-4 Reserved - 8
    // * bit-5 SSL CA - 4
    // * bit-6 S/MIME CA - 2
    // * bit-7 Object Signing CA - 1

    gen.addExtension(netscapeCertType, false, new DERBitString(new byte[] { -16 })); // was 4

    addSubjectKeyIdentifier(gen, pubKey);
    addAuthorityKeyIdentifier(gen, pubKey);
    return gen;//from w  w  w.j a v  a 2  s. c o  m
}

From source file:com.vmware.identity.rest.core.test.util.CertificateGenerator.java

License:Open Source License

/**
 * Generate a self-signed X.509 certificate
 *
 * @param pair the key pair to use when signing the certificate
 * @param algorithm the signing algorithm to use
 * @param dn the X.509 distinguished name for the certificate
 * @return a self-signed X.509 certificate
 * @throws NoSuchAlgorithmException//from  ww  w . j  a va2 s  .c om
 * @throws NoSuchProviderException
 * @throws InvalidKeyException
 * @throws SignatureException
 * @throws IOException
 * @throws CertificateException
 */
public static X509Certificate generateSelfSignedCertificate(KeyPair pair, AlgorithmName algorithm, String dn)
        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException,
        IOException, CertificateException {
    if (Security.getProvider("BC") == null) {
        Security.addProvider(new BouncyCastleProvider());
    }

    AtomicLong serialNumber = new AtomicLong(System.currentTimeMillis());
    X500Name owner = new X500Name(dn);

    V1TBSCertificateGenerator generator = new V1TBSCertificateGenerator();
    long time = System.currentTimeMillis();

    generator.setSerialNumber(new ASN1Integer(serialNumber.getAndIncrement()));
    generator.setIssuer(owner);
    generator.setSubject(owner);
    generator.setStartDate(new Time(new Date(time - 5000)));
    generator.setEndDate(new Time(new Date(time + 30 * 60 * 1000)));
    generator.setSignature(ALGORITHM_IDS.get(algorithm));
    generator.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded()));

    Signature sig = Signature.getInstance(algorithm.toString(), "BC");

    sig.initSign(pair.getPrivate());

    sig.update(generator.generateTBSCertificate().getEncoded(ASN1Encoding.DER));

    TBSCertificate tbsCert = generator.generateTBSCertificate();

    ASN1EncodableVector v = new ASN1EncodableVector();

    v.add(tbsCert);
    v.add(ALGORITHM_IDS.get(algorithm));
    v.add(new DERBitString(sig.sign()));

    return (X509Certificate) CertificateFactory.getInstance("X.509", "BC")
            .generateCertificate(new ByteArrayInputStream(new DERSequence(v).getEncoded(ASN1Encoding.DER)));
}

From source file:com.yacme.ext.oxsit.cust_it.security.crl.X509CertRL.java

License:Open Source License

/**
 * Controls if the given certificate is revoked at the specified date.
 * Effettua il controllo di revoca sulla firma contenuta nel certificato
 * userCert, rispetto alla data corrente<br><br>
 *
 * @param userCert certificate to verify
 * @param date Date/* ww  w .jav  a 2s. c  o m*/
 * @return true if certificate is not revoked
 */
public boolean isNotRevokedCRL(XStatusIndicator _aStatus, X509Certificate userCert, Date date) {

    setCertificateStateConditions(CertificateStateConditions.REVOCATION_NOT_YET_CONTROLLED);

    X509CRL crl = null;
    //check if we have a status indicator
    m_xStatusIndicator = _aStatus;
    getConfiguration();
    //check if CRL control is enabled
    if (m_bDisableCRLControl) {
        setCertificateStateConditions(CertificateStateConditions.REVOCATION_CONTROL_NOT_ENABLED);
        setCertificateState(CertificateState.NOT_VERIFIABLE);
        return false;
    }

    try {
        // devo fare l'update per compatibilita' all'indietro!
        if (!update(userCert, date, m_bAlwaysDownloadCRL)) {

            return false;
        } else {
            crl = (X509CRL) crls.get(userCert.getIssuerX500Principal());
        }
        X509CRLEntry entry = crl.getRevokedCertificate(userCert.getSerialNumber());

        if (entry == null) {
            trace("Verifica di revoca del certificato effettuata correttamente" + "\n***Fine Verifica CRL***");
            setCertificateStateConditions(CertificateStateConditions.REVOCATION_CONTROLLED_OK);
            setCertificateState(CertificateState.OK);
            return true;
        }

        if (crl.getVersion() >= 1) {
            // CRL versione 2 o superiore: prevede le extensions
            String reason = null;

            Date revDate = null;
            try {
                revDate = entry.getRevocationDate();
                byte[] extVal = entry.getExtensionValue("2.5.29.21");

                if (extVal != null) {

                    trace("ReasonCode presente");

                    DERBitString dbs = new DERBitString(extVal);
                    reason = dbs.getString();

                    trace("ReasonCode trovato (DERBitString): " + reason);
                    if (reason.endsWith("0")) {
                        trace("unspecified(0)");
                        reasonCode = "in data " + revDate + " :\n unspecified(0)";
                    }
                    if (reason.endsWith("1")) {
                        trace("keyCompromise(1)");
                        reasonCode = "in data " + revDate + " :\n keyCompromise(1)";
                    }
                    if (reason.endsWith("2")) {
                        trace("cACompromise(2)");
                        reasonCode = "in data " + revDate + " :\n cACompromise(2)";
                    }
                    if (reason.endsWith("3")) {
                        trace("affiliationChanged(3)");
                        reasonCode = "in data " + revDate + " :\n affiliationChanged(3)";
                    }
                    if (reason.endsWith("4")) {
                        trace("superseded(4)");
                        reasonCode = "in data " + revDate + " :\n superseded(4)";
                    }
                    if (reason.endsWith("5")) {
                        trace("cessationOfOperation(5)");
                        reasonCode = "in data " + revDate + " :\n cessationOfOperation(5)";
                    }
                    if (reason.endsWith("8")) {
                        trace("removeFromCRL(8)");
                        reasonCode = "in data " + revDate + " :\n removeFromCRL(8)";
                    }
                    if (reason.endsWith("6")) { //ReasonFlags.CERTIFICATEHOLD
                        // il certificato e' sospeso ....
                        if (date.before(revDate)) {
                            trace("Il certificato risulta sospeso alla data: " + revDate);
                            trace("data revoca " + revDate + " e data di controllo " + date);
                            reasonCode = "data revoca " + revDate + " e data di controllo " + date;
                            setCertificateStateConditions(CertificateStateConditions.REVOCATION_CONTROLLED_OK);
                            setCertificateState(CertificateState.SUSPENDED);
                            return true; // o false da decidere
                        } else {
                            trace("Il certificato risulta sospeso in data: " + revDate);
                            reasonCode = "Il certificato risulta sospeso in data: " + revDate;
                            traceDialog(reasonCode);
                            setCertificateStateConditions(CertificateStateConditions.REVOCATION_CONTROLLED_OK);
                            setCertificateState(CertificateState.SUSPENDED);
                            return false;
                        }
                    }
                }
                // il certificato e' veramente revocato ....
                if (date.before(revDate)) {
                    //non ancora revocato
                    trace("Il certificato risulta revocato dopo il " + date + " (data di revoca: " + revDate);
                    reasonCode = "in futuro.\nIl certificato risulta revocato dopo il " + date
                            + " (data di revoca: " + revDate;
                    traceDialog(reasonCode);
                    setCertificateStateConditions(CertificateStateConditions.REVOCATION_CONTROLLED_OK);
                    setCertificateState(CertificateState.REVOKED);
                    return true; // o false da decidere
                } else {
                    trace("Il certificato risulta revocato in data: " + revDate);
                    if (reasonCode == null) {
                        reasonCode = "in data: " + revDate;
                    }
                    traceDialog(reasonCode);
                    setCertificateStateConditions(CertificateStateConditions.REVOCATION_CONTROLLED_OK);
                    setCertificateState(CertificateState.REVOKED);
                    return false;
                }
            } catch (Throwable ex) {
                trace(ex);
                traceDialog(
                        "isNotRevoked - Errore nella lettura delle estensioni di revoca -> " + ex.getMessage());

                setCertificateStateConditions(CertificateStateConditions.REVOCATION_CONTROLLED_OK);
                setCertificateState(CertificateState.NOT_YET_VERIFIED);
                return false;
            }
            // la versione della CRL e' la uno e quindi non si pu distinguere
            // la motivazione della revoca -> certificato revocato e basta.
        } else {
            trace("CRL V.1 : il certificato risulta revocato/sospeso");
            //set state as revoked
            traceDialog("CRL V.1 : il certificato risulta revocato/sospeso");
            setCertificateStateConditions(CertificateStateConditions.REVOCATION_CONTROLLED_OK);
            setCertificateState(CertificateState.REVOKED);
            return false; // o false da decidere
        }
    } catch (Throwable e) {
        //trace(e);
        traceDialog("isNotRevoked - Errore generico nel metodo -> ", e);

        setCertificateStateConditions(CertificateStateConditions.REVOCATION_NOT_YET_CONTROLLED);
        setCertificateState(CertificateState.NOT_YET_VERIFIED);
        return false;
    }
}

From source file:de.carne.certmgr.store.provider.bouncycastle.BouncyCastleASN1Encoder.java

License:Open Source License

@Override
public void asn1EncodeBitString(byte[] bs) {
    asn1Encode(new DERBitString(bs));
}

From source file:edu.tamu.tcat.crypto.bouncycastle.ASN1SeqKeyImpl.java

License:Apache License

private static DERBitString getPublic(java.security.interfaces.ECPrivateKey key) throws EncodingException {
    BCECPrivateKey priv = (BCECPrivateKey) key;
    org.bouncycastle.math.ec.ECPoint g = priv.getParameters().getG();
    org.bouncycastle.math.ec.ECPoint q = g.multiply(priv.getS());
    return new DERBitString(q.getEncoded());
}

From source file:edu.tamu.tcat.crypto.bouncycastle.ASN1SeqKeyImpl.java

License:Apache License

private static ASN1Sequence getCurve(EllipticCurve curve) throws EncodingException {
    ASN1EncodableVector v = new ASN1EncodableVector();

    v.add(new DEROctetString(getInteger(curve.getA())));
    v.add(new DEROctetString(getInteger(curve.getB())));
    byte[] seed = curve.getSeed();
    if (seed != null)
        v.add(new DERBitString(seed));

    return new DERSequence(v);
}