List of usage examples for org.bouncycastle.asn1 DERIA5String DERIA5String
public DERIA5String(String string)
From source file:be.fedict.trust.test.PKITestUtils.java
License:Open Source License
public static X509Certificate generateCertificate(PublicKey subjectPublicKey, String subjectDn, DateTime notBefore, DateTime notAfter, X509Certificate issuerCertificate, PrivateKey issuerPrivateKey, boolean caFlag, int pathLength, String crlUri, String ocspUri, KeyUsage keyUsage, String signatureAlgorithm, boolean tsa, boolean includeSKID, boolean includeAKID, PublicKey akidPublicKey, String certificatePolicy, Boolean qcCompliance, boolean ocspResponder, boolean qcSSCD) throws IOException, InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateException, OperatorCreationException { X500Name issuerName;/*from w ww . ja va2 s.co m*/ if (null != issuerCertificate) { issuerName = new X500Name(issuerCertificate.getSubjectX500Principal().toString()); } else { issuerName = new X500Name(subjectDn); } X500Name subjectName = new X500Name(subjectDn); BigInteger serial = new BigInteger(128, new SecureRandom()); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(subjectPublicKey.getEncoded()); X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(issuerName, serial, notBefore.toDate(), notAfter.toDate(), subjectName, publicKeyInfo); JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils(); if (includeSKID) { x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(subjectPublicKey)); } if (includeAKID) { PublicKey authorityPublicKey; if (null != akidPublicKey) { authorityPublicKey = akidPublicKey; } else if (null != issuerCertificate) { authorityPublicKey = issuerCertificate.getPublicKey(); } else { authorityPublicKey = subjectPublicKey; } x509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(authorityPublicKey)); } if (caFlag) { if (-1 == pathLength) { x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(2147483647)); } else { x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(pathLength)); } } if (null != crlUri) { GeneralName generalName = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(crlUri)); GeneralNames generalNames = new GeneralNames(generalName); DistributionPointName distPointName = new DistributionPointName(generalNames); DistributionPoint distPoint = new DistributionPoint(distPointName, null, null); DistributionPoint[] crlDistPoints = new DistributionPoint[] { distPoint }; CRLDistPoint crlDistPoint = new CRLDistPoint(crlDistPoints); x509v3CertificateBuilder.addExtension(Extension.cRLDistributionPoints, false, crlDistPoint); } if (null != ocspUri) { GeneralName ocspName = new GeneralName(GeneralName.uniformResourceIdentifier, ocspUri); AuthorityInformationAccess authorityInformationAccess = new AuthorityInformationAccess( X509ObjectIdentifiers.ocspAccessMethod, ocspName); x509v3CertificateBuilder.addExtension(Extension.authorityInfoAccess, false, authorityInformationAccess); } if (null != keyUsage) { x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, keyUsage); } if (null != certificatePolicy) { ASN1ObjectIdentifier policyObjectIdentifier = new ASN1ObjectIdentifier(certificatePolicy); PolicyInformation policyInformation = new PolicyInformation(policyObjectIdentifier); x509v3CertificateBuilder.addExtension(Extension.certificatePolicies, false, new DERSequence(policyInformation)); } if (null != qcCompliance) { ASN1EncodableVector vec = new ASN1EncodableVector(); if (qcCompliance) { vec.add(new QCStatement(QCStatement.id_etsi_qcs_QcCompliance)); } else { vec.add(new QCStatement(QCStatement.id_etsi_qcs_RetentionPeriod)); } if (qcSSCD) { vec.add(new QCStatement(QCStatement.id_etsi_qcs_QcSSCD)); } x509v3CertificateBuilder.addExtension(Extension.qCStatements, true, new DERSequence(vec)); } if (tsa) { x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping)); } if (ocspResponder) { x509v3CertificateBuilder.addExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck, false, DERNull.INSTANCE); x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_OCSPSigning)); } AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(signatureAlgorithm); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); AsymmetricKeyParameter asymmetricKeyParameter = PrivateKeyFactory.createKey(issuerPrivateKey.getEncoded()); ContentSigner contentSigner = new BcRSAContentSignerBuilder(sigAlgId, digAlgId) .build(asymmetricKeyParameter); X509CertificateHolder x509CertificateHolder = x509v3CertificateBuilder.build(contentSigner); byte[] encodedCertificate = x509CertificateHolder.getEncoded(); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); X509Certificate certificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(encodedCertificate)); return certificate; }
From source file:be.fedict.trust.test.PKITestUtils.java
License:Open Source License
public static DistributionPoint getDistributionPoint(String uri) { GeneralName gn = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(uri)); GeneralNames gns = new GeneralNames(gn); DistributionPointName dpn = new DistributionPointName(0, gns); return new DistributionPoint(dpn, null, null); }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
private Attribute createPolicyId(byte[] polHash, String polHashAlg, String sigPolicyUri, String sigPolicyId) { final ASN1EncodableVector desSeq12 = new ASN1EncodableVector(); desSeq12.add(new DERObjectIdentifier(polHashAlg)); DERSequence seq12 = new DERSequence(desSeq12); final ASN1EncodableVector desSeq1 = new ASN1EncodableVector(); desSeq1.add(seq12);/*from ww w . j av a 2 s .c o m*/ desSeq1.add(new DEROctetString(polHash)); DERSequence seq1 = new DERSequence(desSeq1); // // end seq 1 // IGUALAR AO ITAU final ASN1EncodableVector desSeq22 = new ASN1EncodableVector(); desSeq22.add(new DERObjectIdentifier(ID_SIG_POLICY_URI)); desSeq22.add(new DERIA5String(sigPolicyUri)); DERSequence seq22 = new DERSequence(desSeq22); final ASN1EncodableVector desSeq2 = new ASN1EncodableVector(); desSeq2.add(seq22); DERSequence seq2 = new DERSequence(desSeq2); final ASN1EncodableVector aevDSet1 = new ASN1EncodableVector(); final ASN1EncodableVector aevDSeq1 = new ASN1EncodableVector(); aevDSeq1.add(new DERObjectIdentifier(sigPolicyId)); aevDSeq1.add(seq1); aevDSeq1.add(seq2); DERSequence dsq1 = new DERSequence(aevDSeq1); aevDSet1.add(dsq1); DERSet ds1 = new DERSet(aevDSet1); Attribute ret = new Attribute(new ASN1ObjectIdentifier(ID_SIG_POLICY), ds1); return ret; }
From source file:br.gov.frameworkdemoiselle.certificate.signer.pkcs7.bc.attribute.BCSignaturePolicyIdentifier.java
License:Open Source License
/** * TODO: Implementar a converso do tipo SigPolicyQualifierInfoUserNotice * para BC./*from w ww .j a va 2 s. c om*/ * * @return */ @Override public ASN1Set getValue() { if (super.getAttribute() == null) { org.bouncycastle.asn1.esf.SignaturePolicyIdentifier signaturePolicyIdentifier = new org.bouncycastle.asn1.esf.SignaturePolicyIdentifier(); return new DERSet(signaturePolicyIdentifier); } SignaturePolicyId signaturePolicyId = ((SignaturePolicyIdentifier) super.getAttribute()) .getSignaturePolicyId(); if (signaturePolicyId != null) { DERObjectIdentifier objectIdentifier = new DERObjectIdentifier(signaturePolicyId.getSigPolicyId()); OtherHashAlgAndValue otherHashAlgAndValue = new OtherHashAlgAndValue( new AlgorithmIdentifier(signaturePolicyId.getHashAlgorithm()), new DEROctetString(signaturePolicyId.getHash())); SigPolicyQualifiers sigPolicyQualifiers = null; if (signaturePolicyId.getSigPolicyQualifiers() != null && signaturePolicyId.getSigPolicyQualifiers().size() > 0) { List<SigPolicyQualifierInfo> sigPolicyQualifierInfos = new ArrayList<SigPolicyQualifierInfo>(); for (br.gov.frameworkdemoiselle.certificate.signer.pkcs7.attribute.SigPolicyQualifierInfo sigPolicyQualifierInfo : signaturePolicyId .getSigPolicyQualifiers()) { if (sigPolicyQualifierInfo instanceof SigPolicyQualifierInfoURL) { SigPolicyQualifierInfoURL sigPolicyQualifierInfoURL = (SigPolicyQualifierInfoURL) sigPolicyQualifierInfo; DERObjectIdentifier oi = new DERObjectIdentifier(sigPolicyQualifierInfoURL.getOID()); DERIA5String url = new DERIA5String(sigPolicyQualifierInfoURL.getValue()); SigPolicyQualifierInfo bcSigPolicyQualifierInfo = new SigPolicyQualifierInfo(oi, url); sigPolicyQualifierInfos.add(bcSigPolicyQualifierInfo); } } sigPolicyQualifiers = new SigPolicyQualifiers( sigPolicyQualifierInfos.toArray(new SigPolicyQualifierInfo[] {})); } org.bouncycastle.asn1.esf.SignaturePolicyId bcSignaturePolicyId = new org.bouncycastle.asn1.esf.SignaturePolicyId( objectIdentifier, otherHashAlgAndValue, sigPolicyQualifiers); org.bouncycastle.asn1.esf.SignaturePolicyIdentifier signaturePolicyIdentifier = new org.bouncycastle.asn1.esf.SignaturePolicyIdentifier( bcSignaturePolicyId); return new DERSet(signaturePolicyIdentifier); } return new DERSet(new DERNull()); }
From source file:ca.trustpoint.m2m.EntityNameAttribute.java
License:Apache License
/** * Returns the DER encoding of this instance. * * @return The DER encoding of this instance. * @throws IOException if this instance cannot be encoded. *///from w ww. ja va2 s . co m public byte[] getEncoded() throws IOException { if (!isValid()) { throw new IOException("Attribute is not valid."); } ASN1Encodable encodedValue; switch (id) { case Country: case DistinguishedNameQualifier: case SerialNumber: encodedValue = new DERPrintableString(value); break; case Organization: case OrganizationalUnit: case StateOrProvince: case Locality: case CommonName: encodedValue = new DERUTF8String(value); break; case DomainComponent: encodedValue = new DERIA5String(value); break; case RegisteredId: encodedValue = new ASN1ObjectIdentifier(value); break; case OctetsName: encodedValue = new DEROctetString(Hex.decode(value)); break; default: throw new IOException("Unknown attribute type ID."); } return new DERTaggedObject(false, id.getIndexId(), encodedValue).getEncoded(); }
From source file:ca.trustpoint.m2m.GeneralName.java
License:Apache License
/** * Returns the DER encoding of this instance. * * @return The DER encoding of this instance. * @throws IOException if this instance cannot be encoded. *//*ww w . j a v a 2s. c om*/ public byte[] getEncoded() throws IOException { if (!isValid()) { throw new IOException("name id and/or value is invalid."); } ASN1Encodable encodable; switch (id) { case Rfc822Name: case DnsName: case Uri: encodable = new DERIA5String(value); break; case DirectoryName: encodable = DERSequence.getInstance(entity.getEncoded()); break; case IpAddress: encodable = new DEROctetString(InetAddress.getByName(value).getAddress()); break; case RegisteredId: encodable = new ASN1ObjectIdentifier(value); break; default: throw new IOException("invalid name id."); } return new DERTaggedObject(false, id.getIndexId(), encodable).getEncoded(); }
From source file:ca.trustpoint.m2m.M2mCertificate.java
License:Apache License
/** * Returns the DER encoded to be signed certificate data. This is what would be sent to a CA for * signing, or the data that will be verified with the signature. * * @return The DER encoded to be signed certificate data. * @throws IOException if the encoding fails. *//*w w w .ja va2 s . c o m*/ public byte[] getTBSCertificate() throws IOException { if (!isTbsCertificateValid()) { throw new IOException("One or more TBS certificate fields are invalid."); } ASN1EncodableVector elements = new ASN1EncodableVector(); /* * Since the default is v1 (0), we do not need to explicitly add this to the ASN.1 output. * * elements.add( new DERTaggedObject( false, TbsCertificateFields.VERSION.getTagNumber(), new * ASN1Integer(VERSION))); */ elements.add(new DERTaggedObject(false, TbsCertificateFields.SERIAL_NUMBER.getTagNumber(), new DEROctetString(serialNumber))); if (caKeyDefinition != null) { if (caKeyDefinition.getAlgorithm() != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.CA_ALGORITHM.getTagNumber(), ASN1Primitive.fromByteArray(caKeyDefinition.getEncodedAlgorithm()))); } if (caKeyDefinition.getParameters() != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.CA_ALGORITHM_PARAMETERS.getTagNumber(), ASN1Primitive.fromByteArray(caKeyDefinition.getEncodedParameters()))); } } if (issuer != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.ISSUER.getTagNumber(), DERSequence.getInstance(issuer.getEncoded()))); } if (validFrom != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.VALID_FROM.getTagNumber(), // We record seconds, not milliseconds, hence the / 1000 new DEROctetString(BigInteger.valueOf(validFrom.getTime() / 1000).toByteArray()))); } if (validDuration != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.VALID_DURATION.getTagNumber(), new DEROctetString(BigInteger.valueOf(validDuration.intValue()).toByteArray()))); } elements.add(new DERTaggedObject(false, TbsCertificateFields.SUBJECT.getTagNumber(), DERSequence.getInstance(subject.getEncoded()))); if (publicKeyDefinition != null) { if (publicKeyDefinition.getAlgorithm() != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.PUBLIC_KEY_ALGORITHM.getTagNumber(), ASN1Primitive.fromByteArray(publicKeyDefinition.getEncodedAlgorithm()))); } if (publicKeyDefinition.getParameters() != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.PUBLIC_KEY_ALGORITHM_PARAMETERS.getTagNumber(), ASN1Primitive.fromByteArray(publicKeyDefinition.getEncodedParameters()))); } } if (publicKey != null) { byte[] publicKeyBytes = KeyConversionUtils.convertEcPublicKeyToRawBytes(publicKey, isPublicKeyCompressed); elements.add(new DERTaggedObject(false, TbsCertificateFields.PUBLIC_KEY.getTagNumber(), new DEROctetString(publicKeyBytes))); } if (authorityKeyIdentifier != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.AUTHORITY_KEY_ID.getTagNumber(), ASN1Primitive.fromByteArray(authorityKeyIdentifier.getEncoded()))); } if (subjectKeyIdentifier != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.SUBJECT_KEY_ID.getTagNumber(), new DEROctetString(subjectKeyIdentifier))); } if (keyUsage != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.KEY_USAGE.getTagNumber(), ASN1Primitive.fromByteArray(keyUsage.getEncoded()))); } if (basicConstraints != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.BASIC_CONSTRAINTS.getTagNumber(), new ASN1Integer(basicConstraints.intValue()))); } if (certificatePolicy != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.CERTIFICATE_POLICY.getTagNumber(), new ASN1ObjectIdentifier(certificatePolicy))); } if (subjectAlternativeName != null) { elements.add(new DERTaggedObject(true, TbsCertificateFields.SUBJECT_ALTERNATE_NAME.getTagNumber(), DERTaggedObject.getInstance(subjectAlternativeName.getEncoded()))); } if (issuerAlternativeName != null) { elements.add(new DERTaggedObject(true, TbsCertificateFields.ISSUER_ALTERNATE_NAME.getTagNumber(), DERTaggedObject.getInstance(issuerAlternativeName.getEncoded()))); } if (extendedKeyUsage != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.EXTENDED_KEY_USAGE.getTagNumber(), new ASN1ObjectIdentifier(extendedKeyUsage))); } if (authenticationInfoAccessOcsp != null) { elements.add( new DERTaggedObject(false, TbsCertificateFields.AUTHENTICATION_INFO_ACCESS_OCSP.getTagNumber(), new DERIA5String(authenticationInfoAccessOcsp.toString()))); } if (crlDistributionPointUri != null) { elements.add(new DERTaggedObject(false, TbsCertificateFields.CRL_DISTRIBUTION_POINT_URI.getTagNumber(), new DERIA5String(crlDistributionPointUri.toString()))); } if (!extensions.isEmpty()) { ASN1EncodableVector toBeEncodedExtensions = new ASN1EncodableVector(); for (Extension extension : extensions) { toBeEncodedExtensions.add(new DERSequence(extension.getEncoded())); } elements.add(new DERTaggedObject(false, TbsCertificateFields.EXTENSIONS.getTagNumber(), new DERSequence(toBeEncodedExtensions))); } return ((new DERSequence(elements)).getEncoded()); }
From source file:com.aqnote.shared.cryptology.cert.gen.CertGenerator.java
License:Open Source License
private void addAuthorityInfoAccess(X509v3CertificateBuilder certBuilder) throws CertIOException { ASN1EncodableVector aia_ASN = new ASN1EncodableVector(); GeneralName crlName = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(CertConstant.MAD_CA_URL)); AccessDescription caIssuers = new AccessDescription(AccessDescription.id_ad_caIssuers, crlName); GeneralName ocspName = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(CertConstant.MAD_OCSP_URL)); AccessDescription ocsp = new AccessDescription(AccessDescription.id_ad_ocsp, ocspName); aia_ASN.add(caIssuers);/*from w w w .ja v a 2s. c o m*/ aia_ASN.add(ocsp); certBuilder.addExtension(Extension.authorityInfoAccess, false, new DERSequence(aia_ASN)); }
From source file:com.aqnote.shared.encrypt.cert.gen.BCCertGenerator.java
License:Open Source License
private static void addAuthorityInfoAccess(X509v3CertificateBuilder certBuilder) throws CertIOException { ASN1EncodableVector aia_ASN = new ASN1EncodableVector(); GeneralName crlName = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(CertConstant.MAD_CA_URL)); AccessDescription caIssuers = new AccessDescription(AccessDescription.id_ad_caIssuers, crlName); GeneralName ocspName = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(CertConstant.MAD_OCSP_URL)); AccessDescription ocsp = new AccessDescription(AccessDescription.id_ad_ocsp, ocspName); aia_ASN.add(caIssuers);/* w ww .ja va2 s .com*/ aia_ASN.add(ocsp); certBuilder.addExtension(Extension.authorityInfoAccess, false, new DERSequence(aia_ASN)); }
From source file:com.itextpdf.signatures.SignaturePolicyInfo.java
License:Open Source License
SignaturePolicyIdentifier toSignaturePolicyIdentifier() {
String algId = DigestAlgorithms.getAllowedDigest(this.policyDigestAlgorithm);
if (algId == null || algId.length() == 0) {
throw new IllegalArgumentException("Invalid policy hash algorithm");
}//from ww w . j a va2s .c om
SignaturePolicyIdentifier signaturePolicyIdentifier = null;
SigPolicyQualifierInfo spqi = null;
if (this.policyUri != null && this.policyUri.length() > 0) {
spqi = new SigPolicyQualifierInfo(PKCSObjectIdentifiers.id_spq_ets_uri,
new DERIA5String(this.policyUri));
}
signaturePolicyIdentifier = new SignaturePolicyIdentifier(new SignaturePolicyId(
DERObjectIdentifier
.getInstance(new DERObjectIdentifier(this.policyIdentifier.replace("urn:oid:", ""))),
new OtherHashAlgAndValue(new AlgorithmIdentifier(algId), new DEROctetString(this.policyHash)),
SignUtils.createSigPolicyQualifiers(spqi)));
return signaturePolicyIdentifier;
}