List of usage examples for org.bouncycastle.asn1.pkcs PKCSObjectIdentifiers pkcs_9_at_challengePassword
ASN1ObjectIdentifier pkcs_9_at_challengePassword
To view the source code for org.bouncycastle.asn1.pkcs PKCSObjectIdentifiers pkcs_9_at_challengePassword.
Click Source Link
From source file:org.wso2.carbon.certificate.mgt.core.impl.CertificateGenerator.java
License:Open Source License
public X509Certificate generateCertificateFromCSR(PrivateKey privateKey, PKCS10CertificationRequest request, String issueSubject) throws KeystoreException { CommonUtil commonUtil = new CommonUtil(); Date validityBeginDate = commonUtil.getValidityStartDate(); Date validityEndDate = commonUtil.getValidityEndDate(); X500Name certSubject = new X500Name(CertificateManagementConstants.DEFAULT_PRINCIPAL); //X500Name certSubject = request.getSubject(); Attribute attributes[] = request.getAttributes(); // if (certSubject == null) { // certSubject = new X500Name(ConfigurationUtil.DEFAULT_PRINCIPAL); // } else { // org.bouncycastle.asn1.x500.RDN[] rdn = certSubject.getRDNs(); ///*from w ww. java 2 s. co m*/ // if (rdn == null || rdn.length == 0) { // certSubject = new X500Name(ConfigurationUtil.DEFAULT_PRINCIPAL); // } // } RDN[] certUniqueIdRDN; BigInteger certUniqueIdentifier; // IMPORTANT: "Serial-Number" of the certificate used when creating it, is set as its "Alias" to save to // keystore. if (request.getSubject().getRDNs(BCStyle.UNIQUE_IDENTIFIER).length != 0) { // if certificate attribute "UNIQUE_IDENTIFIER" exists use its hash as the "Serial-Number" for the // certificate. certUniqueIdRDN = request.getSubject().getRDNs(BCStyle.UNIQUE_IDENTIFIER); certUniqueIdentifier = BigInteger.valueOf(certUniqueIdRDN[0].getFirst().getValue().toString().hashCode()); } else if (request.getSubject().getRDNs(BCStyle.SERIALNUMBER).length != 0) { // else if certificate attribute "SERIAL_NUMBER" exists use its hash as the "Serial-Number" for the // certificate. certUniqueIdRDN = request.getSubject().getRDNs(BCStyle.SERIALNUMBER); certUniqueIdentifier = BigInteger.valueOf(certUniqueIdRDN[0].getFirst().getValue().toString().hashCode()); } else { // else get the BigInteger Value of the integer that is the current system-time in millis as the // "Serial-Number". certUniqueIdentifier = CommonUtil.generateSerialNumber(); } X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder( new X500Name(issueSubject), certUniqueIdentifier, validityBeginDate, validityEndDate, certSubject, request.getSubjectPublicKeyInfo()); ContentSigner sigGen; X509Certificate issuedCert; try { certificateBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage( KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); if (attributes != null) { ASN1Encodable extractedValue = getChallengePassword(attributes); if (extractedValue != null) { certificateBuilder.addExtension(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, true, extractedValue); } } sigGen = new JcaContentSignerBuilder(CertificateManagementConstants.SHA256_RSA) .setProvider(CertificateManagementConstants.PROVIDER).build(privateKey); issuedCert = new JcaX509CertificateConverter().setProvider( CertificateManagementConstants.PROVIDER).getCertificate( certificateBuilder.build(sigGen)); org.wso2.carbon.certificate.mgt.core.bean.Certificate certificate = new org.wso2.carbon.certificate.mgt.core.bean.Certificate(); List<org.wso2.carbon.certificate.mgt.core.bean.Certificate> certificates = new ArrayList<>(); certificate.setTenantId(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId()); certificate.setCertificate(issuedCert); certificates.add(certificate); saveCertInKeyStore(certificates); } catch (CertIOException e) { String errorMsg = "Certificate Input output issue occurred when generating generateCertificateFromCSR"; throw new KeystoreException(errorMsg, e); } catch (OperatorCreationException e) { String errorMsg = "Operator creation issue occurred when generating generateCertificateFromCSR"; throw new KeystoreException(errorMsg, e); } catch (CertificateException e) { String errorMsg = "Certificate issue occurred when generating generateCertificateFromCSR"; throw new KeystoreException(errorMsg, e); } return issuedCert; }
From source file:org.wso2.carbon.certificate.mgt.core.impl.CertificateGenerator.java
License:Open Source License
private ASN1Encodable getChallengePassword(Attribute[] attributes) { for (Attribute attribute : attributes) { if (PKCSObjectIdentifiers.pkcs_9_at_challengePassword.equals(attribute.getAttrType())) { if (attribute.getAttrValues() != null && attribute.getAttrValues().size() > 0) { return attribute.getAttrValues().getObjectAt(0); }/* w w w . j a v a2 s . c o m*/ } } return null; }
From source file:org.wso2.carbon.certificate.mgt.core.impl.CertificateGenerator.java
License:Open Source License
public String extractChallengeToken(X509Certificate certificate) { byte[] challengePassword = certificate.getExtensionValue( PKCSObjectIdentifiers.pkcs_9_at_challengePassword.toString()); if (challengePassword != null) { return new String(challengePassword); }//from w w w. j a va 2 s. c o m return null; }
From source file:org.wso2.carbon.certificate.mgt.core.util.DummyCertificate.java
License:Open Source License
@Override public byte[] getExtensionValue(String oid) { if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_challengePassword.toString())) { return EXT.getBytes(); } else {/*from w w w. j a v a 2 s. c o m*/ return new byte[0]; } }
From source file:org.xipki.commons.security.shell.CertRequestGenCommandSupport.java
License:Open Source License
@Override protected Object doExecute() throws Exception { hashAlgo = hashAlgo.trim().toUpperCase(); if (hashAlgo.indexOf('-') != -1) { hashAlgo = hashAlgo.replaceAll("-", ""); }/*from w w w . j a v a 2 s. c o m*/ if (needExtensionTypes == null) { needExtensionTypes = new LinkedList<>(); } if (wantExtensionTypes == null) { wantExtensionTypes = new LinkedList<>(); } // SubjectAltNames List<Extension> extensions = new LinkedList<>(); ASN1OctetString extnValue = createExtnValueSubjectAltName(); if (extnValue != null) { ASN1ObjectIdentifier oid = Extension.subjectAlternativeName; extensions.add(new Extension(oid, false, extnValue)); needExtensionTypes.add(oid.getId()); } // SubjectInfoAccess extnValue = createExtnValueSubjectInfoAccess(); if (extnValue != null) { ASN1ObjectIdentifier oid = Extension.subjectInfoAccess; extensions.add(new Extension(oid, false, extnValue)); needExtensionTypes.add(oid.getId()); } // Keyusage if (isNotEmpty(keyusages)) { Set<KeyUsage> usages = new HashSet<>(); for (String usage : keyusages) { usages.add(KeyUsage.getKeyUsage(usage)); } org.bouncycastle.asn1.x509.KeyUsage extValue = X509Util.createKeyUsage(usages); ASN1ObjectIdentifier extType = Extension.keyUsage; extensions.add(new Extension(extType, false, extValue.getEncoded())); needExtensionTypes.add(extType.getId()); } // ExtendedKeyusage if (isNotEmpty(extkeyusages)) { ExtendedKeyUsage extValue = X509Util.createExtendedUsage(textToAsn1ObjectIdentifers(extkeyusages)); ASN1ObjectIdentifier extType = Extension.extendedKeyUsage; extensions.add(new Extension(extType, false, extValue.getEncoded())); needExtensionTypes.add(extType.getId()); } // QcEuLimitValue if (isNotEmpty(qcEuLimits)) { ASN1EncodableVector vec = new ASN1EncodableVector(); for (String m : qcEuLimits) { StringTokenizer st = new StringTokenizer(m, ":"); try { String currencyS = st.nextToken(); String amountS = st.nextToken(); String exponentS = st.nextToken(); Iso4217CurrencyCode currency; try { int intValue = Integer.parseInt(currencyS); currency = new Iso4217CurrencyCode(intValue); } catch (NumberFormatException ex) { currency = new Iso4217CurrencyCode(currencyS); } int amount = Integer.parseInt(amountS); int exponent = Integer.parseInt(exponentS); MonetaryValue monterayValue = new MonetaryValue(currency, amount, exponent); QCStatement statment = new QCStatement(ObjectIdentifiers.id_etsi_qcs_QcLimitValue, monterayValue); vec.add(statment); } catch (Exception ex) { throw new Exception("invalid qc-eu-limit '" + m + "'"); } } ASN1ObjectIdentifier extType = Extension.qCStatements; ASN1Sequence extValue = new DERSequence(vec); extensions.add(new Extension(extType, false, extValue.getEncoded())); needExtensionTypes.add(extType.getId()); } // biometricInfo if (biometricType != null && biometricHashAlgo != null && biometricFile != null) { TypeOfBiometricData tmpBiometricType = StringUtil.isNumber(biometricType) ? new TypeOfBiometricData(Integer.parseInt(biometricType)) : new TypeOfBiometricData(new ASN1ObjectIdentifier(biometricType)); ASN1ObjectIdentifier tmpBiometricHashAlgo = AlgorithmUtil.getHashAlg(biometricHashAlgo); byte[] biometricBytes = IoUtil.read(biometricFile); MessageDigest md = MessageDigest.getInstance(tmpBiometricHashAlgo.getId()); md.reset(); byte[] tmpBiometricDataHash = md.digest(biometricBytes); DERIA5String tmpSourceDataUri = null; if (biometricUri != null) { tmpSourceDataUri = new DERIA5String(biometricUri); } BiometricData biometricData = new BiometricData(tmpBiometricType, new AlgorithmIdentifier(tmpBiometricHashAlgo), new DEROctetString(tmpBiometricDataHash), tmpSourceDataUri); ASN1EncodableVector vec = new ASN1EncodableVector(); vec.add(biometricData); ASN1ObjectIdentifier extType = Extension.biometricInfo; ASN1Sequence extValue = new DERSequence(vec); extensions.add(new Extension(extType, false, extValue.getEncoded())); needExtensionTypes.add(extType.getId()); } else if (biometricType == null && biometricHashAlgo == null && biometricFile == null) { // Do nothing } else { throw new Exception("either all of biometric triples (type, hash algo, file)" + " must be set or none of them should be set"); } for (Extension addExt : getAdditionalExtensions()) { extensions.add(addExt); } needExtensionTypes.addAll(getAdditionalNeedExtensionTypes()); wantExtensionTypes.addAll(getAdditionalWantExtensionTypes()); if (isNotEmpty(needExtensionTypes) || isNotEmpty(wantExtensionTypes)) { ExtensionExistence ee = new ExtensionExistence(textToAsn1ObjectIdentifers(needExtensionTypes), textToAsn1ObjectIdentifers(wantExtensionTypes)); extensions.add(new Extension(ObjectIdentifiers.id_xipki_ext_cmpRequestExtensions, false, ee.toASN1Primitive().getEncoded())); } ConcurrentContentSigner signer = getSigner(new SignatureAlgoControl(rsaMgf1, dsaPlain)); Map<ASN1ObjectIdentifier, ASN1Encodable> attributes = new HashMap<>(); if (CollectionUtil.isNonEmpty(extensions)) { attributes.put(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new Extensions(extensions.toArray(new Extension[0]))); } if (StringUtil.isNotBlank(challengePassword)) { attributes.put(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(challengePassword)); } SubjectPublicKeyInfo subjectPublicKeyInfo; if (signer.getCertificate() != null) { Certificate cert = Certificate.getInstance(signer.getCertificate().getEncoded()); subjectPublicKeyInfo = cert.getSubjectPublicKeyInfo(); } else { subjectPublicKeyInfo = KeyUtil.createSubjectPublicKeyInfo(signer.getPublicKey()); } X500Name subjectDn = getSubject(subject); PKCS10CertificationRequest csr = generateRequest(signer, subjectPublicKeyInfo, subjectDn, attributes); File file = new File(outputFilename); saveVerbose("saved CSR to file", file, csr.getEncoded()); return null; }
From source file:org.xipki.pki.ca.server.impl.util.CaUtil.java
License:Open Source License
public static String getChallengePassword(final CertificationRequestInfo csr) { ParamUtil.requireNonNull("csr", csr); ASN1Set attrs = csr.getAttributes(); for (int i = 0; i < attrs.size(); i++) { Attribute attr = Attribute.getInstance(attrs.getObjectAt(i)); if (PKCSObjectIdentifiers.pkcs_9_at_challengePassword.equals(attr.getAttrType())) { ASN1String str = (ASN1String) attr.getAttributeValues()[0]; return str.getString(); }/*from w w w . j a v a 2 s . co m*/ } return null; }
From source file:org.xipki.pki.scep.serveremulator.ScepResponder.java
License:Open Source License
private static String getChallengePassword(final CertificationRequestInfo csr) { ASN1Set attrs = csr.getAttributes(); for (int i = 0; i < attrs.size(); i++) { Attribute attr = Attribute.getInstance(attrs.getObjectAt(i)); if (PKCSObjectIdentifiers.pkcs_9_at_challengePassword.equals(attr.getAttrType())) { ASN1String str = (ASN1String) attr.getAttributeValues()[0]; return str.getString(); }//from w w w . j av a 2 s . c om } return null; }
From source file:org.xipki.pki.scep.util.ScepUtil.java
License:Open Source License
public static PKCS10CertificationRequest generateRequest(final PrivateKey privatekey, final SubjectPublicKeyInfo subjectPublicKeyInfo, final X500Name subjectDn, final String challengePassword, final List<Extension> extensions) throws OperatorCreationException { ParamUtil.requireNonNull("privatekey", privatekey); ParamUtil.requireNonNull("subjectPublicKeyInfo", subjectPublicKeyInfo); ParamUtil.requireNonNull("subjectDn", subjectDn); Map<ASN1ObjectIdentifier, ASN1Encodable> attributes = new HashMap<ASN1ObjectIdentifier, ASN1Encodable>(); if (challengePassword != null && !challengePassword.isEmpty()) { DERPrintableString asn1Pwd = new DERPrintableString(challengePassword); attributes.put(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, asn1Pwd); }//w w w . jav a2 s. com if (extensions != null && !extensions.isEmpty()) { Extensions asn1Extensions = new Extensions(extensions.toArray(new Extension[0])); attributes.put(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, asn1Extensions); } return generateRequest(privatekey, subjectPublicKeyInfo, subjectDn, attributes); }