List of usage examples for org.bouncycastle.asn1.x500 X500Name getEncoded
public byte[] getEncoded() throws IOException
From source file:org.vesalainen.net.ssl.SSLT.java
License:Open Source License
@Test public void test4() throws IOException { sun.security.x509.X500Name sunName = new sun.security.x509.X500Name("CN=timo, C=FI"); org.bouncycastle.asn1.x500.X500Name bcName = new org.bouncycastle.asn1.x500.X500Name(RFC4519Style.INSTANCE, "CN=timo, C=FI"); byte[] sunEncoded = sunName.getEncoded(); byte[] bcEncoded = bcName.getEncoded(); System.err.println(HexDump.toHex(sunEncoded)); System.err.println(HexDump.toHex(bcEncoded)); //assertArrayEquals(sunEncoded, bcEncoded); // bc uses utf8string for cn sun uses printablestring for both }
From source file:org.xipki.ca.server.impl.PublicCAInfo.java
License:Open Source License
public PublicCAInfo(final X500Name subject, final BigInteger serialNumber, final GeneralNames subjectAltName, final byte[] subjectKeyIdentifier, final List<String> caCertUris, final List<String> ocspUris, final List<String> crlUris, final List<String> deltaCrlUris) throws OperationException { ParamChecker.assertNotNull("subject", subject); ParamChecker.assertNotNull("serialNumber", serialNumber); this.caCertificate = null; this.x500Subject = subject; try {//from w ww . j a v a 2 s.com this.subject = new X500Principal(subject.getEncoded()); } catch (IOException e) { throw new OperationException(ErrorCode.SYSTEM_FAILURE, "invalid SubjectAltName extension in CA certificate"); } if (subjectKeyIdentifier == null) { this.subjectKeyIdentifier = null; } else { this.subjectKeyIdentifier = Arrays.clone(subjectKeyIdentifier); } this.serialNumber = serialNumber; this.subjectAltName = subjectAltName; this.caCertUris = CollectionUtil.unmodifiableList(caCertUris, true, true); this.ocspUris = CollectionUtil.unmodifiableList(ocspUris, true, true); this.crlUris = CollectionUtil.unmodifiableList(crlUris, true, true); this.deltaCrlUris = CollectionUtil.unmodifiableList(deltaCrlUris, true, true); }
From source file:org.xipki.pki.ca.server.impl.PublicCaInfo.java
License:Open Source License
PublicCaInfo(final X500Name subject, final BigInteger serialNumber, final GeneralNames subjectAltName, final byte[] subjectKeyIdentifier, final List<String> caCertUris, final List<String> ocspUris, final List<String> crlUris, final List<String> deltaCrlUris) throws OperationException { this.x500Subject = ParamUtil.requireNonNull("subject", subject); this.serialNumber = ParamUtil.requireNonNull("serialNumber", serialNumber); this.caCertificate = null; this.c14nSubject = X509Util.canonicalizName(subject); try {//from w ww . j ava2 s. c o m this.subject = new X500Principal(subject.getEncoded()); } catch (IOException ex) { throw new OperationException(ErrorCode.SYSTEM_FAILURE, "invalid SubjectAltName extension in CA certificate"); } this.subjectKeyIdentifier = (subjectKeyIdentifier == null) ? null : Arrays.copyOf(subjectKeyIdentifier, subjectKeyIdentifier.length); this.subjectAltName = subjectAltName; this.caCertUris = CollectionUtil.unmodifiableList(caCertUris); this.ocspUris = CollectionUtil.unmodifiableList(ocspUris); this.crlUris = CollectionUtil.unmodifiableList(crlUris); this.deltaCrlUris = CollectionUtil.unmodifiableList(deltaCrlUris); }
From source file:org.xipki.security.p11.iaik.IaikP11Slot.java
License:Open Source License
private X509CertificateHolder generateCertificate(final Session session, final byte[] id, final String label, final String subject, final AlgorithmIdentifier signatureAlgId, final PrivateKeyAndPKInfo privateKeyAndPkInfo, Integer keyUsage, List<ASN1ObjectIdentifier> extendedKeyUsage) throws Exception { BigInteger serialNumber = BigInteger.ONE; Date startDate = new Date(); Date endDate = new Date(startDate.getTime() + 20 * YEAR); X500Name x500Name_subject = new X500Name(subject); x500Name_subject = X509Util.sortX509Name(x500Name_subject); V3TBSCertificateGenerator tbsGen = new V3TBSCertificateGenerator(); tbsGen.setSerialNumber(new ASN1Integer(serialNumber)); tbsGen.setSignature(signatureAlgId); tbsGen.setIssuer(x500Name_subject); tbsGen.setStartDate(new Time(startDate)); tbsGen.setEndDate(new Time(endDate)); tbsGen.setSubject(x500Name_subject); tbsGen.setSubjectPublicKeyInfo(privateKeyAndPkInfo.getPublicKeyInfo()); List<Extension> extensions = new ArrayList<>(2); if (keyUsage == null) { keyUsage = KeyUsage.keyCertSign | KeyUsage.cRLSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment; }//from w w w . j a v a 2s.co m extensions.add(new Extension(Extension.keyUsage, true, new DEROctetString(new KeyUsage(keyUsage)))); if (CollectionUtil.isNotEmpty(extendedKeyUsage)) { KeyPurposeId[] kps = new KeyPurposeId[extendedKeyUsage.size()]; int i = 0; for (ASN1ObjectIdentifier oid : extendedKeyUsage) { kps[i++] = KeyPurposeId.getInstance(oid); } extensions.add(new Extension(Extension.extendedKeyUsage, false, new DEROctetString(new ExtendedKeyUsage(kps)))); } Extensions paramX509Extensions = new Extensions(extensions.toArray(new Extension[0])); tbsGen.setExtensions(paramX509Extensions); TBSCertificate tbsCertificate = tbsGen.generateTBSCertificate(); byte[] encodedTbsCertificate = tbsCertificate.getEncoded(); byte[] signature = null; Digest digest = null; Mechanism sigMechanism = null; ASN1ObjectIdentifier sigAlgID = signatureAlgId.getAlgorithm(); if (sigAlgID.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption)) { sigMechanism = Mechanism.get(PKCS11Constants.CKM_SHA256_RSA_PKCS); session.signInit(sigMechanism, privateKeyAndPkInfo.getPrivateKey()); signature = session.sign(encodedTbsCertificate); } else if (sigAlgID.equals(NISTObjectIdentifiers.dsa_with_sha256)) { digest = new SHA256Digest(); byte[] digestValue = new byte[digest.getDigestSize()]; digest.update(encodedTbsCertificate, 0, encodedTbsCertificate.length); digest.doFinal(digestValue, 0); session.signInit(Mechanism.get(PKCS11Constants.CKM_DSA), privateKeyAndPkInfo.getPrivateKey()); byte[] rawSignature = session.sign(digestValue); signature = convertToX962Signature(rawSignature); } else { if (sigAlgID.equals(X9ObjectIdentifiers.ecdsa_with_SHA1)) { digest = new SHA1Digest(); } else if (sigAlgID.equals(X9ObjectIdentifiers.ecdsa_with_SHA256)) { digest = new SHA256Digest(); } else if (sigAlgID.equals(X9ObjectIdentifiers.ecdsa_with_SHA384)) { digest = new SHA384Digest(); } else if (sigAlgID.equals(X9ObjectIdentifiers.ecdsa_with_SHA512)) { digest = new SHA512Digest(); } else { System.err.println("unknown algorithm ID: " + sigAlgID.getId()); return null; } byte[] digestValue = new byte[digest.getDigestSize()]; digest.update(encodedTbsCertificate, 0, encodedTbsCertificate.length); digest.doFinal(digestValue, 0); session.signInit(Mechanism.get(PKCS11Constants.CKM_ECDSA), privateKeyAndPkInfo.getPrivateKey()); byte[] rawSignature = session.sign(digestValue); signature = convertToX962Signature(rawSignature); } // build DER certificate ASN1EncodableVector v = new ASN1EncodableVector(); v.add(tbsCertificate); v.add(signatureAlgId); v.add(new DERBitString(signature)); DERSequence cert = new DERSequence(v); // build and store PKCS#11 certificate object X509PublicKeyCertificate certTemp = new X509PublicKeyCertificate(); certTemp.getToken().setBooleanValue(true); certTemp.getId().setByteArrayValue(id); certTemp.getLabel().setCharArrayValue(label.toCharArray()); certTemp.getSubject().setByteArrayValue(x500Name_subject.getEncoded()); certTemp.getIssuer().setByteArrayValue(x500Name_subject.getEncoded()); certTemp.getSerialNumber().setByteArrayValue(serialNumber.toByteArray()); certTemp.getValue().setByteArrayValue(cert.getEncoded()); session.createObject(certTemp); return new X509CertificateHolder(Certificate.getInstance(cert)); }