Example usage for org.bouncycastle.asn1.x500 X500Name getInstance

List of usage examples for org.bouncycastle.asn1.x500 X500Name getInstance

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.x500.*
  5. X500Name
  6. getInstance

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.x500 X500Name getInstance.

Prototype

public static X500Name getInstance(Object obj)

Source Link

Usage

From source file:org.xipki.pki.scep.client.test.AbstractCaTest.java

License:Open Source License

@Test
public void test() throws Exception {
    CaIdentifier caId = new CaIdentifier("http://localhost:8080/scep/pkiclient.exe", null);
    CaCertValidator caCertValidator = new PreprovisionedCaCertValidator(
            X509Util.toX509Cert(scepServer.getCaCert()));
    ScepClient client = new ScepClient(caId, caCertValidator);
    client.setUseInsecureAlgorithms(useInsecureAlgorithms());

    client.refresh();/*  w  ww .ja va2s .  com*/

    CaCaps expCaCaps = getExpectedCaCaps();

    // CACaps
    CaCaps caCaps = client.getCaCaps();
    Assert.assertEquals("CACaps", expCaCaps, caCaps);

    // CA certificate
    Certificate expCaCert = scepServer.getCaCert();
    X509Certificate caCert = client.getAuthorityCertStore().getCaCert();
    if (!equals(expCaCert, caCert)) {
        Assert.fail("Configured and received CA certificate not the same");
    }

    boolean withRa = isWithRa();
    // RA
    if (withRa) {
        Certificate expRaCert = scepServer.getRaCert();
        X509Certificate raSigCert = client.getAuthorityCertStore().getSignatureCert();
        X509Certificate raEncCert = client.getAuthorityCertStore().getEncryptionCert();
        Assert.assertEquals("RA certificate", raSigCert, raEncCert);

        if (!equals(expRaCert, raSigCert)) {
            Assert.fail("Configured and received RA certificate not the same");
        }
    }

    // getNextCA
    if (isWithNextCa()) {
        AuthorityCertStore nextCa = client.scepNextCaCert();

        Certificate expNextCaCert = scepServer.getNextCaCert();
        X509Certificate nextCaCert = nextCa.getCaCert();
        if (!equals(expNextCaCert, nextCaCert)) {
            Assert.fail("Configured and received next CA certificate not the same");
        }

        if (withRa) {
            Certificate expNextRaCert = scepServer.getNextRaCert();
            X509Certificate nextRaSigCert = nextCa.getSignatureCert();
            X509Certificate nextRaEncCert = nextCa.getEncryptionCert();
            Assert.assertEquals("Next RA certificate", nextRaSigCert, nextRaEncCert);

            if (!equals(expNextRaCert, nextRaSigCert)) {
                Assert.fail("Configured and received next RA certificate not the same");
            }
        }
    }

    // enrol
    CertificationRequest csr;

    X509Certificate selfSignedCert;
    X509Certificate enroledCert;
    X500Name issuerName = X500Name.getInstance(caCert.getSubjectX500Principal().getEncoded());
    PrivateKey privKey;
    {
        KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA");
        kpGen.initialize(2048);
        KeyPair keypair = kpGen.generateKeyPair();
        privKey = keypair.getPrivate();
        SubjectPublicKeyInfo subjectPublicKeyInfo = ScepUtil.createSubjectPublicKeyInfo(keypair.getPublic());
        X500Name subject = new X500Name("CN=EE1, OU=emulator, O=xipki.org, C=DE");

        // first try without secret
        PKCS10CertificationRequest p10Req = ScepUtil.generateRequest(privKey, subjectPublicKeyInfo, subject,
                null, null);
        csr = p10Req.toASN1Structure();

        selfSignedCert = ScepUtil.generateSelfsignedCert(p10Req.toASN1Structure(), privKey);
        EnrolmentResponse enrolResp = client.scepPkcsReq(p10Req.toASN1Structure(), privKey, selfSignedCert);
        PkiStatus status = enrolResp.getPkcsRep().getPkiStatus();
        Assert.assertEquals("PkiStatus without secret", PkiStatus.FAILURE, status);

        // first try invalid secret
        p10Req = ScepUtil.generateRequest(privKey, subjectPublicKeyInfo, subject, "invalid-" + secret, null);
        csr = p10Req.toASN1Structure();

        selfSignedCert = ScepUtil.generateSelfsignedCert(p10Req.toASN1Structure(), privKey);
        enrolResp = client.scepPkcsReq(p10Req.toASN1Structure(), privKey, selfSignedCert);
        status = enrolResp.getPkcsRep().getPkiStatus();
        Assert.assertEquals("PkiStatus with invalid secret", PkiStatus.FAILURE, status);

        p10Req = ScepUtil.generateRequest(privKey, subjectPublicKeyInfo, subject, secret, null);
        csr = p10Req.toASN1Structure();

        selfSignedCert = ScepUtil.generateSelfsignedCert(p10Req.toASN1Structure(), privKey);
        enrolResp = client.scepPkcsReq(p10Req.toASN1Structure(), privKey, selfSignedCert);

        List<X509Certificate> certs = enrolResp.getCertificates();
        Assert.assertTrue("number of received certificates", certs.size() > 0);
        X509Certificate cert = certs.get(0);
        Assert.assertNotNull("enroled certificate", cert);
        enroledCert = cert;
    }

    // certPoll
    EnrolmentResponse enrolResp = client.scepCertPoll(privKey, selfSignedCert, csr, issuerName);

    List<X509Certificate> certs = enrolResp.getCertificates();
    Assert.assertTrue("number of received certificates", certs.size() > 0);
    X509Certificate cert = certs.get(0);
    Assert.assertNotNull("enrolled certificate", cert);

    // getCert
    certs = client.scepGetCert(privKey, selfSignedCert, issuerName, enroledCert.getSerialNumber());
    Assert.assertTrue("number of received certificates", certs.size() > 0);
    cert = certs.get(0);
    Assert.assertNotNull("received certificate", cert);

    // getCRL
    X509CRL crl = client.scepGetCrl(privKey, enroledCert, issuerName, enroledCert.getSerialNumber());
    Assert.assertNotNull("received CRL", crl);

    // getNextCA
    AuthorityCertStore nextCa = client.scepNextCaCert();
    Assert.assertNotNull("nextCa", nextCa);
}

From source file:org.xipki.pki.scep.message.IssuerAndSubject.java

License:Open Source License

private IssuerAndSubject(final ASN1Sequence seq) {
    ParamUtil.requireNonNull("seq", seq);
    this.issuer = X500Name.getInstance(seq.getObjectAt(0));
    this.subject = X500Name.getInstance(seq.getObjectAt(1));
}

From source file:org.xipki.security.p11.iaik.IaikP11Slot.java

License:Open Source License

private static X509PublicKeyCertificate createPkcs11Template(final X509Certificate cert, byte[] encodedCert,
        final byte[] keyId, char[] label) throws Exception {
    if (encodedCert == null) {
        encodedCert = cert.getEncoded();
    }/*from   w w  w  . j  ava 2s  . co m*/

    if (label == null) {
        X500Name x500Name = X500Name.getInstance(cert.getSubjectX500Principal().getEncoded());
        label = X509Util.getCommonName(x500Name).toCharArray();
    }

    X509PublicKeyCertificate newCertTemp = new X509PublicKeyCertificate();
    newCertTemp.getId().setByteArrayValue(keyId);
    newCertTemp.getLabel().setCharArrayValue(label);
    newCertTemp.getToken().setBooleanValue(true);
    newCertTemp.getCertificateType().setLongValue(CertificateType.X_509_PUBLIC_KEY);

    newCertTemp.getSubject().setByteArrayValue(cert.getSubjectX500Principal().getEncoded());
    newCertTemp.getIssuer().setByteArrayValue(cert.getIssuerX500Principal().getEncoded());
    newCertTemp.getSerialNumber().setByteArrayValue(cert.getSerialNumber().toByteArray());
    newCertTemp.getValue().setByteArrayValue(encodedCert);
    return newCertTemp;
}

From source file:org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName.java

License:Open Source License

/**
 * Create a new distinguished name.// w ww .  j  a  va 2s . c o m
 *
 * @param name the DN name like in "CN=Common Name, O=Organisation"
 */
public DistinguishedName(Object name) {
    if (name instanceof String) {
        this.dn = new X500Name((String) name);
    } else {
        this.dn = X500Name.getInstance(name);
    }
}

From source file:org.xwiki.crypto.pkix.params.x509certificate.extension.X509DirectoryName.java

License:Open Source License

/**
 * Create a new instance from a Bouncy Castle general name.
 *
 * @param name the Bouncy Castle general name.
 *//*from  w  ww.  j ava 2  s  .  co  m*/
public X509DirectoryName(GeneralName name) {
    super(X500Name.getInstance(name.getName()));

    if (name.getTagNo() != GeneralName.directoryName) {
        throw new IllegalArgumentException("Incompatible general name: " + name.getTagNo());
    }
}