List of usage examples for org.bouncycastle.asn1.x500 X500Name getInstance
public static X500Name getInstance(Object obj)
From source file:eu.europa.esig.dss.DSSASN1Utils.java
License:Open Source License
public static String extractAttributeFromX500Principal(ASN1ObjectIdentifier identifier, X500Principal X500PrincipalName) { final X500Name x500Name = X500Name.getInstance(X500PrincipalName.getEncoded()); RDN[] rdns = x500Name.getRDNs(identifier); if (rdns.length > 0) { return rdns[0].getFirst().getValue().toString(); }//ww w .j a va 2 s . c om return null; }
From source file:eu.europa.esig.dss.xades.signature.XAdESLevelC.java
License:Open Source License
/** * @param completeRevocationRefsDom/*from w w w . ja v a 2 s.co m*/ * @param processedRevocationTokens * @throws eu.europa.esig.dss.DSSException */ private void incorporateOCSPRefs(final Element completeRevocationRefsDom, final Set<RevocationToken> processedRevocationTokens) throws DSSException { if (processedRevocationTokens.isEmpty()) { return; } boolean containsOCSPToken = false; for (RevocationToken revocationToken : processedRevocationTokens) { containsOCSPToken = revocationToken instanceof OCSPToken; if (containsOCSPToken) { break; } } if (!containsOCSPToken) { return; } // ...<xades:CRLRefs/> // ...<xades:OCSPRefs> // ......<xades:OCSPRef> // .........<xades:OCSPIdentifier> // ............<xades:ResponderID> // ...............<xades:ByName>C=AA,O=DSS,CN=OCSP A</xades:ByName> // ............</xades:ResponderID> // ............<xades:ProducedAt>2013-11-25T12:33:34.000+01:00</xades:ProducedAt> // .........</xades:OCSPIdentifier> // .........<xades:DigestAlgAndValue> // ............<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> // ............<ds:DigestValue>O1uHdchN+zFzbGrBg2FP3/idD0k=</ds:DigestValue> final Element ocspRefsDom = DSSXMLUtils.addElement(documentDom, completeRevocationRefsDom, XAdESNamespaces.XAdES, "xades:OCSPRefs"); for (RevocationToken revocationToken : processedRevocationTokens) { if (revocationToken instanceof OCSPToken) { BasicOCSPResp basicOcspResp = ((OCSPToken) revocationToken).getBasicOCSPResp(); final Element ocspRefDom = DSSXMLUtils.addElement(documentDom, ocspRefsDom, XAdESNamespaces.XAdES, "xades:OCSPRef"); final Element ocspIdentifierDom = DSSXMLUtils.addElement(documentDom, ocspRefDom, XAdESNamespaces.XAdES, "xades:OCSPIdentifier"); final Element responderIDDom = DSSXMLUtils.addElement(documentDom, ocspIdentifierDom, XAdESNamespaces.XAdES, "xades:ResponderID"); final RespID responderId = basicOcspResp.getResponderId(); final ResponderID responderIdAsASN1Object = responderId.toASN1Primitive(); final DERTaggedObject derTaggedObject = (DERTaggedObject) responderIdAsASN1Object.toASN1Primitive(); if (2 == derTaggedObject.getTagNo()) { final ASN1OctetString keyHashOctetString = (ASN1OctetString) derTaggedObject.getObject(); final byte[] keyHashOctetStringBytes = keyHashOctetString.getOctets(); final String base65EncodedKeyHashOctetStringBytes = Base64 .encodeBase64String(keyHashOctetStringBytes); DSSXMLUtils.addTextElement(documentDom, responderIDDom, XAdESNamespaces.XAdES, "xades:ByKey", base65EncodedKeyHashOctetStringBytes); } else { final ASN1Primitive derObject = derTaggedObject.getObject(); final X500Name name = X500Name.getInstance(derObject); DSSXMLUtils.addTextElement(documentDom, responderIDDom, XAdESNamespaces.XAdES, "xades:ByName", name.toString()); } final Date producedAt = basicOcspResp.getProducedAt(); final XMLGregorianCalendar xmlGregorianCalendar = DSSXMLUtils .createXMLGregorianCalendar(producedAt); final String producedAtXmlEncoded = xmlGregorianCalendar.toXMLFormat(); DSSXMLUtils.addTextElement(documentDom, ocspIdentifierDom, XAdESNamespaces.XAdES, "xades:ProducedAt", producedAtXmlEncoded); final Element digestAlgAndValueDom = DSSXMLUtils.addElement(documentDom, ocspRefDom, XAdESNamespaces.XAdES, "xades:DigestAlgAndValue"); // TODO: to be added as field to eu.europa.esig.dss.AbstractSignatureParameters. DigestAlgorithm digestAlgorithm = DigestAlgorithm.SHA1; incorporateDigestMethod(digestAlgAndValueDom, digestAlgorithm); final InMemoryDocument inMemoryDocument = new InMemoryDocument(revocationToken.getEncoded()); incorporateDigestValue(digestAlgAndValueDom, digestAlgorithm, inMemoryDocument); } } }
From source file:mitm.common.security.certificate.X500PrincipalUtils.java
License:Open Source License
/** * Converts the X500Principal to X500Name. *///from w w w . j a va2 s . c om public static X500Name toX500Name(X500Principal principal) { if (principal == null) { return null; } return X500Name.getInstance(principal.getEncoded()); }
From source file:mitm.common.security.certificate.X509ExtensionInspectorTest.java
License:Open Source License
@Test public void testAuthoritykeyIdentifier() throws Exception { X509Certificate certificate = TestUtils .loadCertificate("test/resources/testdata/certificates/" + "mitm-test-ca.cer"); AuthorityKeyIdentifier authorityKeyIdentifier = X509CertificateInspector .getAuthorityKeyIdentifier(certificate); assertNotNull(authorityKeyIdentifier); assertEquals(1, authorityKeyIdentifier.getAuthorityCertIssuer().getNames().length); GeneralName name = authorityKeyIdentifier.getAuthorityCertIssuer().getNames()[0]; assertEquals(GeneralName.directoryName, name.getTagNo()); assertEquals("C=NL,ST=NH,L=Amsterdam,CN=MITM Test Root,E=root@example.com", X500Name.getInstance(name.getName()).toString()); assertEquals("115FCAC409FB2022B7D06920A00FE42", BigIntegerUtils.hexEncode(authorityKeyIdentifier.getAuthorityCertSerialNumber())); // another cert certificate = TestUtils.loadCertificate("test/resources/testdata/certificates/" + "ldap-crl.cer"); authorityKeyIdentifier = X509CertificateInspector.getAuthorityKeyIdentifier(certificate); assertNotNull(authorityKeyIdentifier); assertEquals("37509F5DEF72162D12C7D46C408B1F65F550A8F9", HexUtils.hexEncode(authorityKeyIdentifier.getKeyIdentifier())); }
From source file:mitm.common.security.crl.PKIXRevocationChecker.java
License:Open Source License
private X500Name getFullName(X500Principal issuer, DistributionPointName distributionPointName) throws IOException { ASN1Encodable rdn = distributionPointName.getName(); X500Name name = null;/*from www. j a va2 s. c om*/ if (rdn != null) { ASN1EncodableVector v = ASN1Utils.toASN1EncodableVector(issuer); v.add(rdn); name = X500Name.getInstance(new DERSequence(v).getEncoded(ASN1Encoding.DER)); } return name; }
From source file:mitm.common.security.crl.PKIXRevocationChecker.java
License:Open Source License
private boolean hasMatchingName(X500Name name, GeneralName[] generalNames) { if (name == null || generalNames == null) { return false; }// w w w . j a v a 2s .c o m for (GeneralName generalName : generalNames) { /* * we only need to compare directoryNames */ if (generalName.getTagNo() == GeneralName.directoryName) { if (name.equals(X500Name.getInstance(generalName.getName()))) { return true; } } } return false; }
From source file:net.link.util.common.KeyUtils.java
License:Open Source License
public static X509Certificate generateCertificate(PublicKey subjectPublicKey, String subjectDn, PrivateKey issuerPrivateKey, @Nullable X509Certificate issuerCert, DateTime notBefore, DateTime notAfter, String inSignatureAlgorithm, boolean caCert, boolean timeStampingPurpose, @Nullable URI ocspUri) {/*from w w w . ja v a2 s . c om*/ try { String signatureAlgorithm = inSignatureAlgorithm; if (null == signatureAlgorithm) signatureAlgorithm = String.format("SHA1With%s", issuerPrivateKey.getAlgorithm()); X509Principal issuerDN; if (null != issuerCert) issuerDN = new X509Principal(issuerCert.getSubjectX500Principal().toString()); else issuerDN = new X509Principal(subjectDn); // new bc 2.0 API X509Principal subject = new X509Principal(subjectDn); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(subjectPublicKey.getEncoded()); BigInteger serialNumber = new BigInteger(SERIALNUMBER_NUM_BITS, new SecureRandom()); X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder( X500Name.getInstance(issuerDN.toASN1Primitive()), serialNumber, notBefore.toDate(), notAfter.toDate(), X500Name.getInstance(subject.toASN1Primitive()), publicKeyInfo); // prepare signer ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(issuerPrivateKey); certificateBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, createSubjectKeyId(subjectPublicKey)); PublicKey issuerPublicKey; if (null != issuerCert) issuerPublicKey = issuerCert.getPublicKey(); else issuerPublicKey = subjectPublicKey; certificateBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, createAuthorityKeyId(issuerPublicKey)); certificateBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(caCert)); if (timeStampingPurpose) certificateBuilder.addExtension(X509Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping)); if (null != ocspUri) { GeneralName ocspName = new GeneralName(GeneralName.uniformResourceIdentifier, ocspUri.toString()); AuthorityInformationAccess authorityInformationAccess = new AuthorityInformationAccess( X509ObjectIdentifiers.ocspAccessMethod, ocspName); certificateBuilder.addExtension(X509Extension.authorityInfoAccess, false, authorityInformationAccess); } // build return new JcaX509CertificateConverter().setProvider("BC") .getCertificate(certificateBuilder.build(signer)); } catch (CertificateException e) { throw new InternalInconsistencyException("X.509 is not supported.", e); } catch (OperatorCreationException e) { throw new InternalInconsistencyException(e); } catch (CertIOException e) { throw new InternalInconsistencyException(e); } }
From source file:net.link.util.test.pkix.PkiTestUtils.java
License:Open Source License
public static X509Certificate generateCertificate(PublicKey subjectPublicKey, String subjectDn, PrivateKey issuerPrivateKey, @Nullable X509Certificate issuerCert, DateTime notBefore, DateTime notAfter, @Nullable String signatureAlgorithm, boolean includeAuthorityKeyIdentifier, boolean caCert, boolean timeStampingPurpose, @Nullable URI ocspUri) throws IOException, CertificateException, OperatorCreationException { String finalSignatureAlgorithm = signatureAlgorithm; if (null == signatureAlgorithm) finalSignatureAlgorithm = "SHA512WithRSAEncryption"; X509Principal issuerDN;/* ww w . j a v a2 s .com*/ if (null != issuerCert) issuerDN = new X509Principal(issuerCert.getSubjectX500Principal().toString()); else issuerDN = new X509Principal(subjectDn); // new bc 2.0 API X509Principal subject = new X509Principal(subjectDn); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(subjectPublicKey.getEncoded()); BigInteger serialNumber = new BigInteger(SERIALNUMBER_NUM_BITS, new SecureRandom()); X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder( X500Name.getInstance(issuerDN.toASN1Primitive()), serialNumber, notBefore.toDate(), notAfter.toDate(), X500Name.getInstance(subject.toASN1Primitive()), publicKeyInfo); // prepare signer ContentSigner signer = new JcaContentSignerBuilder(finalSignatureAlgorithm).build(issuerPrivateKey); // add extensions certificateBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, createSubjectKeyId(subjectPublicKey)); PublicKey issuerPublicKey; if (null != issuerCert) issuerPublicKey = issuerCert.getPublicKey(); else issuerPublicKey = subjectPublicKey; if (includeAuthorityKeyIdentifier) certificateBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, createAuthorityKeyId(issuerPublicKey)); certificateBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(caCert)); if (timeStampingPurpose) certificateBuilder.addExtension(X509Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping)); if (null != ocspUri) { GeneralName ocspName = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(ocspUri.toString())); AuthorityInformationAccess authorityInformationAccess = new AuthorityInformationAccess( X509ObjectIdentifiers.ocspAccessMethod, ocspName); certificateBuilder.addExtension(X509Extension.authorityInfoAccess, false, authorityInformationAccess); } // build return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateBuilder.build(signer)); }
From source file:net.ripe.rpki.commons.crypto.crl.X509CrlBuilder.java
License:BSD License
private X509v2CRLBuilder createCrlGenerator() throws CertIOException { X509v2CRLBuilder generator = new X509v2CRLBuilder(X500Name.getInstance(issuerDN.getEncoded()), thisUpdateTime.toDate());// ww w . ja v a 2 s . com generator.setNextUpdate(nextUpdateTime.toDate()); generator.addExtension(X509Extension.authorityKeyIdentifier, false, authorityKeyIdentifier); generator.addExtension(X509Extension.cRLNumber, false, crlNumber); for (X509Crl.Entry entry : entries.values()) { generator.addCRLEntry(entry.getSerialNumber(), entry.getRevocationDateTime().toDate(), 0); } return generator; }
From source file:net.ripe.rpki.commons.crypto.util.BouncyCastleUtil.java
License:BSD License
public static X500Name principalToName(X500Principal dn) { return X500Name.getInstance(dn.getEncoded()); }