List of usage examples for org.bouncycastle.asn1.x509 Attribute getAttrValues
public ASN1Set getAttrValues()
From source file:AAModulePackage.ACHelper.java
/** * This method takes in an AC and wraps it up in the wrapper class. * @param ac - X509AttributeCertificateHold that we want to wrap. * @return wrapped up AC.// w w w . java 2s .c o m */ public static AttributeCertificateWrapper extractAttributes(X509AttributeCertificateHolder ac) { AttributeCertificateWrapper wrapper = new AttributeCertificateWrapper(ac); for (Attribute a : ac.getAttributes(NewAttributeIdentifiers.role)) { ASN1Set set = a.getAttrValues(); String s = DERGeneralString.getInstance(set.getObjectAt(0)).getString(); wrapper.setRole(s); } for (Attribute a : ac.getAttributes(NewAttributeIdentifiers.record_id)) { ASN1Set set = a.getAttrValues(); String s = DERGeneralString.getInstance(set.getObjectAt(0)).getString(); wrapper.setRecordId(s); } for (Attribute a : ac.getAttributes(NewAttributeIdentifiers.time_stamp)) { ASN1Set set = a.getAttrValues(); Time t = new Time(set.getObjectAt(0).toASN1Primitive()); wrapper.setTimeStamp(t); } for (Attribute a : ac.getAttributes(NewAttributeIdentifiers.record_type)) { ASN1Set set = a.getAttrValues(); String[] arr = new String[set.size()]; for (int i = 0; i < set.size(); ++i) { arr[i] = DERGeneralString.getInstance(set.getObjectAt(i)).getString(); } wrapper.setRecordTypes(arr); } for (Attribute a : ac.getAttributes(NewAttributeIdentifiers.record_subject)) { ASN1Set set = a.getAttrValues(); String s = DERGeneralString.getInstance(set.getObjectAt(0)).getString(); wrapper.setRecord_subject(s); } for (Attribute a : ac.getAttributes(NewAttributeIdentifiers.actions_taken)) { ASN1Set set = a.getAttrValues(); String[] arr = new String[set.size()]; for (int i = 0; i < set.size(); ++i) { arr[i] = DERGeneralString.getInstance(set.getObjectAt(i)).getString(); } wrapper.setActions_taken(arr); } return wrapper; }
From source file:chapter6.PKCS10CertCreateExample.java
public static X509Certificate[] buildChain() throws Exception { // Create the certification request KeyPair pair = Utils.generateRSAKeyPair(); PKCS10CertificationRequest request = PKCS10ExtensionExample.generateRequest(pair); // Create a root certificate KeyPair rootPair = Utils.generateRSAKeyPair(); X509Certificate rootCert = X509V1CreateExample.generateV1Certificate(rootPair); // Validate the certification request if (request.verify("BC") == false) { System.out.println("Request failed to verify!!"); System.exit(1);//from w w w . jav a 2s.c om } // Create the certificate using the information in the request X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(rootCert.getSubjectX500Principal()); certGen.setNotBefore(new Date(System.currentTimeMillis())); certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); certGen.setSubjectDN(new X500Principal(request.getCertificationRequestInfo().getSubject().getEncoded())); certGen.setPublicKey(request.getPublicKey("BC")); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(rootCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(request.getPublicKey("BC"))); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); certGen.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)); // Extract the extension request attribute ASN1Set attributes = request.getCertificationRequestInfo().getAttributes(); for (int i = 0; i < attributes.size(); i++) { Attribute attr = Attribute.getInstance(attributes.getObjectAt(i)); // Process extension request if (attr.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { X509Extensions extensions = X509Extensions.getInstance(attr.getAttrValues().getObjectAt(0)); Enumeration e = extensions.oids(); while (e.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement(); X509Extension ext = extensions.getExtension(oid); certGen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets()); } } } X509Certificate issuedCert = certGen.generateX509Certificate(rootPair.getPrivate()); return new X509Certificate[] { issuedCert, rootCert }; }
From source file:edu.washington.iam.tools.IamCertificateHelper.java
License:Apache License
public static int parseCsr(IamCertificate cert) throws IamCertificateException { try {/* w w w . ja v a 2 s .c om*/ PEMReader pRd = new PEMReader(new StringReader(cert.pemRequest)); PKCS10CertificationRequest request = (PKCS10CertificationRequest) pRd.readObject(); if (request == null) throw new IamCertificateException("invalid CSR (request)"); CertificationRequestInfo info = request.getCertificationRequestInfo(); if (info == null) throw new IamCertificateException("invalid CSR (info)"); X509Name dn = info.getSubject(); if (dn == null) throw new IamCertificateException("invalid CSR (dn)"); log.debug("dn=" + dn.toString()); cert.dn = dn.toString(); try { List cns = dn.getValues(X509Name.CN); cert.cn = (String) (cns.get(0)); log.debug("cn=" + cert.cn); cert.names.add(cert.cn); // first entry for names is always cn cns = dn.getValues(X509Name.C); cert.dnC = (String) (cns.get(0)); cns = dn.getValues(X509Name.ST); cert.dnST = (String) (cns.get(0)); } catch (Exception e) { log.debug("get cn error: " + e); throw new IamCertificateException("invalid CSR"); } // see if we've got alt names (in extensions) ASN1Set attrs = info.getAttributes(); if (attrs != null) { for (int a = 0; a < attrs.size(); a++) { Attribute attr = Attribute.getInstance(attrs.getObjectAt(a)); if (attr.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { // is the extension X509Extensions extensions = X509Extensions.getInstance(attr.getAttrValues().getObjectAt(0)); // get the subAltName extension DERObjectIdentifier sanoid = new DERObjectIdentifier( X509Extensions.SubjectAlternativeName.getId()); X509Extension xext = extensions.getExtension(sanoid); if (xext != null) { log.debug("processing altname extensions"); ASN1Object asn1 = X509Extension.convertValueToObject(xext); Enumeration dit = DERSequence.getInstance(asn1).getObjects(); while (dit.hasMoreElements()) { GeneralName gn = GeneralName.getInstance(dit.nextElement()); log.debug("altname tag=" + gn.getTagNo()); log.debug("altname name=" + gn.getName().toString()); if (gn.getTagNo() == GeneralName.dNSName) cert.names.add(gn.getName().toString()); } } } } } // check key size PublicKey pk = request.getPublicKey(); log.debug("key alg = " + pk.getAlgorithm()); log.debug("key fmt = " + pk.getFormat()); if (pk.getAlgorithm().equals("RSA")) { RSAPublicKey rpk = (RSAPublicKey) pk; cert.keySize = rpk.getModulus().bitLength(); log.debug("key size = " + cert.keySize); } } catch (IOException e) { log.debug("ioerror: " + e); throw new IamCertificateException("invalid CSR " + e.getMessage()); } catch (Exception e) { log.debug("excp: " + e); throw new IamCertificateException("invalid CSR"); } return 1; }
From source file:org.cesecore.certificates.util.cert.SubjectDirAttrExtension.java
License:Open Source License
/** * SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute * * Attribute ::= SEQUENCE {//from w w w . ja v a2 s. com * type AttributeType, * values SET OF AttributeValue } * -- at least one value is required * * AttributeType ::= OBJECT IDENTIFIER * AttributeValue ::= ANY * * SubjectDirectoryAttributes is of form * dateOfBirth=<19590927>, placeOfBirth=<string>, gender=<M/F>, countryOfCitizenship=<two letter ISO3166>, countryOfResidence=<two letter ISO3166> * * Supported subjectDirectoryAttributes are the ones above * * @param certificate containing subject directory attributes * @return String containing directoryAttributes of form the form specified above or null if no directoryAttributes exist. * Values in returned String is from CertTools constants. * DirectoryAttributes not supported are simply not shown in the resulting string. * @throws java.lang.Exception */ public static String getSubjectDirectoryAttributes(Certificate certificate) throws Exception { log.debug("Search for SubjectAltName"); String result = ""; if (certificate instanceof X509Certificate) { X509Certificate x509cert = (X509Certificate) certificate; ASN1Primitive obj = CertTools.getExtensionValue(x509cert, Extension.subjectDirectoryAttributes.getId()); if (obj == null) { return null; } ASN1Sequence seq = (ASN1Sequence) obj; String prefix = ""; SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMdd"); for (int i = 0; i < seq.size(); i++) { Attribute attr = Attribute.getInstance(seq.getObjectAt(i)); if (!StringUtils.isEmpty(result)) { prefix = ", "; } if (attr.getAttrType().getId().equals(id_pda_dateOfBirth)) { ASN1Set set = attr.getAttrValues(); // Come on, we'll only allow one dateOfBirth, we're not allowing such frauds with multiple birth dates ASN1GeneralizedTime time = ASN1GeneralizedTime.getInstance(set.getObjectAt(0)); Date date = time.getDate(); String dateStr = dateF.format(date); result += prefix + "dateOfBirth=" + dateStr; } if (attr.getAttrType().getId().equals(id_pda_placeOfBirth)) { ASN1Set set = attr.getAttrValues(); // same here only one placeOfBirth String pb = ((ASN1String) set.getObjectAt(0)).getString(); result += prefix + "placeOfBirth=" + pb; } if (attr.getAttrType().getId().equals(id_pda_gender)) { ASN1Set set = attr.getAttrValues(); // same here only one gender String g = ((ASN1String) set.getObjectAt(0)).getString(); result += prefix + "gender=" + g; } if (attr.getAttrType().getId().equals(id_pda_countryOfCitizenship)) { ASN1Set set = attr.getAttrValues(); // same here only one citizenship String g = ((ASN1String) set.getObjectAt(0)).getString(); result += prefix + "countryOfCitizenship=" + g; } if (attr.getAttrType().getId().equals(id_pda_countryOfResidence)) { ASN1Set set = attr.getAttrValues(); // same here only one residence String g = ((ASN1String) set.getObjectAt(0)).getString(); result += prefix + "countryOfResidence=" + g; } } } if (StringUtils.isEmpty(result)) { return null; } return result; }
From source file:org.ejbca.util.cert.SubjectDirAttrExtension.java
License:Open Source License
/** * SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute * * Attribute ::= SEQUENCE {/* w w w . java 2 s .c om*/ * type AttributeType, * values SET OF AttributeValue } * -- at least one value is required * * AttributeType ::= OBJECT IDENTIFIER * AttributeValue ::= ANY * * SubjectDirectoryAttributes is of form * dateOfBirth=<19590927>, placeOfBirth=<string>, gender=<M/F>, countryOfCitizenship=<two letter ISO3166>, countryOfResidence=<two letter ISO3166> * * Supported subjectDirectoryAttributes are the ones above * * @param certificate containing subject directory attributes * @return String containing directoryAttributes of form the form specified above or null if no directoryAttributes exist. * Values in returned String is from CertTools constants. * DirectoryAttributes not supported are simply not shown in the resulting string. * @throws java.lang.Exception */ public static String getSubjectDirectoryAttributes(Certificate certificate) throws Exception { log.debug("Search for SubjectAltName"); String result = ""; if (certificate instanceof X509Certificate) { X509Certificate x509cert = (X509Certificate) certificate; DERObject obj = CertTools.getExtensionValue(x509cert, X509Extensions.SubjectDirectoryAttributes.getId()); if (obj == null) { return null; } ASN1Sequence seq = (ASN1Sequence) obj; String prefix = ""; FastDateFormat dateF = FastDateFormat.getInstance("yyyyMMdd"); for (int i = 0; i < seq.size(); i++) { Attribute attr = Attribute.getInstance(seq.getObjectAt(i)); if (!StringUtils.isEmpty(result)) { prefix = ", "; } if (attr.getAttrType().getId().equals(id_pda_dateOfBirth)) { ASN1Set set = attr.getAttrValues(); // Come on, we'll only allow one dateOfBirth, we're not allowing such frauds with multiple birth dates DERGeneralizedTime time = DERGeneralizedTime.getInstance(set.getObjectAt(0)); Date date = time.getDate(); String dateStr = dateF.format(date); result += prefix + "dateOfBirth=" + dateStr; } if (attr.getAttrType().getId().equals(id_pda_placeOfBirth)) { ASN1Set set = attr.getAttrValues(); // same here only one placeOfBirth String pb = ((DERString) set.getObjectAt(0)).getString(); result += prefix + "placeOfBirth=" + pb; } if (attr.getAttrType().getId().equals(id_pda_gender)) { ASN1Set set = attr.getAttrValues(); // same here only one gender String g = ((DERString) set.getObjectAt(0)).getString(); result += prefix + "gender=" + g; } if (attr.getAttrType().getId().equals(id_pda_countryOfCitizenship)) { ASN1Set set = attr.getAttrValues(); // same here only one citizenship String g = ((DERString) set.getObjectAt(0)).getString(); result += prefix + "countryOfCitizenship=" + g; } if (attr.getAttrType().getId().equals(id_pda_countryOfResidence)) { ASN1Set set = attr.getAttrValues(); // same here only one residence String g = ((DERString) set.getObjectAt(0)).getString(); result += prefix + "countryOfResidence=" + g; } } } if (StringUtils.isEmpty(result)) { return null; } return result; }
From source file:org.glite.slcs.pki.bouncycastle.PKCS10.java
License:eu-egee.org license
/** * Gets the X509Extensions included in the PKCS10. * /*w w w . ja va2s . c o m*/ * @return The X509Extensions or <code>null</code> if there is no * X509Extensions. */ public X509Extensions getX509Extensions() { X509Extensions x509Extensions = null; ASN1Set attributes = this.bcPKCS10_.getCertificationRequestInfo().getAttributes(); if (attributes.size() > 0) { ASN1Sequence attributeSequence = (ASN1Sequence) attributes.getObjectAt(0); Attribute attribute = new Attribute(attributeSequence); DERObjectIdentifier oid = attribute.getAttrType(); if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { ASN1Set attributeValues = attribute.getAttrValues(); if (attributeValues.size() > 0) { ASN1Sequence x509extensionsSequence = (ASN1Sequence) attributeValues.getObjectAt(0); x509Extensions = new X509Extensions(x509extensionsSequence); } } } return x509Extensions; }
From source file:org.qipki.crypto.x509.X509ExtensionsReaderImpl.java
License:Open Source License
@Override public List<X509ExtensionHolder> extractRequestedExtensions(PKCS10CertificationRequest pkcs10) { final List<X509ExtensionHolder> extractedExtensions = new ArrayList<X509ExtensionHolder>(); final CertificationRequestInfo certificationRequestInfo = pkcs10.getCertificationRequestInfo(); final ASN1Set attributesAsn1Set = certificationRequestInfo.getAttributes(); if (attributesAsn1Set == null) { return extractedExtensions; }/*from www . ja v a 2 s . c o m*/ // The `Extension Request` attribute is contained within an ASN.1 Set, // usually as the first element. X509Extensions requestedExtensions = null; for (int i = 0; i < attributesAsn1Set.size(); ++i) { // There should be only only one attribute in the set. (that is, only // the `Extension Request`, but loop through to find it properly) final DEREncodable derEncodable = attributesAsn1Set.getObjectAt(i); if (derEncodable instanceof DERSequence) { final Attribute attribute = new Attribute((DERSequence) attributesAsn1Set.getObjectAt(i)); if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { // The `Extension Request` attribute is present. final ASN1Set attributeValues = attribute.getAttrValues(); // The X509Extensions are contained as a value of the ASN.1 Set. // WARN Assuming that it is the first value of the set. if (attributeValues.size() >= 1) { DEREncodable extensionsDEREncodable = attributeValues.getObjectAt(0); ASN1Sequence extensionsASN1Sequence = (ASN1Sequence) extensionsDEREncodable; requestedExtensions = new X509Extensions(extensionsASN1Sequence); // No need to search any more. break; } } } } if (requestedExtensions != null) { Enumeration<?> e = requestedExtensions.oids(); while (e.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement(); X509Extension extension = requestedExtensions.getExtension(oid); extractedExtensions.add(new X509ExtensionHolder(oid, extension.isCritical(), X509Extension.convertValueToObject(extension))); } } return extractedExtensions; }