List of usage examples for org.bouncycastle.asn1.x509 Attribute getInstance
public static Attribute getInstance(Object o)
From source file:chapter6.PKCS10CertCreateExample.java
public static X509Certificate[] buildChain() throws Exception { // Create the certification request KeyPair pair = Utils.generateRSAKeyPair(); PKCS10CertificationRequest request = PKCS10ExtensionExample.generateRequest(pair); // Create a root certificate KeyPair rootPair = Utils.generateRSAKeyPair(); X509Certificate rootCert = X509V1CreateExample.generateV1Certificate(rootPair); // Validate the certification request if (request.verify("BC") == false) { System.out.println("Request failed to verify!!"); System.exit(1);/*from w w w . j av a2s. c om*/ } // Create the certificate using the information in the request X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(rootCert.getSubjectX500Principal()); certGen.setNotBefore(new Date(System.currentTimeMillis())); certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); certGen.setSubjectDN(new X500Principal(request.getCertificationRequestInfo().getSubject().getEncoded())); certGen.setPublicKey(request.getPublicKey("BC")); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(rootCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(request.getPublicKey("BC"))); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); certGen.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)); // Extract the extension request attribute ASN1Set attributes = request.getCertificationRequestInfo().getAttributes(); for (int i = 0; i < attributes.size(); i++) { Attribute attr = Attribute.getInstance(attributes.getObjectAt(i)); // Process extension request if (attr.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { X509Extensions extensions = X509Extensions.getInstance(attr.getAttrValues().getObjectAt(0)); Enumeration e = extensions.oids(); while (e.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement(); X509Extension ext = extensions.getExtension(oid); certGen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets()); } } } X509Certificate issuedCert = certGen.generateX509Certificate(rootPair.getPrivate()); return new X509Certificate[] { issuedCert, rootCert }; }
From source file:edu.washington.iam.tools.IamCertificateHelper.java
License:Apache License
public static int parseCsr(IamCertificate cert) throws IamCertificateException { try {/* ww w . ja v a2 s. c om*/ PEMReader pRd = new PEMReader(new StringReader(cert.pemRequest)); PKCS10CertificationRequest request = (PKCS10CertificationRequest) pRd.readObject(); if (request == null) throw new IamCertificateException("invalid CSR (request)"); CertificationRequestInfo info = request.getCertificationRequestInfo(); if (info == null) throw new IamCertificateException("invalid CSR (info)"); X509Name dn = info.getSubject(); if (dn == null) throw new IamCertificateException("invalid CSR (dn)"); log.debug("dn=" + dn.toString()); cert.dn = dn.toString(); try { List cns = dn.getValues(X509Name.CN); cert.cn = (String) (cns.get(0)); log.debug("cn=" + cert.cn); cert.names.add(cert.cn); // first entry for names is always cn cns = dn.getValues(X509Name.C); cert.dnC = (String) (cns.get(0)); cns = dn.getValues(X509Name.ST); cert.dnST = (String) (cns.get(0)); } catch (Exception e) { log.debug("get cn error: " + e); throw new IamCertificateException("invalid CSR"); } // see if we've got alt names (in extensions) ASN1Set attrs = info.getAttributes(); if (attrs != null) { for (int a = 0; a < attrs.size(); a++) { Attribute attr = Attribute.getInstance(attrs.getObjectAt(a)); if (attr.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { // is the extension X509Extensions extensions = X509Extensions.getInstance(attr.getAttrValues().getObjectAt(0)); // get the subAltName extension DERObjectIdentifier sanoid = new DERObjectIdentifier( X509Extensions.SubjectAlternativeName.getId()); X509Extension xext = extensions.getExtension(sanoid); if (xext != null) { log.debug("processing altname extensions"); ASN1Object asn1 = X509Extension.convertValueToObject(xext); Enumeration dit = DERSequence.getInstance(asn1).getObjects(); while (dit.hasMoreElements()) { GeneralName gn = GeneralName.getInstance(dit.nextElement()); log.debug("altname tag=" + gn.getTagNo()); log.debug("altname name=" + gn.getName().toString()); if (gn.getTagNo() == GeneralName.dNSName) cert.names.add(gn.getName().toString()); } } } } } // check key size PublicKey pk = request.getPublicKey(); log.debug("key alg = " + pk.getAlgorithm()); log.debug("key fmt = " + pk.getFormat()); if (pk.getAlgorithm().equals("RSA")) { RSAPublicKey rpk = (RSAPublicKey) pk; cert.keySize = rpk.getModulus().bitLength(); log.debug("key size = " + cert.keySize); } } catch (IOException e) { log.debug("ioerror: " + e); throw new IamCertificateException("invalid CSR " + e.getMessage()); } catch (Exception e) { log.debug("excp: " + e); throw new IamCertificateException("invalid CSR"); } return 1; }
From source file:org.cesecore.certificates.util.cert.SubjectDirAttrExtension.java
License:Open Source License
/** * SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute * * Attribute ::= SEQUENCE {/*from ww w . j ava2 s.c om*/ * type AttributeType, * values SET OF AttributeValue } * -- at least one value is required * * AttributeType ::= OBJECT IDENTIFIER * AttributeValue ::= ANY * * SubjectDirectoryAttributes is of form * dateOfBirth=<19590927>, placeOfBirth=<string>, gender=<M/F>, countryOfCitizenship=<two letter ISO3166>, countryOfResidence=<two letter ISO3166> * * Supported subjectDirectoryAttributes are the ones above * * @param certificate containing subject directory attributes * @return String containing directoryAttributes of form the form specified above or null if no directoryAttributes exist. * Values in returned String is from CertTools constants. * DirectoryAttributes not supported are simply not shown in the resulting string. * @throws java.lang.Exception */ public static String getSubjectDirectoryAttributes(Certificate certificate) throws Exception { log.debug("Search for SubjectAltName"); String result = ""; if (certificate instanceof X509Certificate) { X509Certificate x509cert = (X509Certificate) certificate; ASN1Primitive obj = CertTools.getExtensionValue(x509cert, Extension.subjectDirectoryAttributes.getId()); if (obj == null) { return null; } ASN1Sequence seq = (ASN1Sequence) obj; String prefix = ""; SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMdd"); for (int i = 0; i < seq.size(); i++) { Attribute attr = Attribute.getInstance(seq.getObjectAt(i)); if (!StringUtils.isEmpty(result)) { prefix = ", "; } if (attr.getAttrType().getId().equals(id_pda_dateOfBirth)) { ASN1Set set = attr.getAttrValues(); // Come on, we'll only allow one dateOfBirth, we're not allowing such frauds with multiple birth dates ASN1GeneralizedTime time = ASN1GeneralizedTime.getInstance(set.getObjectAt(0)); Date date = time.getDate(); String dateStr = dateF.format(date); result += prefix + "dateOfBirth=" + dateStr; } if (attr.getAttrType().getId().equals(id_pda_placeOfBirth)) { ASN1Set set = attr.getAttrValues(); // same here only one placeOfBirth String pb = ((ASN1String) set.getObjectAt(0)).getString(); result += prefix + "placeOfBirth=" + pb; } if (attr.getAttrType().getId().equals(id_pda_gender)) { ASN1Set set = attr.getAttrValues(); // same here only one gender String g = ((ASN1String) set.getObjectAt(0)).getString(); result += prefix + "gender=" + g; } if (attr.getAttrType().getId().equals(id_pda_countryOfCitizenship)) { ASN1Set set = attr.getAttrValues(); // same here only one citizenship String g = ((ASN1String) set.getObjectAt(0)).getString(); result += prefix + "countryOfCitizenship=" + g; } if (attr.getAttrType().getId().equals(id_pda_countryOfResidence)) { ASN1Set set = attr.getAttrValues(); // same here only one residence String g = ((ASN1String) set.getObjectAt(0)).getString(); result += prefix + "countryOfResidence=" + g; } } } if (StringUtils.isEmpty(result)) { return null; } return result; }
From source file:org.ejbca.util.cert.SubjectDirAttrExtension.java
License:Open Source License
/** * SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute * * Attribute ::= SEQUENCE {//from ww w . j a v a 2 s. c om * type AttributeType, * values SET OF AttributeValue } * -- at least one value is required * * AttributeType ::= OBJECT IDENTIFIER * AttributeValue ::= ANY * * SubjectDirectoryAttributes is of form * dateOfBirth=<19590927>, placeOfBirth=<string>, gender=<M/F>, countryOfCitizenship=<two letter ISO3166>, countryOfResidence=<two letter ISO3166> * * Supported subjectDirectoryAttributes are the ones above * * @param certificate containing subject directory attributes * @return String containing directoryAttributes of form the form specified above or null if no directoryAttributes exist. * Values in returned String is from CertTools constants. * DirectoryAttributes not supported are simply not shown in the resulting string. * @throws java.lang.Exception */ public static String getSubjectDirectoryAttributes(Certificate certificate) throws Exception { log.debug("Search for SubjectAltName"); String result = ""; if (certificate instanceof X509Certificate) { X509Certificate x509cert = (X509Certificate) certificate; DERObject obj = CertTools.getExtensionValue(x509cert, X509Extensions.SubjectDirectoryAttributes.getId()); if (obj == null) { return null; } ASN1Sequence seq = (ASN1Sequence) obj; String prefix = ""; FastDateFormat dateF = FastDateFormat.getInstance("yyyyMMdd"); for (int i = 0; i < seq.size(); i++) { Attribute attr = Attribute.getInstance(seq.getObjectAt(i)); if (!StringUtils.isEmpty(result)) { prefix = ", "; } if (attr.getAttrType().getId().equals(id_pda_dateOfBirth)) { ASN1Set set = attr.getAttrValues(); // Come on, we'll only allow one dateOfBirth, we're not allowing such frauds with multiple birth dates DERGeneralizedTime time = DERGeneralizedTime.getInstance(set.getObjectAt(0)); Date date = time.getDate(); String dateStr = dateF.format(date); result += prefix + "dateOfBirth=" + dateStr; } if (attr.getAttrType().getId().equals(id_pda_placeOfBirth)) { ASN1Set set = attr.getAttrValues(); // same here only one placeOfBirth String pb = ((DERString) set.getObjectAt(0)).getString(); result += prefix + "placeOfBirth=" + pb; } if (attr.getAttrType().getId().equals(id_pda_gender)) { ASN1Set set = attr.getAttrValues(); // same here only one gender String g = ((DERString) set.getObjectAt(0)).getString(); result += prefix + "gender=" + g; } if (attr.getAttrType().getId().equals(id_pda_countryOfCitizenship)) { ASN1Set set = attr.getAttrValues(); // same here only one citizenship String g = ((DERString) set.getObjectAt(0)).getString(); result += prefix + "countryOfCitizenship=" + g; } if (attr.getAttrType().getId().equals(id_pda_countryOfResidence)) { ASN1Set set = attr.getAttrValues(); // same here only one residence String g = ((DERString) set.getObjectAt(0)).getString(); result += prefix + "countryOfResidence=" + g; } } } if (StringUtils.isEmpty(result)) { return null; } return result; }
From source file:org.xipki.pki.ca.qa.ExtensionsChecker.java
License:Open Source License
private void checkExtensionSubjectDirAttrs(final StringBuilder failureMsg, final byte[] extensionValue, final Extensions requestedExtensions, final ExtensionControl extControl) { SubjectDirectoryAttributesControl conf = certProfile.getSubjectDirAttrsControl(); if (conf == null) { failureMsg.append("extension is present but not expected; "); return;//w w w . j av a2s . c om } ASN1Encodable extInRequest = null; if (requestedExtensions != null) { extInRequest = requestedExtensions.getExtensionParsedValue(Extension.subjectDirectoryAttributes); } if (extInRequest == null) { failureMsg.append("extension is present but not expected; "); return; } SubjectDirectoryAttributes requested = SubjectDirectoryAttributes.getInstance(extInRequest); Vector<?> reqSubDirAttrs = requested.getAttributes(); ASN1GeneralizedTime expDateOfBirth = null; String expPlaceOfBirth = null; String expGender = null; Set<String> expCountryOfCitizenshipList = new HashSet<>(); Set<String> expCountryOfResidenceList = new HashSet<>(); Map<ASN1ObjectIdentifier, Set<ASN1Encodable>> expOtherAttrs = new HashMap<>(); final int expN = reqSubDirAttrs.size(); for (int i = 0; i < expN; i++) { Attribute attr = Attribute.getInstance(reqSubDirAttrs.get(i)); ASN1ObjectIdentifier attrType = attr.getAttrType(); ASN1Encodable attrVal = attr.getAttributeValues()[0]; if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(attrType)) { expDateOfBirth = ASN1GeneralizedTime.getInstance(attrVal); } else if (ObjectIdentifiers.DN_PLACE_OF_BIRTH.equals(attrType)) { expPlaceOfBirth = DirectoryString.getInstance(attrVal).getString(); } else if (ObjectIdentifiers.DN_GENDER.equals(attrType)) { expGender = DERPrintableString.getInstance(attrVal).getString(); } else if (ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP.equals(attrType)) { String country = DERPrintableString.getInstance(attrVal).getString(); expCountryOfCitizenshipList.add(country); } else if (ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE.equals(attrType)) { String country = DERPrintableString.getInstance(attrVal).getString(); expCountryOfResidenceList.add(country); } else { Set<ASN1Encodable> otherAttrVals = expOtherAttrs.get(attrType); if (otherAttrVals == null) { otherAttrVals = new HashSet<>(); expOtherAttrs.put(attrType, otherAttrVals); } otherAttrVals.add(attrVal); } } SubjectDirectoryAttributes ext = SubjectDirectoryAttributes.getInstance(extensionValue); Vector<?> subDirAttrs = ext.getAttributes(); ASN1GeneralizedTime dateOfBirth = null; String placeOfBirth = null; String gender = null; Set<String> countryOfCitizenshipList = new HashSet<>(); Set<String> countryOfResidenceList = new HashSet<>(); Map<ASN1ObjectIdentifier, Set<ASN1Encodable>> otherAttrs = new HashMap<>(); List<ASN1ObjectIdentifier> attrTypes = new LinkedList<>(conf.getTypes()); final int n = subDirAttrs.size(); for (int i = 0; i < n; i++) { Attribute attr = Attribute.getInstance(subDirAttrs.get(i)); ASN1ObjectIdentifier attrType = attr.getAttrType(); if (!attrTypes.contains(attrType)) { failureMsg.append("attribute of type " + attrType.getId() + " is present but not expected; "); continue; } ASN1Encodable[] attrs = attr.getAttributeValues(); if (attrs.length != 1) { failureMsg.append("attribute of type " + attrType.getId() + " does not single-value value: " + attrs.length + "; "); continue; } ASN1Encodable attrVal = attrs[0]; if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(attrType)) { dateOfBirth = ASN1GeneralizedTime.getInstance(attrVal); } else if (ObjectIdentifiers.DN_PLACE_OF_BIRTH.equals(attrType)) { placeOfBirth = DirectoryString.getInstance(attrVal).getString(); } else if (ObjectIdentifiers.DN_GENDER.equals(attrType)) { gender = DERPrintableString.getInstance(attrVal).getString(); } else if (ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP.equals(attrType)) { String country = DERPrintableString.getInstance(attrVal).getString(); countryOfCitizenshipList.add(country); } else if (ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE.equals(attrType)) { String country = DERPrintableString.getInstance(attrVal).getString(); countryOfResidenceList.add(country); } else { Set<ASN1Encodable> otherAttrVals = otherAttrs.get(attrType); if (otherAttrVals == null) { otherAttrVals = new HashSet<>(); otherAttrs.put(attrType, otherAttrVals); } otherAttrVals.add(attrVal); } } if (dateOfBirth != null) { attrTypes.remove(ObjectIdentifiers.DN_DATE_OF_BIRTH); } if (placeOfBirth != null) { attrTypes.remove(ObjectIdentifiers.DN_PLACE_OF_BIRTH); } if (gender != null) { attrTypes.remove(ObjectIdentifiers.DN_GENDER); } if (!countryOfCitizenshipList.isEmpty()) { attrTypes.remove(ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP); } if (!countryOfResidenceList.isEmpty()) { attrTypes.remove(ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE); } attrTypes.removeAll(otherAttrs.keySet()); if (!attrTypes.isEmpty()) { List<String> attrTypeTexts = new LinkedList<>(); for (ASN1ObjectIdentifier oid : attrTypes) { attrTypeTexts.add(oid.getId()); } failureMsg.append("required attributes of types " + attrTypeTexts + " are not present; "); } if (dateOfBirth != null) { String timeStirng = dateOfBirth.getTimeString(); if (!SubjectDnSpec.PATTERN_DATE_OF_BIRTH.matcher(timeStirng).matches()) { failureMsg.append("invalid dateOfBirth: " + timeStirng + "; "); } String exp = (expDateOfBirth == null) ? null : expDateOfBirth.getTimeString(); if (!timeStirng.equalsIgnoreCase(exp)) { addViolation(failureMsg, "dateOfBirth", timeStirng, exp); } } if (gender != null) { if (!(gender.equalsIgnoreCase("F") || gender.equalsIgnoreCase("M"))) { failureMsg.append("invalid gender: " + gender + "; "); } if (!gender.equalsIgnoreCase(expGender)) { addViolation(failureMsg, "gender", gender, expGender); } } if (placeOfBirth != null) { if (!placeOfBirth.equals(expPlaceOfBirth)) { addViolation(failureMsg, "placeOfBirth", placeOfBirth, expPlaceOfBirth); } } if (!countryOfCitizenshipList.isEmpty()) { Set<String> diffs = strInBnotInA(expCountryOfCitizenshipList, countryOfCitizenshipList); if (CollectionUtil.isNonEmpty(diffs)) { failureMsg.append("countryOfCitizenship ").append(diffs.toString()); failureMsg.append(" are present but not expected; "); } diffs = strInBnotInA(countryOfCitizenshipList, expCountryOfCitizenshipList); if (CollectionUtil.isNonEmpty(diffs)) { failureMsg.append("countryOfCitizenship ").append(diffs.toString()); failureMsg.append(" are absent but are required; "); } } if (!countryOfResidenceList.isEmpty()) { Set<String> diffs = strInBnotInA(expCountryOfResidenceList, countryOfResidenceList); if (CollectionUtil.isNonEmpty(diffs)) { failureMsg.append("countryOfResidence ").append(diffs.toString()); failureMsg.append(" are present but not expected; "); } diffs = strInBnotInA(countryOfResidenceList, expCountryOfResidenceList); if (CollectionUtil.isNonEmpty(diffs)) { failureMsg.append("countryOfResidence ").append(diffs.toString()); failureMsg.append(" are absent but are required; "); } } if (!otherAttrs.isEmpty()) { for (ASN1ObjectIdentifier attrType : otherAttrs.keySet()) { Set<ASN1Encodable> expAttrValues = expOtherAttrs.get(attrType); if (expAttrValues == null) { failureMsg.append("attribute of type " + attrType.getId() + " is present but not requested; "); continue; } Set<ASN1Encodable> attrValues = otherAttrs.get(attrType); if (!attrValues.equals(expAttrValues)) { failureMsg .append("attribute of type " + attrType.getId() + " differs from the requested one; "); continue; } } } }