Example usage for org.bouncycastle.asn1.x509 AuthorityKeyIdentifier getEncoded

List of usage examples for org.bouncycastle.asn1.x509 AuthorityKeyIdentifier getEncoded

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.x509.*
  5. AuthorityKeyIdentifier
  6. getEncoded

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.x509 AuthorityKeyIdentifier getEncoded.

Prototype

public byte[] getEncoded(String encoding) throws IOException

Source Link

Document

Return either the default for "BER" or a DER encoding if "DER" is specified.

Usage

From source file:net.sf.keystore_explorer.gui.dialogs.extensions.DAuthorityKeyIdentifier.java

License:Open Source License

private void okPressed() {
    byte[] keyIdentifier = jkiKeyIdentifier.getKeyIdentifier();
    GeneralNames authorityCertIssuer = jgnAuthorityCertIssuer.getGeneralNames();
    BigInteger authorityCertSerialNumber = null;

    String authorityCertSerialNumberStr = jtfAuthorityCertSerialNumber.getText().trim();

    if (authorityCertSerialNumberStr.length() != 0) {
        try {/*from w  w  w  .j av  a 2  s.  co  m*/
            authorityCertSerialNumber = new BigInteger(authorityCertSerialNumberStr);
            if (authorityCertSerialNumber.compareTo(BigInteger.ONE) < 0) {
                JOptionPane.showMessageDialog(this,
                        res.getString("DAuthorityKeyIdentifier.AuthorityCertSerialNumberNonZero.message"),
                        getTitle(), JOptionPane.WARNING_MESSAGE);
                return;
            }
        } catch (NumberFormatException ex) {
            JOptionPane.showMessageDialog(this,
                    res.getString("DAuthorityKeyIdentifier.AuthorityCertSerialNumberNotInteger.message"),
                    getTitle(), JOptionPane.WARNING_MESSAGE);
            return;
        }
    }

    // Either key identifier or authority cert issuer and authority cert
    // serial number are required
    if ((keyIdentifier == null)
            && ((authorityCertIssuer.getNames().length == 0) || (authorityCertSerialNumber == null))) {
        JOptionPane.showMessageDialog(this, res.getString("DAuthorityKeyIdentifier.ValueReq.message"),
                getTitle(), JOptionPane.WARNING_MESSAGE);
        return;
    }

    AuthorityKeyIdentifier authorityKeyIdentifier;

    if ((keyIdentifier != null) && (authorityCertSerialNumber == null)) {

        // only key identifier
        authorityKeyIdentifier = new AuthorityKeyIdentifier(keyIdentifier);

    } else if (keyIdentifier == null) {

        // only issuer / serial
        authorityKeyIdentifier = new AuthorityKeyIdentifier(authorityCertIssuer, authorityCertSerialNumber);
    } else {

        // both
        authorityKeyIdentifier = new AuthorityKeyIdentifier(keyIdentifier, authorityCertIssuer,
                authorityCertSerialNumber);
    }

    try {
        value = authorityKeyIdentifier.getEncoded(ASN1Encoding.DER);
    } catch (IOException ex) {
        DError dError = new DError(this, ex);
        dError.setLocationRelativeTo(this);
        dError.setVisible(true);
        return;
    }

    closeDialog();
}

From source file:se.tillvaxtverket.tsltrust.webservice.daemon.ca.CertificationAuthority.java

License:Open Source License

public AaaCertificate createCertificate(AaaCertificate orgCert, BigInteger certSerial,
        AaaCertificate issuerCert, String algorithm, List<Extension> extensions) {

    AaaCertificate cert = null;/*from   ww  w .  j a v  a 2  s .  c  o m*/
    // create a new certificate
    try {
        CertRequestModel reqModel = new CertRequestModel();
        reqModel.setIssuerDN(issuerCert.getSubject());
        reqModel.setPublicKey(orgCert.getCert().getPublicKey());
        reqModel.setSerialNumber(certSerial);
        reqModel.setSubjectDN(orgCert.getSubject());
        reqModel.setNotBefore(orgCert.getNotBefore());
        if (issuerCert.getNotAfter().after(orgCert.getNotAfter())) {
            reqModel.setNotAfter(orgCert.getNotAfter());
        } else {
            reqModel.setNotAfter(issuerCert.getNotAfter());
        }

        // Add AKI
        X509ExtensionUtils extUtil = CertUtils.getX509ExtensionUtils();
        AuthorityKeyIdentifier aki = extUtil.createAuthorityKeyIdentifier(issuerCert);
        extensions.add(new Extension(Extension.authorityKeyIdentifier, false, aki.getEncoded("DER")));

        DistributionPoint dp = new DistributionPoint(
                new DistributionPointName(
                        new GeneralNames(new GeneralName(GeneralName.uniformResourceIdentifier, crlDpUrl))),
                null, null);
        CRLDistPoint cdp = new CRLDistPoint(new DistributionPoint[] { dp });
        extensions.add(new Extension(Extension.cRLDistributionPoints, false, cdp.getEncoded("DER")));

        reqModel.setExtensionList(extensions);
        reqModel.setSigner(
                new JcaContentSignerBuilder(algorithm).build((PrivateKey) key_store.getKey(ROOT, KS_PASSWORD)));

        cert = new AaaCertificate(reqModel);
    } catch (Exception ex) {
        cert = null;
        LOG.warning("Error creating the certificate: " + ex.getMessage());
    }

    return cert;
}

From source file:se.tillvaxtverket.tsltrust.webservice.daemon.ca.CertificationAuthority.java

License:Open Source License

public X509CRLHolder revokeCertificates() {
    long currentTime = System.currentTimeMillis();
    long nextUpdateTime = currentTime + crlValPeriod;
    List<DbCert> certList = CaSQLiteUtil.getCertificates(caDir, true);

    DbCAParam cp = CaSQLiteUtil.getParameter(caDir, CRL_SERIAL_KEY);
    if (cp == null) {
        return null;
    }// ww w  .j  av  a2  s. c o  m
    long nextCrlSerial = cp.getIntValue();

    try {

        AaaCRL crl = new AaaCRL(new Date(currentTime), new Date(nextUpdateTime), caRoot,
                (PrivateKey) key_store.getKey(ROOT, KS_PASSWORD), CertFactory.SHA256WITHRSA, crlFile);

        List<Extension> extList = new ArrayList<Extension>();
        // Add AKI
        X509ExtensionUtils extu = CertUtils.getX509ExtensionUtils();
        AuthorityKeyIdentifier aki = extu.createAuthorityKeyIdentifier(caRoot);
        extList.add(new Extension(Extension.authorityKeyIdentifier, false, aki.getEncoded("DER")));

        // CRLNumber to be adjusted to an incremental number
        CRLNumber crlNumber = new CRLNumber(BigInteger.valueOf(nextCrlSerial));
        extList.add(new Extension(Extension.cRLNumber, false, crlNumber.getEncoded("DER")));

        GeneralNames distributionPointName = new GeneralNames(
                new GeneralName(GeneralName.uniformResourceIdentifier, crlDpUrl));
        DistributionPointName dpn = new DistributionPointName(distributionPointName);
        IssuingDistributionPoint idp = new IssuingDistributionPoint(dpn, false, false);
        extList.add(new Extension(Extension.issuingDistributionPoint, true, idp.getEncoded("DER")));

        // IssuingDistributionPoint
        List<CRLEntryData> crlEdList = new ArrayList<>();

        certList.forEach((dbCert) -> {
            Date revTime = new Date();
            BigInteger serialNumber = dbCert.getCertificate().getSerialNumber();
            crlEdList.add(new CRLEntryData(serialNumber, new Date(dbCert.getRevDate()),
                    CRLReason.privilegeWithdrawn));
        });

        crl.updateCrl(new Date(currentTime), new Date(nextUpdateTime), crlEdList, extList);

        logRevocation(certList);

        // receive CRL
        latestCrl = crl.getCrl();
        cp.setIntValue(nextCrlSerial + 1);
        CaSQLiteUtil.storeParameter(cp, caDir);
        // Store CRL
        FileOps.saveByteFile(FileOps.readBinaryFile(crlFile), exportCrlFile);
        return latestCrl;

    } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException
            | CRLException | CertificateException | OperatorCreationException ex) {
        LOG.warning(ex.getMessage());
        return null;
    }
}