List of usage examples for org.bouncycastle.asn1.x509 AuthorityKeyIdentifier getEncoded
public byte[] getEncoded(String encoding) throws IOException
From source file:net.sf.keystore_explorer.gui.dialogs.extensions.DAuthorityKeyIdentifier.java
License:Open Source License
private void okPressed() { byte[] keyIdentifier = jkiKeyIdentifier.getKeyIdentifier(); GeneralNames authorityCertIssuer = jgnAuthorityCertIssuer.getGeneralNames(); BigInteger authorityCertSerialNumber = null; String authorityCertSerialNumberStr = jtfAuthorityCertSerialNumber.getText().trim(); if (authorityCertSerialNumberStr.length() != 0) { try {/*from w w w .j av a 2 s. co m*/ authorityCertSerialNumber = new BigInteger(authorityCertSerialNumberStr); if (authorityCertSerialNumber.compareTo(BigInteger.ONE) < 0) { JOptionPane.showMessageDialog(this, res.getString("DAuthorityKeyIdentifier.AuthorityCertSerialNumberNonZero.message"), getTitle(), JOptionPane.WARNING_MESSAGE); return; } } catch (NumberFormatException ex) { JOptionPane.showMessageDialog(this, res.getString("DAuthorityKeyIdentifier.AuthorityCertSerialNumberNotInteger.message"), getTitle(), JOptionPane.WARNING_MESSAGE); return; } } // Either key identifier or authority cert issuer and authority cert // serial number are required if ((keyIdentifier == null) && ((authorityCertIssuer.getNames().length == 0) || (authorityCertSerialNumber == null))) { JOptionPane.showMessageDialog(this, res.getString("DAuthorityKeyIdentifier.ValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE); return; } AuthorityKeyIdentifier authorityKeyIdentifier; if ((keyIdentifier != null) && (authorityCertSerialNumber == null)) { // only key identifier authorityKeyIdentifier = new AuthorityKeyIdentifier(keyIdentifier); } else if (keyIdentifier == null) { // only issuer / serial authorityKeyIdentifier = new AuthorityKeyIdentifier(authorityCertIssuer, authorityCertSerialNumber); } else { // both authorityKeyIdentifier = new AuthorityKeyIdentifier(keyIdentifier, authorityCertIssuer, authorityCertSerialNumber); } try { value = authorityKeyIdentifier.getEncoded(ASN1Encoding.DER); } catch (IOException ex) { DError dError = new DError(this, ex); dError.setLocationRelativeTo(this); dError.setVisible(true); return; } closeDialog(); }
From source file:se.tillvaxtverket.tsltrust.webservice.daemon.ca.CertificationAuthority.java
License:Open Source License
public AaaCertificate createCertificate(AaaCertificate orgCert, BigInteger certSerial, AaaCertificate issuerCert, String algorithm, List<Extension> extensions) { AaaCertificate cert = null;/*from ww w . j a v a 2 s . c o m*/ // create a new certificate try { CertRequestModel reqModel = new CertRequestModel(); reqModel.setIssuerDN(issuerCert.getSubject()); reqModel.setPublicKey(orgCert.getCert().getPublicKey()); reqModel.setSerialNumber(certSerial); reqModel.setSubjectDN(orgCert.getSubject()); reqModel.setNotBefore(orgCert.getNotBefore()); if (issuerCert.getNotAfter().after(orgCert.getNotAfter())) { reqModel.setNotAfter(orgCert.getNotAfter()); } else { reqModel.setNotAfter(issuerCert.getNotAfter()); } // Add AKI X509ExtensionUtils extUtil = CertUtils.getX509ExtensionUtils(); AuthorityKeyIdentifier aki = extUtil.createAuthorityKeyIdentifier(issuerCert); extensions.add(new Extension(Extension.authorityKeyIdentifier, false, aki.getEncoded("DER"))); DistributionPoint dp = new DistributionPoint( new DistributionPointName( new GeneralNames(new GeneralName(GeneralName.uniformResourceIdentifier, crlDpUrl))), null, null); CRLDistPoint cdp = new CRLDistPoint(new DistributionPoint[] { dp }); extensions.add(new Extension(Extension.cRLDistributionPoints, false, cdp.getEncoded("DER"))); reqModel.setExtensionList(extensions); reqModel.setSigner( new JcaContentSignerBuilder(algorithm).build((PrivateKey) key_store.getKey(ROOT, KS_PASSWORD))); cert = new AaaCertificate(reqModel); } catch (Exception ex) { cert = null; LOG.warning("Error creating the certificate: " + ex.getMessage()); } return cert; }
From source file:se.tillvaxtverket.tsltrust.webservice.daemon.ca.CertificationAuthority.java
License:Open Source License
public X509CRLHolder revokeCertificates() { long currentTime = System.currentTimeMillis(); long nextUpdateTime = currentTime + crlValPeriod; List<DbCert> certList = CaSQLiteUtil.getCertificates(caDir, true); DbCAParam cp = CaSQLiteUtil.getParameter(caDir, CRL_SERIAL_KEY); if (cp == null) { return null; }// ww w .j av a2 s. c o m long nextCrlSerial = cp.getIntValue(); try { AaaCRL crl = new AaaCRL(new Date(currentTime), new Date(nextUpdateTime), caRoot, (PrivateKey) key_store.getKey(ROOT, KS_PASSWORD), CertFactory.SHA256WITHRSA, crlFile); List<Extension> extList = new ArrayList<Extension>(); // Add AKI X509ExtensionUtils extu = CertUtils.getX509ExtensionUtils(); AuthorityKeyIdentifier aki = extu.createAuthorityKeyIdentifier(caRoot); extList.add(new Extension(Extension.authorityKeyIdentifier, false, aki.getEncoded("DER"))); // CRLNumber to be adjusted to an incremental number CRLNumber crlNumber = new CRLNumber(BigInteger.valueOf(nextCrlSerial)); extList.add(new Extension(Extension.cRLNumber, false, crlNumber.getEncoded("DER"))); GeneralNames distributionPointName = new GeneralNames( new GeneralName(GeneralName.uniformResourceIdentifier, crlDpUrl)); DistributionPointName dpn = new DistributionPointName(distributionPointName); IssuingDistributionPoint idp = new IssuingDistributionPoint(dpn, false, false); extList.add(new Extension(Extension.issuingDistributionPoint, true, idp.getEncoded("DER"))); // IssuingDistributionPoint List<CRLEntryData> crlEdList = new ArrayList<>(); certList.forEach((dbCert) -> { Date revTime = new Date(); BigInteger serialNumber = dbCert.getCertificate().getSerialNumber(); crlEdList.add(new CRLEntryData(serialNumber, new Date(dbCert.getRevDate()), CRLReason.privilegeWithdrawn)); }); crl.updateCrl(new Date(currentTime), new Date(nextUpdateTime), crlEdList, extList); logRevocation(certList); // receive CRL latestCrl = crl.getCrl(); cp.setIntValue(nextCrlSerial + 1); CaSQLiteUtil.storeParameter(cp, caDir); // Store CRL FileOps.saveByteFile(FileOps.readBinaryFile(crlFile), exportCrlFile); return latestCrl; } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CRLException | CertificateException | OperatorCreationException ex) { LOG.warning(ex.getMessage()); return null; } }