List of usage examples for org.bouncycastle.asn1.x509 Certificate getInstance
public static Certificate getInstance(Object obj)
From source file:org.glite.voms.ac.ACCerts.java
License:Open Source License
/** * Creates an ACCerts starting from a sequence. * * @param seq the Sequence./*ww w . j a va 2 s . com*/ * * @throws IllegalArgumentException if Certificates are not supported * or if there is an encoding error. */ public ACCerts(ASN1Sequence seq) { l = new Vector(); seq = (ASN1Sequence) seq.getObjectAt(0); CertificateFactory cf = null; try { cf = CertificateFactory.getInstance("X.509", "BC"); } catch (NoSuchProviderException e) { throw new ExceptionInInitializerError("Cannot find BouncyCastle provider: " + e.getMessage()); } catch (CertificateException e) { throw new ExceptionInInitializerError("X.509 Certificates unsupported. " + e.getMessage()); } catch (Exception ex) { throw new IllegalArgumentException("Error in setting up ACCerts reader. " + ex.getMessage()); } for (Enumeration e = seq.getObjects(); e.hasMoreElements();) { Object o = e.nextElement(); // System.out.println("O CLASS: " + o.getClass()); if (o instanceof DLSequence) { ASN1Sequence s = ASN1Sequence.getInstance(o); byte[] data = null; try { data = new X509CertificateObject(Certificate.getInstance(s)).getEncoded(); l.add((X509Certificate) cf.generateCertificate(new ByteArrayInputStream(data))); // X509CertificateObject obj = null; // obj = new X509CertificateObject(X509CertificateStructure.getInstance(s)); // l.add(obj); } catch (Exception ex) { throw new IllegalArgumentException("Error in encoding ACCerts. " + ex.getMessage()); } //X509CertificateStructure.getInstance(s)); } else throw new IllegalArgumentException("Incorrect encoding for ACCerts"); } }
From source file:org.globus.gsi.bc.BouncyCastleCertProcessingFactory.java
License:Apache License
/** * Loads a X509 certificate from the specified input stream. Input stream must contain DER-encoded * certificate.//from ww w. ja v a 2s. c o m * * @param in * the input stream to read the certificate from. * @return <code>X509Certificate</code> the loaded certificate. * @exception GeneralSecurityException * if certificate failed to load. */ public X509Certificate loadCertificate(InputStream in) throws IOException, GeneralSecurityException { ASN1InputStream derin = new ASN1InputStream(in); ASN1Primitive certInfo = derin.readObject(); ASN1Sequence seq = ASN1Sequence.getInstance(certInfo); return new X509CertificateObject(Certificate.getInstance(seq)); }
From source file:org.jnotary.dvcs.CertEtcToken.java
License:Open Source License
private CertEtcToken(Object obj) { if (obj instanceof X509Extension) { extension = null; //TODO: Das muss verstanden werden } else {//w w w.j av a 2s.co m ASN1TaggedObject tagObj = (ASN1TaggedObject) obj; switch (tagObj.getTagNo()) { case 0: certificate = Certificate.getInstance(tagObj.getObject()); break; case 1: esscertid = ESSCertID.getInstance(tagObj.getObject()); break; case 2: pkistatus = PKIStatusInfo.getInstance(tagObj.getObject()); break; case 3: assertion = ContentInfo.getInstance(tagObj.getObject()); break; case 4: crl = CertificateList.getInstance(tagObj.getObject()); break; case 5: ocspcertstatus = CertStatus.getInstance(tagObj.getObject()); break; case 6: oscpcertid = CertID.getInstance(tagObj.getObject()); break; case 7: oscpresponse = OCSPResponse.getInstance(tagObj.getObject()); break; case 8: capabilities = SMIMECapabilities.getInstance(tagObj.getObject()); break; } } }
From source file:org.jnotary.dvcs.SimpleRequestTest.java
License:Open Source License
@Test public void vpkc() throws Exception { X509Certificate cert = loadCert("testdvcs.crt"); TargetEtcChain[] chain = new TargetEtcChain[1]; CertEtcToken target = new CertEtcToken(Certificate.getInstance(cert.getEncoded())); assertNotNull("Target is null", target.toASN1Primitive()); chain[0] = new TargetEtcChain(target, null, null); Data data = new Data(chain); assertNotNull("Data is null", data.toASN1Primitive()); DVCSRequestInformation requestInformation = new DVCSRequestInformation(ServiceType.VPKC); requestInformation.setNonce(new DERInteger(random.nextLong())); DVCSTime requestTime = new DVCSTime(new DERGeneralizedTime(new java.util.Date())); requestInformation.setRequestTime(requestTime); DVCSRequest reqOut = new DVCSRequest(requestInformation, data); DVCSRequest reqIn = DVCSRequest.getInstance(reqOut.getEncoded()); assertTrue("Service type is incorrect", reqIn.getRequestInformation().getService() == ServiceType.VPKC); assertTrue("Nonce is incorrect", reqIn.getRequestInformation().getNonce().equals(reqOut.getRequestInformation().getNonce())); assertTrue("Request Time is incorrect", reqIn.getRequestInformation().getRequestTime() .equals(reqOut.getRequestInformation().getRequestTime())); assertTrue("No certificates", reqIn.getData().getCerts() != null && reqIn.getData().getCerts().length != 0); CertEtcToken targetIn = reqIn.getData().getCerts()[0].getTarget(); assertNotNull("No target", targetIn); assertTrue("Certificate is incorrect", Arrays.equals(targetIn.getCertificate().getEncoded(), cert.getEncoded())); }
From source file:org.jnotary.dvcs.util.DvcsHelper.java
License:Open Source License
public static DVCSRequest createVpkc(byte[] reqdata, Long nonce) throws Exception { try {//w ww .j a va 2s. c om TargetEtcChain[] chain = new TargetEtcChain[1]; CertEtcToken target = new CertEtcToken(Certificate.getInstance(reqdata)); chain[0] = new TargetEtcChain(target, null, null); Data data = new Data(chain); DVCSRequestInformation requestInformation = new DVCSRequestInformation(ServiceType.VPKC); requestInformation.setNonce(new DERInteger(nonce)); DVCSTime requestTime = new DVCSTime(new DERGeneralizedTime(new java.util.Date())); requestInformation.setRequestTime(requestTime); return new DVCSRequest(requestInformation, data); } catch (Exception e) { throw new Exception("Can't create vpkc request: " + e.getLocalizedMessage()); } }
From source file:org.jruby.ext.openssl.impl.Signed.java
License:LGPL
private static X509AuxCertificate certificateFromASN1(ASN1Encodable current) throws PKCS7Exception { Certificate struct = Certificate.getInstance(current); try {//from w w w . jav a 2 s .c om return new X509AuxCertificate(struct); } catch (IOException e) { throw new PKCS7Exception(PKCS7.F_B64_READ_PKCS7, PKCS7.R_CERTIFICATE_VERIFY_ERROR, e); } catch (CertificateException e) { throw new PKCS7Exception(PKCS7.F_B64_READ_PKCS7, PKCS7.R_CERTIFICATE_VERIFY_ERROR, e); } }
From source file:org.jruby.ext.openssl.OCSPRequest.java
License:Common Public License
@JRubyMethod(name = "verify", rest = true) public IRubyObject verify(IRubyObject[] args) { Ruby runtime = getRuntime();// www. jav a2 s . com ThreadContext context = runtime.getCurrentContext(); int flags = 0; boolean ret = false; if (Arity.checkArgumentCount(runtime, args, 2, 3) == 3) { flags = RubyFixnum.fix2int((RubyFixnum) args[2]); } IRubyObject certificates = args[0]; IRubyObject store = args[1]; OCSPReq bcOCSPReq = getBCOCSPReq(); if (bcOCSPReq == null) { throw newOCSPError(runtime, new NullPointerException("Missing BC asn1bcReq. Missing certIDs or signature?")); } if (!bcOCSPReq.isSigned()) { return RubyBoolean.newBoolean(runtime, ret); } GeneralName genName = bcOCSPReq.getRequestorName(); if (genName.getTagNo() != 4) { return RubyBoolean.newBoolean(runtime, ret); } X500Name genX500Name = X500Name.getInstance(genName.getName()); X509StoreContext storeContext = null; JcaContentVerifierProviderBuilder jcacvpb = new JcaContentVerifierProviderBuilder(); jcacvpb.setProvider("BC"); try { java.security.cert.Certificate signer = findCertByName(genX500Name, certificates, flags); if (signer == null) return RubyBoolean.newBoolean(runtime, ret); if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOINTERN))) > 0 && ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_TRUSTOTHER))) > 0)) flags |= RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOVERIFY)); if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOSIGS))) == 0) { PublicKey signerPubKey = signer.getPublicKey(); ContentVerifierProvider cvp = jcacvpb.build(signerPubKey); ret = bcOCSPReq.isSignatureValid(cvp); if (!ret) { return RubyBoolean.newBoolean(runtime, ret); } } if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOVERIFY))) == 0) { if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOCHAIN))) > 0) { storeContext = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), context.nil); } else { RubyArray certs = RubyArray.newEmptyArray(runtime); ASN1Sequence bcCerts = asn1bcReq.getOptionalSignature().getCerts(); if (bcCerts != null) { Iterator<ASN1Encodable> it = bcCerts.iterator(); while (it.hasNext()) { Certificate cert = Certificate.getInstance(it.next()); certs.add(X509Cert.wrap(runtime, new X509AuxCertificate(cert))); } } storeContext = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), certs); } storeContext.set_purpose(context, _X509(runtime).getConstant("PURPOSE_OCSP_HELPER")); storeContext.set_trust(context, _X509(runtime).getConstant("TRUST_OCSP_REQUEST")); ret = storeContext.verify(context).isTrue(); if (!ret) return RubyBoolean.newBoolean(runtime, false); } } catch (Exception e) { debugStackTrace(e); throw newOCSPError(runtime, e); } return RubyBoolean.newBoolean(getRuntime(), ret); }
From source file:org.jruby.ext.openssl.OCSPRequest.java
License:Common Public License
private java.security.cert.Certificate findCertByName(ASN1Encodable genX500Name, IRubyObject certificates, int flags) throws CertificateException, IOException { Ruby runtime = getRuntime();/*from w w w. j a v a2 s . c o m*/ if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOINTERN))) == 0) { ASN1Sequence certs = asn1bcReq.getOptionalSignature().getCerts(); if (certs != null) { Iterator<ASN1Encodable> it = certs.iterator(); while (it.hasNext()) { Certificate cert = Certificate.getInstance(it.next()); if (genX500Name.equals(cert.getSubject())) return new X509AuxCertificate(cert); } } } @SuppressWarnings("unchecked") List<X509Certificate> certList = (RubyArray) certificates; for (X509Certificate cert : certList) { if (genX500Name.equals(X500Name.getInstance(cert.getSubjectX500Principal().getEncoded()))) return new X509AuxCertificate(cert); } return null; }
From source file:org.kse.gui.actions.GenerateCsrAction.java
License:Open Source License
/** * Do action./* ww w . ja va2 s .c om*/ */ @Override protected void doAction() { File csrFile = null; FileOutputStream fos = null; try { KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory(); KeyStoreState currentState = history.getCurrentState(); Provider provider = history.getExplicitProvider(); String alias = kseFrame.getSelectedEntryAlias(); Password password = getEntryPassword(alias, currentState); if (password == null) { return; } KeyStore keyStore = currentState.getKeyStore(); PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray()); String keyPairAlg = privateKey.getAlgorithm(); KeyPairType keyPairType = KeyPairUtil.getKeyPairType(privateKey); if (keyPairType == null) { throw new CryptoException(MessageFormat .format(res.getString("GenerateCsrAction.NoCsrForKeyPairAlg.message"), keyPairAlg)); } // determine dir of current keystore as proposal for CSR file location String path = CurrentDirectory.get().getAbsolutePath(); File keyStoreFile = history.getFile(); if (keyStoreFile != null) { path = keyStoreFile.getAbsoluteFile().getParent(); } X509Certificate firstCertInChain = X509CertUtil .orderX509CertChain(X509CertUtil.convertCertificates(keyStore.getCertificateChain(alias)))[0]; X500Principal subjectDN = firstCertInChain.getSubjectX500Principal(); DGenerateCsr dGenerateCsr = new DGenerateCsr(frame, alias, subjectDN, privateKey, keyPairType, path); dGenerateCsr.setLocationRelativeTo(frame); dGenerateCsr.setVisible(true); if (!dGenerateCsr.generateSelected()) { return; } csrFile = dGenerateCsr.getCsrFile(); subjectDN = dGenerateCsr.getSubjectDN(); CsrType format = dGenerateCsr.getFormat(); SignatureType signatureType = dGenerateCsr.getSignatureType(); String challenge = dGenerateCsr.getChallenge(); String unstructuredName = dGenerateCsr.getUnstructuredName(); boolean useCertificateExtensions = dGenerateCsr.isAddExtensionsWanted(); PublicKey publicKey = firstCertInChain.getPublicKey(); // add extensionRequest attribute with all extensions from the certificate Extensions extensions = null; if (useCertificateExtensions) { Certificate certificate = Certificate.getInstance(firstCertInChain.getEncoded()); extensions = certificate.getTBSCertificate().getExtensions(); } fos = new FileOutputStream(csrFile); if (format == CsrType.PKCS10) { String csr = Pkcs10Util.getCsrEncodedDerPem(Pkcs10Util.generateCsr(subjectDN, publicKey, privateKey, signatureType, challenge, unstructuredName, extensions, provider)); fos.write(csr.getBytes()); } else { SpkacSubject subject = new SpkacSubject( X500NameUtils.x500PrincipalToX500Name(firstCertInChain.getSubjectX500Principal())); // TODO handle other providers (PKCS11 etc) Spkac spkac = new Spkac(challenge, signatureType, subject, publicKey, privateKey); spkac.output(fos); } JOptionPane.showMessageDialog(frame, res.getString("GenerateCsrAction.CsrGenerationSuccessful.message"), res.getString("GenerateCsrAction.GenerateCsr.Title"), JOptionPane.INFORMATION_MESSAGE); } catch (FileNotFoundException ex) { JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("GenerateCsrAction.NoWriteFile.message"), csrFile), res.getString("GenerateCsrAction.GenerateCsr.Title"), JOptionPane.WARNING_MESSAGE); } catch (Exception ex) { DError.displayError(frame, ex); } finally { IOUtils.closeQuietly(fos); } }
From source file:org.xipki.ca.client.shell.loadtest.CALoadTestRevokeCommand.java
License:Open Source License
@Override protected Object _doExecute() throws Exception { if (numThreads < 1) { throw new IllegalCmdParamException("invalid number of threads " + numThreads); }/* w w w .j ava 2s .c om*/ if (durationInSecond < 1) { throw new IllegalCmdParamException("invalid duration " + durationInSecond); } StringBuilder startMsg = new StringBuilder(); startMsg.append("threads: ").append(numThreads).append("\n"); startMsg.append("max. duration: ").append(AbstractLoadTest.formatTime(durationInSecond).trim()) .append("\n"); startMsg.append("issuer: ").append(issuerCertFile).append("\n"); startMsg.append("cadb: ").append(caDbConfFile).append("\n"); startMsg.append("maxCerts: ").append(maxCerts).append("\n"); startMsg.append("#certs/request: ").append(n).append("\n"); startMsg.append("unit: ").append(n).append(" certificate"); if (n > 1) { startMsg.append("s"); } startMsg.append("\n"); out(startMsg.toString()); Certificate caCert = Certificate.getInstance(IoUtil.read(issuerCertFile)); Properties props = new Properties(); props.load(new FileInputStream(IoUtil.expandFilepath(caDbConfFile))); props.setProperty("autoCommit", "false"); props.setProperty("readOnly", "true"); props.setProperty("maximumPoolSize", "1"); props.setProperty("minimumIdle", "1"); DataSourceWrapper caDataSource = dataSourceFactory.createDataSource(null, props, securityFactory.getPasswordResolver()); try { CALoadTestRevoke loadTest = new CALoadTestRevoke(caClient, caCert, caDataSource, maxCerts, n); loadTest.setDuration(durationInSecond); loadTest.setThreads(numThreads); loadTest.test(); } finally { caDataSource.shutdown(); } return null; }