List of usage examples for org.bouncycastle.asn1.x509 Certificate getInstance
public static Certificate getInstance(Object obj)
From source file:org.xipki.pki.scep.util.ScepUtil.java
License:Open Source License
/** * The first one is a non-CA certificate if there exists one non-CA certificate. *//* w w w .j av a 2 s .co m*/ public static List<X509Certificate> getCertsFromSignedData(final SignedData signedData) throws CertificateException { ParamUtil.requireNonNull("signedData", signedData); ASN1Set set = signedData.getCertificates(); if (set == null) { return Collections.emptyList(); } final int n = set.size(); if (n == 0) { return Collections.emptyList(); } List<X509Certificate> certs = new LinkedList<X509Certificate>(); X509Certificate eeCert = null; for (int i = 0; i < n; i++) { X509Certificate cert; try { cert = toX509Cert(Certificate.getInstance(set.getObjectAt(i))); } catch (IllegalArgumentException ex) { throw new CertificateException(ex); } if (eeCert == null && cert.getBasicConstraints() == -1) { eeCert = cert; } else { certs.add(cert); } } if (eeCert != null) { certs.add(0, eeCert); } return certs; }
From source file:org.xipki.security.shell.CertRequestGenCommand.java
License:Open Source License
@Override protected Object _doExecute() throws Exception { P10RequestGenerator p10Gen = new P10RequestGenerator(); hashAlgo = hashAlgo.trim().toUpperCase(); if (hashAlgo.indexOf('-') != -1) { hashAlgo = hashAlgo.replaceAll("-", ""); }/*from w w w . j ava2 s . co m*/ if (needExtensionTypes == null) { needExtensionTypes = new LinkedList<>(); } // SubjectAltNames List<Extension> extensions = new LinkedList<>(); if (isNotEmpty(subjectAltNames)) { extensions.add(P10RequestGenerator.createExtensionSubjectAltName(subjectAltNames, false)); needExtensionTypes.add(Extension.subjectAlternativeName.getId()); } // SubjectInfoAccess if (isNotEmpty(subjectInfoAccesses)) { extensions.add(P10RequestGenerator.createExtensionSubjectInfoAccess(subjectInfoAccesses, false)); needExtensionTypes.add(Extension.subjectInfoAccess.getId()); } // Keyusage if (isNotEmpty(keyusages)) { Set<KeyUsage> usages = new HashSet<>(); for (String usage : keyusages) { usages.add(KeyUsage.getKeyUsage(usage)); } org.bouncycastle.asn1.x509.KeyUsage extValue = X509Util.createKeyUsage(usages); ASN1ObjectIdentifier extType = Extension.keyUsage; extensions.add(new Extension(extType, false, extValue.getEncoded())); needExtensionTypes.add(extType.getId()); } // ExtendedKeyusage if (isNotEmpty(extkeyusages)) { Set<ASN1ObjectIdentifier> oids = new HashSet<>(SecurityUtil.textToASN1ObjectIdentifers(extkeyusages)); ExtendedKeyUsage extValue = X509Util.createExtendedUsage(oids); ASN1ObjectIdentifier extType = Extension.extendedKeyUsage; extensions.add(new Extension(extType, false, extValue.getEncoded())); needExtensionTypes.add(extType.getId()); } if (isNotEmpty(needExtensionTypes) || isNotEmpty(wantExtensionTypes)) { ExtensionExistence ee = new ExtensionExistence( SecurityUtil.textToASN1ObjectIdentifers(needExtensionTypes), SecurityUtil.textToASN1ObjectIdentifers(wantExtensionTypes)); extensions.add(new Extension(ObjectIdentifiers.id_xipki_ext_cmpRequestExtensions, false, ee.toASN1Primitive().getEncoded())); } ConcurrentContentSigner identifiedSigner = getSigner(hashAlgo, new SignatureAlgoControl(rsaMgf1, dsaPlain)); Certificate cert = Certificate.getInstance(identifiedSigner.getCertificate().getEncoded()); X500Name subjectDN; if (subject != null) { subjectDN = new X500Name(subject); } else { subjectDN = cert.getSubject(); } SubjectPublicKeyInfo subjectPublicKeyInfo = cert.getSubjectPublicKeyInfo(); ContentSigner signer = identifiedSigner.borrowContentSigner(); PKCS10CertificationRequest p10Req; try { p10Req = p10Gen.generateRequest(signer, subjectPublicKeyInfo, subjectDN, extensions); } finally { identifiedSigner.returnContentSigner(signer); } File file = new File(outputFilename); saveVerbose("saved PKCS#10 request to file", file, p10Req.getEncoded()); return null; }
From source file:org.xipki.security.shell.ExtractCertFromCRLCommand.java
License:Open Source License
@Override protected Object _doExecute() throws Exception { X509CRL crl = X509Util.parseCRL(crlFile); String oidExtnCerts = ObjectIdentifiers.id_xipki_ext_crlCertset.getId(); byte[] extnValue = crl.getExtensionValue(oidExtnCerts); if (extnValue == null) { throw new IllegalCmdParamException("no certificate is contained in " + crlFile); }/*www . j a v a 2s .c om*/ extnValue = removingTagAndLenFromExtensionValue(extnValue); ASN1Set asn1Set = DERSet.getInstance(extnValue); int n = asn1Set.size(); if (n == 0) { throw new CmdFailure("no certificate is contained in " + crlFile); } ByteArrayOutputStream out = new ByteArrayOutputStream(); ZipOutputStream zip = new ZipOutputStream(out); for (int i = 0; i < n; i++) { ASN1Encodable asn1 = asn1Set.getObjectAt(i); Certificate cert; try { ASN1Sequence seq = ASN1Sequence.getInstance(asn1); cert = Certificate.getInstance(seq.getObjectAt(0)); } catch (IllegalArgumentException e) { // backwards compatibility cert = Certificate.getInstance(asn1); } byte[] certBytes = cert.getEncoded(); String sha1_fp_cert = SecurityUtil.sha1sum(certBytes); ZipEntry certZipEntry = new ZipEntry(sha1_fp_cert + ".der"); zip.putNextEntry(certZipEntry); try { zip.write(certBytes); } finally { zip.closeEntry(); } } zip.flush(); zip.close(); saveVerbose("extracted " + n + " certificates to", new File(outFile), out.toByteArray()); return null; }
From source file:org.xwiki.crypto.pkix.internal.BcUtils.java
License:Open Source License
/** * Build the structure of an X.509 certificate. * * @param tbsCert the to be signed structure * @param signature the signature/*from w w w . j a v a 2s .c o m*/ * @return a X.509 certificate holder. */ public static X509CertificateHolder getX509CertificateHolder(TBSCertificate tbsCert, byte[] signature) { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(tbsCert); v.add(tbsCert.getSignature()); v.add(new DERBitString(signature)); return new X509CertificateHolder(Certificate.getInstance(new DERSequence(v))); }