Example usage for org.bouncycastle.asn1.x509 Extension Extension

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.x509 Extension Extension.

Prototype

public Extension(ASN1ObjectIdentifier extnId, boolean critical, ASN1OctetString value)

Source Link

Document

Constructor using an OCTET STRING for the value.

Usage

From source file:co.runrightfast.core.security.cert.X509CertExtension.java

License:Apache License

public Extension toExtension() {
    try {/*  w  ww.j  av a  2  s. co  m*/
        return new Extension(oid, critical, value.toASN1Primitive().getEncoded(DER.name()));
    } catch (final IOException ex) {
        throw new ApplicationException(ex);
    }
}

From source file:com.aqnote.shared.cryptology.cert.tool.X509CertTool.java

License:Open Source License

public static Extension getExtension(String oid, String value) throws IOException {
    if (oid == null || StringUtils.isBlank(value)) {
        return null;
    }/*from   w  ww. j  a va  2s .c  o m*/
    ASN1ObjectIdentifier loginNameOID = new ASN1ObjectIdentifier(oid);
    byte l = (byte) value.length();
    byte f = 0x04;
    byte[] bs = new byte[value.length() + 2];
    bs[0] = f;
    bs[1] = l;
    for (int i = 2; i < bs.length; i++) {
        bs[i] = (byte) value.charAt(i - 2);
    }
    return new Extension(loginNameOID, true, bs);
}

From source file:com.itextpdf.signatures.SignUtils.java

License:Open Source License

static OCSPReq generateOcspRequestWithNonce(CertificateID id) throws IOException, OCSPException {
    OCSPReqBuilder gen = new OCSPReqBuilder();
    gen.addRequest(id);//from w w w.  j av a  2 s  . c om

    Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false,
            new DEROctetString(new DEROctetString(PdfEncryption.generateNewDocumentId()).getEncoded()));
    gen.setRequestExtensions(new Extensions(new Extension[] { ext }));
    return gen.build();
}

From source file:com.itextpdf.text.pdf.security.OcspClientBouncyCastle.java

License:Open Source License

/**
 * Generates an OCSP request using BouncyCastle.
 * @param issuerCert   certificate of the issues
 * @param serialNumber   serial number/*w  ww  .  jav  a 2  s . c  o m*/
 * @return   an OCSP request
 * @throws OCSPException
 * @throws IOException
 */
private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber)
        throws OCSPException, IOException, OperatorException, CertificateEncodingException {
    //Add provider BC
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

    // Generate the id for the certificate we are looking for
    CertificateID id = new CertificateID(
            new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1),
            new JcaX509CertificateHolder(issuerCert), serialNumber);

    // basic request generation with nonce
    OCSPReqBuilder gen = new OCSPReqBuilder();

    gen.addRequest(id);

    Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false,
            new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded()));
    gen.setRequestExtensions(new Extensions(new Extension[] { ext }));

    return gen.build();
}

From source file:com.tremolosecurity.proxy.auth.ssl.OCSP.java

License:Apache License

private OCSPReq generateOcspRequest(X509Certificate issuerCert, BigInteger serialNumber)
        throws OCSPException, CertificateEncodingException, OperatorCreationException, IOException {

    BcDigestCalculatorProvider util = new BcDigestCalculatorProvider();

    // Generate the id for the certificate we are looking for
    CertificateID id = new CertificateID(util.get(CertificateID.HASH_SHA1),
            new X509CertificateHolder(issuerCert.getEncoded()), serialNumber);
    OCSPReqBuilder ocspGen = new OCSPReqBuilder();

    ocspGen.addRequest(id);/* ww w .  j a  va2 s  . c o  m*/

    BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
    Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true,
            new DEROctetString(nonce.toByteArray()));
    ocspGen.setRequestExtensions(new Extensions(new Extension[] { ext }));

    return ocspGen.build();
}

From source file:com.vmware.admiral.common.util.CertificateUtil.java

License:Open Source License

private static List<ExtensionHolder> getServerExtensions(X509Certificate issuerCertificate)
        throws CertificateEncodingException, NoSuchAlgorithmException, IOException {
    List<ExtensionHolder> extensions = new ArrayList<>();

    // SSO forces us to allow data encipherment
    extensions.add(new ExtensionHolder(Extension.keyUsage, true,
            new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment)));

    extensions.add(new ExtensionHolder(Extension.extendedKeyUsage, true,
            new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)));

    Extension authorityKeyExtension = new Extension(Extension.authorityKeyIdentifier, false,
            new DEROctetString(new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(issuerCertificate)));
    extensions.add(new ExtensionHolder(authorityKeyExtension.getExtnId(), authorityKeyExtension.isCritical(),
            authorityKeyExtension.getParsedValue()));

    return extensions;
}

From source file:controller.CCInstance.java

License:Open Source License

private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber)
        throws OCSPException, IOException, OperatorException, CertificateEncodingException {
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
    CertificateID id = new CertificateID(
            new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1),
            new JcaX509CertificateHolder(issuerCert), serialNumber);
    OCSPReqBuilder gen = new OCSPReqBuilder();
    gen.addRequest(id);/*w  ww.  ja v a2  s  .co m*/
    Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false,
            new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded()));
    gen.setRequestExtensions(new Extensions(new Extension[] { ext }));
    return gen.build();
}

From source file:eu.europa.ec.markt.dss.validation102853.ocsp.OnlineOCSPSource.java

License:Open Source License

private byte[] buildOCSPRequest(final X509Certificate x509Certificate,
        final X509Certificate issuerX509Certificate) throws DSSException {

    try {/*  w  ww  . j ava 2s .  co m*/

        final CertificateID certId = DSSRevocationUtils.getOCSPCertificateID(x509Certificate,
                issuerX509Certificate);
        final OCSPReqBuilder ocspReqBuilder = new OCSPReqBuilder();
        ocspReqBuilder.addRequest(certId);

        /*
         * The nonce extension is used to bind a request to a response to prevent replay attacks.
          */
        if (ADD_NONCE) {

            final long currentTimeNonce = System.currentTimeMillis();

            nonce = new DEROctetString(DSSUtils.toByteArray(currentTimeNonce));
            final Extension extension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, nonce);
            final Extensions extensions = new Extensions(extension);
            ocspReqBuilder.setRequestExtensions(extensions);
        }
        final OCSPReq ocspReq = ocspReqBuilder.build();
        final byte[] ocspReqData = ocspReq.getEncoded();
        return ocspReqData;
    } catch (OCSPException e) {
        throw new DSSException(e);
    } catch (IOException e) {
        throw new DSSException(e);
    }
}

From source file:eu.europa.esig.dss.client.ocsp.OnlineOCSPSource.java

License:Open Source License

private byte[] buildOCSPRequest(final CertificateID certId) throws DSSException {
    try {//  ww  w  . j  a v  a 2s  .  c  o m
        final OCSPReqBuilder ocspReqBuilder = new OCSPReqBuilder();
        ocspReqBuilder.addRequest(certId);
        /*
         * The nonce extension is used to bind a request to a response to prevent replay attacks.
         * RFC 6960 (OCSP) section 4.1.2 such extensions SHOULD NOT be flagged as critical
         */
        if (nonceSource != null) {
            Extension extension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false,
                    new DEROctetString(nonceSource.getNonce().toByteArray()));
            Extensions extensions = new Extensions(extension);
            ocspReqBuilder.setRequestExtensions(extensions);
        }
        final OCSPReq ocspReq = ocspReqBuilder.build();
        final byte[] ocspReqData = ocspReq.getEncoded();
        return ocspReqData;
    } catch (OCSPException e) {
        throw new DSSException("Cannot build OCSP Request", e);
    } catch (IOException e) {
        throw new DSSException("Cannot build OCSP Request", e);
    }
}

From source file:eu.europa.esig.dss.cookbook.sources.AlwaysValidOCSPSource.java

License:Open Source License

public OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws DSSException {

    try {/* w w w . j  a va  2 s  .com*/

        final DigestCalculator digestCalculator = DSSRevocationUtils.getSHA1DigestCalculator();
        // Generate the id for the certificate we are looking for
        CertificateID id = new CertificateID(digestCalculator,
                new X509CertificateHolder(issuerCert.getEncoded()), serialNumber);

        // basic request generation with nonce
        OCSPReqBuilder ocspGen = new OCSPReqBuilder();

        ocspGen.addRequest(id);

        // create details for nonce extension
        BigInteger nonce = BigInteger.valueOf(ocspDate.getTime());

        Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true,
                new DEROctetString(nonce.toByteArray()));
        ocspGen.setRequestExtensions(new Extensions(new Extension[] { ext }));

        return ocspGen.build();
    } catch (OCSPException e) {
        throw new DSSException(e);
    } catch (IOException e) {
        throw new DSSException(e);
    } catch (CertificateEncodingException e) {
        throw new DSSException(e);
    }
}