List of usage examples for org.bouncycastle.asn1.x509 KeyPurposeId getInstance
public static KeyPurposeId getInstance(Object o)
From source file:net.sf.keystore_explorer.gui.dialogs.extensions.DExtendedKeyUsage.java
License:Open Source License
private void okPressed() { if (!jcbTlsWebServerAuthentication.isSelected() && !jcbTlsWebClientAuthentication.isSelected() && !jcbCodeSigning.isSelected() && !jcbEmailProtection.isSelected() && !jcbIpSecurityEndSystem.isSelected() && !jcbIpSecurityTunnelTermination.isSelected() && !jcbIpSecurityUser.isSelected() && !jcbTimeStamping.isSelected() && !jcbOcspStamping.isSelected() && !jcbDocumentSigning.isSelected() && !jcbAdobePDFSigning.isSelected() && !jcbEncryptedFileSystem.isSelected() && !jcbAnyExtendedKeyUsage.isSelected()) { JOptionPane.showMessageDialog(this, res.getString("DExtendedKeyUsage.ValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE); return;/* ww w. ja v a2 s. co m*/ } ArrayList<KeyPurposeId> keyPurposeIds = new ArrayList<KeyPurposeId>(); if (jcbTlsWebServerAuthentication.isSelected()) { keyPurposeIds.add(KeyPurposeId.getInstance(new ASN1ObjectIdentifier(SERVER_AUTH.oid()))); } if (jcbTlsWebClientAuthentication.isSelected()) { keyPurposeIds.add(KeyPurposeId.getInstance(new ASN1ObjectIdentifier(CLIENT_AUTH.oid()))); } if (jcbCodeSigning.isSelected()) { keyPurposeIds.add(KeyPurposeId.getInstance(new ASN1ObjectIdentifier(CODE_SIGNING.oid()))); } if (jcbDocumentSigning.isSelected()) { keyPurposeIds.add(KeyPurposeId.getInstance(new ASN1ObjectIdentifier(DOCUMENT_SIGNING.oid()))); } if (jcbAdobePDFSigning.isSelected()) { keyPurposeIds.add(KeyPurposeId.getInstance(new ASN1ObjectIdentifier(ADOBE_PDF_SIGNING.oid()))); } if (jcbEmailProtection.isSelected()) { keyPurposeIds.add(KeyPurposeId.getInstance(new ASN1ObjectIdentifier(EMAIL_PROTECTION.oid()))); } if (jcbEncryptedFileSystem.isSelected()) { keyPurposeIds.add(KeyPurposeId.getInstance(new ASN1ObjectIdentifier(ENCRYPTED_FILE_SYSTEM.oid()))); } if (jcbIpSecurityEndSystem.isSelected()) { keyPurposeIds.add(KeyPurposeId.getInstance(new ASN1ObjectIdentifier(IPSEC_END_SYSTEM.oid()))); } if (jcbIpSecurityTunnelTermination.isSelected()) { keyPurposeIds.add(KeyPurposeId.getInstance(new ASN1ObjectIdentifier(IPSEC_TUNNEL.oid()))); } if (jcbIpSecurityUser.isSelected()) { keyPurposeIds.add(KeyPurposeId.getInstance(new ASN1ObjectIdentifier(IPSEC_USER.oid()))); } if (jcbTimeStamping.isSelected()) { keyPurposeIds.add(KeyPurposeId.getInstance(new ASN1ObjectIdentifier(TIME_STAMPING.oid()))); } if (jcbOcspStamping.isSelected()) { keyPurposeIds.add(KeyPurposeId.getInstance(new ASN1ObjectIdentifier(OCSP_SIGNING.oid()))); } if (jcbSmartcardLogon.isSelected()) { keyPurposeIds.add(KeyPurposeId.getInstance(new ASN1ObjectIdentifier(SMARTCARD_LOGON.oid()))); } if (jcbAnyExtendedKeyUsage.isSelected()) { keyPurposeIds.add(KeyPurposeId.getInstance(new ASN1ObjectIdentifier(ANY_EXTENDED_KEY_USAGE.oid()))); } ExtendedKeyUsage extendedKeyUsage = new ExtendedKeyUsage( keyPurposeIds.toArray(new KeyPurposeId[keyPurposeIds.size()])); try { value = extendedKeyUsage.getEncoded(ASN1Encoding.DER); } catch (IOException ex) { DError dError = new DError(this, ex); dError.setLocationRelativeTo(this); dError.setVisible(true); return; } closeDialog(); }
From source file:org.cesecore.keybind.impl.OcspKeyBindingTest.java
License:Open Source License
/** @return An extended key usage extension with id_kp_OCSPSigning set. */ private static Extension getExtendedKeyUsageExtension() throws IOException { final ASN1Encodable usage = KeyPurposeId.getInstance(KeyPurposeId.id_kp_OCSPSigning); final ASN1Sequence seq = ASN1Sequence.getInstance(new DERSequence(usage)); return new Extension(Extension.extendedKeyUsage, true, seq.getEncoded()); }
From source file:org.cesecore.util.provider.EkuPKIXCertPathCheckerTest.java
License:Open Source License
/** @return true if the extendedKeyUsage was accepted */ private boolean validateCert(KeyPair keyPair, boolean isCa, List<String> actualOids, List<String> requiredOids) throws Exception { final long now = System.currentTimeMillis(); final List<Extension> additionalExtensions = new ArrayList<Extension>(); if (actualOids != null) { List<KeyPurposeId> actual = new ArrayList<KeyPurposeId>(); for (final String oid : actualOids) { actual.add(KeyPurposeId.getInstance(new ASN1ObjectIdentifier(oid))); }//from ww w . j a v a 2 s .c om final ExtendedKeyUsage extendedKeyUsage = new ExtendedKeyUsage(actual.toArray(new KeyPurposeId[0])); final ASN1Sequence seq = ASN1Sequence.getInstance(extendedKeyUsage.toASN1Primitive()); final Extension extension = new Extension(Extension.extendedKeyUsage, true, seq.getEncoded()); additionalExtensions.add(extension); } final int ku; if (isCa) { ku = X509KeyUsage.cRLSign | X509KeyUsage.keyCertSign; } else { ku = X509KeyUsage.digitalSignature | X509KeyUsage.keyEncipherment; } final X509Certificate cert = CertTools.genSelfCertForPurpose("CN=dummy", new Date(now - 3600000L), new Date(now + 3600000L), null, keyPair.getPrivate(), keyPair.getPublic(), AlgorithmConstants.SIGALG_SHA1_WITH_RSA, isCa, ku, null, null, BouncyCastleProvider.PROVIDER_NAME, true, additionalExtensions); final PKIXCertPathChecker pkixCertPathChecker = new EkuPKIXCertPathChecker(requiredOids); final Collection<String> unresolvedCritExts = new ArrayList<String>( Arrays.asList(new String[] { Extension.extendedKeyUsage.getId() })); pkixCertPathChecker.check(cert, unresolvedCritExts); return !unresolvedCritExts.contains(Extension.extendedKeyUsage.getId()); }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
/** * Check the extensions in the certification request * * @throws OperatorCreationException/*from ww w .ja va 2 s . co m*/ * @throws PKICMPMessageException * @throws CertificateEncodingException * @throws IOException * @throws CRMFException * @throws CMPException * @throws CMSException */ @Test public void testCertificationWithExtensions() throws OperatorCreationException, PKICMPMessageException, CertificateEncodingException, IOException, CRMFException, CMPException, CMSException, NoSuchFieldException, IllegalAccessException { String distinguishedName = pki.getTestUser1Cert().getSubjectX500Principal().getName(); KeyPair keyPair = new KeyPair(pki.getTestUser1Cert().getPublicKey(), pki.getTestUser1CertPrivateKey()); List<Extension> extensionList = new ArrayList<Extension>(); // KeyUsage extensionList.add(new Extension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.nonRepudiation).getEncoded())); // Extended keyUsage List<KeyPurposeId> keyPurposeIds = new ArrayList<KeyPurposeId>(); keyPurposeIds.add(KeyPurposeId.getInstance(KeyPurposeId.id_kp_clientAuth)); keyPurposeIds.add(KeyPurposeId.getInstance(KeyPurposeId.id_kp_emailProtection)); extensionList.add(new Extension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(keyPurposeIds.toArray(new KeyPurposeId[keyPurposeIds.size()])).getEncoded())); // Subject alternative names List<GeneralName> generalNames = new ArrayList<GeneralName>(); generalNames.add(new GeneralName(GeneralName.dNSName, "www1.cryptable.org")); generalNames.add(new GeneralName(GeneralName.dNSName, "www2.cryptable.org")); GeneralNames subjectAlternativeName = new GeneralNames( generalNames.toArray(new GeneralName[generalNames.size()])); extensionList.add( new Extension(X509Extension.subjectAlternativeName, false, subjectAlternativeName.getEncoded())); PKICMPMessages pkiMessages = new PKICMPMessages(); pkiMessages.setPkiKeyStore(pkiKeyStoreRA); pkiMessages.setExtensions(extensionList.toArray(new Extension[extensionList.size()])); byte[] result = pkiMessages.createCertificateMessageWithLocalKey(distinguishedName, keyPair); ASN1InputStream asn1InputStream = new ASN1InputStream(result); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); PKIMessage pkiMessage = PKIMessage.getInstance(asn1Primitive); CertReqMsg[] certReqMsgs = CertReqMessages.getInstance(pkiMessage.getBody().getContent()) .toCertReqMsgArray(); // KeyUsage KeyUsage verifyKeyUsage = KeyUsage.getInstance(certReqMsgs[0].getCertReq().getCertTemplate().getExtensions() .getExtensionParsedValue(Extension.keyUsage)); Assert.assertEquals(KeyUsage.digitalSignature | KeyUsage.nonRepudiation, verifyKeyUsage.getBytes()[0] & 0xFF); // Extended KeyUsage ExtendedKeyUsage verifyExtendedKeyUsage = ExtendedKeyUsage .fromExtensions(certReqMsgs[0].getCertReq().getCertTemplate().getExtensions()); Assert.assertTrue(verifyExtendedKeyUsage.hasKeyPurposeId(KeyPurposeId.id_kp_clientAuth)); Assert.assertTrue(verifyExtendedKeyUsage.hasKeyPurposeId(KeyPurposeId.id_kp_emailProtection)); // Subject Alternative Name GeneralNames verifyGeneralNames = GeneralNames.fromExtensions( certReqMsgs[0].getCertReq().getCertTemplate().getExtensions(), Extension.subjectAlternativeName); Assert.assertTrue(generalNames.contains(verifyGeneralNames.getNames()[0])); Assert.assertTrue(generalNames.contains(verifyGeneralNames.getNames()[1])); }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
/** * Test the confirmation message from the certification authority * * @throws IOException//from www. j av a2 s . co m * @throws CertificateEncodingException * @throws OperatorCreationException * @throws CMPException */ @Test public void testKeyUpdateWithLocalKeyWithExtensions() throws IOException, CertificateEncodingException, OperatorCreationException, CMPException, PKICMPMessageException, CRMFException, IllegalAccessException, CMSException, NoSuchFieldException { PKICMPMessages pkiMessages = new PKICMPMessages(); pkiMessages.setPkiKeyStore(pkiKeyStoreRA); KeyPair keyPair = new KeyPair(pki.getTestUser2Cert().getPublicKey(), pki.getTestUser2CertPrivateKey()); List<Extension> extensionList = new ArrayList<Extension>(); // KeyUsage extensionList.add(new Extension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.nonRepudiation).getEncoded())); // Extended keyUsage List<KeyPurposeId> keyPurposeIds = new ArrayList<KeyPurposeId>(); keyPurposeIds.add(KeyPurposeId.getInstance(KeyPurposeId.id_kp_clientAuth)); keyPurposeIds.add(KeyPurposeId.getInstance(KeyPurposeId.id_kp_emailProtection)); extensionList.add(new Extension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(keyPurposeIds.toArray(new KeyPurposeId[keyPurposeIds.size()])).getEncoded())); pkiMessages.setExtensions(extensionList.toArray(new Extension[extensionList.size()])); byte[] result = pkiMessages.createKeyUpdateMessageWithLocalKey(pki.getRACert(), keyPair); ASN1InputStream asn1InputStream = new ASN1InputStream(result); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); PKIMessage pkiMessage = PKIMessage.getInstance(asn1Primitive); // Check the Body CertReqMsg[] certReqMsgs = CertReqMessages.getInstance(pkiMessage.getBody().getContent()) .toCertReqMsgArray(); // Extensions check // KeyUsage KeyUsage verifyKeyUsage = KeyUsage.getInstance(certReqMsgs[0].getCertReq().getCertTemplate().getExtensions() .getExtensionParsedValue(Extension.keyUsage)); Assert.assertEquals(KeyUsage.digitalSignature | KeyUsage.nonRepudiation, verifyKeyUsage.getBytes()[0] & 0xFF); // Extended KeyUsage ExtendedKeyUsage verifyExtendedKeyUsage = ExtendedKeyUsage .fromExtensions(certReqMsgs[0].getCertReq().getCertTemplate().getExtensions()); Assert.assertTrue(verifyExtendedKeyUsage.hasKeyPurposeId(KeyPurposeId.id_kp_clientAuth)); Assert.assertTrue(verifyExtendedKeyUsage.hasKeyPurposeId(KeyPurposeId.id_kp_emailProtection)); }
From source file:org.cryptacular.x509.ExtensionReader.java
License:Open Source License
/** * Reads the value of the <code>ExtendedKeyUsage</code> extension field of the * certificate.//ww w .ja va 2 s. c o m * * @return List of supported extended key usages or null if extension is not * defined. */ public List<KeyPurposeId> readExtendedKeyUsage() { final ASN1Encodable data = read(ExtensionType.ExtendedKeyUsage); if (data == null) { return null; } final ASN1Sequence sequence = ASN1Sequence.getInstance(data); final List<KeyPurposeId> list = new ArrayList<>(sequence.size()); for (int i = 0; i < sequence.size(); i++) { list.add(KeyPurposeId.getInstance(sequence.getObjectAt(i))); } return list; }
From source file:org.kse.gui.dialogs.extensions.DSelectStandardExtensionTemplate.java
License:Open Source License
private void addExtKeyUsage(X509ExtensionSet extensionSet, String ekuOid) throws IOException { ExtendedKeyUsage eku = new ExtendedKeyUsage( new KeyPurposeId[] { KeyPurposeId.getInstance(new ASN1ObjectIdentifier(ekuOid)) }); byte[] ekuEncoded = wrapInOctetString(eku.getEncoded()); extensionSet.addExtension(X509ExtensionType.EXTENDED_KEY_USAGE.oid(), false, ekuEncoded); }
From source file:org.metaeffekt.dcc.commons.pki.CertificateManager.java
License:Apache License
private KeyPurposeId[] createKeyPurposeIds(KeyPurposeId[] defaultKeyPurposeIds) { String purpose = getProperty(PROPERTY_CERT_PURPOSE, ""); String[] split = purpose.split(","); List<KeyPurposeId> purposeList = new ArrayList<>(); for (int i = 0; i < split.length; i++) { String p = split[i].trim(); if (StringUtils.isNotBlank(p)) { switch (p) { case PURPOSE_CLIENT_AUTHENTICATION: purposeList.add(KeyPurposeId.id_kp_clientAuth); break; case PURPOSE_SERVER_AUTHENTICATION: purposeList.add(KeyPurposeId.id_kp_serverAuth); break; default: try { ASN1ObjectIdentifier newKeyPurposeIdOID = new ASN1ObjectIdentifier(p); purposeList.add(KeyPurposeId.getInstance(newKeyPurposeIdOID)); } catch (IllegalArgumentException e) { throw new IllegalArgumentException(String.format( "Certificate purpose '%s' not supported. " + "Supported values are '%s', '%s', or any valid OID.", p, PURPOSE_CLIENT_AUTHENTICATION, PURPOSE_SERVER_AUTHENTICATION)); }//from w ww.ja v a 2s .c om } } } if (purposeList.isEmpty()) { return defaultKeyPurposeIds; } return purposeList.toArray(new KeyPurposeId[purposeList.size()]); }
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private void checkExtensionExtendedKeyUsage(final StringBuilder failureMsg, final byte[] extensionValue, final Extensions requestExtensions, final ExtensionControl extControl) { Set<String> isUsages = new HashSet<>(); {// ww w. j av a2s . c o m org.bouncycastle.asn1.x509.ExtendedKeyUsage keyusage = org.bouncycastle.asn1.x509.ExtendedKeyUsage .getInstance(extensionValue); KeyPurposeId[] usages = keyusage.getUsages(); if (usages != null) { for (KeyPurposeId usage : usages) { isUsages.add(usage.getId()); } } } Set<String> expectedUsages = new HashSet<>(); Set<ExtKeyUsageControl> requiredExtKeyusage = getExtKeyusage(true); if (requiredExtKeyusage != null) { for (ExtKeyUsageControl usage : requiredExtKeyusage) { expectedUsages.add(usage.getExtKeyUsage().getId()); } } Set<ExtKeyUsageControl> optionalExtKeyusage = getExtKeyusage(false); if (extControl.isRequest() && requestExtensions != null && CollectionUtil.isNotEmpty(optionalExtKeyusage)) { Extension extension = requestExtensions.getExtension(Extension.extendedKeyUsage); if (extension != null) { org.bouncycastle.asn1.x509.ExtendedKeyUsage reqKeyUsage = org.bouncycastle.asn1.x509.ExtendedKeyUsage .getInstance(extension.getParsedValue()); for (ExtKeyUsageControl k : optionalExtKeyusage) { if (reqKeyUsage.hasKeyPurposeId(KeyPurposeId.getInstance(k.getExtKeyUsage()))) { expectedUsages.add(k.getExtKeyUsage().getId()); } } } } if (CollectionUtil.isEmpty(expectedUsages)) { byte[] constantExtValue = getConstantExtensionValue(Extension.keyUsage); if (constantExtValue != null) { expectedUsages = getExtKeyUsage(constantExtValue); } } Set<String> diffs = str_in_b_not_in_a(expectedUsages, isUsages); if (CollectionUtil.isNotEmpty(diffs)) { failureMsg.append("usages " + diffs.toString() + " are present but not expected"); failureMsg.append("; "); } diffs = str_in_b_not_in_a(isUsages, expectedUsages); if (CollectionUtil.isNotEmpty(diffs)) { failureMsg.append("usages " + diffs.toString() + " are absent but are required"); failureMsg.append("; "); } }
From source file:org.xipki.ca.server.impl.IdentifiedX509Certprofile.java
License:Open Source License
private static void addRequestedExtKeyusage(final Set<ASN1ObjectIdentifier> usages, final Extensions requestExtensions, final Set<ExtKeyUsageControl> usageOccs) { Extension extension = requestExtensions.getExtension(Extension.extendedKeyUsage); if (extension == null) { return;//from w w w .j a va 2s . c o m } ExtendedKeyUsage reqKeyUsage = ExtendedKeyUsage.getInstance(extension.getParsedValue()); for (ExtKeyUsageControl k : usageOccs) { if (k.isRequired()) { continue; } if (reqKeyUsage.hasKeyPurposeId(KeyPurposeId.getInstance(k.getExtKeyUsage()))) { usages.add(k.getExtKeyUsage()); } } }