Example usage for org.bouncycastle.asn1.x509 KeyUsage getEncoded

List of usage examples for org.bouncycastle.asn1.x509 KeyUsage getEncoded

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.x509.*
  5. KeyUsage
  6. getEncoded

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.x509 KeyUsage getEncoded.

Prototype

public byte[] getEncoded() throws IOException

Source Link

Document

Return the default BER or DER encoding for this object.

Usage

From source file:org.hyperledger.fabric.sdk.security.certgen.TLSCertificateBuilder.java

License:Open Source License

private X509Certificate createSelfSignedCertificate(CertType certType, KeyPair keyPair, String san)
        throws Exception {
    X509v3CertificateBuilder certBuilder = createCertBuilder(keyPair);

    // Basic constraints
    BasicConstraints constraints = new BasicConstraints(false);
    certBuilder.addExtension(Extension.basicConstraints, true, constraints.getEncoded());
    // Key usage/* ww w.j av  a  2 s.c  o m*/
    KeyUsage usage = new KeyUsage(KeyUsage.keyEncipherment | KeyUsage.digitalSignature);
    certBuilder.addExtension(Extension.keyUsage, false, usage.getEncoded());
    // Extended key usage
    certBuilder.addExtension(Extension.extendedKeyUsage, false, certType.keyUsage().getEncoded());

    if (san != null) {
        addSAN(certBuilder, san);
    }

    ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(keyPair.getPrivate());
    X509CertificateHolder holder = certBuilder.build(signer);

    JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
    converter.setProvider(new BouncyCastleProvider());
    return converter.getCertificate(holder);
}

From source file:org.kse.gui.dialogs.extensions.DSelectStandardExtensionTemplate.java

License:Open Source License

private void addKeyUsage(X509ExtensionSet extensionSet, int usage) throws IOException {
    KeyUsage ku = new KeyUsage(usage);
    byte[] kuEncoded = wrapInOctetString(ku.getEncoded());
    extensionSet.addExtension(X509ExtensionType.KEY_USAGE.oid(), false, kuEncoded);
}

From source file:org.metaeffekt.dcc.commons.pki.CertificateManager.java

License:Apache License

protected List<Extension> createExtensions(PublicKey publicKey, X509Certificate issuerCertificate)
        throws CertIOException, NoSuchAlgorithmException, IOException {

    List<Extension> extensions = new ArrayList<>();

    String certType = getProperty(PROPERTY_CERT_TYPE, CERT_TYPE_TLS);

    // backward compatibility
    if (CERT_TYPE_CA_OLD.equals(certType)) {
        certType = CERT_TYPE_CA;//from   ww  w  . j  av a  2 s  .  c o  m
    }

    // subject key identifier
    boolean criticalKeyIdentifier = getProperty(PROPERTY_CERT_CRITICAL_KEY_IDENTIFIER, false);
    extensions.add(new Extension(Extension.subjectKeyIdentifier, criticalKeyIdentifier,
            new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKey).getEncoded()));

    // basic constraints
    if (CERT_TYPE_CA.equals(certType)) {
        boolean criticalCaConstraints = getProperty(PROPERTY_CERT_CRITICAL_CA, true);
        int chainLengthConstraint = getProperty(PROPERTY_CERT_CHAIN_LENGTH, 0);
        if (chainLengthConstraint > 0) {
            extensions.add(new Extension(Extension.basicConstraints, criticalCaConstraints,
                    new BasicConstraints(chainLengthConstraint).getEncoded()));
        } else {
            extensions.add(new Extension(Extension.basicConstraints, criticalCaConstraints,
                    new BasicConstraints(true).getEncoded()));
        }
    }

    // key usage
    int keyUsageInt = getKeyUsage(certType);
    if (keyUsageInt != 0) {
        // FIXME: test whether we can default to true here
        boolean criticalKeyUsage = getProperty(PROPERTY_CERT_CRITICAL_KEY_USAGE, false);
        KeyUsage keyUsage = new KeyUsage(keyUsageInt);
        extensions.add(new Extension(Extension.keyUsage, criticalKeyUsage, keyUsage.getEncoded()));
    }

    // extended key usage
    KeyPurposeId[] keyPurposeDefault = null;
    if (CERT_TYPE_TLS.equals(certType)) {
        // defaults for TLS
        keyPurposeDefault = new KeyPurposeId[] { KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth };
    }
    boolean criticalKeyPurpose = getProperty(PROPERTY_CERT_CRITICAL_KEY_PURPOSE, false);
    KeyPurposeId[] keyPurpose = createKeyPurposeIds(keyPurposeDefault);
    if (keyPurpose != null) {
        extensions.add(new Extension(Extension.extendedKeyUsage, criticalKeyPurpose,
                new ExtendedKeyUsage(keyPurpose).getEncoded()));
    }

    // subjectAlternativeName
    List<ASN1Encodable> subjectAlternativeNames = extractAlternativeNames(PROPERTY_PREFIX_CERT_NAME);
    if (!subjectAlternativeNames.isEmpty()) {
        boolean criticalNames = getProperty(PROPERTY_CERT_CRITICAL_NAMES, false);
        DERSequence subjectAlternativeNamesExtension = new DERSequence(
                subjectAlternativeNames.toArray(new ASN1Encodable[subjectAlternativeNames.size()]));
        extensions.add(new Extension(Extension.subjectAlternativeName, criticalNames,
                subjectAlternativeNamesExtension.getEncoded()));
    }

    if (issuerCertificate == null) {
        // crl distribution point
        DistributionPoint[] crlDistributionPoints = createCrlDistributionPoints();
        if (crlDistributionPoints != null) {
            boolean criticalCrlDistPoints = getProperty(PROPERTY_CERT_CRITICAL_CRL_DISTRIBUTION_POINTS, false);
            extensions.add(new Extension(Extension.cRLDistributionPoints, criticalCrlDistPoints,
                    new CRLDistPoint(crlDistributionPoints).getEncoded()));
        }

        // authority information access
        AccessDescription[] accessDescriptions = createAccessDescriptions();
        if (accessDescriptions != null) {
            boolean criticalAuthorityInformationAccess = getProperty(
                    PROPERTY_CERT_CRITICAL_AUTHORITY_INFORMATION_ACCESS, false);
            extensions.add(new Extension(Extension.authorityInfoAccess, criticalAuthorityInformationAccess,
                    new AuthorityInformationAccess(accessDescriptions).getEncoded()));
        }
    } else {
        copyExtension(Extension.cRLDistributionPoints, issuerCertificate, extensions);
        copyExtension(Extension.authorityInfoAccess, issuerCertificate, extensions);
    }
    return extensions;
}