List of usage examples for org.bouncycastle.asn1.x509 KeyUsage getInstance
public static KeyUsage getInstance(Object obj)
From source file:de.mendelson.util.security.cert.KeystoreCertificate.java
/** * Returns the key usages of this cert, OID 2.5.29.15 *//*from w w w . j a v a 2s.co m*/ public List<String> getKeyUsages() { List<String> keyUsages = new ArrayList<String>(); byte[] extensionValue = this.certificate.getExtensionValue("2.5.29.15"); if (extensionValue == null) { return (keyUsages); } try { byte[] octedBytes = ((ASN1OctetString) ASN1Primitive.fromByteArray(extensionValue)).getOctets(); //bit encoded values for the key usage int val = KeyUsage.getInstance(ASN1Primitive.fromByteArray(octedBytes)).getPadBits(); //bit 0 if ((val & KeyUsage.digitalSignature) == KeyUsage.digitalSignature) { keyUsages.add("Digital signature"); } //bit 1 if ((val & KeyUsage.nonRepudiation) == KeyUsage.nonRepudiation) { keyUsages.add("Non repudiation"); } //bit 2 if ((val & KeyUsage.keyEncipherment) == KeyUsage.keyEncipherment) { keyUsages.add("Key encipherment"); } //bit 3 if ((val & KeyUsage.dataEncipherment) == KeyUsage.dataEncipherment) { keyUsages.add("Data encipherment"); } //bit 4 if ((val & KeyUsage.keyAgreement) == KeyUsage.keyAgreement) { keyUsages.add("Key agreement"); } //bit 5 if ((val & KeyUsage.keyCertSign) == KeyUsage.keyCertSign) { keyUsages.add("Key certificate signing"); } //bit6 if ((val & KeyUsage.cRLSign) == KeyUsage.cRLSign) { keyUsages.add("CRL signing"); } if ((val & KeyUsage.decipherOnly) == KeyUsage.decipherOnly) { keyUsages.add("Decipher"); } if ((val & KeyUsage.encipherOnly) == KeyUsage.encipherOnly) { keyUsages.add("Encipher"); } } catch (Exception e) { e.printStackTrace(); } return (keyUsages); }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
/** * Check the extensions in the certification request * * @throws OperatorCreationException// w w w . ja v a 2 s .co m * @throws PKICMPMessageException * @throws CertificateEncodingException * @throws IOException * @throws CRMFException * @throws CMPException * @throws CMSException */ @Test public void testCertificationWithExtensions() throws OperatorCreationException, PKICMPMessageException, CertificateEncodingException, IOException, CRMFException, CMPException, CMSException, NoSuchFieldException, IllegalAccessException { String distinguishedName = pki.getTestUser1Cert().getSubjectX500Principal().getName(); KeyPair keyPair = new KeyPair(pki.getTestUser1Cert().getPublicKey(), pki.getTestUser1CertPrivateKey()); List<Extension> extensionList = new ArrayList<Extension>(); // KeyUsage extensionList.add(new Extension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.nonRepudiation).getEncoded())); // Extended keyUsage List<KeyPurposeId> keyPurposeIds = new ArrayList<KeyPurposeId>(); keyPurposeIds.add(KeyPurposeId.getInstance(KeyPurposeId.id_kp_clientAuth)); keyPurposeIds.add(KeyPurposeId.getInstance(KeyPurposeId.id_kp_emailProtection)); extensionList.add(new Extension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(keyPurposeIds.toArray(new KeyPurposeId[keyPurposeIds.size()])).getEncoded())); // Subject alternative names List<GeneralName> generalNames = new ArrayList<GeneralName>(); generalNames.add(new GeneralName(GeneralName.dNSName, "www1.cryptable.org")); generalNames.add(new GeneralName(GeneralName.dNSName, "www2.cryptable.org")); GeneralNames subjectAlternativeName = new GeneralNames( generalNames.toArray(new GeneralName[generalNames.size()])); extensionList.add( new Extension(X509Extension.subjectAlternativeName, false, subjectAlternativeName.getEncoded())); PKICMPMessages pkiMessages = new PKICMPMessages(); pkiMessages.setPkiKeyStore(pkiKeyStoreRA); pkiMessages.setExtensions(extensionList.toArray(new Extension[extensionList.size()])); byte[] result = pkiMessages.createCertificateMessageWithLocalKey(distinguishedName, keyPair); ASN1InputStream asn1InputStream = new ASN1InputStream(result); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); PKIMessage pkiMessage = PKIMessage.getInstance(asn1Primitive); CertReqMsg[] certReqMsgs = CertReqMessages.getInstance(pkiMessage.getBody().getContent()) .toCertReqMsgArray(); // KeyUsage KeyUsage verifyKeyUsage = KeyUsage.getInstance(certReqMsgs[0].getCertReq().getCertTemplate().getExtensions() .getExtensionParsedValue(Extension.keyUsage)); Assert.assertEquals(KeyUsage.digitalSignature | KeyUsage.nonRepudiation, verifyKeyUsage.getBytes()[0] & 0xFF); // Extended KeyUsage ExtendedKeyUsage verifyExtendedKeyUsage = ExtendedKeyUsage .fromExtensions(certReqMsgs[0].getCertReq().getCertTemplate().getExtensions()); Assert.assertTrue(verifyExtendedKeyUsage.hasKeyPurposeId(KeyPurposeId.id_kp_clientAuth)); Assert.assertTrue(verifyExtendedKeyUsage.hasKeyPurposeId(KeyPurposeId.id_kp_emailProtection)); // Subject Alternative Name GeneralNames verifyGeneralNames = GeneralNames.fromExtensions( certReqMsgs[0].getCertReq().getCertTemplate().getExtensions(), Extension.subjectAlternativeName); Assert.assertTrue(generalNames.contains(verifyGeneralNames.getNames()[0])); Assert.assertTrue(generalNames.contains(verifyGeneralNames.getNames()[1])); }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
/** * Test the confirmation message from the certification authority * * @throws IOException/*from w w w . ja va 2 s . c om*/ * @throws CertificateEncodingException * @throws OperatorCreationException * @throws CMPException */ @Test public void testKeyUpdateWithLocalKeyWithExtensions() throws IOException, CertificateEncodingException, OperatorCreationException, CMPException, PKICMPMessageException, CRMFException, IllegalAccessException, CMSException, NoSuchFieldException { PKICMPMessages pkiMessages = new PKICMPMessages(); pkiMessages.setPkiKeyStore(pkiKeyStoreRA); KeyPair keyPair = new KeyPair(pki.getTestUser2Cert().getPublicKey(), pki.getTestUser2CertPrivateKey()); List<Extension> extensionList = new ArrayList<Extension>(); // KeyUsage extensionList.add(new Extension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.nonRepudiation).getEncoded())); // Extended keyUsage List<KeyPurposeId> keyPurposeIds = new ArrayList<KeyPurposeId>(); keyPurposeIds.add(KeyPurposeId.getInstance(KeyPurposeId.id_kp_clientAuth)); keyPurposeIds.add(KeyPurposeId.getInstance(KeyPurposeId.id_kp_emailProtection)); extensionList.add(new Extension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(keyPurposeIds.toArray(new KeyPurposeId[keyPurposeIds.size()])).getEncoded())); pkiMessages.setExtensions(extensionList.toArray(new Extension[extensionList.size()])); byte[] result = pkiMessages.createKeyUpdateMessageWithLocalKey(pki.getRACert(), keyPair); ASN1InputStream asn1InputStream = new ASN1InputStream(result); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); PKIMessage pkiMessage = PKIMessage.getInstance(asn1Primitive); // Check the Body CertReqMsg[] certReqMsgs = CertReqMessages.getInstance(pkiMessage.getBody().getContent()) .toCertReqMsgArray(); // Extensions check // KeyUsage KeyUsage verifyKeyUsage = KeyUsage.getInstance(certReqMsgs[0].getCertReq().getCertTemplate().getExtensions() .getExtensionParsedValue(Extension.keyUsage)); Assert.assertEquals(KeyUsage.digitalSignature | KeyUsage.nonRepudiation, verifyKeyUsage.getBytes()[0] & 0xFF); // Extended KeyUsage ExtendedKeyUsage verifyExtendedKeyUsage = ExtendedKeyUsage .fromExtensions(certReqMsgs[0].getCertReq().getCertTemplate().getExtensions()); Assert.assertTrue(verifyExtendedKeyUsage.hasKeyPurposeId(KeyPurposeId.id_kp_clientAuth)); Assert.assertTrue(verifyExtendedKeyUsage.hasKeyPurposeId(KeyPurposeId.id_kp_emailProtection)); }
From source file:org.cryptacular.x509.ExtensionReader.java
License:Open Source License
/** * Reads the value of the <code>KeyUsage</code> extension field of the * certificate.//from w w w . java 2 s . co m * * @return Key usage data or null if extension field is not defined. */ public KeyUsage readKeyUsage() { return KeyUsage.getInstance(read(ExtensionType.KeyUsage)); }
From source file:org.opensc.pkcs15.asn1.basic.Usage.java
License:Apache License
/** * @param obj The ASN.1 object to decode. * @return An instance of CommonObjectAttributes. */// w w w . j a va2 s . c o m public static Usage getInstance(Object obj) { if (obj instanceof Usage) return (Usage) obj; if (obj instanceof ASN1Sequence) { ASN1Sequence seq = (ASN1Sequence) obj; Enumeration<Object> objs = seq.getObjects(); Usage ret = new Usage(); while (objs.hasMoreElements()) { Object o = objs.nextElement(); if (o instanceof ASN1Sequence) { ret.setExtKeyUsage(ExtendedKeyUsage.getInstance(o)); } else if (o instanceof DERBitString) { ret.setUsage((KeyUsage) KeyUsage.getInstance(o)); } else throw new IllegalArgumentException("Invalid member [" + o + "] in Usage ASN.1 SEQUENCE."); } return ret; } throw new IllegalArgumentException("CommonKeyAttributes must be encoded as an ASN.1 SEQUENCE."); }
From source file:org.tdmx.client.crypto.certificate.PKIXCertificate.java
License:Open Source License
private KeyUsage getKeyUsage() { Extension e = holder.getExtension(Extension.keyUsage); if (e != null) { KeyUsage ku = KeyUsage.getInstance(e.getParsedValue()); return ku; }/*from w w w. ja v a2 s .com*/ return null; }
From source file:se.tillvaxtverket.tsltrust.weblogic.content.CertificateInformation.java
License:Open Source License
private void addCertificateExtensionInfo(AaaCertificate cert, boolean unfold) { InfoTableSection section = certElements.addNewSection(tm, "Extensions", unfold); section.setSectionHeadingClasses(CERT_INFO); InfoTableElements extElements = section.getElements(); extFact.clear();/*from w w w.j a va 2 s . c o m*/ List<ExtensionInfo> extList = cert.getExtensionInfoList(); if (extList == null) { return; } section.setFoldedElement( "Extension summary (out of " + String.valueOf(extList.size()) + " total Extensions)"); section.setKeepFoldableElement(true); for (ExtensionInfo rawExt : extList) { //Basic Constraints if (rawExt.getExtensionType().equals(SupportedExtension.basicConstraints)) { BasicConstraints bc = BasicConstraints.getInstance(rawExt.getExtDataASN1()); extFact.add(getExtNameAndOID(rawExt), EXT_ATTR); // set property extFact.add("cA", String.valueOf(bc.isCA())); extFact.addExtension(extElements); } //Key Usage if (rawExt.getExtensionType().equals(SupportedExtension.keyUsage)) { KeyUsage ku = KeyUsage.getInstance(rawExt.getExtDataASN1()); extFact.add(getExtNameAndOID(rawExt), EXT_ATTR); extFact.add("Usage", DisplayCert.getKeyUsageText(ku)); extFact.addExtension(extElements); } //QcStatements if (rawExt.getExtensionType().equals(SupportedExtension.qCStatements)) { QCStatementsExt qc = QCStatementsExt.getInstance(rawExt.getExtDataASN1()); extFact.add(getExtNameAndOID(rawExt), EXT_ATTR); // set property if (qc.isQcCompliance()) { extFact.add("Qualified", "true"); } if (qc.isQcSscd()) { extFact.add("QSSCD", "true"); } extFact.addExtension(extElements); } // //EKU if (rawExt.getExtensionType().equals(SupportedExtension.extendedKeyUsage)) { ExtendedKeyUsage eku = ExtendedKeyUsage.getInstance(rawExt.getExtDataASN1()); extFact.add(getExtNameAndOID(rawExt), EXT_ATTR); // set property KeyPurposeId[] keyPurposeIDs = eku.getUsages(); for (KeyPurposeId oid : keyPurposeIDs) { extFact.add(OidName.getName(oid.getId()), oid.getId()); } extFact.addExtension(extElements); } // //CertificatePolicies if (rawExt.getExtensionType().equals(SupportedExtension.certificatePolicies)) { CertificatePolicies cp = CertificatePolicies.getInstance(rawExt.getExtDataASN1()); extFact.add(getExtNameAndOID(rawExt), EXT_ATTR); // set property PolicyInformation[] policyInformation = cp.getPolicyInformation(); for (PolicyInformation pi : policyInformation) { ASN1ObjectIdentifier oid = pi.getPolicyIdentifier(); extFact.add("Policy", OidName.getName(oid.getId())); } extFact.addExtension(extElements); } // //SubjectAlterantive Name // /** // * GeneralName ::= CHOICE { // * otherName [0] OtherName, // * rfc822Name [1] IA5String, // * dNSName [2] IA5String, // * x400Address [3] ORAddress, // * directoryName [4] Name, // * ediPartyName [5] EDIPartyName, // * uniformResourceIdentifier [6] IA5String, // * iPAddress [7] OCTET STRING, // * registeredID [8] OBJECT IDENTIFIER } // */ if (rawExt.getExtensionType().equals(SupportedExtension.subjectAlternativeName)) { GeneralNames san = GeneralNames.getInstance(rawExt.getExtDataASN1()); extFact.add(getExtNameAndOID(rawExt), EXT_ATTR); // set property String[] nameType = new String[] { "otherName", "rfc822Name", "dNSName", "x400Address", "directoryName", "ediPartyName", "uniformResourceIdentifier", "iPAddress", "registeredID" }; GeneralName[] generalNames = san.getNames(); for (GeneralName name : generalNames) { int type = name.getTagNo(); if (type == 1 || type == 2 || type == 6 || type == 7) { extFact.add(nameType[type], name.getName().toString()); } } extFact.addExtension(extElements); } } }