Example usage for org.bouncycastle.asn1.x509 TBSCertificate getEncoded

List of usage examples for org.bouncycastle.asn1.x509 TBSCertificate getEncoded

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.x509.*
  5. TBSCertificate
  6. getEncoded

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.x509 TBSCertificate getEncoded.

Prototype

public byte[] getEncoded() throws IOException

Source Link

Document

Return the default BER or DER encoding for this object.

Usage

From source file:org.xipki.security.p11.iaik.IaikP11Slot.java

License:Open Source License

private X509CertificateHolder generateCertificate(final Session session, final byte[] id, final String label,
        final String subject, final AlgorithmIdentifier signatureAlgId,
        final PrivateKeyAndPKInfo privateKeyAndPkInfo, Integer keyUsage,
        List<ASN1ObjectIdentifier> extendedKeyUsage) throws Exception {
    BigInteger serialNumber = BigInteger.ONE;
    Date startDate = new Date();
    Date endDate = new Date(startDate.getTime() + 20 * YEAR);

    X500Name x500Name_subject = new X500Name(subject);
    x500Name_subject = X509Util.sortX509Name(x500Name_subject);

    V3TBSCertificateGenerator tbsGen = new V3TBSCertificateGenerator();
    tbsGen.setSerialNumber(new ASN1Integer(serialNumber));
    tbsGen.setSignature(signatureAlgId);
    tbsGen.setIssuer(x500Name_subject);
    tbsGen.setStartDate(new Time(startDate));
    tbsGen.setEndDate(new Time(endDate));
    tbsGen.setSubject(x500Name_subject);
    tbsGen.setSubjectPublicKeyInfo(privateKeyAndPkInfo.getPublicKeyInfo());

    List<Extension> extensions = new ArrayList<>(2);
    if (keyUsage == null) {
        keyUsage = KeyUsage.keyCertSign | KeyUsage.cRLSign | KeyUsage.digitalSignature
                | KeyUsage.keyEncipherment;
    }// w  ww.  ja v  a2 s .com
    extensions.add(new Extension(Extension.keyUsage, true, new DEROctetString(new KeyUsage(keyUsage))));

    if (CollectionUtil.isNotEmpty(extendedKeyUsage)) {
        KeyPurposeId[] kps = new KeyPurposeId[extendedKeyUsage.size()];

        int i = 0;
        for (ASN1ObjectIdentifier oid : extendedKeyUsage) {
            kps[i++] = KeyPurposeId.getInstance(oid);
        }

        extensions.add(new Extension(Extension.extendedKeyUsage, false,
                new DEROctetString(new ExtendedKeyUsage(kps))));
    }

    Extensions paramX509Extensions = new Extensions(extensions.toArray(new Extension[0]));
    tbsGen.setExtensions(paramX509Extensions);

    TBSCertificate tbsCertificate = tbsGen.generateTBSCertificate();
    byte[] encodedTbsCertificate = tbsCertificate.getEncoded();
    byte[] signature = null;
    Digest digest = null;
    Mechanism sigMechanism = null;

    ASN1ObjectIdentifier sigAlgID = signatureAlgId.getAlgorithm();

    if (sigAlgID.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption)) {
        sigMechanism = Mechanism.get(PKCS11Constants.CKM_SHA256_RSA_PKCS);
        session.signInit(sigMechanism, privateKeyAndPkInfo.getPrivateKey());
        signature = session.sign(encodedTbsCertificate);
    } else if (sigAlgID.equals(NISTObjectIdentifiers.dsa_with_sha256)) {
        digest = new SHA256Digest();
        byte[] digestValue = new byte[digest.getDigestSize()];
        digest.update(encodedTbsCertificate, 0, encodedTbsCertificate.length);
        digest.doFinal(digestValue, 0);

        session.signInit(Mechanism.get(PKCS11Constants.CKM_DSA), privateKeyAndPkInfo.getPrivateKey());
        byte[] rawSignature = session.sign(digestValue);
        signature = convertToX962Signature(rawSignature);
    } else {
        if (sigAlgID.equals(X9ObjectIdentifiers.ecdsa_with_SHA1)) {
            digest = new SHA1Digest();
        } else if (sigAlgID.equals(X9ObjectIdentifiers.ecdsa_with_SHA256)) {
            digest = new SHA256Digest();
        } else if (sigAlgID.equals(X9ObjectIdentifiers.ecdsa_with_SHA384)) {
            digest = new SHA384Digest();
        } else if (sigAlgID.equals(X9ObjectIdentifiers.ecdsa_with_SHA512)) {
            digest = new SHA512Digest();
        } else {
            System.err.println("unknown algorithm ID: " + sigAlgID.getId());
            return null;
        }

        byte[] digestValue = new byte[digest.getDigestSize()];
        digest.update(encodedTbsCertificate, 0, encodedTbsCertificate.length);
        digest.doFinal(digestValue, 0);

        session.signInit(Mechanism.get(PKCS11Constants.CKM_ECDSA), privateKeyAndPkInfo.getPrivateKey());
        byte[] rawSignature = session.sign(digestValue);
        signature = convertToX962Signature(rawSignature);
    }

    // build DER certificate
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(tbsCertificate);
    v.add(signatureAlgId);
    v.add(new DERBitString(signature));
    DERSequence cert = new DERSequence(v);

    // build and store PKCS#11 certificate object
    X509PublicKeyCertificate certTemp = new X509PublicKeyCertificate();
    certTemp.getToken().setBooleanValue(true);
    certTemp.getId().setByteArrayValue(id);
    certTemp.getLabel().setCharArrayValue(label.toCharArray());
    certTemp.getSubject().setByteArrayValue(x500Name_subject.getEncoded());
    certTemp.getIssuer().setByteArrayValue(x500Name_subject.getEncoded());
    certTemp.getSerialNumber().setByteArrayValue(serialNumber.toByteArray());
    certTemp.getValue().setByteArrayValue(cert.getEncoded());
    session.createObject(certTemp);

    return new X509CertificateHolder(Certificate.getInstance(cert));
}