List of usage examples for org.bouncycastle.asn1.x509 X509Extensions CertificatePolicies
ASN1ObjectIdentifier CertificatePolicies
To view the source code for org.bouncycastle.asn1.x509 X509Extensions CertificatePolicies.
Click Source Link
From source file:br.gov.frameworkdemoiselle.certificate.extension.BasicCertificate.java
License:Open Source License
/** * returns the ICP-BRASIL Level Certificate(A1, A2, A3, A4, S1, S2, S3, * S4).<br>/*from w w w.j a va 2s.co m*/ * DOC-ICP-04 Returns the <b>null</b> value if the CertificatePolicies is * NOT present. * * @return String */ public String getNivelCertificado() { try { DERSequence seq = (DERSequence) getExtensionValue(X509Extensions.CertificatePolicies.getId()); if (seq == null) { return null; } for (int pos = 0; pos < seq.size(); pos++) { PolicyInformation policyInformation = new PolicyInformation((ASN1Sequence) seq.getObjectAt(pos)); String id = policyInformation.getPolicyIdentifier().getId(); if (id == null) { continue; } if (id.startsWith(OID_A1_CERTIFICATE)) { return "A1"; } if (id.startsWith(OID_A2_CERTIFICATE)) { return "A2"; } if (id.startsWith(OID_A3_CERTIFICATE)) { return "A3"; } if (id.startsWith(OID_A4_CERTIFICATE)) { return "A4"; } if (id.startsWith(OID_S1_CERTIFICATE)) { return "S1"; } if (id.startsWith(OID_S2_CERTIFICATE)) { return "S2"; } if (id.startsWith(OID_S3_CERTIFICATE)) { return "S3"; } if (id.startsWith(OID_S4_CERTIFICATE)) { return "S4"; } } return null; } catch (Exception e) { e.printStackTrace(); } return null; }
From source file:com.otterca.common.crypto.SimplePolicyGeneratorImpl.java
License:Apache License
/** * @see com.otterca.common.crypto.X509ExtensionGenerator#getObjectIdentifier() */ public String getObjectIdentifier() { return X509Extensions.CertificatePolicies.toString(); }
From source file:com.otterca.common.crypto.SimplePolicyGeneratorImpl.java
License:Apache License
/** * @see com.otterca.common.crypto.X509ExtensionGenerator#getExtension(X500Principal, * X509Certificate)//from w w w . j a va2 s . c om */ @Override public byte[] getExtension(X500Principal subject, X509Certificate issuer) throws IOException { X509ExtensionsGenerator generator = new X509ExtensionsGenerator(); List<PolicyInformation> policies = new ArrayList<PolicyInformation>(); PolicyInformation info = getCpsPolicyInformation(); if (info != null) { policies.add(info); } info = getUserNoticePolicyInformation(); if (info != null) { policies.add(info); } byte[] bytes = null; if (!policies.isEmpty()) { CertificatePolicies certificatePolicies = new CertificatePolicies( policies.toArray(emptyPolicyInformationArray)); generator.addExtension(X509Extensions.CertificatePolicies, false, certificatePolicies); bytes = generator.generate().getEncoded(); } return bytes; }
From source file:com.otterca.common.crypto.SimplePolicyGeneratorTest.java
License:Apache License
/** * Test behavior when CPS is set./*from w w w . j a va2s. c o m*/ * * @throws IOException */ @Test @edu.umd.cs.findbugs.annotations.SuppressWarnings("NP_NONNULL_PARAM_VIOLATION") public void testCpsPolicy() throws IOException { SimplePolicyGeneratorImpl generator = new SimplePolicyGeneratorImpl(CPS_URI, null, null, null); // get policy extensions byte[] policyBytes = generator.getExtension(SUBJECT, ISSUER); assertNotNull(policyBytes); X509Extensions exts = X509Extensions.getInstance(DLSequence.fromByteArray(policyBytes)); ASN1Encodable asn1 = exts.getExtension(X509Extensions.CertificatePolicies).getParsedValue(); CertificatePolicies policies = CertificatePolicies.getInstance(asn1); assertNotNull(policies, "unable to find CertificatePolicies extension"); for (PolicyInformation info : policies.getPolicyInformation()) { if (id_qt_cps.equals(info.getPolicyIdentifier())) { DLSequence dls = (DLSequence) info.getPolicyQualifiers(); for (int i = 0; i < dls.size(); i++) { DLSequence dls1 = (DLSequence) dls.getObjectAt(i); PolicyQualifierInfo pqInfo = new PolicyQualifierInfo((ASN1ObjectIdentifier) dls1.getObjectAt(0), dls1.getObjectAt(1)); // DLSequence dls1 = (DLSequence) dls.getObjectAt(i); if (id_qt_cps.equals(pqInfo.getPolicyQualifierId())) { assertEquals(pqInfo.getQualifier().toString(), CPS_URI); } else { fail("unknown policy qualifier id: " + pqInfo.getPolicyQualifierId()); } } } else { fail("unknown policy identifier: " + info.getPolicyIdentifier()); } } }
From source file:com.otterca.common.crypto.SimplePolicyGeneratorTest.java
License:Apache License
/** * Test behavior when user notice is set. * /*w ww . java 2s. c om*/ * @throws IOException */ @Test @edu.umd.cs.findbugs.annotations.SuppressWarnings("NP_NONNULL_PARAM_VIOLATION") public void testUserNoticePolicy() throws IOException { SimplePolicyGeneratorImpl generator = new SimplePolicyGeneratorImpl(null, ORGANIZATION, USER_NOTICE, Integer.valueOf(1)); // get policy extensions byte[] policyBytes = generator.getExtension(SUBJECT, ISSUER); assertNotNull(policyBytes); X509Extensions exts = X509Extensions.getInstance(DLSequence.fromByteArray(policyBytes)); ASN1Encodable asn1 = exts.getExtension(X509Extensions.CertificatePolicies).getParsedValue(); CertificatePolicies policies = CertificatePolicies.getInstance(asn1); assertNotNull(policies, "unable to find CertificatePolicies extension"); for (PolicyInformation info : policies.getPolicyInformation()) { if (id_qt_unotice.equals(info.getPolicyIdentifier())) { DLSequence dls = (DLSequence) info.getPolicyQualifiers(); for (int i = 0; i < dls.size(); i++) { UserNotice userNotice = UserNotice.getInstance((DLSequence) dls.getObjectAt(i)); assertEquals(userNotice.getNoticeRef().getOrganization().getString(), ORGANIZATION); assertEquals(userNotice.getNoticeRef().getNoticeNumbers()[0].getValue(), BigInteger.ONE); assertEquals(userNotice.getExplicitText().getString(), USER_NOTICE); } } else { fail("unknown policy identifier: " + info.getPolicyIdentifier()); } } }
From source file:com.otterca.common.crypto.X509CertificateBuilderImpl.java
License:Apache License
/** * Set Certificate Policies (RFC3280 4.2.1.5) *//* w w w. j a v a 2 s. c om*/ protected void setCertificatePolicies() { if (!policyInformation.isEmpty()) { if (policyInformation.size() == 1) { generator.addExtension(X509Extensions.CertificatePolicies, false, new CertificatePolicies(policyInformation.get(0))); } else { generator.addExtension(X509Extensions.CertificatePolicies, false, new CertificatePolicies(policyInformation.toArray(emptyPolicyInformationArray))); } } }
From source file:com.otterca.common.crypto.X509CertificateBuilderImpl.java
License:Apache License
/** * @see com.otterca.repository.util.X509CertificateBuilder#build(java.security * .PrivateKey)//from ww w.j av a 2s.com */ @Override public X509Certificate build(PrivateKey pkey) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException, CertificateEncodingException, CertificateParsingException, KeyStoreException { // validate everything going into the certificate. Standard validations // are quick, issuer validations may require significant resources. validator.validate(); generator = new X509V3CertificateGenerator(); // set the mandatory properties generator.setSerialNumber(serialNumber); generator.setIssuerDN((issuer == null) ? issuerDN : new X509Principal(issuer.getIssuerDN().getName())); generator.setSubjectDN(subjectDN); generator.setNotBefore(notBefore); generator.setNotAfter(notAfter); generator.setPublicKey(pubkey); generator.setSignatureAlgorithm(SIGNATURE_ALGORITHM); // can this certificate be used to sign more certificates? // make sure pathLengthConstraint is always lower than issuer's. setBasicConstraint(); setSKID(); setAKID(); setSubjectAlternativeName(); setIssuerAlternativeName(); setExtendedKeyUsage(); setInhibitAnyPolicy(); setPrivateKeyUsagePeriod(); setNameConstraints(); setAuthorityInfoAccess(); setSubjectInfoAccess(); // set/clear key usage flag. if (keyUsage != null) { if (basicConstraint) { keyUsage = new KeyUsage(keyUsage.intValue() | KeyUsage.keyCertSign); } else { keyUsage = new KeyUsage(keyUsage.intValue() & (Integer.MAX_VALUE ^ KeyUsage.keyCertSign)); } } else if (basicConstraint) { keyUsage = new KeyUsage(KeyUsage.keyCertSign); } // add mandatory key usage constraints. if (keyUsage != null) { generator.addExtension(X509Extensions.KeyUsage, true, keyUsage); } // establish any extensions. for (X509ExtensionGenerator extGenerator : extensionGenerators) { try { byte[] extensionBytes = extGenerator.getExtension(new X500Principal(subjectDN.getEncoded()), issuer); if (extensionBytes != null) { X509Extensions exts = X509Extensions.getInstance(DLSequence.fromByteArray(extensionBytes)); ASN1Encodable asn1 = exts.getExtension(X509Extensions.CertificatePolicies).getParsedValue(); DERObjectIdentifier objectIdentifier = new DERObjectIdentifier( extGenerator.getObjectIdentifier()); generator.addExtension(objectIdentifier, extGenerator.isCritical(), asn1); } } catch (IOException e) { log.info("X509Extension extraction threw IOException! " + e.getMessage()); // throw an exception if this is an error in a critical // extension. Otherwise // will continue to build the certificate and count on the // caller's verification // process. if (extGenerator.isCritical()) { X509CertificateBuilderException ex = new X509CertificateBuilderException(); ex.addError(ErrorType.OTHER_ERROR, e.getMessage()); throw ex; } } } X509Certificate cert = generator.generate(pkey); return cert; }
From source file:eu.europa.ec.markt.dss.validation.tsl.PolicyIdCondition.java
License:Open Source License
@SuppressWarnings("deprecation") @Override//from www . j a va 2 s .c o m public boolean check(CertificateAndContext cert) { byte[] certificatePolicies = cert.getCertificate() .getExtensionValue(X509Extensions.CertificatePolicies.getId()); if (certificatePolicies != null) { try { ASN1InputStream input = new ASN1InputStream(certificatePolicies); DEROctetString s = (DEROctetString) input.readObject(); byte[] content = s.getOctets(); input = new ASN1InputStream(content); DERSequence seq = (DERSequence) input.readObject(); for (int i = 0; i < seq.size(); i++) { PolicyInformation policyInfo = PolicyInformation.getInstance(seq.getObjectAt(i)); if (policyInfo.getPolicyIdentifier().getId().equals(policyOid)) { return true; } } } catch (IOException e) { throw new RuntimeException(e); } } return false; }
From source file:org.ejbca.core.model.ca.certextensions.standard.CertificatePolicies.java
License:Open Source License
@Override public void init(final CertificateProfile certProf) { super.setOID(X509Extensions.CertificatePolicies.getId()); super.setCriticalFlag(certProf.getCertificatePoliciesCritical()); }
From source file:org.ejbca.core.model.ca.certificateprofiles.CertificateProfileTest.java
License:Open Source License
public void test09CertificateExtensions() throws Exception { log.trace(">test09CertificateExtensions()"); CertificateProfile profile = new CertificateProfile(); // Check standard values for the certificate profile List l = profile.getUsedStandardCertificateExtensions(); assertEquals(l.size(), 5);/* w w w. j a va 2 s .c o m*/ assertTrue(l.contains(X509Extensions.KeyUsage.getId())); assertTrue(l.contains(X509Extensions.BasicConstraints.getId())); assertTrue(l.contains(X509Extensions.SubjectKeyIdentifier.getId())); assertTrue(l.contains(X509Extensions.AuthorityKeyIdentifier.getId())); assertTrue(l.contains(X509Extensions.SubjectAlternativeName.getId())); CertificateProfile eprofile = new EndUserCertificateProfile(); // Check standard values for the certificate profile l = eprofile.getUsedStandardCertificateExtensions(); assertEquals(l.size(), 6); assertTrue(l.contains(X509Extensions.KeyUsage.getId())); assertTrue(l.contains(X509Extensions.BasicConstraints.getId())); assertTrue(l.contains(X509Extensions.SubjectKeyIdentifier.getId())); assertTrue(l.contains(X509Extensions.AuthorityKeyIdentifier.getId())); assertTrue(l.contains(X509Extensions.SubjectAlternativeName.getId())); assertTrue(l.contains(X509Extensions.ExtendedKeyUsage.getId())); profile = new CertificateProfile(); profile.setUseAuthorityInformationAccess(true); profile.setUseCertificatePolicies(true); profile.setUseCRLDistributionPoint(true); profile.setUseFreshestCRL(true); profile.setUseMicrosoftTemplate(true); profile.setUseOcspNoCheck(true); profile.setUseQCStatement(true); profile.setUseExtendedKeyUsage(true); profile.setUseSubjectDirAttributes(true); l = profile.getUsedStandardCertificateExtensions(); assertEquals(l.size(), 14); assertTrue(l.contains(X509Extensions.KeyUsage.getId())); assertTrue(l.contains(X509Extensions.BasicConstraints.getId())); assertTrue(l.contains(X509Extensions.SubjectKeyIdentifier.getId())); assertTrue(l.contains(X509Extensions.AuthorityKeyIdentifier.getId())); assertTrue(l.contains(X509Extensions.SubjectAlternativeName.getId())); assertTrue(l.contains(X509Extensions.ExtendedKeyUsage.getId())); assertTrue(l.contains(X509Extensions.AuthorityInfoAccess.getId())); assertTrue(l.contains(X509Extensions.CertificatePolicies.getId())); assertTrue(l.contains(X509Extensions.CRLDistributionPoints.getId())); assertTrue(l.contains(X509Extensions.FreshestCRL.getId())); assertTrue(l.contains(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck.getId())); assertTrue(l.contains(X509Extensions.QCStatements.getId())); assertTrue(l.contains(X509Extensions.SubjectDirectoryAttributes.getId())); assertTrue(l.contains(CertTools.OID_MSTEMPLATE)); }