Example usage for org.bouncycastle.asn1.x509 X509Extensions getInstance

List of usage examples for org.bouncycastle.asn1.x509 X509Extensions getInstance

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.x509 X509Extensions getInstance.

Prototype

public static X509Extensions getInstance(Object obj) 

Source Link

Usage

From source file:org.ejbca.util.CertToolsTest.java

License:Open Source License

@SuppressWarnings("unchecked")
public void test19getAltNameStringFromExtension() throws Exception {
    PKCS10CertificationRequest p10 = new PKCS10CertificationRequest(p10ReqWithAltNames);
    CertificationRequestInfo info = p10.getCertificationRequestInfo();
    ASN1Set set = info.getAttributes();
    // The set of attributes contains a sequence of with type oid
    // PKCSObjectIdentifiers.pkcs_9_at_extensionRequest
    Enumeration<Object> en = set.getObjects();
    boolean found = false;
    while (en.hasMoreElements()) {
        ASN1Sequence seq = ASN1Sequence.getInstance(en.nextElement());
        DERObjectIdentifier oid = (DERObjectIdentifier) seq.getObjectAt(0);
        if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
            // The object at position 1 is a SET of x509extensions
            DERSet s = (DERSet) seq.getObjectAt(1);
            X509Extensions exts = X509Extensions.getInstance(s.getObjectAt(0));
            X509Extension ext = exts.getExtension(X509Extensions.SubjectAlternativeName);
            if (ext != null) {
                found = true;/*  ww  w. j a  va2 s  .c o m*/
                String altNames = CertTools.getAltNameStringFromExtension(ext);
                assertEquals("dNSName=ort3-kru.net.polisen.se, iPAddress=10.252.255.237", altNames);
            }
        }
    }
    assertTrue(found);

    p10 = new PKCS10CertificationRequest(p10ReqWithAltNames2);
    info = p10.getCertificationRequestInfo();
    set = info.getAttributes();
    // The set of attributes contains a sequence of with type oid
    // PKCSObjectIdentifiers.pkcs_9_at_extensionRequest

    en = set.getObjects();
    found = false;
    while (en.hasMoreElements()) {
        ASN1Sequence seq = ASN1Sequence.getInstance(en.nextElement());
        DERObjectIdentifier oid = (DERObjectIdentifier) seq.getObjectAt(0);
        if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
            // The object at position 1 is a SET of x509extensions
            DERSet s = (DERSet) seq.getObjectAt(1);
            X509Extensions exts = X509Extensions.getInstance(s.getObjectAt(0));
            X509Extension ext = exts.getExtension(X509Extensions.SubjectAlternativeName);
            if (ext != null) {
                found = true;
                String altNames = CertTools.getAltNameStringFromExtension(ext);
                assertEquals("dNSName=foo.bar.com, iPAddress=10.0.0.1", altNames);
            }
        }
    }
    assertTrue(found);

}

From source file:org.nuxeo.ecm.platform.signature.core.pki.CertServiceImpl.java

License:Open Source License

protected X509Certificate createCertificateFromCSR(PKCS10CertificationRequest csr) throws CertException {
    X509Certificate cert;//from   w  ww  . ja  v a  2 s  .  c  o m
    try {
        X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
        certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
        certGen.setIssuerDN(getRootCertificate().getIssuerX500Principal());
        certGen.setSubjectDN(csr.getCertificationRequestInfo().getSubject());
        certGen.setNotBefore(getCertStartDate());
        certGen.setNotAfter(getCertEndDate());
        certGen.setPublicKey(csr.getPublicKey("BC"));
        certGen.setSignatureAlgorithm(CERT_SIGNATURE_ALGORITHM);
        certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
                new SubjectKeyIdentifierStructure(csr.getPublicKey("BC")));
        certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
                new AuthorityKeyIdentifierStructure(getRootCertificate()));
        certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
        certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
        certGen.addExtension(X509Extensions.ExtendedKeyUsage, true,
                new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));

        ASN1Set attributes = csr.getCertificationRequestInfo().getAttributes();
        for (int i = 0; i != attributes.size(); i++) {
            Attribute attr = Attribute.getInstance(attributes.getObjectAt(i));
            if (attr.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
                X509Extensions extensions = X509Extensions.getInstance(attr.getAttrValues().getObjectAt(0));
                @SuppressWarnings("rawtypes")
                Enumeration e = extensions.oids();
                while (e.hasMoreElements()) {
                    DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
                    X509Extension ext = extensions.getExtension(oid);
                    certGen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets());
                }
            }
        }

        KeyPair rootKeyPair = getKeyPair(rootService.getRootKeyStore(), rootService.getRootKeyAlias(),
                rootService.getRootCertificateAlias(), rootService.getRootKeyPassword());
        cert = certGen.generate(rootKeyPair.getPrivate(), "BC");
    } catch (CertificateParsingException e) {
        throw new CertException(e);
    } catch (CertificateEncodingException e) {
        throw new CertException(e);
    } catch (InvalidKeyException e) {
        throw new CertException(e);
    } catch (IllegalStateException e) {
        throw new CertException(e);
    } catch (NoSuchProviderException e) {
        throw new CertException(e);
    } catch (NoSuchAlgorithmException e) {
        throw new CertException(e);
    } catch (java.security.SignatureException e) {
        throw new CertException(e);
    }
    LOG.debug("Certificate generated for subject: " + cert.getSubjectDN());
    return cert;
}

From source file:org.votingsystem.signature.util.CertUtils.java

License:Open Source License

/**
 * Generate V3 Certificate from CSR/*from  ww  w . j  a v  a 2  s  .co  m*/
 */
public static X509Certificate generateV3EndEntityCertFromCsr(PKCS10CertificationRequest csr, PrivateKey caKey,
        X509Certificate caCert, Date dateBegin, Date dateFinish, String strSubjectDN,
        DERTaggedObject... certExtensions) throws Exception {
    X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
    PublicKey requestPublicKey = csr.getPublicKey();
    X509Principal x509Principal = new X509Principal(strSubjectDN);
    certGen.setSerialNumber(KeyGeneratorVS.INSTANCE.getSerno());
    log.info("generateV3EndEntityCertFromCsr - SubjectX500Principal(): " + caCert.getSubjectX500Principal());
    certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));
    certGen.setNotBefore(dateBegin);
    certGen.setNotAfter(dateFinish);
    certGen.setSubjectDN(x509Principal);
    certGen.setPublicKey(requestPublicKey);
    certGen.setSignatureAlgorithm(ContextVS.CERT_GENERATION_SIG_ALGORITHM);
    certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
            new AuthorityKeyIdentifierStructure(caCert));
    certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
            new SubjectKeyIdentifierStructure(requestPublicKey));
    certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));//Certificado final
    certGen.addExtension(X509Extensions.KeyUsage, true,
            new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
    ASN1Set attributes = csr.getCertificationRequestInfo().getAttributes();
    if (attributes != null) {
        for (int i = 0; i != attributes.size(); i++) {
            if (attributes.getObjectAt(i) instanceof DERTaggedObject) {
                DERTaggedObject taggedObject = (DERTaggedObject) attributes.getObjectAt(i);
                ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(
                        ContextVS.VOTING_SYSTEM_BASE_OID + taggedObject.getTagNo());
                certGen.addExtension(oid, true, taggedObject);
            } else {
                Attribute attr = Attribute.getInstance(attributes.getObjectAt(i));
                if (attr.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
                    X509Extensions extensions = X509Extensions.getInstance(attr.getAttrValues().getObjectAt(0));
                    Enumeration e = extensions.oids();
                    while (e.hasMoreElements()) {
                        DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
                        X509Extension ext = extensions.getExtension(oid);
                        certGen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets());
                    }
                }
            }
        }
    }
    if (certExtensions != null) {
        for (DERTaggedObject taggedObject : certExtensions) {
            if (taggedObject != null) {
                ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(
                        ContextVS.VOTING_SYSTEM_BASE_OID + taggedObject.getTagNo());
                certGen.addExtension(oid, true, taggedObject);
            }
            log.log(Level.FINE, "null taggedObject");
        }
    }
    X509Certificate cert = certGen.generate(caKey, ContextVS.PROVIDER);
    cert.verify(caCert.getPublicKey());
    return cert;
}