List of usage examples for org.bouncycastle.asn1.x509 X509Extensions X509Extensions
public X509Extensions(Hashtable extensions)
From source file:org.globus.tools.ProxyInit.java
License:Apache License
public void sign() { try {/*from w w w . j a va2 s .c o m*/ BouncyCastleCertProcessingFactory factory = BouncyCastleCertProcessingFactory.getDefault(); Hashtable<DERObjectIdentifier, X509Extension> extensions = new Hashtable<DERObjectIdentifier, X509Extension>(); if (proxyCertInfo != null) { if (ProxyCertificateUtil.isGsi4Proxy(proxyType)) { // RFC compliant OID X509Extension ext = new ProxyCertInfoExtension(proxyCertInfo); extensions.put(ProxyCertInfo.OID, ext); } else { // old OID X509Extension ext = new GlobusProxyCertInfoExtension(proxyCertInfo); extensions.put(ProxyCertInfo.OID, ext); } } proxy = factory.createCredential(certificates, userKey, bits, lifetime, proxyType, new X509Extensions(extensions)); } catch (Exception e) { System.err.println("Failed to create a proxy: " + e.getMessage()); System.exit(-1); } }
From source file:org.qipki.crypto.x509.X509ExtensionsReaderImpl.java
License:Open Source License
@Override public List<X509ExtensionHolder> extractRequestedExtensions(PKCS10CertificationRequest pkcs10) { final List<X509ExtensionHolder> extractedExtensions = new ArrayList<X509ExtensionHolder>(); final CertificationRequestInfo certificationRequestInfo = pkcs10.getCertificationRequestInfo(); final ASN1Set attributesAsn1Set = certificationRequestInfo.getAttributes(); if (attributesAsn1Set == null) { return extractedExtensions; }//from w w w . ja va2s . co m // The `Extension Request` attribute is contained within an ASN.1 Set, // usually as the first element. X509Extensions requestedExtensions = null; for (int i = 0; i < attributesAsn1Set.size(); ++i) { // There should be only only one attribute in the set. (that is, only // the `Extension Request`, but loop through to find it properly) final DEREncodable derEncodable = attributesAsn1Set.getObjectAt(i); if (derEncodable instanceof DERSequence) { final Attribute attribute = new Attribute((DERSequence) attributesAsn1Set.getObjectAt(i)); if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { // The `Extension Request` attribute is present. final ASN1Set attributeValues = attribute.getAttrValues(); // The X509Extensions are contained as a value of the ASN.1 Set. // WARN Assuming that it is the first value of the set. if (attributeValues.size() >= 1) { DEREncodable extensionsDEREncodable = attributeValues.getObjectAt(0); ASN1Sequence extensionsASN1Sequence = (ASN1Sequence) extensionsDEREncodable; requestedExtensions = new X509Extensions(extensionsASN1Sequence); // No need to search any more. break; } } } } if (requestedExtensions != null) { Enumeration<?> e = requestedExtensions.oids(); while (e.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement(); X509Extension extension = requestedExtensions.getExtension(oid); extractedExtensions.add(new X509ExtensionHolder(oid, extension.isCritical(), X509Extension.convertValueToObject(extension))); } } return extractedExtensions; }
From source file:org.wso2.carbon.identity.authenticator.pki.cert.validation.ocsp.OCSPVerifier.java
License:Apache License
/** * This method generates an OCSP Request to be sent to an OCSP endpoint. * /* ww w .j a v a 2s. c om*/ * @param issuerCert * is the Certificate of the Issuer of the peer certificate we * are interested in. * @param serialNumber * of the peer certificate. * @return generated OCSP request. * @throws CertificateVerificationException * */ private OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws CertificateVerificationException { // TODO: Have to check if this is OK with synapse implementation. // Add provider BC // Security.addProvider(new // org.bouncycastle.jce.provider.BouncyCastleProvider()); try { // CertID structure is used to uniquely identify certificates that // are the subject of // an OCSP request or response and has an ASN.1 definition. CertID // structure is defined in RFC 2560 CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert, serialNumber); // basic request generation with nonce OCSPReqGenerator generator = new OCSPReqGenerator(); generator.addRequest(id); // create details for nonce extension. The nonce extension is used // to bind // a request to a response to prevent replay attacks. As the name // implies, // the nonce value is something that the client should only use once // within a reasonably small period. BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis()); // Vector<DERObjectIdentifier> objectIdentifiers = new // Vector<DERObjectIdentifier>(); // Vector<X509Extension> values = new Vector<X509Extension>(); X509Extension ext = new X509Extension(false, new DEROctetString(nonce.toByteArray())); Hashtable exts = new Hashtable(); exts.put(new ASN1ObjectIdentifier("1.3.6.1.5.5.7.48.1.2"), ext); // to create the request Extension // objectIdentifiers.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce); // values.add(ext); generator.setRequestExtensions(new X509Extensions(exts)); return generator.generate(); } catch (OCSPException e) { throw new CertificateVerificationException("Cannot generate OSCP Request with the given certificate", e); } }