List of usage examples for org.bouncycastle.asn1.x509 X509Name SN
ASN1ObjectIdentifier SN
To view the source code for org.bouncycastle.asn1.x509 X509Name SN.
Click Source Link
From source file:net.java.bd.tools.security.X509BDJEntryConverter.java
License:Open Source License
public DERObject getConvertedValue(DERObjectIdentifier oid, String value) { if (value.length() != 0 && value.charAt(0) == '#') { try {/*from w w w . ja va 2 s.c o m*/ return convertHexEncoded(value, 1); } catch (IOException e) { throw new RuntimeException("can't recode value for oid " + oid.getId()); } } else if (oid.equals(X509Name.EmailAddress) || oid.equals(X509Name.DC)) { return new DERIA5String(value); } else if (oid.equals(X509Name.DATE_OF_BIRTH)) { return new DERGeneralizedTime(value); //} else if (oid.equals(X509Name.C) || oid.equals(X509Name.SN) || oid.equals(X509Name.DN_QUALIFIER)){ // Blu-ray Specific, require UTF8String. MHP 12.5.6. } else if (oid.equals(X509Name.SN) || oid.equals(X509Name.DN_QUALIFIER)) { return new DERPrintableString(value); } return new DERUTF8String(value); }
From source file:org.cesecore.util.CryptoProviderTools.java
License:Open Source License
@SuppressWarnings("unchecked") public static synchronized void installBCProvider() { // A flag that ensures that we install the parameters for implcitlyCA only when we have installed a new provider boolean installImplicitlyCA = false; if (Security.addProvider(new BouncyCastleProvider()) < 0) { // If already installed, remove so we can handle redeploy // Nope, we ignore re-deploy on this level, because it can happen // that the BC-provider is uninstalled, in just the second another // thread tries to use the provider, and then that request will fail. if (CesecoreConfiguration.isDevelopmentProviderInstallation()) { removeBCProvider();/*from w w w. j a v a 2 s . c om*/ if (Security.addProvider(new BouncyCastleProvider()) < 0) { log.error("Cannot even install BC provider again!"); } else { installImplicitlyCA = true; } } } else { installImplicitlyCA = true; } // Also install the CVC provider try { Security.addProvider(new CVCProvider()); } catch (Exception e) { log.info("CVC provider can not be installed, CVC certificate will not work: ", e); } if (installImplicitlyCA) { // Install EC parameters for implicitlyCA encoding of EC keys, we have default curve parameters if no new ones have been given. // The parameters are only used if implicitlyCA is used for generating keys, or verifying certs final ECCurve curve = new ECCurve.Fp(new BigInteger(IMPLICITLYCA_Q), // q new BigInteger(IMPLICITLYCA_A, 16), // a new BigInteger(IMPLICITLYCA_B, 16)); // b final org.bouncycastle.jce.spec.ECParameterSpec implicitSpec = new org.bouncycastle.jce.spec.ECParameterSpec( curve, curve.decodePoint(Hex.decode(IMPLICITLYCA_G)), // G new BigInteger(IMPLICITLYCA_N)); // n final ConfigurableProvider config = (ConfigurableProvider) Security.getProvider("BC"); if (config != null) { config.setParameter(ConfigurableProvider.EC_IMPLICITLY_CA, implicitSpec); } else { log.error("Can not get ConfigurableProvider, implicitlyCA EC parameters NOT set!"); } } // 2007-05-25 // Finally we must configure SERIALNUMBER behavior in BC >=1.36 to be the same // as the behavior in BC 1.35, it changed from SN to SERIALNUMBER in BC 1.36 // We must be backwards compatible X509Name.DefaultSymbols.put(X509Name.SN, "SN"); // We hard specify the system security provider in a few cases (see SYSTEM_SECURITY_PROVIDER). // If the SUN provider does not exist, we will always use BC. final Provider p = Security.getProvider(SYSTEM_SECURITY_PROVIDER); if (p == null) { log.debug("SUN security provider does not exist, using BC as system default provider."); SYSTEM_SECURITY_PROVIDER = "BC"; } }
From source file:org.ejbca.util.CryptoProviderTools.java
License:Open Source License
public static synchronized void installBCProvider() { // Also install the CVC provider try {//from w w w .j a va2 s. co m Security.addProvider(new CVCProvider()); } catch (Exception e) { log.info("CVC provider can not be installed, CVC certificate will not work: ", e); } // A flag that ensures that we install the parameters for implcitlyCA only when we have installed a new provider boolean installImplicitlyCA = false; if (Security.addProvider(new BouncyCastleProvider()) < 0) { // If already installed, remove so we can handle redeploy // Nope, we ignore re-deploy on this level, because it can happen // that the BC-provider is uninstalled, in just the second another // thread tries to use the provider, and then that request will fail. if (EjbcaConfiguration.getDevelopmentProviderInstallation()) { removeBCProvider(); if (Security.addProvider(new BouncyCastleProvider()) < 0) { log.error("Cannot even install BC provider again!"); } else { installImplicitlyCA = true; } } } else { installImplicitlyCA = true; } if (installImplicitlyCA) { // Install EC parameters for implicitlyCA encoding of EC keys, we have default curve parameters if no new ones have been given. // The parameters are only used if implicitlyCA is used for generating keys, or verifying certs final ECCurve curve = new ECCurve.Fp(new BigInteger(IMPLICITLYCA_Q), // q new BigInteger(IMPLICITLYCA_A, 16), // a new BigInteger(IMPLICITLYCA_B, 16)); // b final org.bouncycastle.jce.spec.ECParameterSpec implicitSpec = new org.bouncycastle.jce.spec.ECParameterSpec( curve, curve.decodePoint(Hex.decode(IMPLICITLYCA_G)), // G new BigInteger(IMPLICITLYCA_N)); // n final ConfigurableProvider config = (ConfigurableProvider) Security.getProvider("BC"); if (config != null) { config.setParameter(ConfigurableProvider.EC_IMPLICITLY_CA, implicitSpec); } else { log.error("Can not get ConfigurableProvider, implicitlyCA EC parameters NOT set!"); } } // 2007-05-25 // Finally we must configure SERIALNUMBER behavior in BC >=1.36 to be the same // as the behavior in BC 1.35, it changed from SN to SERIALNUMBER in BC 1.36 // We must be backwards compatible X509Name.DefaultSymbols.put(X509Name.SN, "SN"); // We hard specify the system security provider in a few cases (see SYSTEM_SECURITY_PROVIDER). // If the SUN provider does not exist, we will always use BC. final Provider p = Security.getProvider(SYSTEM_SECURITY_PROVIDER); if (p == null) { log.debug("SUN security provider does not exist, using BC as system default provider."); SYSTEM_SECURITY_PROVIDER = "BC"; } }
From source file:org.glite.security.util.DNImplRFC2253.java
License:Apache License
/** * Creates a new DNImpl object./*from ww w . j a v a 2 s . co m*/ * * @param principal The Principal holding the information to generate the DN from. */ @SuppressWarnings("unchecked") public DNImplRFC2253(Principal principal) { X509Principal x509Principal; // LOGGER.debug("input is: " + principal.getClass().getName() + " from classloader: " + principal.getClass().getClassLoader() + " current one is: " + getClass().getClassLoader()); if (principal instanceof X509Principal) { // for X509Principal use it directly. // LOGGER.debug("input is X509Principal"); x509Principal = (X509Principal) principal; } else { if (principal instanceof X500Principal) { // for X500Principal, get the encoded and reparse as bouncycastle X509Principal. // LOGGER.debug("input is java Principal"); try { x509Principal = new X509Principal((((X500Principal) principal).getEncoded())); } catch (Exception e) { LOGGER.error("Invalid X500Principal DN name: " + principal); throw new IllegalArgumentException("Invalid X500Principal DN name: " + principal); } } else { // for other principals, get the name and try to parse it. LOGGER.debug("input is some other principal: " + principal.getClass().getName()); String name = principal.getName(); String testName = name.toLowerCase().trim(); // UGLY HACK, shouldn't do this, but there seems to be no way around it, input can be many classes that give the DN in different orders. And from different classloaders preventing casts etc. // if DN starts with email or CN, it's in reversed order // LOGGER.debug("test name: " + testName); if (testName.startsWith("email") || testName.startsWith("e=") || testName.startsWith("cn=") || testName.startsWith("uid=") || testName.startsWith("sn=")) { x509Principal = new X509Principal(true, principal.getName()); // LOGGER.debug("name first " + x509Principal); } else { // if it starts with country or state, it's in direct order if (testName.startsWith("c=") || testName.startsWith("st=") || testName.startsWith("ou=") || testName.startsWith("dc=") || testName.startsWith("o=")) { x509Principal = new X509Principal(false, principal.getName()); // LOGGER.debug("country first, reverse " + x509Principal); } else { // check if it end with CN, email, UID or SN, and then not flip it. x509Principal = new X509Principal(false, principal.getName()); Vector oids = x509Principal.getOIDs(); String rdn = ((DERObjectIdentifier) oids.lastElement()).getId(); if (rdn.equals(X509Name.CN.getId()) || rdn.equals(X509Name.E.getId()) || rdn.equals(X509Name.UID.getId()) || rdn.equals(X509Name.SN.getId())) { x509Principal = new X509Principal(false, principal.getName()); } else { // other cases assume it's in reverse order x509Principal = new X509Principal(true, principal.getName()); // LOGGER.debug("unknown first " + x509Principal); } } } } } m_oids = (DERObjectIdentifier[]) x509Principal.getOIDs().toArray(new DERObjectIdentifier[] {}); m_rdns = (String[]) x509Principal.getValues().toArray(new String[] {}); m_count = m_oids.length; }