Example usage for org.bouncycastle.cert X509CertificateHolder getExtensionOIDs

List of usage examples for org.bouncycastle.cert X509CertificateHolder getExtensionOIDs

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.cert.*
  5. X509CertificateHolder
  6. getExtensionOIDs

Introduction

In this page you can find the example usage for org.bouncycastle.cert X509CertificateHolder getExtensionOIDs.

Prototype

public List getExtensionOIDs()

Source Link

Document

Returns a list of ASN1ObjectIdentifier objects representing the OIDs of the extensions contained in this holder's certificate.

Usage

From source file:esteidhacker.FakeEstEIDCA.java

License:Open Source License

private X509Certificate makeRootCert(KeyPair kp)
        throws InvalidKeyException, IllegalStateException, NoSuchProviderException, SignatureException,
        IOException, NoSuchAlgorithmException, ParseException, OperatorCreationException, CertificateException {

    // Load real root certificate
    X509CertificateHolder real = getRealCert("/resources/sk-root.pem");
    // Use values from real certificate
    // TODO/FIXME: GeneralizedTime instead of UTCTime for root
    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(real.getIssuer(),
            real.getSerialNumber(), real.getNotBefore(), real.getNotAfter(), real.getSubject(), kp.getPublic());

    @SuppressWarnings("unchecked")
    List<ASN1ObjectIdentifier> list = real.getExtensionOIDs();

    // Copy all extensions verbatim
    for (ASN1ObjectIdentifier extoid : list) {
        Extension ext = real.getExtension(extoid);
        builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), real);
    }/*w  w  w.  j  a  v a 2s . c o  m*/

    // Generate cert
    ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA")
            .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(kp.getPrivate());

    X509CertificateHolder cert = builder.build(sigGen);
    return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME)
            .getCertificate(cert);

}

From source file:esteidhacker.FakeEstEIDCA.java

License:Open Source License

private X509Certificate makeEsteidCert(KeyPair esteid, KeyPair root)
        throws InvalidKeyException, IllegalStateException, NoSuchProviderException, SignatureException,
        IOException, NoSuchAlgorithmException, ParseException, OperatorCreationException, CertificateException {

    // Load current root certificate
    X509CertificateHolder real = getRealCert("/resources/sk-esteid.pem");

    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(real.getIssuer(),
            real.getSerialNumber(), real.getNotBefore(), real.getNotAfter(), real.getSubject(),
            esteid.getPublic());//from  w w  w .  j  a  v  a2  s . c om

    // Basic constraints
    @SuppressWarnings("unchecked")
    List<ASN1ObjectIdentifier> list = real.getExtensionOIDs();

    // Copy all extensions
    for (ASN1ObjectIdentifier extoid : list) {
        Extension ext = real.getExtension(extoid);
        builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), real);
    }

    // Generate cert
    ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA")
            .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(root.getPrivate());

    X509CertificateHolder cert = builder.build(sigGen);
    return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME)
            .getCertificate(cert);

}

From source file:esteidhacker.FakeEstEIDCA.java

License:Open Source License

public X509Certificate cloneUserCertificate(RSAPublicKey pubkey, X509Certificate cert)
        throws OperatorCreationException, CertificateException, IOException {
    X509CertificateHolder holder = new X509CertificateHolder(cert.getEncoded());
    // Clone everything
    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(holder.getIssuer(),
            cert.getSerialNumber(), cert.getNotBefore(), cert.getNotAfter(), holder.getSubject(), pubkey);
    @SuppressWarnings("unchecked")
    List<ASN1ObjectIdentifier> list = holder.getExtensionOIDs();

    // Copy all extensions
    for (ASN1ObjectIdentifier extoid : list) {
        Extension ext = holder.getExtension(extoid);
        builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), holder);
    }// w w w.j  av a2  s . co  m
    // Generate cert
    ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA")
            .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(esteidKey);

    X509CertificateHolder newcert = builder.build(sigGen);
    return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME)
            .getCertificate(newcert);

}

From source file:esteidhacker.FakeEstEIDCA.java

License:Open Source License

public X509Certificate generateUserCertificate(RSAPublicKey pubkey, boolean signature, String firstname,
        String lastname, String idcode, String email)
        throws InvalidKeyException, ParseException, IOException, IllegalStateException, NoSuchProviderException,
        NoSuchAlgorithmException, SignatureException, CertificateException, OperatorCreationException {
    Date startDate = new SimpleDateFormat("yyyy-MM-dd", Locale.ENGLISH).parse("2015-01-01");
    Date endDate = new SimpleDateFormat("yyyy-MM-dd", Locale.ENGLISH).parse("2015-12-31");

    String template = "C=EE,O=ESTEID,OU=%s,CN=%s\\,%s\\,%s,SURNAME=%s,GIVENNAME=%s,SERIALNUMBER=%s";
    // Normalize.
    lastname = lastname.toUpperCase();//from ww  w  .ja va  2  s. c o  m
    firstname = firstname.toUpperCase();
    idcode = idcode.toUpperCase();
    email = email.toLowerCase();
    String subject = String.format(template, (signature ? "digital signature" : "authentication"), lastname,
            firstname, idcode, lastname, firstname, idcode);

    byte[] serialBytes = new byte[16];
    SecureRandom rnd = SecureRandom.getInstance("SHA1PRNG");
    rnd.nextBytes(serialBytes);
    serialBytes[0] &= 0x7F; // Can't be negative
    BigInteger serial = new BigInteger(serialBytes);

    X509CertificateHolder real;
    if (signature) {
        real = getRealCert("/resources/sk-sign.pem");
    } else {
        real = getRealCert("/resources/sk-auth.pem");
    }
    serial = real.getSerialNumber();
    System.out.println("Generating from subject: " + real.getSubject());
    System.out.println("Generating subject: " + new X500Name(subject).toString());

    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(real.getIssuer(), serial, startDate,
            endDate, new X500Name(subject), pubkey);

    @SuppressWarnings("unchecked")
    List<ASN1ObjectIdentifier> list = real.getExtensionOIDs();

    // Copy all extensions, except altName
    for (ASN1ObjectIdentifier extoid : list) {
        Extension ext = real.getExtension(extoid);
        if (ext.getExtnId().equals(Extension.subjectAlternativeName)) {
            // altName must be changed
            builder.addExtension(ext.getExtnId(), ext.isCritical(),
                    new GeneralNames(new GeneralName(GeneralName.rfc822Name, email)));
        } else {
            builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), real);
        }
    }

    // Generate cert
    ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA")
            .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(esteidKey);

    X509CertificateHolder cert = builder.build(sigGen);
    return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME)
            .getCertificate(cert);
}