Package com.itextpdf.text.pdf

Examples of com.itextpdf.text.pdf.PdfPKCS7$X509Name


     *
     */
    public byte[] generateCrlReq(String dn, X509Certificate ca) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException, IOException, CMSException, InvalidAlgorithmParameterException, CertStoreException, CertificateEncodingException, IllegalStateException {
        this.cacert = ca;
        this.reqdn = dn;
        X509Name name = CertTools.stringToBcX509Name(cacert.getIssuerDN().getName());
        IssuerAndSerialNumber ias = new IssuerAndSerialNumber(name, cacert.getSerialNumber());
        // Create self signed cert, validity 1 day
        cert = CertTools.genSelfCert(reqdn,24*60*60*1000,null,keys.getPrivate(),keys.getPublic(),AlgorithmConstants.SIGALG_SHA1_WITH_RSA,false);
       
        // wrap message in pkcs#7
View Full Code Here


        }
        // Special if the DN contains unstructuredAddress where it becomes:
        // CN=pix.primekey.se + unstructuredAddress=pix.primekey.se
        // We only want the CN and not the oid-part.
        // Luckily for us this is handles automatically by BC X509Name class
        X509Name xname = getRequestX509Name();
        String ret = null;
        if (xname == null) {
          log.info("No requestDN in request, probably we could not read/parse/decrypt request.");
        } else {
            Vector cnValues = xname.getValues(X509Name.CN);
            if (cnValues.size() == 0) {
              log.info("No CN in DN: "+xname.toString());
            } else {
                ret = cnValues.firstElement().toString();          
                // If we have a CN with a normal name like "Test Testsson" we only want to
                // use the first part as the username
              int index = ret.indexOf(' ');
View Full Code Here

     *
     * @return subject DN from certification request or null.
     */
    public String getRequestDN() {
      String ret = null;
      X509Name name = getRequestX509Name();
      if (name != null) {
        String dn = name.toString();
        // We have to make special handling again for Cisco devices.
        // they will submit requests like: SN=FFFFFF+unstructuredName=Router
        // EJBCA does not handle this very well so we will change it to: SN=FFFFFF,unstructuredName=Router
        dn = dn.replace("+unstructuredName=", ",unstructuredName=");
        dn = dn.replace(" + unstructuredName=", ",unstructuredName=");
View Full Code Here

            }
        } catch (IllegalArgumentException e) {
            log.error("PKCS10 not inited!");
            return null;
        }
        X509Name ret = null;
        // Get subject name from request
        CertificationRequestInfo info = pkcs10.getCertificationRequestInfo();
        if (info != null) {
            ret = info.getSubject();
        }
View Full Code Here

  public boolean create() throws IOException, InvalidKeyException,
      NoSuchAlgorithmException, NoSuchProviderException,
      SignRequestException, NotFoundException {

    X509Name sender = X509Name.getInstance(getSender().getName());
    X509Name recipient = X509Name.getInstance(getRecipient().getName());
    PKIHeader myPKIHeader = CmpMessageHelper.createPKIHeader(sender, recipient, getSenderNonce(), getRecipientNonce(), getTransactionId());

    PKIStatusInfo myPKIStatusInfo = new PKIStatusInfo(new DERInteger(0)); // 0 = accepted
    if (status != ResponseStatus.SUCCESS && status != ResponseStatus.GRANTED_WITH_MODS) {
      log.debug("Creating a rejection message");
View Full Code Here

        if (getUsePrintableStringSubjectDN()) {
          converter = new PrintableStringEntryConverter();
        } else {
          converter = new X509DefaultEntryConverter();
        }
        X509Name x509dn = CertTools.stringToBcX509Name(getSubjectDN(), converter, getUseLdapDNOrder());
        PKCS10CertificationRequest req;
    try {
      CATokenContainer catoken = getCAToken();
      KeyPair keyPair = new KeyPair(catoken.getPublicKey(signatureKeyPurpose), catoken.getPrivateKey(signatureKeyPurpose));
      if (keyPair == null) {
View Full Code Here

        // Will we use LDAP DN order (CN first) or X500 DN order (CN last) for the subject DN
        boolean ldapdnorder = true;
        if ((getUseLdapDNOrder() == false) || (certProfile.getUseLdapDnOrder() == false)) {
          ldapdnorder = false;
        }
        X509Name subjectDNName = CertTools.stringToBcX509Name(dn, converter, ldapdnorder);
        if (certProfile.getAllowDNOverride() && (requestX509Name != null) ) {
          subjectDNName = requestX509Name;
            if (log.isDebugEnabled()) {
              log.debug("Using X509Name from request instead of user's registered.");
            }
        }
        if (log.isDebugEnabled()) {
          log.debug("Using subjectDN: "+subjectDNName.toString());
        }
        certgen.setSubjectDN(subjectDNName);
        // We must take the issuer DN directly from the CA-certificate otherwise we risk re-ordering the DN
        // which many applications do not like.
        if (isRootCA) {
View Full Code Here

              converter = new PrintableStringEntryConverter();
            } else {
              converter = new X509DefaultEntryConverter();
            }

            X509Name caname = CertTools.stringToBcX509Name(getSubjectDN(), converter, getUseLdapDNOrder());
            crlgen.setIssuerDN(caname);
        } else {
          crlgen.setIssuerDN(cacert.getSubjectX500Principal());
        }
        if (certs != null) {           
View Full Code Here

      }
      // Create a username and password and register the new user in EJBCA
      final UsernameGenerator gen = UsernameGenerator.getInstance(this.usernameGenParams);
      // Don't convert this DN to an ordered EJBCA DN string with CertTools.stringToBCDNString because we don't want double escaping of some characters
      final IRequestMessage req =  this.extendedUserDataHandler!=null ? this.extendedUserDataHandler.processRequestMessage(crmfreq, certProfileName) : crmfreq;
      final X509Name dnname = req.getRequestX509Name();
      if (LOG.isDebugEnabled()) {
        LOG.debug("Creating username from base dn: "+dnname.toString());
      }
      final String username = gen.generateUsername(dnname.toString());
      final String pwd;
      if (StringUtils.equals(this.userPwdParams, "random")) {
        if (LOG.isDebugEnabled()) {
          LOG.debug("Setting 12 char random user password.");
        }
        final IPasswordGenerator pwdgen = PasswordGeneratorFactory.getInstance(PasswordGeneratorFactory.PASSWORDTYPE_ALLPRINTABLE);
        pwd = pwdgen.getNewPassword(12, 12);                                                                   
      } else {
        if (LOG.isDebugEnabled()) {
          LOG.debug("Setting fixed user password from config.");
        }
        pwd = this.userPwdParams;                                                                   
      }
      // AltNames may be in the request template
      final String altNames = req.getRequestAltNames();
      final String email;
      final List<String> emails = CertTools.getEmailFromDN(altNames);
      emails.addAll(CertTools.getEmailFromDN(dnname.toString()));
      if (!emails.isEmpty()) {
        email = emails.get(0); // Use rfc822name or first SubjectDN email address as user email address if available
      } else {
        email = null;
      }
      final ExtendedInformation ei;
      if (this.allowCustomCertSerno) {
        // Don't even try to parse out the field if it is not allowed
        BigInteger customCertSerno = crmfreq.getSubjectCertSerialNo();
        if (customCertSerno != null) {
          // If we have a custom certificate serial number in the request, we will pass it on to the UserData object
          ei = new ExtendedInformation();
          ei.setCertificateSerialNumber(customCertSerno);
          if (LOG.isDebugEnabled()) {
            LOG.debug("Custom certificate serial number: "+customCertSerno.toString(16));         
          }
        } else {
          ei = null;
        }
      } else {
        ei = null;
      }
      final UserDataVO userdata = new UserDataVO(username, dnname.toString(), caId, altNames, email, UserDataConstants.STATUS_NEW, SecConst.USER_ENDUSER, eeProfileId, certProfileId, null, null, SecConst.TOKEN_SOFT_BROWSERGEN, 0, ei);
      userdata.setPassword(pwd);
      // Set so we have the right params in the call to processCertReq.
      // Username and pwd in the UserDataVO and the IRequestMessage must match
      crmfreq.setUsername(username);
      crmfreq.setPassword(pwd);
View Full Code Here

    }

    public byte[] generateCrlReq(String dn, String transactionId, X509Certificate ca) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException, IOException, CMSException, InvalidAlgorithmParameterException, CertStoreException, CertificateEncodingException, IllegalStateException {
        this.cacert = ca;
        this.reqdn = dn;
        X509Name name = CertTools.stringToBcX509Name(cacert.getIssuerDN().getName());
        IssuerAndSerialNumber ias = new IssuerAndSerialNumber(name, cacert.getSerialNumber());
        // Create self signed cert, validity 1 day
        cert = CertTools.genSelfCert(reqdn,24*60*60*1000,null,keys.getPrivate(),keys.getPublic(),AlgorithmConstants.SIGALG_SHA1_WITH_RSA,false);
       
        // wrap message in pkcs#7
View Full Code Here

TOP

Related Classes of com.itextpdf.text.pdf.PdfPKCS7$X509Name

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.