Examples of org.apache.geronimo.crypto.asn1.x509.TBSCertificateStructure

• org.bouncycastle.asn1.x509.TBSCertificateStructure
  The TBSCertificate object.

   TBSCertificate ::= SEQUENCE { version          [ 0 ]  Version DEFAULT v1(0), serialNumber            CertificateSerialNumber, signature               AlgorithmIdentifier, issuer                  Name, validity                Validity, subject                 Name, subjectPublicKeyInfo    SubjectPublicKeyInfo, issuerUniqueID    [ 1 ] IMPLICIT UniqueIdentifier OPTIONAL, subjectUniqueID   [ 2 ] IMPLICIT UniqueIdentifier OPTIONAL, extensions        [ 3 ] Extensions OPTIONAL } 

  Note: issuerUniqueID and subjectUniqueID are both deprecated by the IETF. This class will parse them, but you really shouldn't be creating new ones.

     * @return newly issued certificate
     */
    public Certificate issueCertificate(X500Principal subject, PublicKey publicKey, BigInteger sNo, Date validFromDate, Date validToDate, String algorithm) throws CertificationAuthorityException{
        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
        try {
            X509Name subName = CaUtils.getX509Name(subject);
            Certificate cert = issueCertificate(subName, caName, sNo, publicKey, caPrivateKey, validFromDate, validToDate, algorithm);
            cert.verify(caPublicKey);
            certStore.storeCertificate(cert);
            return cert;
        } catch(Exception e) {

        }
    }

    private String generateCSR(X509Certificate cert, PrivateKey signingKey) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, KeyStoreException, IOException {
        String sigalg = cert.getSigAlgName();
        X509Name subject;
        try{
            ASN1InputStream ais = new ASN1InputStream(cert.getEncoded());
            X509CertificateStructure x509Struct = new X509CertificateStructure((ASN1Sequence)ais.readObject());
            ais.close();
            subject = x509Struct.getSubject();
        } catch(CertificateEncodingException e) {
            log.warn(e.toString()+" while retrieving subject from certificate to create CSR.  Using subjectDN instead.");
            subject = new X509Name(cert.getSubjectDN().toString());
        }
        PublicKey publicKey = cert.getPublicKey();
        ASN1Set attributes = null;

        PKCS10CertificationRequest csr = new PKCS10CertificationRequest(sigalg,

        else
        {
            sig.initSign(key);
        }

        TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate();

        try
        {
            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
            DEROutputStream         dOut = new DEROutputStream(bOut);

        else
        {
            sig.initSign(key);
        }

        TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate();

        try
        {
            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
            DEROutputStream         dOut = new DEROutputStream(bOut);

        v3certGen.setEndDate(new Time(validToDate));
        // signature algorithm
        v3certGen.setSignature(algId);

        // Get the certificate info to be signed
        TBSCertificateStructure tbsCert = v3certGen.generateTBSCertificate();
        byte[] tobesigned = tbsCert.getEncoded();

        // Create the signature
        Signature signatureObj = Signature.getInstance(algorithm);
        signatureObj.initSign(caPriKey);
        signatureObj.update(tobesigned);

        v3certGen.setEndDate(new Time(validToDate));
        // signature algorithm
        v3certGen.setSignature(algId);

        // Get the certificate info to be signed
        TBSCertificateStructure tbsCert = v3certGen.generateTBSCertificate();
        byte[] tobesigned = tbsCert.getEncoded();

        // Create the signature
        Signature signatureObj = Signature.getInstance(algorithm);
        signatureObj.initSign(caPriKey);
        signatureObj.update(tobesigned);

        else
        {
            sig.initSign(key);
        }

        TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate();

        try
        {
            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
            DEROutputStream         dOut = new DEROutputStream(bOut);

        if (extensions != null)
        {
            tbsGen.setExtensions(new X509Extensions(extOrdering, extensions));
        }

        TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate();

        try
        {
            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
            DEROutputStream         dOut = new DEROutputStream(bOut);

        else
        {
            sig.initSign(key);
        }

        TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate();

        try
        {
            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
            DEROutputStream         dOut = new DEROutputStream(bOut);

    private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0)
        throws GeneralSecurityException, IOException
    {
        ASN1InputStream asn1inputstream =
            new ASN1InputStream(new ByteArrayInputStream(x509certificate.getTBSCertificate()));
        TBSCertificateStructure tbscertificatestructure =
            TBSCertificateStructure.getInstance(asn1inputstream.readObject());
        AlgorithmIdentifier algorithmidentifier = tbscertificatestructure.getSubjectPublicKeyInfo().getAlgorithmId();
        IssuerAndSerialNumber issuerandserialnumber =
            new IssuerAndSerialNumber(
                tbscertificatestructure.getIssuer(),
                tbscertificatestructure.getSerialNumber().getValue());
        Cipher cipher = Cipher.getInstance(algorithmidentifier.getObjectId().getId());
        cipher.init(1, x509certificate.getPublicKey());
        DEROctetString deroctetstring = new DEROctetString(cipher.doFinal(abyte0));
        RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber);
        return new KeyTransRecipientInfo( recipId, algorithmidentifier, deroctetstring);