Package org.bouncycastle.asn1.x509

Examples of org.bouncycastle.asn1.x509.X509Extension

120
121
122
123
124
125
126
127
128
129
130
        // create details for nonce extension
        Vector<DERObjectIdentifier> oids = new Vector<DERObjectIdentifier>();
        Vector<X509Extension> values = new Vector<X509Extension>();

        oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
        values.add(new X509Extension(false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded())));

        gen.setRequestExtensions(new X509Extensions(oids, values));

        return gen.generate();
    }
View Full Code Here
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
        // the request in that case
        if (certProfile.getAllowExtensionOverride() && extensions!=null) {
          Enumeration en = extensions.oids();
          while (en!=null && en.hasMoreElements()) {
            DERObjectIdentifier oid = (DERObjectIdentifier)en.nextElement();
            X509Extension ext = extensions.getExtension(oid);
            if (log.isDebugEnabled()) {
              log.debug("Overriding extension with oid: "+oid);
            }
            extgen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets());
          }
        }
       
        // Second we see if there is Key usage override
      X509Extensions overridenexts = extgen.generate();
        if (certProfile.getAllowKeyUsageOverride() && (keyusage >= 0)) {
          if (log.isDebugEnabled()) {
            log.debug("AllowKeyUsageOverride=true. Using KeyUsage from parameter: "+keyusage);
          }
            if ( (certProfile.getUseKeyUsage() == true) && (keyusage >=0) ){
                X509KeyUsage ku = new X509KeyUsage(keyusage);
               // We don't want to try to add custom extensions with the same oid if we have already added them
               // from the request, if AllowExtensionOverride is enabled.
               // Two extensions with the same oid is not allowed in the standard.
             if (overridenexts.getExtension(X509Extensions.KeyUsage) == null) {
                     extgen.addExtension(
                             X509Extensions.KeyUsage, certProfile.getKeyUsageCritical(), ku);              
             } else {
               if (log.isDebugEnabled()) {
                 log.debug("KeyUsage was already overridden by an extension, not using KeyUsage from parameter.");
               }
             }
            }
        }
       
        // Third, check for standard Certificate Extensions that should be added.
        // Standard certificate extensions are defined in CertificateProfile and CertificateExtensionFactory
        // and implemented in package org.ejbca.core.model.certextensions.standard
        CertificateExtensionFactory fact = CertificateExtensionFactory.getInstance();
        List<String> usedStdCertExt = certProfile.getUsedStandardCertificateExtensions();
        Iterator<String> certStdExtIter = usedStdCertExt.iterator();
      overridenexts = extgen.generate();
        while(certStdExtIter.hasNext()){
          String oid = certStdExtIter.next();
           // We don't want to try to add standard extensions with the same oid if we have already added them
          // from the request, if AllowExtensionOverride is enabled.
          // Two extensions with the same oid is not allowed in the standard.
          if (overridenexts.getExtension(new DERObjectIdentifier(oid)) == null) {
              CertificateExtension certExt = fact.getStandardCertificateExtension(oid, certProfile);
              if (certExt != null) {
                DEREncodable value = certExt.getValue(subject, this, certProfile, publicKey, caPublicKey);
                if (value != null) {
                  extgen.addExtension(new DERObjectIdentifier(certExt.getOID()),certExt.isCriticalFlag(),value);                                      
                }
              }           
          } else {
            if (log.isDebugEnabled()) {
              log.debug("Extension with oid "+oid+" has been overridden, standard extension will not be added.");
            }
          }
        }

         // Fourth, check for custom Certificate Extensions that should be added.
         // Custom certificate extensions is defined in certextensions.properties
         fact = CertificateExtensionFactory.getInstance();
         List<Integer> usedCertExt = certProfile.getUsedCertificateExtensions();
         Iterator<Integer> certExtIter = usedCertExt.iterator();
         while(certExtIter.hasNext()){
           Integer id = certExtIter.next();
           CertificateExtension certExt = fact.getCertificateExtensions(id);
           if (certExt != null) {
               // We don't want to try to add custom extensions with the same oid if we have already added them
               // from the request, if AllowExtensionOverride is enabled.
               // Two extensions with the same oid is not allowed in the standard.
             if (overridenexts.getExtension(new DERObjectIdentifier(certExt.getOID())) == null) {
               DEREncodable value = certExt.getValue(subject, this, certProfile, publicKey, caPublicKey);
               if (value != null) {
                 extgen.addExtension(new DERObjectIdentifier(certExt.getOID()),certExt.isCriticalFlag(),value);                                      
               }                
             } else {
               if (log.isDebugEnabled()) {
                 log.debug("Extension with oid "+certExt.getOID()+" has been overridden, custom extension will not be added.");
               }
               }
           }
         }
        
         // Finally add extensions to certificate generator
         X509Extensions exts = extgen.generate();
         Enumeration en = exts.oids();
         while (en.hasMoreElements()) {
           DERObjectIdentifier oid = (DERObjectIdentifier)en.nextElement();
           X509Extension ext = exts.getExtension(oid);
           certgen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets());
         }
        
         //
         // End of extensions
         //
View Full Code Here
116
117
118
119
120
121
122
123
124
        try {
            dOut.writeObject(san);
        } catch (IOException e) {
            throw new IllegalArgumentException("error encoding value: " + e);
        }
        valuevec.add(new X509Extension(false, new DEROctetString(bOut.toByteArray())));
        oidvec.add(X509Extensions.SubjectAlternativeName);
        return generateCertReq( dn, password, transactionId, ca, new X509Extensions(oidvec,valuevec) );
    }
View Full Code Here
372
373
374
375
376
377
378
379
380
381
382
  public String getRequestAltNames() {
      String ret = null;
      final CertTemplate templ = getReq().getCertReq().getCertTemplate();
      final X509Extensions exts = templ.getExtensions();
    if (exts != null) {
      final X509Extension ext = exts.getExtension(X509Extensions.SubjectAlternativeName);
      if (ext != null) {
        ret = CertTools.getAltNameStringFromExtension(ext);
      }
    }
    if (log.isDebugEnabled()) {
View Full Code Here
156
157
158
159
160
161
162
163
164
165
166
167
168
169
          } else {
            LOG.debug("CMPv1 revocation reason is null");
          }
          X509Extensions crlExt = rd.getCrlEntryDetails();
          if (crlExt != null) {
            X509Extension ext = crlExt.getExtension(X509Extensions.ReasonCode);
            if (ext != null) {
              try {
                ASN1InputStream ai = new ASN1InputStream(ext.getValue().getOctets());
                DERObject obj = ai.readObject();
                DEREnumerated crlreason = DEREnumerated.getInstance(obj);
                // RevokedCertInfo.REVOCATION_REASON_AACOMPROMISE are the same integer values as the CRL reason extension code
                reason = crlreason.getValue().intValue();
                LOG.debug("CRLReason extension: "+reason);
View Full Code Here
307
308
309
310
311
312
313
314
315
316
317
318
319
                      int keyusage = -1;
                      if (exts != null) {
                          if (log.isDebugEnabled()) {
                            log.debug("we have extensions, see if we can override KeyUsage by looking for a KeyUsage extension in request");
                          }
                        X509Extension ext = exts.getExtension(X509Extensions.KeyUsage);
                        if (ext != null) {
                          ASN1OctetString os = ext.getValue();
                          ByteArrayInputStream bIs = new ByteArrayInputStream(os.getOctets());
                          ASN1InputStream dIs = new ASN1InputStream(bIs);
                          DERObject dob = dIs.readObject();
                          DERBitString bs = DERBitString.getInstance(dob);
                          keyusage = bs.intValue();                                                           
View Full Code Here
77
78
79
80
81
82
83
84
85
86
87
        TBSCertificateStructure issuerTbsCert = getTBSCertificate(issuerCert);

        addProxyCertInfoExtension();
        X509Extensions extensions = issuerTbsCert.getExtensions();
        if (extensions != null) {
            X509Extension ext = null;
            ext = extensions.getExtension(X509Extensions.KeyUsage);
            addKeyUsage(ext);

            ext = extensions.getExtension(X509Extensions.ExtendedKeyUsage);
            addExtendedKeyUsage(ext);
View Full Code Here
211
212
213
214
215
216
217
218
        {
            extensions = new Hashtable();
            extOrdering = new Vector();
        }

        extensions.put(OID, new X509Extension(critical, new DEROctetString(value)));
        extOrdering.addElement(OID);
    }
View Full Code Here
345
346
347
348
349
350
351
352
353
354
355
356
357
            Enumeration     e = extensions.oids();
   
            while (e.hasMoreElements())
            {
                DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
                X509Extension       ext = extensions.getExtension(oid);
   
                if (critical == ext.isCritical())
                {
                    set.add(oid.getId());
                }
            }
        }
View Full Code Here
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
    {
        X509Extensions exts = this.getRequestExtensions();

        if (exts != null)
        {
            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));

            if (ext != null)
            {
                ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
                DEROutputStream dOut = new DEROutputStream(bOut);

                try
                {
                    dOut.writeObject(ext.getValue());

                    return bOut.toByteArray();
                }
                catch (Exception e)
                {
View Full Code Here
TOP

Related Classes of org.bouncycastle.asn1.x509.X509Extension

  • com.itextpdf.text.pdf.OcspClientBouncyCastle
  • com.lowagie.text.pdf.OcspClientBouncyCastle
  • com.maverick.crypto.asn1.x509.X509Certificate
  • net.sf.libpdfsign.CRLDownloader
  • net.sf.libpdfsign.OCSPClient
  • org.apache.geronimo.crypto.jce.provider.X509CertificateObject
  • org.apache.geronimo.crypto.jce.provider.X509CRLEntryObject
  • org.apache.geronimo.crypto.jce.provider.X509CRLObject
  • org.apache.geronimo.util.jce.provider.X509CertificateObject
  • org.apache.geronimo.util.jce.provider.X509CRLEntryObject
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.