Package org.bouncycastle.asn1.x509

Examples of org.bouncycastle.asn1.x509.X509ExtensionsGenerator

40
41
42
43
44
45
46
    private X509ExtensionsGenerator     extGenerator;

    public X509V2AttributeCertificateGenerator()
    {
        acInfoGen = new V2AttributeCertificateInfoGenerator();
        extGenerator = new X509ExtensionsGenerator();
    }
View Full Code Here
49
50
51
52
53
54
55
    private X509ExtensionsGenerator     extGenerator;

    public X509V2CRLGenerator()
    {
        tbsGen = new V2TBSCertListGenerator();
        extGenerator = new X509ExtensionsGenerator();
    }
View Full Code Here
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
        byte[] transid = CmpMessageHelper.createSenderNonce();

        // Create some crazy extensions to see that we get them when using
        // extension override.
        // We should not get our values when not using extension override
        X509ExtensionsGenerator extgen = new X509ExtensionsGenerator();
        // SubjectAltName
        GeneralNames san = CertTools.getGeneralNamesFromAltName("dnsName=foo.bar.com");
        extgen.addExtension(X509Extensions.SubjectAlternativeName, false, san);
        // KeyUsage
        int bcku = 0;
        bcku = X509KeyUsage.decipherOnly;
        X509KeyUsage ku = new X509KeyUsage(bcku);
        extgen.addExtension(X509Extensions.KeyUsage, false, ku);
        // Extended Key Usage
        Vector<KeyPurposeId> usage = new Vector<KeyPurposeId>();
        usage.add(KeyPurposeId.id_kp_codeSigning);
        ExtendedKeyUsage eku = new ExtendedKeyUsage(usage);
        extgen.addExtension(X509Extensions.ExtendedKeyUsage, false, eku);
        // OcspNoCheck
        extgen.addExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck, false, new DERNull());
        // Netscape cert type
        extgen.addExtension(new DERObjectIdentifier("2.16.840.1.113730.1.1"), false, new NetscapeCertType(NetscapeCertType.objectSigningCA));
        // My completely own
        extgen.addExtension(new DERObjectIdentifier("1.1.1.1.1"), false, new DERIA5String("PrimeKey"));

        // Make the complete extension package
        X509Extensions exts = extgen.generate();

        // First test without extension override
        PKIMessage one = genCertReq(issuerDN2, userDN2, keys, cacert2, nonce, transid, true, exts, null, null, null);
        PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD, "KeyId2", 567);
View Full Code Here
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
        // X509 Certificate Extensions
        //
       
        // Extensions we will add to the certificate, later when we have filled the structure with
        // everything we want.
        X509ExtensionsGenerator extgen = new X509ExtensionsGenerator();
       
        // First we check if there is general extension override, and add all extensions from
        // the request in that case
        if (certProfile.getAllowExtensionOverride() && extensions!=null) {
          Enumeration en = extensions.oids();
          while (en!=null && en.hasMoreElements()) {
            DERObjectIdentifier oid = (DERObjectIdentifier)en.nextElement();
            X509Extension ext = extensions.getExtension(oid);
            if (log.isDebugEnabled()) {
              log.debug("Overriding extension with oid: "+oid);
            }
            extgen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets());
          }
        }
       
        // Second we see if there is Key usage override
      X509Extensions overridenexts = extgen.generate();
        if (certProfile.getAllowKeyUsageOverride() && (keyusage >= 0)) {
          if (log.isDebugEnabled()) {
            log.debug("AllowKeyUsageOverride=true. Using KeyUsage from parameter: "+keyusage);
          }
            if ( (certProfile.getUseKeyUsage() == true) && (keyusage >=0) ){
                X509KeyUsage ku = new X509KeyUsage(keyusage);
               // We don't want to try to add custom extensions with the same oid if we have already added them
               // from the request, if AllowExtensionOverride is enabled.
               // Two extensions with the same oid is not allowed in the standard.
             if (overridenexts.getExtension(X509Extensions.KeyUsage) == null) {
                     extgen.addExtension(
                             X509Extensions.KeyUsage, certProfile.getKeyUsageCritical(), ku);              
             } else {
               if (log.isDebugEnabled()) {
                 log.debug("KeyUsage was already overridden by an extension, not using KeyUsage from parameter.");
               }
             }
            }
        }
       
        // Third, check for standard Certificate Extensions that should be added.
        // Standard certificate extensions are defined in CertificateProfile and CertificateExtensionFactory
        // and implemented in package org.ejbca.core.model.certextensions.standard
        CertificateExtensionFactory fact = CertificateExtensionFactory.getInstance();
        List<String> usedStdCertExt = certProfile.getUsedStandardCertificateExtensions();
        Iterator<String> certStdExtIter = usedStdCertExt.iterator();
      overridenexts = extgen.generate();
        while(certStdExtIter.hasNext()){
          String oid = certStdExtIter.next();
           // We don't want to try to add standard extensions with the same oid if we have already added them
          // from the request, if AllowExtensionOverride is enabled.
          // Two extensions with the same oid is not allowed in the standard.
          if (overridenexts.getExtension(new DERObjectIdentifier(oid)) == null) {
              CertificateExtension certExt = fact.getStandardCertificateExtension(oid, certProfile);
              if (certExt != null) {
                DEREncodable value = certExt.getValue(subject, this, certProfile, publicKey, caPublicKey);
                if (value != null) {
                  extgen.addExtension(new DERObjectIdentifier(certExt.getOID()),certExt.isCriticalFlag(),value);                                      
                }
              }           
          } else {
            if (log.isDebugEnabled()) {
              log.debug("Extension with oid "+oid+" has been overridden, standard extension will not be added.");
            }
          }
        }

         // Fourth, check for custom Certificate Extensions that should be added.
         // Custom certificate extensions is defined in certextensions.properties
         fact = CertificateExtensionFactory.getInstance();
         List<Integer> usedCertExt = certProfile.getUsedCertificateExtensions();
         Iterator<Integer> certExtIter = usedCertExt.iterator();
         while(certExtIter.hasNext()){
           Integer id = certExtIter.next();
           CertificateExtension certExt = fact.getCertificateExtensions(id);
           if (certExt != null) {
               // We don't want to try to add custom extensions with the same oid if we have already added them
               // from the request, if AllowExtensionOverride is enabled.
               // Two extensions with the same oid is not allowed in the standard.
             if (overridenexts.getExtension(new DERObjectIdentifier(certExt.getOID())) == null) {
               DEREncodable value = certExt.getValue(subject, this, certProfile, publicKey, caPublicKey);
               if (value != null) {
                 extgen.addExtension(new DERObjectIdentifier(certExt.getOID()),certExt.isCriticalFlag(),value);                                      
               }                
             } else {
               if (log.isDebugEnabled()) {
                 log.debug("Extension with oid "+certExt.getOID()+" has been overridden, custom extension will not be added.");
               }
               }
           }
         }
        
         // Finally add extensions to certificate generator
         X509Extensions exts = extgen.generate();
         Enumeration en = exts.oids();
         while (en.hasMoreElements()) {
           DERObjectIdentifier oid = (DERObjectIdentifier)en.nextElement();
           X509Extension ext = exts.getExtension(oid);
           certgen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets());
View Full Code Here
49
50
51
52
53
54
55
    private X509ExtensionsGenerator     extGenerator;

    public X509V2CRLGenerator()
    {
        tbsGen = new V2TBSCertListGenerator();
        extGenerator = new X509ExtensionsGenerator();
    }
View Full Code Here
41
42
43
44
45
46
47
    private X509ExtensionsGenerator     extGenerator;

    public X509V2AttributeCertificateGenerator()
    {
        acInfoGen = new V2AttributeCertificateInfoGenerator();
        extGenerator = new X509ExtensionsGenerator();
    }
View Full Code Here
51
52
53
54
55
56
57
    private X509ExtensionsGenerator     extGenerator;

    public X509V3CertificateGenerator()
    {
        tbsGen = new V3TBSCertificateGenerator();
        extGenerator = new X509ExtensionsGenerator();
    }
View Full Code Here
49
50
51
52
53
54
55
    private X509ExtensionsGenerator     extGenerator;

    public X509V2CRLGenerator()
    {
        tbsGen = new V2TBSCertListGenerator();
        extGenerator = new X509ExtensionsGenerator();
    }
View Full Code Here
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
   
    certificateGenerator.setSignatureAlgorithm( "MD5WithRSAEncryption" );
   
    certificateGenerator.setSerialNumber( new BigInteger( ""+SystemTime.getCurrentTime()));
         
    X509Name  issuer_dn = new X509Name(true,cert_dn);
   
    certificateGenerator.setIssuerDN(issuer_dn);
   
    X509Name  subject_dn = new X509Name(true,cert_dn);
   
    certificateGenerator.setSubjectDN(subject_dn);
   
    Calendar  not_after = Calendar.getInstance();
   
View Full Code Here
525
526
527
528
529
530
531
532
533
534
535
            // Add the signerInfo version
            //
            signerinfo.add(new DERInteger(signerversion));

            IssuerAndSerialNumber isAnds = new IssuerAndSerialNumber(
                        new X509Name((ASN1Sequence)getIssuer(signCert.getTBSCertificate())),
                        new DERInteger(signCert.getSerialNumber()));
            signerinfo.add(isAnds);

            // Add the digestAlgorithm
            //
View Full Code Here
TOP

Related Classes of org.bouncycastle.asn1.x509.X509ExtensionsGenerator

  • net.sf.libpdfsign.CRLDownloader
  • net.sf.libpdfsign.OCSPClient
  • org.bouncycastle.asn1.ASN1Encodable
  • org.bouncycastle.asn1.ASN1EncodableVector
  • org.bouncycastle.asn1.ASN1Enumerated
  • org.bouncycastle.asn1.ASN1InputStream
  • org.bouncycastle.asn1.ASN1Integer
  • org.bouncycastle.asn1.ASN1ObjectIdentifier
  • org.bouncycastle.asn1.ASN1Primitive
  • org.bouncycastle.asn1.ASN1Sequence
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.