Examples of org.bouncycastle.x509.X509V2AttributeCertificate

• org.bouncycastle.x509.X509V2AttributeCertificate
  An implementation of a version 2 X.509 Attribute Certificate. @deprecated use org.bouncycastle.cert.X509AttributeCertificateHolder

        // System.out.println(cert);

        //
        // create the certificate - version 1
        //
        X509V1CertificateGenerator  certGen1 = new X509V1CertificateGenerator();

        certGen1.setSerialNumber(BigInteger.valueOf(1));
        certGen1.setIssuerDN(new X509Principal(ord, values));
        certGen1.setNotBefore(new Date(System.currentTimeMillis() - 50000));
        certGen1.setNotAfter(new Date(System.currentTimeMillis() + 50000));
        certGen1.setSubjectDN(new X509Principal(ord, values));
        certGen1.setPublicKey(pubKey);
        certGen1.setSignatureAlgorithm("MD5WithRSAEncryption");

        cert = certGen1.generate(privKey);

        cert.checkValidity(new Date());

        cert.verify(pubKey);

        }

        //
        // create the certificate - version 1
        //
        X509V1CertificateGenerator  certGen1 = new X509V1CertificateGenerator();

        certGen1.setSerialNumber(BigInteger.valueOf(1));
        certGen1.setIssuerDN(new X509Principal(ord, values));
        certGen1.setNotBefore(new Date(System.currentTimeMillis() - 50000));
        certGen1.setNotAfter(new Date(System.currentTimeMillis() + 50000));
        certGen1.setSubjectDN(new X509Principal(ord, values));
        certGen1.setPublicKey(pubKey);
        certGen1.setSignatureAlgorithm("SHA1withDSA");

        try
        {
            X509Certificate cert = certGen1.generate(privKey);

            cert.checkValidity(new Date());

            cert.verify(pubKey);

                return getCertificate();
            }
        }

        return new X509V2AttributeCertificate(seq.getEncoded());
    }

            {
                Object obj = sData.getObjectAt(sDataObjectCount++);

                if (obj instanceof ASN1TaggedObject && ((ASN1TaggedObject)obj).getTagNo() == 2)
                {
                   return new X509V2AttributeCertificate(
                          ASN1Sequence.getInstance((ASN1TaggedObject)obj, false).getEncoded());
                }
            }
        }

    {
        ASN1Sequence seq = PEM_PARSER.readPEMObject(in);

        if (seq != null)
        {
            return new X509V2AttributeCertificate(seq.getEncoded());
        }

        return null;
    }

    }

    private void testCertWithBaseCertificateID()
        throws Exception
    {
        X509AttributeCertificate attrCert = new X509V2AttributeCertificate(certWithBaseCertificateID);
        CertificateFactory       fact = CertificateFactory.getInstance("X.509", "BC");
        X509Certificate          cert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(holderCertWithBaseCertificateID));

        AttributeCertificateHolder holder = attrCert.getHolder();

        if (holder.getEntityNames() != null)
        {
            fail("entity names set when none expected");
        }

        if (!holder.getSerialNumber().equals(cert.getSerialNumber()))
        {
            fail("holder serial number doesn't match");
        }

        if (!holder.getIssuer()[0].equals(cert.getIssuerX500Principal()))
        {
            fail("holder issuer doesn't match");
        }

        if (!holder.match(cert))
        {
            fail("holder not matching holder certificate");
        }

        if (!holder.equals(holder.clone()))
        {
            fail("holder clone test failed");
        }

        if (!attrCert.getIssuer().equals(attrCert.getIssuer().clone()))
        {
            fail("issuer clone test failed");
        }

        //equalityAndHashCodeTest(attrCert, certWithBaseCertificateID);

        if (attrCert.getIssuer().equals(attrCert.getHolder()))
        {
            fail("wrong issuer equal");
        }

        X509AttributeCertificate attrCert2 = new X509V2AttributeCertificate(encoding);

        if (attrCert2.getHolder().hashCode() != attrCert.getHolder().hashCode())
        {
            fail("holder hashCode test failed");
        }

        if (!attrCert2.getHolder().equals(attrCert.getHolder()))
        {
            fail("holder equals test failed");
        }

        if (attrCert2.getIssuer().hashCode() != attrCert.getIssuer().hashCode())
        {
            fail("issuer hashCode test failed");
        }

        if (!attrCert2.getIssuer().equals(attrCert.getIssuer()))
        {
            fail("issuer equals test failed");
        }
    }

    }

    public void performTest()
        throws Exception
    {
        X509AttributeCertificate    aCert = new X509V2AttributeCertificate(attrCert);
        CertificateFactory          fact = CertificateFactory.getInstance("X.509","BC");
        X509Certificate             sCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(signCert));

        aCert.verify(sCert.getPublicKey(), "BC");

        //
        // search test
        //

        List      list = new ArrayList();

        list.add(sCert);

        CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
        CertStore store = CertStore.getInstance("Collection", ccsp);

        Collection certs = store.getCertificates(aCert.getIssuer());
        if (certs.size() != 1 || !certs.contains(sCert))
        {
            fail("sCert not found by issuer");
        }

        X509Attribute[] attrs = aCert.getAttributes("1.3.6.1.4.1.6760.8.1.1");
        if (attrs == null || attrs.length != 1)
        {
            fail("attribute not found");
        }

        //
        // reencode test
        //
        aCert = new X509V2AttributeCertificate(aCert.getEncoded());

        aCert.verify(sCert.getPublicKey(), "BC");

        X509AttributeCertificate saCert = new X509V2AttributeCertificate(new ByteArrayInputStream(aCert.getEncoded()));

        if (!aCert.getNotAfter().equals(saCert.getNotAfter()))
        {
            fail("failed date comparison");
        }

        // base generator test

        //
        // a sample key pair.
        //
        RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
            new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
            new BigInteger("11", 16));

        RSAPrivateCrtKeySpec privKeySpec = RSA_PRIVATE_KEY_SPEC;

        //
        // set up the keys
        //
        PrivateKey          privKey;
        PublicKey           pubKey;

        KeyFactory  kFact = KeyFactory.getInstance("RSA", "BC");

        privKey = kFact.generatePrivate(privKeySpec);
        pubKey = kFact.generatePublic(pubKeySpec);

        X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();

        gen.addAttribute(attrs[0]);
        gen.setHolder(aCert.getHolder());
        gen.setIssuer(aCert.getIssuer());
        gen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
        gen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
        gen.setSerialNumber(aCert.getSerialNumber());
        gen.setSignatureAlgorithm("SHA1WithRSAEncryption");

        aCert = gen.generate(privKey, "BC");

        aCert.checkValidity();

        aCert.verify(pubKey, "BC");

        // as the issuer is the same this should still work (even though it is not
        // technically correct

        certs = store.getCertificates(aCert.getIssuer());
        if (certs.size() != 1 || !certs.contains(sCert))
        {
            fail("sCert not found by issuer");
        }

        attrs = aCert.getAttributes("1.3.6.1.4.1.6760.8.1.1");
        if (attrs == null || attrs.length != 1)
        {
            fail("attribute not found");
        }

        //
        // reencode test
        //
        aCert = new X509V2AttributeCertificate(aCert.getEncoded());

        aCert.verify(pubKey, "BC");

        AttributeCertificateIssuer  issuer = aCert.getIssuer();

                new DERSequence(roleSyntax));

        acGen.addAttribute(attributes);

        //      finally create the AC
        X509V2AttributeCertificate att = (X509V2AttributeCertificate)acGen
                .generate(caPrivKey, "BC");

        //
        // starting here, we parse the newly generated AC
        //

        // Holder

        AttributeCertificateHolder h = att.getHolder();
        if (h.match(clientCert))
        {
            if (h.getEntityNames() != null)
            {
                System.out.println(h.getEntityNames().length + " entity names found");
            }
            if (h.getIssuer() != null)
            {
                System.out.println(h.getIssuer().length + " issuer names found, serial number " + h.getSerialNumber());
            }
            System.out.println("Matches original client x509 cert");
        }

        // Issuer

        AttributeCertificateIssuer issuer = att.getIssuer();
        if (issuer.match(caCert))
        {
            if (issuer.getPrincipals() != null)
            {
                System.out.println(issuer.getPrincipals().length + " entity names found");
            }
            System.out.println("Matches original ca x509 cert");
        }

        // Dates
        System.out.println("valid not before: " + att.getNotBefore());
        System.out.println("valid not before: " + att.getNotAfter());

        // check the dates, an exception is thrown in checkValidity()...

        try
        {
            att.checkValidity();
            att.checkValidity(new Date());
        }
        catch (Exception e)
        {
            System.out.println(e);
        }

        // verify

        try
        {
            att.verify(caPubKey, "BC");
        }
        catch (Exception e)
        {
            System.out.println(e);
        }

        // Attribute
        X509Attribute[] attribs = att.getAttributes();
        System.out.println("cert has " + attribs.length + " attributes:");
        for (int i = 0; i < attribs.length; i++)
        {
            X509Attribute a = attribs[i];
            System.out.println("OID: " + a.getOID());

        if (certs.size() != 0)
        {
            fail("error using wrong selector (certs)");
        }
        // Searching for attribute certificates
        X509V2AttributeCertificate attrCert = new X509V2AttributeCertificate(AttrCertTest.attrCert);
        X509AttributeCertificate attrCert2 = new X509V2AttributeCertificate(AttrCertTest.certWithBaseCertificateID);

        List attrList = new ArrayList();
        attrList.add(attrCert);
        attrList.add(attrCert2);
        ccsp = new X509CollectionStoreParameters(attrList);
        store = X509Store.getInstance("AttributeCertificate/Collection", ccsp, "BC");
        X509AttributeCertStoreSelector attrSelector = new X509AttributeCertStoreSelector();
        attrSelector.setHolder(attrCert.getHolder());
        if (!attrSelector.getHolder().equals(attrCert.getHolder()))
        {
            fail("holder get not correct");
        }
        Collection attrs = store.getMatches(attrSelector);
        if (attrs.size() != 1 || !attrs.contains(attrCert))
        {
            fail("attrCert not found on holder");
        }
        attrSelector.setHolder(attrCert2.getHolder());
        if (attrSelector.getHolder().equals(attrCert.getHolder()))
        {
            fail("holder get not correct");
        }
        attrs = store.getMatches(attrSelector);
        if (attrs.size() != 1 || !attrs.contains(attrCert2))
        {
            fail("attrCert2 not found on holder");
        }
        attrSelector = new X509AttributeCertStoreSelector();
        attrSelector.setIssuer(attrCert.getIssuer());
        if (!attrSelector.getIssuer().equals(attrCert.getIssuer()))
        {
            fail("issuer get not correct");
        }
        attrs = store.getMatches(attrSelector);
        if (attrs.size() != 1 || !attrs.contains(attrCert))
        {
            fail("attrCert not found on issuer");
        }
        attrSelector.setIssuer(attrCert2.getIssuer());
        if (attrSelector.getIssuer().equals(attrCert.getIssuer()))
        {
            fail("issuer get not correct");
        }
        attrs = store.getMatches(attrSelector);