List of usage examples for org.bouncycastle.asn1 ASN1EncodableVector ASN1EncodableVector
public ASN1EncodableVector()
From source file:org.fuin.esmp.EventStoreCertificateMojo.java
License:Open Source License
private static X509Certificate generateCertificate(final String domain, final KeyPair pair) { try {//from w w w . j av a 2s . co m final X500Name issuerName = new X500Name("CN=" + domain); final X500Name subjectName = issuerName; final BigInteger serial = BigInteger.valueOf(new Random().nextInt()); final Date notBefore = Date.from(LocalDateTime.of(2016, 1, 1, 0, 0).toInstant(ZoneOffset.UTC)); final Date notAfter = Date.from(LocalDateTime.of(2099, 1, 1, 0, 0).toInstant(ZoneOffset.UTC)); final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerName, serial, notBefore, notAfter, subjectName, pair.getPublic()); builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); final ASN1EncodableVector purposes = new ASN1EncodableVector(); purposes.add(KeyPurposeId.id_kp_serverAuth); builder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes)); return signCertificate(builder, pair.getPrivate()); } catch (final CertIOException ex) { throw new RuntimeException("Couldn't generate certificate", ex); } }
From source file:org.glite.security.delegation.GrDProxyGenerator.java
License:Apache License
/** * Create a proxy certificate from a given certificate * /*ww w. ja v a2s . com*/ * @param issuerCert * issuer certificate * @param issuerKey * issuer private key * @param publicKey * public key of delegatee * @param lifetime * life time of proxy * @param proxyType * type of proxy * @param cnValue * common name of proxy * @return created proxy certificate * @throws GeneralSecurityException * @deprecated Use proxy generator from util-java */ public X509Certificate createProxyCertificate(X509Certificate issuerCert, PrivateKey issuerKey, PublicKey publicKey, int lifetime1, int proxyType1, String cnValue) throws GeneralSecurityException { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); BigInteger serialNum = null; serialNum = issuerCert.getSerialNumber(); X509Name issuer = (X509Name) issuerCert.getSubjectDN(); ASN1Sequence seqSubject = (ASN1Sequence) issuer.getDERObject(); logger.debug("SubjectDN of IssuerCert" + issuer); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(X509Name.CN); v.add(new DERPrintableString(cnValue)); Enumeration subjectParts = seqSubject.getObjects(); ASN1EncodableVector subjectVector = new ASN1EncodableVector(); while (subjectParts.hasMoreElements()) { DERObject part = (DERObject) subjectParts.nextElement(); subjectVector.add(part); } subjectVector.add(new DERSet(new DERSequence(v))); DERSequence subjDerSeq = new DERSequence(subjectVector); X509Name subjectX = new X509Name(subjDerSeq); logger.debug("SubjectDN :" + subjectX); certGen.setSubjectDN(subjectX); certGen.setIssuerDN(issuer); certGen.setSerialNumber(serialNum); certGen.setPublicKey(publicKey); certGen.setSignatureAlgorithm(issuerCert.getSigAlgName()); certGen.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(KeyUsage.dataEncipherment | KeyUsage.digitalSignature)); GregorianCalendar date = new GregorianCalendar(TimeZone.getTimeZone("UTC")); date.add(Calendar.MINUTE, -5); certGen.setNotBefore(date.getTime()); if (lifetime1 <= 0) { certGen.setNotAfter(issuerCert.getNotAfter()); } else { date.add(Calendar.MINUTE, 5); date.add(Calendar.SECOND, lifetime1); certGen.setNotAfter(date.getTime()); } return certGen.generateX509Certificate(issuerKey); }
From source file:org.glite.security.util.proxy.ProxyCertificateGenerator.java
License:Apache License
/** * Generates a new proxy DN based on the basename. If newCN is given, it is added to the end of the DN and the new * DN is returned. If newCN is null, the basename is analyzed. In case of old proxy DN, either "CN=proxy" or * "CN=limited proxy" is added depending on the value of limited argument. In case of new style proxy or nonproxy * DN, new style proxy is assumed and "CN=" with random number following it is added. * //from w w w.j a v a 2 s . com * @param basename The DN to use as the basis of the new DN. * @param inputCN If given, this is used as the new CN value. * @param limited in case the newCN is not given and the basename is old style proxy, setting this to true will * generate limited proxy. * @return the new DN. */ @SuppressWarnings("unchecked") public X509Name generateDN(X509Name basename, String inputCN, boolean limited) { if (basename == null) { throw new IllegalArgumentException("generateDN: no basename given, can't generate DN."); } String newCN; if (inputCN == null) { // if no CN part given, guess it newCN = guessCN(basename, limited); } else { newCN = inputCN; } // generate new cn part ASN1EncodableVector newCnPart = new ASN1EncodableVector(); newCnPart.add(X509Name.CN); newCnPart.add(new DERPrintableString(newCN)); // copy the RDNs to a new vector so that the new part can be added. ASN1Sequence subjectSequence = (ASN1Sequence) basename.getDERObject(); Enumeration subjectParts = subjectSequence.getObjects(); ASN1EncodableVector subjectVector = new ASN1EncodableVector(); while (subjectParts.hasMoreElements()) { DERObject part = (DERObject) subjectParts.nextElement(); subjectVector.add(part); } subjectVector.add(new DERSet(new DERSequence(newCnPart))); // transform the vector into a new X509Name DERSequence subjDerSeq = new DERSequence(subjectVector); X509Name proxySubject = new X509Name(subjDerSeq); LOGGER.debug("SubjectDN :" + proxySubject); return proxySubject; }
From source file:org.glite.security.util.proxy.ProxyCertificateGenerator.java
License:Apache License
/** * Adds a new CN part to the end of the DN and sets it as the subject DN. Also sets the issuer DN. * //from www . j a v a 2 s .c o m * @param newCn The string to be added as the CN value. */ @SuppressWarnings("unchecked") private void setupDNs(String newCn) { ASN1Sequence seqSubject = (ASN1Sequence) m_baseName.getDERObject(); ASN1EncodableVector newCnPart = new ASN1EncodableVector(); newCnPart.add(X509Name.CN); newCnPart.add(new DERPrintableString(newCn)); Enumeration subjectParts = seqSubject.getObjects(); ASN1EncodableVector subjectVector = new ASN1EncodableVector(); while (subjectParts.hasMoreElements()) { DERObject part = (DERObject) subjectParts.nextElement(); subjectVector.add(part); } subjectVector.add(new DERSet(new DERSequence(newCnPart))); DERSequence subjDerSeq = new DERSequence(subjectVector); X509Name proxySubject = new X509Name(subjDerSeq); m_newDN = proxySubject; LOGGER.debug("SubjectDN :" + proxySubject); m_certGen.setSubjectDN(proxySubject); m_certGen.setIssuerDN(m_baseName); }
From source file:org.glite.security.util.proxy.ProxyCertInfoExtension.java
License:Apache License
public DERObject toASN1Object() { ASN1EncodableVector v = new ASN1EncodableVector(); if (m_pathLen > -1 && m_pathLen != UNLIMITED) { v.add(new DERInteger(m_pathLen)); }//from www.j av a 2 s.co m if (m_policy != null) { v.add(m_policy.toASN1Object()); } else { throw new IllegalArgumentException("Can't generate ProxyCertInfoExtension without mandatory policy"); } return new DERSequence(v); }
From source file:org.glite.security.util.proxy.ProxyPolicy.java
License:Apache License
/** * output the ASN1 object of the proxy policy. * //from w ww . ja va 2 s . com * @see org.bouncycastle.asn1.ASN1Encodable#toASN1Object() */ public DERObject toASN1Object() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DERObjectIdentifier(m_oid)); if (m_policy != null) { v.add(new DEROctetString(m_policy)); } return new DERSequence(v); }
From source file:org.glite.security.util.proxy.ProxyRestrictionData.java
License:Apache License
/** * Returns the NameConstraints structure of the restrictions. * //from w w w . j a va 2 s . c o m * @return The DERSequence containing the NameConstraints structure. */ public DERSequence getNameConstraints() { // The NameConstraints sequence ASN1EncodableVector nameConstraintsSequenceVector = new ASN1EncodableVector(); addTaggedSequenceOfSubtrees(0, m_permittedGeneralSubtrees, nameConstraintsSequenceVector); addTaggedSequenceOfSubtrees(1, m_excludedGeneralSubtrees, nameConstraintsSequenceVector); return new DERSequence(nameConstraintsSequenceVector); }
From source file:org.glite.security.util.proxy.ProxyRestrictionData.java
License:Apache License
/** * Adds, with the given tag, a DER sequence object that contains the GeneralSubtree objects into the ASN1Vector. * //from w w w . j a v a2 s . c om * @param tagNo The tag to tag the object. * @param subtrees The Vector of GeneralSubtree objects. Null will throw NullPointerException. An empty Vector will * not be added. * @param asn1Vector The vector to add the subtrees sequence with the given tag. */ private static void addTaggedSequenceOfSubtrees(int tagNo, Vector<GeneralSubtree> subtrees, ASN1EncodableVector asn1Vector) { if (!subtrees.isEmpty()) { ASN1EncodableVector subtreesSequenceVector = new ASN1EncodableVector(); Enumeration<GeneralSubtree> generalSubtreesEnum = subtrees.elements(); while (generalSubtreesEnum.hasMoreElements()) { subtreesSequenceVector.add(generalSubtreesEnum.nextElement()); } asn1Vector.add(new DERTaggedObject(tagNo, new DERSequence(subtreesSequenceVector))); } }
From source file:org.glite.slcs.pki.bouncycastle.X509PrincipalUtil.java
License:eu-egee.org license
/** * Builds a {@link X509Principal}, based on the given vectors. * //from w ww . java 2s . co m * @param ordering * @param values * @param added * @return the {@link X509Principal} or <code>null</code> if an error * occurs. * @throws IOException * if a DER encoding error occurs. */ private X509Principal buildX509Principal(Vector<DERObjectIdentifier> ordering, Vector<Object> values, Vector<Boolean> added) throws IOException { X509NameEntryConverter converter = new X509DefaultEntryConverter(); ASN1EncodableVector vec = new ASN1EncodableVector(); ASN1EncodableVector sVec = new ASN1EncodableVector(); DERObjectIdentifier lstOid = null; // Bouncycastle's code for (int i = 0; i != ordering.size(); i++) { ASN1EncodableVector v = new ASN1EncodableVector(); DERObjectIdentifier oid = ordering.elementAt(i); v.add(oid); String str = (String) values.elementAt(i); v.add(converter.getConvertedValue(oid, str)); if (lstOid == null || added.elementAt(i)) { sVec.add(new DERSequence(v)); } else { vec.add(new DERSet(sVec)); sVec = new ASN1EncodableVector(); sVec.add(new DERSequence(v)); } lstOid = oid; } vec.add(new DERSet(sVec)); DERSequence seq = new DERSequence(vec); byte[] bytes = seq.getDEREncoded(); return new X509Principal(bytes); }
From source file:org.glite.slcs.pki.CertificateExtensionFactory.java
License:eu-egee.org license
/** * /* w ww .j ava 2 s.c o m*/ * @param prefixedAltNames * @param values * @return */ static protected CertificateExtension createSubjectAltNameExtension(Vector prefixedAltNames, String values) { ASN1EncodableVector altNames = new ASN1EncodableVector(); Enumeration typeAndNames = prefixedAltNames.elements(); while (typeAndNames.hasMoreElements()) { String typeAndName = (String) typeAndNames.nextElement(); typeAndName = typeAndName.trim(); if (typeAndName.startsWith("email:")) { String emailAddress = typeAndName.substring("email:".length()); GeneralName altName = new GeneralName(GeneralName.rfc822Name, emailAddress); altNames.add(altName); } else if (typeAndName.startsWith("dns:")) { String hostname = typeAndName.substring("dns:".length()); GeneralName altName = new GeneralName(GeneralName.dNSName, hostname); altNames.add(altName); } else { LOG.error("Unsupported subjectAltName: " + typeAndName); } } DERSequence subjectAltNames = new DERSequence(altNames); GeneralNames generalNames = new GeneralNames(subjectAltNames); X509Extension subjectAltNameExtension = new X509Extension(false, new DEROctetString(generalNames)); return new CertificateExtension(X509Extensions.SubjectAlternativeName, "SubjectAltName", subjectAltNameExtension, values); }