Package org.bouncycastle.asn1.x509

Examples of org.bouncycastle.asn1.x509.X509Name

40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
     CryptoProviderTools.installBCProvider();
     keyPair = KeyTools.genKeys("512", null, "RSA");
   }

   public void test01Pkcs10RequestMessage() throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
     X509Name dn = new X509Name("CN=Test,OU=foo");
     PKCS10CertificationRequest basicpkcs10 = new PKCS10CertificationRequest("SHA1WithRSA", dn,
         keyPair.getPublic(), new DERSet(), keyPair.getPrivate());

     PKCS10RequestMessage msg = new PKCS10RequestMessage(basicpkcs10);
     String username = msg.getUsername();
     assertEquals("Test", username);

     dn = new X509Name("C=SE, O=Foo, CN=Test Testsson");
     basicpkcs10 = new PKCS10CertificationRequest("SHA1WithRSA", dn,
         keyPair.getPublic(), new DERSet(), keyPair.getPrivate());

     msg = new PKCS10RequestMessage(basicpkcs10);
     username = msg.getUsername();
     assertEquals("Test", username);

     // oid for unstructuredName, will be handles specially by EJBCA
     dn = new X509Name("CN=Test + 1.2.840.113549.1.9.2=AttrValue1");
     basicpkcs10 = new PKCS10CertificationRequest("SHA1WithRSA", dn,
         keyPair.getPublic(), new DERSet(), keyPair.getPrivate());

     msg = new PKCS10RequestMessage(basicpkcs10);
     username = msg.getUsername();
     assertEquals("Test", username);

     dn = new X509Name("CN=Test + 1.2.840.113549.1.9.2=AttrValue1 AttrValue2");
     basicpkcs10 = new PKCS10CertificationRequest("SHA1WithRSA", dn,
         keyPair.getPublic(), new DERSet(), keyPair.getPrivate());

     msg = new PKCS10RequestMessage(basicpkcs10);
     username = msg.getUsername();
     assertEquals("Test", username);

     dn = new X509Name("CN=Test+1.2.840.113549.1.9.2=AttrValue1");
     basicpkcs10 = new PKCS10CertificationRequest("SHA1WithRSA", dn,
         keyPair.getPublic(), new DERSet(), keyPair.getPrivate());

     msg = new PKCS10RequestMessage(basicpkcs10);
     username = msg.getUsername();
     assertEquals("Test", username);

     dn = new X509Name("CN=Test+1.2.840.113549.1.9.2=AttrValue1 AttrValue2");
     basicpkcs10 = new PKCS10CertificationRequest("SHA1WithRSA", dn,
         keyPair.getPublic(), new DERSet(), keyPair.getPrivate());

     msg = new PKCS10RequestMessage(basicpkcs10);
     username = msg.getUsername();
     assertEquals("Test", username);

     // Completely unknown oid
     dn = new X509Name("CN=Test + 1.2.840.113549.1.9.3=AttrValue1");
     basicpkcs10 = new PKCS10CertificationRequest("SHA1WithRSA", dn,
         keyPair.getPublic(), new DERSet(), keyPair.getPrivate());

     msg = new PKCS10RequestMessage(basicpkcs10);
     username = msg.getUsername();
     assertEquals("Test", username);

     dn = new X509Name("CN=Test + 1.2.840.113549.1.9.3=AttrValue1 AttrValue2");
     basicpkcs10 = new PKCS10CertificationRequest("SHA1WithRSA", dn,
         keyPair.getPublic(), new DERSet(), keyPair.getPrivate());

     msg = new PKCS10RequestMessage(basicpkcs10);
     username = msg.getUsername();
     assertEquals("Test", username);

     dn = new X509Name("CN=Test+1.2.840.113549.1.9.3=AttrValue1");
     basicpkcs10 = new PKCS10CertificationRequest("SHA1WithRSA", dn,
         keyPair.getPublic(), new DERSet(), keyPair.getPrivate());

     msg = new PKCS10RequestMessage(basicpkcs10);
     username = msg.getUsername();
     assertEquals("Test", username);

     dn = new X509Name("CN=Test+1.2.840.113549.1.9.3=AttrValue1 AttrValue2");
     basicpkcs10 = new PKCS10CertificationRequest("SHA1WithRSA", dn,
         keyPair.getPublic(), new DERSet(), keyPair.getPrivate());

     msg = new PKCS10RequestMessage(basicpkcs10);
     username = msg.getUsername();
     assertEquals("Test", username);

     dn = new X509Name("1.2.840.113549.1.9.3=AttrValue1 AttrValue2+CN=Test");
     basicpkcs10 = new PKCS10CertificationRequest("SHA1WithRSA", dn,
         keyPair.getPublic(), new DERSet(), keyPair.getPrivate());

     msg = new PKCS10RequestMessage(basicpkcs10);
     username = msg.getUsername();
     assertEquals("Test", username);

     dn = new X509Name("1.2.840.113549.1.9.3=AttrValue1 AttrValue2+CN=Test+O=abc");
     basicpkcs10 = new PKCS10CertificationRequest("SHA1WithRSA", dn,
         keyPair.getPublic(), new DERSet(), keyPair.getPrivate());

     msg = new PKCS10RequestMessage(basicpkcs10);
     username = msg.getUsername();
     assertEquals("Test", username);

     dn = new X509Name("1.2.840.113549.1.9.3=AttrValue1\\+\\= AttrValue2+CN=Test+O=abc")// very strange, but should still be valid
     basicpkcs10 = new PKCS10CertificationRequest("SHA1WithRSA", dn,
         keyPair.getPublic(), new DERSet(), keyPair.getPrivate());

     msg = new PKCS10RequestMessage(basicpkcs10);
     username = msg.getUsername();
View Full Code Here
74
75
76
77
78
79
80
    MyIRequestMessage(String serialNumber) {
      final Vector<DERObjectIdentifier> oids = new Vector<DERObjectIdentifier>();
      final Vector<String> values = new Vector<String>();
      oids.add(X509Name.SN);
      values.add(serialNumber);
      this.dn = new X509Name(oids, values);
    }
View Full Code Here
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
    org.bouncycastle.asn1.x509.Time na = new org.bouncycastle.asn1.x509.Time(new Date());
    myOptionalValidity.setNotBefore(nb);
    myOptionalValidity.setNotAfter(na);
    CertTemplate myCertTemplate = new CertTemplate();
    myCertTemplate.setValidity( myOptionalValidity );
    myCertTemplate.setIssuer(new X509Name("CN=bogusIssuer"));
    myCertTemplate.setSubject(new X509Name("CN=bogusSubject"));
    byte[]                  bytes = keys.getPublic().getEncoded();
        ByteArrayInputStream    bIn = new ByteArrayInputStream(bytes);
        ASN1InputStream         dIn = new ASN1InputStream(bIn);
        SubjectPublicKeyInfo keyInfo = new SubjectPublicKeyInfo((ASN1Sequence)dIn.readObject());
    myCertTemplate.setPublicKey(keyInfo);
    ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
    DEROutputStream         dOut = new DEROutputStream(bOut);
    Vector<X509Extension> values = new Vector<X509Extension>();
    Vector<DERObjectIdentifier> oids = new Vector<DERObjectIdentifier>();
    int bcku = X509KeyUsage.digitalSignature | X509KeyUsage.keyEncipherment | X509KeyUsage.nonRepudiation;
    X509KeyUsage ku = new X509KeyUsage(bcku);
    bOut = new ByteArrayOutputStream();
    dOut = new DEROutputStream(bOut);
    dOut.writeObject(ku);
    byte[] value = bOut.toByteArray();
    X509Extension kuext = new X509Extension(false, new DEROctetString(value));
    values.add(kuext);
    oids.add(X509Extensions.KeyUsage);
        myCertTemplate.setExtensions(new X509Extensions(oids, values));
        CertRequest myCertRequest = new CertRequest(new DERInteger(4), myCertTemplate);
        CertReqMsg myCertReqMsg = new CertReqMsg(myCertRequest);
        ProofOfPossession myProofOfPossession = new ProofOfPossession(new DERNull(), 0);
        myCertReqMsg.setPop(myProofOfPossession);
        AttributeTypeAndValue av = new AttributeTypeAndValue(CRMFObjectIdentifiers.regCtrl_regToken, new DERUTF8String("foo123"));
        myCertReqMsg.addRegInfo(av);
        CertReqMessages myCertReqMessages = new CertReqMessages(myCertReqMsg);
        PKIHeader myPKIHeader = new PKIHeader(new DERInteger(2), new GeneralName(new X509Name("CN=bogusSubject")), new GeneralName(new X509Name("CN=bogusIssuer")));
        myPKIHeader.setMessageTime(new DERGeneralizedTime(new Date()));
        myPKIHeader.setSenderNonce(new DEROctetString(CmpMessageHelper.createSenderNonce()));
        myPKIHeader.setTransactionID(new DEROctetString(CmpMessageHelper.createSenderNonce()));
        PKIBody myPKIBody = new PKIBody(myCertReqMessages, 0);
        PKIMessage myPKIMessage = new PKIMessage(myPKIHeader, myPKIBody);
View Full Code Here
108
109
110
111
112
113
114
115
116
117
118
119
  }

  public boolean create() throws IOException, InvalidKeyException,
      NoSuchAlgorithmException, NoSuchProviderException,
      SignRequestException, NotFoundException {
    X509Name sender = X509Name.getInstance(getSender().getName());
    X509Name recipient = X509Name.getInstance(getRecipient().getName());
    PKIHeader myPKIHeader = CmpMessageHelper.createPKIHeader(sender, recipient, getSenderNonce(), getRecipientNonce(), getTransactionId());
    PKIStatusInfo myPKIStatusInfo = new PKIStatusInfo(new DERInteger(2)); // 2 = rejection
    if (failInfo != null) {
      myPKIStatusInfo.setFailInfo(failInfo.getAsBitString());     
    }
View Full Code Here
141
142
143
144
145
146
147
148
149
150
151
              break;
            case CertificateRequestRequest.REQUEST_TYPE_CRMF:
              // Extract request in a format that EJBCA can process
          CertReqMessages certReqMessages = CertReqMessages.getInstance(new ASN1InputStream(submessage.getRequestData()).readObject());
          PKIMessage msg = new PKIMessage(new PKIHeader(
              new DERInteger(2), new GeneralName(new X509Name("CN=unused")), new GeneralName(new X509Name("CN=unused"))),
              new PKIBody(certReqMessages, 2)); // [2] CertReqMessages --Certification Request
              CrmfRequestMessage crmfReq = new CrmfRequestMessage(msg, null, true, null);
              crmfReq.setUsername(submessage.getUsername());
              crmfReq.setPassword(submessage.getPassword());
              // Request and extract certificate from response
View Full Code Here
174
175
176
177
178
179
180
181
182
183
184
185
186
  public void tearDown() throws Exception {
    super.tearDown();
  }
  @Override
  protected void checkDN(String sExpected, X509Name actual) {
    final X509Name expected = new X509Name(sExpected);
    final Vector<DERObjectIdentifier> expectedOIDs = expected.getOIDs();
    final Vector<String> expectedValues = expected.getValues();
    final Vector<DERObjectIdentifier> actualOIDs = actual.getOIDs();
    final Vector<String> actualValues = actual.getValues();
    assertEquals("Not the expected number of elements in the created certificate.", expectedOIDs.size(), actualOIDs.size());
    for ( int i=0; i<expectedOIDs.size(); i++ ) {
      final DERObjectIdentifier oid = expectedOIDs.get(i);
View Full Code Here
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
    myOptionalValidity.setNotBefore(nb);
    myOptionalValidity.setNotAfter(na);
   
    CertTemplate myCertTemplate = new CertTemplate();
    myCertTemplate.setValidity( myOptionalValidity );
    myCertTemplate.setIssuer(new X509Name(issuerDN));
    myCertTemplate.setSubject(new X509Name(userDN));
    byte[]                  bytes = keys.getPublic().getEncoded();
        ByteArrayInputStream    bIn = new ByteArrayInputStream(bytes);
        ASN1InputStream         dIn = new ASN1InputStream(bIn);
        SubjectPublicKeyInfo keyInfo = new SubjectPublicKeyInfo((ASN1Sequence)dIn.readObject());
    myCertTemplate.setPublicKey(keyInfo);
    // If we did not pass any extensions as parameter, we will create some of our own, standard ones
        X509Extensions exts = extensions;
        if (exts == null) {
          // SubjectAltName
        // Some altNames
            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
            DEROutputStream         dOut = new DEROutputStream(bOut);
            Vector<X509Extension> values = new Vector<X509Extension>();
            Vector<DERObjectIdentifier> oids = new Vector<DERObjectIdentifier>();
          if (altNames != null) {
                GeneralNames san = CertTools.getGeneralNamesFromAltName(altNames);
                dOut.writeObject(san);
                byte[] value = bOut.toByteArray();
                X509Extension sanext = new X509Extension(false, new DEROctetString(value));
                values.add(sanext);
                oids.add(X509Extensions.SubjectAlternativeName);
          }
            // KeyUsage
            int bcku = 0;
            bcku = X509KeyUsage.digitalSignature | X509KeyUsage.keyEncipherment | X509KeyUsage.nonRepudiation;
            X509KeyUsage ku = new X509KeyUsage(bcku);
            bOut = new ByteArrayOutputStream();
            dOut = new DEROutputStream(bOut);
            dOut.writeObject(ku);
            byte[] value = bOut.toByteArray();
            X509Extension kuext = new X509Extension(false, new DEROctetString(value));
            values.add(kuext);
            oids.add(X509Extensions.KeyUsage);

            // Make the complete extension package
            exts = new X509Extensions(oids, values);
        }
        myCertTemplate.setExtensions(exts);
    if (customCertSerno != null) {
      // Add serialNumber to the certTemplate, it is defined as a MUST NOT be used in RFC4211, but we will use it anyway in order
      // to request a custom certificate serial number (something not standard anyway)
      myCertTemplate.setSerialNumber(new DERInteger(customCertSerno));
    }

        CertRequest myCertRequest = new CertRequest(new DERInteger(4), myCertTemplate);
        // myCertRequest.addControls(new
        // AttributeTypeAndValue(CRMFObjectIdentifiers.regInfo_utf8Pairs, new
        // DERInteger(12345)));
        CertReqMsg myCertReqMsg = new CertReqMsg(myCertRequest);

        // POPO
        /*
         * PKMACValue myPKMACValue = new PKMACValue( new AlgorithmIdentifier(new
         * DERObjectIdentifier("8.2.1.2.3.4"), new DERBitString(new byte[] { 8,
         * 1, 1, 2 })), new DERBitString(new byte[] { 12, 29, 37, 43 }));
         *
         * POPOPrivKey myPOPOPrivKey = new POPOPrivKey(new DERBitString(new
         * byte[] { 44 }), 2); //take choice pos tag 2
         *
         * POPOSigningKeyInput myPOPOSigningKeyInput = new POPOSigningKeyInput(
         * myPKMACValue, new SubjectPublicKeyInfo( new AlgorithmIdentifier(new
         * DERObjectIdentifier("9.3.3.9.2.2"), new DERBitString(new byte[] { 2,
         * 9, 7, 3 })), new byte[] { 7, 7, 7, 4, 5, 6, 7, 7, 7 }));
         */
        ProofOfPossession myProofOfPossession = null;
        if (raVerifiedPopo) {
            // raVerified POPO (meaning there is no POPO)
            myProofOfPossession = new ProofOfPossession(new DERNull(), 0);
        } else {
            ByteArrayOutputStream baos = new ByteArrayOutputStream();
            DEROutputStream mout = new DEROutputStream(baos);
            mout.writeObject(myCertRequest);
            mout.close();
            byte[] popoProtectionBytes = baos.toByteArray();
            Signature sig = Signature.getInstance(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), "BC");
            sig.initSign(keys.getPrivate());
            sig.update(popoProtectionBytes);

            DERBitString bs = new DERBitString(sig.sign());

            POPOSigningKey myPOPOSigningKey = new POPOSigningKey(new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption), bs);
            // myPOPOSigningKey.setPoposkInput( myPOPOSigningKeyInput );
            myProofOfPossession = new ProofOfPossession(myPOPOSigningKey, 1);
        }

        myCertReqMsg.setPop(myProofOfPossession);
        // myCertReqMsg.addRegInfo(new AttributeTypeAndValue(new
        // DERObjectIdentifier("1.3.6.2.2.2.2.3.1"), new
        // DERInteger(1122334455)));
        AttributeTypeAndValue av = new AttributeTypeAndValue(CRMFObjectIdentifiers.regCtrl_regToken, new DERUTF8String("foo123"));
        myCertReqMsg.addRegInfo(av);

        CertReqMessages myCertReqMessages = new CertReqMessages(myCertReqMsg);
        // myCertReqMessages.addCertReqMsg(myCertReqMsg);

        // log.debug("CAcert subject name: "+cacert.getSubjectDN().getName());
        PKIHeader myPKIHeader = new PKIHeader(new DERInteger(2), new GeneralName(new X509Name(userDN)), new GeneralName(new X509Name(((X509Certificate)cacert).getSubjectDN()
                .getName())));
        myPKIHeader.setMessageTime(new DERGeneralizedTime(new Date()));
        // senderNonce
        myPKIHeader.setSenderNonce(new DEROctetString(nonce));
        // TransactionId
View Full Code Here
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
    }

    protected PKIMessage genRevReq(String issuerDN, String userDN, BigInteger serNo, Certificate cacert, byte[] nonce, byte[] transid,
            boolean crlEntryExtension) throws NoSuchAlgorithmException, NoSuchProviderException, IOException, InvalidKeyException, SignatureException {
        CertTemplate myCertTemplate = new CertTemplate();
        myCertTemplate.setIssuer(new X509Name(issuerDN));
        myCertTemplate.setSubject(new X509Name(userDN));
        myCertTemplate.setSerialNumber(new DERInteger(serNo));

        RevDetails myRevDetails = new RevDetails(myCertTemplate);
        ReasonFlags reasonbits = new ReasonFlags(ReasonFlags.keyCompromise);
        myRevDetails.setRevocationReason(reasonbits);
        if (crlEntryExtension) {
            CRLReason crlReason = new CRLReason(CRLReason.cessationOfOperation);
            X509Extension ext = new X509Extension(false, new DEROctetString(crlReason.getEncoded()));
            Hashtable<DERObjectIdentifier, X509Extension> ht = new Hashtable<DERObjectIdentifier, X509Extension>();
            ht.put(X509Extensions.ReasonCode, ext);
            myRevDetails.setCrlEntryDetails(new X509Extensions(ht));
        }

        RevReqContent myRevReqContent = new RevReqContent(myRevDetails);

        PKIHeader myPKIHeader = new PKIHeader(new DERInteger(2), new GeneralName(new X509Name(userDN)), new GeneralName(new X509Name(((X509Certificate)cacert).getSubjectDN()
                .getName())));
        myPKIHeader.setMessageTime(new DERGeneralizedTime(new Date()));
        // senderNonce
        myPKIHeader.setSenderNonce(new DEROctetString(nonce));
        // TransactionId
View Full Code Here
302
303
304
305
306
307
308
309
310
311
312
    }

    protected PKIMessage genCertConfirm(String userDN, Certificate cacert, byte[] nonce, byte[] transid, String hash, int certReqId)
            throws NoSuchAlgorithmException, NoSuchProviderException, IOException {

        PKIHeader myPKIHeader = new PKIHeader(new DERInteger(2), new GeneralName(new X509Name(userDN)), new GeneralName(new X509Name(((X509Certificate)cacert).getSubjectDN()
                .getName())));
        myPKIHeader.setMessageTime(new DERGeneralizedTime(new Date()));
        // senderNonce
        myPKIHeader.setSenderNonce(new DEROctetString(nonce));
        // TransactionId
View Full Code Here
449
450
451
452
453
454
455
456
457
458
459
460
            assertEquals("Protection algorithm id: " + algId.getObjectId().getId(), CMPObjectIdentifiers.passwordBasedMac.getId(), algId.getObjectId().getId())//1.2.840.113549.1.1.5 - SHA-1 with RSA Encryption
        }

        // Check that the signer is the expected CA
        assertEquals(header.getSender().getTagNo(), 4);
        X509Name name = X509Name.getInstance(header.getSender().getName());
        assertEquals(name.toString(), issuerDN);

        if (signed) {
            // Verify the signature
            byte[] protBytes = respObject.getProtectedBytes();
            DERBitString bs = respObject.getProtection();
View Full Code Here
TOP

Related Classes of org.bouncycastle.asn1.x509.X509Name

  • gov.wijiscommons.ssaf.webservice.interceptors.X509Interceptor
  • jp.go.aist.sot.client.security.ProxyCertGenerator
  • net.sf.libpdfsign.CRLDownloader
  • net.sf.libpdfsign.OCSPClient
  • org.apache.geronimo.console.ca.ConfirmClientCertHandler
  • org.apache.geronimo.console.ca.ListRequestsIssueHandler
  • org.apache.geronimo.console.ca.ListRequestsVerifyHandler
  • org.apache.geronimo.console.core.keystore.KeyStoreGBean
  • org.apache.geronimo.corba.util.Util
  • org.apache.geronimo.crypto.CaUtils
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.