Package org.bouncycastle.cert

Examples of org.bouncycastle.cert.X509CertificateHolder


    this.addV3CAExtensions(builder, request);

    // builder.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new
    // NetscapeCertType(NetscapeCertType.objectSigning | NetscapeCertType.smime));

    X509CertificateHolder holder = builder.build(contentSigner);

    X509Certificate certificate = (X509Certificate) Certificates.get(holder.getEncoded());

    if ((request.getIssuerPrivateKey() != null) && (request.getIssuerCertificate() != null)) {
      certificate.verify(request.getIssuerCertificate().getPublicKey());
    }
View Full Code Here


  }

  protected OCSPReq buildRequest(final X509Certificate certificate, final X509Certificate issuer) throws CertificateEncodingException, IOException, OperatorCreationException, OCSPException {
    OCSPReqBuilder builder = new OCSPReqBuilder();
    DigestCalculatorProvider provider = new BcDigestCalculatorProvider();
    X509CertificateHolder holder = new X509CertificateHolder(issuer.getEncoded());
    CertificateID certificateID = new CertificateID(provider.get(CertificateID.HASH_SHA1), holder, certificate.getSerialNumber());
    BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());

    builder.addRequest(certificateID);
    ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
View Full Code Here

          }

          SignerId signerId = information.getSID();
          if (signerId != null) {
            BigInteger serialNumber = signerId.getSerialNumber();
            X509CertificateHolder certificateHolder = null;
            for (X509CertificateHolder tmp : certificates) {
              if (tmp.getSerialNumber().equals(serialNumber)) {
                certificateHolder = tmp;
                break;
              }
            }

            if (certificateHolder != null) {
              Signatory signatory = new Signatory();
              signatory.setSubject(BouncyCastleProviderHelper.toString(certificateHolder.getSubject()));
              signatory.setIssuer(BouncyCastleProviderHelper.toString(certificateHolder.getIssuer()));
              signatory.setCertificate(BouncyCastleProviderHelper.getCertificate(certificateHolder));
              signature.getSignatories().add(signatory);
            }
          }
View Full Code Here

    Store certificatesStore = timeStampToken.getCertificates();
    Collection certificatesCollection = certificatesStore.getMatches(null);
    List<Certificate> certificates = new ArrayList<Certificate>();
    for (Object obj : certificatesCollection) {
      if (obj instanceof X509CertificateHolder) {
        X509CertificateHolder holder = (X509CertificateHolder) obj;
        byte[] encoded = holder.getEncoded();
        Certificate certificate = Certificates.get(encoded);
        certificates.add(certificate);
      }
    }
    timeStamp.setCertificates(Collections.toArray(certificates, Certificate.class));
View Full Code Here

        builder.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName);

        SubjectKeyIdentifierStructure subjectKeyIdentifierStructure = new SubjectKeyIdentifierStructure(keyPair.getPublic());
        builder.addExtension(X509Extension.subjectKeyIdentifier, false, subjectKeyIdentifierStructure);

        X509CertificateHolder holder = builder.build(contentSigner);

        certificate = (X509Certificate) SecurityUtils.getCertificateFromFile(holder.getEncoded(), CertificateType.X509);
        privateKey = keyPair.getPrivate();
      } else {
        JcaX509v1CertificateBuilder builder = new JcaX509v1CertificateBuilder(this.toX500Name(issuer), serialNumber, notBefore, notAfter, this.toX500Name(subject), keyPair.getPublic());

        JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder(signType.getAlgorithm());
        contentSignerBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
        ContentSigner contentSigner = contentSignerBuilder.build(keyPair.getPrivate());

        X509CertificateHolder holder = builder.build(contentSigner);

        certificate = (X509Certificate) SecurityUtils.getCertificateFromFile(holder.getEncoded(), CertificateType.X509);
        privateKey = keyPair.getPrivate();
      }

      PrivateKeyHolder privateKeyHolder = new PrivateKeyHolder(privateKey, new Certificate[] { certificate });
View Full Code Here

            certificateBuilder.addExtension(X509Extension.extendedKeyUsage, false,
                    extendedKeyUsage);
        }

        JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(SIGALG);
        X509CertificateHolder holder = certificateBuilder.build(signerBuilder.build(caKey));

        /*
         * Next certificate factory trick is needed to make sure that the
         * certificate delivered to the caller is provided by the default
         * security provider instead of BouncyCastle. If we don't do this trick
         * we might run into trouble when trying to use the CertPath validator.
         */
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        X509Certificate certificate;
        certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(holder.getEncoded()));
        return certificate;
    }
View Full Code Here

    throws IOException, OperatorCreationException, CertificateException
    {
        String signatureAlgorithm = "SHA1withRSA";
        X500Name issuerName;
        if (issuerCertificate != null) {
            issuerName = new X509CertificateHolder(issuerCertificate.getEncoded()).getIssuer();
        } else {
            issuerName = new X500Name(subjectDn);
        }
       
        RSAPublicKey rsaPubKey = (RSAPublicKey)subjectPublicKey;
        RSAKeyParameters rsaSpec = new RSAKeyParameters(false, rsaPubKey.getModulus(), rsaPubKey.getPublicExponent());

        SubjectPublicKeyInfo subjectPublicKeyInfo =
            SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(rsaSpec);

        DigestCalculator digestCalc = new JcaDigestCalculatorProviderBuilder()
            .setProvider("BC").build().get(CertificateID.HASH_SHA1);
       
        X509v3CertificateBuilder certificateGenerator = new X509v3CertificateBuilder(
              issuerName
            , new BigInteger(128, new SecureRandom())
            , notBefore
            , notAfter
            , new X500Name(subjectDn)
            , subjectPublicKeyInfo
        );

        X509ExtensionUtils exUtils = new X509ExtensionUtils(digestCalc);
        SubjectKeyIdentifier subKeyId = exUtils.createSubjectKeyIdentifier(subjectPublicKeyInfo);
        AuthorityKeyIdentifier autKeyId = (issuerCertificate != null)
            ? exUtils.createAuthorityKeyIdentifier(new X509CertificateHolder(issuerCertificate.getEncoded()))
            : exUtils.createAuthorityKeyIdentifier(subjectPublicKeyInfo);

        certificateGenerator.addExtension(Extension.subjectKeyIdentifier, false, subKeyId);
        certificateGenerator.addExtension(Extension.authorityKeyIdentifier, false, autKeyId);

        if (caFlag) {
            BasicConstraints bc;
           
            if (-1 == pathLength) {
                bc = new BasicConstraints(true);
            } else {
                bc = new BasicConstraints(pathLength);
            }
            certificateGenerator.addExtension(Extension.basicConstraints, false, bc);
        }

        if (null != crlUri) {
            int uri = GeneralName.uniformResourceIdentifier;
            DERIA5String crlUriDer = new DERIA5String(crlUri);
            GeneralName gn = new GeneralName(uri, crlUriDer);

            DERSequence gnDer = new DERSequence(gn);
            GeneralNames gns = GeneralNames.getInstance(gnDer);
           
            DistributionPointName dpn = new DistributionPointName(0, gns);
            DistributionPoint distp = new DistributionPoint(dpn, null, null);
            DERSequence distpDer = new DERSequence(distp);
            certificateGenerator.addExtension(Extension.cRLDistributionPoints, false, distpDer);
        }

        if (null != ocspUri) {
            int uri = GeneralName.uniformResourceIdentifier;
            GeneralName ocspName = new GeneralName(uri, ocspUri);
           
            AuthorityInformationAccess authorityInformationAccess =
                new AuthorityInformationAccess(X509ObjectIdentifiers.ocspAccessMethod, ocspName);
           
            certificateGenerator.addExtension(Extension.authorityInfoAccess, false, authorityInformationAccess);
        }

        if (null != keyUsage) {
            certificateGenerator.addExtension(Extension.keyUsage, true, keyUsage);
        }

        JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(signatureAlgorithm);
        signerBuilder.setProvider("BC");
       
        X509CertificateHolder certHolder =
            certificateGenerator.build(signerBuilder.build(issuerPrivateKey));

        /*
         * Next certificate factory trick is needed to make sure that the
         * certificate delivered to the caller is provided by the default
View Full Code Here

    }

    public static X509CRL generateCrl(X509Certificate issuer, PrivateKey issuerPrivateKey)
    throws CertificateEncodingException, IOException, CRLException, OperatorCreationException {
       
        X509CertificateHolder holder = new X509CertificateHolder(issuer.getEncoded());
        X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(holder.getIssuer(), new Date());
        crlBuilder.setNextUpdate(new Date(new Date().getTime() + 100000));
        JcaContentSignerBuilder contentBuilder = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC");

        CRLNumber crlNumber = new CRLNumber(new BigInteger("1234"));
       
View Full Code Here

            PrivateKey ocspResponderPrivateKey, String signatureAlgorithm,
            long nonceTimeinMillis)
            throws Exception {
        DigestCalculator digestCalc = new JcaDigestCalculatorProviderBuilder()
            .setProvider("BC").build().get(CertificateID.HASH_SHA1);
        X509CertificateHolder issuerHolder = new X509CertificateHolder(issuerCertificate.getEncoded());
        CertificateID certId = new CertificateID(digestCalc, issuerHolder, certificate.getSerialNumber());
       
        // request
        //create a nonce to avoid replay attack
        BigInteger nonce = BigInteger.valueOf(nonceTimeinMillis);
        DEROctetString nonceDer = new DEROctetString(nonce.toByteArray());
        Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, nonceDer);
        Extensions exts = new Extensions(ext);
       
        OCSPReqBuilder ocspReqBuilder = new OCSPReqBuilder();
        ocspReqBuilder.addRequest(certId);
        ocspReqBuilder.setRequestExtensions(exts);
        OCSPReq ocspReq = ocspReqBuilder.build();

       
        SubjectPublicKeyInfo keyInfo = new SubjectPublicKeyInfo
            (CertificateID.HASH_SHA1, ocspResponderCertificate.getPublicKey().getEncoded());
       
        BasicOCSPRespBuilder basicOCSPRespBuilder = new BasicOCSPRespBuilder(keyInfo, digestCalc);
        basicOCSPRespBuilder.setResponseExtensions(exts);

        // request processing
        Req[] requestList = ocspReq.getRequestList();
        for (Req ocspRequest : requestList) {
            CertificateID certificateID = ocspRequest.getCertID();
            CertificateStatus certificateStatus = CertificateStatus.GOOD;
            if (revoked) {
                certificateStatus = new RevokedStatus(new Date(), CRLReason.privilegeWithdrawn);
            }
            basicOCSPRespBuilder.addResponse(certificateID, certificateStatus);
        }

        // basic response generation
        X509CertificateHolder[] chain = null;
        if (!ocspResponderCertificate.equals(issuerCertificate)) {
            // TODO: HorribleProxy can't convert array input params yet
            chain = new X509CertificateHolder[] {
                new X509CertificateHolder(ocspResponderCertificate.getEncoded()),
                issuerHolder
            };
        }
       
        ContentSigner contentSigner = new JcaContentSignerBuilder("SHA1withRSA")
View Full Code Here

        LOG.log(POILogger.DEBUG, "signer cert issuer: " + signerCertIssuer);

        // TSP signer certificates retrieval
        Collection<X509CertificateHolder> certificates = timeStampToken.getCertificates().getMatches(null);
       
        X509CertificateHolder signerCert = null;
        Map<X500Name, X509CertificateHolder> certificateMap = new HashMap<X500Name, X509CertificateHolder>();
        for (X509CertificateHolder certificate : certificates) {
            if (signerCertIssuer.equals(certificate.getIssuer())
                && signerCertSerialNumber.equals(certificate.getSerialNumber())) {
                signerCert = certificate;
            }
            certificateMap.put(certificate.getSubject(), certificate);
        }

        // TSP signer cert path building
        if (signerCert == null) {
            throw new RuntimeException("TSP response token has no signer certificate");
        }
        List<X509Certificate> tspCertificateChain = new ArrayList<X509Certificate>();
        JcaX509CertificateConverter x509converter = new JcaX509CertificateConverter();
        x509converter.setProvider("BC");
        X509CertificateHolder certificate = signerCert;
        do {
            LOG.log(POILogger.DEBUG, "adding to certificate chain: " + certificate.getSubject());
            tspCertificateChain.add(x509converter.getCertificate(certificate));
            if (certificate.getSubject().equals(certificate.getIssuer())) {
                break;
            }
            certificate = certificateMap.get(certificate.getIssuer());
        } while (null != certificate);

        // verify TSP signer signature
        X509CertificateHolder holder = new X509CertificateHolder(tspCertificateChain.get(0).getEncoded());
        DefaultCMSSignatureAlgorithmNameGenerator nameGen = new DefaultCMSSignatureAlgorithmNameGenerator();
        DefaultSignatureAlgorithmIdentifierFinder sigAlgoFinder = new DefaultSignatureAlgorithmIdentifierFinder();
        DefaultDigestAlgorithmIdentifierFinder hashAlgoFinder = new DefaultDigestAlgorithmIdentifierFinder();
        BcDigestCalculatorProvider calculator = new BcDigestCalculatorProvider();
        BcRSASignerInfoVerifierBuilder verifierBuilder = new BcRSASignerInfoVerifierBuilder(nameGen, sigAlgoFinder, hashAlgoFinder, calculator);
View Full Code Here

TOP

Related Classes of org.bouncycastle.cert.X509CertificateHolder

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.