org.bouncycastle.asn1.DERBMPString Java Examples

The following examples show how to use org.bouncycastle.asn1.DERBMPString. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: KeyGenerator.java    From chvote-1-0 with GNU Affero General Public License v3.0 6 votes vote down vote up
private X509v3CertificateBuilder createCertificateBuilder(KeyPair keyPair) throws PropertyConfigurationException, CertIOException {
    X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
    nameBuilder.addRDN(BCStyle.CN, propertyConfigurationService.getConfigValue(CERT_COMMON_NAME_PROPERTY));
    nameBuilder.addRDN(BCStyle.O, propertyConfigurationService.getConfigValue(CERT_ORGANISATION_PROPERTY));
    nameBuilder.addRDN(BCStyle.OU, propertyConfigurationService.getConfigValue(CERT_ORGANISATIONAL_UNIT_PROPERTY));
    nameBuilder.addRDN(BCStyle.C, propertyConfigurationService.getConfigValue(CERT_COUNTRY_PROPERTY));
    X500Name x500Name = nameBuilder.build();

    BigInteger serial = new BigInteger(CERT_SERIAL_NUMBER_BIT_SIZE, SecureRandomFactory.createPRNG());

    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());

    Date startDate = new Date();
    Date endDate = Date.from(startDate.toInstant().plus(propertyConfigurationService.getConfigValueAsInt(CERT_VALIDITY_DAYS_PROPERTY), ChronoUnit.DAYS));

    X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(x500Name, serial, startDate, endDate, x500Name, publicKeyInfo);

    String certFriendlyName = propertyConfigurationService.getConfigValue(CERT_PRIVATE_FRIENDLY_NAME_PROPERTY);
    certificateBuilder.addExtension(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, false, new DERBMPString(certFriendlyName));
    return certificateBuilder;
}
 
Example #2
Source File: X509Ext.java    From keystore-explorer with GNU General Public License v3.0 6 votes vote down vote up
private String getMsCertTypeStringValue(byte[] octets) {

		// @formatter:off

		/*
			Not much information available about that extension...

			06 09		; OBJECT_ID (9 Bytes)
			|  2b 06 01 04 01 82 37 14  02
			|     ; 1.3.6.1.4.1.311.20.2 Certificate Template Name (Certificate Type)
			04 0a		; OCTET_STRING (a Bytes)#
			   1e 08 00 55 00 73 00 65  00 72                    ; ...U.s.e.r
		 */

		// @formatter:on

		DERBMPString derbmpString = DERBMPString.getInstance(octets);

		return derbmpString.toString();
	}
 
Example #3
Source File: Certprofile.java    From xipki with Apache License 2.0 6 votes vote down vote up
public ASN1Encodable createString(String text) {
  Args.notNull(text, "text");

  if (teletexString == this) {
    return new DERT61String(text);
  } else if (printableString == this) {
    return new DERPrintableString(text);
  } else if (utf8String == this) {
    return new DERUTF8String(text);
  } else if (bmpString == this) {
    return new DERBMPString(text);
  } else if (ia5String == this) {
    return new DERIA5String(text, true);
  } else {
    throw new IllegalStateException("should not reach here, unknown StringType " + this.name());
  }
}
 
Example #4
Source File: SubjectChecker.java    From xipki with Apache License 2.0 6 votes vote down vote up
private static boolean matchStringType(ASN1Encodable atvValue, StringType stringType) {
  boolean correctStringType = true;
  switch (stringType) {
    case bmpString:
      correctStringType = (atvValue instanceof DERBMPString);
      break;
    case printableString:
      correctStringType = (atvValue instanceof DERPrintableString);
      break;
    case teletexString:
      correctStringType = (atvValue instanceof DERT61String);
      break;
    case utf8String:
      correctStringType = (atvValue instanceof DERUTF8String);
      break;
    case ia5String:
      correctStringType = (atvValue instanceof DERIA5String);
      break;
    default:
      throw new IllegalStateException("should not reach here, unknown StringType " + stringType);
  } // end switch
  return correctStringType;
}
 
Example #5
Source File: SM2PfxMaker.java    From gmhelper with Apache License 2.0 5 votes vote down vote up
/**
 * @param privKey 用户私钥
 * @param pubKey  用户公钥
 * @param cert    X509证书
 * @param passwd  口令
 * @return
 * @throws NoSuchAlgorithmException
 * @throws IOException
 * @throws PKCSException
 */
public PKCS12PfxPdu makePfx(PrivateKey privKey, PublicKey pubKey, X509Certificate cert, String passwd)
    throws NoSuchAlgorithmException, IOException, PKCSException {
    JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();

    PKCS12SafeBagBuilder eeCertBagBuilder = new JcaPKCS12SafeBagBuilder(cert);
    eeCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName,
        new DERBMPString("User Key"));
    eeCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId,
        extUtils.createSubjectKeyIdentifier(pubKey));

    char[] passwdChars = passwd.toCharArray();
    PKCS12SafeBagBuilder keyBagBuilder = new JcaPKCS12SafeBagBuilder(privKey,
        new BcPKCS12PBEOutputEncryptorBuilder(
            PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC,
            new CBCBlockCipher(new DESedeEngine())).build(passwdChars));
    keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName,
        new DERBMPString("User Key"));
    keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId,
        extUtils.createSubjectKeyIdentifier(pubKey));

    PKCS12PfxPduBuilder pfxPduBuilder = new PKCS12PfxPduBuilder();
    PKCS12SafeBag[] certs = new PKCS12SafeBag[1];
    certs[0] = eeCertBagBuilder.build();
    pfxPduBuilder.addEncryptedData(new BcPKCS12PBEOutputEncryptorBuilder(
            PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC,
            new CBCBlockCipher(new RC2Engine())).build(passwdChars),
        certs);
    pfxPduBuilder.addData(keyBagBuilder.build());
    return pfxPduBuilder.build(new BcPKCS12MacCalculatorBuilder(), passwdChars);
}
 
Example #6
Source File: Asn1Dump.java    From keystore-explorer with GNU General Public License v3.0 5 votes vote down vote up
private String dumpString(ASN1String asn1String) {
	StringBuilder sb = new StringBuilder();

	sb.append(indentSequence.toString(indentLevel));

	if (asn1String instanceof DERBMPString) {
		sb.append("BMP STRING=");
	} else if (asn1String instanceof DERGeneralString) {
		sb.append("GENERAL STRING=");
	} else if (asn1String instanceof DERIA5String) {
		sb.append("IA5 STRING=");
	} else if (asn1String instanceof DERNumericString) {
		sb.append("NUMERIC STRING=");
	} else if (asn1String instanceof DERPrintableString) {
		sb.append("PRINTABLE STRING=");
	} else if (asn1String instanceof DERT61String) {
		sb.append("TELETEX STRING=");
	} else if (asn1String instanceof DERUniversalString) {
		sb.append("UNIVERSAL STRING=");
	} else if (asn1String instanceof DERUTF8String) {
		sb.append("UTF8 STRING=");
	} else if (asn1String instanceof DERVisibleString) {
		sb.append("VISIBLE STRING=");
	} else {
		sb.append("UNKNOWN STRING=");
	}

	sb.append("'");
	sb.append(asn1String.getString());
	sb.append("'");
	sb.append(NEWLINE);

	return sb.toString();
}
 
Example #7
Source File: SignerSpecificTest.java    From xades4j with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Parameterized.Parameters
public static Collection<ASN1Encodable[]> data() {
    ArrayList<ASN1Encodable[]> result = new ArrayList<ASN1Encodable[]>();
    result.add(new ASN1Encodable[]{new DERBMPString(NATIONAL_DN_CYRILLIC)});
    result.add(new ASN1Encodable[]{new DERUTF8String(NATIONAL_DN_CYRILLIC)});
    result.add(new ASN1Encodable[]{new DERBMPString(NATIONAL_DN_ARABIC)});
    result.add(new ASN1Encodable[]{new DERUTF8String(NATIONAL_DN_ARABIC)});
    return result;
}
 
Example #8
Source File: SM2PfxMaker.java    From gmhelper with Apache License 2.0 4 votes vote down vote up
/**
 * @param privKey 用户私钥
 * @param pubKey  用户公钥
 * @param chain   X509证书数组,切记这里固定了必须是3个元素的数组,且第一个必须是叶子证书、第二个为中级CA证书、第三个为根CA证书
 * @param passwd  口令
 * @return
 * @throws NoSuchAlgorithmException
 * @throws IOException
 * @throws PKCSException
 */
public PKCS12PfxPdu makePfx(PrivateKey privKey, PublicKey pubKey, X509Certificate[] chain, String passwd)
    throws NoSuchAlgorithmException, IOException, PKCSException {
    JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();

    PKCS12SafeBagBuilder taCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[2]);
    taCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName,
        new DERBMPString("Primary Certificate"));

    PKCS12SafeBagBuilder caCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[1]);
    caCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName,
        new DERBMPString("Intermediate Certificate"));

    PKCS12SafeBagBuilder eeCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[0]);
    eeCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName,
        new DERBMPString("User Key"));
    eeCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId,
        extUtils.createSubjectKeyIdentifier(pubKey));

    char[] passwdChars = passwd.toCharArray();
    PKCS12SafeBagBuilder keyBagBuilder = new JcaPKCS12SafeBagBuilder(privKey,
        new BcPKCS12PBEOutputEncryptorBuilder(
            PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC,
            new CBCBlockCipher(new DESedeEngine())).build(passwdChars));
    keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName,
        new DERBMPString("User Key"));
    keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId,
        extUtils.createSubjectKeyIdentifier(pubKey));

    PKCS12PfxPduBuilder pfxPduBuilder = new PKCS12PfxPduBuilder();
    PKCS12SafeBag[] certs = new PKCS12SafeBag[3];
    certs[0] = eeCertBagBuilder.build();
    certs[1] = caCertBagBuilder.build();
    certs[2] = taCertBagBuilder.build();
    pfxPduBuilder.addEncryptedData(new BcPKCS12PBEOutputEncryptorBuilder(
            PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC,
            new CBCBlockCipher(new RC2Engine())).build(passwdChars),
        certs);
    pfxPduBuilder.addData(keyBagBuilder.build());
    return pfxPduBuilder.build(new BcPKCS12MacCalculatorBuilder(), passwdChars);
}
 
Example #9
Source File: ExtensionSyntaxChecker.java    From xipki with Apache License 2.0 4 votes vote down vote up
private static FieldType getFieldType(ASN1Encodable obj) {
  FieldType expectedType;
  if (obj instanceof DERBitString) {
    expectedType = FieldType.BIT_STRING;
  } else if (obj instanceof DERBMPString) {
    expectedType = FieldType.BMPString;
  } else if (obj instanceof ASN1Boolean) {
    expectedType = FieldType.BOOLEAN;
  } else if (obj instanceof ASN1Enumerated) {
    expectedType = FieldType.ENUMERATED;
  } else if (obj instanceof DERGeneralizedTime) {
    expectedType = FieldType.GeneralizedTime;
  } else if (obj instanceof DERIA5String) {
    expectedType = FieldType.IA5String;
  } else if (obj instanceof ASN1Integer) {
    expectedType = FieldType.INTEGER;
  } else if (obj instanceof DERNull) {
    expectedType = FieldType.NULL;
  } else if (obj instanceof DEROctetString) {
    expectedType = FieldType.OCTET_STRING;
  } else if (obj instanceof ASN1ObjectIdentifier) {
    expectedType = FieldType.OID;
  } else if (obj instanceof DERPrintableString) {
    expectedType = FieldType.PrintableString;
  } else if (obj instanceof DERT61String) {
    expectedType = FieldType.TeletexString;
  } else if (obj instanceof DERUTCTime) {
    expectedType = FieldType.UTCTime;
  } else if (obj instanceof DERUTF8String) {
    expectedType = FieldType.UTF8String;
  } else if (obj instanceof X500Name) {
    expectedType = FieldType.Name;
  } else if (obj instanceof ASN1Sequence) {
    try {
      X500Name.getInstance(obj);
      expectedType = FieldType.Name;
    } catch (Exception ex) {
      expectedType = FieldType.SEQUENCE;
    }
  } else if (obj instanceof ASN1Set) {
    expectedType = FieldType.SET;
  } else {
    expectedType = null;
  }

  return expectedType;
}
 
Example #10
Source File: ExtensionSyntaxChecker.java    From xipki with Apache License 2.0 4 votes vote down vote up
private static ASN1Encodable getParsedImplicitValue(String name, ASN1TaggedObject taggedObject,
    FieldType fieldType) throws BadCertTemplateException {
  try {
    switch (fieldType) {
      case BIT_STRING:
        return DERBitString.getInstance(taggedObject, false);
      case BMPString:
        return DERBMPString.getInstance(taggedObject, false);
      case BOOLEAN:
        return ASN1Boolean.getInstance(taggedObject, false);
      case ENUMERATED:
        return ASN1Enumerated.getInstance(taggedObject, false);
      case GeneralizedTime:
        return DERGeneralizedTime.getInstance(taggedObject, false);
      case IA5String:
        return DERIA5String.getInstance(taggedObject, false);
      case INTEGER:
        return ASN1Integer.getInstance(taggedObject, false);
      case Name:
        return X500Name.getInstance(taggedObject, false);
      case NULL:
        if (!(taggedObject.getObject() instanceof ASN1OctetString
            && ((ASN1OctetString) taggedObject.getObject()).getOctets().length == 0)) {
          throw new BadCertTemplateException("invalid " + name);
        }
        return DERNull.INSTANCE;
      case OCTET_STRING:
        return DEROctetString.getInstance(taggedObject, false);
      case OID:
        return ASN1ObjectIdentifier.getInstance(taggedObject, false);
      case PrintableString:
        return DERPrintableString.getInstance(taggedObject, false);
      case RAW:
        return taggedObject.getObject();
      case SEQUENCE:
      case SEQUENCE_OF:
        return ASN1Sequence.getInstance(taggedObject, false);
      case SET:
      case SET_OF:
        return ASN1Set.getInstance(taggedObject, false);
      case TeletexString:
        return DERT61String.getInstance(taggedObject, false);
      case UTCTime:
        return DERUTCTime.getInstance(taggedObject, false);
      case UTF8String:
        return DERUTF8String.getInstance(taggedObject, false);
      default:
        throw new RuntimeException("Unknown FieldType " + fieldType);
    }
  } catch (IllegalArgumentException ex) {
    throw new BadCertTemplateException("invalid " + name, ex);
  }
}
 
Example #11
Source File: ExtensionsChecker.java    From xipki with Apache License 2.0 4 votes vote down vote up
private void checkDirectoryString(ASN1ObjectIdentifier extnType,
    DirectoryStringType type, String text,
    StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtns,
    ExtensionControl extControl) {
  if (type == null) {
    checkConstantExtnValue(extnType, failureMsg, extensionValue, requestedExtns, extControl);
    return;
  }

  ASN1Primitive asn1;
  try {
    asn1 = ASN1Primitive.fromByteArray(extensionValue);
  } catch (IOException ex) {
    failureMsg.append("invalid syntax of extension value; ");
    return;
  }

  boolean correctStringType;

  switch (type) {
    case bmpString:
      correctStringType = (asn1 instanceof DERBMPString);
      break;
    case printableString:
      correctStringType = (asn1 instanceof DERPrintableString);
      break;
    case teletexString:
      correctStringType = (asn1 instanceof DERT61String);
      break;
    case utf8String:
      correctStringType = (asn1 instanceof DERUTF8String);
      break;
    default:
      throw new IllegalStateException("should not reach here, unknown DirectoryStringType "
          + type);
  } // end switch

  if (!correctStringType) {
    failureMsg.append("extension value is not of type DirectoryString.")
      .append(text).append("; ");
    return;
  }

  String extTextValue = ((ASN1String) asn1).getString();
  if (!text.equals(extTextValue)) {
    addViolation(failureMsg, "content", extTextValue, text);
  }
}