Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, new DEROctetString(nonce.toByteArray())); requestGenerator.setRequestExtensions(new Extensions(new Extension[]{ext}));
Extension responseExtension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_response, false, new DLSequence(OCSPObjectIdentifiers.id_pkix_ocsp_basic).getEncoded()); rand.nextBytes(nonce); encodedNonce = new DEROctetString(new DEROctetString(nonce)); Extension nonceExtension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, encodedNonce);
public static Extension getInstance(Object obj) { if (obj instanceof Extension) { return (Extension)obj; } else if (obj != null) { return new Extension(ASN1Sequence.getInstance(obj)); } return null; }
public static Extension getInstance(Object obj) { if (obj instanceof Extension) { return (Extension)obj; } else if (obj != null) { return new Extension(ASN1Sequence.getInstance(obj)); } return null; }
public static Extension createExtnSubjectAltName(List<String> taggedValues, boolean critical) throws BadInputException { GeneralNames names = createGeneralNames(taggedValues); if (names == null) { return null; } try { return new Extension(Extension.subjectAlternativeName, critical, names.getEncoded()); } catch (IOException ex) { throw new IllegalStateException(ex.getMessage(), ex); } }
private static Extension createInvalidityDateExtension(Date invalidityDate) { try { ASN1GeneralizedTime asnTime = new ASN1GeneralizedTime(invalidityDate); return new Extension(Extension.invalidityDate, false, asnTime.getEncoded()); } catch (IOException ex) { throw new IllegalArgumentException("error encoding reason: " + ex.getMessage(), ex); } }
private static Extension createReasonExtension(int reasonCode) { CRLReason crlReason = CRLReason.lookup(reasonCode); try { return new Extension(Extension.reasonCode, false, crlReason.getEncoded()); } catch (IOException ex) { throw new IllegalArgumentException("error encoding reason: " + ex.getMessage(), ex); } }
public static Extension createExtensionSubjectAltName(final List<String> taggedValues, final boolean critical) throws BadInputException { GeneralNames names = createGeneralNames(taggedValues); if (names == null) { return null; } try { return new Extension(Extension.subjectAlternativeName, critical, names.getEncoded()); } catch (IOException ex) { throw new RuntimeException(ex.getMessage(), ex); } }
private Extension createNonce() { byte[] bytes = generateRandomNonce(); DEROctetString nonce = new DEROctetString(bytes); return new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, nonce); }
@Override public Extension createNonce() { this.log.debug("Creating default OCSP nonce ..."); return new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(Helper .generateRandomBytes(32))); }
@Override protected Extension createNonce() { this.log.debug("Creating TM OCSP nonce ..."); try { return new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, this.createSequence().getEncoded()); } catch (IOException e) { throw new DigiDoc4JException(e); } }
private static Extension createCertificateIssuerExtension(X500Name certificateIssuer) { try { GeneralNames generalNames = new GeneralNames(new GeneralName(certificateIssuer)); return new Extension(Extension.certificateIssuer, true, generalNames.getEncoded()); } catch (IOException ex) { throw new IllegalArgumentException("error encoding reason: " + ex.getMessage(), ex); } }
protected void copyExtension(final ASN1ObjectIdentifier extensionType, X509Certificate issuerCertificate, List<Extension> extensions) { final byte[] encodedAttribute = issuerCertificate.getExtensionValue(extensionType.getId()); ASN1OctetString data = ASN1OctetString.getInstance(encodedAttribute); boolean isCritical = issuerCertificate.getCriticalExtensionOIDs().contains(extensionType.getId()); if (encodedAttribute != null) { extensions.add(new Extension(extensionType, isCritical, data)); } }
public static Extension createExtensionSubjectInfoAccess( final List<String> accessMethodAndLocations, final boolean critical) throws BadInputException { if (CollectionUtil.isEmpty(accessMethodAndLocations)) { return null; } ASN1EncodableVector vector = new ASN1EncodableVector(); for (String accessMethodAndLocation : accessMethodAndLocations) { vector.add(createAccessDescription(accessMethodAndLocation)); } ASN1Sequence seq = new DERSequence(vector); try { return new Extension(Extension.subjectInfoAccess, critical, seq.getEncoded()); } catch (IOException ex) { throw new RuntimeException(ex.getMessage(), ex); } }
private static Extensions getCertTempExtensions(byte[] authorityKeyIdentifier) throws CmpClientException { AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(authorityKeyIdentifier); byte[] encodedAki; try { encodedAki = aki.getEncoded(); } catch (IOException ex) { throw new CmpClientException("could not encoded AuthorityKeyIdentifier", ex); } Extension extAki = new Extension(Extension.authorityKeyIdentifier, false, encodedAki); Extensions certTempExts = new Extensions(extAki); return certTempExts; }
private OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws CertificateEncodingException, OperatorCreationException, OCSPException, IOException { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); OCSPReqBuilder gen = new OCSPReqBuilder(); gen.addRequest(new JcaCertificateID(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build().get(CertificateID.HASH_SHA1), issuerCert, serialNumber)); BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis()); Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, new DEROctetString(nonce.toByteArray())); gen.setRequestExtensions(new Extensions(new Extension[]{ext})); sentNonce = ext.getExtnId().getEncoded(); return gen.build(); }
private static List<ExtensionHolder> getServerExtensions(X509Certificate issuerCertificate) throws CertificateEncodingException, NoSuchAlgorithmException, IOException { List<ExtensionHolder> extensions = new ArrayList<>(); // SSO forces us to allow data encipherment extensions.add(new ExtensionHolder(Extension.keyUsage, true, new KeyUsage( KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment))); extensions.add(new ExtensionHolder(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth))); Extension authorityKeyExtension = new Extension(Extension.authorityKeyIdentifier, false, new DEROctetString(new JcaX509ExtensionUtils() .createAuthorityKeyIdentifier(issuerCertificate))); extensions.add(new ExtensionHolder(authorityKeyExtension.getExtnId(), authorityKeyExtension.isCritical(), authorityKeyExtension.getParsedValue())); return extensions; }
static OCSPReq generateOcspRequestWithNonce(CertificateID id) throws IOException, OCSPException { OCSPReqBuilder gen = new OCSPReqBuilder(); gen.addRequest(id); Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(PdfEncryption.generateNewDocumentId()).getEncoded())); gen.setRequestExtensions(new Extensions(new Extension[]{ext})); return gen.build(); }
static OCSPReq generateOcspRequestWithNonce(CertificateID id) throws IOException, OCSPException { OCSPReqBuilder gen = new OCSPReqBuilder(); gen.addRequest(id); Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(PdfEncryption.generateNewDocumentId()).getEncoded())); gen.setRequestExtensions(new Extensions(new Extension[]{ext})); return gen.build(); }
private X509Certificate generateRootCertificate(String commonName, Date notBefore, Date notAfter) throws Exception { X500Name issuer = new X500Name(commonName); BigInteger serial = BigInteger.probablePrime(16, new Random()); SubjectPublicKeyInfo pubKeyInfo = convertToSubjectPublicKeyInfo(m_caKey.getPublic()); X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter, issuer, pubKeyInfo); builder.addExtension(new Extension(Extension.basicConstraints, true, new DEROctetString(new BasicConstraints(true)))); X509CertificateHolder certHolder = builder.build(new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).build(m_caKey.getPrivate())); return new JcaX509CertificateConverter().getCertificate(certHolder); } }