requestGenerator.setRequestExtensions(new Extensions(new Extension[]{ext}));
new Extensions(new Extension[] { responseExtension, nonceExtension })); builder.addRequest(certId); return builder.build();
/** * Generate an Extensions object based on the current state of the generator. * * @return an X09Extensions object. */ public Extensions generate() { Extension[] exts = new Extension[extOrdering.size()]; for (int i = 0; i != extOrdering.size(); i++) { exts[i] = (Extension)extensions.get(extOrdering.elementAt(i)); } return new Extensions(exts); } }
/** * Generate an Extensions object based on the current state of the generator. * * @return an X09Extensions object. */ public Extensions generate() { Extension[] exts = new Extension[extOrdering.size()]; for (int i = 0; i != extOrdering.size(); i++) { exts[i] = (Extension)extensions.get(extOrdering.elementAt(i)); } return new Extensions(exts); } }
public static Extensions getInstance( Object obj) { if (obj instanceof Extensions) { return (Extensions)obj; } else if (obj != null) { return new Extensions(ASN1Sequence.getInstance(obj)); } return null; }
public static Extensions getInstance( Object obj) { if (obj instanceof Extensions) { return (Extensions)obj; } else if (obj != null) { return new Extensions(ASN1Sequence.getInstance(obj)); } return null; }
/** * Given a list of maps which represent Extensions, produce a Bouncy Castle * Extensions object which contains each extension parsed into Bouncy Castle * Extension objects. * * @return The results Extensions container. * @see #parseExtensionObject(java.util.Map) */ static Extensions getExtensionsObjFromMap(List<Map<String,Object>> extMapsList) throws IOException, OperatorCreationException { if ((extMapsList != null) && (extMapsList.size() > 0)) { List<Extension> ret = new ArrayList<Extension>(); for (Map<String, Object> extObj : extMapsList) { ret.add(parseExtensionObject(extObj)); } return new Extensions(ret.toArray(new Extension[ret.size()])); } else { return null; } }
/** * Given a list of maps which represent Extensions, produce a Bouncy Castle * Extensions object which contains each extension parsed into Bouncy Castle * Extension objects. * * @return The results Extensions container. * @see #parseExtensionObject(java.util.Map) */ static Extensions getExtensionsObjFromMap(List<Map<String,Object>> extMapsList) throws IOException, OperatorCreationException { if ((extMapsList != null) && (extMapsList.size() > 0)) { List<Extension> ret = new ArrayList<Extension>(); for (Map<String, Object> extObj : extMapsList) { ret.add(parseExtensionObject(extObj)); } return new Extensions(ret.toArray(new Extension[ret.size()])); } else { return null; } }
public static PKCS10CertificationRequest generateRequest(PrivateKey privatekey, SubjectPublicKeyInfo subjectPublicKeyInfo, X500Name subjectDn, String challengePassword, List<Extension> extensions) throws OperatorCreationException { requireNonNull("privatekey", privatekey); requireNonNull("subjectPublicKeyInfo", subjectPublicKeyInfo); requireNonNull("subjectDn", subjectDn); Map<ASN1ObjectIdentifier, ASN1Encodable> attributes = new HashMap<ASN1ObjectIdentifier, ASN1Encodable>(); if (challengePassword != null && !challengePassword.isEmpty()) { DERPrintableString asn1Pwd = new DERPrintableString(challengePassword); attributes.put(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, asn1Pwd); } if (extensions != null && !extensions.isEmpty()) { Extensions asn1Extensions = new Extensions(extensions.toArray(new Extension[0])); attributes.put(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, asn1Extensions); } return generateRequest(privatekey, subjectPublicKeyInfo, subjectDn, attributes); }
private static Extensions getCertTempExtensions(byte[] authorityKeyIdentifier) throws CmpClientException { AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(authorityKeyIdentifier); byte[] encodedAki; try { encodedAki = aki.getEncoded(); } catch (IOException ex) { throw new CmpClientException("could not encoded AuthorityKeyIdentifier", ex); } Extension extAki = new Extension(Extension.authorityKeyIdentifier, false, encodedAki); Extensions certTempExts = new Extensions(extAki); return certTempExts; }
private OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws CertificateEncodingException, OperatorCreationException, OCSPException, IOException { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); OCSPReqBuilder gen = new OCSPReqBuilder(); gen.addRequest(new JcaCertificateID(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build().get(CertificateID.HASH_SHA1), issuerCert, serialNumber)); BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis()); Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, new DEROctetString(nonce.toByteArray())); gen.setRequestExtensions(new Extensions(new Extension[]{ext})); sentNonce = ext.getExtnId().getEncoded(); return gen.build(); }
private byte[] buildOCSPRequest(final CertificateToken signCert, final CertificateToken issuerCert, Extension nonceExtension) throws DSSException { try { LOGGER.debug("Building OCSP request"); final CertificateID certId = DSSRevocationUtils.getOCSPCertificateID(signCert, issuerCert); final OCSPReqBuilder ocspReqBuilder = new OCSPReqBuilder(); ocspReqBuilder.addRequest(certId); ocspReqBuilder.setRequestExtensions(new Extensions(nonceExtension)); return ocspReqBuilder.build().getEncoded(); } catch (Exception e) { throw new DSSException(e); } }
protected PKCS10CertificationRequest generateCertificateRequest() throws IOException, OperatorCreationException, NoSuchAlgorithmException { PublicKey publicKey = loadPublicKey(); PrivateKey privateKey = loadPrivateKey(); final X500Name name = createSubjectNameBuilder(); JcaPKCS10CertificationRequestBuilder certReqBuilder = new JcaPKCS10CertificationRequestBuilder(name, publicKey); List<Extension> extensionList = createExtensions(publicKey, null); Extensions extensions = new Extensions(extensionList.toArray(new Extension[extensionList.size()])); certReqBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensions); final String signatureAlgorithm = getProperty(PROPERTY_CSR_SIGNATURE_ALGORITHM, DEFAULT_SIGNING_ALGORITHM); JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(signatureAlgorithm); ContentSigner signer = csBuilder.build(privateKey); return certReqBuilder.build(signer); }
/** * ATTENTION: The returned {@link OCSPReq} is not re-usable/cacheable! It contains a one-time nonce * and CA's will (should) reject subsequent requests that have the same nonce value. */ public OCSPReq build() throws OCSPException, IOException, CertificateEncodingException { SecureRandom generator = checkNotNull(this.generator, "generator"); DigestCalculator calculator = checkNotNull(this.calculator, "calculator"); X509Certificate certificate = checkNotNull(this.certificate, "certificate"); X509Certificate issuer = checkNotNull(this.issuer, "issuer"); BigInteger serial = certificate.getSerialNumber(); CertificateID certId = new CertificateID(calculator, new X509CertificateHolder(issuer.getEncoded()), serial); OCSPReqBuilder builder = new OCSPReqBuilder(); builder.addRequest(certId); byte[] nonce = new byte[8]; generator.nextBytes(nonce); Extension[] extensions = new Extension[] { new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonce)) }; builder.setRequestExtensions(new Extensions(extensions)); return builder.build(); } }
private byte[] buildOCSPRequest(final CertificateID certId, BigInteger nonce) throws DSSException { try { final OCSPReqBuilder ocspReqBuilder = new OCSPReqBuilder(); ocspReqBuilder.addRequest(certId); /* * The nonce extension is used to bind a request to a response to prevent replay attacks. * RFC 6960 (OCSP) section 4.1.2 such extensions SHOULD NOT be flagged as critical */ if (nonce != null) { DEROctetString encodedNonceValue = new DEROctetString(new DEROctetString(nonce.toByteArray()).getEncoded()); Extension extension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, encodedNonceValue); Extensions extensions = new Extensions(extension); ocspReqBuilder.setRequestExtensions(extensions); } final OCSPReq ocspReq = ocspReqBuilder.build(); final byte[] ocspReqData = ocspReq.getEncoded(); return ocspReqData; } catch (OCSPException | IOException e) { throw new DSSException("Cannot build OCSP Request", e); } }
protected byte[] buildOCSPRequest(final CertificateID certificateId, final NonceContainer nonceContainer) throws DSSException { try { final OCSPReqBuilder ocspReqBuilder = new OCSPReqBuilder(); ocspReqBuilder.addRequest(certificateId); if (nonceContainer != null) { final DEROctetString nonce = nonceContainer.nonce; final Extension extension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, nonce); final Extensions extensions = new Extensions(extension); ocspReqBuilder.setRequestExtensions(extensions); } final OCSPReq ocspReq = ocspReqBuilder.build(); final byte[] ocspReqData = ocspReq.getEncoded(); return ocspReqData; } catch (OCSPException e) { throw new DSSException(e); } catch (IOException e) { throw new DSSException(e); } }
static OCSPReq generateOcspRequestWithNonce(CertificateID id) throws IOException, OCSPException { OCSPReqBuilder gen = new OCSPReqBuilder(); gen.addRequest(id); Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(PdfEncryption.generateNewDocumentId()).getEncoded())); gen.setRequestExtensions(new Extensions(new Extension[]{ext})); return gen.build(); }
static OCSPReq generateOcspRequestWithNonce(CertificateID id) throws IOException, OCSPException { OCSPReqBuilder gen = new OCSPReqBuilder(); gen.addRequest(id); Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(PdfEncryption.generateNewDocumentId()).getEncoded())); gen.setRequestExtensions(new Extensions(new Extension[]{ext})); return gen.build(); }
private byte[] buildRequest(final CertificateID certificateID, Extension nonceExtension) throws DSSException { try { LOGGER.debug("Building OCSP request ..."); OCSPReqBuilder builder = new OCSPReqBuilder(); builder.addRequest(certificateID); builder.setRequestExtensions(new Extensions(nonceExtension)); if (this.configuration.hasToBeOCSPRequestSigned()) { LOGGER.info("Using signed OCSP request ..."); JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA1withRSA"); if (!this.configuration.isOCSPSigningConfigurationAvailable()) { throw new ConfigurationException("Configuration needed for OCSP request signing is not complete"); } DSSPrivateKeyEntry privateKeyEntry = this.getOCSPAccessCertificatePrivateKey(); X509Certificate signingCertificate = privateKeyEntry.getCertificate().getCertificate(); builder.setRequestorName(new GeneralName(new JcaX509CertificateHolder(signingCertificate).getSubject())); return builder.build(signerBuilder.build(((KSPrivateKeyEntry) privateKeyEntry).getPrivateKey()), new X509CertificateHolder[]{new X509CertificateHolder(signingCertificate.getEncoded())}).getEncoded(); } return builder.build().getEncoded(); } catch (Exception e) { throw new DSSException(e); } }
/** * Generates an OCSP request using BouncyCastle. * * @param issuerCert certificate of the issues * @param serialNumber serial number * @return an OCSP request * @throws OCSPException * @throws IOException */ private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException, OperatorException, CertificateEncodingException { //Add provider BC Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); // Generate the id for the certificate we are looking for CertificateID id = new CertificateID( new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(issuerCert), serialNumber); // basic request generation with nonce OCSPReqBuilder gen = new OCSPReqBuilder(); gen.addRequest(id); Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded())); gen.setRequestExtensions(new Extensions(new Extension[]{ext})); return gen.build(); }