try asn1Prim = JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue);
ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(extensionValue); Enumeration<?> objects = asn1Seq.getObjects();
ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue); Enumeration<?> objects = asn1Seq.getObjects(); while (objects.hasMoreElements())
CertSignatureInformation certInfo) throws IOException ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(extensionValue); Enumeration<?> objects = asn1Seq.getObjects(); while (objects.hasMoreElements())
/** * Extract topics for sending push notifications from {@link X509Certificate} certificate. * * @param certificate {@link X509Certificate} instance. * @return unique {@link Set} of topics from a certificate * @throws IOException * If {@link X509Certificate} parsing failed. */ public static Set<String> extractApnsTopics(X509Certificate certificate) throws IOException { Set<String> topics = new HashSet<>(); for (String keyValuePair : certificate.getSubjectX500Principal().getName().split(",")) { if (keyValuePair.toLowerCase().startsWith(PREFIX_UID)) { topics.add(keyValuePair.substring(PREFIX_UID.length())); break; } } byte[] topicExtensionData = certificate.getExtensionValue(TOPIC_OID); if (topicExtensionData != null) { ASN1Primitive extensionValue = JcaX509ExtensionUtils.parseExtensionValue(topicExtensionData); if (extensionValue instanceof ASN1Sequence) { for (Object object : (ASN1Sequence) extensionValue) { if (object instanceof ASN1String) { topics.add(String.valueOf(object)); } } } } return topics; }
ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(extensionValue); Enumeration<?> objects = asn1Seq.getObjects();
.getInstance(JcaX509ExtensionUtils.parseExtensionValue(authorityKeyIdentifierData)); SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier .getInstance(JcaX509ExtensionUtils.parseExtensionValue(subjectKeyIdentifierData)); if (!Arrays.equals(authorityKeyIdentifier.getKeyIdentifier(), subjectKeyIdentifier.getKeyIdentifier())) { LOG.debug(
@Test public void getSelfSigned_generatesACertificateWithTheRightValues() throws Exception { final X509Certificate generatedCertificate = subject.getSelfSigned(generatedCertificateKeyPair, certificateGenerationParameters); assertThat(generatedCertificate.getIssuerDN().getName(), containsString("CN=my cert name")); assertThat(generatedCertificate.getSubjectDN().toString(), containsString("CN=my cert name")); generatedCertificate.verify(generatedCertificateKeyPair.getPublic()); final byte[] authorityKeyIdDer = generatedCertificate.getExtensionValue(Extension.authorityKeyIdentifier.getId()); final AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(parseExtensionValue(authorityKeyIdDer)); final byte[] authorityKeyId = authorityKeyIdentifier.getKeyIdentifier(); expectedSubjectKeyIdentifier = jcaX509ExtensionUtils.createSubjectKeyIdentifier(generatedCertificateKeyPair.getPublic()).getKeyIdentifier(); assertThat(authorityKeyId, equalTo(expectedSubjectKeyIdentifier)); assertThat(generatedCertificate.getSerialNumber(), equalTo(BigInteger.valueOf(1337))); }
public String getAuthorityKeyIdentifier() { byte[] e = certificate.getExtensionValue(Extension.authorityKeyIdentifier.getId()); if (e == null) { return ""; } ASN1Primitive ap; byte[] k = {}; try { ap = JcaX509ExtensionUtils.parseExtensionValue(e); k = ASN1Sequence.getInstance(ap.getEncoded()).getEncoded(); } catch (IOException e1) { // TODO Auto-generated catch block e1.printStackTrace(); } // Very ugly hack to extract the SHA1 Hash (59 Hex Chars) from the // Extension :( return CertificateHelper.addHexColons(CertificateHelper.byteArrayToHex(k)).substring(12, k.length * 3 - 1); }
@Test public void getSignedByIssuer_withSubjectKeyIdentifier_setsAuthorityKeyIdentifier() throws Exception { when(serialNumberGenerator.generate()) .thenReturn(BigInteger.valueOf(1337)) .thenReturn(BigInteger.valueOf(666)); final X509Certificate generatedCertificate = subject.getSignedByIssuer(generatedCertificateKeyPair, certificateGenerationParameters, certificateAuthorityWithSubjectKeyId, issuerKey.getPrivate()); final byte[] authorityKeyIdDer = generatedCertificate.getExtensionValue(Extension.authorityKeyIdentifier.getId()); final AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(parseExtensionValue(authorityKeyIdDer)); assertThat(authorityKeyIdentifier.getKeyIdentifier(), equalTo(caSubjectKeyIdentifier.getKeyIdentifier())); }
public String getSubjectKeyIdentifier() { // https://stackoverflow.com/questions/6523081/why-doesnt-my-key-identifier-match byte[] e = certificate.getExtensionValue(Extension.subjectKeyIdentifier.getId()); if (e == null) { return ""; } ASN1Primitive ap; byte[] k = {}; try { ap = JcaX509ExtensionUtils.parseExtensionValue(e); k = ASN1OctetString.getInstance(ap.getEncoded()).getOctets(); } catch (IOException e1) { e1.printStackTrace(); } return CertificateHelper.addHexColons(CertificateHelper.byteArrayToHex(k)); }
ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue); Enumeration<?> objects = asn1Seq.getObjects(); while (objects.hasMoreElements())
CertSignatureInformation certInfo) throws IOException ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(extensionValue); Enumeration<?> objects = asn1Seq.getObjects(); while (objects.hasMoreElements())
ASN1Primitive primitive = JcaX509ExtensionUtils.parseExtensionValue(cert.getExtensionValue(oid)); String value = Res.getString("cert.is.critical") + critical + "\n"; boolean isSupported = true;
if (cert.getExtensionValue(Extension.cRLDistributionPoints.getId()) != null) { ASN1Primitive primitive = JcaX509ExtensionUtils .parseExtensionValue(cert.getExtensionValue(Extension.cRLDistributionPoints.getId()));
public PublicCaInfo(X509Certificate caCert, CaUris caUris, ConfPairs extraControl) throws OperationException { Args.notNull(caCert, "caCert"); this.caUris = (caUris == null) ? CaUris.EMPTY_INSTANCE : caUris; this.caCert = new X509Cert(caCert); this.serialNumber = caCert.getSerialNumber(); this.subject = caCert.getSubjectX500Principal(); this.x500Subject = X500Name.getInstance(subject.getEncoded()); this.c14nSubject = X509Util.canonicalizName(x500Subject); try { this.subjectKeyIdentifier = X509Util.extractSki(caCert); } catch (CertificateEncodingException ex) { throw new OperationException(ErrorCode.INVALID_EXTENSION, ex); } this.extraControl = extraControl; byte[] encodedSubjectAltName = caCert.getExtensionValue( Extension.subjectAlternativeName.getId()); if (encodedSubjectAltName == null) { subjectAltName = null; } else { try { subjectAltName = GeneralNames.getInstance( JcaX509ExtensionUtils.parseExtensionValue(encodedSubjectAltName)); } catch (IOException ex) { throw new OperationException(ErrorCode.INVALID_EXTENSION, "invalid SubjectAltName extension in CA certificate"); } } } // constructor
ASN1Primitive skiPrimitive = JcaX509ExtensionUtils.parseExtensionValue( cert.getCertificate().getExtensionValue(Extension.subjectKeyIdentifier.getId())); byte[] keyIdentifier = ASN1OctetString.getInstance(skiPrimitive.getEncoded()).getOctets();
/** * This method returns SKI bytes from certificate. * * @param certificateToken * {@code CertificateToken} * @param computeIfMissing * if the extension is missing and computeIfMissing = true, it will compute the SKI value from the Public * Key * @return ski bytes from the given certificate */ public static byte[] getSki(final CertificateToken certificateToken, boolean computeIfMissing) { try { byte[] sKI = certificateToken.getCertificate().getExtensionValue(Extension.subjectKeyIdentifier.getId()); if (Utils.isArrayNotEmpty(sKI)) { ASN1Primitive extension = JcaX509ExtensionUtils.parseExtensionValue(sKI); SubjectKeyIdentifier skiBC = SubjectKeyIdentifier.getInstance(extension); return skiBC.getKeyIdentifier(); } else if (computeIfMissing) { // If extension not present, we compute it from the certificate public key return computeSkiFromCert(certificateToken); } return null; } catch (IOException e) { throw new DSSException(e); } }
final SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(JcaX509ExtensionUtils.parseExtensionValue(subjectKeyIdDer)); final byte[] subjectKeyId = subjectKeyIdentifier.getKeyIdentifier(); final AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(JcaX509ExtensionUtils.parseExtensionValue(authorityKeyIdDer)); final byte[] authKeyId = authorityKeyIdentifier.getKeyIdentifier();