public Attribute[] getAttributes() { ASN1Set attrs = safeBag.getBagAttributes(); if (attrs == null) { return null; } Attribute[] attributes = new Attribute[attrs.size()]; for (int i = 0; i != attrs.size(); i++) { attributes[i] = Attribute.getInstance(attrs.getObjectAt(i)); } return attributes; }
/** * Return the attributes, if any associated with this request. * * @return an array of Attribute, zero length if none present. */ public Attribute[] getAttributes() { ASN1Set attrSet = certificationRequest.getCertificationRequestInfo().getAttributes(); if (attrSet == null) { return EMPTY_ARRAY; } Attribute[] attrs = new Attribute[attrSet.size()]; for (int i = 0; i != attrSet.size(); i++) { attrs[i] = Attribute.getInstance(attrSet.getObjectAt(i)); } return attrs; }
/** * Extract extensions from CSR object */ public static Extensions getExtensionsFromCSR(JcaPKCS10CertificationRequest csr) { Attribute[] attributess = csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); for (Attribute attribute : attributess) { ASN1Set attValue = attribute.getAttrValues(); if (attValue != null) { ASN1Encodable extension = attValue.getObjectAt(0); if (extension instanceof Extensions) { return (Extensions) extension; } else if (extension instanceof DERSequence) { return Extensions.getInstance(extension); } } } return null; }
public static List<String> extractX509CSRDnsNames(PKCS10CertificationRequest certReq) { List<String> dnsNames = new ArrayList<>(); Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); for (Attribute attribute : attributes) { for (ASN1Encodable value : attribute.getAttributeValues()) { Extensions extensions = Extensions.getInstance(value); GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); for (GeneralName name : gns.getNames()) { if (name.getTagNo() == GeneralName.dNSName) { dnsNames.add(((DERIA5String) name.getName()).getString()); } } } } return dnsNames; }
public static List<String> extractX509CSRIPAddresses(PKCS10CertificationRequest certReq) { List<String> ipAddresses = new ArrayList<>(); Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); for (Attribute attribute : attributes) { for (ASN1Encodable value : attribute.getAttributeValues()) { Extensions extensions = Extensions.getInstance(value); GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); for (GeneralName name : gns.getNames()) { if (name.getTagNo() == GeneralName.iPAddress) { try { InetAddress addr = InetAddress.getByAddress(((DEROctetString) name.getName()).getOctets()); ipAddresses.add(addr.getHostAddress()); } catch (UnknownHostException e) { } } } } } return ipAddresses; }
private void extensionsPressed() { // extract sequence with extensions from csr Attribute[] attributes = pkcs10Csr.getAttributes(pkcs_9_at_extensionRequest); X509ExtensionSet x509ExtensionSet = new X509ExtensionSet(); if ((attributes != null) && (attributes.length > 0)) { ASN1Encodable[] attributeValues = attributes[0].getAttributeValues(); if (attributeValues.length > 0) { ASN1Sequence asn1Sequence = ASN1Sequence.getInstance(attributeValues[0]); x509ExtensionSet = new X509ExtensionSet(asn1Sequence); } } DViewExtensions dViewExtensions = new DViewExtensions(this, res.getString("DViewCertificate.Extensions.Title"), x509ExtensionSet); dViewExtensions.setLocationRelativeTo(this); dViewExtensions.setVisible(true); }
private static void populateTextField(Attribute[] attrs, JTextField textField, ASN1ObjectIdentifier pkcs9Attr) { if (attrs != null) { for (Attribute attribute : attrs) { ASN1ObjectIdentifier attributeOid = attribute.getAttrType(); if (attributeOid.equals(pkcs9Attr)) { ASN1Encodable challenge = attribute.getAttributeValues()[0]; // data type can be one of IA5String or UTF8String if (challenge instanceof DERPrintableString) { textField.setText(((DERPrintableString) challenge).getString()); } else if (challenge instanceof DERUTF8String) { textField.setText(((DERUTF8String) challenge).getString()); } textField.setCaretPosition(0); } } } }
/** * Checks if the CSR contains the right parameters. * <p> * This is not supposed to be a Bouncy Castle test. If the * {@link PKCS10CertificationRequest} contains the right parameters, we assume that * Bouncy Castle encodes it properly. */ @SuppressWarnings("unchecked") private void csrTest(PKCS10CertificationRequest csr) { X500Name name = csr.getSubject(); assertThat(name.getRDNs(BCStyle.CN), arrayContaining(new RDNMatcher("abc.de"))); assertThat(name.getRDNs(BCStyle.C), arrayContaining(new RDNMatcher("XX"))); assertThat(name.getRDNs(BCStyle.L), arrayContaining(new RDNMatcher("Testville"))); assertThat(name.getRDNs(BCStyle.O), arrayContaining(new RDNMatcher("Testing Co"))); assertThat(name.getRDNs(BCStyle.OU), arrayContaining(new RDNMatcher("Testunit"))); assertThat(name.getRDNs(BCStyle.ST), arrayContaining(new RDNMatcher("ABC"))); Attribute[] attr = csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); assertThat(attr.length, is(1)); ASN1Encodable[] extensions = attr[0].getAttrValues().toArray(); assertThat(extensions.length, is(1)); GeneralNames names = GeneralNames.fromExtensions((Extensions) extensions[0], Extension.subjectAlternativeName); assertThat(names.getNames(), arrayContaining(new GeneralNameMatcher("abc.de"), new GeneralNameMatcher("fg.hi"), new GeneralNameMatcher("jklm.no"), new GeneralNameMatcher("pqr.st"), new GeneralNameMatcher("uv.wx"), new GeneralNameMatcher("y.z"), new GeneralNameMatcher("*.wild.card"))); }
private void checkAttrs(int expectedLength, Attribute[] attr1, Attribute[] attr2) { if (expectedLength != attr1.length) { fail("expected length mismatch"); } if (attr1.length != attr2.length) { fail("atrribute length mismatch"); } for (int i = 0; i != attr1.length; i++) { if (!attr1[i].equals(attr2[i])) { fail("atrribute mismatch"); } } }
/** * Return an array of attributes matching the passed in type OID. * * @param type the type of the attribute being looked for. * @return an array of Attribute of the requested type, zero length if none present. */ public Attribute[] getAttributes(ASN1ObjectIdentifier type) { ASN1Set attrSet = certificationRequest.getCertificationRequestInfo().getAttributes(); if (attrSet == null) { return EMPTY_ARRAY; } List list = new ArrayList(); for (int i = 0; i != attrSet.size(); i++) { Attribute attr = Attribute.getInstance(attrSet.getObjectAt(i)); if (attr.getAttrType().equals(type)) { list.add(attr); } } if (list.size() == 0) { return EMPTY_ARRAY; } return (Attribute[])list.toArray(new Attribute[list.size()]); }
@SuppressWarnings("deprecation") public static void dump(PKCS10CertificationRequest csr) { Attribute[] certAttributes = csr.getAttributes(); for (Attribute attribute : certAttributes) { if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0)); // Extension ext = extensions.getExtension(Extension.subjectAlternativeName); GeneralNames gns = GeneralNames.fromExtensions(extensions,Extension.subjectAlternativeName); GeneralName[] names = gns.getNames(); for(int k=0; k < names.length; k++) { String title = ""; if(names[k].getTagNo() == GeneralName.dNSName) { title = "dNSName"; } else if(names[k].getTagNo() == GeneralName.iPAddress) { title = "iPAddress"; // Deprecated, but I don't see anything better to use. names[k].toASN1Object(); } else if(names[k].getTagNo() == GeneralName.otherName) { title = "otherName"; } System.out.println(title + ": "+ names[k].getName()); } } } }
public static String extractX509CSREmail(PKCS10CertificationRequest certReq) { String rfc822 = null; Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); for (Attribute attribute : attributes) { for (ASN1Encodable value : attribute.getAttributeValues()) { Extensions extensions = Extensions.getInstance(value); GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); for (GeneralName name : gns.getNames()) { if (name.getTagNo() == GeneralName.rfc822Name) { rfc822 = (((DERIA5String) name.getName()).getString()); break; } } } } return rfc822; }
private ASN1Encodable getChallengePassword(Attribute[] attributes) { for (Attribute attribute : attributes) { if (PKCSObjectIdentifiers.pkcs_9_at_challengePassword.equals(attribute.getAttrType())) { if (attribute.getAttrValues() != null && attribute.getAttrValues().size() > 0) { return attribute.getAttrValues().getObjectAt(0); } } } return null; }
private void populatePkcs10CsrDetails() throws CryptoException { jtfFormat.setText(res.getString("DViewCsr.jtfFormat.Pkcs10.text")); jtfFormat.setCaretPosition(0); jdnSubject.setDistinguishedName(pkcs10Csr.getSubject()); jbPem.setEnabled(true); jbAsn1.setEnabled(true); Attribute[] extReqAttr = pkcs10Csr.getAttributes(pkcs_9_at_extensionRequest); if (extReqAttr != null && extReqAttr.length > 0) { jbExtensions.setEnabled(true); } else { jbExtensions.setEnabled(false); } DialogHelper.populatePkcs10Challenge(pkcs10Csr.getAttributes(), jtfChallenge); DialogHelper.populatePkcs10UnstructuredName(pkcs10Csr.getAttributes(), jtfUnstructuredName); populatePublicKey(getPkcs10PublicKey()); String sigAlgId = pkcs10Csr.getSignatureAlgorithm().getAlgorithm().getId(); SignatureType sigAlg = SignatureType.resolveOid(sigAlgId); if (sigAlg != null) { jtfSignatureAlgorithm.setText(sigAlg.friendly()); } else { jtfSignatureAlgorithm.setText(sigAlgId); } jtfSignatureAlgorithm.setCaretPosition(0); }
private void nullPointerTest() throws Exception { KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "BC"); keyGen.initialize(1024, new SecureRandom()); KeyPair pair = keyGen.generateKeyPair(); Vector oids = new Vector(); Vector values = new Vector(); oids.add(X509Extensions.BasicConstraints); values.add(new X509Extension(true, new DEROctetString(new BasicConstraints(true)))); oids.add(X509Extensions.KeyUsage); values.add(new X509Extension(true, new DEROctetString( new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign)))); SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifierStructure(pair.getPublic()); X509Extension ski = new X509Extension(false, new DEROctetString(subjectKeyIdentifier)); oids.add(X509Extensions.SubjectKeyIdentifier); values.add(ski); Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new DERSet(new X509Extensions(oids, values))); PKCS10CertificationRequest p1 = new PKCS10CertificationRequest( "SHA1WithRSA", new X509Principal("cn=csr"), pair.getPublic(), new DERSet(attribute), pair.getPrivate(), "BC"); PKCS10CertificationRequest p2 = new PKCS10CertificationRequest( "SHA1WithRSA", new X509Principal("cn=csr"), pair.getPublic(), new DERSet(attribute), pair.getPrivate(), "BC"); if (!p1.equals(p2)) { fail("cert request comparison failed"); } }
private String getKeyID(Attribute[] attributes) { for (Attribute attr : attributes) { if (PKCS12SafeBag.friendlyNameAttribute.equals(attr.getAttrType())) { return DERBMPString.getInstance(attr.getAttrValues().getObjectAt(0)).getString(); } } throw new IllegalStateException("No friendlyNameAttribute found."); }
public static Extensions getExtensions(CertificationRequestInfo csr) { ParamUtil.requireNonNull("csr", csr); ASN1Set attrs = csr.getAttributes(); for (int i = 0; i < attrs.size(); i++) { Attribute attr = Attribute.getInstance(attrs.getObjectAt(i)); if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) { return Extensions.getInstance(attr.getAttributeValues()[0]); } } return null; }
public static String getChallengePassword(CertificationRequestInfo csr) { ParamUtil.requireNonNull("csr", csr); ASN1Set attrs = csr.getAttributes(); for (int i = 0; i < attrs.size(); i++) { Attribute attr = Attribute.getInstance(attrs.getObjectAt(i)); if (PKCSObjectIdentifiers.pkcs_9_at_challengePassword.equals(attr.getAttrType())) { ASN1String str = (ASN1String) attr.getAttributeValues()[0]; return str.getString(); } } return null; }
private void nullPointerTest() throws Exception { KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "BC"); keyGen.initialize(1024, new SecureRandom()); KeyPair pair = keyGen.generateKeyPair(); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); Extension[] ext = new Extension[] { new Extension(Extension.basicConstraints, true, new DEROctetString(new BasicConstraints(true))), new Extension(Extension.keyUsage, true, new DEROctetString(new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign))), new Extension(Extension.subjectKeyIdentifier, false, new DEROctetString(extUtils.createSubjectKeyIdentifier(pair.getPublic()))) }; PKCS10CertificationRequest p1 = new JcaPKCS10CertificationRequestBuilder( new X500Name("cn=csr"), pair.getPublic()) .addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new Extensions(ext)) .build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(pair.getPrivate())); PKCS10CertificationRequest p2 = new JcaPKCS10CertificationRequestBuilder( new X500Name("cn=csr"), pair.getPublic()) .addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new Extensions(ext)) .build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(pair.getPrivate())); if (!p1.equals(p2)) { fail("cert request comparison failed"); } Attribute[] attr1 = p1.getAttributes(); Attribute[] attr2 = p1.getAttributes(); checkAttrs(1, attr1, attr2); attr1 = p1.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); attr2 = p1.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); checkAttrs(1, attr1, attr2); }
