/** * Create a builder for a version 1 certificate. * * @param issuer the certificate issuer * @param serial the certificate serial number * @param notBefore the date before which the certificate is not valid * @param notAfter the date after which the certificate is not valid * @param subject the certificate subject * @param publicKeyInfo the info structure for the public key to be associated with this certificate. */ public X509v1CertificateBuilder(X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, X500Name subject, SubjectPublicKeyInfo publicKeyInfo) { if (issuer == null) { throw new IllegalArgumentException("issuer must not be null"); } if (publicKeyInfo == null) { throw new IllegalArgumentException("publicKeyInfo must not be null"); } tbsGen = new V1TBSCertificateGenerator(); tbsGen.setSerialNumber(new ASN1Integer(serial)); tbsGen.setIssuer(issuer); tbsGen.setStartDate(new Time(notBefore)); tbsGen.setEndDate(new Time(notAfter)); tbsGen.setSubject(subject); tbsGen.setSubjectPublicKeyInfo(publicKeyInfo); }
private OptionalValidity(ASN1Sequence seq) { Enumeration en = seq.getObjects(); while (en.hasMoreElements()) { ASN1TaggedObject tObj = (ASN1TaggedObject)en.nextElement(); if (tObj.getTagNo() == 0) { notBefore = Time.getInstance(tObj, true); } else { notAfter = Time.getInstance(tObj, true); } } }
/** * Create a builder for a version 1 certificate. * * @param issuer the certificate issuer * @param serial the certificate serial number * @param notBefore the Time before which the certificate is not valid * @param notAfter the Time after which the certificate is not valid * @param subject the certificate subject * @param publicKeyInfo the info structure for the public key to be associated with this certificate. */ public X509v1CertificateBuilder(X500Name issuer, BigInteger serial, Time notBefore, Time notAfter, X500Name subject, SubjectPublicKeyInfo publicKeyInfo) { if (issuer == null) { throw new IllegalArgumentException("issuer must not be null"); } if (publicKeyInfo == null) { throw new IllegalArgumentException("publicKeyInfo must not be null"); } tbsGen = new V1TBSCertificateGenerator(); tbsGen.setSerialNumber(new ASN1Integer(serial)); tbsGen.setIssuer(issuer); tbsGen.setStartDate(notBefore); tbsGen.setEndDate(notAfter); tbsGen.setSubject(subject); tbsGen.setSubjectPublicKeyInfo(publicKeyInfo); }
private static TBSCertificate createTBS(ByteArrayOutputStream bOut, SubjectPublicKeyInfo ski, AlgorithmIdentifier algo) throws IOException { TBSCertificate tbs = null; V1TBSCertificateGenerator tbsGen = new V1TBSCertificateGenerator(); tbsGen.setSerialNumber(new ASN1Integer(0x1)); tbsGen.setStartDate(new Time(new Date(100, 01, 01, 00, 00, 00))); tbsGen.setEndDate(new Time(new Date(130, 12, 31, 23, 59, 59))); tbsGen.setIssuer(new X500Name("CN=Cryptonit")); tbsGen.setSubject(new X500Name("CN=Cryptonit")); tbsGen.setSignature(algo); tbsGen.setSubjectPublicKeyInfo(ski); tbs = tbsGen.generateTBSCertificate(); ASN1OutputStream aOut = new ASN1OutputStream(bOut); aOut.writeObject(tbs); System.out.println("Build TBS"); System.out.println(toHex(bOut.toByteArray())); Base64.encode(bOut.toByteArray(), System.out); System.out.println(); return tbs; }
private void addSigningTimeAttribute(final CAdESSignatureParameters parameters, final ASN1EncodableVector signedAttributes) { if (!padesUsage) { /* * In PAdES, we don't include the signing time : ETSI TS 102 778-3 V1.2.1 (2010-07): 4.5.3 signing-time * Attribute */ final Date signingDate = parameters.bLevel().getSigningDate(); if (signingDate != null) { final DERSet attrValues = new DERSet(new Time(signingDate)); final Attribute attribute = new Attribute(pkcs_9_at_signingTime, attrValues); signedAttributes.add(attribute); } } }
private X509Certificate makeRootCert(KeyPair kp) throws InvalidKeyException, IllegalStateException, NoSuchProviderException, SignatureException, IOException, NoSuchAlgorithmException, ParseException, OperatorCreationException, CertificateException { // Load real root certificate X509CertificateHolder real = getRealCert("sk-root.pem"); // Use values from real certificate JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(real.getIssuer(), real.getSerialNumber(), Time.getInstance(new ASN1GeneralizedTime(real.getNotBefore())), Time.getInstance(new ASN1GeneralizedTime(real.getNotAfter())), real.getSubject(), kp.getPublic()); @SuppressWarnings("unchecked") List<ASN1ObjectIdentifier> list = real.getExtensionOIDs(); // Copy all extensions verbatim for (ASN1ObjectIdentifier extoid : list) { Extension ext = real.getExtension(extoid); builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), real); } // Generate cert ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(kp.getPrivate()); X509CertificateHolder cert = builder.build(sigGen); return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(cert); }
private X509Certificate makeEsteidCert(KeyPair esteid, KeyPair root) throws InvalidKeyException, IllegalStateException, NoSuchProviderException, SignatureException, IOException, NoSuchAlgorithmException, ParseException, OperatorCreationException, CertificateException { // Load current root certificate X509CertificateHolder real = getRealCert("sk-esteid.pem"); JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(real.getIssuer(), real.getSerialNumber(), Time.getInstance(new ASN1UTCTime(real.getNotBefore())), Time.getInstance(new ASN1GeneralizedTime(real.getNotAfter())), real.getSubject(), esteid.getPublic()); // Basic constraints @SuppressWarnings("unchecked") List<ASN1ObjectIdentifier> list = real.getExtensionOIDs(); // Copy all extensions for (ASN1ObjectIdentifier extoid : list) { Extension ext = real.getExtension(extoid); builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), real); } // Generate cert ContentSigner sigGen = new JcaContentSignerBuilder("SHA384withRSA").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(root.getPrivate()); X509CertificateHolder cert = builder.build(sigGen); return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(cert); }
/** * Basic constructor. * * @param issuer the issuer this CRL is associated with. * @param thisUpdate the date of this update. */ public X509v2CRLBuilder( X500Name issuer, Date thisUpdate) { tbsGen = new V2TBSCertListGenerator(); extGenerator = new ExtensionsGenerator(); tbsGen.setIssuer(issuer); tbsGen.setThisUpdate(new Time(thisUpdate)); }
/** * Set the date by which the next CRL will become available. * * @param date date of next CRL update. * @return the current builder. */ public X509v2CRLBuilder setNextUpdate( Date date) { tbsGen.setNextUpdate(new Time(date)); return this; }
/** * Create a builder for a version 3 certificate. * * @param issuer the certificate issuer * @param serial the certificate serial number * @param notBefore the date before which the certificate is not valid * @param notAfter the date after which the certificate is not valid * @param subject the certificate subject * @param publicKeyInfo the info structure for the public key to be associated with this certificate. */ public X509v3CertificateBuilder(X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, X500Name subject, SubjectPublicKeyInfo publicKeyInfo) { tbsGen = new V3TBSCertificateGenerator(); tbsGen.setSerialNumber(new ASN1Integer(serial)); tbsGen.setIssuer(issuer); tbsGen.setStartDate(new Time(notBefore)); tbsGen.setEndDate(new Time(notAfter)); tbsGen.setSubject(subject); tbsGen.setSubjectPublicKeyInfo(publicKeyInfo); extGenerator = new ExtensionsGenerator(); }
public OptionalValidity(Time notBefore, Time notAfter) { if (notBefore == null && notAfter == null) { throw new IllegalArgumentException("at least one of notBefore/notAfter must not be null."); } this.notBefore = notBefore; this.notAfter = notAfter; }
private Time createTime(Date date) { if (date != null) { return new Time(date); } return null; }
/** * Basic constructor. * * @param issuer the issuer this CRL is associated with. * @param thisUpdate the Time of this update. */ public X509v2CRLBuilder( X500Name issuer, Time thisUpdate) { tbsGen = new V2TBSCertListGenerator(); extGenerator = new ExtensionsGenerator(); tbsGen.setIssuer(issuer); tbsGen.setThisUpdate(thisUpdate); }
/** * Set the date by which the next CRL will become available. * * @param date date of next CRL update. * @return the current builder. */ public X509v2CRLBuilder setNextUpdate( Time date) { tbsGen.setNextUpdate(date); return this; }
/** * Create a builder for a version 3 certificate. * * @param issuer the certificate issuer * @param serial the certificate serial number * @param notBefore the Time before which the certificate is not valid * @param notAfter the Time after which the certificate is not valid * @param subject the certificate subject * @param publicKeyInfo the info structure for the public key to be associated with this certificate. */ public X509v3CertificateBuilder(X500Name issuer, BigInteger serial, Time notBefore, Time notAfter, X500Name subject, SubjectPublicKeyInfo publicKeyInfo) { tbsGen = new V3TBSCertificateGenerator(); tbsGen.setSerialNumber(new ASN1Integer(serial)); tbsGen.setIssuer(issuer); tbsGen.setStartDate(notBefore); tbsGen.setEndDate(notAfter); tbsGen.setSubject(subject); tbsGen.setSubjectPublicKeyInfo(publicKeyInfo); extGenerator = new ExtensionsGenerator(); }
/** * Basic constructor with Locale. You may need to use this constructor if the default locale * doesn't use a Gregorian calender so that the Time produced is compatible with other ASN.1 implementations. * * @param issuer the issuer this CRL is associated with. * @param thisUpdate the date of this update. * @param dateLocale locale to be used for date interpretation. */ public X509v2CRLBuilder( X500Name issuer, Date thisUpdate, Locale dateLocale) { tbsGen = new V2TBSCertListGenerator(); extGenerator = new ExtensionsGenerator(); tbsGen.setIssuer(issuer); tbsGen.setThisUpdate(new Time(thisUpdate, dateLocale)); }
protected void extractExpiredCertsOnCRL(CRLValidity validity, byte[] expiredCertsOnCRLBinaries) { if (expiredCertsOnCRLBinaries != null) { try { ASN1OctetString octetString = (ASN1OctetString) ASN1Primitive.fromByteArray(expiredCertsOnCRLBinaries); Time time = Time.getInstance(ASN1Primitive.fromByteArray(octetString.getOctets())); if (time != null && time.toASN1Primitive() instanceof ASN1GeneralizedTime) { validity.setExpiredCertsOnCRL(time.getDate()); } else { LOG.warn("Attribute 'expiredCertsOnCRL' found but ignored (should be encoded as ASN.1 GeneralizedTime)"); } } catch (Exception e) { LOG.error("Unable to parse expiredCertsOnCRL on CRL : " + e.getMessage(), e); } } }
public static Date getDate(ASN1Encodable encodable) { try { return Time.getInstance(encodable).getDate(); } catch (Exception e) { LOG.warn("Unable to retrieve the date : " + encodable, e); return null; } }
private static void checkTime(Time time, ValidationIssue issue) { ASN1Primitive asn1Time = time.toASN1Primitive(); if (time.getDate().getTime() / 1000 < EPOCHTIME_2050010100) { if (!(asn1Time instanceof ASN1UTCTime)) { issue.setFailureMessage("not encoded as UTCTime"); } } else { if (!(asn1Time instanceof ASN1GeneralizedTime)) { issue.setFailureMessage("not encoded as GeneralizedTime"); } } }
