Beispiel #1
0
  public static String getPkcs11SignerConf(
      final String pkcs11ModuleName,
      final P11SlotIdentifier slotId,
      final P11KeyIdentifier keyId,
      final String signatureAlgorithm,
      final int parallelism) {
    ParamChecker.assertNotNull("algo", signatureAlgorithm);
    ParamChecker.assertNotNull("keyId", keyId);

    CmpUtf8Pairs conf = new CmpUtf8Pairs("algo", signatureAlgorithm);
    conf.putUtf8Pair("parallelism", Integer.toString(parallelism));

    if (pkcs11ModuleName != null && pkcs11ModuleName.length() > 0) {
      conf.putUtf8Pair("module", pkcs11ModuleName);
    }

    if (slotId.getSlotId() != null) {
      conf.putUtf8Pair("slot-id", slotId.getSlotId().toString());
    } else {
      conf.putUtf8Pair("slot", slotId.getSlotIndex().toString());
    }

    if (keyId.getKeyId() != null) {
      conf.putUtf8Pair("key-id", Hex.toHexString(keyId.getKeyId()));
    }

    if (keyId.getKeyLabel() != null) {
      conf.putUtf8Pair("key-label", keyId.getKeyLabel());
    }

    return conf.getEncoded();
  }
Beispiel #2
0
  public X509IssuerInfo(
      final List<String> caIssuerURLs,
      final List<String> ocspURLs,
      final List<String> crlURLs,
      final List<String> deltaCrlURLs,
      final byte[] certBytes)
      throws CertificateException {
    ParamChecker.assertNotNull("certBytes", certBytes);

    if (CollectionUtil.isEmpty(caIssuerURLs)) {
      this.caIssuerURLs = null;
    } else {
      Set<String> set = new HashSet<>();
      set.addAll(caIssuerURLs);
      this.caIssuerURLs = Collections.unmodifiableSet(set);
    }

    if (CollectionUtil.isEmpty(ocspURLs)) {
      this.ocspURLs = null;
    } else {
      Set<String> set = new HashSet<>();
      set.addAll(ocspURLs);
      this.ocspURLs = Collections.unmodifiableSet(set);
    }

    if (CollectionUtil.isEmpty(crlURLs)) {
      this.crlURLs = null;
    } else {
      Set<String> set = new HashSet<>();
      set.addAll(crlURLs);
      this.crlURLs = Collections.unmodifiableSet(set);
    }

    if (CollectionUtil.isEmpty(deltaCrlURLs)) {
      this.deltaCrlURLs = null;
    } else {
      Set<String> set = new HashSet<>();
      set.addAll(deltaCrlURLs);
      this.deltaCrlURLs = Collections.unmodifiableSet(set);
    }

    try {
      this.cert = X509Util.parseCert(certBytes);
    } catch (IOException e) {
      throw new CertificateException(e.getMessage(), e);
    }
    this.bcCert = Certificate.getInstance(certBytes);
    this.ski = X509Util.extractSKI(cert);
  }
Beispiel #3
0
  public static String getKeystoreSignerConf(
      final String keystoreFile,
      final String password,
      final String signatureAlgorithm,
      final int parallelism,
      final String keyLabel) {
    ParamChecker.assertNotBlank("keystoreFile", keystoreFile);
    ParamChecker.assertNotBlank("password", password);
    ParamChecker.assertNotNull("signatureAlgorithm", signatureAlgorithm);

    CmpUtf8Pairs conf = new CmpUtf8Pairs("password", password);
    conf.putUtf8Pair("algo", signatureAlgorithm);
    conf.putUtf8Pair("parallelism", Integer.toString(parallelism));
    if (keyLabel != null) {
      conf.putUtf8Pair("key-label", keyLabel);
    }
    conf.putUtf8Pair("keystore", "file:" + keystoreFile);

    return conf.getEncoded();
  }
Beispiel #4
0
  public BiometricInfoOption(final BiometricInfo jaxb) throws NoSuchAlgorithmException {
    ParamChecker.assertNotNull("jaxb", jaxb);
    this.sourceDataUriOccurrence = jaxb.getIncludeSourceDataUri();
    this.hashAlgorithms = XmlX509CertprofileUtil.toOIDSet(jaxb.getHashAlgorithm());

    for (ASN1ObjectIdentifier m : hashAlgorithms) {
      AlgorithmUtil.getHashOutputSizeInOctets(m);
    }

    this.predefinedTypes = new HashSet<>();
    this.idTypes = new HashSet<>();
    for (BiometricTypeType m : jaxb.getType()) {
      if (m.getPredefined() != null) {
        predefinedTypes.add(m.getPredefined().getValue());
      } else if (m.getOid() != null) {
        idTypes.add(new ASN1ObjectIdentifier(m.getOid().getValue()));
      } else {
        throw new RuntimeException("should not reach here, invalid biometricType");
      }
    }
  }