public static byte[] getEncoded(final ASN1Sequence signPolicyInfo) throws DSSException {
try {
return signPolicyInfo.getEncoded(ASN1Encoding.DER);
} catch (IOException e) {
throw new DSSException(e);
}
}
private List<X509Certificate> extractCertificates(SignedData signedData) throws Exception {
ASN1Set certificates = signedData.getCertificates();
logger.info("CERTIFICATES (" + certificates.size() + ") : " + certificates);
List<X509Certificate> foundCertificates = new ArrayList<X509Certificate>();
for (int i = 0; i < certificates.size(); i++) {
ASN1Sequence seqCertif = ASN1Sequence.getInstance(certificates.getObjectAt(i));
X509CertificateHolder certificateHolder = new X509CertificateHolder(seqCertif.getEncoded());
X509Certificate certificate =
new JcaX509CertificateConverter()
.setProvider(BouncyCastleProvider.PROVIDER_NAME)
.getCertificate(certificateHolder);
foundCertificates.add(certificate);
}
return foundCertificates;
}
@Override
protected Object _doExecute() throws Exception {
P10RequestGenerator p10Gen = new P10RequestGenerator();
hashAlgo = hashAlgo.trim().toUpperCase();
if (hashAlgo.indexOf('-') != -1) {
hashAlgo = hashAlgo.replaceAll("-", "");
}
if (needExtensionTypes == null) {
needExtensionTypes = new LinkedList<>();
}
// SubjectAltNames
List<Extension> extensions = new LinkedList<>();
if (isNotEmpty(subjectAltNames)) {
extensions.add(P10RequestGenerator.createExtensionSubjectAltName(subjectAltNames, false));
needExtensionTypes.add(Extension.subjectAlternativeName.getId());
}
// SubjectInfoAccess
if (isNotEmpty(subjectInfoAccesses)) {
extensions.add(
P10RequestGenerator.createExtensionSubjectInfoAccess(subjectInfoAccesses, false));
needExtensionTypes.add(Extension.subjectInfoAccess.getId());
}
// Keyusage
if (isNotEmpty(keyusages)) {
Set<KeyUsage> usages = new HashSet<>();
for (String usage : keyusages) {
usages.add(KeyUsage.getKeyUsage(usage));
}
org.bouncycastle.asn1.x509.KeyUsage extValue = X509Util.createKeyUsage(usages);
ASN1ObjectIdentifier extType = Extension.keyUsage;
extensions.add(new Extension(extType, false, extValue.getEncoded()));
needExtensionTypes.add(extType.getId());
}
// ExtendedKeyusage
if (isNotEmpty(extkeyusages)) {
Set<ASN1ObjectIdentifier> oids =
new HashSet<>(SecurityUtil.textToASN1ObjectIdentifers(extkeyusages));
ExtendedKeyUsage extValue = X509Util.createExtendedUsage(oids);
ASN1ObjectIdentifier extType = Extension.extendedKeyUsage;
extensions.add(new Extension(extType, false, extValue.getEncoded()));
needExtensionTypes.add(extType.getId());
}
// QcEuLimitValue
if (isNotEmpty(qcEuLimits)) {
ASN1EncodableVector v = new ASN1EncodableVector();
for (String m : qcEuLimits) {
StringTokenizer st = new StringTokenizer(m, ":");
try {
String currencyS = st.nextToken();
String amountS = st.nextToken();
String exponentS = st.nextToken();
Iso4217CurrencyCode currency;
try {
int intValue = Integer.parseInt(currencyS);
currency = new Iso4217CurrencyCode(intValue);
} catch (NumberFormatException e) {
currency = new Iso4217CurrencyCode(currencyS);
}
int amount = Integer.parseInt(amountS);
int exponent = Integer.parseInt(exponentS);
MonetaryValue monterayValue = new MonetaryValue(currency, amount, exponent);
QCStatement statment =
new QCStatement(ObjectIdentifiers.id_etsi_qcs_QcLimitValue, monterayValue);
v.add(statment);
} catch (Exception e) {
throw new Exception("invalid qc-eu-limit '" + m + "'");
}
}
ASN1ObjectIdentifier extType = Extension.qCStatements;
ASN1Sequence extValue = new DERSequence(v);
extensions.add(new Extension(extType, false, extValue.getEncoded()));
needExtensionTypes.add(extType.getId());
}
// biometricInfo
if (biometricType != null && biometricHashAlgo != null && biometricFile != null) {
TypeOfBiometricData _biometricType;
if (StringUtil.isNumber(biometricType)) {
_biometricType = new TypeOfBiometricData(Integer.parseInt(biometricType));
} else {
_biometricType = new TypeOfBiometricData(new ASN1ObjectIdentifier(biometricType));
}
ASN1ObjectIdentifier _biometricHashAlgo = AlgorithmUtil.getHashAlg(biometricHashAlgo);
byte[] biometricBytes = IoUtil.read(biometricFile);
MessageDigest md = MessageDigest.getInstance(_biometricHashAlgo.getId());
md.reset();
byte[] _biometricDataHash = md.digest(biometricBytes);
DERIA5String _sourceDataUri = null;
if (biometricUri != null) {
_sourceDataUri = new DERIA5String(biometricUri);
}
BiometricData biometricData =
new BiometricData(
_biometricType,
new AlgorithmIdentifier(_biometricHashAlgo),
new DEROctetString(_biometricDataHash),
_sourceDataUri);
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(biometricData);
ASN1ObjectIdentifier extType = Extension.biometricInfo;
ASN1Sequence extValue = new DERSequence(v);
extensions.add(new Extension(extType, false, extValue.getEncoded()));
needExtensionTypes.add(extType.getId());
} else if (biometricType == null && biometricHashAlgo == null && biometricFile == null) {
// Do nothing
} else {
throw new Exception(
"either all of biometric triples (type, hash algo, file)"
+ " must be set or none of them should be set");
}
if (isNotEmpty(needExtensionTypes) || isNotEmpty(wantExtensionTypes)) {
ExtensionExistence ee =
new ExtensionExistence(
SecurityUtil.textToASN1ObjectIdentifers(needExtensionTypes),
SecurityUtil.textToASN1ObjectIdentifers(wantExtensionTypes));
extensions.add(
new Extension(
ObjectIdentifiers.id_xipki_ext_cmpRequestExtensions,
false,
ee.toASN1Primitive().getEncoded()));
}
ConcurrentContentSigner identifiedSigner =
getSigner(hashAlgo, new SignatureAlgoControl(rsaMgf1, dsaPlain));
Certificate cert = Certificate.getInstance(identifiedSigner.getCertificate().getEncoded());
X500Name subjectDN;
if (subject != null) {
subjectDN = getSubject(subject);
} else {
subjectDN = cert.getSubject();
}
SubjectPublicKeyInfo subjectPublicKeyInfo = cert.getSubjectPublicKeyInfo();
ContentSigner signer = identifiedSigner.borrowContentSigner();
PKCS10CertificationRequest p10Req;
try {
p10Req = p10Gen.generateRequest(signer, subjectPublicKeyInfo, subjectDN, extensions);
} finally {
identifiedSigner.returnContentSigner(signer);
}
File file = new File(outputFilename);
saveVerbose("saved PKCS#10 request to file", file, p10Req.getEncoded());
return null;
}