Example 66 with GeneralName
use of com.android.org.bouncycastle.asn1.x509.GeneralName in project xipki by xipki.
the class X509CertprofileUtil method createGeneralName.
/**
* Creates GeneralName.
*
* @param requestedName
* Requested name. Must not be {@code null}.
* @param modes
* Modes to be considered. Must not be {@code null}.
* @return the created GeneralName
* @throws BadCertTemplateException
* If requestedName is invalid or contains entries which are not allowed in the modes.
*/
public static GeneralName createGeneralName(GeneralName requestedName, Set<GeneralNameMode> modes) throws BadCertTemplateException {
ParamUtil.requireNonNull("requestedName", requestedName);
int tag = requestedName.getTagNo();
GeneralNameMode mode = null;
if (modes != null) {
for (GeneralNameMode m : modes) {
if (m.getTag().getTag() == tag) {
mode = m;
break;
}
}
if (mode == null) {
throw new BadCertTemplateException("generalName tag " + tag + " is not allowed");
}
}
switch(tag) {
case GeneralName.rfc822Name:
case GeneralName.dNSName:
case GeneralName.uniformResourceIdentifier:
case GeneralName.iPAddress:
case GeneralName.registeredID:
case GeneralName.directoryName:
return new GeneralName(tag, requestedName.getName());
case GeneralName.otherName:
ASN1Sequence reqSeq = ASN1Sequence.getInstance(requestedName.getName());
int size = reqSeq.size();
if (size != 2) {
throw new BadCertTemplateException("invalid otherName sequence: size is not 2: " + size);
}
ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0));
if (mode != null && !mode.getAllowedTypes().contains(type)) {
throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed");
}
ASN1Encodable asn1 = reqSeq.getObjectAt(1);
if (!(asn1 instanceof ASN1TaggedObject)) {
throw new BadCertTemplateException("otherName.value is not tagged Object");
}
int tagNo = ASN1TaggedObject.getInstance(asn1).getTagNo();
if (tagNo != 0) {
throw new BadCertTemplateException("otherName.value does not have tag 0: " + tagNo);
}
ASN1EncodableVector vector = new ASN1EncodableVector();
vector.add(type);
vector.add(new DERTaggedObject(true, 0, ASN1TaggedObject.getInstance(asn1).getObject()));
DERSequence seq = new DERSequence(vector);
return new GeneralName(GeneralName.otherName, seq);
case GeneralName.ediPartyName:
reqSeq = ASN1Sequence.getInstance(requestedName.getName());
size = reqSeq.size();
String nameAssigner = null;
int idx = 0;
if (size > 1) {
DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
nameAssigner = ds.getString();
}
DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
String partyName = ds.getString();
vector = new ASN1EncodableVector();
if (nameAssigner != null) {
vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner)));
}
vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName)));
seq = new DERSequence(vector);
return new GeneralName(GeneralName.ediPartyName, seq);
default:
throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
}
// end switch (tag)
}
Also used :
GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DERSequence(org.bouncycastle.asn1.DERSequence)
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 67 with GeneralName
use of com.android.org.bouncycastle.asn1.x509.GeneralName in project dcos-commons by mesosphere.
the class CertificateNamesGenerator method getSANs.
/**
* Returns additional Subject Alternative Names for service certificates.
*/
public GeneralNames getSANs() {
List<GeneralName> generalNames = new ArrayList<>();
generalNames.add(new GeneralName(GeneralName.dNSName, autoIpHostname));
// Process VIP names, if any
vipSpecs.stream().map(vipSpec -> new GeneralName(GeneralName.dNSName, EndpointUtils.toVipHostname(serviceName, new EndpointUtils.VipInfo(vipSpec.getVipName(), (int) vipSpec.getPort())))).forEach(vipGeneralName -> generalNames.add(vipGeneralName));
return new GeneralNames(generalNames.toArray(new GeneralName[generalNames.size()]));
}
Also used :
SchedulerConfig(com.mesosphere.sdk.scheduler.SchedulerConfig)
java.util(java.util)
MessageDigest(java.security.MessageDigest)
TaskSpec(com.mesosphere.sdk.specification.TaskSpec)
BCStyle(org.bouncycastle.asn1.x500.style.BCStyle)
Collectors(java.util.stream.Collectors)
StandardCharsets(java.nio.charset.StandardCharsets)
Hex(org.bouncycastle.util.encoders.Hex)
EndpointUtils(com.mesosphere.sdk.http.EndpointUtils)
X500Name(org.bouncycastle.asn1.x500.X500Name)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
NamedVIPSpec(com.mesosphere.sdk.specification.NamedVIPSpec)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
PodInstance(com.mesosphere.sdk.specification.PodInstance)
X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Example 68 with GeneralName
use of com.android.org.bouncycastle.asn1.x509.GeneralName in project signer by demoiselle.
the class SigningCertificate method getValue.
@Override
public Attribute getValue() {
try {
X509Certificate cert = (X509Certificate) certificates[0];
Digest digest = DigestFactory.getInstance().factoryDefault();
digest.setAlgorithm(DigestAlgorithmEnum.SHA_1);
byte[] hash = digest.digest(cert.getEncoded());
X500Name dirName = new X500Name(cert.getSubjectDN().getName());
GeneralName name = new GeneralName(dirName);
GeneralNames issuer = new GeneralNames(name);
ASN1Integer serial = new ASN1Integer(cert.getSerialNumber());
IssuerSerial issuerSerial = new IssuerSerial(issuer, serial);
ESSCertID essCertId = new ESSCertID(hash, issuerSerial);
return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(new ASN1Encodable[] { new DERSequence(essCertId), new DERSequence(DERNull.INSTANCE) })));
} catch (CertificateEncodingException ex) {
throw new SignerException(ex.getMessage());
}
}
Also used :
IssuerSerial(org.bouncycastle.asn1.x509.IssuerSerial)
Digest(org.demoiselle.signer.cryptography.Digest)
SignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.SignedAttribute)
Attribute(org.bouncycastle.asn1.cms.Attribute)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
DERSet(org.bouncycastle.asn1.DERSet)
X509Certificate(java.security.cert.X509Certificate)
DERSequence(org.bouncycastle.asn1.DERSequence)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
ESSCertID(org.bouncycastle.asn1.ess.ESSCertID)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 69 with GeneralName
use of com.android.org.bouncycastle.asn1.x509.GeneralName in project signer by demoiselle.
the class CertificateRefs method getValue.
@Override
public Attribute getValue() throws SignerException {
try {
int chainSize = certificates.length - 1;
OtherCertID[] arrayOtherCertID = new OtherCertID[chainSize];
for (int i = 1; i <= chainSize; i++) {
X509Certificate issuerCert = null;
X509Certificate cert = (X509Certificate) certificates[i];
if (i < chainSize) {
issuerCert = (X509Certificate) certificates[i + 1];
} else {
// raiz
issuerCert = (X509Certificate) certificates[i];
}
Digest digest = DigestFactory.getInstance().factoryDefault();
digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
byte[] certHash = digest.digest(cert.getEncoded());
X500Name dirName = new X500Name(issuerCert.getSubjectX500Principal().getName());
GeneralName name = new GeneralName(dirName);
GeneralNames issuer = new GeneralNames(name);
ASN1Integer serialNumber = new ASN1Integer(cert.getSerialNumber());
IssuerSerial issuerSerial = new IssuerSerial(issuer, serialNumber);
AlgorithmIdentifier algId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256);
OtherCertID otherCertID = new OtherCertID(algId, certHash, issuerSerial);
arrayOtherCertID[i - 1] = otherCertID;
}
return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new ASN1Encodable[] { new DERSequence(arrayOtherCertID) }));
} catch (CertificateEncodingException e) {
throw new SignerException(e.getMessage());
}
}
Also used :
IssuerSerial(org.bouncycastle.asn1.x509.IssuerSerial)
Digest(org.demoiselle.signer.cryptography.Digest)
UnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute)
Attribute(org.bouncycastle.asn1.cms.Attribute)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
DERSet(org.bouncycastle.asn1.DERSet)
X509Certificate(java.security.cert.X509Certificate)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
OtherCertID(org.bouncycastle.asn1.ess.OtherCertID)
DERSequence(org.bouncycastle.asn1.DERSequence)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 70 with GeneralName
use of com.android.org.bouncycastle.asn1.x509.GeneralName in project signer by demoiselle.
the class SubjectAlternativeNameHolder method parseGeneralName.
private ASN1Encodable parseGeneralName(List<?> nameEntry) {
if (nameEntry != null && nameEntry.size() != 2) {
throw new IllegalArgumentException(String.valueOf(nameEntry));
}
String tag = String.valueOf(nameEntry.get(0));
Matcher m = TAGS_PATTERN.matcher(tag);
if (m.matches()) {
return new GeneralName(Integer.valueOf(tag), String.valueOf(nameEntry.get(1)));
}
throw new IllegalArgumentException(String.valueOf(nameEntry));
}
Also used :
Matcher(java.util.regex.Matcher)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Aggregations
GeneralName (org.bouncycastle.asn1.x509.GeneralName)149
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)72
IOException (java.io.IOException)53
DERIA5String (org.bouncycastle.asn1.DERIA5String)38
ArrayList (java.util.ArrayList)37
X500Name (org.bouncycastle.asn1.x500.X500Name)35
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)35
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)34
X509Certificate (java.security.cert.X509Certificate)32
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)28
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)27
DEROctetString (org.bouncycastle.asn1.DEROctetString)23
BigInteger (java.math.BigInteger)20
List (java.util.List)20
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)19
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)19
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)19
GeneralName (org.apache.harmony.security.x509.GeneralName)18
DERSequence (org.bouncycastle.asn1.DERSequence)18
DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)18
