Search in sources :

Example 51 with GeneralNames

use of com.android.org.bouncycastle.asn1.x509.GeneralNames in project athenz by yahoo.

the class Crypto method generateX509CSR.

public static String generateX509CSR(PrivateKey privateKey, PublicKey publicKey, String x500Principal, GeneralName[] sanArray) throws OperatorCreationException, IOException {
    // Create Distinguished Name
    X500Principal subject = new X500Principal(x500Principal);
    // Create ContentSigner
    JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(Crypto.RSA_SHA256);
    ContentSigner signer = csBuilder.build(privateKey);
    // Create the CSR
    PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(subject, publicKey);
    if (sanArray != null) {
        ExtensionsGenerator extGen = new ExtensionsGenerator();
        GeneralNames subjectAltNames = new GeneralNames(sanArray);
        extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
        p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
    }
    PKCS10CertificationRequest csr = p10Builder.build(signer);
    // write to openssl PEM format
    PemObject pemObject = new PemObject("CERTIFICATE REQUEST", csr.getEncoded());
    StringWriter strWriter;
    try (JcaPEMWriter pemWriter = new JcaPEMWriter(strWriter = new StringWriter())) {
        pemWriter.writeObject(pemObject);
    }
    return strWriter.toString();
}
Also used : PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest) PemObject(org.bouncycastle.util.io.pem.PemObject) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) StringWriter(java.io.StringWriter) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) X500Principal(javax.security.auth.x500.X500Principal) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder) JcaPEMWriter(org.bouncycastle.openssl.jcajce.JcaPEMWriter) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)

Aggregations

GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)34 GeneralName (org.bouncycastle.asn1.x509.GeneralName)28 IOException (java.io.IOException)16 X509Certificate (java.security.cert.X509Certificate)16 ArrayList (java.util.ArrayList)15 Date (java.util.Date)10 List (java.util.List)10 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)10 GeneralNames (sun.security.x509.GeneralNames)10 X500Name (org.bouncycastle.asn1.x500.X500Name)9 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)9 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)9 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)8 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)8 GeneralSecurityException (java.security.GeneralSecurityException)7 SecureRandom (java.security.SecureRandom)7 X509CertSelector (java.security.cert.X509CertSelector)7 X500Principal (javax.security.auth.x500.X500Principal)7 DERIA5String (org.bouncycastle.asn1.DERIA5String)7 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)7