Example 86 with GeneralNames
use of com.android.org.bouncycastle.asn1.x509.GeneralNames in project xipki by xipki.
the class ExtensionsChecker method getRequestedSubjectAltNames.
// method checkExtensionSubjectAltName
private GeneralName[] getRequestedSubjectAltNames(X500Name requestedSubject, Extensions requestedExtensions) throws CertprofileException, BadCertTemplateException {
ASN1Encodable extValue = (requestedExtensions == null) ? null : requestedExtensions.getExtensionParsedValue(Extension.subjectAlternativeName);
Map<ASN1ObjectIdentifier, GeneralNameTag> subjectToSubjectAltNameModes = certProfile.getSubjectToSubjectAltNameModes();
if (extValue == null && subjectToSubjectAltNameModes == null) {
return null;
}
GeneralNames reqNames = (extValue == null) ? null : GeneralNames.getInstance(extValue);
Set<GeneralNameMode> subjectAltNameModes = certProfile.getSubjectAltNameModes();
if (subjectAltNameModes == null && subjectToSubjectAltNameModes == null) {
return (reqNames == null) ? null : reqNames.getNames();
}
List<GeneralName> grantedNames = new LinkedList<>();
// copy the required attributes of Subject
if (subjectToSubjectAltNameModes != null) {
X500Name grantedSubject;
try {
grantedSubject = certProfile.getSubject(requestedSubject).getGrantedSubject();
} catch (CertprofileException | BadCertTemplateException ex) {
if (certProfile.getSpecialCertprofileBehavior() == null) {
throw ex;
}
LogUtil.warn(LOG, ex, "could not derive granted subject from requested subject");
grantedSubject = requestedSubject;
}
for (ASN1ObjectIdentifier attrType : subjectToSubjectAltNameModes.keySet()) {
GeneralNameTag tag = subjectToSubjectAltNameModes.get(attrType);
RDN[] rdns = grantedSubject.getRDNs(attrType);
if (rdns == null) {
rdns = requestedSubject.getRDNs(attrType);
}
if (rdns == null) {
continue;
}
for (RDN rdn : rdns) {
String rdnValue = X509Util.rdnValueToString(rdn.getFirst().getValue());
switch(tag) {
case rfc822Name:
case dNSName:
case uniformResourceIdentifier:
case iPAddress:
case directoryName:
case registeredID:
grantedNames.add(new GeneralName(tag.getTag(), rdnValue));
break;
default:
throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
}
// end switch (tag)
}
}
}
// copy the requested SubjectAltName entries
if (reqNames != null) {
GeneralName[] reqL = reqNames.getNames();
for (int i = 0; i < reqL.length; i++) {
grantedNames.add(reqL[i]);
}
}
return grantedNames.isEmpty() ? null : grantedNames.toArray(new GeneralName[0]);
}
Also used :
GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode)
GeneralNameTag(org.xipki.ca.api.profile.GeneralNameTag)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
ASN1String(org.bouncycastle.asn1.ASN1String)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERT61String(org.bouncycastle.asn1.DERT61String)
LinkedList(java.util.LinkedList)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
RDN(org.bouncycastle.asn1.x500.RDN)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 87 with GeneralNames
use of com.android.org.bouncycastle.asn1.x509.GeneralNames in project certmgr by hdecarne.
the class ASN1DataTest method testDistributionPoint.
/**
* Test encoding & decoding of {@link DistributionPoint} object.
*/
@Test
public void testDistributionPoint() {
try {
// DistributionPointName based
GeneralNames in1FullName = new GeneralNames();
StringName in1NameA = new StringName(GeneralNameType.UNIFORM_RESOURCE_IDENTIFIER, "https://localhost/test.crl");
DirectoryName in1NameB = new DirectoryName(new X500Principal("CN=localhost"));
in1FullName.addName(in1NameA);
in1FullName.addName(in1NameB);
DistributionPointName in1Name = new DistributionPointName(in1FullName);
DistributionPoint in1 = new DistributionPoint(in1Name);
byte[] in1Encoded = in1.getEncoded();
DistributionPoint out1 = DistributionPoint.decode(decodeBytes(in1Encoded));
byte[] out1Encoded = out1.getEncoded();
Assert.assertArrayEquals(in1Encoded, out1Encoded);
// GeneralName based
GeneralNames in2CrlIssuers = new GeneralNames();
StringName in2NameA = new StringName(GeneralNameType.UNIFORM_RESOURCE_IDENTIFIER, "https://localhost/test.crl");
DirectoryName in2NameB = new DirectoryName(new X500Principal("CN=localhost"));
in1FullName.addName(in2NameA);
in1FullName.addName(in2NameB);
DistributionPoint in2 = new DistributionPoint(in2CrlIssuers);
byte[] in2Encoded = in2.encode().toASN1Primitive().getEncoded();
DistributionPoint out2 = DistributionPoint.decode(decodeBytes(in2Encoded));
byte[] out2Encoded = out2.encode().toASN1Primitive().getEncoded();
Assert.assertArrayEquals(in2Encoded, out2Encoded);
} catch (IOException e) {
e.printStackTrace();
Assert.fail(e.getLocalizedMessage());
}
}
Also used :
GeneralNames(de.carne.certmgr.certs.x509.GeneralNames)
StringName(de.carne.certmgr.certs.x509.StringName)
DistributionPointName(de.carne.certmgr.certs.x509.DistributionPointName)
X500Principal(javax.security.auth.x500.X500Principal)
DistributionPoint(de.carne.certmgr.certs.x509.DistributionPoint)
IOException(java.io.IOException)
DirectoryName(de.carne.certmgr.certs.x509.DirectoryName)
Test(org.junit.Test)
Example 88 with GeneralNames
use of com.android.org.bouncycastle.asn1.x509.GeneralNames in project certmgr by hdecarne.
the class SubjectAlternativeNameController method onApply.
private void onApply(ActionEvent evt) {
try {
boolean critical = this.ctlCritical.isSelected();
GeneralNames names = validateAndGetNames();
this.extensionDataResult = new SubjectAlternativeNameExtensionData(critical, names);
} catch (ValidationException e) {
ValidationAlerts.error(e).showAndWait();
evt.consume();
}
}
Also used :
ValidationException(de.carne.jfx.util.validation.ValidationException)
GeneralNames(de.carne.certmgr.certs.x509.GeneralNames)
SubjectAlternativeNameExtensionData(de.carne.certmgr.certs.x509.SubjectAlternativeNameExtensionData)
Example 89 with GeneralNames
use of com.android.org.bouncycastle.asn1.x509.GeneralNames in project certmgr by hdecarne.
the class SubjectAlternativeNameController method validateAndGetNames.
private GeneralNames validateAndGetNames() throws ValidationException {
GeneralNames names = new GeneralNames();
int nameCount = 0;
for (GeneralName name : this.ctlNames.getItems()) {
names.addName(name);
nameCount++;
}
InputValidator.isTrue(nameCount > 0, SubjectAlternativeNameI18N::formatSTR_MESSAGE_NO_NAMES);
return names;
}
Also used :
GeneralNames(de.carne.certmgr.certs.x509.GeneralNames)
GeneralName(de.carne.certmgr.certs.x509.GeneralName)
Example 90 with GeneralNames
use of com.android.org.bouncycastle.asn1.x509.GeneralNames in project vespa by vespa-engine.
the class Pkcs10CsrBuilder method build.
public Pkcs10Csr build() {
try {
PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic());
ExtensionsGenerator extGen = new ExtensionsGenerator();
if (basicConstraintsExtension != null) {
extGen.addExtension(Extension.basicConstraints, basicConstraintsExtension.isCritical, new BasicConstraints(basicConstraintsExtension.isCertAuthorityCertificate));
}
if (!subjectAlternativeNames.isEmpty()) {
GeneralNames generalNames = new GeneralNames(subjectAlternativeNames.stream().map(san -> new GeneralName(GeneralName.dNSName, san)).toArray(GeneralName[]::new));
extGen.addExtension(Extension.subjectAlternativeName, false, generalNames);
}
requestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm.getAlgorithmName()).setProvider(BouncyCastleProviderHolder.getInstance()).build(keyPair.getPrivate());
return new Pkcs10Csr(requestBuilder.build(contentSigner));
} catch (OperatorCreationException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new UncheckedIOException(e);
}
}
Also used :
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)
UncheckedIOException(java.io.UncheckedIOException)
IOException(java.io.IOException)
UncheckedIOException(java.io.UncheckedIOException)
ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Aggregations
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)87
GeneralName (org.bouncycastle.asn1.x509.GeneralName)75
IOException (java.io.IOException)36
X509Certificate (java.security.cert.X509Certificate)27
X500Name (org.bouncycastle.asn1.x500.X500Name)25
ArrayList (java.util.ArrayList)21
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)21
ContentSigner (org.bouncycastle.operator.ContentSigner)20
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)19
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)18
BigInteger (java.math.BigInteger)17
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)17
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)17
JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)16
DERIA5String (org.bouncycastle.asn1.DERIA5String)15
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)15
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)15
X500Principal (javax.security.auth.x500.X500Principal)14
GeneralNames (sun.security.x509.GeneralNames)14
List (java.util.List)13
