Search in sources :

Example 76 with DERIA5String

use of com.github.zhenwei.core.asn1.DERIA5String in project jruby-openssl by jruby.

the class NetscapeSPKI method toDER.

private byte[] toDER() throws IOException {
    ASN1Sequence b = (ASN1Sequence) ((NetscapeCertRequest) cert).toASN1Primitive();
    ASN1ObjectIdentifier encType = (ASN1ObjectIdentifier) ((ASN1Sequence) ((ASN1Sequence) ((ASN1Sequence) b.getObjectAt(0)).getObjectAt(0)).getObjectAt(0)).getObjectAt(0);
    ASN1ObjectIdentifier sigAlg = ((AlgorithmIdentifier) b.getObjectAt(1)).getAlgorithm();
    DERBitString sig = (DERBitString) b.getObjectAt(2);
    DERBitString publicKey = new DERBitString(((PKey) public_key).to_der().convertToString().getBytes());
    DERIA5String encodedChallenge = new DERIA5String(this.challenge.toString());
    ASN1EncodableVector v1 = new ASN1EncodableVector();
    ASN1EncodableVector v1_2 = new ASN1EncodableVector();
    ASN1EncodableVector v2 = new ASN1EncodableVector();
    ASN1EncodableVector v3 = new ASN1EncodableVector();
    ASN1EncodableVector v4 = new ASN1EncodableVector();
    v4.add(encType);
    v4.add(DERNull.INSTANCE);
    v3.add(new DLSequence(v4));
    v3.add(publicKey);
    v2.add(new DLSequence(v3));
    v2.add(encodedChallenge);
    v1.add(new DLSequence(v2));
    v1_2.add(sigAlg);
    v1_2.add(DERNull.INSTANCE);
    v1.add(new DLSequence(v1_2));
    v1.add(sig);
    return new DLSequence(v1).getEncoded();
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERIA5String(org.bouncycastle.asn1.DERIA5String) DLSequence(org.bouncycastle.asn1.DLSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 77 with DERIA5String

use of com.github.zhenwei.core.asn1.DERIA5String in project jruby-openssl by jruby.

the class NetscapeCertRequest method sign.

public void sign(final PrivateKey privateKey, SecureRandom random) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, InvalidKeySpecException {
    final Signature signature = getSignature();
    if (random != null) {
        signature.initSign(privateKey, random);
    } else {
        signature.initSign(privateKey);
    }
    ASN1EncodableVector pkac = new ASN1EncodableVector();
    try {
        pkac.add(getKeySpec());
    } catch (IOException e) {
        throw new InvalidKeySpecException(e);
    }
    pkac.add(new DERIA5String(challenge));
    try {
        signature.update(new DERSequence(pkac).getEncoded(ASN1Encoding.DER));
    } catch (IOException e) {
        throw new SignatureException(e);
    }
    signatureBits = signature.sign();
}
Also used : DERIA5String(org.bouncycastle.asn1.DERIA5String) DERSequence(org.bouncycastle.asn1.DERSequence) Signature(java.security.Signature) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) IOException(java.io.IOException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) SignatureException(java.security.SignatureException)

Example 78 with DERIA5String

use of com.github.zhenwei.core.asn1.DERIA5String in project zookeeper by apache.

the class X509TestHelpers method getLocalhostSubjectAltNames.

/**
 * Returns subject alternative names for "localhost".
 * @return the subject alternative names for "localhost".
 */
private static GeneralNames getLocalhostSubjectAltNames() throws UnknownHostException {
    InetAddress[] localAddresses = InetAddress.getAllByName("localhost");
    GeneralName[] generalNames = new GeneralName[localAddresses.length + 1];
    for (int i = 0; i < localAddresses.length; i++) {
        generalNames[i] = new GeneralName(GeneralName.iPAddress, new DEROctetString(localAddresses[i].getAddress()));
    }
    generalNames[generalNames.length - 1] = new GeneralName(GeneralName.dNSName, new DERIA5String("localhost"));
    return new GeneralNames(generalNames);
}
Also used : DERIA5String(org.bouncycastle.asn1.DERIA5String) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) GeneralName(org.bouncycastle.asn1.x509.GeneralName) InetAddress(java.net.InetAddress) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 79 with DERIA5String

use of com.github.zhenwei.core.asn1.DERIA5String in project keycloak by keycloak.

the class OCSPUtils method getResponderURIs.

/**
 * Extracts OCSP responder URI from X509 AIA v3 extension, if available. There can be
 * multiple responder URIs encoded in the certificate.
 * @param cert
 * @return a list of available responder URIs.
 * @throws CertificateEncodingException
 */
private static List<String> getResponderURIs(X509Certificate cert) throws CertificateEncodingException {
    LinkedList<String> responderURIs = new LinkedList<>();
    JcaX509CertificateHolder holder = new JcaX509CertificateHolder(cert);
    Extension aia = holder.getExtension(Extension.authorityInfoAccess);
    if (aia != null) {
        try {
            ASN1InputStream in = new ASN1InputStream(aia.getExtnValue().getOctetStream());
            ASN1Sequence seq = (ASN1Sequence) in.readObject();
            AuthorityInformationAccess authorityInfoAccess = AuthorityInformationAccess.getInstance(seq);
            for (AccessDescription ad : authorityInfoAccess.getAccessDescriptions()) {
                if (ad.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) {
                    // See https://www.ietf.org/rfc/rfc2560.txt, 3.1 Certificate Content
                    if (ad.getAccessLocation().getTagNo() == GeneralName.uniformResourceIdentifier) {
                        DERIA5String value = DERIA5String.getInstance(ad.getAccessLocation().getName());
                        responderURIs.add(value.getString());
                    }
                }
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
    return responderURIs;
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERIA5String(org.bouncycastle.asn1.DERIA5String) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) IOException(java.io.IOException) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)

Example 80 with DERIA5String

use of com.github.zhenwei.core.asn1.DERIA5String in project athenz by AthenZ.

the class ZTSClient method generateInstanceRefreshRequest.

/**
 * Generate a Instance Refresh request that could be sent to ZTS to
 * request a TLS certificate for a service.
 * @param principalDomain name of the principal's domain
 * @param principalService name of the principal's service
 * @param privateKey private key for the service identity for the caller
 * @param csrDn string identifying the dn for the csr without the cn component
 * @param csrDomain string identifying the dns domain for generating SAN fields
 * @param expiryTime number of seconds to request certificate to be valid for
 * @return InstanceRefreshRequest object
 */
public static InstanceRefreshRequest generateInstanceRefreshRequest(final String principalDomain, final String principalService, PrivateKey privateKey, final String csrDn, final String csrDomain, int expiryTime) {
    if (principalDomain == null || principalService == null) {
        throw new IllegalArgumentException("Principal's Domain and Service must be specified");
    }
    if (csrDomain == null) {
        throw new IllegalArgumentException("X509 CSR Domain must be specified");
    }
    // Athenz uses lower case for all elements, so let's
    // generate our dn which will be based on our service name
    final String domain = principalDomain.toLowerCase();
    final String service = principalService.toLowerCase();
    final String cn = domain + "." + service;
    String dn = "cn=" + cn;
    if (csrDn != null) {
        dn = dn.concat(",").concat(csrDn);
    }
    // now let's generate our dsnName field based on our principal's details
    GeneralName[] sanArray = new GeneralName[2];
    final String hostName = service + '.' + domain.replace('.', '-') + '.' + csrDomain;
    sanArray[0] = new GeneralName(GeneralName.dNSName, new DERIA5String(hostName));
    final String spiffeUri = SPIFFE_URI + domain + SPIFFE_COMP_SERVICE + service;
    sanArray[1] = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(spiffeUri));
    String csr;
    try {
        csr = Crypto.generateX509CSR(privateKey, dn, sanArray);
    } catch (OperatorCreationException | IOException ex) {
        throw new ZTSClientException(ResourceException.BAD_REQUEST, ex.getMessage());
    }
    return new InstanceRefreshRequest().setCsr(csr).setExpiryTime(expiryTime);
}
Also used : DERIA5String(org.bouncycastle.asn1.DERIA5String) DERIA5String(org.bouncycastle.asn1.DERIA5String) GeneralName(org.bouncycastle.asn1.x509.GeneralName) IOException(java.io.IOException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)

Aggregations

DERIA5String (org.bouncycastle.asn1.DERIA5String)80 IOException (java.io.IOException)55 GeneralName (org.bouncycastle.asn1.x509.GeneralName)29 DEROctetString (org.bouncycastle.asn1.DEROctetString)22 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)21 DERSequence (org.bouncycastle.asn1.DERSequence)17 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)16 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)15 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)14 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)14 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)12 DERBitString (org.bouncycastle.asn1.DERBitString)12 SignatureException (java.security.SignatureException)10 ArrayList (java.util.ArrayList)10 DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)10 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)10 HashSet (java.util.HashSet)9 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)9 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)9 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)8