Examples with DERIA5String com.github.zhenwei.core.asn1.DERIA5String used on opensource projects

Example 76 with DERIA5String

use of com.github.zhenwei.core.asn1.DERIA5String in project jruby-openssl by jruby.

the class NetscapeSPKI method toDER.

private byte[] toDER() throws IOException {
    ASN1Sequence b = (ASN1Sequence) ((NetscapeCertRequest) cert).toASN1Primitive();
    ASN1ObjectIdentifier encType = (ASN1ObjectIdentifier) ((ASN1Sequence) ((ASN1Sequence) ((ASN1Sequence) b.getObjectAt(0)).getObjectAt(0)).getObjectAt(0)).getObjectAt(0);
    ASN1ObjectIdentifier sigAlg = ((AlgorithmIdentifier) b.getObjectAt(1)).getAlgorithm();
    DERBitString sig = (DERBitString) b.getObjectAt(2);
    DERBitString publicKey = new DERBitString(((PKey) public_key).to_der().convertToString().getBytes());
    DERIA5String encodedChallenge = new DERIA5String(this.challenge.toString());
    ASN1EncodableVector v1 = new ASN1EncodableVector();
    ASN1EncodableVector v1_2 = new ASN1EncodableVector();
    ASN1EncodableVector v2 = new ASN1EncodableVector();
    ASN1EncodableVector v3 = new ASN1EncodableVector();
    ASN1EncodableVector v4 = new ASN1EncodableVector();
    v4.add(encType);
    v4.add(DERNull.INSTANCE);
    v3.add(new DLSequence(v4));
    v3.add(publicKey);
    v2.add(new DLSequence(v3));
    v2.add(encodedChallenge);
    v1.add(new DLSequence(v2));
    v1_2.add(sigAlg);
    v1_2.add(DERNull.INSTANCE);
    v1.add(new DLSequence(v1_2));
    v1.add(sig);
    return new DLSequence(v1).getEncoded();
}

Example 77 with DERIA5String

use of com.github.zhenwei.core.asn1.DERIA5String in project jruby-openssl by jruby.

the class NetscapeCertRequest method sign.

public void sign(final PrivateKey privateKey, SecureRandom random) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, InvalidKeySpecException {
    final Signature signature = getSignature();
    if (random != null) {
        signature.initSign(privateKey, random);
    } else {
        signature.initSign(privateKey);
    }
    ASN1EncodableVector pkac = new ASN1EncodableVector();
    try {
        pkac.add(getKeySpec());
    } catch (IOException e) {
        throw new InvalidKeySpecException(e);
    }
    pkac.add(new DERIA5String(challenge));
    try {
        signature.update(new DERSequence(pkac).getEncoded(ASN1Encoding.DER));
    } catch (IOException e) {
        throw new SignatureException(e);
    }
    signatureBits = signature.sign();
}

Example 78 with DERIA5String

use of com.github.zhenwei.core.asn1.DERIA5String in project zookeeper by apache.

the class X509TestHelpers method getLocalhostSubjectAltNames.

/**
 * Returns subject alternative names for "localhost".
 * @return the subject alternative names for "localhost".
 */
private static GeneralNames getLocalhostSubjectAltNames() throws UnknownHostException {
    InetAddress[] localAddresses = InetAddress.getAllByName("localhost");
    GeneralName[] generalNames = new GeneralName[localAddresses.length + 1];
    for (int i = 0; i < localAddresses.length; i++) {
        generalNames[i] = new GeneralName(GeneralName.iPAddress, new DEROctetString(localAddresses[i].getAddress()));
    }
    generalNames[generalNames.length - 1] = new GeneralName(GeneralName.dNSName, new DERIA5String("localhost"));
    return new GeneralNames(generalNames);
}

Example 79 with DERIA5String

use of com.github.zhenwei.core.asn1.DERIA5String in project keycloak by keycloak.

the class OCSPUtils method getResponderURIs.

/**
 * Extracts OCSP responder URI from X509 AIA v3 extension, if available. There can be
 * multiple responder URIs encoded in the certificate.
 * @param cert
 * @return a list of available responder URIs.
 * @throws CertificateEncodingException
 */
private static List<String> getResponderURIs(X509Certificate cert) throws CertificateEncodingException {
    LinkedList<String> responderURIs = new LinkedList<>();
    JcaX509CertificateHolder holder = new JcaX509CertificateHolder(cert);
    Extension aia = holder.getExtension(Extension.authorityInfoAccess);
    if (aia != null) {
        try {
            ASN1InputStream in = new ASN1InputStream(aia.getExtnValue().getOctetStream());
            ASN1Sequence seq = (ASN1Sequence) in.readObject();
            AuthorityInformationAccess authorityInfoAccess = AuthorityInformationAccess.getInstance(seq);
            for (AccessDescription ad : authorityInfoAccess.getAccessDescriptions()) {
                if (ad.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) {
                    // See https://www.ietf.org/rfc/rfc2560.txt, 3.1 Certificate Content
                    if (ad.getAccessLocation().getTagNo() == GeneralName.uniformResourceIdentifier) {
                        DERIA5String value = DERIA5String.getInstance(ad.getAccessLocation().getName());
                        responderURIs.add(value.getString());
                    }
                }
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
    return responderURIs;
}

Example 80 with DERIA5String

use of com.github.zhenwei.core.asn1.DERIA5String in project athenz by AthenZ.

the class ZTSClient method generateInstanceRefreshRequest.

/**
 * Generate a Instance Refresh request that could be sent to ZTS to
 * request a TLS certificate for a service.
 * @param principalDomain name of the principal's domain
 * @param principalService name of the principal's service
 * @param privateKey private key for the service identity for the caller
 * @param csrDn string identifying the dn for the csr without the cn component
 * @param csrDomain string identifying the dns domain for generating SAN fields
 * @param expiryTime number of seconds to request certificate to be valid for
 * @return InstanceRefreshRequest object
 */
public static InstanceRefreshRequest generateInstanceRefreshRequest(final String principalDomain, final String principalService, PrivateKey privateKey, final String csrDn, final String csrDomain, int expiryTime) {
    if (principalDomain == null || principalService == null) {
        throw new IllegalArgumentException("Principal's Domain and Service must be specified");
    }
    if (csrDomain == null) {
        throw new IllegalArgumentException("X509 CSR Domain must be specified");
    }
    // Athenz uses lower case for all elements, so let's
    // generate our dn which will be based on our service name
    final String domain = principalDomain.toLowerCase();
    final String service = principalService.toLowerCase();
    final String cn = domain + "." + service;
    String dn = "cn=" + cn;
    if (csrDn != null) {
        dn = dn.concat(",").concat(csrDn);
    }
    // now let's generate our dsnName field based on our principal's details
    GeneralName[] sanArray = new GeneralName[2];
    final String hostName = service + '.' + domain.replace('.', '-') + '.' + csrDomain;
    sanArray[0] = new GeneralName(GeneralName.dNSName, new DERIA5String(hostName));
    final String spiffeUri = SPIFFE_URI + domain + SPIFFE_COMP_SERVICE + service;
    sanArray[1] = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(spiffeUri));
    String csr;
    try {
        csr = Crypto.generateX509CSR(privateKey, dn, sanArray);
    } catch (OperatorCreationException | IOException ex) {
        throw new ZTSClientException(ResourceException.BAD_REQUEST, ex.getMessage());
    }
    return new InstanceRefreshRequest().setCsr(csr).setExpiryTime(expiryTime);
}