use of com.github.zhenwei.core.asn1.DERIA5String in project jruby-openssl by jruby.
the class NetscapeSPKI method toDER.
private byte[] toDER() throws IOException {
ASN1Sequence b = (ASN1Sequence) ((NetscapeCertRequest) cert).toASN1Primitive();
ASN1ObjectIdentifier encType = (ASN1ObjectIdentifier) ((ASN1Sequence) ((ASN1Sequence) ((ASN1Sequence) b.getObjectAt(0)).getObjectAt(0)).getObjectAt(0)).getObjectAt(0);
ASN1ObjectIdentifier sigAlg = ((AlgorithmIdentifier) b.getObjectAt(1)).getAlgorithm();
DERBitString sig = (DERBitString) b.getObjectAt(2);
DERBitString publicKey = new DERBitString(((PKey) public_key).to_der().convertToString().getBytes());
DERIA5String encodedChallenge = new DERIA5String(this.challenge.toString());
ASN1EncodableVector v1 = new ASN1EncodableVector();
ASN1EncodableVector v1_2 = new ASN1EncodableVector();
ASN1EncodableVector v2 = new ASN1EncodableVector();
ASN1EncodableVector v3 = new ASN1EncodableVector();
ASN1EncodableVector v4 = new ASN1EncodableVector();
v4.add(encType);
v4.add(DERNull.INSTANCE);
v3.add(new DLSequence(v4));
v3.add(publicKey);
v2.add(new DLSequence(v3));
v2.add(encodedChallenge);
v1.add(new DLSequence(v2));
v1_2.add(sigAlg);
v1_2.add(DERNull.INSTANCE);
v1.add(new DLSequence(v1_2));
v1.add(sig);
return new DLSequence(v1).getEncoded();
}
use of com.github.zhenwei.core.asn1.DERIA5String in project jruby-openssl by jruby.
the class NetscapeCertRequest method sign.
public void sign(final PrivateKey privateKey, SecureRandom random) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, InvalidKeySpecException {
final Signature signature = getSignature();
if (random != null) {
signature.initSign(privateKey, random);
} else {
signature.initSign(privateKey);
}
ASN1EncodableVector pkac = new ASN1EncodableVector();
try {
pkac.add(getKeySpec());
} catch (IOException e) {
throw new InvalidKeySpecException(e);
}
pkac.add(new DERIA5String(challenge));
try {
signature.update(new DERSequence(pkac).getEncoded(ASN1Encoding.DER));
} catch (IOException e) {
throw new SignatureException(e);
}
signatureBits = signature.sign();
}
use of com.github.zhenwei.core.asn1.DERIA5String in project zookeeper by apache.
the class X509TestHelpers method getLocalhostSubjectAltNames.
/**
* Returns subject alternative names for "localhost".
* @return the subject alternative names for "localhost".
*/
private static GeneralNames getLocalhostSubjectAltNames() throws UnknownHostException {
InetAddress[] localAddresses = InetAddress.getAllByName("localhost");
GeneralName[] generalNames = new GeneralName[localAddresses.length + 1];
for (int i = 0; i < localAddresses.length; i++) {
generalNames[i] = new GeneralName(GeneralName.iPAddress, new DEROctetString(localAddresses[i].getAddress()));
}
generalNames[generalNames.length - 1] = new GeneralName(GeneralName.dNSName, new DERIA5String("localhost"));
return new GeneralNames(generalNames);
}
use of com.github.zhenwei.core.asn1.DERIA5String in project keycloak by keycloak.
the class OCSPUtils method getResponderURIs.
/**
* Extracts OCSP responder URI from X509 AIA v3 extension, if available. There can be
* multiple responder URIs encoded in the certificate.
* @param cert
* @return a list of available responder URIs.
* @throws CertificateEncodingException
*/
private static List<String> getResponderURIs(X509Certificate cert) throws CertificateEncodingException {
LinkedList<String> responderURIs = new LinkedList<>();
JcaX509CertificateHolder holder = new JcaX509CertificateHolder(cert);
Extension aia = holder.getExtension(Extension.authorityInfoAccess);
if (aia != null) {
try {
ASN1InputStream in = new ASN1InputStream(aia.getExtnValue().getOctetStream());
ASN1Sequence seq = (ASN1Sequence) in.readObject();
AuthorityInformationAccess authorityInfoAccess = AuthorityInformationAccess.getInstance(seq);
for (AccessDescription ad : authorityInfoAccess.getAccessDescriptions()) {
if (ad.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) {
// See https://www.ietf.org/rfc/rfc2560.txt, 3.1 Certificate Content
if (ad.getAccessLocation().getTagNo() == GeneralName.uniformResourceIdentifier) {
DERIA5String value = DERIA5String.getInstance(ad.getAccessLocation().getName());
responderURIs.add(value.getString());
}
}
}
} catch (IOException e) {
e.printStackTrace();
}
}
return responderURIs;
}
use of com.github.zhenwei.core.asn1.DERIA5String in project athenz by AthenZ.
the class ZTSClient method generateInstanceRefreshRequest.
/**
* Generate a Instance Refresh request that could be sent to ZTS to
* request a TLS certificate for a service.
* @param principalDomain name of the principal's domain
* @param principalService name of the principal's service
* @param privateKey private key for the service identity for the caller
* @param csrDn string identifying the dn for the csr without the cn component
* @param csrDomain string identifying the dns domain for generating SAN fields
* @param expiryTime number of seconds to request certificate to be valid for
* @return InstanceRefreshRequest object
*/
public static InstanceRefreshRequest generateInstanceRefreshRequest(final String principalDomain, final String principalService, PrivateKey privateKey, final String csrDn, final String csrDomain, int expiryTime) {
if (principalDomain == null || principalService == null) {
throw new IllegalArgumentException("Principal's Domain and Service must be specified");
}
if (csrDomain == null) {
throw new IllegalArgumentException("X509 CSR Domain must be specified");
}
// Athenz uses lower case for all elements, so let's
// generate our dn which will be based on our service name
final String domain = principalDomain.toLowerCase();
final String service = principalService.toLowerCase();
final String cn = domain + "." + service;
String dn = "cn=" + cn;
if (csrDn != null) {
dn = dn.concat(",").concat(csrDn);
}
// now let's generate our dsnName field based on our principal's details
GeneralName[] sanArray = new GeneralName[2];
final String hostName = service + '.' + domain.replace('.', '-') + '.' + csrDomain;
sanArray[0] = new GeneralName(GeneralName.dNSName, new DERIA5String(hostName));
final String spiffeUri = SPIFFE_URI + domain + SPIFFE_COMP_SERVICE + service;
sanArray[1] = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(spiffeUri));
String csr;
try {
csr = Crypto.generateX509CSR(privateKey, dn, sanArray);
} catch (OperatorCreationException | IOException ex) {
throw new ZTSClientException(ResourceException.BAD_REQUEST, ex.getMessage());
}
return new InstanceRefreshRequest().setCsr(csr).setExpiryTime(expiryTime);
}
Aggregations