use of com.github.zhenwei.core.asn1.pkcs.Attribute in project ca3sCore by kuehne-trustable-de.
the class CaCmpConnector method buildCertRequest.
/**
* @param certReqId
* @param p10Req
* @param hmacSecret
* @return
* @throws GeneralSecurityException
*/
PKIMessage buildCertRequest(long certReqId, final PKCS10CertificationRequest p10Req, final String hmacSecret) throws GeneralSecurityException {
X500Name subjectDN = p10Req.getSubject();
Collection<Extension> certExtList = new ArrayList<>();
Attribute[] attrs = p10Req.getAttributes();
for (Attribute attr : attrs) {
for (ASN1Encodable asn1Enc : attr.getAttributeValues()) {
boolean critical = false;
Extension ext;
try {
ext = new Extension(attr.getAttrType(), critical, asn1Enc.toASN1Primitive().getEncoded());
LOGGER.debug("Csr Extension from PKCS10Attr : " + ext.getExtnId().getId() + " -> " + ext.getParsedValue().toString());
certExtList.add(ext);
} catch (IOException e) {
LOGGER.error("reading attribute", e);
throw new GeneralSecurityException(e.getMessage());
}
}
}
return cryptoUtil.buildCertRequest(certReqId, subjectDN, certExtList, p10Req.getSubjectPublicKeyInfo(), hmacSecret);
}
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project acme4j by shred.
the class CertificateUtils method createTestCertificate.
/**
* Creates a signed end entity certificate from the given CSR.
* <p>
* This method is only meant for testing purposes! Do not use it in a real-world CA
* implementation.
* <p>
* Do not assume that real-world certificates have a similar structure. It's up to the
* discretion of the CA which distinguished names, validity dates, extensions and
* other parameters are transferred from the CSR to the generated certificate.
*
* @param csr
* CSR to create the certificate from
* @param notBefore
* {@link Instant} before which the certificate is not valid.
* @param notAfter
* {@link Instant} after which the certificate is not valid.
* @param issuer
* The issuer's {@link X509Certificate}.
* @param issuerPrivateKey
* {@link PrivateKey} of the issuer. This is not the private key the CSR was
* signed with.
* @return Generated {@link X509Certificate}
* @since 2.8
*/
public static X509Certificate createTestCertificate(PKCS10CertificationRequest csr, Instant notBefore, Instant notAfter, X509Certificate issuer, PrivateKey issuerPrivateKey) {
Objects.requireNonNull(csr, "csr");
Objects.requireNonNull(notBefore, "notBefore");
Objects.requireNonNull(notAfter, "notAfter");
Objects.requireNonNull(issuer, "issuer");
Objects.requireNonNull(issuerPrivateKey, "issuerPrivateKey");
try {
JcaPKCS10CertificationRequest jcaCsr = new JcaPKCS10CertificationRequest(csr);
JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(new X500Name(issuer.getIssuerX500Principal().getName()), BigInteger.valueOf(System.currentTimeMillis()), Date.from(notBefore), Date.from(notAfter), csr.getSubject(), jcaCsr.getPublicKey());
Attribute[] attr = csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
if (attr.length > 0) {
ASN1Encodable[] extensions = attr[0].getAttrValues().toArray();
if (extensions.length > 0 && extensions[0] instanceof Extensions) {
GeneralNames san = GeneralNames.fromExtensions((Extensions) extensions[0], Extension.subjectAlternativeName);
certBuilder.addExtension(Extension.subjectAlternativeName, false, san);
}
}
return buildCertificate(certBuilder::build, issuerPrivateKey);
} catch (NoSuchAlgorithmException | InvalidKeyException | CertIOException ex) {
throw new IllegalArgumentException("Invalid CSR", ex);
}
}
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.
the class Attribute method toASN1Primitive.
/**
* Produce an object suitable for an ASN1OutputStream.
* <pre>
* Attribute ::= SEQUENCE {
* attrType OBJECT IDENTIFIER,
* attrValues SET OF AttributeValue
* }
* </pre>
*/
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector(2);
v.add(attrType);
v.add(attrValues);
return new DERSequence(v);
}
Aggregations