Examples with X500Name com.github.zhenwei.core.asn1.x500.X500Name used on opensource projects

Example 66 with X500Name

use of com.github.zhenwei.core.asn1.x500.X500Name in project Openfire by igniterealtime.

the class CertificateManagerTest method testServerIdentitiesDNS.

/**
 * {@link CertificateManager#getServerIdentities(X509Certificate)} should return:
 * <ul>
 *     <li>the DNS subjectAltName value</li>
 *     <li>explicitly not the Common Name</li>
 * </ul>
 *
 * when a certificate contains:
 * <ul>
 *     <li>a subjectAltName entry of type DNS </li>
 * </ul>
 */
@Test
public void testServerIdentitiesDNS() throws Exception {
    // Setup fixture.
    final String subjectCommonName = "MySubjectCommonName";
    final String subjectAltNameDNS = "MySubjectAltNameDNS";
    final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(// Issuer
    new X500Name("CN=MyIssuer"), // Random serial number
    BigInteger.valueOf(Math.abs(new SecureRandom().nextInt())), // Not before 30 days ago
    new Date(System.currentTimeMillis() - (1000L * 60 * 60 * 24 * 30)), // Not after 99 days from now
    new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 99)), // Subject
    new X500Name("CN=" + subjectCommonName), subjectKeyPair.getPublic());
    final GeneralNames generalNames = new GeneralNames(new GeneralName(GeneralName.dNSName, subjectAltNameDNS));
    builder.addExtension(Extension.subjectAlternativeName, false, generalNames);
    final X509CertificateHolder certificateHolder = builder.build(contentSigner);
    final X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
    // Execute system under test
    final List<String> serverIdentities = CertificateManager.getServerIdentities(cert);
    // Verify result
    assertEquals(1, serverIdentities.size());
    assertTrue(serverIdentities.contains(subjectAltNameDNS));
    assertFalse(serverIdentities.contains(subjectCommonName));
}

Example 67 with X500Name

use of com.github.zhenwei.core.asn1.x500.X500Name in project Openfire by igniterealtime.

the class CertificateManagerTest method testServerIdentitiesCommonNameOnly.

/**
 * {@link CertificateManager#getServerIdentities(X509Certificate)} should return:
 * <ul>
 *     <li>the Common Name</li>
 * </ul>
 *
 * when a certificate contains:
 * <ul>
 *     <li>no other identifiers than its CommonName</li>
 * </ul>
 */
@Test
public void testServerIdentitiesCommonNameOnly() throws Exception {
    // Setup fixture.
    final String subjectCommonName = "MySubjectCommonName";
    final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(// Issuer
    new X500Name("CN=MyIssuer"), // Random serial number
    BigInteger.valueOf(Math.abs(new SecureRandom().nextInt())), // Not before 30 days ago
    new Date(System.currentTimeMillis() - (1000L * 60 * 60 * 24 * 30)), // Not after 99 days from now
    new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 99)), // Subject
    new X500Name("CN=" + subjectCommonName), subjectKeyPair.getPublic());
    final X509CertificateHolder certificateHolder = builder.build(contentSigner);
    final X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
    // Execute system under test
    final List<String> serverIdentities = CertificateManager.getServerIdentities(cert);
    // Verify result
    assertEquals(1, serverIdentities.size());
    assertEquals(subjectCommonName, serverIdentities.get(0));
}

Example 68 with X500Name

use of com.github.zhenwei.core.asn1.x500.X500Name in project Openfire by igniterealtime.

the class CertificateManagerTest method testServerIdentitiesXmppAddr.

/**
 * {@link CertificateManager#getServerIdentities(X509Certificate)} should return:
 * <ul>
 *     <li>the 'xmppAddr' subjectAltName value</li>
 *     <li>explicitly not the Common Name</li>
 * </ul>
 *
 * when a certificate contains:
 * <ul>
 *     <li>a subjectAltName entry of type otherName with an ASN.1 Object Identifier of "id-on-xmppAddr"</li>
 * </ul>
 */
@Test
public void testServerIdentitiesXmppAddr() throws Exception {
    // Setup fixture.
    final String subjectCommonName = "MySubjectCommonName";
    final String subjectAltNameXmppAddr = "MySubjectAltNameXmppAddr";
    final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(// Issuer
    new X500Name("CN=MyIssuer"), // Random serial number
    BigInteger.valueOf(Math.abs(new SecureRandom().nextInt())), // Not before 30 days ago
    new Date(System.currentTimeMillis() - (1000L * 60 * 60 * 24 * 30)), // Not after 99 days from now
    new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 99)), // Subject
    new X500Name("CN=" + subjectCommonName), subjectKeyPair.getPublic());
    final DERSequence otherName = new DERSequence(new ASN1Encodable[] { XMPP_ADDR_OID, new DERUTF8String(subjectAltNameXmppAddr) });
    final GeneralNames subjectAltNames = new GeneralNames(new GeneralName(GeneralName.otherName, otherName));
    builder.addExtension(Extension.subjectAlternativeName, true, subjectAltNames);
    final X509CertificateHolder certificateHolder = builder.build(contentSigner);
    final X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
    // Execute system under test
    final List<String> serverIdentities = CertificateManager.getServerIdentities(cert);
    // Verify result
    assertEquals(1, serverIdentities.size());
    assertTrue(serverIdentities.contains(subjectAltNameXmppAddr));
    assertFalse(serverIdentities.contains(subjectCommonName));
}

Example 69 with X500Name

use of com.github.zhenwei.core.asn1.x500.X500Name in project indy by Commonjava.

the class CertUtils method generateX509Certificate.

/**
 * Create a self-signed X.509 cert
 *
 * @param pair      KeyPair generated for this request
 * @param dn        the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"
 * @param days      how many days from now the cert is valid for
 * @param algorithm the signing algorithm, eg "SHA256withRSA"
 * @return X509Certificate newly generated certificate
 */
public static X509Certificate generateX509Certificate(KeyPair pair, String dn, int days, String algorithm) throws GeneralSecurityException, OperatorCreationException, IOException {
    JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
    PrivateKey subPrivKey = pair.getPrivate();
    PublicKey subPubKey = pair.getPublic();
    ContentSigner contentSignerBuilder = new JcaContentSignerBuilder(algorithm).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(subPrivKey);
    X500Name name = new X500Name(dn);
    Date expires = new Date(System.currentTimeMillis() + (MILLIS_IN_DAY * days));
    X509CertificateHolder holder = new X509v3CertificateBuilder(name, allocateSerialNumber(), new Date(), expires, name, SubjectPublicKeyInfo.getInstance(subPubKey.getEncoded())).build(contentSignerBuilder);
    X509Certificate cert = converter.getCertificate(holder);
    logger.debug("Created cert using CA private key:\n" + cert.toString());
    return cert;
}

Example 70 with X500Name

use of com.github.zhenwei.core.asn1.x500.X500Name in project koronavilkku-backend by THLfi.

the class FederationGatewaySigningDev method generateDevRootCertificate.

public X509Certificate generateDevRootCertificate(KeyPair keyPair) throws OperatorCreationException, IOException, CertificateException, NoSuchAlgorithmException {
    X500Name subject = new X500Name("CN=" + DEV_TRUST_ANCHOR_ISSUER);
    ContentSigner signer = new JcaContentSignerBuilder(DIGEST_ALGORITHM + "RSA").build(keyPair.getPrivate());
    X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(subject, new BigInteger(Long.toString(new SecureRandom().nextLong())), Date.from(Instant.now()), Date.from(Instant.now().plus(Duration.ofDays(100))), subject, SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
    JcaX509ExtensionUtils rootCertExtUtils = new JcaX509ExtensionUtils();
    certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
    certBuilder.addExtension(Extension.subjectKeyIdentifier, false, rootCertExtUtils.createSubjectKeyIdentifier(keyPair.getPublic()));
    X509CertificateHolder rootCertHolder = certBuilder.build(signer);
    return new JcaX509CertificateConverter().setProvider("BC").getCertificate(rootCertHolder);
}