use of com.github.zhenwei.core.asn1.x500.X500Name in project acme4j by shred.
the class CSRBuilderTest method csrTest.
/**
* Checks if the CSR contains the right parameters.
* <p>
* This is not supposed to be a Bouncy Castle test. If the
* {@link PKCS10CertificationRequest} contains the right parameters, we assume that
* Bouncy Castle encodes it properly.
*/
private void csrTest(PKCS10CertificationRequest csr) {
X500Name name = csr.getSubject();
try (AutoCloseableSoftAssertions softly = new AutoCloseableSoftAssertions()) {
softly.assertThat(name.getRDNs(BCStyle.CN)).as("CN").extracting(rdn -> rdn.getFirst().getValue().toString()).contains("abc.de");
softly.assertThat(name.getRDNs(BCStyle.C)).as("C").extracting(rdn -> rdn.getFirst().getValue().toString()).contains("XX");
softly.assertThat(name.getRDNs(BCStyle.L)).as("L").extracting(rdn -> rdn.getFirst().getValue().toString()).contains("Testville");
softly.assertThat(name.getRDNs(BCStyle.O)).as("O").extracting(rdn -> rdn.getFirst().getValue().toString()).contains("Testing Co");
softly.assertThat(name.getRDNs(BCStyle.OU)).as("OU").extracting(rdn -> rdn.getFirst().getValue().toString()).contains("Testunit");
softly.assertThat(name.getRDNs(BCStyle.ST)).as("ST").extracting(rdn -> rdn.getFirst().getValue().toString()).contains("ABC");
}
Attribute[] attr = csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
assertThat(attr).hasSize(1);
ASN1Encodable[] extensions = attr[0].getAttrValues().toArray();
assertThat(extensions).hasSize(1);
GeneralNames names = GeneralNames.fromExtensions((Extensions) extensions[0], Extension.subjectAlternativeName);
assertThat(names.getNames()).filteredOn(gn -> gn.getTagNo() == GeneralName.dNSName).extracting(gn -> ASN1IA5String.getInstance(gn.getName()).getString()).containsExactlyInAnyOrder("abc.de", "fg.hi", "jklm.no", "pqr.st", "uv.wx", "y.z", "*.wild.card", "ide1.nt", "ide2.nt", "ide3.nt");
assertThat(names.getNames()).filteredOn(gn -> gn.getTagNo() == GeneralName.iPAddress).extracting(gn -> getIP(gn.getName()).getHostAddress()).containsExactlyInAnyOrder("192.168.0.1", "192.168.0.2", "10.0.0.1", "10.0.0.2", "fd00:0:0:0:0:0:0:1", "fd00:0:0:0:0:0:0:2", "192.168.5.5", "192.168.5.6", "192.168.5.7");
}
use of com.github.zhenwei.core.asn1.x500.X500Name in project acme4j by shred.
the class SMIMECSRBuilderTest method smimeCsrTest.
/**
* Checks if the S/MIME CSR contains the right parameters.
* <p>
* This is not supposed to be a Bouncy Castle test. If the
* {@link PKCS10CertificationRequest} contains the right parameters, we assume that
* Bouncy Castle encodes it properly.
*/
private void smimeCsrTest(PKCS10CertificationRequest csr) {
X500Name name = csr.getSubject();
try (AutoCloseableSoftAssertions softly = new AutoCloseableSoftAssertions()) {
softly.assertThat(name.getRDNs(BCStyle.CN)).as("CN").extracting(rdn -> rdn.getFirst().getValue().toString()).contains("mail@example.com");
softly.assertThat(name.getRDNs(BCStyle.C)).as("C").extracting(rdn -> rdn.getFirst().getValue().toString()).contains("XX");
softly.assertThat(name.getRDNs(BCStyle.L)).as("L").extracting(rdn -> rdn.getFirst().getValue().toString()).contains("Testville");
softly.assertThat(name.getRDNs(BCStyle.O)).as("O").extracting(rdn -> rdn.getFirst().getValue().toString()).contains("Testing Co");
softly.assertThat(name.getRDNs(BCStyle.OU)).as("OU").extracting(rdn -> rdn.getFirst().getValue().toString()).contains("Testunit");
softly.assertThat(name.getRDNs(BCStyle.ST)).as("ST").extracting(rdn -> rdn.getFirst().getValue().toString()).contains("ABC");
}
Attribute[] attr = csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
assertThat(attr).hasSize(1);
ASN1Encodable[] extensions = attr[0].getAttrValues().toArray();
assertThat(extensions).hasSize(1);
GeneralNames names = GeneralNames.fromExtensions((Extensions) extensions[0], Extension.subjectAlternativeName);
assertThat(names.getNames()).filteredOn(gn -> gn.getTagNo() == GeneralName.rfc822Name).extracting(gn -> DERIA5String.getInstance(gn.getName()).getString()).containsExactlyInAnyOrder("mail@example.com", "info@example.com", "sales@example.com", "shop@example.com", "support@example.com", "help@example.com");
}
use of com.github.zhenwei.core.asn1.x500.X500Name in project snikket-android by snikket-im.
the class XmppDomainVerifier method getCommonNames.
private static List<String> getCommonNames(X509Certificate certificate) {
List<String> domains = new ArrayList<>();
try {
X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
RDN[] rdns = x500name.getRDNs(BCStyle.CN);
for (int i = 0; i < rdns.length; ++i) {
domains.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[i].getFirst().getValue()));
}
return domains;
} catch (CertificateEncodingException e) {
return domains;
}
}
use of com.github.zhenwei.core.asn1.x500.X500Name in project credhub by cloudfoundry.
the class CertificateGeneratorTest method whenCAExists_andItIsAIntermediateCA_aValidChildCertificateIsGenerated.
@Test
public void whenCAExists_andItIsAIntermediateCA_aValidChildCertificateIsGenerated() throws Exception {
final KeyPair childCertificateKeyPair = setupKeyPair();
final X500Name intermediateCaDn = new X500Name("O=foo,ST=bar,C=intermediate");
final KeyPair intermediateCaKeyPair = fakeKeyPairGenerator.generate();
final X509CertificateHolder intermediateCaCertificateHolder = makeCert(intermediateCaKeyPair, rootCaKeyPair.getPrivate(), rootCaDn, intermediateCaDn, true);
final X509Certificate intermediateX509Certificate = new JcaX509CertificateConverter().setProvider(BouncyCastleFipsProvider.PROVIDER_NAME).getCertificate(intermediateCaCertificateHolder);
final CertificateCredentialValue intermediateCa = new CertificateCredentialValue(null, CertificateFormatter.pemOf(intermediateX509Certificate), CertificateFormatter.pemOf(intermediateCaKeyPair.getPrivate()), null, true, false, false, false);
when(certificateAuthorityService.findActiveVersion("/my-ca-name")).thenReturn(intermediateCa);
when(keyGenerator.generateKeyPair(anyInt())).thenReturn(childCertificateKeyPair);
final X509CertificateHolder childCertificateHolder = generateChildCertificateSignedByCa(childCertificateKeyPair, intermediateCaKeyPair.getPrivate(), intermediateCaDn);
childX509Certificate = new JcaX509CertificateConverter().setProvider(BouncyCastleFipsProvider.PROVIDER_NAME).getCertificate(childCertificateHolder);
when(signedCertificateGenerator.getSignedByIssuer(childCertificateKeyPair, inputParameters, intermediateX509Certificate, intermediateCaKeyPair.getPrivate())).thenReturn(childX509Certificate);
final CertificateCredentialValue certificateSignedByIntermediate = subject.generateCredential(inputParameters);
assertThat(certificateSignedByIntermediate.getCa(), equalTo(intermediateCa.getCertificate()));
assertThat(certificateSignedByIntermediate.getPrivateKey(), equalTo(CertificateFormatter.pemOf(childCertificateKeyPair.getPrivate())));
assertThat(certificateSignedByIntermediate.getCertificate(), equalTo(CertificateFormatter.pemOf(childX509Certificate)));
verify(keyGenerator, times(1)).generateKeyPair(2048);
}
use of com.github.zhenwei.core.asn1.x500.X500Name in project mockserver by mock-server.
the class BCKeyAndCertificateFactory method createCASignedCert.
/**
* Create a server certificate for the given domain and subject alternative names, signed by the given Certificate Authority.
*/
private X509Certificate createCASignedCert(PublicKey publicKey, X509Certificate certificateAuthorityCert, PrivateKey certificateAuthorityPrivateKey, PublicKey certificateAuthorityPublicKey, String domain, Set<String> subjectAlternativeNameDomains, Set<String> subjectAlternativeNameIps) throws Exception {
// signers name
X500Name issuer = new X509CertificateHolder(certificateAuthorityCert.getEncoded()).getSubject();
// subjects name - the same as we are self signed.
X500Name subject = new X500Name("CN=" + domain + ", O=MockServer, L=London, ST=England, C=UK");
// serial
BigInteger serial = BigInteger.valueOf(new Random().nextInt(Integer.MAX_VALUE));
// create the certificate - version 3
X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuer, serial, NOT_BEFORE, NOT_AFTER, subject, publicKey);
builder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(publicKey));
builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
// subject alternative name
List<ASN1Encodable> subjectAlternativeNames = new ArrayList<>();
if (subjectAlternativeNameDomains != null) {
subjectAlternativeNames.add(new GeneralName(GeneralName.dNSName, domain));
for (String subjectAlternativeNameDomain : subjectAlternativeNameDomains) {
subjectAlternativeNames.add(new GeneralName(GeneralName.dNSName, subjectAlternativeNameDomain));
}
}
if (subjectAlternativeNameIps != null) {
for (String subjectAlternativeNameIp : subjectAlternativeNameIps) {
if (IPAddress.isValidIPv6WithNetmask(subjectAlternativeNameIp) || IPAddress.isValidIPv6(subjectAlternativeNameIp) || IPAddress.isValidIPv4WithNetmask(subjectAlternativeNameIp) || IPAddress.isValidIPv4(subjectAlternativeNameIp)) {
subjectAlternativeNames.add(new GeneralName(GeneralName.iPAddress, subjectAlternativeNameIp));
}
}
}
if (subjectAlternativeNames.size() > 0) {
DERSequence subjectAlternativeNamesExtension = new DERSequence(subjectAlternativeNames.toArray(new ASN1Encodable[0]));
builder.addExtension(Extension.subjectAlternativeName, false, subjectAlternativeNamesExtension);
}
X509Certificate signedX509Certificate = signCertificate(builder, certificateAuthorityPrivateKey);
// validate
signedX509Certificate.checkValidity(new Date());
signedX509Certificate.verify(certificateAuthorityPublicKey);
return signedX509Certificate;
}
Aggregations