Examples with ExtensionsGenerator com.github.zhenwei.core.asn1.x509.ExtensionsGenerator used on opensource projects

Example 6 with ExtensionsGenerator

use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project nifi by apache.

the class TlsHelper method createDomainAlternativeNamesExtensions.

public static Extensions createDomainAlternativeNamesExtensions(String domainAlternativeNames, String requestedDn) throws IOException {
    List<GeneralName> namesList = new ArrayList<>();
    try {
        final String cn = IETFUtils.valueToString(new X500Name(requestedDn).getRDNs(BCStyle.CN)[0].getFirst().getValue());
        namesList.add(new GeneralName(GeneralName.dNSName, cn));
    } catch (Exception e) {
        throw new IOException("Failed to extract CN from request DN: " + requestedDn, e);
    }
    if (StringUtils.isNotBlank(domainAlternativeNames)) {
        for (String alternativeName : domainAlternativeNames.split(",")) {
            namesList.add(new GeneralName(GeneralName.dNSName, alternativeName));
        }
    }
    GeneralNames subjectAltNames = new GeneralNames(namesList.toArray(new GeneralName[] {}));
    ExtensionsGenerator extGen = new ExtensionsGenerator();
    extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
    return extGen.generate();
}

Example 7 with ExtensionsGenerator

use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project candlepin by candlepin.

the class X509CRLStreamWriter method add.

/**
 * Create an entry to be added to the CRL.
 *
 * @param serial
 * @param date
 * @param reason
 * @throws IOException if an entry fails to generate
 */
@SuppressWarnings({ "unchecked", "rawtypes" })
public void add(BigInteger serial, Date date, int reason) throws IOException {
    if (locked) {
        throw new IllegalStateException("Cannot add to a locked stream.");
    }
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(new ASN1Integer(serial));
    v.add(new Time(date));
    CRLReason crlReason = CRLReason.getInstance(new ASN1Enumerated(reason));
    ExtensionsGenerator generator = new ExtensionsGenerator();
    generator.addExtension(Extension.reasonCode, false, crlReason);
    v.add(generator.generate());
    newEntries.add(new DERSequence(v));
}

Example 8 with ExtensionsGenerator

use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project OpenPDF by LibrePDF.

the class OcspClientBouncyCastle method generateOCSPRequest.

/**
 * Generates an OCSP request using BouncyCastle.
 *
 * @param issuerCert
 *          certificate of the issues
 * @param serialNumber
 *          serial number
 * @return an OCSP request
 * @throws OCSPException
 * @throws IOException
 */
private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException, OperatorCreationException, CertificateEncodingException {
    // Add provider BC
    Provider prov = new org.bouncycastle.jce.provider.BouncyCastleProvider();
    Security.addProvider(prov);
    // Generate the id for the certificate we are looking for
    // OJO... Modificacion de
    // Felix--------------------------------------------------
    // CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert,
    // serialNumber);
    // Example from
    // http://grepcode.com/file/repo1.maven.org/maven2/org.bouncycastle/bcmail-jdk16/1.46/org/bouncycastle/cert/ocsp/test/OCSPTest.java
    DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().setProvider(prov).build();
    CertificateID id = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(issuerCert), serialNumber);
    // basic request generation with nonce
    OCSPReqBuilder gen = new OCSPReqBuilder();
    gen.addRequest(id);
    // create details for nonce extension
    // Vector oids = new Vector();
    // Vector values = new Vector();
    // oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
    // values.add(new X509Extension(false, new DEROctetString(new
    // DEROctetString(PdfEncryption.createDocumentId()).getEncoded())));
    // gen.setRequestExtensions(new X509Extensions(oids, values));
    // Add nonce extension
    ExtensionsGenerator extGen = new ExtensionsGenerator();
    byte[] nonce = new byte[16];
    Random rand = new Random();
    rand.nextBytes(nonce);
    extGen.addExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonce));
    gen.setRequestExtensions(extGen.generate());
    // Build request
    return gen.build();
// ******************************************************************************
}

Example 9 with ExtensionsGenerator

use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project jmulticard by ctt-gob-es.

the class CertUtils method doReplaceExtension.

static ExtensionsGenerator doReplaceExtension(ExtensionsGenerator extGenerator, Extension ext) {
    boolean isReplaced = false;
    Extensions exts = extGenerator.generate();
    extGenerator = new ExtensionsGenerator();
    for (Enumeration en = exts.oids(); en.hasMoreElements(); ) {
        ASN1ObjectIdentifier extOid = (ASN1ObjectIdentifier) en.nextElement();
        if (extOid.equals(ext.getExtnId())) {
            isReplaced = true;
            extGenerator.addExtension(ext);
        } else {
            extGenerator.addExtension(exts.getExtension(extOid));
        }
    }
    if (!isReplaced) {
        throw new IllegalArgumentException("replace - original extension (OID = " + ext.getExtnId() + ") not found");
    }
    return extGenerator;
}

Example 10 with ExtensionsGenerator

use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project android by nextcloud.

the class CsrHelper method generateCSR.

/**
 * Create the certificate signing request (CSR) from private and public keys
 *
 * @param keyPair the KeyPair with private and public keys
 * @param userId userId of CSR owner
 * @return PKCS10CertificationRequest with the certificate signing request (CSR) data
 * @throws IOException thrown if key cannot be created
 * @throws OperatorCreationException thrown if contentSigner cannot be build
 */
private static PKCS10CertificationRequest generateCSR(KeyPair keyPair, String userId) throws IOException, OperatorCreationException {
    String principal = "CN=" + userId;
    AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded());
    AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WITHRSA");
    AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-1");
    ContentSigner signer = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm).build(privateKey);
    PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(principal), keyPair.getPublic());
    ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
    extensionsGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
    csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
    return csrBuilder.build(signer);
}