Search in sources :

Example 6 with ExtensionsGenerator

use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project nifi by apache.

the class TlsHelper method createDomainAlternativeNamesExtensions.

public static Extensions createDomainAlternativeNamesExtensions(String domainAlternativeNames, String requestedDn) throws IOException {
    List<GeneralName> namesList = new ArrayList<>();
    try {
        final String cn = IETFUtils.valueToString(new X500Name(requestedDn).getRDNs(BCStyle.CN)[0].getFirst().getValue());
        namesList.add(new GeneralName(GeneralName.dNSName, cn));
    } catch (Exception e) {
        throw new IOException("Failed to extract CN from request DN: " + requestedDn, e);
    }
    if (StringUtils.isNotBlank(domainAlternativeNames)) {
        for (String alternativeName : domainAlternativeNames.split(",")) {
            namesList.add(new GeneralName(GeneralName.dNSName, alternativeName));
        }
    }
    GeneralNames subjectAltNames = new GeneralNames(namesList.toArray(new GeneralName[] {}));
    ExtensionsGenerator extGen = new ExtensionsGenerator();
    extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
    return extGen.generate();
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) ArrayList(java.util.ArrayList) GeneralName(org.bouncycastle.asn1.x509.GeneralName) X500Name(org.bouncycastle.asn1.x500.X500Name) IOException(java.io.IOException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)

Example 7 with ExtensionsGenerator

use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project candlepin by candlepin.

the class X509CRLStreamWriter method add.

/**
 * Create an entry to be added to the CRL.
 *
 * @param serial
 * @param date
 * @param reason
 * @throws IOException if an entry fails to generate
 */
@SuppressWarnings({ "unchecked", "rawtypes" })
public void add(BigInteger serial, Date date, int reason) throws IOException {
    if (locked) {
        throw new IllegalStateException("Cannot add to a locked stream.");
    }
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(new ASN1Integer(serial));
    v.add(new Time(date));
    CRLReason crlReason = CRLReason.getInstance(new ASN1Enumerated(reason));
    ExtensionsGenerator generator = new ExtensionsGenerator();
    generator.addExtension(Extension.reasonCode, false, crlReason);
    v.add(generator.generate());
    newEntries.add(new DERSequence(v));
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) ASN1Enumerated(org.bouncycastle.asn1.ASN1Enumerated) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) DERGeneralizedTime(org.bouncycastle.asn1.DERGeneralizedTime) ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) DERUTCTime(org.bouncycastle.asn1.DERUTCTime) Time(org.bouncycastle.asn1.x509.Time) ASN1UTCTime(org.bouncycastle.asn1.ASN1UTCTime) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) CRLReason(org.bouncycastle.asn1.x509.CRLReason) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)

Example 8 with ExtensionsGenerator

use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project OpenPDF by LibrePDF.

the class OcspClientBouncyCastle method generateOCSPRequest.

/**
 * Generates an OCSP request using BouncyCastle.
 *
 * @param issuerCert
 *          certificate of the issues
 * @param serialNumber
 *          serial number
 * @return an OCSP request
 * @throws OCSPException
 * @throws IOException
 */
private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException, OperatorCreationException, CertificateEncodingException {
    // Add provider BC
    Provider prov = new org.bouncycastle.jce.provider.BouncyCastleProvider();
    Security.addProvider(prov);
    // Generate the id for the certificate we are looking for
    // OJO... Modificacion de
    // Felix--------------------------------------------------
    // CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert,
    // serialNumber);
    // Example from
    // http://grepcode.com/file/repo1.maven.org/maven2/org.bouncycastle/bcmail-jdk16/1.46/org/bouncycastle/cert/ocsp/test/OCSPTest.java
    DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().setProvider(prov).build();
    CertificateID id = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(issuerCert), serialNumber);
    // basic request generation with nonce
    OCSPReqBuilder gen = new OCSPReqBuilder();
    gen.addRequest(id);
    // create details for nonce extension
    // Vector oids = new Vector();
    // Vector values = new Vector();
    // oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
    // values.add(new X509Extension(false, new DEROctetString(new
    // DEROctetString(PdfEncryption.createDocumentId()).getEncoded())));
    // gen.setRequestExtensions(new X509Extensions(oids, values));
    // Add nonce extension
    ExtensionsGenerator extGen = new ExtensionsGenerator();
    byte[] nonce = new byte[16];
    Random rand = new Random();
    rand.nextBytes(nonce);
    extGen.addExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonce));
    gen.setRequestExtensions(extGen.generate());
    // Build request
    return gen.build();
// ******************************************************************************
}
Also used : CertificateID(org.bouncycastle.cert.ocsp.CertificateID) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) DEROctetString(org.bouncycastle.asn1.DEROctetString) Provider(java.security.Provider) DigestCalculatorProvider(org.bouncycastle.operator.DigestCalculatorProvider) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator) DigestCalculatorProvider(org.bouncycastle.operator.DigestCalculatorProvider) Random(java.util.Random) JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder) OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder)

Example 9 with ExtensionsGenerator

use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project jmulticard by ctt-gob-es.

the class CertUtils method doReplaceExtension.

static ExtensionsGenerator doReplaceExtension(ExtensionsGenerator extGenerator, Extension ext) {
    boolean isReplaced = false;
    Extensions exts = extGenerator.generate();
    extGenerator = new ExtensionsGenerator();
    for (Enumeration en = exts.oids(); en.hasMoreElements(); ) {
        ASN1ObjectIdentifier extOid = (ASN1ObjectIdentifier) en.nextElement();
        if (extOid.equals(ext.getExtnId())) {
            isReplaced = true;
            extGenerator.addExtension(ext);
        } else {
            extGenerator.addExtension(exts.getExtension(extOid));
        }
    }
    if (!isReplaced) {
        throw new IllegalArgumentException("replace - original extension (OID = " + ext.getExtnId() + ") not found");
    }
    return extGenerator;
}
Also used : Enumeration(java.util.Enumeration) Extensions(org.bouncycastle.asn1.x509.Extensions) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)

Example 10 with ExtensionsGenerator

use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project android by nextcloud.

the class CsrHelper method generateCSR.

/**
 * Create the certificate signing request (CSR) from private and public keys
 *
 * @param keyPair the KeyPair with private and public keys
 * @param userId userId of CSR owner
 * @return PKCS10CertificationRequest with the certificate signing request (CSR) data
 * @throws IOException thrown if key cannot be created
 * @throws OperatorCreationException thrown if contentSigner cannot be build
 */
private static PKCS10CertificationRequest generateCSR(KeyPair keyPair, String userId) throws IOException, OperatorCreationException {
    String principal = "CN=" + userId;
    AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded());
    AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WITHRSA");
    AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-1");
    ContentSigner signer = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm).build(privateKey);
    PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(principal), keyPair.getPublic());
    ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
    extensionsGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
    csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
    return csrBuilder.build(signer);
}
Also used : BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter) ContentSigner(org.bouncycastle.operator.ContentSigner) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder) X500Name(org.bouncycastle.asn1.x500.X500Name) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)

Aggregations

ExtensionsGenerator (org.bouncycastle.asn1.x509.ExtensionsGenerator)23 JcaPKCS10CertificationRequestBuilder (org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)16 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)14 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)14 GeneralName (org.bouncycastle.asn1.x509.GeneralName)13 ContentSigner (org.bouncycastle.operator.ContentSigner)13 PKCS10CertificationRequestBuilder (org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)12 IOException (java.io.IOException)9 PKCS10CertificationRequest (org.bouncycastle.pkcs.PKCS10CertificationRequest)9 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)7 Enumeration (java.util.Enumeration)6 X500Principal (javax.security.auth.x500.X500Principal)5 X500Name (org.bouncycastle.asn1.x500.X500Name)5 JcaPEMWriter (org.bouncycastle.openssl.jcajce.JcaPEMWriter)4 ExtensionsGenerator (com.github.zhenwei.core.asn1.x509.ExtensionsGenerator)3 ByteArrayInputStream (java.io.ByteArrayInputStream)3 KeyPair (java.security.KeyPair)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 PrivateKey (java.security.PrivateKey)3 CertificateException (java.security.cert.CertificateException)3