use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project milo by eclipse.
the class CertificateUtil method generateCsr.
/**
* Generate a {@link PKCS10CertificationRequest}.
*
* @param keyPair the {@link KeyPair} containing Public and Private keys.
* @param subject the subject name {@link X500Name}.
* @param sanUri the URI to request in the SAN.
* @param sanDnsNames the DNS names to request in the SAN.
* @param sanIpAddresses the IP addresses to request in the SAN.
* @param signatureAlgorithm the signature algorithm to use when generating the signature to validate the
* certificate.
* @return a {@link PKCS10CertificationRequest}.
* @throws Exception if creating the signing request fails for any reason.
*/
public static PKCS10CertificationRequest generateCsr(KeyPair keyPair, X500Name subject, String sanUri, List<String> sanDnsNames, List<String> sanIpAddresses, String signatureAlgorithm) throws Exception {
PKCS10CertificationRequestBuilder builder = new PKCS10CertificationRequestBuilder(subject, SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
List<GeneralName> generalNames = new ArrayList<>();
generalNames.add(new GeneralName(SUBJECT_ALT_NAME_URI, sanUri));
sanDnsNames.stream().map(n -> new GeneralName(SUBJECT_ALT_NAME_DNS_NAME, n)).forEach(generalNames::add);
sanIpAddresses.stream().map(n -> new GeneralName(SUBJECT_ALT_NAME_IP_ADDRESS, n)).forEach(generalNames::add);
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(generalNames.toArray(new GeneralName[0])));
builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(signatureAlgorithm);
ContentSigner signer = signerBuilder.build(keyPair.getPrivate());
return builder.build(signer);
}
use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project milo by eclipse.
the class CertificateUtil method generateCsr.
/**
* Generate a {@link PKCS10CertificationRequest} for the provided {@code certificate} and {@code keyPair}.
*
* @param keyPair the {@link KeyPair} for {@code certificate}.
* @param certificate the {@link X509Certificate} to request signing for.
* @return a {@link PKCS10CertificationRequest}.
* @throws Exception if creating the signing request fails for any reason.
*/
public static PKCS10CertificationRequest generateCsr(KeyPair keyPair, X509Certificate certificate) throws Exception {
PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(certificate.getSubjectX500Principal(), certificate.getPublicKey());
GeneralNames subjectAltNames = new GeneralNames(getSubjectAltNames(certificate).toArray(new GeneralName[0]));
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(certificate.getSigAlgName());
ContentSigner signer = signerBuilder.build(keyPair.getPrivate());
return builder.build(signer);
}
use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project LinLong-Java by zhenwei1108.
the class CertUtils method doReplaceExtension.
static ExtensionsGenerator doReplaceExtension(ExtensionsGenerator extGenerator, Extension ext) {
boolean isReplaced = false;
Extensions exts = extGenerator.generate();
extGenerator = new ExtensionsGenerator();
for (Enumeration en = exts.oids(); en.hasMoreElements(); ) {
ASN1ObjectIdentifier extOid = (ASN1ObjectIdentifier) en.nextElement();
if (extOid.equals(ext.getExtnId())) {
isReplaced = true;
extGenerator.addExtension(ext);
} else {
extGenerator.addExtension(exts.getExtension(extOid));
}
}
if (!isReplaced) {
throw new IllegalArgumentException("replace - original extension (OID = " + ext.getExtnId() + ") not found");
}
return extGenerator;
}
use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project cloudbreak by hortonworks.
the class PkiUtil method addSubjectAlternativeNames.
private static PKCS10CertificationRequestBuilder addSubjectAlternativeNames(PKCS10CertificationRequestBuilder p10Builder, List<String> sanList) throws IOException {
GeneralName[] generalNames = sanList.stream().map(address -> new GeneralName(GeneralName.dNSName, address)).toArray(GeneralName[]::new);
GeneralNames subjectAltNames = new GeneralNames(generalNames);
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
return p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
}
use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project ozone by apache.
the class TestDefaultProfile method getSANExtension.
/**
* Generate an Extension with rfc822Name.
* @param extensionCode - Extension Code.
* @param value - email to be added to the certificate
* @param critical - boolean value that marks the extension as critical.
* @return - An Extension list with email address.
* @throws IOException
*/
private Extensions getSANExtension(int extensionCode, String value, boolean critical) throws IOException {
GeneralName extn = new GeneralName(extensionCode, value);
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(Extension.subjectAlternativeName, critical, new GeneralNames(extn));
return extensionsGenerator.generate();
}
Aggregations