Search in sources :

Example 11 with ExtensionsGenerator

use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project milo by eclipse.

the class CertificateUtil method generateCsr.

/**
 * Generate a {@link PKCS10CertificationRequest}.
 *
 * @param keyPair            the {@link KeyPair} containing Public and Private keys.
 * @param subject            the subject name {@link X500Name}.
 * @param sanUri             the URI to request in the SAN.
 * @param sanDnsNames        the DNS names to request in the SAN.
 * @param sanIpAddresses     the IP addresses to request in the SAN.
 * @param signatureAlgorithm the signature algorithm to use when generating the signature to validate the
 *                           certificate.
 * @return a {@link PKCS10CertificationRequest}.
 * @throws Exception if creating the signing request fails for any reason.
 */
public static PKCS10CertificationRequest generateCsr(KeyPair keyPair, X500Name subject, String sanUri, List<String> sanDnsNames, List<String> sanIpAddresses, String signatureAlgorithm) throws Exception {
    PKCS10CertificationRequestBuilder builder = new PKCS10CertificationRequestBuilder(subject, SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
    List<GeneralName> generalNames = new ArrayList<>();
    generalNames.add(new GeneralName(SUBJECT_ALT_NAME_URI, sanUri));
    sanDnsNames.stream().map(n -> new GeneralName(SUBJECT_ALT_NAME_DNS_NAME, n)).forEach(generalNames::add);
    sanIpAddresses.stream().map(n -> new GeneralName(SUBJECT_ALT_NAME_IP_ADDRESS, n)).forEach(generalNames::add);
    ExtensionsGenerator extGen = new ExtensionsGenerator();
    extGen.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(generalNames.toArray(new GeneralName[0])));
    builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
    JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(signatureAlgorithm);
    ContentSigner signer = signerBuilder.build(keyPair.getPrivate());
    return builder.build(signer);
}
Also used : X509Certificate(java.security.cert.X509Certificate) KeyPair(java.security.KeyPair) DigestUtil.sha1(org.eclipse.milo.opcua.stack.core.util.DigestUtil.sha1) PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) CertificateFactory(java.security.cert.CertificateFactory) PKCSObjectIdentifiers(org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers) Extension(org.bouncycastle.asn1.x509.Extension) ContentSigner(org.bouncycastle.operator.ContentSigner) IETFUtils(org.bouncycastle.asn1.x500.style.IETFUtils) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ByteString(org.eclipse.milo.opcua.stack.core.types.builtin.ByteString) CertificateParsingException(java.security.cert.CertificateParsingException) ArrayList(java.util.ArrayList) X500Name(org.bouncycastle.asn1.x500.X500Name) ByteArrayInputStream(java.io.ByteArrayInputStream) RFC4519Style(org.bouncycastle.asn1.x500.style.RFC4519Style) PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator) StatusCodes(org.eclipse.milo.opcua.stack.core.StatusCodes) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) StringWriter(java.io.StringWriter) Collection(java.util.Collection) MiscPEMGenerator(org.bouncycastle.openssl.MiscPEMGenerator) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) Collectors(java.util.stream.Collectors) Bytes(com.google.common.primitives.Bytes) Objects(java.util.Objects) List(java.util.List) GeneralName(org.bouncycastle.asn1.x509.GeneralName) Certificate(java.security.cert.Certificate) PemWriter(org.bouncycastle.util.io.pem.PemWriter) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) UaException(org.eclipse.milo.opcua.stack.core.UaException) Optional(java.util.Optional) Preconditions(com.google.common.base.Preconditions) Collections(java.util.Collections) InputStream(java.io.InputStream) CertificateEncodingException(java.security.cert.CertificateEncodingException) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ArrayList(java.util.ArrayList) ContentSigner(org.bouncycastle.operator.ContentSigner) PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)

Example 12 with ExtensionsGenerator

use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project milo by eclipse.

the class CertificateUtil method generateCsr.

/**
 * Generate a {@link PKCS10CertificationRequest} for the provided {@code certificate} and {@code keyPair}.
 *
 * @param keyPair     the {@link KeyPair} for {@code certificate}.
 * @param certificate the {@link X509Certificate} to request signing for.
 * @return a {@link PKCS10CertificationRequest}.
 * @throws Exception if creating the signing request fails for any reason.
 */
public static PKCS10CertificationRequest generateCsr(KeyPair keyPair, X509Certificate certificate) throws Exception {
    PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(certificate.getSubjectX500Principal(), certificate.getPublicKey());
    GeneralNames subjectAltNames = new GeneralNames(getSubjectAltNames(certificate).toArray(new GeneralName[0]));
    ExtensionsGenerator extGen = new ExtensionsGenerator();
    extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
    builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
    JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(certificate.getSigAlgName());
    ContentSigner signer = signerBuilder.build(keyPair.getPrivate());
    return builder.build(signer);
}
Also used : JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)

Example 13 with ExtensionsGenerator

use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project LinLong-Java by zhenwei1108.

the class CertUtils method doReplaceExtension.

static ExtensionsGenerator doReplaceExtension(ExtensionsGenerator extGenerator, Extension ext) {
    boolean isReplaced = false;
    Extensions exts = extGenerator.generate();
    extGenerator = new ExtensionsGenerator();
    for (Enumeration en = exts.oids(); en.hasMoreElements(); ) {
        ASN1ObjectIdentifier extOid = (ASN1ObjectIdentifier) en.nextElement();
        if (extOid.equals(ext.getExtnId())) {
            isReplaced = true;
            extGenerator.addExtension(ext);
        } else {
            extGenerator.addExtension(exts.getExtension(extOid));
        }
    }
    if (!isReplaced) {
        throw new IllegalArgumentException("replace - original extension (OID = " + ext.getExtnId() + ") not found");
    }
    return extGenerator;
}
Also used : Enumeration(java.util.Enumeration) Extensions(com.github.zhenwei.core.asn1.x509.Extensions) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) ExtensionsGenerator(com.github.zhenwei.core.asn1.x509.ExtensionsGenerator)

Example 14 with ExtensionsGenerator

use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project cloudbreak by hortonworks.

the class PkiUtil method addSubjectAlternativeNames.

private static PKCS10CertificationRequestBuilder addSubjectAlternativeNames(PKCS10CertificationRequestBuilder p10Builder, List<String> sanList) throws IOException {
    GeneralName[] generalNames = sanList.stream().map(address -> new GeneralName(GeneralName.dNSName, address)).toArray(GeneralName[]::new);
    GeneralNames subjectAltNames = new GeneralNames(generalNames);
    ExtensionsGenerator extGen = new ExtensionsGenerator();
    extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
    return p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
}
Also used : X509Certificate(java.security.cert.X509Certificate) KeyPair(java.security.KeyPair) PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) CertificateFactory(java.security.cert.CertificateFactory) Signer(org.bouncycastle.crypto.Signer) Extension(org.bouncycastle.asn1.x509.Extension) Date(java.util.Date) LoggerFactory(org.slf4j.LoggerFactory) Security(java.security.Security) Base64(org.apache.commons.codec.binary.Base64) SecureRandom(java.security.SecureRandom) KeySpec(java.security.spec.KeySpec) X500Name(org.bouncycastle.asn1.x500.X500Name) ByteArrayInputStream(java.io.ByteArrayInputStream) DataOutputStream(java.io.DataOutputStream) RSAPublicKey(java.security.interfaces.RSAPublicKey) Map(java.util.Map) PrivateKeyFactory(org.bouncycastle.crypto.util.PrivateKeyFactory) PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder) BigInteger(java.math.BigInteger) KeyPairGenerator(java.security.KeyPairGenerator) PEMParser(org.bouncycastle.openssl.PEMParser) Reader(java.io.Reader) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) KeyFactory(java.security.KeyFactory) List(java.util.List) GeneralName(org.bouncycastle.asn1.x509.GeneralName) PrivateKey(java.security.PrivateKey) CollectionUtils(org.springframework.util.CollectionUtils) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) RSAEngine(org.bouncycastle.crypto.engines.RSAEngine) JcaPEMWriter(org.bouncycastle.openssl.jcajce.JcaPEMWriter) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) X500Principal(javax.security.auth.x500.X500Principal) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) PKCSObjectIdentifiers(org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers) ContentSigner(org.bouncycastle.operator.ContentSigner) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) CryptoException(org.bouncycastle.crypto.CryptoException) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter) SHA256Digest(org.bouncycastle.crypto.digests.SHA256Digest) LinkedHashMap(java.util.LinkedHashMap) Calendar(java.util.Calendar) RSAKeyParameters(org.bouncycastle.crypto.params.RSAKeyParameters) OutputStreamWriter(java.io.OutputStreamWriter) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator) Logger(org.slf4j.Logger) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) PSSSigner(org.bouncycastle.crypto.signers.PSSSigner) BaseEncoding(com.google.common.io.BaseEncoding) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) IOException(java.io.IOException) PublicKey(java.security.PublicKey) BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) RSAPrivateKeySpec(java.security.spec.RSAPrivateKeySpec) StringReader(java.io.StringReader) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) BufferedReader(java.io.BufferedReader) Collections(java.util.Collections) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)

Example 15 with ExtensionsGenerator

use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project ozone by apache.

the class TestDefaultProfile method getSANExtension.

/**
 * Generate an Extension with rfc822Name.
 * @param extensionCode - Extension Code.
 * @param value  - email to be added to the certificate
 * @param critical - boolean value that marks the extension as critical.
 * @return - An Extension list with email address.
 * @throws IOException
 */
private Extensions getSANExtension(int extensionCode, String value, boolean critical) throws IOException {
    GeneralName extn = new GeneralName(extensionCode, value);
    ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
    extensionsGenerator.addExtension(Extension.subjectAlternativeName, critical, new GeneralNames(extn));
    return extensionsGenerator.generate();
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)

Aggregations

ExtensionsGenerator (org.bouncycastle.asn1.x509.ExtensionsGenerator)23 JcaPKCS10CertificationRequestBuilder (org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)16 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)14 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)14 GeneralName (org.bouncycastle.asn1.x509.GeneralName)13 ContentSigner (org.bouncycastle.operator.ContentSigner)13 PKCS10CertificationRequestBuilder (org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)12 IOException (java.io.IOException)9 PKCS10CertificationRequest (org.bouncycastle.pkcs.PKCS10CertificationRequest)9 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)7 Enumeration (java.util.Enumeration)6 X500Principal (javax.security.auth.x500.X500Principal)5 X500Name (org.bouncycastle.asn1.x500.X500Name)5 JcaPEMWriter (org.bouncycastle.openssl.jcajce.JcaPEMWriter)4 ExtensionsGenerator (com.github.zhenwei.core.asn1.x509.ExtensionsGenerator)3 ByteArrayInputStream (java.io.ByteArrayInputStream)3 KeyPair (java.security.KeyPair)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 PrivateKey (java.security.PrivateKey)3 CertificateException (java.security.cert.CertificateException)3