use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project LinLong-Java by zhenwei1108.
the class CertUtils method doRemoveExtension.
static ExtensionsGenerator doRemoveExtension(ExtensionsGenerator extGenerator, ASN1ObjectIdentifier oid) {
boolean isRemoved = false;
Extensions exts = extGenerator.generate();
extGenerator = new ExtensionsGenerator();
for (Enumeration en = exts.oids(); en.hasMoreElements(); ) {
ASN1ObjectIdentifier extOid = (ASN1ObjectIdentifier) en.nextElement();
if (extOid.equals(oid)) {
isRemoved = true;
} else {
extGenerator.addExtension(exts.getExtension(extOid));
}
}
if (!isRemoved) {
throw new IllegalArgumentException("remove - extension (OID = " + oid + ") not found");
}
return extGenerator;
}
use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project IDS-Messaging-Services by International-Data-Spaces-Association.
the class OrbiterTokenManagerService method createCSR.
/**
* Generate a CSR which is sent to the Orbiter DAPS to register a Client.
*
* @return a generated CSR
* @throws OperatorCreationException when the ContentSigner
* cannot be created
* @throws IOException when the Extensions cannot be added to the CSR
*/
private PKCS10CertificationRequest createCSR() throws IOException, OperatorCreationException {
// create csr builder with principal
final var p10Builder = new JcaPKCS10CertificationRequestBuilder(new X500Principal("C=DE, ST=Bonn, L=NRW, O=truzzt, CN=*.truzzt.org"), generatedKeyPair.getPublic());
// add extensions
final var extensionsGenerator = new ExtensionsGenerator();
// basic constraints = false
extensionsGenerator.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
// add subject alternative names
final var sans = new ASN1Encodable[] { new GeneralName(GeneralName.dNSName, "*.truzzt.org"), new GeneralName(GeneralName.dNSName, "*.truzzt.com") };
final var sansExtension = new DERSequence(sans);
extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, sansExtension);
// TODO add SKI extension but currently working without it)
// extensionsGenerator.addExtension(Extension.subjectKeyIdentifier,
// true, new SubjectKeyIdentifier());
final var extensions = extensionsGenerator.generate();
p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensions);
// create csBuilder for signing the request
final var csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
final var signer = csBuilder.build(generatedKeyPair.getPrivate());
// build and return the csr
return p10Builder.build(signer);
}
Aggregations