Search in sources :

Example 26 with ExtensionsGenerator

use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project LinLong-Java by zhenwei1108.

the class CertUtils method doRemoveExtension.

static ExtensionsGenerator doRemoveExtension(ExtensionsGenerator extGenerator, ASN1ObjectIdentifier oid) {
    boolean isRemoved = false;
    Extensions exts = extGenerator.generate();
    extGenerator = new ExtensionsGenerator();
    for (Enumeration en = exts.oids(); en.hasMoreElements(); ) {
        ASN1ObjectIdentifier extOid = (ASN1ObjectIdentifier) en.nextElement();
        if (extOid.equals(oid)) {
            isRemoved = true;
        } else {
            extGenerator.addExtension(exts.getExtension(extOid));
        }
    }
    if (!isRemoved) {
        throw new IllegalArgumentException("remove - extension (OID = " + oid + ") not found");
    }
    return extGenerator;
}
Also used : Enumeration(java.util.Enumeration) Extensions(com.github.zhenwei.core.asn1.x509.Extensions) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) ExtensionsGenerator(com.github.zhenwei.core.asn1.x509.ExtensionsGenerator)

Example 27 with ExtensionsGenerator

use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project IDS-Messaging-Services by International-Data-Spaces-Association.

the class OrbiterTokenManagerService method createCSR.

/**
 * Generate a CSR which is sent to the Orbiter DAPS to register a Client.
 *
 * @return a generated CSR
 * @throws OperatorCreationException when the ContentSigner
 * cannot be created
 * @throws IOException when the Extensions cannot be added to the CSR
 */
private PKCS10CertificationRequest createCSR() throws IOException, OperatorCreationException {
    // create csr builder with principal
    final var p10Builder = new JcaPKCS10CertificationRequestBuilder(new X500Principal("C=DE, ST=Bonn, L=NRW, O=truzzt, CN=*.truzzt.org"), generatedKeyPair.getPublic());
    // add extensions
    final var extensionsGenerator = new ExtensionsGenerator();
    // basic constraints = false
    extensionsGenerator.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
    // add subject alternative names
    final var sans = new ASN1Encodable[] { new GeneralName(GeneralName.dNSName, "*.truzzt.org"), new GeneralName(GeneralName.dNSName, "*.truzzt.com") };
    final var sansExtension = new DERSequence(sans);
    extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, sansExtension);
    // TODO add SKI extension but currently working without it)
    // extensionsGenerator.addExtension(Extension.subjectKeyIdentifier,
    // true, new SubjectKeyIdentifier());
    final var extensions = extensionsGenerator.generate();
    p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensions);
    // create csBuilder for signing the request
    final var csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
    final var signer = csBuilder.build(generatedKeyPair.getPrivate());
    // build and return the csr
    return p10Builder.build(signer);
}
Also used : JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) DERSequence(org.bouncycastle.asn1.DERSequence) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) X500Principal(javax.security.auth.x500.X500Principal) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) GeneralName(org.bouncycastle.asn1.x509.GeneralName) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)

Aggregations

ExtensionsGenerator (org.bouncycastle.asn1.x509.ExtensionsGenerator)23 JcaPKCS10CertificationRequestBuilder (org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)16 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)14 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)14 GeneralName (org.bouncycastle.asn1.x509.GeneralName)13 ContentSigner (org.bouncycastle.operator.ContentSigner)13 PKCS10CertificationRequestBuilder (org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)12 IOException (java.io.IOException)9 PKCS10CertificationRequest (org.bouncycastle.pkcs.PKCS10CertificationRequest)9 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)7 Enumeration (java.util.Enumeration)6 X500Principal (javax.security.auth.x500.X500Principal)5 X500Name (org.bouncycastle.asn1.x500.X500Name)5 JcaPEMWriter (org.bouncycastle.openssl.jcajce.JcaPEMWriter)4 ExtensionsGenerator (com.github.zhenwei.core.asn1.x509.ExtensionsGenerator)3 ByteArrayInputStream (java.io.ByteArrayInputStream)3 KeyPair (java.security.KeyPair)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 PrivateKey (java.security.PrivateKey)3 CertificateException (java.security.cert.CertificateException)3