Example 86 with GeneralName
use of com.github.zhenwei.core.asn1.x509.GeneralName in project xipki by xipki.
the class X509CertprofileUtil method createGeneralName.
/**
* Creates GeneralName.
*
* @param requestedName
* Requested name. Must not be {@code null}.
* @param modes
* Modes to be considered. Must not be {@code null}.
* @return the created GeneralName
* @throws BadCertTemplateException
* If requestedName is invalid or contains entries which are not allowed in the modes.
*/
public static GeneralName createGeneralName(GeneralName requestedName, Set<GeneralNameMode> modes) throws BadCertTemplateException {
ParamUtil.requireNonNull("requestedName", requestedName);
int tag = requestedName.getTagNo();
GeneralNameMode mode = null;
if (modes != null) {
for (GeneralNameMode m : modes) {
if (m.getTag().getTag() == tag) {
mode = m;
break;
}
}
if (mode == null) {
throw new BadCertTemplateException("generalName tag " + tag + " is not allowed");
}
}
switch(tag) {
case GeneralName.rfc822Name:
case GeneralName.dNSName:
case GeneralName.uniformResourceIdentifier:
case GeneralName.iPAddress:
case GeneralName.registeredID:
case GeneralName.directoryName:
return new GeneralName(tag, requestedName.getName());
case GeneralName.otherName:
ASN1Sequence reqSeq = ASN1Sequence.getInstance(requestedName.getName());
int size = reqSeq.size();
if (size != 2) {
throw new BadCertTemplateException("invalid otherName sequence: size is not 2: " + size);
}
ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0));
if (mode != null && !mode.getAllowedTypes().contains(type)) {
throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed");
}
ASN1Encodable asn1 = reqSeq.getObjectAt(1);
if (!(asn1 instanceof ASN1TaggedObject)) {
throw new BadCertTemplateException("otherName.value is not tagged Object");
}
int tagNo = ASN1TaggedObject.getInstance(asn1).getTagNo();
if (tagNo != 0) {
throw new BadCertTemplateException("otherName.value does not have tag 0: " + tagNo);
}
ASN1EncodableVector vector = new ASN1EncodableVector();
vector.add(type);
vector.add(new DERTaggedObject(true, 0, ASN1TaggedObject.getInstance(asn1).getObject()));
DERSequence seq = new DERSequence(vector);
return new GeneralName(GeneralName.otherName, seq);
case GeneralName.ediPartyName:
reqSeq = ASN1Sequence.getInstance(requestedName.getName());
size = reqSeq.size();
String nameAssigner = null;
int idx = 0;
if (size > 1) {
DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
nameAssigner = ds.getString();
}
DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
String partyName = ds.getString();
vector = new ASN1EncodableVector();
if (nameAssigner != null) {
vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner)));
}
vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName)));
seq = new DERSequence(vector);
return new GeneralName(GeneralName.ediPartyName, seq);
default:
throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
}
// end switch (tag)
}
Also used :
GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DERSequence(org.bouncycastle.asn1.DERSequence)
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 87 with GeneralName
use of com.github.zhenwei.core.asn1.x509.GeneralName in project apiRecord by tobecoder2015.
the class CertUtil method genCert.
/**
* 动态生成服务器证书,并进行CA签授
*
* @param issuer 颁发机构
* @param serverPubKey
* @param caPriKey
* @param caPubKey
* @param host
* @return
* @throws Exception
*/
public static X509Certificate genCert(String issuer, PublicKey serverPubKey, PrivateKey caPriKey, PublicKey caPubKey, String host) throws Exception {
X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
/* String issuer = "C=CN, ST=GD, L=SZ, O=lee, OU=study, CN=ProxyeeRoot";
String subject = "C=CN, ST=GD, L=SZ, O=lee, OU=study, CN=" + host;*/
// 根据CA证书subject来动态生成目标服务器证书的issuer和subject
String subject = Arrays.stream(issuer.split(", ")).map((dn) -> {
String[] temp = dn.split("=");
if (temp[0].equalsIgnoreCase("CN")) {
return temp[0] + "=" + host;
}
return dn;
}).collect(Collectors.joining(", "));
v3CertGen.reset();
v3CertGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
v3CertGen.setIssuerDN(new X509Principal(issuer));
v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 10 * ONE_DAY));
v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + 3650 * ONE_DAY));
v3CertGen.setSubjectDN(new X509Principal(subject));
v3CertGen.setPublicKey(serverPubKey);
// SHA256 Chrome需要此哈希算法否则会出现不安全提示
v3CertGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
// SAN扩展 Chrome需要此扩展否则会出现不安全提示
GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.dNSName, host));
v3CertGen.addExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
X509Certificate cert = v3CertGen.generateX509Certificate(caPriKey);
cert.checkValidity(new Date());
cert.verify(caPubKey);
return cert;
}
Also used :
X509Certificate(java.security.cert.X509Certificate)
IntStream(java.util.stream.IntStream)
java.security(java.security)
X509Principal(org.bouncycastle.jce.X509Principal)
Arrays(java.util.Arrays)
EncodedKeySpec(java.security.spec.EncodedKeySpec)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
CertificateFactory(java.security.cert.CertificateFactory)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator)
Files(java.nio.file.Files)
Date(java.util.Date)
X509Extensions(org.bouncycastle.asn1.x509.X509Extensions)
FileInputStream(java.io.FileInputStream)
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
Collectors(java.util.stream.Collectors)
TimeUnit(java.util.concurrent.TimeUnit)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
List(java.util.List)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
Paths(java.nio.file.Paths)
BigInteger(java.math.BigInteger)
URI(java.net.URI)
InputStream(java.io.InputStream)
X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
X509Principal(org.bouncycastle.jce.X509Principal)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
Example 88 with GeneralName
use of com.github.zhenwei.core.asn1.x509.GeneralName in project certmgr by hdecarne.
the class SubjectAlternativeNameController method init.
/**
* Initialize the dialog with existing extension data.
*
* @param data The extension data to use.
* @param expertMode Whether to run in expert mode ({@code true}) or not ({@code false}).
* @return This controller.
*/
public SubjectAlternativeNameController init(SubjectAlternativeNameExtensionData data, boolean expertMode) {
init(expertMode);
this.ctlCritical.setSelected(data.getCritical());
ObservableList<GeneralName> nameItems = this.ctlNames.getItems();
for (GeneralName name : data.getGeneralNames()) {
nameItems.add(name);
}
return this;
}
Also used :
GeneralName(de.carne.certmgr.certs.x509.GeneralName)
Example 89 with GeneralName
use of com.github.zhenwei.core.asn1.x509.GeneralName in project certmgr by hdecarne.
the class CRLDistributionPointsController method init.
/**
* Initialize the dialog with existing extension data.
*
* @param data The extension data to use.
* @param expertMode Whether to run in expert mode ({@code true}) or not ({@code false}).
* @return This controller.
*/
public CRLDistributionPointsController init(CRLDistributionPointsExtensionData data, boolean expertMode) {
init(expertMode);
this.ctlCritical.setSelected(data.getCritical());
ObservableList<GeneralName> nameItems = this.ctlNames.getItems();
for (DistributionPoint distributionPoint : data) {
DistributionPointName distributionPointName = distributionPoint.getName();
if (distributionPointName != null) {
GeneralNames names = distributionPointName.getFullName();
if (names != null) {
for (GeneralName name : names) {
nameItems.add(name);
}
}
break;
}
}
return this;
}
Also used :
GeneralNames(de.carne.certmgr.certs.x509.GeneralNames)
DistributionPointName(de.carne.certmgr.certs.x509.DistributionPointName)
GeneralName(de.carne.certmgr.certs.x509.GeneralName)
DistributionPoint(de.carne.certmgr.certs.x509.DistributionPoint)
Example 90 with GeneralName
use of com.github.zhenwei.core.asn1.x509.GeneralName in project certmgr by hdecarne.
the class CRLDistributionPointsController method validateAndGetDistributionPoint.
private DistributionPoint validateAndGetDistributionPoint() throws ValidationException {
GeneralNames names = new GeneralNames();
int nameCount = 0;
for (GeneralName name : this.ctlNames.getItems()) {
names.addName(name);
nameCount++;
}
InputValidator.isTrue(nameCount > 0, CRLDistributionPointsI18N::strMessageNoNames);
return new DistributionPoint(new DistributionPointName(names));
}
Also used :
GeneralNames(de.carne.certmgr.certs.x509.GeneralNames)
DistributionPointName(de.carne.certmgr.certs.x509.DistributionPointName)
GeneralName(de.carne.certmgr.certs.x509.GeneralName)
DistributionPoint(de.carne.certmgr.certs.x509.DistributionPoint)
DistributionPoint(de.carne.certmgr.certs.x509.DistributionPoint)
Aggregations
GeneralName (org.bouncycastle.asn1.x509.GeneralName)238
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)117
IOException (java.io.IOException)112
ArrayList (java.util.ArrayList)76
X500Name (org.bouncycastle.asn1.x500.X500Name)56
DERIA5String (org.bouncycastle.asn1.DERIA5String)53
X509Certificate (java.security.cert.X509Certificate)52
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)48
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)47
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)42
BigInteger (java.math.BigInteger)40
List (java.util.List)40
ContentSigner (org.bouncycastle.operator.ContentSigner)40
DEROctetString (org.bouncycastle.asn1.DEROctetString)37
Date (java.util.Date)31
X500Principal (javax.security.auth.x500.X500Principal)31
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)31
GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)30
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)29
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)29
