Examples with GeneralName com.github.zhenwei.core.asn1.x509.GeneralName used on opensource projects

Search in sources :

Example 91 with GeneralName

use of com.github.zhenwei.core.asn1.x509.GeneralName in project credhub by cloudfoundry-incubator.

the class CertificateReaderTest method givenASelfSignedCertificate_setsCertificateFieldsCorrectly.

@Test
public void givenASelfSignedCertificate_setsCertificateFieldsCorrectly() {
    final String distinguishedName = "L=Europa, OU=test-org-unit, CN=test-common-name, C=MilkyWay, ST=Jupiter, O=test-org";
    final GeneralNames generalNames = new GeneralNames(new GeneralName(GeneralName.dNSName, "SolarSystem"));
    final CertificateReader certificateReader = new CertificateReader(BIG_TEST_CERT);
    assertThat(certificateReader.getSubjectName().toString(), equalTo(distinguishedName));
    assertThat(certificateReader.getKeyLength(), equalTo(4096));
    assertThat(certificateReader.getAlternativeNames(), equalTo(generalNames));
    assertThat(asList(certificateReader.getExtendedKeyUsage().getUsages()), containsInAnyOrder(KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth));
    assertThat(certificateReader.getKeyUsage().hasUsages(KeyUsage.digitalSignature), equalTo(true));
    assertThat(certificateReader.getDurationDays(), equalTo(30));
    assertThat(certificateReader.isSelfSigned(), equalTo(false));
    assertThat(certificateReader.isCa(), equalTo(false));
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) GeneralName(org.bouncycastle.asn1.x509.GeneralName) Test(org.junit.Test)

Example 92 with GeneralName

use of com.github.zhenwei.core.asn1.x509.GeneralName in project pwm by pwm-project.

the class SelfCertGenerator method generateV3Certificate.

private X509Certificate generateV3Certificate(final KeyPair pair, final String cnValue) throws Exception {
    final X500NameBuilder subjectName = new X500NameBuilder(BCStyle.INSTANCE);
    subjectName.addRDN(BCStyle.CN, cnValue);
    final BigInteger serialNumber = makeSerialNumber();
    // 2 days in the past
    final Date notBefore = new Date(System.currentTimeMillis() - TimeUnit.DAYS.toMillis(2));
    final long futureSeconds = settings.getFutureSeconds();
    final Date notAfter = new Date(System.currentTimeMillis() + (futureSeconds * 1000));
    final X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(subjectName.build(), serialNumber, notBefore, notAfter, subjectName.build(), pair.getPublic());
    // false == not a CA
    final BasicConstraints basic = new BasicConstraints(false);
    // OID, critical, ASN.1 encoded value
    certGen.addExtension(Extension.basicConstraints, true, basic.getEncoded());
    // add subject alternate name
    {
        final ASN1Encodable[] subjectAlternativeNames = new ASN1Encodable[] { new GeneralName(GeneralName.dNSName, cnValue) };
        final DERSequence subjectAlternativeNamesExtension = new DERSequence(subjectAlternativeNames);
        certGen.addExtension(Extension.subjectAlternativeName, false, subjectAlternativeNamesExtension);
    }
    // sign and key encipher
    final KeyUsage keyUsage = new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment);
    // OID, critical, ASN.1 encoded value
    certGen.addExtension(Extension.keyUsage, true, keyUsage.getEncoded());
    // server authentication
    final ExtendedKeyUsage extKeyUsage = new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth);
    // OID, critical, ASN.1 encoded value
    certGen.addExtension(Extension.extendedKeyUsage, true, extKeyUsage.getEncoded());
    final ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC").build(pair.getPrivate());
    return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen));
}
Also used : X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) Date(java.util.Date) DERSequence(org.bouncycastle.asn1.DERSequence) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) BigInteger(java.math.BigInteger) GeneralName(org.bouncycastle.asn1.x509.GeneralName) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)

Example 93 with GeneralName

use of com.github.zhenwei.core.asn1.x509.GeneralName in project MaxKey by dromara.

the class X509V3CertGen method genV3Certificate.

public static X509Certificate genV3Certificate(String issuerName, String subjectName, Date notBefore, Date notAfter, KeyPair keyPair) throws Exception {
    // issuer same as  subject is CA
    BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
    X500Name x500Name = new X500Name(issuerName);
    X500Name subject = new X500Name(subjectName);
    PublicKey publicKey = keyPair.getPublic();
    PrivateKey privateKey = keyPair.getPrivate();
    SubjectPublicKeyInfo subjectPublicKeyInfo = null;
    ASN1InputStream publicKeyInputStream = null;
    try {
        publicKeyInputStream = new ASN1InputStream(publicKey.getEncoded());
        Object aiStream = publicKeyInputStream.readObject();
        subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(aiStream);
    } catch (IOException e1) {
        e1.printStackTrace();
    } finally {
        if (publicKeyInputStream != null)
            publicKeyInputStream.close();
    }
    X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(x500Name, serial, notBefore, notAfter, subject, subjectPublicKeyInfo);
    ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey);
    // certBuilder.addExtension(X509Extensions.BasicConstraints,  true, new BasicConstraints(false));
    // certBuilder.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature| KeyUsage.keyEncipherment));
    // certBuilder.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));
    // certBuilder.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, "connsec@163.com")));
    X509CertificateHolder x509CertificateHolder = certBuilder.build(sigGen);
    CertificateFactory certificateFactory = CertificateFactory.class.newInstance();
    InputStream inputStream = new ByteArrayInputStream(x509CertificateHolder.toASN1Structure().getEncoded());
    X509Certificate x509Certificate = (X509Certificate) certificateFactory.engineGenerateCertificate(inputStream);
    inputStream.close();
    return x509Certificate;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ContentSigner(org.bouncycastle.operator.ContentSigner) X500Name(org.bouncycastle.asn1.x500.X500Name) IOException(java.io.IOException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) CertificateFactory(org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory) X509Certificate(java.security.cert.X509Certificate) ByteArrayInputStream(java.io.ByteArrayInputStream) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger)

Example 94 with GeneralName

use of com.github.zhenwei.core.asn1.x509.GeneralName in project Spark by igniterealtime.

the class SparkTrustManager method loadCRL.

public Collection<X509CRL> loadCRL(X509Certificate[] chain) throws IOException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, CRLException {
    // for each certificate in chain
    for (X509Certificate cert : chain) {
        if (cert.getExtensionValue(Extension.cRLDistributionPoints.getId()) != null) {
            ASN1Primitive primitive = JcaX509ExtensionUtils.parseExtensionValue(cert.getExtensionValue(Extension.cRLDistributionPoints.getId()));
            // extract distribution point extension
            CRLDistPoint distPoint = CRLDistPoint.getInstance(primitive);
            DistributionPoint[] dp = distPoint.getDistributionPoints();
            // each distribution point extension can hold number of distribution points
            for (DistributionPoint d : dp) {
                DistributionPointName dpName = d.getDistributionPoint();
                // Look for URIs in fullName
                if (dpName != null && dpName.getType() == DistributionPointName.FULL_NAME) {
                    GeneralName[] genNames = GeneralNames.getInstance(dpName.getName()).getNames();
                    // Look for an URI
                    for (GeneralName genName : genNames) {
                        // extract url
                        URL url = new URL(genName.getName().toString());
                        try {
                            // download from Internet to the collection
                            crlCollection.add(downloadCRL(url));
                        } catch (CertificateException | CRLException e) {
                            throw new CRLException("Couldn't download CRL");
                        }
                    }
                }
            }
        } else {
            Log.warning("Certificate " + cert.getSubjectX500Principal().getName() + " have no CRLs");
        }
        // parameters for cert store is collection type, using collection with crl create parameters
        CollectionCertStoreParameters params = new CollectionCertStoreParameters(crlCollection);
        // this parameters are next used for creation of certificate store with crls
        crlStore = CertStore.getInstance("Collection", params);
    }
    return crlCollection;
}
Also used : DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName) URL(java.net.URL) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Example 95 with GeneralName

use of com.github.zhenwei.core.asn1.x509.GeneralName in project pdfbox by apache.

the class CRLVerifier method getCrlDistributionPoints.

/**
 * Extracts all CRL distribution point URLs from the "CRL Distribution
 * Point" extension in a X.509 certificate. If CRL distribution point
 * extension is unavailable, returns an empty list.
 * @param cert
 * @return List of CRL distribution point URLs.
 * @throws java.io.IOException
 */
public static List<String> getCrlDistributionPoints(X509Certificate cert) throws IOException {
    byte[] crldpExt = cert.getExtensionValue(Extension.cRLDistributionPoints.getId());
    if (crldpExt == null) {
        return new ArrayList<>();
    }
    ASN1Primitive derObjCrlDP;
    try (ASN1InputStream oAsnInStream = new ASN1InputStream(crldpExt)) {
        derObjCrlDP = oAsnInStream.readObject();
    }
    if (!(derObjCrlDP instanceof ASN1OctetString)) {
        LOG.warn("CRL distribution points for certificate subject " + cert.getSubjectX500Principal().getName() + " should be an octet string, but is " + derObjCrlDP);
        return new ArrayList<>();
    }
    ASN1OctetString dosCrlDP = (ASN1OctetString) derObjCrlDP;
    byte[] crldpExtOctets = dosCrlDP.getOctets();
    ASN1Primitive derObj2;
    try (ASN1InputStream oAsnInStream2 = new ASN1InputStream(crldpExtOctets)) {
        derObj2 = oAsnInStream2.readObject();
    }
    CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2);
    List<String> crlUrls = new ArrayList<>();
    for (DistributionPoint dp : distPoint.getDistributionPoints()) {
        DistributionPointName dpn = dp.getDistributionPoint();
        // Look for URIs in fullName
        if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) {
            // Look for an URI
            for (GeneralName genName : GeneralNames.getInstance(dpn.getName()).getNames()) {
                if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) {
                    String url = ASN1IA5String.getInstance(genName.getName()).getString();
                    crlUrls.add(url);
                }
            }
        }
    }
    return crlUrls;
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ArrayList(java.util.ArrayList) DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1IA5String(org.bouncycastle.asn1.ASN1IA5String) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Aggregations

GeneralName (org.bouncycastle.asn1.x509.GeneralName)238 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)117 IOException (java.io.IOException)112 ArrayList (java.util.ArrayList)76 X500Name (org.bouncycastle.asn1.x500.X500Name)56 DERIA5String (org.bouncycastle.asn1.DERIA5String)53 X509Certificate (java.security.cert.X509Certificate)52 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)48 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)47 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)42 BigInteger (java.math.BigInteger)40 List (java.util.List)40 ContentSigner (org.bouncycastle.operator.ContentSigner)40 DEROctetString (org.bouncycastle.asn1.DEROctetString)37 Date (java.util.Date)31 X500Principal (javax.security.auth.x500.X500Principal)31 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)31 GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)30 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)29 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)29
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial