Search in sources :

Example 51 with GeneralNames

use of com.github.zhenwei.core.asn1.x509.GeneralNames in project dcos-commons by mesosphere.

the class CertificateNamesGenerator method getSANs.

/**
 * Returns additional Subject Alternative Names for service certificates.
 */
public GeneralNames getSANs() {
    List<GeneralName> generalNames = new ArrayList<>();
    generalNames.add(new GeneralName(GeneralName.dNSName, autoIpHostname));
    // Process VIP names, if any
    vipSpecs.stream().map(vipSpec -> new GeneralName(GeneralName.dNSName, EndpointUtils.toVipHostname(serviceName, schedulerConfig, new EndpointUtils.VipInfo(vipSpec.getVipName(), (int) vipSpec.getPort())))).forEach(generalNames::add);
    return new GeneralNames(generalNames.toArray(new GeneralName[0]));
}
Also used : SchedulerConfig(com.mesosphere.sdk.scheduler.SchedulerConfig) Arrays(java.util.Arrays) CommonIdUtils(com.mesosphere.sdk.offer.CommonIdUtils) MessageDigest(java.security.MessageDigest) TaskSpec(com.mesosphere.sdk.specification.TaskSpec) Collection(java.util.Collection) BCStyle(org.bouncycastle.asn1.x500.style.BCStyle) Collectors(java.util.stream.Collectors) StandardCharsets(java.nio.charset.StandardCharsets) Hex(org.bouncycastle.util.encoders.Hex) ArrayList(java.util.ArrayList) EndpointUtils(com.mesosphere.sdk.http.EndpointUtils) X500Name(org.bouncycastle.asn1.x500.X500Name) GeneralName(org.bouncycastle.asn1.x509.GeneralName) List(java.util.List) NamedVIPSpec(com.mesosphere.sdk.specification.NamedVIPSpec) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) PodInstance(com.mesosphere.sdk.specification.PodInstance) X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) ArrayList(java.util.ArrayList) GeneralName(org.bouncycastle.asn1.x509.GeneralName)

Example 52 with GeneralNames

use of com.github.zhenwei.core.asn1.x509.GeneralNames in project dcos-commons by mesosphere.

the class CertificateNamesGeneratorTest method testGetSANs.

@Test
public void testGetSANs() throws Exception {
    CertificateNamesGenerator certificateNamesGenerator = new CertificateNamesGenerator(TestConstants.SERVICE_NAME, mockTaskSpec, mockPodInstance, SCHEDULER_CONFIG);
    GeneralNames sans = certificateNamesGenerator.getSANs();
    Assert.assertEquals(1, sans.getNames().length);
    List<String> names = Arrays.stream(sans.getNames()).map(name -> name.getName().toString()).collect(Collectors.toList());
    Assert.assertEquals(1, names.size());
    Assert.assertTrue(names.toString(), names.contains(taskDnsName(TestConstants.TASK_NAME, TestConstants.SERVICE_NAME)));
    Assert.assertFalse(names.contains(taskDnsName("*", TestConstants.SERVICE_NAME)));
    Assert.assertFalse(names.contains(taskVipName("*", TestConstants.SERVICE_NAME)));
    Assert.assertEquals(toSansHash("some-pod-test-task-name.service-name." + SCHEDULER_CONFIG.getAutoipTLD()), certificateNamesGenerator.getSANsHash());
}
Also used : SchedulerConfigTestUtils(com.mesosphere.sdk.testutils.SchedulerConfigTestUtils) SchedulerConfig(com.mesosphere.sdk.scheduler.SchedulerConfig) java.util(java.util) TestConstants(com.mesosphere.sdk.testutils.TestConstants) RDN(org.bouncycastle.asn1.x500.RDN) Mock(org.mockito.Mock) MessageDigest(java.security.MessageDigest) TaskSpec(com.mesosphere.sdk.specification.TaskSpec) Test(org.junit.Test) DiscoverySpec(com.mesosphere.sdk.specification.DiscoverySpec) BCStyle(org.bouncycastle.asn1.x500.style.BCStyle) Collectors(java.util.stream.Collectors) StandardCharsets(java.nio.charset.StandardCharsets) Hex(org.bouncycastle.util.encoders.Hex) ResourceSet(com.mesosphere.sdk.specification.ResourceSet) Mockito(org.mockito.Mockito) MockitoAnnotations(org.mockito.MockitoAnnotations) NamedVIPSpec(com.mesosphere.sdk.specification.NamedVIPSpec) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) PodInstance(com.mesosphere.sdk.specification.PodInstance) Assert(org.junit.Assert) Before(org.junit.Before) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) Test(org.junit.Test)

Example 53 with GeneralNames

use of com.github.zhenwei.core.asn1.x509.GeneralNames in project xipki by xipki.

the class ExtensionsChecker method checkExtensionIssuerKeyIdentifier.

// method checkExtensionSubjectKeyIdentifier
private void checkExtensionIssuerKeyIdentifier(StringBuilder failureMsg, byte[] extensionValue, X509IssuerInfo issuerInfo) {
    AuthorityKeyIdentifier asn1 = AuthorityKeyIdentifier.getInstance(extensionValue);
    byte[] keyIdentifier = asn1.getKeyIdentifier();
    if (keyIdentifier == null) {
        failureMsg.append("keyIdentifier is 'absent' but expected 'present'; ");
    } else if (!Arrays.equals(issuerInfo.getSubjectKeyIdentifier(), keyIdentifier)) {
        addViolation(failureMsg, "keyIdentifier", hex(keyIdentifier), hex(issuerInfo.getSubjectKeyIdentifier()));
    }
    BigInteger serialNumber = asn1.getAuthorityCertSerialNumber();
    GeneralNames names = asn1.getAuthorityCertIssuer();
    if (certProfile.isIncludeIssuerAndSerialInAki()) {
        if (serialNumber == null) {
            failureMsg.append("authorityCertSerialNumber is 'absent' but expected 'present'; ");
        } else {
            if (!issuerInfo.getCert().getSerialNumber().equals(serialNumber)) {
                addViolation(failureMsg, "authorityCertSerialNumber", LogUtil.formatCsn(serialNumber), LogUtil.formatCsn(issuerInfo.getCert().getSerialNumber()));
            }
        }
        if (names == null) {
            failureMsg.append("authorityCertIssuer is 'absent' but expected 'present'; ");
        } else {
            GeneralName[] genNames = names.getNames();
            X500Name x500GenName = null;
            for (GeneralName genName : genNames) {
                if (genName.getTagNo() != GeneralName.directoryName) {
                    continue;
                }
                if (x500GenName != null) {
                    failureMsg.append("authorityCertIssuer contains at least two directoryName " + "but expected one; ");
                    break;
                } else {
                    x500GenName = (X500Name) genName.getName();
                }
            }
            if (x500GenName == null) {
                failureMsg.append("authorityCertIssuer does not contain directoryName but expected one; ");
            } else {
                X500Name caSubject = issuerInfo.getBcCert().getTBSCertificate().getSubject();
                if (!caSubject.equals(x500GenName)) {
                    addViolation(failureMsg, "authorityCertIssuer", x500GenName, caSubject);
                }
            }
        }
    } else {
        if (serialNumber != null) {
            failureMsg.append("authorityCertSerialNumber is 'absent' but expected 'present'; ");
        }
        if (names != null) {
            failureMsg.append("authorityCertIssuer is 'absent' but expected 'present'; ");
        }
    }
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) BigInteger(java.math.BigInteger) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) GeneralName(org.bouncycastle.asn1.x509.GeneralName) X500Name(org.bouncycastle.asn1.x500.X500Name)

Example 54 with GeneralNames

use of com.github.zhenwei.core.asn1.x509.GeneralNames in project xipki by xipki.

the class ExtensionsChecker method checkExtensionSubjectInfoAccess.

private void checkExtensionSubjectInfoAccess(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) {
    Map<ASN1ObjectIdentifier, Set<GeneralNameMode>> conf = certProfile.getSubjectInfoAccessModes();
    if (conf == null) {
        failureMsg.append("extension is present but not expected; ");
        return;
    }
    ASN1Encodable requestExtValue = null;
    if (requestedExtensions != null) {
        requestExtValue = requestedExtensions.getExtensionParsedValue(Extension.subjectInfoAccess);
    }
    if (requestExtValue == null) {
        failureMsg.append("extension is present but not expected; ");
        return;
    }
    ASN1Sequence requestSeq = ASN1Sequence.getInstance(requestExtValue);
    ASN1Sequence certSeq = ASN1Sequence.getInstance(extensionValue);
    int size = requestSeq.size();
    if (certSeq.size() != size) {
        addViolation(failureMsg, "size of GeneralNames", certSeq.size(), size);
        return;
    }
    for (int i = 0; i < size; i++) {
        AccessDescription ad = AccessDescription.getInstance(requestSeq.getObjectAt(i));
        ASN1ObjectIdentifier accessMethod = ad.getAccessMethod();
        Set<GeneralNameMode> generalNameModes = conf.get(accessMethod);
        if (generalNameModes == null) {
            failureMsg.append("accessMethod in requestedExtension ").append(accessMethod.getId()).append(" is not allowed; ");
            continue;
        }
        AccessDescription certAccessDesc = AccessDescription.getInstance(certSeq.getObjectAt(i));
        ASN1ObjectIdentifier certAccessMethod = certAccessDesc.getAccessMethod();
        boolean bo = (accessMethod == null) ? (certAccessMethod == null) : accessMethod.equals(certAccessMethod);
        if (!bo) {
            addViolation(failureMsg, "accessMethod", (certAccessMethod == null) ? "null" : certAccessMethod.getId(), (accessMethod == null) ? "null" : accessMethod.getId());
            continue;
        }
        GeneralName accessLocation;
        try {
            accessLocation = createGeneralName(ad.getAccessLocation(), generalNameModes);
        } catch (BadCertTemplateException ex) {
            failureMsg.append("invalid requestedExtension: ").append(ex.getMessage()).append("; ");
            continue;
        }
        GeneralName certAccessLocation = certAccessDesc.getAccessLocation();
        if (!certAccessLocation.equals(accessLocation)) {
            failureMsg.append("accessLocation does not match the requested one; ");
        }
    }
}
Also used : GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode) Set(java.util.Set) HashSet(java.util.HashSet) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)

Example 55 with GeneralNames

use of com.github.zhenwei.core.asn1.x509.GeneralNames in project xipki by xipki.

the class IdentifiedX509Certprofile method getExtensions.

/**
 * TODO.
 * @param requestedSubject
 *          Subject requested subject. Must not be {@code null}.
 * @param grantedSubject
 *          Granted subject. Must not be {@code null}.
 * @param requestedExtensions
 *          Extensions requested by the requestor. Could be {@code null}.
 * @param publicKeyInfo
 *          Subject public key. Must not be {@code null}.
 * @param publicCaInfo
 *          CA information. Must not be {@code null}.
 * @param crlSignerCert
 *          CRL signer certificate. Could be {@code null}.
 * @param notBefore
 *          NotBefore. Must not be {@code null}.
 * @param notAfter
 *          NotAfter. Must not be {@code null}.
 * @param caInfo
 *          CA information.
 * @return the extensions of the certificate to be issued.
 */
public ExtensionValues getExtensions(X500Name requestedSubject, X500Name grantedSubject, Extensions requestedExtensions, SubjectPublicKeyInfo publicKeyInfo, PublicCaInfo publicCaInfo, X509Certificate crlSignerCert, Date notBefore, Date notAfter) throws CertprofileException, BadCertTemplateException {
    ParamUtil.requireNonNull("publicKeyInfo", publicKeyInfo);
    ExtensionValues values = new ExtensionValues();
    Map<ASN1ObjectIdentifier, ExtensionControl> controls = new HashMap<>(certprofile.getExtensionControls());
    Set<ASN1ObjectIdentifier> neededExtTypes = new HashSet<>();
    Set<ASN1ObjectIdentifier> wantedExtTypes = new HashSet<>();
    if (requestedExtensions != null) {
        Extension reqExtension = requestedExtensions.getExtension(ObjectIdentifiers.id_xipki_ext_cmpRequestExtensions);
        if (reqExtension != null) {
            ExtensionExistence ee = ExtensionExistence.getInstance(reqExtension.getParsedValue());
            neededExtTypes.addAll(ee.getNeedExtensions());
            wantedExtTypes.addAll(ee.getWantExtensions());
        }
        for (ASN1ObjectIdentifier oid : neededExtTypes) {
            if (wantedExtTypes.contains(oid)) {
                wantedExtTypes.remove(oid);
            }
            if (!controls.containsKey(oid)) {
                throw new BadCertTemplateException("could not add needed extension " + oid.getId());
            }
        }
    }
    // SubjectKeyIdentifier
    ASN1ObjectIdentifier extType = Extension.subjectKeyIdentifier;
    ExtensionControl extControl = controls.remove(extType);
    if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
        byte[] encodedSpki = publicKeyInfo.getPublicKeyData().getBytes();
        byte[] skiValue = HashAlgo.SHA1.hash(encodedSpki);
        SubjectKeyIdentifier value = new SubjectKeyIdentifier(skiValue);
        addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
    }
    // Authority key identifier
    extType = Extension.authorityKeyIdentifier;
    extControl = controls.remove(extType);
    if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
        byte[] ikiValue = publicCaInfo.getSubjectKeyIdentifer();
        AuthorityKeyIdentifier value = null;
        if (ikiValue != null) {
            if (certprofile.includesIssuerAndSerialInAki()) {
                GeneralNames x509CaSubject = new GeneralNames(new GeneralName(publicCaInfo.getX500Subject()));
                value = new AuthorityKeyIdentifier(ikiValue, x509CaSubject, publicCaInfo.getSerialNumber());
            } else {
                value = new AuthorityKeyIdentifier(ikiValue);
            }
        }
        addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
    }
    // IssuerAltName
    extType = Extension.issuerAlternativeName;
    extControl = controls.remove(extType);
    if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
        GeneralNames value = publicCaInfo.getSubjectAltName();
        addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
    }
    // AuthorityInfoAccess
    extType = Extension.authorityInfoAccess;
    extControl = controls.remove(extType);
    if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
        AuthorityInfoAccessControl aiaControl = certprofile.getAiaControl();
        List<String> caIssuers = null;
        if (aiaControl == null || aiaControl.isIncludesCaIssuers()) {
            caIssuers = publicCaInfo.getCaCertUris();
        }
        List<String> ocspUris = null;
        if (aiaControl == null || aiaControl.isIncludesOcsp()) {
            ocspUris = publicCaInfo.getOcspUris();
        }
        if (CollectionUtil.isNonEmpty(caIssuers) || CollectionUtil.isNonEmpty(ocspUris)) {
            AuthorityInformationAccess value = CaUtil.createAuthorityInformationAccess(caIssuers, ocspUris);
            addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
        }
    }
    if (controls.containsKey(Extension.cRLDistributionPoints) || controls.containsKey(Extension.freshestCRL)) {
        X500Name crlSignerSubject = (crlSignerCert == null) ? null : X500Name.getInstance(crlSignerCert.getSubjectX500Principal().getEncoded());
        X500Name x500CaPrincipal = publicCaInfo.getX500Subject();
        // CRLDistributionPoints
        extType = Extension.cRLDistributionPoints;
        extControl = controls.remove(extType);
        if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
            if (CollectionUtil.isNonEmpty(publicCaInfo.getCrlUris())) {
                CRLDistPoint value = CaUtil.createCrlDistributionPoints(publicCaInfo.getCrlUris(), x500CaPrincipal, crlSignerSubject);
                addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
            }
        }
        // FreshestCRL
        extType = Extension.freshestCRL;
        extControl = controls.remove(extType);
        if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
            if (CollectionUtil.isNonEmpty(publicCaInfo.getDeltaCrlUris())) {
                CRLDistPoint value = CaUtil.createCrlDistributionPoints(publicCaInfo.getDeltaCrlUris(), x500CaPrincipal, crlSignerSubject);
                addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
            }
        }
    }
    // BasicConstraints
    extType = Extension.basicConstraints;
    extControl = controls.remove(extType);
    if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
        BasicConstraints value = CaUtil.createBasicConstraints(certprofile.getCertLevel(), certprofile.getPathLenBasicConstraint());
        addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
    }
    // KeyUsage
    extType = Extension.keyUsage;
    extControl = controls.remove(extType);
    if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
        Set<KeyUsage> usages = new HashSet<>();
        Set<KeyUsageControl> usageOccs = certprofile.getKeyUsage();
        for (KeyUsageControl k : usageOccs) {
            if (k.isRequired()) {
                usages.add(k.getKeyUsage());
            }
        }
        // the optional KeyUsage will only be set if requested explicitly
        if (requestedExtensions != null && extControl.isRequest()) {
            addRequestedKeyusage(usages, requestedExtensions, usageOccs);
        }
        org.bouncycastle.asn1.x509.KeyUsage value = X509Util.createKeyUsage(usages);
        addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
    }
    // ExtendedKeyUsage
    extType = Extension.extendedKeyUsage;
    extControl = controls.remove(extType);
    if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
        List<ASN1ObjectIdentifier> usages = new LinkedList<>();
        Set<ExtKeyUsageControl> usageOccs = certprofile.getExtendedKeyUsages();
        for (ExtKeyUsageControl k : usageOccs) {
            if (k.isRequired()) {
                usages.add(k.getExtKeyUsage());
            }
        }
        // the optional ExtKeyUsage will only be set if requested explicitly
        if (requestedExtensions != null && extControl.isRequest()) {
            addRequestedExtKeyusage(usages, requestedExtensions, usageOccs);
        }
        if (extControl.isCritical() && usages.contains(ObjectIdentifiers.id_anyExtendedKeyUsage)) {
            extControl = new ExtensionControl(false, extControl.isRequired(), extControl.isRequest());
        }
        ExtendedKeyUsage value = X509Util.createExtendedUsage(usages);
        addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
    }
    // ocsp-nocheck
    extType = ObjectIdentifiers.id_extension_pkix_ocsp_nocheck;
    extControl = controls.remove(extType);
    if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
        // the extension ocsp-nocheck will only be set if requested explicitly
        DERNull value = DERNull.INSTANCE;
        addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
    }
    // SubjectInfoAccess
    extType = Extension.subjectInfoAccess;
    extControl = controls.remove(extType);
    if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
        ASN1Sequence value = null;
        if (requestedExtensions != null && extControl.isRequest()) {
            value = createSubjectInfoAccess(requestedExtensions, certprofile.getSubjectInfoAccessModes());
        }
        addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
    }
    // remove extensions that are not required frrom the list
    List<ASN1ObjectIdentifier> listToRm = null;
    for (ASN1ObjectIdentifier extnType : controls.keySet()) {
        ExtensionControl ctrl = controls.get(extnType);
        if (ctrl.isRequired()) {
            continue;
        }
        if (neededExtTypes.contains(extnType) || wantedExtTypes.contains(extnType)) {
            continue;
        }
        if (listToRm == null) {
            listToRm = new LinkedList<>();
        }
        listToRm.add(extnType);
    }
    if (listToRm != null) {
        for (ASN1ObjectIdentifier extnType : listToRm) {
            controls.remove(extnType);
        }
    }
    ExtensionValues subvalues = certprofile.getExtensions(Collections.unmodifiableMap(controls), requestedSubject, grantedSubject, requestedExtensions, notBefore, notAfter, publicCaInfo);
    Set<ASN1ObjectIdentifier> extTypes = new HashSet<>(controls.keySet());
    for (ASN1ObjectIdentifier type : extTypes) {
        extControl = controls.remove(type);
        boolean addMe = addMe(type, extControl, neededExtTypes, wantedExtTypes);
        if (addMe) {
            ExtensionValue value = null;
            if (requestedExtensions != null && extControl.isRequest()) {
                Extension reqExt = requestedExtensions.getExtension(type);
                if (reqExt != null) {
                    value = new ExtensionValue(reqExt.isCritical(), reqExt.getParsedValue());
                }
            }
            if (value == null) {
                value = subvalues.getExtensionValue(type);
            }
            addExtension(values, type, value, extControl, neededExtTypes, wantedExtTypes);
        }
    }
    Set<ASN1ObjectIdentifier> unprocessedExtTypes = new HashSet<>();
    for (ASN1ObjectIdentifier type : controls.keySet()) {
        if (controls.get(type).isRequired()) {
            unprocessedExtTypes.add(type);
        }
    }
    if (CollectionUtil.isNonEmpty(unprocessedExtTypes)) {
        throw new CertprofileException("could not add required extensions " + toString(unprocessedExtTypes));
    }
    if (CollectionUtil.isNonEmpty(neededExtTypes)) {
        throw new BadCertTemplateException("could not add requested extensions " + toString(neededExtTypes));
    }
    return values;
}
Also used : AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) AuthorityInfoAccessControl(org.xipki.ca.api.profile.x509.AuthorityInfoAccessControl) HashMap(java.util.HashMap) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) KeyUsage(org.xipki.security.KeyUsage) KeyUsageControl(org.xipki.ca.api.profile.x509.KeyUsageControl) ExtKeyUsageControl(org.xipki.ca.api.profile.x509.ExtKeyUsageControl) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) X500Name(org.bouncycastle.asn1.x500.X500Name) ExtensionValue(org.xipki.ca.api.profile.ExtensionValue) DERNull(org.bouncycastle.asn1.DERNull) CertprofileException(org.xipki.ca.api.profile.CertprofileException) ExtensionControl(org.xipki.ca.api.profile.ExtensionControl) ExtensionValues(org.xipki.ca.api.profile.ExtensionValues) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) HashSet(java.util.HashSet) ExtKeyUsageControl(org.xipki.ca.api.profile.x509.ExtKeyUsageControl) SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier) LinkedList(java.util.LinkedList) Extension(org.bouncycastle.asn1.x509.Extension) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) ExtensionExistence(org.xipki.security.ExtensionExistence) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) GeneralName(org.bouncycastle.asn1.x509.GeneralName) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)140 GeneralName (org.bouncycastle.asn1.x509.GeneralName)124 IOException (java.io.IOException)68 X509Certificate (java.security.cert.X509Certificate)46 X500Name (org.bouncycastle.asn1.x500.X500Name)45 ContentSigner (org.bouncycastle.operator.ContentSigner)41 ArrayList (java.util.ArrayList)40 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)40 BigInteger (java.math.BigInteger)33 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)32 List (java.util.List)27 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)27 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)27 Date (java.util.Date)26 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)26 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)25 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)23 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)23 X500Principal (javax.security.auth.x500.X500Principal)22 DERIA5String (org.bouncycastle.asn1.DERIA5String)20