Example 61 with GeneralNames
use of com.github.zhenwei.core.asn1.x509.GeneralNames in project xipki by xipki.
the class XmlX509Certprofile method createRequestedSubjectAltNames.
private GeneralNames createRequestedSubjectAltNames(X500Name requestedSubject, X500Name grantedSubject, Extensions requestedExtensions) throws BadCertTemplateException {
ASN1Encodable extValue = (requestedExtensions == null) ? null : requestedExtensions.getExtensionParsedValue(Extension.subjectAlternativeName);
if (extValue == null && subjectToSubjectAltNameModes == null) {
return null;
}
GeneralNames reqNames = (extValue == null) ? null : GeneralNames.getInstance(extValue);
if (subjectAltNameModes == null && subjectToSubjectAltNameModes == null) {
return reqNames;
}
List<GeneralName> grantedNames = new LinkedList<>();
// copy the required attributes of Subject
if (subjectToSubjectAltNameModes != null) {
for (ASN1ObjectIdentifier attrType : subjectToSubjectAltNameModes.keySet()) {
GeneralNameTag tag = subjectToSubjectAltNameModes.get(attrType);
RDN[] rdns = grantedSubject.getRDNs(attrType);
if (rdns == null) {
rdns = requestedSubject.getRDNs(attrType);
}
if (rdns == null) {
continue;
}
for (RDN rdn : rdns) {
String rdnValue = X509Util.rdnValueToString(rdn.getFirst().getValue());
switch(tag) {
case rfc822Name:
case dNSName:
case uniformResourceIdentifier:
case iPAddress:
case directoryName:
case registeredID:
grantedNames.add(new GeneralName(tag.getTag(), rdnValue));
break;
default:
throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
}
// end switch (tag)
}
}
}
// copy the requested SubjectAltName entries
if (reqNames != null) {
GeneralName[] reqL = reqNames.getNames();
for (int i = 0; i < reqL.length; i++) {
grantedNames.add(X509CertprofileUtil.createGeneralName(reqL[i], subjectAltNameModes));
}
}
return grantedNames.isEmpty() ? null : new GeneralNames(grantedNames.toArray(new GeneralName[0]));
}
Also used :
GeneralNameTag(org.xipki.ca.api.profile.GeneralNameTag)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
LinkedList(java.util.LinkedList)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
RDN(org.bouncycastle.asn1.x500.RDN)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 62 with GeneralNames
use of com.github.zhenwei.core.asn1.x509.GeneralNames in project apiRecord by tobecoder2015.
the class CertUtil method genCert.
/**
* 动态生成服务器证书,并进行CA签授
*
* @param issuer 颁发机构
* @param serverPubKey
* @param caPriKey
* @param caPubKey
* @param host
* @return
* @throws Exception
*/
public static X509Certificate genCert(String issuer, PublicKey serverPubKey, PrivateKey caPriKey, PublicKey caPubKey, String host) throws Exception {
X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
/* String issuer = "C=CN, ST=GD, L=SZ, O=lee, OU=study, CN=ProxyeeRoot";
String subject = "C=CN, ST=GD, L=SZ, O=lee, OU=study, CN=" + host;*/
// 根据CA证书subject来动态生成目标服务器证书的issuer和subject
String subject = Arrays.stream(issuer.split(", ")).map((dn) -> {
String[] temp = dn.split("=");
if (temp[0].equalsIgnoreCase("CN")) {
return temp[0] + "=" + host;
}
return dn;
}).collect(Collectors.joining(", "));
v3CertGen.reset();
v3CertGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
v3CertGen.setIssuerDN(new X509Principal(issuer));
v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 10 * ONE_DAY));
v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + 3650 * ONE_DAY));
v3CertGen.setSubjectDN(new X509Principal(subject));
v3CertGen.setPublicKey(serverPubKey);
// SHA256 Chrome需要此哈希算法否则会出现不安全提示
v3CertGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
// SAN扩展 Chrome需要此扩展否则会出现不安全提示
GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.dNSName, host));
v3CertGen.addExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
X509Certificate cert = v3CertGen.generateX509Certificate(caPriKey);
cert.checkValidity(new Date());
cert.verify(caPubKey);
return cert;
}
Also used :
X509Certificate(java.security.cert.X509Certificate)
IntStream(java.util.stream.IntStream)
java.security(java.security)
X509Principal(org.bouncycastle.jce.X509Principal)
Arrays(java.util.Arrays)
EncodedKeySpec(java.security.spec.EncodedKeySpec)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
CertificateFactory(java.security.cert.CertificateFactory)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator)
Files(java.nio.file.Files)
Date(java.util.Date)
X509Extensions(org.bouncycastle.asn1.x509.X509Extensions)
FileInputStream(java.io.FileInputStream)
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
Collectors(java.util.stream.Collectors)
TimeUnit(java.util.concurrent.TimeUnit)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
List(java.util.List)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
Paths(java.nio.file.Paths)
BigInteger(java.math.BigInteger)
URI(java.net.URI)
InputStream(java.io.InputStream)
X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
X509Principal(org.bouncycastle.jce.X509Principal)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
Example 63 with GeneralNames
use of com.github.zhenwei.core.asn1.x509.GeneralNames in project certmgr by hdecarne.
the class ASN1DataTest method testGeneralNames.
/**
* Test encoding & decoding of {@link GeneralNames} object.
*/
@Test
public void testGeneralNames() {
try {
GeneralNames in = new GeneralNames();
DirectoryName inNameA = new DirectoryName(new X500Principal("CN=localhost"));
GenericName inNameB = new GenericName(GeneralNameType.X400_ADDRESS, new DEROctetString("test".getBytes()).getEncoded());
IPAddressName inNameC = new IPAddressName(InetAddress.getByName("127.0.0.1"), null);
IPAddressName inNameD = new IPAddressName(InetAddress.getByName("127.0.0.1"), InetAddress.getByName("255.255.255.255"));
IPAddressName inNameE = new IPAddressName(InetAddress.getByName("::1"), null);
IPAddressName inNameF = new IPAddressName(InetAddress.getByName("::1"), InetAddress.getByName("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"));
OtherName inNameG = new OtherName("1.2.3.4", new DEROctetString("test".getBytes()).getEncoded());
RegisteredIDName inNameH = new RegisteredIDName("1.2.3.4");
StringName inNameI = new StringName(GeneralNameType.UNIFORM_RESOURCE_IDENTIFIER, "https://localhost/test.crl");
in.addName(inNameA);
in.addName(inNameB);
in.addName(inNameC);
in.addName(inNameD);
in.addName(inNameE);
in.addName(inNameF);
in.addName(inNameG);
in.addName(inNameH);
in.addName(inNameI);
byte[] inEncoded = in.getEncoded();
GeneralNames out = GeneralNames.decode(decodeBytes(inEncoded));
byte[] outEncoded = out.getEncoded();
Assert.assertArrayEquals(inEncoded, outEncoded);
} catch (IOException e) {
e.printStackTrace();
Assert.fail(e.getLocalizedMessage());
}
}
Also used :
GenericName(de.carne.certmgr.certs.x509.GenericName)
GeneralNames(de.carne.certmgr.certs.x509.GeneralNames)
IPAddressName(de.carne.certmgr.certs.x509.IPAddressName)
RegisteredIDName(de.carne.certmgr.certs.x509.RegisteredIDName)
StringName(de.carne.certmgr.certs.x509.StringName)
OtherName(de.carne.certmgr.certs.x509.OtherName)
X500Principal(javax.security.auth.x500.X500Principal)
IOException(java.io.IOException)
DirectoryName(de.carne.certmgr.certs.x509.DirectoryName)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Test(org.junit.Test)
Example 64 with GeneralNames
use of com.github.zhenwei.core.asn1.x509.GeneralNames in project certmgr by hdecarne.
the class CRLDistributionPointsController method init.
/**
* Initialize the dialog with existing extension data.
*
* @param data The extension data to use.
* @param expertMode Whether to run in expert mode ({@code true}) or not ({@code false}).
* @return This controller.
*/
public CRLDistributionPointsController init(CRLDistributionPointsExtensionData data, boolean expertMode) {
init(expertMode);
this.ctlCritical.setSelected(data.getCritical());
ObservableList<GeneralName> nameItems = this.ctlNames.getItems();
for (DistributionPoint distributionPoint : data) {
DistributionPointName distributionPointName = distributionPoint.getName();
if (distributionPointName != null) {
GeneralNames names = distributionPointName.getFullName();
if (names != null) {
for (GeneralName name : names) {
nameItems.add(name);
}
}
break;
}
}
return this;
}
Also used :
GeneralNames(de.carne.certmgr.certs.x509.GeneralNames)
DistributionPointName(de.carne.certmgr.certs.x509.DistributionPointName)
GeneralName(de.carne.certmgr.certs.x509.GeneralName)
DistributionPoint(de.carne.certmgr.certs.x509.DistributionPoint)
Example 65 with GeneralNames
use of com.github.zhenwei.core.asn1.x509.GeneralNames in project certmgr by hdecarne.
the class CRLDistributionPointsController method validateAndGetDistributionPoint.
private DistributionPoint validateAndGetDistributionPoint() throws ValidationException {
GeneralNames names = new GeneralNames();
int nameCount = 0;
for (GeneralName name : this.ctlNames.getItems()) {
names.addName(name);
nameCount++;
}
InputValidator.isTrue(nameCount > 0, CRLDistributionPointsI18N::strMessageNoNames);
return new DistributionPoint(new DistributionPointName(names));
}
Also used :
GeneralNames(de.carne.certmgr.certs.x509.GeneralNames)
DistributionPointName(de.carne.certmgr.certs.x509.DistributionPointName)
GeneralName(de.carne.certmgr.certs.x509.GeneralName)
DistributionPoint(de.carne.certmgr.certs.x509.DistributionPoint)
DistributionPoint(de.carne.certmgr.certs.x509.DistributionPoint)
Aggregations
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)140
GeneralName (org.bouncycastle.asn1.x509.GeneralName)124
IOException (java.io.IOException)68
X509Certificate (java.security.cert.X509Certificate)46
X500Name (org.bouncycastle.asn1.x500.X500Name)45
ContentSigner (org.bouncycastle.operator.ContentSigner)41
ArrayList (java.util.ArrayList)40
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)40
BigInteger (java.math.BigInteger)33
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)32
List (java.util.List)27
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)27
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)27
Date (java.util.Date)26
JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)26
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)25
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)23
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)23
X500Principal (javax.security.auth.x500.X500Principal)22
DERIA5String (org.bouncycastle.asn1.DERIA5String)20
