use of com.github.zhenwei.core.asn1.x509.GeneralNames in project athenz by AthenZ.
the class Crypto method extractX509CSRIPAddresses.
public static List<String> extractX509CSRIPAddresses(PKCS10CertificationRequest certReq) {
List<String> ipAddresses = new ArrayList<>();
Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
for (Attribute attribute : attributes) {
for (ASN1Encodable value : attribute.getAttributeValues()) {
Extensions extensions = Extensions.getInstance(value);
GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
if (gns == null) {
continue;
}
for (GeneralName name : gns.getNames()) {
if (name.getTagNo() == GeneralName.iPAddress) {
try {
InetAddress addr = InetAddress.getByAddress(((DEROctetString) name.getName()).getOctets());
ipAddresses.add(addr.getHostAddress());
} catch (UnknownHostException ignored) {
}
}
}
}
}
return ipAddresses;
}
use of com.github.zhenwei.core.asn1.x509.GeneralNames in project athenz by AthenZ.
the class Crypto method generateX509Certificate.
public static X509Certificate generateX509Certificate(PKCS10CertificationRequest certReq, PrivateKey caPrivateKey, X500Name issuer, int validityTimeout, boolean basicConstraints) {
// set validity for the given number of minutes from now
Date notBefore = new Date();
Calendar cal = Calendar.getInstance();
cal.setTime(notBefore);
cal.add(Calendar.MINUTE, validityTimeout);
Date notAfter = cal.getTime();
// Generate self-signed certificate
X509Certificate cert;
try {
JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest = new JcaPKCS10CertificationRequest(certReq);
PublicKey publicKey = jcaPKCS10CertificationRequest.getPublicKey();
X509v3CertificateBuilder caBuilder = new JcaX509v3CertificateBuilder(issuer, BigInteger.valueOf(System.currentTimeMillis()), notBefore, notAfter, certReq.getSubject(), publicKey).addExtension(Extension.basicConstraints, false, new BasicConstraints(basicConstraints)).addExtension(Extension.keyUsage, true, new X509KeyUsage(X509KeyUsage.digitalSignature | X509KeyUsage.keyEncipherment)).addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(new KeyPurposeId[] { KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth }));
// see if we have the dns/rfc822/ip address extensions specified in the csr
ArrayList<GeneralName> altNames = new ArrayList<>();
Attribute[] certAttributes = jcaPKCS10CertificationRequest.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
if (certAttributes != null && certAttributes.length > 0) {
for (Attribute attribute : certAttributes) {
Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0));
GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
if (gns == null) {
continue;
}
GeneralName[] names = gns.getNames();
for (GeneralName name : names) {
switch(name.getTagNo()) {
case GeneralName.dNSName:
case GeneralName.iPAddress:
case GeneralName.rfc822Name:
case GeneralName.uniformResourceIdentifier:
altNames.add(name);
break;
}
}
}
if (!altNames.isEmpty()) {
caBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(altNames.toArray(new GeneralName[0])));
}
}
String signatureAlgorithm = getSignatureAlgorithm(caPrivateKey.getAlgorithm(), SHA256);
ContentSigner caSigner = new JcaContentSignerBuilder(signatureAlgorithm).setProvider(BC_PROVIDER).build(caPrivateKey);
JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(BC_PROVIDER);
cert = converter.getCertificate(caBuilder.build(caSigner));
} catch (CertificateException ex) {
LOG.error("generateX509Certificate: Caught CertificateException when generating certificate: " + ex.getMessage());
throw new CryptoException(ex);
} catch (OperatorCreationException ex) {
LOG.error("generateX509Certificate: Caught OperatorCreationException when creating JcaContentSignerBuilder: " + ex.getMessage());
throw new CryptoException(ex);
} catch (InvalidKeyException ex) {
LOG.error("generateX509Certificate: Caught InvalidKeySpecException, invalid key spec is being used: " + ex.getMessage());
throw new CryptoException(ex);
} catch (NoSuchAlgorithmException ex) {
LOG.error("generateX509Certificate: Caught NoSuchAlgorithmException, check to make sure the algorithm is supported by the provider: " + ex.getMessage());
throw new CryptoException(ex);
} catch (Exception ex) {
LOG.error("generateX509Certificate: unable to generate X509 Certificate: {}", ex.getMessage());
throw new CryptoException("Unable to generate X509 Certificate");
}
return cert;
}
use of com.github.zhenwei.core.asn1.x509.GeneralNames in project athenz by AthenZ.
the class Crypto method extractX509CSRSANField.
private static List<String> extractX509CSRSANField(PKCS10CertificationRequest certReq, int tagNo) {
List<String> values = new ArrayList<>();
Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
for (Attribute attribute : attributes) {
for (ASN1Encodable value : attribute.getAttributeValues()) {
Extensions extensions = Extensions.getInstance(value);
GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
if (gns == null) {
continue;
}
for (GeneralName name : gns.getNames()) {
if (name.getTagNo() == tagNo) {
values.add(((DERIA5String) name.getName()).getString());
}
}
}
}
return values;
}
use of com.github.zhenwei.core.asn1.x509.GeneralNames in project jans by JanssenProject.
the class CRLCertificateVerifier method getCrlUri.
public String getCrlUri(X509Certificate certificate) throws IOException {
ASN1Primitive obj;
try {
obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId());
} catch (IOException ex) {
log.error("Failed to get CRL URL", ex);
return null;
}
if (obj == null) {
return null;
}
CRLDistPoint distPoint = CRLDistPoint.getInstance(obj);
DistributionPoint[] distributionPoints = distPoint.getDistributionPoints();
for (DistributionPoint distributionPoint : distributionPoints) {
DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
if (DistributionPointName.FULL_NAME != distributionPointName.getType()) {
continue;
}
GeneralNames generalNames = (GeneralNames) distributionPointName.getName();
GeneralName[] names = generalNames.getNames();
for (GeneralName name : names) {
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
continue;
}
DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
return derStr.getString();
}
}
return null;
}
use of com.github.zhenwei.core.asn1.x509.GeneralNames in project LinLong-Java by zhenwei1108.
the class IssuerSerial method toASN1Primitive.
/**
* Produce an object suitable for an ASN1OutputStream.
* <pre>
* IssuerSerial ::= SEQUENCE {
* issuer GeneralNames,
* serial CertificateSerialNumber,
* issuerUID UniqueIdentifier OPTIONAL
* }
* </pre>
*/
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector(3);
v.add(issuer);
v.add(serial);
if (issuerUID != null) {
v.add(issuerUID);
}
return new DERSequence(v);
}
Aggregations