Example 96 with GeneralNames
use of com.github.zhenwei.core.asn1.x509.GeneralNames in project LinLong-Java by zhenwei1108.
the class PKIXCertPathReviewer method getCRLDistUrls.
protected Vector getCRLDistUrls(CRLDistPoint crlDistPoints) {
Vector urls = new Vector();
if (crlDistPoints != null) {
DistributionPoint[] distPoints = crlDistPoints.getDistributionPoints();
for (int i = 0; i < distPoints.length; i++) {
DistributionPointName dp_name = distPoints[i].getDistributionPoint();
if (dp_name.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] generalNames = GeneralNames.getInstance(dp_name.getName()).getNames();
for (int j = 0; j < generalNames.length; j++) {
if (generalNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) {
String url = ((ASN1IA5String) generalNames[j].getName()).getString();
urls.add(url);
}
}
}
}
}
return urls;
}
Also used :
ASN1IA5String(com.github.zhenwei.core.asn1.ASN1IA5String)
DistributionPointName(com.github.zhenwei.core.asn1.x509.DistributionPointName)
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName)
ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString)
DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)
LocaleString(com.github.zhenwei.core.i18n.LocaleString)
ASN1IA5String(com.github.zhenwei.core.asn1.ASN1IA5String)
Vector(java.util.Vector)
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
Example 97 with GeneralNames
use of com.github.zhenwei.core.asn1.x509.GeneralNames in project LinLong-Java by zhenwei1108.
the class PKIXCertPathReviewer method checkSignatures.
/*
* checks: - signatures - name chaining - validity of certificates - todo:
* if certificate revoked (if specified in the parameters)
*/
private void checkSignatures() {
// 1.6.1 - Inputs
// d)
TrustAnchor trust = null;
X500Principal trustPrincipal = null;
// validation date
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.certPathValidDate", new Object[] { new TrustedInput(validDate), new TrustedInput(currentDate) });
addNotification(msg);
}
// find trust anchors
try {
X509Certificate cert = (X509Certificate) certs.get(certs.size() - 1);
Collection trustColl = getTrustAnchors(cert, pkixParams.getTrustAnchors());
if (trustColl.size() > 1) {
// conflicting trust anchors
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.conflictingTrustAnchors", new Object[] { Integers.valueOf(trustColl.size()), new UntrustedInput(cert.getIssuerX500Principal()) });
addError(msg);
} else if (trustColl.isEmpty()) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.noTrustAnchorFound", new Object[] { new UntrustedInput(cert.getIssuerX500Principal()), Integers.valueOf(pkixParams.getTrustAnchors().size()) });
addError(msg);
} else {
PublicKey trustPublicKey;
trust = (TrustAnchor) trustColl.iterator().next();
if (trust.getTrustedCert() != null) {
trustPublicKey = trust.getTrustedCert().getPublicKey();
} else {
trustPublicKey = trust.getCAPublicKey();
}
try {
CertPathValidatorUtilities.verifyX509Certificate(cert, trustPublicKey, pkixParams.getSigProvider());
} catch (SignatureException e) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.trustButInvalidCert");
addError(msg);
} catch (Exception e) {
// do nothing, error occurs again later
}
}
} catch (CertPathReviewerException cpre) {
addError(cpre.getErrorMessage());
} catch (Throwable t) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.unknown", new Object[] { new UntrustedInput(t.getMessage()), new UntrustedInput(t) });
addError(msg);
}
if (trust != null) {
// get the name of the trustAnchor
X509Certificate sign = trust.getTrustedCert();
try {
if (sign != null) {
trustPrincipal = getSubjectPrincipal(sign);
} else {
trustPrincipal = new X500Principal(trust.getCAName());
}
} catch (IllegalArgumentException ex) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.trustDNInvalid", new Object[] { new UntrustedInput(trust.getCAName()) });
addError(msg);
}
// test key usages of the trust anchor
if (sign != null) {
boolean[] ku = sign.getKeyUsage();
if (ku != null && (ku.length <= 5 || !ku[5])) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.trustKeyUsage");
addNotification(msg);
}
}
}
// 1.6.2 - Initialization
PublicKey workingPublicKey = null;
X500Principal workingIssuerName = trustPrincipal;
X509Certificate sign = null;
AlgorithmIdentifier workingAlgId = null;
ASN1ObjectIdentifier workingPublicKeyAlgorithm = null;
ASN1Encodable workingPublicKeyParameters = null;
if (trust != null) {
sign = trust.getTrustedCert();
if (sign != null) {
workingPublicKey = sign.getPublicKey();
} else {
workingPublicKey = trust.getCAPublicKey();
}
try {
workingAlgId = getAlgorithmIdentifier(workingPublicKey);
workingPublicKeyAlgorithm = workingAlgId.getAlgorithm();
workingPublicKeyParameters = workingAlgId.getParameters();
} catch (CertPathValidatorException ex) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.trustPubKeyError");
addError(msg);
workingAlgId = null;
}
}
// Basic cert checks
X509Certificate cert = null;
int i;
for (int index = certs.size() - 1; index >= 0; index--) {
//
// i as defined in the algorithm description
//
i = n - index;
//
// set certificate to be checked in this round
// sign and workingPublicKey and workingIssuerName are set
// at the end of the for loop and initialied the
// first time from the TrustAnchor
//
cert = (X509Certificate) certs.get(index);
// verify signature
if (workingPublicKey != null) {
try {
CertPathValidatorUtilities.verifyX509Certificate(cert, workingPublicKey, pkixParams.getSigProvider());
} catch (GeneralSecurityException ex) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.signatureNotVerified", new Object[] { ex.getMessage(), ex, ex.getClass().getName() });
addError(msg, index);
}
} else if (isSelfIssued(cert)) {
try {
CertPathValidatorUtilities.verifyX509Certificate(cert, cert.getPublicKey(), pkixParams.getSigProvider());
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.rootKeyIsValidButNotATrustAnchor");
addError(msg, index);
} catch (GeneralSecurityException ex) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.signatureNotVerified", new Object[] { ex.getMessage(), ex, ex.getClass().getName() });
addError(msg, index);
}
} else {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.NoIssuerPublicKey");
// if there is an authority key extension add the serial and issuer of the missing certificate
byte[] akiBytes = cert.getExtensionValue(Extension.authorityKeyIdentifier.getId());
if (akiBytes != null) {
AuthorityKeyIdentifier aki = AuthorityKeyIdentifier.getInstance(DEROctetString.getInstance(akiBytes).getOctets());
GeneralNames issuerNames = aki.getAuthorityCertIssuer();
if (issuerNames != null) {
GeneralName name = issuerNames.getNames()[0];
BigInteger serial = aki.getAuthorityCertSerialNumber();
if (serial != null) {
Object[] extraArgs = { new LocaleString(RESOURCE_NAME, "missingIssuer"), " \"", name, "\" ", new LocaleString(RESOURCE_NAME, "missingSerial"), " ", serial };
msg.setExtraArguments(extraArgs);
}
}
}
addError(msg, index);
}
// certificate valid?
try {
cert.checkValidity(validDate);
} catch (CertificateNotYetValidException cnve) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.certificateNotYetValid", new Object[] { new TrustedInput(cert.getNotBefore()) });
addError(msg, index);
} catch (CertificateExpiredException cee) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.certificateExpired", new Object[] { new TrustedInput(cert.getNotAfter()) });
addError(msg, index);
}
// certificate revoked?
if (pkixParams.isRevocationEnabled()) {
// read crl distribution points extension
CRLDistPoint crlDistPoints = null;
try {
ASN1Primitive crl_dp = getExtensionValue(cert, CRL_DIST_POINTS);
if (crl_dp != null) {
crlDistPoints = CRLDistPoint.getInstance(crl_dp);
}
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlDistPtExtError");
addError(msg, index);
}
// read authority information access extension
AuthorityInformationAccess authInfoAcc = null;
try {
ASN1Primitive auth_info_acc = getExtensionValue(cert, AUTH_INFO_ACCESS);
if (auth_info_acc != null) {
authInfoAcc = AuthorityInformationAccess.getInstance(auth_info_acc);
}
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlAuthInfoAccError");
addError(msg, index);
}
Vector crlDistPointUrls = getCRLDistUrls(crlDistPoints);
Vector ocspUrls = getOCSPUrls(authInfoAcc);
// add notifications with the crl distribution points
// output crl distribution points
Iterator urlIt = crlDistPointUrls.iterator();
while (urlIt.hasNext()) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlDistPoint", new Object[] { new UntrustedUrlInput(urlIt.next()) });
addNotification(msg, index);
}
// output ocsp urls
urlIt = ocspUrls.iterator();
while (urlIt.hasNext()) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.ocspLocation", new Object[] { new UntrustedUrlInput(urlIt.next()) });
addNotification(msg, index);
}
// check CRLs
try {
checkRevocation(pkixParams, cert, validDate, sign, workingPublicKey, crlDistPointUrls, ocspUrls, index);
} catch (CertPathReviewerException cpre) {
addError(cpre.getErrorMessage(), index);
}
}
// certificate issuer correct
if (workingIssuerName != null && !cert.getIssuerX500Principal().equals(workingIssuerName)) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.certWrongIssuer", new Object[] { workingIssuerName.getName(), cert.getIssuerX500Principal().getName() });
addError(msg, index);
}
//
if (i != n) {
if (cert != null && cert.getVersion() == 1) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.noCACert");
addError(msg, index);
}
// k)
BasicConstraints bc;
try {
bc = BasicConstraints.getInstance(getExtensionValue(cert, BASIC_CONSTRAINTS));
if (bc != null) {
if (!bc.isCA()) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.noCACert");
addError(msg, index);
}
} else {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.noBasicConstraints");
addError(msg, index);
}
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.errorProcesingBC");
addError(msg, index);
}
// n)
boolean[] keyUsage = cert.getKeyUsage();
if (keyUsage != null && (keyUsage.length <= KEY_CERT_SIGN || !keyUsage[KEY_CERT_SIGN])) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.noCertSign");
addError(msg, index);
}
}
// if
// set signing certificate for next round
sign = cert;
// c)
workingIssuerName = cert.getSubjectX500Principal();
try {
workingPublicKey = getNextWorkingKey(certs, index);
workingAlgId = getAlgorithmIdentifier(workingPublicKey);
workingPublicKeyAlgorithm = workingAlgId.getAlgorithm();
workingPublicKeyParameters = workingAlgId.getParameters();
} catch (CertPathValidatorException ex) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.pubKeyError");
addError(msg, index);
workingAlgId = null;
workingPublicKeyAlgorithm = null;
workingPublicKeyParameters = null;
}
}
// for
trustAnchor = trust;
subjectPublicKey = workingPublicKey;
}
Also used :
AuthorityInformationAccess(com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
AuthorityKeyIdentifier(com.github.zhenwei.core.asn1.x509.AuthorityKeyIdentifier)
SignatureException(java.security.SignatureException)
UntrustedUrlInput(com.github.zhenwei.core.i18n.filter.UntrustedUrlInput)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
TrustedInput(com.github.zhenwei.core.i18n.filter.TrustedInput)
Iterator(java.util.Iterator)
ASN1Encodable(com.github.zhenwei.core.asn1.ASN1Encodable)
UntrustedInput(com.github.zhenwei.core.i18n.filter.UntrustedInput)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
Vector(java.util.Vector)
AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)
LocaleString(com.github.zhenwei.core.i18n.LocaleString)
PublicKey(java.security.PublicKey)
GeneralSecurityException(java.security.GeneralSecurityException)
TrustAnchor(java.security.cert.TrustAnchor)
X509Certificate(java.security.cert.X509Certificate)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)
SignatureException(java.security.SignatureException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
PKIXNameConstraintValidatorException(com.github.zhenwei.provider.jce.provider.PKIXNameConstraintValidatorException)
IOException(java.io.IOException)
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ErrorBundle(com.github.zhenwei.core.i18n.ErrorBundle)
GeneralNames(com.github.zhenwei.core.asn1.x509.GeneralNames)
X500Principal(javax.security.auth.x500.X500Principal)
Collection(java.util.Collection)
BigInteger(java.math.BigInteger)
ASN1TaggedObject(com.github.zhenwei.core.asn1.ASN1TaggedObject)
GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName)
ASN1Primitive(com.github.zhenwei.core.asn1.ASN1Primitive)
BasicConstraints(com.github.zhenwei.core.asn1.x509.BasicConstraints)
ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)
Example 98 with GeneralNames
use of com.github.zhenwei.core.asn1.x509.GeneralNames in project LinLong-Java by zhenwei1108.
the class AuthorityKeyIdentifierStructure method fromCertificate.
private static ASN1Sequence fromCertificate(X509Certificate certificate) throws CertificateParsingException {
try {
if (certificate.getVersion() != 3) {
GeneralName genName = new GeneralName(PrincipalUtil.getIssuerX509Principal(certificate));
SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(certificate.getPublicKey().getEncoded());
return (ASN1Sequence) new AuthorityKeyIdentifier(info, new GeneralNames(genName), certificate.getSerialNumber()).toASN1Primitive();
} else {
GeneralName genName = new GeneralName(PrincipalUtil.getIssuerX509Principal(certificate));
byte[] ext = certificate.getExtensionValue(Extension.subjectKeyIdentifier.getId());
if (ext != null) {
ASN1OctetString str = (ASN1OctetString) X509ExtensionUtil.fromExtensionValue(ext);
return (ASN1Sequence) new AuthorityKeyIdentifier(str.getOctets(), new GeneralNames(genName), certificate.getSerialNumber()).toASN1Primitive();
} else {
SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(certificate.getPublicKey().getEncoded());
return (ASN1Sequence) new AuthorityKeyIdentifier(info, new GeneralNames(genName), certificate.getSerialNumber()).toASN1Primitive();
}
}
} catch (Exception e) {
throw new CertificateParsingException("Exception extracting certificate details: " + e.toString());
}
}
Also used :
ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString)
ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence)
CertificateParsingException(java.security.cert.CertificateParsingException)
GeneralNames(com.github.zhenwei.core.asn1.x509.GeneralNames)
AuthorityKeyIdentifier(com.github.zhenwei.core.asn1.x509.AuthorityKeyIdentifier)
GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName)
SubjectPublicKeyInfo(com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo)
CertificateParsingException(java.security.cert.CertificateParsingException)
IOException(java.io.IOException)
InvalidKeyException(java.security.InvalidKeyException)
Example 99 with GeneralNames
use of com.github.zhenwei.core.asn1.x509.GeneralNames in project cloudbreak by hortonworks.
the class PkiUtil method addSubjectAlternativeNames.
private static PKCS10CertificationRequestBuilder addSubjectAlternativeNames(PKCS10CertificationRequestBuilder p10Builder, List<String> sanList) throws IOException {
GeneralName[] generalNames = sanList.stream().map(address -> new GeneralName(GeneralName.dNSName, address)).toArray(GeneralName[]::new);
GeneralNames subjectAltNames = new GeneralNames(generalNames);
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
return p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
}
Also used :
X509Certificate(java.security.cert.X509Certificate)
KeyPair(java.security.KeyPair)
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
CertificateFactory(java.security.cert.CertificateFactory)
Signer(org.bouncycastle.crypto.Signer)
Extension(org.bouncycastle.asn1.x509.Extension)
Date(java.util.Date)
LoggerFactory(org.slf4j.LoggerFactory)
Security(java.security.Security)
Base64(org.apache.commons.codec.binary.Base64)
SecureRandom(java.security.SecureRandom)
KeySpec(java.security.spec.KeySpec)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DataOutputStream(java.io.DataOutputStream)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
Map(java.util.Map)
PrivateKeyFactory(org.bouncycastle.crypto.util.PrivateKeyFactory)
PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)
BigInteger(java.math.BigInteger)
KeyPairGenerator(java.security.KeyPairGenerator)
PEMParser(org.bouncycastle.openssl.PEMParser)
Reader(java.io.Reader)
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
KeyFactory(java.security.KeyFactory)
List(java.util.List)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
PrivateKey(java.security.PrivateKey)
CollectionUtils(org.springframework.util.CollectionUtils)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
RSAEngine(org.bouncycastle.crypto.engines.RSAEngine)
JcaPEMWriter(org.bouncycastle.openssl.jcajce.JcaPEMWriter)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)
X500Principal(javax.security.auth.x500.X500Principal)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
PKCSObjectIdentifiers(org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers)
ContentSigner(org.bouncycastle.operator.ContentSigner)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
CryptoException(org.bouncycastle.crypto.CryptoException)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter)
SHA256Digest(org.bouncycastle.crypto.digests.SHA256Digest)
LinkedHashMap(java.util.LinkedHashMap)
Calendar(java.util.Calendar)
RSAKeyParameters(org.bouncycastle.crypto.params.RSAKeyParameters)
OutputStreamWriter(java.io.OutputStreamWriter)
ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)
Logger(org.slf4j.Logger)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
PSSSigner(org.bouncycastle.crypto.signers.PSSSigner)
BaseEncoding(com.google.common.io.BaseEncoding)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
IOException(java.io.IOException)
PublicKey(java.security.PublicKey)
BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
RSAPrivateKeySpec(java.security.spec.RSAPrivateKeySpec)
StringReader(java.io.StringReader)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair)
BufferedReader(java.io.BufferedReader)
Collections(java.util.Collections)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)
Example 100 with GeneralNames
use of com.github.zhenwei.core.asn1.x509.GeneralNames in project ozone by apache.
the class TestDefaultProfile method getSANExtension.
/**
* Generate an Extension with rfc822Name.
* @param extensionCode - Extension Code.
* @param value - email to be added to the certificate
* @param critical - boolean value that marks the extension as critical.
* @return - An Extension list with email address.
* @throws IOException
*/
private Extensions getSANExtension(int extensionCode, String value, boolean critical) throws IOException {
GeneralName extn = new GeneralName(extensionCode, value);
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(Extension.subjectAlternativeName, critical, new GeneralNames(extn));
return extensionsGenerator.generate();
}
Also used :
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)
Aggregations
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)140
GeneralName (org.bouncycastle.asn1.x509.GeneralName)124
IOException (java.io.IOException)68
X509Certificate (java.security.cert.X509Certificate)46
X500Name (org.bouncycastle.asn1.x500.X500Name)45
ContentSigner (org.bouncycastle.operator.ContentSigner)41
ArrayList (java.util.ArrayList)40
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)40
BigInteger (java.math.BigInteger)33
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)32
List (java.util.List)27
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)27
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)27
Date (java.util.Date)26
JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)26
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)25
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)23
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)23
X500Principal (javax.security.auth.x500.X500Principal)22
DERIA5String (org.bouncycastle.asn1.DERIA5String)20
