Search in sources :

Example 36 with GeneralName

use of de.carne.certmgr.certs.x509.GeneralName in project athenz by yahoo.

the class Crypto method extractX509CSREmail.

public static String extractX509CSREmail(PKCS10CertificationRequest certReq) {
    String rfc822 = null;
    Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
    for (Attribute attribute : attributes) {
        for (ASN1Encodable value : attribute.getAttributeValues()) {
            Extensions extensions = Extensions.getInstance(value);
            GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
            for (GeneralName name : gns.getNames()) {
                if (name.getTagNo() == GeneralName.rfc822Name) {
                    rfc822 = (((DERIA5String) name.getName()).getString());
                    break;
                }
            }
        }
    }
    return rfc822;
}
Also used : DERIA5String(org.bouncycastle.asn1.DERIA5String) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) Attribute(org.bouncycastle.asn1.pkcs.Attribute) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) GeneralName(org.bouncycastle.asn1.x509.GeneralName) Extensions(org.bouncycastle.asn1.x509.Extensions)

Example 37 with GeneralName

use of de.carne.certmgr.certs.x509.GeneralName in project athenz by yahoo.

the class Crypto method extractX509CSRDnsNames.

public static List<String> extractX509CSRDnsNames(PKCS10CertificationRequest certReq) {
    List<String> dnsNames = new ArrayList<>();
    Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
    for (Attribute attribute : attributes) {
        for (ASN1Encodable value : attribute.getAttributeValues()) {
            Extensions extensions = Extensions.getInstance(value);
            GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
            for (GeneralName name : gns.getNames()) {
                if (name.getTagNo() == GeneralName.dNSName) {
                    dnsNames.add(((DERIA5String) name.getName()).getString());
                }
            }
        }
    }
    return dnsNames;
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) Attribute(org.bouncycastle.asn1.pkcs.Attribute) ArrayList(java.util.ArrayList) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) GeneralName(org.bouncycastle.asn1.x509.GeneralName) Extensions(org.bouncycastle.asn1.x509.Extensions)

Example 38 with GeneralName

use of de.carne.certmgr.certs.x509.GeneralName in project fdroidclient by f-droid.

the class LocalRepoKeyStore method generateSelfSignedCertChain.

private Certificate generateSelfSignedCertChain(KeyPair kp, X500Name subject, String hostname) throws CertificateException, OperatorCreationException, IOException {
    SecureRandom rand = new SecureRandom();
    PrivateKey privKey = kp.getPrivate();
    PublicKey pubKey = kp.getPublic();
    ContentSigner sigGen = new JcaContentSignerBuilder(DEFAULT_SIG_ALG).build(privKey);
    SubjectPublicKeyInfo subPubKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(pubKey.getEncoded()));
    // now
    Date now = new Date();
    /* force it to use a English/Gregorian dates for the cert, hardly anyone
           ever looks at the cert metadata anyway, and its very likely that they
           understand English/Gregorian dates */
    Calendar c = new GregorianCalendar(Locale.ENGLISH);
    c.setTime(now);
    c.add(Calendar.YEAR, 1);
    Time startTime = new Time(now, Locale.ENGLISH);
    Time endTime = new Time(c.getTime(), Locale.ENGLISH);
    X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(subject, BigInteger.valueOf(rand.nextLong()), startTime, endTime, subject, subPubKeyInfo);
    if (hostname != null) {
        GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.iPAddress, hostname));
        v3CertGen.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName);
    }
    X509CertificateHolder certHolder = v3CertGen.build(sigGen);
    return new JcaX509CertificateConverter().getCertificate(certHolder);
}
Also used : PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) JcaContentSignerBuilder(org.spongycastle.operator.jcajce.JcaContentSignerBuilder) Calendar(java.util.Calendar) GregorianCalendar(java.util.GregorianCalendar) ContentSigner(org.spongycastle.operator.ContentSigner) GregorianCalendar(java.util.GregorianCalendar) SecureRandom(java.security.SecureRandom) Time(org.spongycastle.asn1.x509.Time) SubjectPublicKeyInfo(org.spongycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) GeneralNames(org.spongycastle.asn1.x509.GeneralNames) X509v3CertificateBuilder(org.spongycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.spongycastle.cert.jcajce.JcaX509CertificateConverter) X509CertificateHolder(org.spongycastle.cert.X509CertificateHolder) GeneralName(org.spongycastle.asn1.x509.GeneralName)

Example 39 with GeneralName

use of de.carne.certmgr.certs.x509.GeneralName in project dcos-commons by mesosphere.

the class CertificateNamesGenerator method getSANs.

/**
 * Returns additional Subject Alternative Names for service certificates.
 */
public GeneralNames getSANs() {
    List<GeneralName> generalNames = new ArrayList<>();
    generalNames.add(new GeneralName(GeneralName.dNSName, autoIpHostname));
    // Process VIP names, if any
    vipSpecs.stream().map(vipSpec -> new GeneralName(GeneralName.dNSName, EndpointUtils.toVipHostname(serviceName, new EndpointUtils.VipInfo(vipSpec.getVipName(), (int) vipSpec.getPort())))).forEach(vipGeneralName -> generalNames.add(vipGeneralName));
    return new GeneralNames(generalNames.toArray(new GeneralName[generalNames.size()]));
}
Also used : SchedulerConfig(com.mesosphere.sdk.scheduler.SchedulerConfig) java.util(java.util) MessageDigest(java.security.MessageDigest) TaskSpec(com.mesosphere.sdk.specification.TaskSpec) BCStyle(org.bouncycastle.asn1.x500.style.BCStyle) Collectors(java.util.stream.Collectors) StandardCharsets(java.nio.charset.StandardCharsets) Hex(org.bouncycastle.util.encoders.Hex) EndpointUtils(com.mesosphere.sdk.http.EndpointUtils) X500Name(org.bouncycastle.asn1.x500.X500Name) GeneralName(org.bouncycastle.asn1.x509.GeneralName) NamedVIPSpec(com.mesosphere.sdk.specification.NamedVIPSpec) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) PodInstance(com.mesosphere.sdk.specification.PodInstance) X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) GeneralName(org.bouncycastle.asn1.x509.GeneralName)

Example 40 with GeneralName

use of de.carne.certmgr.certs.x509.GeneralName in project keystore-explorer by kaikramer.

the class X509Ext method getSubjectInformationAccessStringValue.

private String getSubjectInformationAccessStringValue(byte[] value) throws IOException {
    // @formatter:off
    /*
		 * SubjectInfoAccessSyntax ::= ASN1Sequence SIZE (1..MAX) OF
		 * AccessDescription
		 *
		 * AccessDescription ::= ASN1Sequence { accessMethod OBJECT IDENTIFIER,
		 * accessLocation GeneralName }
		 */
    // @formatter:on
    StringBuilder sb = new StringBuilder();
    SubjectInfoAccess subjectInfoAccess = SubjectInfoAccess.getInstance(value);
    int accessDesc = 0;
    for (AccessDescription accessDescription : subjectInfoAccess.getAccessDescriptionList()) {
        accessDesc++;
        // Convert OID to access method
        ASN1ObjectIdentifier accessMethod = accessDescription.getAccessMethod();
        AccessMethodType accessMethodType = AccessMethodType.resolveOid(accessMethod.getId());
        String accessMethodStr = null;
        if (accessMethodType != null) {
            accessMethodStr = accessMethodType.friendly();
        } else // Unrecognised Access Method OID
        {
            accessMethodStr = ObjectIdUtil.toString(accessMethod);
        }
        GeneralName accessLocation = accessDescription.getAccessLocation();
        String accessLocationStr = GeneralNameUtil.toString(accessLocation);
        sb.append(MessageFormat.format(res.getString("SubjectInformationAccess"), accessDesc));
        sb.append(NEWLINE);
        sb.append(INDENT);
        sb.append(MessageFormat.format(res.getString("AccessMethod"), accessMethodStr));
        sb.append(NEWLINE);
        sb.append(INDENT);
        sb.append(res.getString("AccessLocation"));
        sb.append(NEWLINE);
        sb.append(INDENT);
        sb.append(INDENT);
        sb.append(accessLocationStr);
        sb.append(NEWLINE);
    }
    return sb.toString();
}
Also used : AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERGeneralString(org.bouncycastle.asn1.DERGeneralString) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERIA5String(org.bouncycastle.asn1.DERIA5String) GeneralName(org.bouncycastle.asn1.x509.GeneralName) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

GeneralName (org.bouncycastle.asn1.x509.GeneralName)125 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)58 IOException (java.io.IOException)50 DERIA5String (org.bouncycastle.asn1.DERIA5String)36 ArrayList (java.util.ArrayList)34 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)32 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)31 X500Name (org.bouncycastle.asn1.x500.X500Name)30 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)28 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)27 X509Certificate (java.security.cert.X509Certificate)25 DEROctetString (org.bouncycastle.asn1.DEROctetString)24 List (java.util.List)21 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)19 Date (java.util.Date)18 GeneralName (org.apache.harmony.security.x509.GeneralName)18 DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)18 DERSequence (org.bouncycastle.asn1.DERSequence)17 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)16 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)16