Example 86 with GeneralNames
use of de.carne.certmgr.certs.x509.GeneralNames in project vespa by vespa-engine.
the class Pkcs10CsrBuilder method build.
public Pkcs10Csr build() {
try {
PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic());
ExtensionsGenerator extGen = new ExtensionsGenerator();
if (basicConstraintsExtension != null) {
extGen.addExtension(Extension.basicConstraints, basicConstraintsExtension.isCritical, new BasicConstraints(basicConstraintsExtension.isCertAuthorityCertificate));
}
if (!subjectAlternativeNames.isEmpty()) {
GeneralNames generalNames = new GeneralNames(subjectAlternativeNames.stream().map(san -> new GeneralName(GeneralName.dNSName, san)).toArray(GeneralName[]::new));
extGen.addExtension(Extension.subjectAlternativeName, false, generalNames);
}
requestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm.getAlgorithmName()).setProvider(BouncyCastleProviderHolder.getInstance()).build(keyPair.getPrivate());
return new Pkcs10Csr(requestBuilder.build(contentSigner));
} catch (OperatorCreationException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new UncheckedIOException(e);
}
}
Also used :
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)
UncheckedIOException(java.io.UncheckedIOException)
IOException(java.io.IOException)
UncheckedIOException(java.io.UncheckedIOException)
ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Example 87 with GeneralNames
use of de.carne.certmgr.certs.x509.GeneralNames in project signer by demoiselle.
the class SigningCertificateV2 method getValue.
@Override
public Attribute getValue() throws SignerException {
try {
X509Certificate cert = (X509Certificate) certificates[0];
X509Certificate issuerCert = (X509Certificate) certificates[1];
Digest digest = DigestFactory.getInstance().factoryDefault();
digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
byte[] certHash = digest.digest(cert.getEncoded());
X500Name dirName = new X500Name(issuerCert.getSubjectX500Principal().getName());
GeneralName name = new GeneralName(dirName);
GeneralNames issuer = new GeneralNames(name);
ASN1Integer serialNumber = new ASN1Integer(cert.getSerialNumber());
IssuerSerial issuerSerial = new IssuerSerial(issuer, serialNumber);
// SHA-256
AlgorithmIdentifier algId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256);
ESSCertIDv2 essCertIDv2 = new ESSCertIDv2(algId, certHash, issuerSerial);
// return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(essCertIDv2)));
return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(new ASN1Encodable[] { new DERSequence(essCertIDv2) })));
} catch (CertificateEncodingException ex) {
throw new SignerException(ex.getMessage());
}
}
Also used :
IssuerSerial(org.bouncycastle.asn1.x509.IssuerSerial)
Digest(org.demoiselle.signer.cryptography.Digest)
SignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.SignedAttribute)
Attribute(org.bouncycastle.asn1.cms.Attribute)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
DERSet(org.bouncycastle.asn1.DERSet)
X509Certificate(java.security.cert.X509Certificate)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DERSequence(org.bouncycastle.asn1.DERSequence)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
ESSCertIDv2(org.bouncycastle.asn1.ess.ESSCertIDv2)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 88 with GeneralNames
use of de.carne.certmgr.certs.x509.GeneralNames in project keystore-explorer by kaikramer.
the class X509Ext method getAuthorityKeyIdentifierStringValue.
private String getAuthorityKeyIdentifierStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* AuthorityKeyIdentifier ::= ASN1Sequence { keyIdentifier [0]
* KeyIdentifier OPTIONAL, authorityCertIssuer [1] GeneralNames
* OPTIONAL, authorityCertSerialNumber [2] CertificateSerialNumber
* OPTIONAL }
*
* KeyIdentifier ::= OCTET STRING
*
* GeneralNames ::= ASN1Sequence SIZE (1..MAX) OF GeneralName
*
* CertificateSerialNumber ::= ASN1Integer
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(value);
byte[] keyIdentifier = authorityKeyIdentifier.getKeyIdentifier();
GeneralNames authorityCertIssuer = authorityKeyIdentifier.getAuthorityCertIssuer();
BigInteger certificateSerialNumber = authorityKeyIdentifier.getAuthorityCertSerialNumber();
if (keyIdentifier != null) {
// Optional
// Output as a hex string
sb.append(MessageFormat.format(res.getString("AuthorityKeyIdentifier"), HexUtil.getHexString(keyIdentifier)));
sb.append(NEWLINE);
}
if (authorityCertIssuer != null) {
// Optional
sb.append(res.getString("CertificateIssuer"));
sb.append(NEWLINE);
for (GeneralName generalName : authorityCertIssuer.getNames()) {
sb.append(INDENT);
sb.append(GeneralNameUtil.toString(generalName));
sb.append(NEWLINE);
}
}
if (certificateSerialNumber != null) {
// Optional
// Output as an integer
sb.append(MessageFormat.format(res.getString("CertificateSerialNumber"), HexUtil.getHexString(certificateSerialNumber)));
sb.append(NEWLINE);
}
return sb.toString();
}
Also used :
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
BigInteger(java.math.BigInteger)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Example 89 with GeneralNames
use of de.carne.certmgr.certs.x509.GeneralNames in project keystore-explorer by kaikramer.
the class X509Ext method getSubjectAlternativeNameStringValue.
private String getSubjectAlternativeNameStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* SubjectAltName ::= GeneralNames
*
* GeneralNames ::= ASN1Sequence SIZE (1..MAX) OF GeneralName
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
GeneralNames subjectAltName = GeneralNames.getInstance(value);
for (GeneralName generalName : subjectAltName.getNames()) {
sb.append(GeneralNameUtil.toString(generalName));
sb.append(NEWLINE);
}
return sb.toString();
}
Also used :
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Example 90 with GeneralNames
use of de.carne.certmgr.certs.x509.GeneralNames in project keystore-explorer by kaikramer.
the class X509Ext method getCertificateIssuerStringValue.
private String getCertificateIssuerStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* certificateIssuer ::= GeneralNames
*
* GeneralNames ::= ASN1Sequence SIZE (1..MAX) OF GeneralName
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
GeneralNames certificateIssuer = GeneralNames.getInstance(value);
for (GeneralName generalName : certificateIssuer.getNames()) {
sb.append(GeneralNameUtil.toString(generalName));
sb.append(NEWLINE);
}
return sb.toString();
}
Also used :
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Aggregations
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)72
GeneralName (org.bouncycastle.asn1.x509.GeneralName)58
IOException (java.io.IOException)31
X509Certificate (java.security.cert.X509Certificate)22
ArrayList (java.util.ArrayList)19
X500Name (org.bouncycastle.asn1.x500.X500Name)19
DERIA5String (org.bouncycastle.asn1.DERIA5String)14
Date (java.util.Date)13
List (java.util.List)13
DEROctetString (org.bouncycastle.asn1.DEROctetString)13
X500Principal (javax.security.auth.x500.X500Principal)12
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)12
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)12
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)12
GeneralNames (sun.security.x509.GeneralNames)12
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)11
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)11
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)11
Test (org.junit.Test)11
BigInteger (java.math.BigInteger)10
