use of de.carne.certmgr.certs.x509.GeneralNames in project vespa by vespa-engine.
the class Pkcs10CsrBuilder method build.
public Pkcs10Csr build() {
try {
PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic());
ExtensionsGenerator extGen = new ExtensionsGenerator();
if (basicConstraintsExtension != null) {
extGen.addExtension(Extension.basicConstraints, basicConstraintsExtension.isCritical, new BasicConstraints(basicConstraintsExtension.isCertAuthorityCertificate));
}
if (!subjectAlternativeNames.isEmpty()) {
GeneralNames generalNames = new GeneralNames(subjectAlternativeNames.stream().map(san -> new GeneralName(GeneralName.dNSName, san)).toArray(GeneralName[]::new));
extGen.addExtension(Extension.subjectAlternativeName, false, generalNames);
}
requestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm.getAlgorithmName()).setProvider(BouncyCastleProviderHolder.getInstance()).build(keyPair.getPrivate());
return new Pkcs10Csr(requestBuilder.build(contentSigner));
} catch (OperatorCreationException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new UncheckedIOException(e);
}
}
use of de.carne.certmgr.certs.x509.GeneralNames in project signer by demoiselle.
the class SigningCertificateV2 method getValue.
@Override
public Attribute getValue() throws SignerException {
try {
X509Certificate cert = (X509Certificate) certificates[0];
X509Certificate issuerCert = (X509Certificate) certificates[1];
Digest digest = DigestFactory.getInstance().factoryDefault();
digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
byte[] certHash = digest.digest(cert.getEncoded());
X500Name dirName = new X500Name(issuerCert.getSubjectX500Principal().getName());
GeneralName name = new GeneralName(dirName);
GeneralNames issuer = new GeneralNames(name);
ASN1Integer serialNumber = new ASN1Integer(cert.getSerialNumber());
IssuerSerial issuerSerial = new IssuerSerial(issuer, serialNumber);
// SHA-256
AlgorithmIdentifier algId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256);
ESSCertIDv2 essCertIDv2 = new ESSCertIDv2(algId, certHash, issuerSerial);
// return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(essCertIDv2)));
return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(new ASN1Encodable[] { new DERSequence(essCertIDv2) })));
} catch (CertificateEncodingException ex) {
throw new SignerException(ex.getMessage());
}
}
use of de.carne.certmgr.certs.x509.GeneralNames in project keystore-explorer by kaikramer.
the class X509Ext method getAuthorityKeyIdentifierStringValue.
private String getAuthorityKeyIdentifierStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* AuthorityKeyIdentifier ::= ASN1Sequence { keyIdentifier [0]
* KeyIdentifier OPTIONAL, authorityCertIssuer [1] GeneralNames
* OPTIONAL, authorityCertSerialNumber [2] CertificateSerialNumber
* OPTIONAL }
*
* KeyIdentifier ::= OCTET STRING
*
* GeneralNames ::= ASN1Sequence SIZE (1..MAX) OF GeneralName
*
* CertificateSerialNumber ::= ASN1Integer
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(value);
byte[] keyIdentifier = authorityKeyIdentifier.getKeyIdentifier();
GeneralNames authorityCertIssuer = authorityKeyIdentifier.getAuthorityCertIssuer();
BigInteger certificateSerialNumber = authorityKeyIdentifier.getAuthorityCertSerialNumber();
if (keyIdentifier != null) {
// Optional
// Output as a hex string
sb.append(MessageFormat.format(res.getString("AuthorityKeyIdentifier"), HexUtil.getHexString(keyIdentifier)));
sb.append(NEWLINE);
}
if (authorityCertIssuer != null) {
// Optional
sb.append(res.getString("CertificateIssuer"));
sb.append(NEWLINE);
for (GeneralName generalName : authorityCertIssuer.getNames()) {
sb.append(INDENT);
sb.append(GeneralNameUtil.toString(generalName));
sb.append(NEWLINE);
}
}
if (certificateSerialNumber != null) {
// Optional
// Output as an integer
sb.append(MessageFormat.format(res.getString("CertificateSerialNumber"), HexUtil.getHexString(certificateSerialNumber)));
sb.append(NEWLINE);
}
return sb.toString();
}
use of de.carne.certmgr.certs.x509.GeneralNames in project keystore-explorer by kaikramer.
the class X509Ext method getSubjectAlternativeNameStringValue.
private String getSubjectAlternativeNameStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* SubjectAltName ::= GeneralNames
*
* GeneralNames ::= ASN1Sequence SIZE (1..MAX) OF GeneralName
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
GeneralNames subjectAltName = GeneralNames.getInstance(value);
for (GeneralName generalName : subjectAltName.getNames()) {
sb.append(GeneralNameUtil.toString(generalName));
sb.append(NEWLINE);
}
return sb.toString();
}
use of de.carne.certmgr.certs.x509.GeneralNames in project keystore-explorer by kaikramer.
the class X509Ext method getCertificateIssuerStringValue.
private String getCertificateIssuerStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* certificateIssuer ::= GeneralNames
*
* GeneralNames ::= ASN1Sequence SIZE (1..MAX) OF GeneralName
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
GeneralNames certificateIssuer = GeneralNames.getInstance(value);
for (GeneralName generalName : certificateIssuer.getNames()) {
sb.append(GeneralNameUtil.toString(generalName));
sb.append(NEWLINE);
}
return sb.toString();
}
Aggregations