Examples with GeneralName org.apache.harmony.security.x509.GeneralName used on opensource projects

Search in sources :

Example 71 with GeneralName

use of org.apache.harmony.security.x509.GeneralName in project signer by demoiselle.

the class CertificateRefs method getValue.

@Override
public Attribute getValue() throws SignerException {
    try {
        int chainSize = certificates.length - 1;
        OtherCertID[] arrayOtherCertID = new OtherCertID[chainSize];
        for (int i = 1; i <= chainSize; i++) {
            X509Certificate issuerCert = null;
            X509Certificate cert = (X509Certificate) certificates[i];
            if (i < chainSize) {
                issuerCert = (X509Certificate) certificates[i + 1];
            } else {
                // raiz
                issuerCert = (X509Certificate) certificates[i];
            }
            Digest digest = DigestFactory.getInstance().factoryDefault();
            digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
            byte[] certHash = digest.digest(cert.getEncoded());
            X500Name dirName = new X500Name(issuerCert.getSubjectX500Principal().getName());
            GeneralName name = new GeneralName(dirName);
            GeneralNames issuer = new GeneralNames(name);
            ASN1Integer serialNumber = new ASN1Integer(cert.getSerialNumber());
            IssuerSerial issuerSerial = new IssuerSerial(issuer, serialNumber);
            AlgorithmIdentifier algId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256);
            OtherCertID otherCertID = new OtherCertID(algId, certHash, issuerSerial);
            arrayOtherCertID[i - 1] = otherCertID;
        }
        return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new ASN1Encodable[] { new DERSequence(arrayOtherCertID) }));
    } catch (CertificateEncodingException e) {
        throw new SignerException(e.getMessage());
    }
}
Also used : IssuerSerial(org.bouncycastle.asn1.x509.IssuerSerial) Digest(org.demoiselle.signer.cryptography.Digest) UnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute) Attribute(org.bouncycastle.asn1.cms.Attribute) CertificateEncodingException(java.security.cert.CertificateEncodingException) X500Name(org.bouncycastle.asn1.x500.X500Name) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) DERSet(org.bouncycastle.asn1.DERSet) X509Certificate(java.security.cert.X509Certificate) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) OtherCertID(org.bouncycastle.asn1.ess.OtherCertID) DERSequence(org.bouncycastle.asn1.DERSequence) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 72 with GeneralName

use of org.apache.harmony.security.x509.GeneralName in project signer by demoiselle.

the class SubjectAlternativeNameHolder method parseGeneralName.

private ASN1Encodable parseGeneralName(List<?> nameEntry) {
    if (nameEntry != null && nameEntry.size() != 2) {
        throw new IllegalArgumentException(String.valueOf(nameEntry));
    }
    String tag = String.valueOf(nameEntry.get(0));
    Matcher m = TAGS_PATTERN.matcher(tag);
    if (m.matches()) {
        return new GeneralName(Integer.valueOf(tag), String.valueOf(nameEntry.get(1)));
    }
    throw new IllegalArgumentException(String.valueOf(nameEntry));
}
Also used : Matcher(java.util.regex.Matcher) GeneralName(org.bouncycastle.asn1.x509.GeneralName)

Example 73 with GeneralName

use of org.apache.harmony.security.x509.GeneralName in project vespa by vespa-engine.

the class X509CertificateBuilder method build.

public X509Certificate build() {
    try {
        JcaX509v3CertificateBuilder jcaCertBuilder = new JcaX509v3CertificateBuilder(issuer, BigInteger.valueOf(serialNumber), Date.from(notBefore), Date.from(notAfter), subject, certPublicKey);
        if (basicConstraintsExtension != null) {
            jcaCertBuilder.addExtension(Extension.basicConstraints, basicConstraintsExtension.isCritical, new BasicConstraints(basicConstraintsExtension.isCertAuthorityCertificate));
        }
        if (!subjectAlternativeNames.isEmpty()) {
            GeneralNames generalNames = new GeneralNames(subjectAlternativeNames.stream().map(san -> new GeneralName(GeneralName.dNSName, san)).toArray(GeneralName[]::new));
            jcaCertBuilder.addExtension(Extension.subjectAlternativeName, false, generalNames);
        }
        ContentSigner contentSigner = new JcaContentSignerBuilder(signingAlgorithm.getAlgorithmName()).setProvider(BouncyCastleProviderHolder.getInstance()).build(caPrivateKey);
        return new JcaX509CertificateConverter().setProvider(BouncyCastleProviderHolder.getInstance()).getCertificate(jcaCertBuilder.build(contentSigner));
    } catch (OperatorException | GeneralSecurityException e) {
        throw new RuntimeException(e);
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    }
}
Also used : JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) GeneralSecurityException(java.security.GeneralSecurityException) ContentSigner(org.bouncycastle.operator.ContentSigner) UncheckedIOException(java.io.UncheckedIOException) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) GeneralName(org.bouncycastle.asn1.x509.GeneralName) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) OperatorException(org.bouncycastle.operator.OperatorException)

Example 74 with GeneralName

use of org.apache.harmony.security.x509.GeneralName in project neo4j by neo4j.

the class SelfSignedCertificateFactory method createSelfSignedCertificate.

public void createSelfSignedCertificate(Path certificatePath, Path privateKeyPath, String hostName) throws GeneralSecurityException, IOException, OperatorCreationException {
    installCleanupHook(certificatePath, privateKeyPath);
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance(DEFAULT_ENCRYPTION);
    keyGen.initialize(2048, random);
    KeyPair keypair = keyGen.generateKeyPair();
    // Prepare the information required for generating an X.509 certificate.
    X500Name owner = new X500Name("CN=" + hostName);
    X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(owner, new BigInteger(64, random), NOT_BEFORE, NOT_AFTER, owner, keypair.getPublic());
    // Subject alternative name (part of SNI extension, used for hostname verification)
    GeneralNames subjectAlternativeName = new GeneralNames(new GeneralName(GeneralName.dNSName, hostName));
    builder.addExtension(Extension.subjectAlternativeName, false, subjectAlternativeName);
    PrivateKey privateKey = keypair.getPrivate();
    ContentSigner signer = new JcaContentSignerBuilder("SHA512WithRSAEncryption").build(privateKey);
    X509CertificateHolder certHolder = builder.build(signer);
    X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certHolder);
    // check so that cert is valid
    cert.verify(keypair.getPublic());
    // write to disk
    writePem("CERTIFICATE", cert.getEncoded(), certificatePath);
    writePem("PRIVATE KEY", privateKey.getEncoded(), privateKeyPath);
    // Mark as done so we don't clean up certificates
    cleanupRequired = false;
}
Also used : KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) KeyPairGenerator(java.security.KeyPairGenerator) X500Name(org.bouncycastle.asn1.x500.X500Name) X509Certificate(java.security.cert.X509Certificate) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) GeneralName(org.bouncycastle.asn1.x509.GeneralName)

Example 75 with GeneralName

use of org.apache.harmony.security.x509.GeneralName in project neo4j by neo4j.

the class CertificateChainFactory method generateCertificate.

private static X509Certificate generateCertificate(X509Certificate issuingCert, PrivateKey issuingPrivateKey, KeyPair certKeyPair, String certName, String ocspURL, Path certificatePath, Path keyPath, BouncyCastleProvider bouncyCastleProvider) throws Exception {
    X509v3CertificateBuilder builder;
    if (issuingCert == null) {
        builder = new JcaX509v3CertificateBuilder(// issuer authority
        new X500Name("CN=" + certName), // serial number of certificate
        BigInteger.valueOf(new Random().nextInt()), // start of validity
        NOT_BEFORE, // end of certificate validity
        NOT_AFTER, // subject name of certificate
        new X500Name("CN=" + certName), // public key of certificate
        certKeyPair.getPublic());
    } else {
        builder = new JcaX509v3CertificateBuilder(// issuer authority
        issuingCert, // serial number of certificate
        BigInteger.valueOf(new Random().nextInt()), // start of validity
        NOT_BEFORE, // end of certificate validity
        NOT_AFTER, // subject name of certificate
        new X500Name("CN=" + certName), // public key of certificate
        certKeyPair.getPublic());
    }
    // key usage restrictions
    builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature));
    builder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.anyExtendedKeyUsage));
    builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
    // embed ocsp URI
    builder.addExtension(Extension.authorityInfoAccess, false, new AuthorityInformationAccess(new AccessDescription(AccessDescription.id_ad_ocsp, new GeneralName(GeneralName.uniformResourceIdentifier, ocspURL + "/" + certName))));
    X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(builder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(bouncyCastleProvider).build(// self sign if root cert
    issuingPrivateKey == null ? certKeyPair.getPrivate() : issuingPrivateKey)));
    writePem("CERTIFICATE", certificate.getEncoded(), certificatePath);
    writePem("PRIVATE KEY", certKeyPair.getPrivate().getEncoded(), keyPath);
    return certificate;
}
Also used : AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) X500Name(org.bouncycastle.asn1.x500.X500Name) X509Certificate(java.security.cert.X509Certificate) Random(java.util.Random) SecureRandom(java.security.SecureRandom) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Aggregations

GeneralName (org.bouncycastle.asn1.x509.GeneralName)144 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)67 IOException (java.io.IOException)54 ArrayList (java.util.ArrayList)40 DERIA5String (org.bouncycastle.asn1.DERIA5String)39 X500Name (org.bouncycastle.asn1.x500.X500Name)34 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)34 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)33 X509Certificate (java.security.cert.X509Certificate)32 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)28 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)27 DEROctetString (org.bouncycastle.asn1.DEROctetString)25 List (java.util.List)21 BigInteger (java.math.BigInteger)20 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)20 GeneralName (org.apache.harmony.security.x509.GeneralName)18 DERSequence (org.bouncycastle.asn1.DERSequence)18 DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)18 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)18 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)18
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial