Example 36 with BasicConstraints
use of org.bouncycastle.asn1.x509.BasicConstraints in project helios by spotify.
the class X509CertificateFactory method generate.
private CertificateAndPrivateKey generate(final AgentProxy agentProxy, final Identity identity, final String username) {
final UUID uuid = new UUID();
final Calendar calendar = Calendar.getInstance();
final X500Name issuerdn = new X500Name("C=US,O=Spotify,CN=helios-client");
final X500Name subjectdn = new X500NameBuilder().addRDN(BCStyle.UID, username).build();
calendar.add(Calendar.MILLISECOND, -validBeforeMilliseconds);
final Date notBefore = calendar.getTime();
calendar.add(Calendar.MILLISECOND, validBeforeMilliseconds + validAfterMilliseconds);
final Date notAfter = calendar.getTime();
// Reuse the UUID time as a SN
final BigInteger serialNumber = BigInteger.valueOf(uuid.getTime()).abs();
try {
final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
keyPairGenerator.initialize(KEY_SIZE, new SecureRandom());
final KeyPair keyPair = keyPairGenerator.generateKeyPair();
final SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(keyPair.getPublic().getEncoded()));
final X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issuerdn, serialNumber, notBefore, notAfter, subjectdn, subjectPublicKeyInfo);
final DigestCalculator digestCalculator = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
final X509ExtensionUtils utils = new X509ExtensionUtils(digestCalculator);
final SubjectKeyIdentifier keyId = utils.createSubjectKeyIdentifier(subjectPublicKeyInfo);
final String keyIdHex = KEY_ID_ENCODING.encode(keyId.getKeyIdentifier());
log.info("generating an X509 certificate for {} with key ID={} and identity={}", username, keyIdHex, identity.getComment());
builder.addExtension(Extension.subjectKeyIdentifier, false, keyId);
builder.addExtension(Extension.authorityKeyIdentifier, false, utils.createAuthorityKeyIdentifier(subjectPublicKeyInfo));
builder.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign));
builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
final X509CertificateHolder holder = builder.build(new SshAgentContentSigner(agentProxy, identity));
final X509Certificate certificate = CERTIFICATE_CONVERTER.getCertificate(holder);
log.debug("generated certificate:\n{}", asPemString(certificate));
return new CertificateAndPrivateKey(certificate, keyPair.getPrivate());
} catch (Exception e) {
throw Throwables.propagate(e);
}
}
Also used :
BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider)
KeyPair(java.security.KeyPair)
X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder)
Calendar(java.util.Calendar)
DigestCalculator(org.bouncycastle.operator.DigestCalculator)
SecureRandom(java.security.SecureRandom)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
X500Name(org.bouncycastle.asn1.x500.X500Name)
KeyPairGenerator(java.security.KeyPairGenerator)
SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
UUID(com.eaio.uuid.UUID)
X509ExtensionUtils(org.bouncycastle.cert.X509ExtensionUtils)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Example 37 with BasicConstraints
use of org.bouncycastle.asn1.x509.BasicConstraints in project XobotOS by xamarin.
the class RFC3280CertPathUtilities method processCRLB2.
/**
* If the complete CRL includes an issuing distribution point (IDP) CRL
* extension check the following:
* <p/>
* (i) If the distribution point name is present in the IDP CRL extension
* and the distribution field is present in the DP, then verify that one of
* the names in the IDP matches one of the names in the DP. If the
* distribution point name is present in the IDP CRL extension and the
* distribution field is omitted from the DP, then verify that one of the
* names in the IDP matches one of the names in the cRLIssuer field of the
* DP.
* </p>
* <p/>
* (ii) If the onlyContainsUserCerts boolean is asserted in the IDP CRL
* extension, verify that the certificate does not include the basic
* constraints extension with the cA boolean asserted.
* </p>
* <p/>
* (iii) If the onlyContainsCACerts boolean is asserted in the IDP CRL
* extension, verify that the certificate includes the basic constraints
* extension with the cA boolean asserted.
* </p>
* <p/>
* (iv) Verify that the onlyContainsAttributeCerts boolean is not asserted.
* </p>
*
* @param dp The distribution point.
* @param cert The certificate.
* @param crl The CRL.
* @throws AnnotatedException if one of the conditions is not met or an error occurs.
*/
protected static void processCRLB2(DistributionPoint dp, Object cert, X509CRL crl) throws AnnotatedException {
IssuingDistributionPoint idp = null;
try {
idp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(crl, RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT));
} catch (Exception e) {
throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e);
}
// distribution point name is present
if (idp != null) {
if (idp.getDistributionPoint() != null) {
// make list of names
DistributionPointName dpName = IssuingDistributionPoint.getInstance(idp).getDistributionPoint();
List names = new ArrayList();
if (dpName.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] genNames = GeneralNames.getInstance(dpName.getName()).getNames();
for (int j = 0; j < genNames.length; j++) {
names.add(genNames[j]);
}
}
if (dpName.getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER) {
ASN1EncodableVector vec = new ASN1EncodableVector();
try {
Enumeration e = ASN1Sequence.getInstance(ASN1Sequence.fromByteArray(CertPathValidatorUtilities.getIssuerPrincipal(crl).getEncoded())).getObjects();
while (e.hasMoreElements()) {
vec.add((DEREncodable) e.nextElement());
}
} catch (IOException e) {
throw new AnnotatedException("Could not read CRL issuer.", e);
}
vec.add(dpName.getName());
names.add(new GeneralName(X509Name.getInstance(new DERSequence(vec))));
}
boolean matches = false;
// of the names in the DP.
if (dp.getDistributionPoint() != null) {
dpName = dp.getDistributionPoint();
GeneralName[] genNames = null;
if (dpName.getType() == DistributionPointName.FULL_NAME) {
genNames = GeneralNames.getInstance(dpName.getName()).getNames();
}
if (dpName.getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER) {
if (dp.getCRLIssuer() != null) {
genNames = dp.getCRLIssuer().getNames();
} else {
genNames = new GeneralName[1];
try {
genNames[0] = new GeneralName(new X509Name((ASN1Sequence) ASN1Sequence.fromByteArray(CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert).getEncoded())));
} catch (IOException e) {
throw new AnnotatedException("Could not read certificate issuer.", e);
}
}
for (int j = 0; j < genNames.length; j++) {
Enumeration e = ASN1Sequence.getInstance(genNames[j].getName().getDERObject()).getObjects();
ASN1EncodableVector vec = new ASN1EncodableVector();
while (e.hasMoreElements()) {
vec.add((DEREncodable) e.nextElement());
}
vec.add(dpName.getName());
genNames[j] = new GeneralName(new X509Name(new DERSequence(vec)));
}
}
if (genNames != null) {
for (int j = 0; j < genNames.length; j++) {
if (names.contains(genNames[j])) {
matches = true;
break;
}
}
}
if (!matches) {
throw new AnnotatedException("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
}
} else // verify that one of the names in
// the IDP matches one of the names in the cRLIssuer field of
// the DP
{
if (dp.getCRLIssuer() == null) {
throw new AnnotatedException("Either the cRLIssuer or the distributionPoint field must " + "be contained in DistributionPoint.");
}
GeneralName[] genNames = dp.getCRLIssuer().getNames();
for (int j = 0; j < genNames.length; j++) {
if (names.contains(genNames[j])) {
matches = true;
break;
}
}
if (!matches) {
throw new AnnotatedException("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
}
}
}
BasicConstraints bc = null;
try {
bc = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue((X509Extension) cert, BASIC_CONSTRAINTS));
} catch (Exception e) {
throw new AnnotatedException("Basic constraints extension could not be decoded.", e);
}
if (cert instanceof X509Certificate) {
// (b) (2) (ii)
if (idp.onlyContainsUserCerts() && (bc != null && bc.isCA())) {
throw new AnnotatedException("CA Cert CRL only contains user certificates.");
}
// (b) (2) (iii)
if (idp.onlyContainsCACerts() && (bc == null || !bc.isCA())) {
throw new AnnotatedException("End CRL only contains CA certificates.");
}
}
// (b) (2) (iv)
if (idp.onlyContainsAttributeCerts()) {
throw new AnnotatedException("onlyContainsAttributeCerts boolean is asserted.");
}
}
}
Also used :
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
Enumeration(java.util.Enumeration)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
ArrayList(java.util.ArrayList)
IOException(java.io.IOException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
X509Certificate(java.security.cert.X509Certificate)
DERSequence(org.bouncycastle.asn1.DERSequence)
X509Name(org.bouncycastle.asn1.x509.X509Name)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
List(java.util.List)
ArrayList(java.util.ArrayList)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Example 38 with BasicConstraints
use of org.bouncycastle.asn1.x509.BasicConstraints in project XobotOS by xamarin.
the class RFC3280CertPathUtilities method prepareNextCertK.
protected static void prepareNextCertK(CertPath certPath, int index) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (k)
//
BasicConstraints bc = null;
try {
bc = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.BASIC_CONSTRAINTS));
} catch (Exception e) {
throw new ExtCertPathValidatorException("Basic constraints extension cannot be decoded.", e, certPath, index);
}
if (bc != null) {
if (!(bc.isCA())) {
throw new CertPathValidatorException("Not a CA certificate");
}
} else {
throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints");
}
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
List(java.util.List)
ArrayList(java.util.ArrayList)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
X509Certificate(java.security.cert.X509Certificate)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
Example 39 with BasicConstraints
use of org.bouncycastle.asn1.x509.BasicConstraints in project nhin-d by DirectProject.
the class PKCS11Commands method createCSR.
@Command(name = "CreateCSR", usage = CREATE_CSR)
public void createCSR(String[] args) {
final String alias = StringArrayUtil.getRequiredValue(args, 0);
final String commonName = StringArrayUtil.getRequiredValue(args, 1);
final String subjectAltName = StringArrayUtil.getRequiredValue(args, 2);
final String keyUsage = StringArrayUtil.getRequiredValue(args, 3);
// make sure we have a valid keyUsage
if (!(keyUsage.compareToIgnoreCase("DigitalSignature") == 0 || keyUsage.compareToIgnoreCase("KeyEncipherment") == 0 || keyUsage.compareToIgnoreCase("DualUse") == 0)) {
System.out.println("Invalid key usage.");
return;
}
final Vector<String> additionalRDNFields = new Vector<String>();
int cnt = 4;
String rdnField;
do {
rdnField = StringArrayUtil.getOptionalValue(args, cnt++, "");
if (!StringUtils.isEmpty(rdnField))
additionalRDNFields.add(rdnField);
} while (!StringUtils.isEmpty(rdnField));
try {
final KeyStore ks = mgr.getKS();
if (!ks.containsAlias(alias)) {
System.out.println("Entry with key name " + alias + " does not exist.");
return;
}
final X509Certificate storedCert = (X509Certificate) ks.getCertificate(alias);
if (storedCert == null) {
System.out.println("Key name " + alias + " does not contain a certificate that can be exported. This key may not be an RSA key pair.");
return;
}
final PrivateKey privKey = (PrivateKey) ks.getKey(alias, "".toCharArray());
if (privKey == null) {
System.out.println("Failed to object private key. This key may not be an RSA key pair.");
return;
}
// create the CSR
// create the extensions that we want
final X509ExtensionsGenerator extsGen = new X509ExtensionsGenerator();
// Key Usage
int usage;
if (keyUsage.compareToIgnoreCase("KeyEncipherment") == 0)
usage = KeyUsage.keyEncipherment;
else if (keyUsage.compareToIgnoreCase("DigitalSignature") == 0)
usage = KeyUsage.digitalSignature;
else
usage = KeyUsage.keyEncipherment | KeyUsage.digitalSignature;
extsGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(usage));
// Subject Alt Name
int nameType = subjectAltName.contains("@") ? GeneralName.rfc822Name : GeneralName.dNSName;
final GeneralNames altName = new GeneralNames(new GeneralName(nameType, subjectAltName));
extsGen.addExtension(X509Extensions.SubjectAlternativeName, false, altName);
// Extended Key Usage
final Vector<KeyPurposeId> purposes = new Vector<KeyPurposeId>();
purposes.add(KeyPurposeId.id_kp_emailProtection);
extsGen.addExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(purposes));
// Basic constraint
final BasicConstraints bc = new BasicConstraints(false);
extsGen.addExtension(X509Extensions.BasicConstraints, true, bc);
// create the extension requests
final X509Extensions exts = extsGen.generate();
final ASN1EncodableVector attributes = new ASN1EncodableVector();
final Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new DERSet(exts.toASN1Object()));
attributes.add(attribute);
final DERSet requestedAttributes = new DERSet(attributes);
// create the DN
final StringBuilder dnBuilder = new StringBuilder("CN=").append(commonName);
for (String field : additionalRDNFields) dnBuilder.append(",").append(field);
final X500Principal subjectPrin = new X500Principal(dnBuilder.toString());
final X509Principal xName = new X509Principal(true, subjectPrin.getName());
// create the CSR
final PKCS10CertificationRequest request = new PKCS10CertificationRequest("SHA256WITHRSA", xName, storedCert.getPublicKey(), requestedAttributes, privKey, ks.getProvider().getName());
final byte[] encodedCSR = request.getEncoded();
final String csrString = "-----BEGIN CERTIFICATE REQUEST-----\r\n" + Base64.encodeBase64String(encodedCSR) + "-----END CERTIFICATE REQUEST-----";
final File csrFile = new File(alias + "-CSR.pem");
FileUtils.writeStringToFile(csrFile, csrString);
System.out.println("CSR written to " + csrFile.getAbsolutePath());
} catch (Exception e) {
e.printStackTrace();
System.err.println("Failed to create CSR : " + e.getMessage());
}
}
Also used :
PrivateKey(java.security.PrivateKey)
Attribute(org.bouncycastle.asn1.x509.Attribute)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
X509Extensions(org.bouncycastle.asn1.x509.X509Extensions)
DERSet(org.bouncycastle.asn1.DERSet)
X509Principal(org.bouncycastle.jce.X509Principal)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
X509ExtensionsGenerator(org.bouncycastle.asn1.x509.X509ExtensionsGenerator)
Vector(java.util.Vector)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
PKCS10CertificationRequest(org.bouncycastle.jce.PKCS10CertificationRequest)
KeyPurposeId(org.bouncycastle.asn1.x509.KeyPurposeId)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
X500Principal(javax.security.auth.x500.X500Principal)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
File(java.io.File)
Command(org.nhindirect.common.tooling.Command)
Example 40 with BasicConstraints
use of org.bouncycastle.asn1.x509.BasicConstraints in project nhin-d by DirectProject.
the class CertGenerator method createLeafCertificate.
private static CertCreateFields createLeafCertificate(CertCreateFields fields, KeyPair keyPair, boolean addAltNames) throws Exception {
String altName = "";
StringBuilder dnBuilder = new StringBuilder();
// create the DN
if (fields.getAttributes().containsKey("EMAILADDRESS")) {
dnBuilder.append("EMAILADDRESS=").append(fields.getAttributes().get("EMAILADDRESS")).append(", ");
altName = fields.getAttributes().get("EMAILADDRESS").toString();
}
if (fields.getAttributes().containsKey("CN"))
dnBuilder.append("CN=").append(fields.getAttributes().get("CN")).append(", ");
if (fields.getAttributes().containsKey("C"))
dnBuilder.append("C=").append(fields.getAttributes().get("C")).append(", ");
if (fields.getAttributes().containsKey("ST"))
dnBuilder.append("ST=").append(fields.getAttributes().get("ST")).append(", ");
if (fields.getAttributes().containsKey("L"))
dnBuilder.append("L=").append(fields.getAttributes().get("L")).append(", ");
if (fields.getAttributes().containsKey("O"))
dnBuilder.append("O=").append(fields.getAttributes().get("O")).append(", ");
String DN = dnBuilder.toString().trim();
if (DN.endsWith(","))
DN = DN.substring(0, DN.length() - 1);
X509V3CertificateGenerator v1CertGen = new X509V3CertificateGenerator();
Calendar start = Calendar.getInstance();
Calendar end = Calendar.getInstance();
end.add(Calendar.DAY_OF_MONTH, fields.getExpDays());
// not the best way to do this... generally done with a db file
v1CertGen.setSerialNumber(BigInteger.valueOf(generatePositiveRandom()));
// issuer is the parent cert
v1CertGen.setIssuerDN(fields.getSignerCert().getSubjectX500Principal());
v1CertGen.setNotBefore(start.getTime());
v1CertGen.setNotAfter(end.getTime());
v1CertGen.setSubjectDN(new X509Principal(DN));
v1CertGen.setPublicKey(keyPair.getPublic());
v1CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
// pointer to the parent CA
v1CertGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(fields.getSignerCert()));
v1CertGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.getPublic()));
boolean allowToSign = (fields.getAttributes().get("ALLOWTOSIGN") != null && fields.getAttributes().get("ALLOWTOSIGN").toString().equalsIgnoreCase("true"));
v1CertGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(allowToSign));
int keyUsage = 0;
if (fields.getAttributes().get("KEYENC") != null && fields.getAttributes().get("KEYENC").toString().equalsIgnoreCase("true"))
keyUsage = keyUsage | KeyUsage.keyEncipherment;
if (fields.getAttributes().get("DIGSIG") != null && fields.getAttributes().get("DIGSIG").toString().equalsIgnoreCase("true"))
keyUsage = keyUsage | KeyUsage.digitalSignature;
if (keyUsage > 0)
v1CertGen.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(keyUsage));
if (fields.getSignerCert().getSubjectAlternativeNames() != null) {
for (List<?> names : fields.getSignerCert().getSubjectAlternativeNames()) {
GeneralNames issuerAltName = new GeneralNames(new GeneralName((Integer) names.get(0), names.get(1).toString()));
v1CertGen.addExtension(X509Extensions.IssuerAlternativeName, false, issuerAltName);
}
}
if (addAltNames && !altName.isEmpty()) {
int nameType = altName.contains("@") ? GeneralName.rfc822Name : GeneralName.dNSName;
GeneralNames subjectAltName = new GeneralNames(new GeneralName(nameType, altName));
v1CertGen.addExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
}
// use the CA's private key to sign the certificate
X509Certificate newCACert = v1CertGen.generate((PrivateKey) fields.getSignerKey(), CryptoExtensions.getJCEProviderName());
// validate the certificate
newCACert.verify(fields.getSignerCert().getPublicKey());
// write the certificate the file system
writeCertAndKey(newCACert, keyPair.getPrivate(), fields);
return fields;
}
Also used :
SubjectKeyIdentifierStructure(org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure)
Calendar(java.util.Calendar)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
AuthorityKeyIdentifierStructure(org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure)
X509Certificate(java.security.cert.X509Certificate)
BigInteger(java.math.BigInteger)
X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
X509Principal(org.bouncycastle.jce.X509Principal)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Aggregations
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)57
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)30
X509Certificate (java.security.cert.X509Certificate)29
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)28
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)26
Date (java.util.Date)25
ContentSigner (org.bouncycastle.operator.ContentSigner)25
X500Name (org.bouncycastle.asn1.x500.X500Name)24
BigInteger (java.math.BigInteger)22
KeyUsage (org.bouncycastle.asn1.x509.KeyUsage)21
JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)21
GeneralName (org.bouncycastle.asn1.x509.GeneralName)20
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)17
IOException (java.io.IOException)16
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)15
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)14
ExtendedKeyUsage (org.bouncycastle.asn1.x509.ExtendedKeyUsage)13
ArrayList (java.util.ArrayList)11
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)11
KeyPair (java.security.KeyPair)10
