use of org.bouncycastle.asn1.x509.Extensions in project nifi by apache.
the class TlsHelper method createDomainAlternativeNamesExtensions.
public static Extensions createDomainAlternativeNamesExtensions(String domainAlternativeNames, String requestedDn) throws IOException {
List<GeneralName> namesList = new ArrayList<>();
try {
final String cn = IETFUtils.valueToString(new X500Name(requestedDn).getRDNs(BCStyle.CN)[0].getFirst().getValue());
namesList.add(new GeneralName(GeneralName.dNSName, cn));
} catch (Exception e) {
throw new IOException("Failed to extract CN from request DN: " + requestedDn, e);
}
if (StringUtils.isNotBlank(domainAlternativeNames)) {
for (String alternativeName : domainAlternativeNames.split(",")) {
namesList.add(new GeneralName(GeneralName.dNSName, alternativeName));
}
}
GeneralNames subjectAltNames = new GeneralNames(namesList.toArray(new GeneralName[] {}));
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
return extGen.generate();
}
use of org.bouncycastle.asn1.x509.Extensions in project nifi by apache.
the class OcspCertificateValidatorTest method generateCertificate.
/**
* Generates a signed certificate with a specific keypair.
*
* @param dn the DN
* @param keyPair the public key will be included in the certificate and the the private key is used to sign the certificate
* @return the certificate
* @throws IOException if an exception occurs
* @throws NoSuchAlgorithmException if an exception occurs
* @throws CertificateException if an exception occurs
* @throws NoSuchProviderException if an exception occurs
* @throws SignatureException if an exception occurs
* @throws InvalidKeyException if an exception occurs
* @throws OperatorCreationException if an exception occurs
*/
private static X509Certificate generateCertificate(String dn, KeyPair keyPair) throws IOException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, SignatureException, InvalidKeyException, OperatorCreationException {
PrivateKey privateKey = keyPair.getPrivate();
ContentSigner sigGen = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(PROVIDER).build(privateKey);
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
Date startDate = new Date(YESTERDAY);
Date endDate = new Date(ONE_YEAR_FROM_NOW);
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(new X500Name(dn), BigInteger.valueOf(System.currentTimeMillis()), startDate, endDate, new X500Name(dn), subPubKeyInfo);
// Set certificate extensions
// (1) digitalSignature extension
certBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyAgreement));
// (2) extendedKeyUsage extension
Vector<KeyPurposeId> ekUsages = new Vector<>();
ekUsages.add(KeyPurposeId.id_kp_clientAuth);
ekUsages.add(KeyPurposeId.id_kp_serverAuth);
certBuilder.addExtension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(ekUsages));
// Sign the certificate
X509CertificateHolder certificateHolder = certBuilder.build(sigGen);
return new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certificateHolder);
}
use of org.bouncycastle.asn1.x509.Extensions in project athenz by yahoo.
the class Crypto method extractX509CSREmail.
public static String extractX509CSREmail(PKCS10CertificationRequest certReq) {
String rfc822 = null;
Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
for (Attribute attribute : attributes) {
for (ASN1Encodable value : attribute.getAttributeValues()) {
Extensions extensions = Extensions.getInstance(value);
GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
for (GeneralName name : gns.getNames()) {
if (name.getTagNo() == GeneralName.rfc822Name) {
rfc822 = (((DERIA5String) name.getName()).getString());
break;
}
}
}
}
return rfc822;
}
use of org.bouncycastle.asn1.x509.Extensions in project athenz by yahoo.
the class Crypto method extractX509CSRDnsNames.
public static List<String> extractX509CSRDnsNames(PKCS10CertificationRequest certReq) {
List<String> dnsNames = new ArrayList<>();
Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
for (Attribute attribute : attributes) {
for (ASN1Encodable value : attribute.getAttributeValues()) {
Extensions extensions = Extensions.getInstance(value);
GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
for (GeneralName name : gns.getNames()) {
if (name.getTagNo() == GeneralName.dNSName) {
dnsNames.add(((DERIA5String) name.getName()).getString());
}
}
}
}
return dnsNames;
}
use of org.bouncycastle.asn1.x509.Extensions in project keystore-explorer by kaikramer.
the class X509CertificateGenerator method generateVersion3.
private X509Certificate generateVersion3(X500Name subject, X500Name issuer, Date validityStart, Date validityEnd, PublicKey publicKey, PrivateKey privateKey, SignatureType signatureType, BigInteger serialNumber, X509Extension extensions, Provider provider) throws CryptoException, CertIOException {
Date notBefore = validityStart == null ? new Date() : validityStart;
Date notAfter = validityEnd == null ? new Date(notBefore.getTime() + TimeUnit.DAYS.toMillis(365)) : validityEnd;
JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuer, serialNumber, notBefore, notAfter, subject, publicKey);
if (extensions != null) {
for (String oid : extensions.getCriticalExtensionOIDs()) {
certBuilder.addExtension(new ASN1ObjectIdentifier(oid), true, getExtensionValue(extensions, oid));
}
for (String oid : extensions.getNonCriticalExtensionOIDs()) {
certBuilder.addExtension(new ASN1ObjectIdentifier(oid), false, getExtensionValue(extensions, oid));
}
}
try {
ContentSigner certSigner = null;
if (provider == null) {
certSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider("BC").build(privateKey);
} else {
certSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider(provider).build(privateKey);
}
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certBuilder.build(certSigner));
} catch (CertificateException | IllegalStateException | OperatorCreationException ex) {
throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex);
}
}
Aggregations