use of org.bouncycastle.asn1.x509.GeneralName in project robovm by robovm.
the class TestKeyStore method createCertificate.
private static X509Certificate createCertificate(PublicKey publicKey, PrivateKey privateKey, X500Principal subject, X500Principal issuer, int keyUsage, boolean ca, List<KeyPurposeId> extendedKeyUsages, List<Boolean> criticalExtendedKeyUsages, List<GeneralName> subjectAltNames, List<GeneralSubtree> permittedNameConstraints, List<GeneralSubtree> excludedNameConstraints) throws Exception {
// Note that there is no way to programmatically make a
// Certificate using java.* or javax.* APIs. The
// CertificateFactory interface assumes you want to read
// in a stream of bytes, typically the X.509 factory would
// allow ASN.1 DER encoded bytes and optionally some PEM
// formats. Here we use Bouncy Castle's
// X509V3CertificateGenerator and related classes.
long millisPerDay = 24 * 60 * 60 * 1000;
long now = System.currentTimeMillis();
Date start = new Date(now - millisPerDay);
Date end = new Date(now + millisPerDay);
BigInteger serial = BigInteger.valueOf(1);
String keyAlgorithm = privateKey.getAlgorithm();
String signatureAlgorithm;
if (keyAlgorithm.equals("RSA")) {
signatureAlgorithm = "sha1WithRSA";
} else if (keyAlgorithm.equals("DSA")) {
signatureAlgorithm = "sha1WithDSA";
} else if (keyAlgorithm.equals("EC")) {
signatureAlgorithm = "sha1WithECDSA";
} else if (keyAlgorithm.equals("EC_RSA")) {
signatureAlgorithm = "sha1WithRSA";
} else {
throw new IllegalArgumentException("Unknown key algorithm " + keyAlgorithm);
}
X509V3CertificateGenerator x509cg = new X509V3CertificateGenerator();
x509cg.setSubjectDN(subject);
x509cg.setIssuerDN(issuer);
x509cg.setNotBefore(start);
x509cg.setNotAfter(end);
x509cg.setPublicKey(publicKey);
x509cg.setSignatureAlgorithm(signatureAlgorithm);
x509cg.setSerialNumber(serial);
if (keyUsage != 0) {
x509cg.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(keyUsage));
}
if (ca) {
x509cg.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
}
for (int i = 0; i < extendedKeyUsages.size(); i++) {
KeyPurposeId keyPurposeId = extendedKeyUsages.get(i);
boolean critical = criticalExtendedKeyUsages.get(i);
x509cg.addExtension(X509Extensions.ExtendedKeyUsage, critical, new ExtendedKeyUsage(keyPurposeId));
}
for (GeneralName subjectAltName : subjectAltNames) {
x509cg.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(subjectAltName).getEncoded());
}
if (!permittedNameConstraints.isEmpty() || !excludedNameConstraints.isEmpty()) {
x509cg.addExtension(X509Extensions.NameConstraints, true, new NameConstraints(permittedNameConstraints.toArray(new GeneralSubtree[permittedNameConstraints.size()]), excludedNameConstraints.toArray(new GeneralSubtree[excludedNameConstraints.size()])));
}
if (privateKey instanceof ECPrivateKey) {
/*
* bouncycastle needs its own ECPrivateKey implementation
*/
KeyFactory kf = KeyFactory.getInstance(keyAlgorithm, "BC");
PKCS8EncodedKeySpec ks = new PKCS8EncodedKeySpec(privateKey.getEncoded());
privateKey = kf.generatePrivate(ks);
}
X509Certificate x509c = x509cg.generateX509Certificate(privateKey);
if (StandardNames.IS_RI) {
/*
* The RI can't handle the BC EC signature algorithm
* string of "ECDSA", since it expects "...WITHEC...",
* so convert from BC to RI X509Certificate
* implementation via bytes.
*/
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bais = new ByteArrayInputStream(x509c.getEncoded());
Certificate c = cf.generateCertificate(bais);
x509c = (X509Certificate) c;
}
return x509c;
}
use of org.bouncycastle.asn1.x509.GeneralName in project zaproxy by zaproxy.
the class SslCertificateServiceImpl method createCertForHost.
@Override
public KeyStore createCertForHost(String hostname) throws NoSuchAlgorithmException, InvalidKeyException, CertificateException, NoSuchProviderException, SignatureException, KeyStoreException, IOException, UnrecoverableKeyException {
if (hostname == null) {
throw new IllegalArgumentException("Error, 'hostname' is not allowed to be null!");
}
if (this.caCert == null || this.caPrivKey == null || this.caPubKey == null) {
throw new MissingRootCertificateException(this.getClass() + " wasn't initialized! Got to options 'Dynamic SSL Certs' and create one.");
}
final KeyPair mykp = this.createKeyPair();
final PrivateKey privKey = mykp.getPrivate();
final PublicKey pubKey = mykp.getPublic();
X500NameBuilder namebld = new X500NameBuilder(BCStyle.INSTANCE);
namebld.addRDN(BCStyle.CN, hostname);
namebld.addRDN(BCStyle.OU, "Zed Attack Proxy Project");
namebld.addRDN(BCStyle.O, "OWASP");
namebld.addRDN(BCStyle.C, "xx");
namebld.addRDN(BCStyle.EmailAddress, "owasp-zed-attack-proxy@lists.owasp.org");
X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(new X509CertificateHolder(caCert.getEncoded()).getSubject(), BigInteger.valueOf(serial.getAndIncrement()), new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), new Date(System.currentTimeMillis() + 100 * (1000L * 60 * 60 * 24 * 30)), namebld.build(), pubKey);
certGen.addExtension(Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifier(pubKey.getEncoded()));
certGen.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
certGen.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.dNSName, hostname)));
ContentSigner sigGen;
try {
sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC").build(caPrivKey);
} catch (OperatorCreationException e) {
throw new CertificateException(e);
}
final X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen));
cert.checkValidity(new Date());
cert.verify(caPubKey);
final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
final Certificate[] chain = new Certificate[2];
chain[1] = this.caCert;
chain[0] = cert;
ks.setKeyEntry(ZAPROXY_JKS_ALIAS, privKey, PASSPHRASE, chain);
return ks;
}
use of org.bouncycastle.asn1.x509.GeneralName in project XobotOS by xamarin.
the class X509ExtensionUtil method getAlternativeNames.
private static Collection getAlternativeNames(byte[] extVal) throws CertificateParsingException {
if (extVal == null) {
return Collections.EMPTY_LIST;
}
try {
Collection temp = new ArrayList();
Enumeration it = DERSequence.getInstance(fromExtensionValue(extVal)).getObjects();
while (it.hasMoreElements()) {
GeneralName genName = GeneralName.getInstance(it.nextElement());
List list = new ArrayList();
// BEGIN android-changed
list.add(Integer.valueOf(genName.getTagNo()));
// END android-changed
switch(genName.getTagNo()) {
case GeneralName.ediPartyName:
case GeneralName.x400Address:
case GeneralName.otherName:
list.add(genName.getName().getDERObject());
break;
case GeneralName.directoryName:
list.add(X509Name.getInstance(genName.getName()).toString());
break;
case GeneralName.dNSName:
case GeneralName.rfc822Name:
case GeneralName.uniformResourceIdentifier:
list.add(((ASN1String) genName.getName()).getString());
break;
case GeneralName.registeredID:
list.add(DERObjectIdentifier.getInstance(genName.getName()).getId());
break;
case GeneralName.iPAddress:
list.add(DEROctetString.getInstance(genName.getName()).getOctets());
break;
default:
throw new IOException("Bad tag number: " + genName.getTagNo());
}
temp.add(list);
}
return Collections.unmodifiableCollection(temp);
} catch (Exception e) {
throw new CertificateParsingException(e.getMessage());
}
}
use of org.bouncycastle.asn1.x509.GeneralName in project XobotOS by xamarin.
the class GeneralName method getInstance.
public static GeneralName getInstance(Object obj) {
if (obj == null || obj instanceof GeneralName) {
return (GeneralName) obj;
}
if (obj instanceof ASN1TaggedObject) {
ASN1TaggedObject tagObj = (ASN1TaggedObject) obj;
int tag = tagObj.getTagNo();
switch(tag) {
case otherName:
return new GeneralName(tag, ASN1Sequence.getInstance(tagObj, false));
case rfc822Name:
return new GeneralName(tag, DERIA5String.getInstance(tagObj, false));
case dNSName:
return new GeneralName(tag, DERIA5String.getInstance(tagObj, false));
case x400Address:
throw new IllegalArgumentException("unknown tag: " + tag);
case directoryName:
return new GeneralName(tag, X509Name.getInstance(tagObj, true));
case ediPartyName:
return new GeneralName(tag, ASN1Sequence.getInstance(tagObj, false));
case uniformResourceIdentifier:
return new GeneralName(tag, DERIA5String.getInstance(tagObj, false));
case iPAddress:
return new GeneralName(tag, ASN1OctetString.getInstance(tagObj, false));
case registeredID:
return new GeneralName(tag, DERObjectIdentifier.getInstance(tagObj, false));
}
}
if (obj instanceof byte[]) {
try {
return getInstance(ASN1Object.fromByteArray((byte[]) obj));
} catch (IOException e) {
throw new IllegalArgumentException("unable to parse encoded general name");
}
}
throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName());
}
use of org.bouncycastle.asn1.x509.GeneralName in project XobotOS by xamarin.
the class GeneralSubtree method toASN1Object.
/**
* Produce an object suitable for an ASN1OutputStream.
*
* Returns:
*
* <pre>
* GeneralSubtree ::= SEQUENCE
* {
* base GeneralName,
* minimum [0] BaseDistance DEFAULT 0,
* maximum [1] BaseDistance OPTIONAL
* }
* </pre>
*
* @return a DERObject
*/
public DERObject toASN1Object() {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(base);
if (minimum != null && !minimum.getValue().equals(ZERO)) {
v.add(new DERTaggedObject(false, 0, minimum));
}
if (maximum != null) {
v.add(new DERTaggedObject(false, 1, maximum));
}
return new DERSequence(v);
}
Aggregations