Search in sources :

Example 36 with GeneralName

use of org.bouncycastle.asn1.x509.GeneralName in project athenz by yahoo.

the class Crypto method extractX509CSRDnsNames.

public static List<String> extractX509CSRDnsNames(PKCS10CertificationRequest certReq) {
    List<String> dnsNames = new ArrayList<>();
    Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
    for (Attribute attribute : attributes) {
        for (ASN1Encodable value : attribute.getAttributeValues()) {
            Extensions extensions = Extensions.getInstance(value);
            GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
            for (GeneralName name : gns.getNames()) {
                if (name.getTagNo() == GeneralName.dNSName) {
                    dnsNames.add(((DERIA5String) name.getName()).getString());
                }
            }
        }
    }
    return dnsNames;
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) Attribute(org.bouncycastle.asn1.pkcs.Attribute) ArrayList(java.util.ArrayList) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) GeneralName(org.bouncycastle.asn1.x509.GeneralName) Extensions(org.bouncycastle.asn1.x509.Extensions)

Example 37 with GeneralName

use of org.bouncycastle.asn1.x509.GeneralName in project fdroidclient by f-droid.

the class LocalRepoKeyStore method generateSelfSignedCertChain.

private Certificate generateSelfSignedCertChain(KeyPair kp, X500Name subject, String hostname) throws CertificateException, OperatorCreationException, IOException {
    SecureRandom rand = new SecureRandom();
    PrivateKey privKey = kp.getPrivate();
    PublicKey pubKey = kp.getPublic();
    ContentSigner sigGen = new JcaContentSignerBuilder(DEFAULT_SIG_ALG).build(privKey);
    SubjectPublicKeyInfo subPubKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(pubKey.getEncoded()));
    // now
    Date now = new Date();
    /* force it to use a English/Gregorian dates for the cert, hardly anyone
           ever looks at the cert metadata anyway, and its very likely that they
           understand English/Gregorian dates */
    Calendar c = new GregorianCalendar(Locale.ENGLISH);
    c.setTime(now);
    c.add(Calendar.YEAR, 1);
    Time startTime = new Time(now, Locale.ENGLISH);
    Time endTime = new Time(c.getTime(), Locale.ENGLISH);
    X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(subject, BigInteger.valueOf(rand.nextLong()), startTime, endTime, subject, subPubKeyInfo);
    if (hostname != null) {
        GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.iPAddress, hostname));
        v3CertGen.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName);
    }
    X509CertificateHolder certHolder = v3CertGen.build(sigGen);
    return new JcaX509CertificateConverter().getCertificate(certHolder);
}
Also used : PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) JcaContentSignerBuilder(org.spongycastle.operator.jcajce.JcaContentSignerBuilder) Calendar(java.util.Calendar) GregorianCalendar(java.util.GregorianCalendar) ContentSigner(org.spongycastle.operator.ContentSigner) GregorianCalendar(java.util.GregorianCalendar) SecureRandom(java.security.SecureRandom) Time(org.spongycastle.asn1.x509.Time) SubjectPublicKeyInfo(org.spongycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) GeneralNames(org.spongycastle.asn1.x509.GeneralNames) X509v3CertificateBuilder(org.spongycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.spongycastle.cert.jcajce.JcaX509CertificateConverter) X509CertificateHolder(org.spongycastle.cert.X509CertificateHolder) GeneralName(org.spongycastle.asn1.x509.GeneralName)

Example 38 with GeneralName

use of org.bouncycastle.asn1.x509.GeneralName in project keystore-explorer by kaikramer.

the class X509Ext method getSubjectInformationAccessStringValue.

private String getSubjectInformationAccessStringValue(byte[] value) throws IOException {
    // @formatter:off
    /*
		 * SubjectInfoAccessSyntax ::= ASN1Sequence SIZE (1..MAX) OF
		 * AccessDescription
		 *
		 * AccessDescription ::= ASN1Sequence { accessMethod OBJECT IDENTIFIER,
		 * accessLocation GeneralName }
		 */
    // @formatter:on
    StringBuilder sb = new StringBuilder();
    SubjectInfoAccess subjectInfoAccess = SubjectInfoAccess.getInstance(value);
    int accessDesc = 0;
    for (AccessDescription accessDescription : subjectInfoAccess.getAccessDescriptionList()) {
        accessDesc++;
        // Convert OID to access method
        ASN1ObjectIdentifier accessMethod = accessDescription.getAccessMethod();
        AccessMethodType accessMethodType = AccessMethodType.resolveOid(accessMethod.getId());
        String accessMethodStr = null;
        if (accessMethodType != null) {
            accessMethodStr = accessMethodType.friendly();
        } else // Unrecognised Access Method OID
        {
            accessMethodStr = ObjectIdUtil.toString(accessMethod);
        }
        GeneralName accessLocation = accessDescription.getAccessLocation();
        String accessLocationStr = GeneralNameUtil.toString(accessLocation);
        sb.append(MessageFormat.format(res.getString("SubjectInformationAccess"), accessDesc));
        sb.append(NEWLINE);
        sb.append(INDENT);
        sb.append(MessageFormat.format(res.getString("AccessMethod"), accessMethodStr));
        sb.append(NEWLINE);
        sb.append(INDENT);
        sb.append(res.getString("AccessLocation"));
        sb.append(NEWLINE);
        sb.append(INDENT);
        sb.append(INDENT);
        sb.append(accessLocationStr);
        sb.append(NEWLINE);
    }
    return sb.toString();
}
Also used : AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERGeneralString(org.bouncycastle.asn1.DERGeneralString) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERIA5String(org.bouncycastle.asn1.DERIA5String) GeneralName(org.bouncycastle.asn1.x509.GeneralName) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 39 with GeneralName

use of org.bouncycastle.asn1.x509.GeneralName in project keystore-explorer by kaikramer.

the class X509Ext method getProcurationStringValue.

private String getProcurationStringValue(byte[] octets) throws IOException {
    // @formatter:off
    /*
			ProcurationSyntax ::= SEQUENCE
			{
				country [1] EXPLICIT PrintableString(SIZE(2)) OPTIONAL,
				typeOfSubstitution [2] EXPLICIT DirectoryString(SIZE(1..128)) OPTIONAL,
				signingFor [3] EXPLICIT SigningFor
			}

			SigningFor ::= CHOICE
			{
				thirdPerson GeneralName,
				certRef IssuerSerial
			}
		 */
    // @formatter:on
    StringBuilder sb = new StringBuilder();
    ProcurationSyntax procurationSyntax = ProcurationSyntax.getInstance(octets);
    String country = procurationSyntax.getCountry();
    DirectoryString typeOfSubstitution = procurationSyntax.getTypeOfSubstitution();
    GeneralName thirdPerson = procurationSyntax.getThirdPerson();
    IssuerSerial certRef = procurationSyntax.getCertRef();
    if (country != null) {
        sb.append(MessageFormat.format(res.getString("Procuration.Country"), country));
        sb.append(NEWLINE);
    }
    if (typeOfSubstitution != null) {
        sb.append(MessageFormat.format(res.getString("Procuration.TypeOfSubstitution"), typeOfSubstitution.toString()));
        sb.append(NEWLINE);
    }
    if (thirdPerson != null) {
        sb.append(MessageFormat.format(res.getString("Procuration.ThirdPerson"), GeneralNameUtil.toString(thirdPerson)));
        sb.append(NEWLINE);
    }
    if (certRef != null) {
        sb.append(res.getString("Procuration.CertRef"));
        sb.append(NEWLINE);
        sb.append(INDENT);
        sb.append(res.getString("Procuration.CertRef.Issuer"));
        for (GeneralName generalName : certRef.getIssuer().getNames()) {
            sb.append(INDENT);
            sb.append(INDENT);
            sb.append(GeneralNameUtil.toString(generalName));
            sb.append(NEWLINE);
        }
        sb.append(NEWLINE);
        sb.append(INDENT);
        sb.append(MessageFormat.format(res.getString("Procuration.CertRef.SN"), HexUtil.getHexString(certRef.getSerial().getValue())));
        sb.append(NEWLINE);
    }
    return sb.toString();
}
Also used : IssuerSerial(org.bouncycastle.asn1.x509.IssuerSerial) ProcurationSyntax(org.bouncycastle.asn1.isismtt.x509.ProcurationSyntax) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERGeneralString(org.bouncycastle.asn1.DERGeneralString) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) GeneralName(org.bouncycastle.asn1.x509.GeneralName)

Example 40 with GeneralName

use of org.bouncycastle.asn1.x509.GeneralName in project keystore-explorer by kaikramer.

the class DGeneralNameChooser method okPressed.

private void okPressed() {
    try {
        GeneralName newGeneralName = null;
        if (jrbDirectoryName.isSelected()) {
            X500Name directoryName = jdnDirectoryName.getDistinguishedName();
            if (directoryName == null) {
                JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.DirectoryNameValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
                return;
            }
            newGeneralName = new GeneralName(GeneralName.directoryName, directoryName);
        } else if (jrbDnsName.isSelected()) {
            String dnsName = jtfDnsName.getText().trim();
            if (dnsName.length() == 0) {
                JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.DnsNameValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
                return;
            }
            newGeneralName = new GeneralName(GeneralName.dNSName, new DERIA5String(dnsName));
        } else if (jrbIpAddress.isSelected()) {
            String ipAddress = jtfIpAddress.getText().trim();
            if (ipAddress.length() == 0) {
                JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.IpAddressValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
                return;
            }
            if (!IPAddress.isValid(ipAddress)) {
                JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.NotAValidIP.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
                return;
            }
            newGeneralName = new GeneralName(GeneralName.iPAddress, ipAddress);
        } else if (jrbRegisteredId.isSelected()) {
            ASN1ObjectIdentifier registeredId = joiRegisteredId.getObjectId();
            if (registeredId == null) {
                JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.RegisteredIdValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
                return;
            }
            newGeneralName = new GeneralName(GeneralName.registeredID, registeredId);
        } else if (jrbRfc822Name.isSelected()) {
            String rfc822Name = jtfRfc822Name.getText().trim();
            if (rfc822Name.length() == 0) {
                JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.Rfc822NameValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
                return;
            }
            newGeneralName = new GeneralName(GeneralName.rfc822Name, new DERIA5String(rfc822Name));
        } else if (jrbUniformResourceIdentifier.isSelected()) {
            String uniformResourceIdentifier = jtfUniformResourceIdentifier.getText().trim();
            if (uniformResourceIdentifier.length() == 0) {
                JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.UniformResourceIdentifierValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
                return;
            }
            newGeneralName = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(uniformResourceIdentifier));
        } else if (jrbPrincipalName.isSelected()) {
            String upnString = jtfPrincipalName.getText().trim();
            if (upnString.length() == 0) {
                JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.PrincipalNameValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
                return;
            }
            ASN1EncodableVector asn1Vector = new ASN1EncodableVector();
            asn1Vector.add(new ASN1ObjectIdentifier(GeneralNameUtil.UPN_OID));
            asn1Vector.add(new DERTaggedObject(true, 0, new DERUTF8String(upnString)));
            newGeneralName = new GeneralName(GeneralName.otherName, new DERSequence(asn1Vector));
        }
        generalName = newGeneralName;
    } catch (Exception ex) {
        DError dError = new DError(this, ex);
        dError.setLocationRelativeTo(this);
        dError.setVisible(true);
        return;
    }
    closeDialog();
}
Also used : DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERSequence(org.bouncycastle.asn1.DERSequence) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) GeneralName(org.bouncycastle.asn1.x509.GeneralName) X500Name(org.bouncycastle.asn1.x500.X500Name) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) UnknownHostException(java.net.UnknownHostException) DError(org.kse.gui.error.DError)

Aggregations

GeneralName (org.bouncycastle.asn1.x509.GeneralName)144 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)68 IOException (java.io.IOException)59 DERIA5String (org.bouncycastle.asn1.DERIA5String)44 ArrayList (java.util.ArrayList)40 X500Name (org.bouncycastle.asn1.x500.X500Name)37 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)34 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)33 X509Certificate (java.security.cert.X509Certificate)32 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)31 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)31 DEROctetString (org.bouncycastle.asn1.DEROctetString)28 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)25 List (java.util.List)23 BigInteger (java.math.BigInteger)22 DERSequence (org.bouncycastle.asn1.DERSequence)22 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)21 DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)20 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)19 GeneralName (org.apache.harmony.security.x509.GeneralName)18