use of org.bouncycastle.asn1.x509.GeneralNames in project nhin-d by DirectProject.
the class SubjectAltNameExtensionField method injectReferenceValue.
/**
* {@inheritDoc}
*/
@Override
public void injectReferenceValue(X509Certificate value) throws PolicyProcessException {
this.certificate = value;
final DERObject exValue = getExtensionValue(value);
if (exValue == null) {
if (isRequired())
throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
else {
final Collection<String> emptyList = Collections.emptyList();
this.policyValue = PolicyValueFactory.getInstance(emptyList);
return;
}
}
final Collection<String> names = new ArrayList<String>();
final GeneralNames generalNames = GeneralNames.getInstance(exValue);
for (GeneralName name : generalNames.getNames()) {
final GeneralNameType type = GeneralNameType.fromTag(name.getTagNo());
if (type != null) {
names.add(type.getDisplay() + ":" + name.getName().toString());
}
}
this.policyValue = PolicyValueFactory.getInstance(names);
}
use of org.bouncycastle.asn1.x509.GeneralNames in project zm-mailbox by Zimbra.
the class CertUtil method printCRLDistributionPoints.
private void printCRLDistributionPoints(PrintStream outStream) throws Exception {
outStream.format("X509v3 CRL Distribution Points: \n");
// 2.5.29.31
String extOid = X509Extension.cRLDistributionPoints.getId();
byte[] extVal = cert.getExtensionValue(extOid);
if (extVal == null) {
return;
}
/* http://download.oracle.com/javase/6/docs/api/java/security/cert/X509Extension.html#getExtensionValue(java.lang.String)
*
The ASN.1 definition for this is:
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE {
extnId OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING
-- contains a DER encoding of a value
-- of the type registered for use with
-- the extnId object identifier value
}
*/
byte[] extnValue = DEROctetString.getInstance(ASN1Object.fromByteArray(extVal)).getOctets();
CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(ASN1Object.fromByteArray(extnValue));
DistributionPoint[] distPoints = crlDistPoint.getDistributionPoints();
for (DistributionPoint distPoint : distPoints) {
DistributionPointName distPointName = distPoint.getDistributionPoint();
int type = distPointName.getType();
if (DistributionPointName.FULL_NAME == type) {
outStream.format("Full Name: \n");
GeneralNames generalNames = GeneralNames.getInstance(distPointName.getName());
GeneralName[] names = generalNames.getNames();
for (GeneralName generalname : names) {
int tag = generalname.getTagNo();
if (GeneralName.uniformResourceIdentifier == tag) {
DEREncodable name = generalname.getName();
DERIA5String str = DERIA5String.getInstance(name);
String value = str.getString();
outStream.format(" %s\n", value);
} else {
outStream.format("tag %d not yet implemented", tag);
}
}
} else {
outStream.format("type %d not yet implemented", type);
}
}
}
use of org.bouncycastle.asn1.x509.GeneralNames in project zm-mailbox by Zimbra.
the class CertUtil method printSubjectAlternativeNames.
private void printSubjectAlternativeNames(PrintStream outStream) throws Exception {
final String UPN_DISPLAY = "Principal Name";
final String RFC822NAME_DISPLAY = "RFC822 Name";
final String DNSNAME_DISPLAY = "DNS Name";
outStream.format("X509v3 Subject Alternative Name: \n");
ASN1InputStream decoder = null;
try {
Collection<List<?>> generalNames = cert.getSubjectAlternativeNames();
// Check that the certificate includes the SubjectAltName extension
if (generalNames == null) {
return;
}
for (List<?> generalName : generalNames) {
Integer tag = (Integer) generalName.get(0);
if (GeneralName.otherName == tag.intValue()) {
// Value is encoded using ASN.1
decoder = new ASN1InputStream((byte[]) generalName.toArray()[1]);
DEREncodable encoded = decoder.readObject();
DERSequence derSeq = (DERSequence) encoded;
DERObjectIdentifier typeId = DERObjectIdentifier.getInstance(derSeq.getObjectAt(0));
String oid = typeId.getId();
String value = null;
ASN1TaggedObject otherNameValue = ASN1TaggedObject.getInstance(derSeq.getObjectAt(1));
if (OID_UPN.equals(oid)) {
ASN1TaggedObject upnValue = ASN1TaggedObject.getInstance(otherNameValue.getObject());
DERUTF8String str = DERUTF8String.getInstance(upnValue.getObject());
value = str.getString();
}
outStream.format(" [%d] %s(%s) = %s\n", tag, oid, UPN_DISPLAY, value);
} else if (GeneralName.rfc822Name == tag.intValue()) {
String value = (String) generalName.get(1);
outStream.format(" [%d] %s = %s\n", tag, RFC822NAME_DISPLAY, value);
} else if (GeneralName.dNSName == tag.intValue()) {
String value = (String) generalName.get(1);
outStream.format(" [%d] %s = %s\n", tag, DNSNAME_DISPLAY, value);
} else {
outStream.format(" [%d] - not yet supported\n", tag);
}
}
} catch (CertificateParsingException e) {
e.printStackTrace();
} finally {
ByteUtil.closeStream(decoder);
}
}
use of org.bouncycastle.asn1.x509.GeneralNames in project zm-mailbox by Zimbra.
the class CertUtil method getSubjectAltNameOtherNameUPN.
String getSubjectAltNameOtherNameUPN() {
Collection<List<?>> generalNames = null;
try {
generalNames = cert.getSubjectAlternativeNames();
} catch (CertificateParsingException e) {
ZimbraLog.account.warn(LOG_PREFIX + "unable to get subject alternative names", e);
}
if (generalNames == null) {
return null;
}
ASN1InputStream decoder = null;
try {
// Check that the certificate includes the SubjectAltName extension
for (List<?> generalName : generalNames) {
Integer tag = (Integer) generalName.get(0);
if (GeneralName.otherName == tag.intValue()) {
// Value is encoded using ASN.1
decoder = new ASN1InputStream((byte[]) generalName.toArray()[1]);
DEREncodable encoded = decoder.readObject();
DERSequence derSeq = (DERSequence) encoded;
DERObjectIdentifier typeId = DERObjectIdentifier.getInstance(derSeq.getObjectAt(0));
String oid = typeId.getId();
String value = null;
ASN1TaggedObject otherNameValue = ASN1TaggedObject.getInstance(derSeq.getObjectAt(1));
if (OID_UPN.equals(oid)) {
ASN1TaggedObject upnValue = ASN1TaggedObject.getInstance(otherNameValue.getObject());
DERUTF8String str = DERUTF8String.getInstance(upnValue.getObject());
value = str.getString();
return value;
}
}
}
} catch (IOException e) {
ZimbraLog.account.warn(LOG_PREFIX + "unable to process ASN.1 data", e);
} finally {
ByteUtil.closeStream(decoder);
}
return null;
}
use of org.bouncycastle.asn1.x509.GeneralNames in project poi by apache.
the class PkiTestUtils method generateCertificate.
static X509Certificate generateCertificate(PublicKey subjectPublicKey, String subjectDn, Date notBefore, Date notAfter, X509Certificate issuerCertificate, PrivateKey issuerPrivateKey, boolean caFlag, int pathLength, String crlUri, String ocspUri, KeyUsage keyUsage) throws IOException, OperatorCreationException, CertificateException {
String signatureAlgorithm = "SHA1withRSA";
X500Name issuerName;
if (issuerCertificate != null) {
issuerName = new X509CertificateHolder(issuerCertificate.getEncoded()).getIssuer();
} else {
issuerName = new X500Name(subjectDn);
}
RSAPublicKey rsaPubKey = (RSAPublicKey) subjectPublicKey;
RSAKeyParameters rsaSpec = new RSAKeyParameters(false, rsaPubKey.getModulus(), rsaPubKey.getPublicExponent());
SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(rsaSpec);
DigestCalculator digestCalc = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build().get(CertificateID.HASH_SHA1);
X509v3CertificateBuilder certificateGenerator = new X509v3CertificateBuilder(issuerName, new BigInteger(128, new SecureRandom()), notBefore, notAfter, new X500Name(subjectDn), subjectPublicKeyInfo);
X509ExtensionUtils exUtils = new X509ExtensionUtils(digestCalc);
SubjectKeyIdentifier subKeyId = exUtils.createSubjectKeyIdentifier(subjectPublicKeyInfo);
AuthorityKeyIdentifier autKeyId = (issuerCertificate != null) ? exUtils.createAuthorityKeyIdentifier(new X509CertificateHolder(issuerCertificate.getEncoded())) : exUtils.createAuthorityKeyIdentifier(subjectPublicKeyInfo);
certificateGenerator.addExtension(Extension.subjectKeyIdentifier, false, subKeyId);
certificateGenerator.addExtension(Extension.authorityKeyIdentifier, false, autKeyId);
if (caFlag) {
BasicConstraints bc;
if (-1 == pathLength) {
bc = new BasicConstraints(true);
} else {
bc = new BasicConstraints(pathLength);
}
certificateGenerator.addExtension(Extension.basicConstraints, false, bc);
}
if (null != crlUri) {
int uri = GeneralName.uniformResourceIdentifier;
DERIA5String crlUriDer = new DERIA5String(crlUri);
GeneralName gn = new GeneralName(uri, crlUriDer);
DERSequence gnDer = new DERSequence(gn);
GeneralNames gns = GeneralNames.getInstance(gnDer);
DistributionPointName dpn = new DistributionPointName(0, gns);
DistributionPoint distp = new DistributionPoint(dpn, null, null);
DERSequence distpDer = new DERSequence(distp);
certificateGenerator.addExtension(Extension.cRLDistributionPoints, false, distpDer);
}
if (null != ocspUri) {
int uri = GeneralName.uniformResourceIdentifier;
GeneralName ocspName = new GeneralName(uri, ocspUri);
AuthorityInformationAccess authorityInformationAccess = new AuthorityInformationAccess(X509ObjectIdentifiers.ocspAccessMethod, ocspName);
certificateGenerator.addExtension(Extension.authorityInfoAccess, false, authorityInformationAccess);
}
if (null != keyUsage) {
certificateGenerator.addExtension(Extension.keyUsage, true, keyUsage);
}
JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(signatureAlgorithm);
signerBuilder.setProvider("BC");
X509CertificateHolder certHolder = certificateGenerator.build(signerBuilder.build(issuerPrivateKey));
// .getEncoded()));
return new JcaX509CertificateConverter().getCertificate(certHolder);
}
Aggregations