Search in sources :

Example 61 with GeneralNames

use of org.bouncycastle.asn1.x509.GeneralNames in project athenz by yahoo.

the class Crypto method extractX509CSRSANField.

private static List<String> extractX509CSRSANField(PKCS10CertificationRequest certReq, int tagNo) {
    List<String> values = new ArrayList<>();
    Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
    for (Attribute attribute : attributes) {
        for (ASN1Encodable value : attribute.getAttributeValues()) {
            Extensions extensions = Extensions.getInstance(value);
            GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
            // /CLOVER:OFF
            if (gns == null) {
                continue;
            }
            // /CLOVER:ON
            for (GeneralName name : gns.getNames()) {
                if (name.getTagNo() == tagNo) {
                    values.add(((DERIA5String) name.getName()).getString());
                }
            }
        }
    }
    return values;
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) Attribute(org.bouncycastle.asn1.pkcs.Attribute) GeneralName(org.bouncycastle.asn1.x509.GeneralName) Extensions(org.bouncycastle.asn1.x509.Extensions)

Example 62 with GeneralNames

use of org.bouncycastle.asn1.x509.GeneralNames in project ambry by linkedin.

the class TestSSLUtils method generateCertificate.

/**
 * Create a self-signed X.509 Certificate.
 * From http://bfo.com/blog/2011/03/08/odds_and_ends_creating_a_new_x_509_certificate.html.
 *
 * @param dn the X.509 Distinguished Name, eg "CN(commonName)=Test, O(organizationName)=Org"
 * @param pair the KeyPair
 * @param days how many days from now the Certificate is valid for
 * @param algorithm the signing algorithm, eg "SHA1withRSA"
 * @param subjectAltNames the subject alternative names for which the Certificate is valid for
 * @return the self-signed certificate
 * @throws java.security.cert.CertificateException thrown if a security error or an IO error ocurred.
 */
public static X509Certificate generateCertificate(String dn, KeyPair pair, int days, String algorithm, Optional<GeneralNames> subjectAltNames) throws CertificateException {
    try {
        Security.addProvider(new BouncyCastleProvider());
        AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm);
        AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
        AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(pair.getPrivate().getEncoded());
        SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded());
        ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
        X500Name name = new X500Name(dn);
        Date from = new Date();
        Date to = new Date(from.getTime() + days * 86400000L);
        BigInteger sn = new BigInteger(64, new SecureRandom());
        X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(name, sn, from, to, name, subPubKeyInfo);
        if (subjectAltNames.isPresent()) {
            v3CertGen.addExtension(Extension.subjectAlternativeName, true, subjectAltNames.get());
        }
        X509CertificateHolder certificateHolder = v3CertGen.build(sigGen);
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
    } catch (CertificateException ce) {
        throw ce;
    } catch (Exception e) {
        throw new CertificateException(e);
    }
}
Also used : ContentSigner(org.bouncycastle.operator.ContentSigner) SecureRandom(java.security.SecureRandom) CertificateException(java.security.cert.CertificateException) X500Name(org.bouncycastle.asn1.x500.X500Name) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) EOFException(java.io.EOFException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder) BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder) AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)

Example 63 with GeneralNames

use of org.bouncycastle.asn1.x509.GeneralNames in project qpid-broker-j by apache.

the class TlsResourceBuilder method createDistributionPointExtension.

private static Extension createDistributionPointExtension(final String crlUri) throws CertificateException {
    try {
        final GeneralName generalName = new GeneralName(GeneralName.uniformResourceIdentifier, crlUri);
        final DistributionPointName pointName = new DistributionPointName(new GeneralNames(generalName));
        final DistributionPoint[] points = new DistributionPoint[] { new DistributionPoint(pointName, null, null) };
        return new Extension(Extension.cRLDistributionPoints, false, new CRLDistPoint(points).getEncoded());
    } catch (IOException e) {
        throw new CertificateException(e);
    }
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName) CertificateException(java.security.cert.CertificateException) GeneralName(org.bouncycastle.asn1.x509.GeneralName) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) IOException(java.io.IOException) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Example 64 with GeneralNames

use of org.bouncycastle.asn1.x509.GeneralNames in project fdroidclient by f-droid.

the class LocalRepoKeyStore method generateSelfSignedCertChain.

private Certificate generateSelfSignedCertChain(KeyPair kp, X500Name subject, String hostname) throws CertificateException, OperatorCreationException, IOException {
    SecureRandom rand = new SecureRandom();
    PrivateKey privKey = kp.getPrivate();
    PublicKey pubKey = kp.getPublic();
    ContentSigner sigGen = new JcaContentSignerBuilder(DEFAULT_SIG_ALG).build(privKey);
    SubjectPublicKeyInfo subPubKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(pubKey.getEncoded()));
    // now
    Date now = new Date();
    /* force it to use a English/Gregorian dates for the cert, hardly anyone
           ever looks at the cert metadata anyway, and its very likely that they
           understand English/Gregorian dates */
    Calendar c = new GregorianCalendar(Locale.ENGLISH);
    c.setTime(now);
    c.add(Calendar.YEAR, 1);
    Time startTime = new Time(now, Locale.ENGLISH);
    Time endTime = new Time(c.getTime(), Locale.ENGLISH);
    X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(subject, BigInteger.valueOf(rand.nextLong()), startTime, endTime, subject, subPubKeyInfo);
    if (hostname != null) {
        GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.iPAddress, hostname));
        v3CertGen.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName);
    }
    X509CertificateHolder certHolder = v3CertGen.build(sigGen);
    return new JcaX509CertificateConverter().getCertificate(certHolder);
}
Also used : PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) Calendar(java.util.Calendar) GregorianCalendar(java.util.GregorianCalendar) ContentSigner(org.bouncycastle.operator.ContentSigner) GregorianCalendar(java.util.GregorianCalendar) SecureRandom(java.security.SecureRandom) Time(org.bouncycastle.asn1.x509.Time) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) GeneralName(org.bouncycastle.asn1.x509.GeneralName)

Example 65 with GeneralNames

use of org.bouncycastle.asn1.x509.GeneralNames in project robovm by robovm.

the class AttributeCertificateIssuer method match.

public boolean match(Object obj) {
    if (!(obj instanceof X509CertificateHolder)) {
        return false;
    }
    X509CertificateHolder x509Cert = (X509CertificateHolder) obj;
    if (form instanceof V2Form) {
        V2Form issuer = (V2Form) form;
        if (issuer.getBaseCertificateID() != null) {
            return issuer.getBaseCertificateID().getSerial().getValue().equals(x509Cert.getSerialNumber()) && matchesDN(x509Cert.getIssuer(), issuer.getBaseCertificateID().getIssuer());
        }
        GeneralNames name = issuer.getIssuerName();
        if (matchesDN(x509Cert.getSubject(), name)) {
            return true;
        }
    } else {
        GeneralNames name = (GeneralNames) form;
        if (matchesDN(x509Cert.getSubject(), name)) {
            return true;
        }
    }
    return false;
}
Also used : V2Form(org.bouncycastle.asn1.x509.V2Form) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)

Aggregations

GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)87 GeneralName (org.bouncycastle.asn1.x509.GeneralName)75 IOException (java.io.IOException)40 X509Certificate (java.security.cert.X509Certificate)27 X500Name (org.bouncycastle.asn1.x500.X500Name)26 BigInteger (java.math.BigInteger)21 ArrayList (java.util.ArrayList)21 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)21 ContentSigner (org.bouncycastle.operator.ContentSigner)21 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)20 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)18 DERIA5String (org.bouncycastle.asn1.DERIA5String)17 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)17 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)17 DEROctetString (org.bouncycastle.asn1.DEROctetString)16 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)16 List (java.util.List)15 X500Principal (javax.security.auth.x500.X500Principal)15 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)15 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)15