use of org.bouncycastle.asn1.x509.GeneralNames in project athenz by yahoo.
the class Crypto method extractX509CSRSANField.
private static List<String> extractX509CSRSANField(PKCS10CertificationRequest certReq, int tagNo) {
List<String> values = new ArrayList<>();
Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
for (Attribute attribute : attributes) {
for (ASN1Encodable value : attribute.getAttributeValues()) {
Extensions extensions = Extensions.getInstance(value);
GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
// /CLOVER:OFF
if (gns == null) {
continue;
}
// /CLOVER:ON
for (GeneralName name : gns.getNames()) {
if (name.getTagNo() == tagNo) {
values.add(((DERIA5String) name.getName()).getString());
}
}
}
}
return values;
}
use of org.bouncycastle.asn1.x509.GeneralNames in project ambry by linkedin.
the class TestSSLUtils method generateCertificate.
/**
* Create a self-signed X.509 Certificate.
* From http://bfo.com/blog/2011/03/08/odds_and_ends_creating_a_new_x_509_certificate.html.
*
* @param dn the X.509 Distinguished Name, eg "CN(commonName)=Test, O(organizationName)=Org"
* @param pair the KeyPair
* @param days how many days from now the Certificate is valid for
* @param algorithm the signing algorithm, eg "SHA1withRSA"
* @param subjectAltNames the subject alternative names for which the Certificate is valid for
* @return the self-signed certificate
* @throws java.security.cert.CertificateException thrown if a security error or an IO error ocurred.
*/
public static X509Certificate generateCertificate(String dn, KeyPair pair, int days, String algorithm, Optional<GeneralNames> subjectAltNames) throws CertificateException {
try {
Security.addProvider(new BouncyCastleProvider());
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(pair.getPrivate().getEncoded());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded());
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
X500Name name = new X500Name(dn);
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000L);
BigInteger sn = new BigInteger(64, new SecureRandom());
X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(name, sn, from, to, name, subPubKeyInfo);
if (subjectAltNames.isPresent()) {
v3CertGen.addExtension(Extension.subjectAlternativeName, true, subjectAltNames.get());
}
X509CertificateHolder certificateHolder = v3CertGen.build(sigGen);
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
} catch (CertificateException ce) {
throw ce;
} catch (Exception e) {
throw new CertificateException(e);
}
}
use of org.bouncycastle.asn1.x509.GeneralNames in project qpid-broker-j by apache.
the class TlsResourceBuilder method createDistributionPointExtension.
private static Extension createDistributionPointExtension(final String crlUri) throws CertificateException {
try {
final GeneralName generalName = new GeneralName(GeneralName.uniformResourceIdentifier, crlUri);
final DistributionPointName pointName = new DistributionPointName(new GeneralNames(generalName));
final DistributionPoint[] points = new DistributionPoint[] { new DistributionPoint(pointName, null, null) };
return new Extension(Extension.cRLDistributionPoints, false, new CRLDistPoint(points).getEncoded());
} catch (IOException e) {
throw new CertificateException(e);
}
}
use of org.bouncycastle.asn1.x509.GeneralNames in project fdroidclient by f-droid.
the class LocalRepoKeyStore method generateSelfSignedCertChain.
private Certificate generateSelfSignedCertChain(KeyPair kp, X500Name subject, String hostname) throws CertificateException, OperatorCreationException, IOException {
SecureRandom rand = new SecureRandom();
PrivateKey privKey = kp.getPrivate();
PublicKey pubKey = kp.getPublic();
ContentSigner sigGen = new JcaContentSignerBuilder(DEFAULT_SIG_ALG).build(privKey);
SubjectPublicKeyInfo subPubKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(pubKey.getEncoded()));
// now
Date now = new Date();
/* force it to use a English/Gregorian dates for the cert, hardly anyone
ever looks at the cert metadata anyway, and its very likely that they
understand English/Gregorian dates */
Calendar c = new GregorianCalendar(Locale.ENGLISH);
c.setTime(now);
c.add(Calendar.YEAR, 1);
Time startTime = new Time(now, Locale.ENGLISH);
Time endTime = new Time(c.getTime(), Locale.ENGLISH);
X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(subject, BigInteger.valueOf(rand.nextLong()), startTime, endTime, subject, subPubKeyInfo);
if (hostname != null) {
GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.iPAddress, hostname));
v3CertGen.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName);
}
X509CertificateHolder certHolder = v3CertGen.build(sigGen);
return new JcaX509CertificateConverter().getCertificate(certHolder);
}
use of org.bouncycastle.asn1.x509.GeneralNames in project robovm by robovm.
the class AttributeCertificateIssuer method match.
public boolean match(Object obj) {
if (!(obj instanceof X509CertificateHolder)) {
return false;
}
X509CertificateHolder x509Cert = (X509CertificateHolder) obj;
if (form instanceof V2Form) {
V2Form issuer = (V2Form) form;
if (issuer.getBaseCertificateID() != null) {
return issuer.getBaseCertificateID().getSerial().getValue().equals(x509Cert.getSerialNumber()) && matchesDN(x509Cert.getIssuer(), issuer.getBaseCertificateID().getIssuer());
}
GeneralNames name = issuer.getIssuerName();
if (matchesDN(x509Cert.getSubject(), name)) {
return true;
}
} else {
GeneralNames name = (GeneralNames) form;
if (matchesDN(x509Cert.getSubject(), name)) {
return true;
}
}
return false;
}
Aggregations