Example 71 with GeneralNames
use of org.bouncycastle.asn1.x509.GeneralNames in project XobotOS by xamarin.
the class IssuerSerial method toASN1Object.
/**
* Produce an object suitable for an ASN1OutputStream.
* <pre>
* IssuerSerial ::= SEQUENCE {
* issuer GeneralNames,
* serial CertificateSerialNumber,
* issuerUID UniqueIdentifier OPTIONAL
* }
* </pre>
*/
public DERObject toASN1Object() {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(issuer);
v.add(serial);
if (issuerUID != null) {
v.add(issuerUID);
}
return new DERSequence(v);
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
Example 72 with GeneralNames
use of org.bouncycastle.asn1.x509.GeneralNames in project OpenAM by OpenRock.
the class ApprovalCallback method approve.
/*
* Invoked by JSS protocol handler whenever ssl handshaking hits issue.
* It validates reported issue if it can be ignored.
*
* @return <code>true</code> if the reported issue can be ignored.
*/
public boolean approve(X509Certificate cert, SSLCertificateApprovalCallback.ValidityStatus status) {
ValidityItem item;
Enumeration errors = status.getReasons();
int reason;
if (trustAllServerCerts) {
return true;
}
if ((reqHost == null) && !errors.hasMoreElements()) {
return true;
}
boolean approve = true;
while (approve && errors.hasMoreElements()) {
item = (SSLCertificateApprovalCallback.ValidityItem) errors.nextElement();
reason = item.getReason();
if (debug.messageEnabled()) {
debug.message("ApprovalCallback: reason " + reason);
}
// bad domain -12276
if (reason != ValidityStatus.BAD_CERT_DOMAIN) {
approve = false;
} else {
String cn = null;
try {
String subjectDN = cert.getSubjectDN().getName();
cn = new X500Name(subjectDN).getCommonName();
} catch (Exception ex) {
if (debug.messageEnabled()) {
debug.message("ApprovalCallback:", ex);
}
approve = false;
}
if (cn == null) {
return false;
}
if (!sslTrustHosts.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("ApprovalCallback: server cert CN : " + cn);
}
if (sslTrustHosts.contains(cn.toLowerCase())) {
return true;
}
}
if (resolveIPAddress) {
try {
approve = InetAddress.getByName(cn).getHostAddress().equals(InetAddress.getByName(reqHost).getHostAddress());
} catch (UnknownHostException ex) {
if (debug.messageEnabled()) {
debug.message("ApprovalCallback:", ex);
}
approve = false;
}
} else
approve = false;
if (!approve && checkSubjectAltName) {
try {
X509CertImpl certImpl = new X509CertImpl(cert.getEncoded());
X509CertInfo cinfo = new X509CertInfo(certImpl.getTBSCertificate());
CertificateExtensions exts = (CertificateExtensions) cinfo.get(X509CertInfo.EXTENSIONS);
SubjectAlternativeNameExtension altNameExt = (SubjectAlternativeNameExtension) exts.get(SubjectAlternativeNameExtension.NAME);
if (altNameExt != null) {
GeneralNames names = (GeneralNames) altNameExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
Method meth = getMethod();
GeneralName generalname = null;
if (meth.getName().equals(OLD_METHOD_NAME)) {
// pre 1.4.2 implementation
Enumeration e = (Enumeration) meth.invoke(names, params);
for (; !approve && e.hasMoreElements(); ) {
approve = compareHosts((GeneralName) e.nextElement());
}
} else {
// post 1.4.2 implementation
Iterator i = (Iterator) meth.invoke(names, params);
for (; !approve && i.hasNext(); ) {
approve = compareHosts((GeneralName) i.next());
}
}
}
} catch (Exception ex) {
return false;
}
}
}
}
return approve;
}
Also used :
Enumeration(java.util.Enumeration)
UnknownHostException(java.net.UnknownHostException)
X509CertInfo(sun.security.x509.X509CertInfo)
SubjectAlternativeNameExtension(sun.security.x509.SubjectAlternativeNameExtension)
CertificateExtensions(sun.security.x509.CertificateExtensions)
X500Name(sun.security.x509.X500Name)
Method(java.lang.reflect.Method)
UnknownHostException(java.net.UnknownHostException)
SSLCertificateApprovalCallback(org.mozilla.jss.ssl.SSLCertificateApprovalCallback)
GeneralNames(sun.security.x509.GeneralNames)
X509CertImpl(sun.security.x509.X509CertImpl)
Iterator(java.util.Iterator)
GeneralName(sun.security.x509.GeneralName)
Example 73 with GeneralNames
use of org.bouncycastle.asn1.x509.GeneralNames in project OpenAM by OpenRock.
the class AMCRLStore method getUpdateCRLFromCrlDP.
/**
* It updates CRL under the dn in the directory server.
* It retrieves CRL distribution points from the parameter
* CRLDistributionPointsExtension dpExt.
*
* @param dpExt
*/
private synchronized X509CRL getUpdateCRLFromCrlDP(CRLDistributionPointsExtension dpExt) {
// Get CRL Distribution points
if (dpExt == null) {
return null;
}
List dps = null;
try {
dps = (List) dpExt.get(CRLDistributionPointsExtension.POINTS);
} catch (IOException ioex) {
if (debug.warningEnabled()) {
debug.warning("AMCRLStore.getUpdateCRLFromCrlDP: ", ioex);
}
}
if (dps == null || dps.isEmpty()) {
return null;
}
for (Object dp1 : dps) {
DistributionPoint dp = (DistributionPoint) dp1;
GeneralNames gName = dp.getFullName();
if (debug.messageEnabled()) {
debug.message("AMCRLStore.getUpdateCRLFromCrlDP: DP = " + gName);
}
byte[] Crls = getCRLsFromGeneralNames(gName);
if (Crls != null && Crls.length > 0) {
try {
return (X509CRL) cf.generateCRL(new ByteArrayInputStream(Crls));
} catch (Exception ex) {
if (debug.warningEnabled()) {
debug.warning("AMCRLStore.getUpdateCRLFromCrlDP: " + "Error in generating X509CRL", ex);
}
}
}
}
return null;
}
Also used :
X509CRL(java.security.cert.X509CRL)
GeneralNames(sun.security.x509.GeneralNames)
ByteArrayInputStream(java.io.ByteArrayInputStream)
List(java.util.List)
IOException(java.io.IOException)
DistributionPoint(sun.security.x509.DistributionPoint)
LdapException(org.forgerock.opendj.ldap.LdapException)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException)
Example 74 with GeneralNames
use of org.bouncycastle.asn1.x509.GeneralNames in project OpenAM by OpenRock.
the class AMCRLStore method getUpdateCRLFromCrlIDP.
/**
* It updates CRL under the dn in the directory server.
* It retrieves CRL distribution points from the parameter
* CRLDistributionPointsExtension dpExt.
*
* @param idpExt
*/
private synchronized X509CRL getUpdateCRLFromCrlIDP(IssuingDistributionPointExtension idpExt) {
GeneralNames gName = idpExt.getFullName();
if (gName == null) {
return null;
}
if (debug.messageEnabled()) {
debug.message("AMCRLStore.getUpdateCRLFromCrlIDP: gName = " + gName);
}
byte[] Crls = getCRLsFromGeneralNames(gName);
X509CRL crl = null;
if (Crls != null) {
try {
crl = (X509CRL) cf.generateCRL(new ByteArrayInputStream(Crls));
} catch (Exception e) {
debug.error("Error in generating X509CRL" + e.toString());
}
}
return crl;
}
Also used :
X509CRL(java.security.cert.X509CRL)
GeneralNames(sun.security.x509.GeneralNames)
ByteArrayInputStream(java.io.ByteArrayInputStream)
LdapException(org.forgerock.opendj.ldap.LdapException)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException)
Example 75 with GeneralNames
use of org.bouncycastle.asn1.x509.GeneralNames in project nhin-d by DirectProject.
the class PKCS11Commands method createCSR.
@Command(name = "CreateCSR", usage = CREATE_CSR)
public void createCSR(String[] args) {
final String alias = StringArrayUtil.getRequiredValue(args, 0);
final String commonName = StringArrayUtil.getRequiredValue(args, 1);
final String subjectAltName = StringArrayUtil.getRequiredValue(args, 2);
final String keyUsage = StringArrayUtil.getRequiredValue(args, 3);
// make sure we have a valid keyUsage
if (!(keyUsage.compareToIgnoreCase("DigitalSignature") == 0 || keyUsage.compareToIgnoreCase("KeyEncipherment") == 0 || keyUsage.compareToIgnoreCase("DualUse") == 0)) {
System.out.println("Invalid key usage.");
return;
}
final Vector<String> additionalRDNFields = new Vector<String>();
int cnt = 4;
String rdnField;
do {
rdnField = StringArrayUtil.getOptionalValue(args, cnt++, "");
if (!StringUtils.isEmpty(rdnField))
additionalRDNFields.add(rdnField);
} while (!StringUtils.isEmpty(rdnField));
try {
final KeyStore ks = mgr.getKS();
if (!ks.containsAlias(alias)) {
System.out.println("Entry with key name " + alias + " does not exist.");
return;
}
final X509Certificate storedCert = (X509Certificate) ks.getCertificate(alias);
if (storedCert == null) {
System.out.println("Key name " + alias + " does not contain a certificate that can be exported. This key may not be an RSA key pair.");
return;
}
final PrivateKey privKey = (PrivateKey) ks.getKey(alias, "".toCharArray());
if (privKey == null) {
System.out.println("Failed to object private key. This key may not be an RSA key pair.");
return;
}
// create the CSR
// create the extensions that we want
final X509ExtensionsGenerator extsGen = new X509ExtensionsGenerator();
// Key Usage
int usage;
if (keyUsage.compareToIgnoreCase("KeyEncipherment") == 0)
usage = KeyUsage.keyEncipherment;
else if (keyUsage.compareToIgnoreCase("DigitalSignature") == 0)
usage = KeyUsage.digitalSignature;
else
usage = KeyUsage.keyEncipherment | KeyUsage.digitalSignature;
extsGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(usage));
// Subject Alt Name
int nameType = subjectAltName.contains("@") ? GeneralName.rfc822Name : GeneralName.dNSName;
final GeneralNames altName = new GeneralNames(new GeneralName(nameType, subjectAltName));
extsGen.addExtension(X509Extensions.SubjectAlternativeName, false, altName);
// Extended Key Usage
final Vector<KeyPurposeId> purposes = new Vector<KeyPurposeId>();
purposes.add(KeyPurposeId.id_kp_emailProtection);
extsGen.addExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(purposes));
// Basic constraint
final BasicConstraints bc = new BasicConstraints(false);
extsGen.addExtension(X509Extensions.BasicConstraints, true, bc);
// create the extension requests
final X509Extensions exts = extsGen.generate();
final ASN1EncodableVector attributes = new ASN1EncodableVector();
final Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new DERSet(exts.toASN1Object()));
attributes.add(attribute);
final DERSet requestedAttributes = new DERSet(attributes);
// create the DN
final StringBuilder dnBuilder = new StringBuilder("CN=").append(commonName);
for (String field : additionalRDNFields) dnBuilder.append(",").append(field);
final X500Principal subjectPrin = new X500Principal(dnBuilder.toString());
final X509Principal xName = new X509Principal(true, subjectPrin.getName());
// create the CSR
final PKCS10CertificationRequest request = new PKCS10CertificationRequest("SHA256WITHRSA", xName, storedCert.getPublicKey(), requestedAttributes, privKey, ks.getProvider().getName());
final byte[] encodedCSR = request.getEncoded();
final String csrString = "-----BEGIN CERTIFICATE REQUEST-----\r\n" + Base64.encodeBase64String(encodedCSR) + "-----END CERTIFICATE REQUEST-----";
final File csrFile = new File(alias + "-CSR.pem");
FileUtils.writeStringToFile(csrFile, csrString);
System.out.println("CSR written to " + csrFile.getAbsolutePath());
} catch (Exception e) {
e.printStackTrace();
System.err.println("Failed to create CSR : " + e.getMessage());
}
}
Also used :
PrivateKey(java.security.PrivateKey)
Attribute(org.bouncycastle.asn1.x509.Attribute)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
X509Extensions(org.bouncycastle.asn1.x509.X509Extensions)
DERSet(org.bouncycastle.asn1.DERSet)
X509Principal(org.bouncycastle.jce.X509Principal)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
X509ExtensionsGenerator(org.bouncycastle.asn1.x509.X509ExtensionsGenerator)
Vector(java.util.Vector)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
PKCS10CertificationRequest(org.bouncycastle.jce.PKCS10CertificationRequest)
KeyPurposeId(org.bouncycastle.asn1.x509.KeyPurposeId)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
X500Principal(javax.security.auth.x500.X500Principal)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
File(java.io.File)
Command(org.nhindirect.common.tooling.Command)
Aggregations
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)87
GeneralName (org.bouncycastle.asn1.x509.GeneralName)75
IOException (java.io.IOException)40
X509Certificate (java.security.cert.X509Certificate)27
X500Name (org.bouncycastle.asn1.x500.X500Name)26
BigInteger (java.math.BigInteger)21
ArrayList (java.util.ArrayList)21
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)21
ContentSigner (org.bouncycastle.operator.ContentSigner)21
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)20
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)18
DERIA5String (org.bouncycastle.asn1.DERIA5String)17
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)17
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)17
DEROctetString (org.bouncycastle.asn1.DEROctetString)16
JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)16
List (java.util.List)15
X500Principal (javax.security.auth.x500.X500Principal)15
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)15
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)15
