Search in sources :

Example 36 with X509Extension

use of org.bouncycastle.asn1.x509.X509Extension in project nimbus by nimbus-org.

the class BouncyCastleCipherCryptService method writeCertificateSigningRequest.

/**
 * 証明書署名要求をストリームに書き出す。<p>
 *
 * @param keyPair 鍵ペア
 * @param signatureAlgorithm 署名アルゴリズム
 * @param signatureAlgorithmParameterSpec 署名アルゴリズムパラメータ
 * @param commonName 名前
 * @param countryCode 国コード
 * @param state 州や都道府県名などの代表的な所在地
 * @param locality 市町村名などの細かい所在地
 * @param organization 組織名
 * @param organizationalUnit 組織内の部署名
 * @param subjectAltNames サブジェクト代替名称の配列
 * @param os PKCS#10形式の証明書署名要求を書き込む出力ストリーム
 * @exception Exception 証明書署名要求の生成に失敗した場合
 */
public void writeCertificateSigningRequest(KeyPair keyPair, String signatureAlgorithm, AlgorithmParameterSpec signatureAlgorithmParameterSpec, String commonName, String countryCode, String state, String locality, String organization, String organizationalUnit, GeneralName[] subjectAltNames, OutputStream os) throws Exception {
    X500NameBuilder sbjBuilder = new X500NameBuilder(BCStyle.INSTANCE);
    if (commonName != null) {
        sbjBuilder.addRDN(BCStyle.CN, commonName);
    }
    if (countryCode != null) {
        sbjBuilder.addRDN(BCStyle.C, countryCode);
    }
    if (state != null) {
        sbjBuilder.addRDN(BCStyle.ST, state);
    }
    if (locality != null) {
        sbjBuilder.addRDN(BCStyle.L, locality);
    }
    if (organization != null) {
        sbjBuilder.addRDN(BCStyle.O, organization);
    }
    if (organizationalUnit != null) {
        sbjBuilder.addRDN(BCStyle.OU, organizationalUnit);
    }
    X500Name subject = sbjBuilder.build();
    JcaPKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic());
    Vector oids = new Vector();
    Vector attributeValues = new Vector();
    if (subjectAltNames != null && subjectAltNames.length > 0) {
        oids.add(X509Extensions.SubjectAlternativeName);
        attributeValues.add(new X509Extension(subject == null, new DEROctetString(new GeneralNames(subjectAltNames))));
    }
    if (oids.size() > 0) {
        csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new X509Extensions(oids, attributeValues));
    }
    JcaContentSignerBuilder jcsBuilder = signatureAlgorithmParameterSpec == null ? new JcaContentSignerBuilder(signatureAlgorithm) : new JcaContentSignerBuilder(signatureAlgorithm, signatureAlgorithmParameterSpec);
    ContentSigner signer = jcsBuilder.build(keyPair.getPrivate());
    PKCS10CertificationRequest csrRequest = csrBuilder.build(signer);
    OutputStreamWriter osw = new OutputStreamWriter(os);
    JcaPEMWriter pemWriter = new JcaPEMWriter(osw);
    try {
        pemWriter.writeObject(csrRequest);
        pemWriter.flush();
    } finally {
        osw.flush();
    }
}
Also used : PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) X509Extension(org.bouncycastle.asn1.x509.X509Extension) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) X509Extensions(org.bouncycastle.asn1.x509.X509Extensions) X500Name(org.bouncycastle.asn1.x500.X500Name) DEROctetString(org.bouncycastle.asn1.DEROctetString) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) JcaPEMWriter(org.bouncycastle.openssl.jcajce.JcaPEMWriter)

Example 37 with X509Extension

use of org.bouncycastle.asn1.x509.X509Extension in project jruby-openssl by jruby.

the class X509Extension method newExtension.

static X509Extension newExtension(final ThreadContext context, final String oid, final java.security.cert.X509Extension ext, final boolean critical) throws IOException {
    // DER encoded
    final byte[] extValue = ext.getExtensionValue(oid);
    // TODO: wired. J9 returns null for an OID given in getNonCriticalExtensionOIDs()
    if (extValue == null) {
        warn(context, ext + " getExtensionValue returns null for '" + oid + "'");
        return null;
    }
    final Ruby runtime = context.runtime;
    final ASN1Encodable value = ASN1.readObject(extValue);
    return newExtension(runtime, ASN1.getObjectID(runtime, oid), value, critical);
}
Also used : ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) Ruby(org.jruby.Ruby)

Aggregations

Enumeration (java.util.Enumeration)16 IOException (java.io.IOException)12 X509Extension (org.bouncycastle.asn1.x509.X509Extension)11 X509Extensions (org.bouncycastle.asn1.x509.X509Extensions)11 X509Extension (org.gudy.bouncycastle.asn1.x509.X509Extension)11 DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)10 HashSet (java.util.HashSet)9 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)8 Set (java.util.Set)6 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)6 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)6 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)6 DERSequence (org.bouncycastle.asn1.DERSequence)6 X509Extensions (org.gudy.bouncycastle.asn1.x509.X509Extensions)6 CertificateException (java.security.cert.CertificateException)4 CertificateExpiredException (java.security.cert.CertificateExpiredException)4 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)4 ArrayList (java.util.ArrayList)4 ByteArrayOutputStream (java.io.ByteArrayOutputStream)3 GeneralSecurityException (java.security.GeneralSecurityException)3