use of org.bouncycastle.asn1.x509.X509Extension in project nimbus by nimbus-org.
the class BouncyCastleCipherCryptService method writeCertificateSigningRequest.
/**
* 証明書署名要求をストリームに書き出す。<p>
*
* @param keyPair 鍵ペア
* @param signatureAlgorithm 署名アルゴリズム
* @param signatureAlgorithmParameterSpec 署名アルゴリズムパラメータ
* @param commonName 名前
* @param countryCode 国コード
* @param state 州や都道府県名などの代表的な所在地
* @param locality 市町村名などの細かい所在地
* @param organization 組織名
* @param organizationalUnit 組織内の部署名
* @param subjectAltNames サブジェクト代替名称の配列
* @param os PKCS#10形式の証明書署名要求を書き込む出力ストリーム
* @exception Exception 証明書署名要求の生成に失敗した場合
*/
public void writeCertificateSigningRequest(KeyPair keyPair, String signatureAlgorithm, AlgorithmParameterSpec signatureAlgorithmParameterSpec, String commonName, String countryCode, String state, String locality, String organization, String organizationalUnit, GeneralName[] subjectAltNames, OutputStream os) throws Exception {
X500NameBuilder sbjBuilder = new X500NameBuilder(BCStyle.INSTANCE);
if (commonName != null) {
sbjBuilder.addRDN(BCStyle.CN, commonName);
}
if (countryCode != null) {
sbjBuilder.addRDN(BCStyle.C, countryCode);
}
if (state != null) {
sbjBuilder.addRDN(BCStyle.ST, state);
}
if (locality != null) {
sbjBuilder.addRDN(BCStyle.L, locality);
}
if (organization != null) {
sbjBuilder.addRDN(BCStyle.O, organization);
}
if (organizationalUnit != null) {
sbjBuilder.addRDN(BCStyle.OU, organizationalUnit);
}
X500Name subject = sbjBuilder.build();
JcaPKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic());
Vector oids = new Vector();
Vector attributeValues = new Vector();
if (subjectAltNames != null && subjectAltNames.length > 0) {
oids.add(X509Extensions.SubjectAlternativeName);
attributeValues.add(new X509Extension(subject == null, new DEROctetString(new GeneralNames(subjectAltNames))));
}
if (oids.size() > 0) {
csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new X509Extensions(oids, attributeValues));
}
JcaContentSignerBuilder jcsBuilder = signatureAlgorithmParameterSpec == null ? new JcaContentSignerBuilder(signatureAlgorithm) : new JcaContentSignerBuilder(signatureAlgorithm, signatureAlgorithmParameterSpec);
ContentSigner signer = jcsBuilder.build(keyPair.getPrivate());
PKCS10CertificationRequest csrRequest = csrBuilder.build(signer);
OutputStreamWriter osw = new OutputStreamWriter(os);
JcaPEMWriter pemWriter = new JcaPEMWriter(osw);
try {
pemWriter.writeObject(csrRequest);
pemWriter.flush();
} finally {
osw.flush();
}
}
use of org.bouncycastle.asn1.x509.X509Extension in project jruby-openssl by jruby.
the class X509Extension method newExtension.
static X509Extension newExtension(final ThreadContext context, final String oid, final java.security.cert.X509Extension ext, final boolean critical) throws IOException {
// DER encoded
final byte[] extValue = ext.getExtensionValue(oid);
// TODO: wired. J9 returns null for an OID given in getNonCriticalExtensionOIDs()
if (extValue == null) {
warn(context, ext + " getExtensionValue returns null for '" + oid + "'");
return null;
}
final Ruby runtime = context.runtime;
final ASN1Encodable value = ASN1.readObject(extValue);
return newExtension(runtime, ASN1.getObjectID(runtime, oid), value, critical);
}
Aggregations